From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E753F72BBF for ; Wed, 16 Jun 2021 15:25:16 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CE6C711EB6 for ; Wed, 16 Jun 2021 15:24:46 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 01C2311EAA for ; Wed, 16 Jun 2021 15:24:45 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id CFC0C42FA4 for ; Wed, 16 Jun 2021 15:24:44 +0200 (CEST) From: Oguz Bektas To: pve-devel@lists.proxmox.com Date: Wed, 16 Jun 2021 15:24:22 +0200 Message-Id: <20210616132422.1768676-3-o.bektas@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210616132422.1768676-1-o.bektas@proxmox.com> References: <20210616132422.1768676-1-o.bektas@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 1.881 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [lxc.pm] Subject: [pve-devel] [PATCH v4 container 2/2] run post_clone_hook in clone_vm X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2021 13:25:17 -0000 also cleaned up the locking situation with this, as Fabian G. suggested. now we check if the 'create' lock is held before writing out the config file. use the 'create_and_lock_config' helper in the beginning to ensure that the target CTID is available, and that the target config is locked from the beginning. in case any error happens during the initial checks, we unlink this config in error handling. firewall config is also now cloned inside the worker instead of before the worker, in case the clone fails. Signed-off-by: Oguz Bektas --- src/PVE/API2/LXC.pm | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm index a9ea3a6..d6b7bd2 100644 --- a/src/PVE/API2/LXC.pm +++ b/src/PVE/API2/LXC.pm @@ -1427,9 +1427,8 @@ __PACKAGE__->register_method({ my $src_conf = $snapname ? $src_conf->{snapshots}->{$snapname} : $src_conf; + PVE::LXC::Config->create_and_lock_config($newid, 0); $conffile = PVE::LXC::Config->config_file($newid); - die "unable to create CT $newid: config file already exists\n" - if -f $conffile; my $sharedvm = 1; foreach my $opt (keys %$src_conf) { @@ -1468,7 +1467,7 @@ __PACKAGE__->register_method({ } else { # TODO: allow bind mounts? - die "unable to clone mountpint '$opt' (type $mp->{type})\n"; + die "unable to clone mountpoint '$opt' (type $mp->{type})\n"; } } elsif ($opt =~ m/^net(\d+)$/) { # always change MAC! address @@ -1498,16 +1497,29 @@ __PACKAGE__->register_method({ $newconf->{description} = $param->{description}; } - # create empty/temp config - this fails if CT already exists on other node - PVE::LXC::Config->write_config($newid, $newconf); + PVE::LXC::Config->lock_config($newid, sub { + # read empty config, lock needs to be still here + my $conf = PVE::LXC::Config->load_config($newid); + die "Lost 'create' config lock, aborting.\n" + if !PVE::LXC::Config->has_lock($conf, 'create'); + # write the actual new config now to disk + PVE::LXC::Config->write_config($newid, $newconf); + }); }; if (my $err = $@) { eval { PVE::LXC::Config->remove_lock($vmid, 'disk') }; + PVE::LXC::Config->lock_config($newid, sub { + my $conf = PVE::LXC::Config->load_config($newid); + die "Lost 'create' config lock, aborting.\n" + if !PVE::LXC::Config->has_lock($conf, 'create'); + unlink($conffile); + }); warn $@ if $@; die $err; } }); + my $update_conf = sub { my ($key, $value) = @_; return PVE::LXC::Config->lock_config($newid, sub { @@ -1519,6 +1531,8 @@ __PACKAGE__->register_method({ }); }; + + my $realcmd = sub { my ($upid) = @_; @@ -1559,6 +1573,16 @@ __PACKAGE__->register_method({ } PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool; + + $newconf = PVE::LXC::Config->load_config($newid); + die "Lost 'create' config lock, aborting.\n" + if !PVE::LXC::Config->has_lock($newconf, 'create'); + my $rootdir = PVE::LXC::mount_all($newid, $storecfg, $newconf, 1); + my $lxc_setup = PVE::LXC::Setup->new($newconf, $rootdir); + $lxc_setup->post_clone_hook($newconf); + PVE::LXC::umount_all($newid, $storecfg, $newconf, 1); + + PVE::LXC::Config->remove_lock($newid, 'create'); if ($target) { @@ -1572,7 +1596,6 @@ __PACKAGE__->register_method({ } }; my $err = $@; - # Unlock the source config in any case: eval { PVE::LXC::Config->remove_lock($vmid, 'disk') }; warn $@ if $@; @@ -1590,10 +1613,10 @@ __PACKAGE__->register_method({ die "clone failed: $err"; } + PVE::Firewall::clone_vmfw_conf($vmid, $newid); return; }; - PVE::Firewall::clone_vmfw_conf($vmid, $newid); return $rpcenv->fork_worker('vzclone', $vmid, $authuser, $realcmd); }}); -- 2.20.1