[pve-devel] [RFC pve-container 1/6] mount in pre-start, unmount in post-stop

Wolfgang Bumiller w.bumiller at proxmox.com
Thu Nov 12 14:00:24 CET 2015 

Mounting needs access to the pve storage, so when adding
userns support to containers we need to mount at a time
where we still have access.

Besides, with this change we now also mount the rootfs
ourselves which makes it a more generic solution.
---
 src/Makefile              |   3 +-
 src/PVE/LXC.pm            |   5 +-
 src/lxc-pve-mount-hook    | 139 ----------------------------------------------
 src/lxc-pve-poststop-hook |   4 ++
 src/lxc-pve-prestart-hook |  39 ++++++++++++-
 src/lxc-pve.conf          |   1 -
 6 files changed, 43 insertions(+), 148 deletions(-)
 delete mode 100755 src/lxc-pve-mount-hook

diff --git a/src/Makefile b/src/Makefile
index 2ad69c3..c9ca2ac 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -40,7 +40,7 @@ pct.conf.5.pod: gen-pct-conf-pod.pl PVE/LXC.pm
 	mv $@.tmp $@
 
 .PHONY: install
-install: pct lxc-pve.conf lxc-pve-prestart-hook lxc-pve-mount-hook lxc-pve-poststop-hook lxcnetaddbr pct.1.pod pct.1.gz pct.conf.5.pod pct.conf.5.gz pve-update-lxc-config pct.bash-completion
+install: pct lxc-pve.conf lxc-pve-prestart-hook lxc-pve-poststop-hook lxcnetaddbr pct.1.pod pct.1.gz pct.conf.5.pod pct.conf.5.gz pve-update-lxc-config pct.bash-completion
 	perl -I. -T -e "use PVE::CLI::pct; PVE::CLI::pct->verify_api();"
 	install -d ${SBINDIR}
 	install -m 0755 pct ${SBINDIR}
@@ -49,7 +49,6 @@ install: pct lxc-pve.conf lxc-pve-prestart-hook lxc-pve-mount-hook lxc-pve-posts
 	install -m 0755 lxcnetaddbr ${LXC_SCRIPT_DIR}
 	install -d ${LXC_HOOK_DIR}
 	install -m 0755 lxc-pve-prestart-hook ${LXC_HOOK_DIR}
-	install -m 0755 lxc-pve-mount-hook ${LXC_HOOK_DIR}
 	install -m 0755 lxc-pve-poststop-hook ${LXC_HOOK_DIR}
 	install -d ${LXC_COMMON_CONFIG_DIR}
 	install -m 0644 lxc-pve.conf ${LXC_COMMON_CONFIG_DIR}/01-pve.conf
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 23fb29e..dc6d318 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -1091,11 +1091,8 @@ sub update_lxc_config {
 
     my $mountpoint = parse_ct_mountpoint($conf->{rootfs});
     $mountpoint->{mp} = '/';
-    
-    my ($path, $use_loopdev) = mountpoint_mount_path($mountpoint, $storage_cfg);
-    $path = "loop:$path" if $use_loopdev;
 
-    $raw .= "lxc.rootfs = $path\n";
+    $raw .= "lxc.rootfs = $dir/rootfs\n";
 
     my $netcount = 0;
     foreach my $k (keys %$conf) {
diff --git a/src/lxc-pve-mount-hook b/src/lxc-pve-mount-hook
deleted file mode 100755
index 093b805..0000000
--- a/src/lxc-pve-mount-hook
+++ /dev/null
@@ -1,139 +0,0 @@
-#!/usr/bin/perl
-
-package lxc_pve_mount_hook;
-
-use strict;
-use warnings;
-
-exit 0 if $ENV{LXC_NAME} && $ENV{LXC_NAME} !~ /^\d+$/;
-
-use POSIX;
-use File::Path;
-use Fcntl ':mode';
-
-use PVE::SafeSyslog;
-use PVE::Tools;
-use PVE::Cluster;
-use PVE::RPCEnvironment;
-use PVE::JSONSchema qw(get_standard_option);
-use PVE::CLIHandler;
-use PVE::Storage;
-use PVE::LXC;
-use PVE::LXC::Setup;
-use Data::Dumper;
-
-use base qw(PVE::CLIHandler);
-
-__PACKAGE__->register_method ({
-    name => 'lxc-pve-mount-hook',
-    path => 'lxc-pve-mount-hook',
-    method => 'GET',
-    description => "Create a new container root directory.",
-    parameters => {
-    	additionalProperties => 0,
-	properties => {
-	    name => {
-		description => "The container name. This hook is only active for containers using numeric IDs, where configuration is stored on /etc/pve/lxc/<name>.conf (else it is just a NOP).",
-		type => 'string',
-		pattern => '\S+',
-		maxLength => 64,
-	    },
-	    path => {
-		description => "The path to the container configuration directory (LXC internal argument - do not pass manually!).",
-		type => 'string',
-	    },
-	    rootfs => {
-		description => "The path to the container's rootfs (LXC internal argument - do not pass manually!)",
-		type => 'string',
-	    },
-	},
-    },
-    returns => { type => 'null' },
-
-    code => sub {
-	my ($param) = @_;
-
-	my $private = $param->{rootfs};
-
-	return undef if $param->{name} !~ m/^\d+$/;
-
-	my $vmid = $param->{name};
-	
-	# Note: PVE::INotify::nodename() returns wrong value when run
-	# inside container mount hook, so we cannot simply 
-	# use PVE::LXC::load_conf().
-
-	my $config_filename = "/etc/pve/lxc/$param->{name}.conf";
-
-	return undef if ! -f $config_filename;
-	
-	my $raw = PVE::Tools::file_get_contents($config_filename);
-	my $conf = PVE::LXC::parse_pct_config($config_filename, $raw);
-	
-	my $rootdir = $ENV{LXC_ROOTFS_MOUNT};
-
-	# Note: PVE::Storage::config() does not work here
-	my $fn = "/etc/pve/storage.cfg";
-	$raw = -f $fn ? PVE::Tools::file_get_contents($fn) : '';
-	my $storage_cfg = PVE::Storage::Plugin->parse_config($fn, $raw);
-
-	my $setup_mountpoint = sub {
-	    my ($ms, $mountpoint) = @_;
-
-	    return if $ms eq 'rootfs';
-	    PVE::LXC::mountpoint_mount($mountpoint, $rootdir, $storage_cfg);
-	};
-
-	my $setup_cgroup_device = sub {
-	    my ($ms, $mountpoint) = @_;
-
-	    my $volid = $mountpoint->{volume};
-	    return if !$volid || $volid !~ m|^/dev/.+|;
-
-	    my $path = PVE::LXC::mountpoint_mount_path($mountpoint, $storage_cfg);
-
-	    my (undef, undef, $mode, undef, undef, undef, $rdev) = stat($path);
-	    if ($mode && S_ISBLK($mode) && $rdev) {
-		my $major = int($rdev / 0x100);
-		my $minor = $rdev % 0x100;
-		if ($major != 7) { # must not be a loop device
-		    PVE::Tools::run_command(['mknod', '-m', '666', "$rootdir$path", 'b', $major, $minor]);
-		    PVE::LXC::write_cgroup_value("devices", $vmid, "devices.allow", "b ${major}:${minor} rwm");
-		}
-	    }
-	};
-
-	PVE::LXC::foreach_mountpoint($conf, $setup_mountpoint);
-
-	PVE::LXC::foreach_mountpoint($conf, $setup_cgroup_device);
-
-	my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir);
-	$lxc_setup->pre_start_hook();
-	
-	return undef;
-    }});
-
-
-push @ARGV, 'help' if !scalar(@ARGV);
-
-my $param = {};
-
-if ((scalar(@ARGV) == 3) && ($ARGV[1] eq 'lxc') && ($ARGV[2] eq 'mount')) {
-    $param->{name} = $ENV{'LXC_NAME'};
-    die "got wrong name" if $param->{name} ne $ARGV[0];
-
-    $param->{path} = $ENV{'LXC_CONFIG_FILE'};
-    $param->{rootfs} = $ENV{'LXC_ROOTFS_PATH'};
-    @ARGV = ();
-} else {
-    @ARGV = ('help');
-}
-
-our $cmddef = [ __PACKAGE__, 'lxc-pve-mount-hook', [], $param];
-
-# we cannot use cfs_read here (permission problem)
-# $rpcenv->init_request();
-# PVE::INotify::nodename() also returns wrong value!
-# so we pass 'no_init'
-
-__PACKAGE__->run_cli_handler(no_init => 1);
diff --git a/src/lxc-pve-poststop-hook b/src/lxc-pve-poststop-hook
index 8f19f63..4415ee3 100755
--- a/src/lxc-pve-poststop-hook
+++ b/src/lxc-pve-poststop-hook
@@ -56,6 +56,10 @@ __PACKAGE__->register_method ({
 	my $storage_cfg = PVE::Storage::config();
 
         PVE::LXC::vm_stop_cleanup($storage_cfg, $vmid, $conf);
+
+	my $rootfs = $ENV{LXC_ROOTFS_PATH};
+	die "Missing container root directory!\n" if !$rootfs;
+	PVE::Tools::run_command(['umount', '--recursive', $rootfs]);
 	
 	return undef;
     }});
diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook
index aad90e7..e88911d 100755
--- a/src/lxc-pve-prestart-hook
+++ b/src/lxc-pve-prestart-hook
@@ -9,6 +9,7 @@ exit 0 if $ENV{LXC_NAME} && $ENV{LXC_NAME} !~ /^\d+$/;
 
 use POSIX;
 use File::Path;
+use Fcntl ':mode';
 
 use PVE::SafeSyslog;
 use PVE::Tools;
@@ -19,6 +20,7 @@ use PVE::JSONSchema qw(get_standard_option);
 use PVE::CLIHandler;
 use PVE::Storage;
 use PVE::LXC;
+use PVE::LXC::Setup;
 use Data::Dumper;
 
 use base qw(PVE::CLIHandler);
@@ -54,8 +56,6 @@ __PACKAGE__->register_method ({
 
 	return undef if $param->{name} !~ m/^\d+$/;
 
-        my $rootdir = $ENV{LXC_ROOTFS_MOUNT};
-
 	my $vmid = $param->{name};
 
 	PVE::Cluster::check_cfs_quorum(); # only start if we have quorum
@@ -70,6 +70,41 @@ __PACKAGE__->register_method ({
 	my $loopdevlist = PVE::LXC::get_vm_volumes($conf, 'rootfs');
 
 	PVE::Storage::activate_volumes($storage_cfg, $vollist);
+
+	my $rootdir = $param->{rootfs};
+
+	my $setup_mountpoint = sub {
+	    my ($ms, $mountpoint) = @_;
+
+	    #return if $ms eq 'rootfs';
+	    PVE::LXC::mountpoint_mount($mountpoint, $rootdir, $storage_cfg);
+	};
+
+	my $setup_cgroup_device = sub {
+	    my ($ms, $mountpoint) = @_;
+
+	    my $volid = $mountpoint->{volume};
+	    return if !$volid || $volid !~ m|^/dev/.+|;
+
+	    my $path = PVE::LXC::mountpoint_mount_path($mountpoint, $storage_cfg);
+
+	    my (undef, undef, $mode, undef, undef, undef, $rdev) = stat($path);
+	    if ($mode && S_ISBLK($mode) && $rdev) {
+		my $major = int($rdev / 0x100);
+		my $minor = $rdev % 0x100;
+		if ($major != 7) { # must not be a loop device
+		    PVE::Tools::run_command(['mknod', '-m', '666', "$rootdir$path", 'b', $major, $minor]);
+		    PVE::LXC::write_cgroup_value("devices", $vmid, "devices.allow", "b ${major}:${minor} rwm");
+		}
+	    }
+	};
+
+	PVE::LXC::foreach_mountpoint($conf, $setup_mountpoint);
+
+	PVE::LXC::foreach_mountpoint($conf, $setup_cgroup_device);
+
+	my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir);
+	$lxc_setup->pre_start_hook();
 	return undef;
     }});
 
diff --git a/src/lxc-pve.conf b/src/lxc-pve.conf
index 14dae1a..07a1818 100644
--- a/src/lxc-pve.conf
+++ b/src/lxc-pve.conf
@@ -1,4 +1,3 @@
 lxc.hook.pre-start = /usr/share/lxc/hooks/lxc-pve-prestart-hook
-lxc.hook.mount = /usr/share/lxc/hooks/lxc-pve-mount-hook
 lxc.hook.post-stop = /usr/share/lxc/hooks/lxc-pve-poststop-hook
 x
-- 
2.1.4

More information about the pve-devel mailing list