From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id EB7421FF15E
	for <inbox@lore.proxmox.com>; Tue, 20 May 2025 14:43:15 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 1A4AE1CC17;
	Tue, 20 May 2025 14:43:09 +0200 (CEST)
From: Filip Schauer <f.schauer@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Tue, 20 May 2025 14:42:53 +0200
Message-Id: <20250520124257.165949-6-f.schauer@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250520124257.165949-1-f.schauer@proxmox.com>
References: <20250520124257.165949-1-f.schauer@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.016 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH container 5/9] add support for OCI images as
 container templates
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

This aims to add basic support for the Open Container Initiative image
format according to the specification. [0]

[0] https://github.com/opencontainers/image-spec/blob/main/spec.md

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
 src/PVE/API2/LXC.pm | 53 ++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 50 insertions(+), 3 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 5c6ee57..520b926 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -19,9 +19,11 @@ use PVE::Storage;
 use PVE::RESTHandler;
 use PVE::RPCEnvironment;
 use PVE::ReplicationConfig;
+use PVE::RS::OCI;
 use PVE::LXC;
 use PVE::LXC::Create;
 use PVE::LXC::Migrate;
+use PVE::LXC::Namespaces;
 use PVE::GuestHelpers;
 use PVE::VZDump::Plugin;
 use PVE::API2::LXC::Config;
@@ -484,9 +486,54 @@ __PACKAGE__->register_method({
 		eval {
 		    my $rootdir = PVE::LXC::mount_all($vmid, $storage_cfg, $conf, 1);
 		    $bwlimit = PVE::Storage::get_bandwidth_limit('restore', [keys %used_storages], $bwlimit);
-		    print "restoring '$archive' now..\n"
-			if $restore && $archive ne '-';
-		    PVE::LXC::Create::restore_archive($storage_cfg, $archive, $rootdir, $conf, $ignore_unpack_errors, $bwlimit);
+		    my $oci_config;
+
+		    if ($restore && $archive ne '-') {
+			print "restoring '$archive' now..\n";
+		    } else {
+			# Try interpreting the file as an OCI image first.
+			# If it fails, treat it as an LXC template instead.
+			my $archivepath = PVE::Storage::abs_filesystem_path($storage_cfg, $archive);
+			my ($id_map, $root_uid, $root_gid) = PVE::LXC::parse_id_maps($conf);
+			$oci_config = PVE::LXC::Namespaces::run_in_userns(sub {
+			    return PVE::RS::OCI::parse_oci_image($archivepath, $rootdir);
+			}, $id_map);
+		    }
+
+		    if (defined($oci_config)) {
+			# OCI image extracted successfully
+
+			# Set the entrypoint and arguments if specified by the OCI image
+			my @init_cmd = ();
+			push(@init_cmd, $oci_config->{Entrypoint}) if $oci_config->{Entrypoint};
+			push(@init_cmd, $oci_config->{Cmd}) if $oci_config->{Cmd};
+			if (@init_cmd) {
+			    my $init_cmd_str = join(' ', @{ $init_cmd[0] });
+			    push @{$conf->{lxc}}, ['lxc.init.cmd', $init_cmd_str];
+			    # An entrypoint other than /sbin/init breaks the tty console mode.
+			    # This is fixed by setting cmode: console
+			    $conf->{cmode} = 'console';
+			}
+
+			push @{$conf->{lxc}}, ['lxc.init.cwd', $oci_config->{WorkingDir}]
+			    if ($oci_config->{WorkingDir});
+
+			if (my $envs = $oci_config->{Env}) {
+			    for my $env (@{$envs}) {
+				push @{$conf->{lxc}}, ['lxc.environment', $env];
+			    }
+			}
+		    } else {
+			# Not an OCI image, so restore it as an LXC image instead
+			PVE::LXC::Create::restore_archive(
+			    $storage_cfg,
+			    $archive,
+			    $rootdir,
+			    $conf,
+			    $ignore_unpack_errors,
+			    $bwlimit
+			);
+		    }
 
 		    if ($restore) {
 			print "merging backed-up and given configuration..\n";
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel