From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id DA4DA1FF187 for ; Mon, 8 Sep 2025 17:06:19 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7FD8615A58; Mon, 8 Sep 2025 17:06:22 +0200 (CEST) From: Filip Schauer To: pve-devel@lists.proxmox.com Date: Mon, 8 Sep 2025 17:02:10 +0200 Message-ID: <20250908150224.155373-8-f.schauer@proxmox.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250908150224.155373-1-f.schauer@proxmox.com> References: <20250908150224.155373-1-f.schauer@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1757343927040 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.012 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH container v4 07/15] add support for OCI images as container templates X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" This aims to add basic support for the Open Container Initiative image format according to the specification. [0] [0] https://github.com/opencontainers/image-spec/blob/main/spec.md Signed-off-by: Filip Schauer --- This patch depends on changes made to proxmox-perl-rs in patch 04/15. Meaning that proxmox-perl-rs needs to be bumped and a dependency & build dependency to libpve-rs-perl needs to be added to debian/control. Changed since v3: * correctly handle case where $archive is '-' * replace unnecessary regex comparisons with `eq` * pass environment variables to container via `lxc.container.runtime` Changed since v2: * rebase onto newest master (5a8b3f962f16) and re-format with proxmox-perltidy * check whether archive is an OCI image before trying to parse it as one Changed since v1: * fix entrypoint command missing Cmd * set lxc.signal.halt according to StopSignal (Fixes container shutdown) src/PVE/API2/LXC.pm | 94 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 84 insertions(+), 10 deletions(-) diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm index 1f89c87..bc87bc3 100644 --- a/src/PVE/API2/LXC.pm +++ b/src/PVE/API2/LXC.pm @@ -19,9 +19,11 @@ use PVE::Storage; use PVE::RESTHandler; use PVE::RPCEnvironment; use PVE::ReplicationConfig; +use PVE::RS::OCI; use PVE::LXC; use PVE::LXC::Create; use PVE::LXC::Migrate; +use PVE::LXC::Namespaces; use PVE::GuestHelpers; use PVE::VZDump::Plugin; use PVE::API2::LXC::Config; @@ -529,19 +531,91 @@ __PACKAGE__->register_method({ eval { my $rootdir = PVE::LXC::mount_all($vmid, $storage_cfg, $conf, 1); + my $archivepath = '-'; + $archivepath = PVE::Storage::abs_filesystem_path($storage_cfg, $archive) + if ($archive ne '-'); $bwlimit = PVE::Storage::get_bandwidth_limit( 'restore', [keys %used_storages], $bwlimit, ); - print "restoring '$archive' now..\n" - if $restore && $archive ne '-'; - PVE::LXC::Create::restore_archive( - $storage_cfg, - $archive, - $rootdir, - $conf, - $ignore_unpack_errors, - $bwlimit, - ); + my $is_oci = 0; + + if ($restore && $archive ne '-') { + print "restoring '$archive' now..\n"; + } elsif ($archivepath =~ /\.tar$/) { + # Check whether archive is an OCI image + my ($has_oci_layout, $has_index_json, $has_blobs) = (0, 0, 0); + PVE::Tools::run_command( + ['tar', '-tf', $archivepath], + outfunc => sub { + my $line = shift; + $has_oci_layout = 1 if $line eq 'oci-layout'; + $has_index_json = 1 if $line eq 'index.json'; + $has_blobs = 1 if $line =~ /^blobs\//m; + }, + ); + + $is_oci = 1 if $has_oci_layout && $has_index_json && $has_blobs; + } + + if ($is_oci) { + # Extract the OCI image + my ($id_map, undef, undef) = PVE::LXC::parse_id_maps($conf); + my $oci_config = PVE::LXC::Namespaces::run_in_userns( + sub { + PVE::RS::OCI::parse_and_extract_image($archivepath, $rootdir); + }, + $id_map, + ); + + # Set the entrypoint and arguments if specified by the OCI image + my @init_cmd = (); + push(@init_cmd, @{ $oci_config->{Entrypoint} }) + if $oci_config->{Entrypoint}; + push(@init_cmd, @{ $oci_config->{Cmd} }) if $oci_config->{Cmd}; + if (@init_cmd) { + my $init_cmd_str = shift(@init_cmd); + if (@init_cmd) { + $init_cmd_str .= ' '; + $init_cmd_str .= join( + ' ', + map { + my $s = $_; + $s =~ s/"/\\"/g; + qq{"$_"} + } @init_cmd, + ); + } + if ($init_cmd_str ne '/sbin/init') { + push @{ $conf->{lxc} }, ['lxc.init.cmd', $init_cmd_str]; + + # An entrypoint other than /sbin/init breaks the tty console mode. + # This is fixed by setting cmode: console + $conf->{cmode} = 'console'; + } + } + + push @{ $conf->{lxc} }, ['lxc.init.cwd', $oci_config->{WorkingDir}] + if ($oci_config->{WorkingDir}); + + if (my $envs = $oci_config->{Env}) { + for my $env (@{$envs}) { + push @{ $conf->{lxc} }, ['lxc.environment.runtime', $env]; + } + } + + my $stop_signal = $oci_config->{StopSignal} // "SIGTERM"; + push @{ $conf->{lxc} }, ['lxc.signal.halt', $stop_signal]; + } else { + # Not an OCI image, so restore it as an LXC image instead + PVE::LXC::Create::restore_archive( + $storage_cfg, + $archive, + $rootdir, + $conf, + $ignore_unpack_errors, + $bwlimit, + ); + } if ($restore) { print "merging backed-up and given configuration..\n"; -- 2.47.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel