From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id D67C71FF17C for ; Wed, 9 Jul 2025 14:34:26 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 99AAFB1C3; Wed, 9 Jul 2025 14:35:02 +0200 (CEST) From: Filip Schauer To: pve-devel@lists.proxmox.com Date: Wed, 9 Jul 2025 14:34:21 +0200 Message-ID: <20250709123435.64796-5-f.schauer@proxmox.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250709123435.64796-1-f.schauer@proxmox.com> References: <20250709123435.64796-1-f.schauer@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.016 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [lxc.pm] Subject: [pve-devel] [PATCH container v3 04/13] add support for OCI images as container templates X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" This aims to add basic support for the Open Container Initiative image format according to the specification. [0] [0] https://github.com/opencontainers/image-spec/blob/main/spec.md Signed-off-by: Filip Schauer --- This patch depends on changes made to proxmox-perl-rs in patch 03/13. Meaning that proxmox-perl-rs needs to be bumped and a dependency & build dependency to libpve-rs-perl needs to be added to debian/control. Changed since v2: * rebase onto newest master (5a8b3f962f16) and re-format with proxmox-perltidy * check whether archive is an OCI image before trying to parse it as one Changed since v1: * fix entrypoint command missing Cmd * set lxc.signal.halt according to StopSignal (Fixes container shutdown) src/PVE/API2/LXC.pm | 96 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 86 insertions(+), 10 deletions(-) diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm index 28f7fdd..45c5cef 100644 --- a/src/PVE/API2/LXC.pm +++ b/src/PVE/API2/LXC.pm @@ -19,9 +19,11 @@ use PVE::Storage; use PVE::RESTHandler; use PVE::RPCEnvironment; use PVE::ReplicationConfig; +use PVE::RS::OCI; use PVE::LXC; use PVE::LXC::Create; use PVE::LXC::Migrate; +use PVE::LXC::Namespaces; use PVE::GuestHelpers; use PVE::VZDump::Plugin; use PVE::API2::LXC::Config; @@ -523,19 +525,93 @@ __PACKAGE__->register_method({ eval { my $rootdir = PVE::LXC::mount_all($vmid, $storage_cfg, $conf, 1); + my $archivepath = PVE::Storage::abs_filesystem_path($storage_cfg, $archive); $bwlimit = PVE::Storage::get_bandwidth_limit( 'restore', [keys %used_storages], $bwlimit, ); - print "restoring '$archive' now..\n" - if $restore && $archive ne '-'; - PVE::LXC::Create::restore_archive( - $storage_cfg, - $archive, - $rootdir, - $conf, - $ignore_unpack_errors, - $bwlimit, - ); + my $is_oci = 0; + + if ($restore && $archive ne '-') { + print "restoring '$archive' now..\n"; + } elsif ($archivepath =~ /\.tar$/) { + # Check whether archive is an OCI image + my $has_oci_layout = 0; + my $has_index_json = 0; + my $has_blobs = 0; + PVE::Tools::run_command( + ['tar', '-tf', $archivepath], + outfunc => sub { + my $line = shift; + $has_oci_layout = 1 if $line =~ /^oci-layout$/m; + $has_index_json = 1 if $line =~ /^index\.json$/m; + $has_blobs = 1 if $line =~ /^blobs\//m; + }, + ); + + $is_oci = 1 if $has_oci_layout && $has_index_json && $has_blobs; + } + + if ($is_oci) { + # Extract the OCI image + my ($id_map, undef, undef) = PVE::LXC::parse_id_maps($conf); + my $oci_config = PVE::LXC::Namespaces::run_in_userns( + sub { + PVE::RS::OCI::parse_and_extract_image( + $archivepath, $rootdir, + ); + }, + $id_map, + ); + + # Set the entrypoint and arguments if specified by the OCI image + my @init_cmd = (); + push(@init_cmd, @{ $oci_config->{Entrypoint} }) + if $oci_config->{Entrypoint}; + push(@init_cmd, @{ $oci_config->{Cmd} }) if $oci_config->{Cmd}; + if (@init_cmd) { + my $init_cmd_str = shift(@init_cmd); + if (@init_cmd) { + $init_cmd_str .= ' '; + $init_cmd_str .= join( + ' ', + map { + my $s = $_; + $s =~ s/"/\\"/g; + qq{"$_"} + } @init_cmd, + ); + } + if ($init_cmd_str ne '/sbin/init') { + push @{ $conf->{lxc} }, ['lxc.init.cmd', $init_cmd_str]; + + # An entrypoint other than /sbin/init breaks the tty console mode. + # This is fixed by setting cmode: console + $conf->{cmode} = 'console'; + } + } + + push @{ $conf->{lxc} }, ['lxc.init.cwd', $oci_config->{WorkingDir}] + if ($oci_config->{WorkingDir}); + + if (my $envs = $oci_config->{Env}) { + for my $env (@{$envs}) { + push @{ $conf->{lxc} }, ['lxc.environment', $env]; + } + } + + my $stop_signal = $oci_config->{StopSignal} // "SIGTERM"; + push @{ $conf->{lxc} }, ['lxc.signal.halt', $stop_signal]; + } else { + # Not an OCI image, so restore it as an LXC image instead + PVE::LXC::Create::restore_archive( + $storage_cfg, + $archive, + $rootdir, + $conf, + $ignore_unpack_errors, + $bwlimit, + ); + } if ($restore) { print "merging backed-up and given configuration..\n"; -- 2.47.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel