Merge pull request #2013 from 3XX0/oci-dhcp-improvements

.gitignore

@@ -136,8 +136,7 @@ doc/manpage.refs
 doc/api/html/*
 
 hooks/unmount-namespace
-hooks/dhclient-start
-hooks/dhclient-stop
+hooks/dhclient
 
 m4/
 

config/init/common/lxc-net.in

@@ -16,6 +16,7 @@ LXC_NETWORK="10.0.3.0/24"
 LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
 LXC_DHCP_MAX="253"
 LXC_DHCP_CONFILE=""
+LXC_DHCP_PING="true"
 LXC_DOMAIN=""
 
 LXC_IPV6_ADDR=""
@@ -127,7 +128,12 @@ start() {
         fi
     done
 
-    dnsmasq $LXC_DHCP_CONFILE_ARG $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} \
+    LXC_DHCP_PING_ARG=""
+    if [ "x$LXC_DHCP_PING" = "xfalse" ]; then
+        LXC_DHCP_PING_ARG="--no-ping"
+    fi
+
+    dnsmasq $LXC_DHCP_CONFILE_ARG $LXC_DOMAIN_ARG $LXC_DHCP_PING_ARG -u ${DNSMASQ_USER} \
             --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid \
             --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} \
             --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override \

config/templates/Makefile.am

@@ -21,6 +21,7 @@ templatesconfig_DATA = \
 	gentoo.moresecure.conf \
 	gentoo.userns.conf \
 	nesting.conf \
+	oci.common.conf \
 	opensuse.common.conf \
 	opensuse.userns.conf \
 	oracle.common.conf \

config/templates/oci.common.conf.in

+# Uncomment the following if you want to use DHCP for OCI containers
+#lxc.hook.start-host = @LXCHOOKDIR@/dhclient
+#lxc.hook.stop = @LXCHOOKDIR@/dhclient

configure.ac

@@ -737,6 +737,7 @@ AC_CONFIG_FILES([
 	config/templates/gentoo.moresecure.conf
 	config/templates/gentoo.userns.conf
 	config/templates/nesting.conf
+	config/templates/oci.common.conf
 	config/templates/opensuse.common.conf
 	config/templates/opensuse.userns.conf
 	config/templates/oracle.common.conf
@@ -889,8 +890,7 @@ AC_CONFIG_FILES([
 	doc/ko/see_also.sgml
 
 	hooks/Makefile
-	hooks/dhclient-start
-	hooks/dhclient-stop
+	hooks/dhclient
 
 	templates/Makefile
 	templates/lxc-alpine

hooks/Makefile.am

@@ -6,8 +6,7 @@ hooks_SCRIPTS = \
 	mountecryptfsroot \
 	ubuntu-cloud-prep \
 	dhclient-script \
-	dhclient-start \
-	dhclient-stop \
+	dhclient \
 	squid-deb-proxy-client \
 	nvidia
 

hooks/dhclient-start.in

-#! /bin/bash
-
-set -e
-
-LXC_HOOK_DIR="@LXCHOOKDIR@"
-
-rootfs="${LXC_ROOTFS_PATH##*:}"
-pidfile="${rootfs%/*}/dhclient.pid"
-
-mkdir -p "${rootfs}/var/lib/dhclient"
-
-nsenter -u -U -n -t "${LXC_PID}" -- \
-  /sbin/dhclient -nw -1 -pf ${pidfile} -lf ${rootfs}/var/lib/dhclient/dhclient.leases -e ROOTFS=${rootfs} -sf ${LXC_HOOK_DIR}/dhclient-script

hooks/dhclient-stop.in

-#! /bin/bash
-
-set -e
-
-LXC_HOOK_DIR="@LXCHOOKDIR@"
-
-rootfs="${LXC_ROOTFS_PATH##*:}"
-pidfile="${rootfs%/*}/dhclient.pid"
-
-# XXX Stop hook namespace arguments are wrong for some reason, those are the host namespaces not the container ones.
-# Retrieve the namespaces from the dhclient pidfile instead.
-nsenter -u -U -n -t $(< ${pidfile}) -- \
-  /sbin/dhclient -r -pf ${pidfile} -lf ${rootfs}/var/lib/dhclient/dhclient.leases -e ROOTFS=${rootfs} -sf ${LXC_HOOK_DIR}/dhclient-script
-
-rm -f ${pidfile}

hooks/dhclient.in

+#! /bin/bash
+
+set -eu
+
+LXC_DHCP_SCRIPT="@LXCHOOKDIR@/dhclient-script"
+LXC_DHCP_CONFIG="@SYSCONFDIR@/lxc/dhclient.conf"
+
+rootfs_path="${LXC_ROOTFS_PATH#*:}"
+hookdir="${rootfs_path/%rootfs/hook}"
+
+conffile_arg=""
+if [ -e "${LXC_DHCP_CONFIG}" ]; then
+    conffile_arg="-cf ${LXC_DHCP_CONFIG}"
+fi
+
+debugfile="/dev/null"
+if [ "${LXC_LOG_LEVEL}" = "DEBUG" ] || [ "${LXC_LOG_LEVEL}" = "TRACE" ]; then
+    debugfile="${hookdir}/dhclient.log"
+    echo "INFO: Writing dhclient log at ${debugfile}." >&2
+fi
+
+pidfile="${hookdir}/dhclient.pid"
+leasefile="${hookdir}/dhclient.leases"
+
+usage() {
+    echo "Usage: ${0##*/} <name> lxc {start-host|stop}"
+}
+
+dhclient_start() {
+    ns_args=("--uts" "--net")
+    if [ -z "$(readlink /proc/${LXC_PID}/ns/user /proc/self/ns/user | uniq -d)" ]; then
+        ns_args+=("--user")
+    fi
+
+    mkdir -p "${hookdir}"
+
+    if [ -e "${pidfile}" ]; then
+        echo "WARN: DHCP client is already running, skipping start hook." >> "${debugfile}"
+    else
+        echo "INFO: Starting DHCP client and acquiring a lease..." >> "${debugfile}"
+        nsenter ${ns_args[@]} --target "${LXC_PID}" -- \
+          /sbin/dhclient -1 ${conffile_arg} -pf "${pidfile}" -lf "${leasefile}" -e "ROOTFS=${rootfs_path}" -sf "${LXC_DHCP_SCRIPT}" -v >> "${debugfile}" 2>&1
+    fi
+}
+
+dhclient_stop() {
+    # We can't use LXC_PID here since the container process has exited,
+    # use the namespace file descriptors in the hook arguments instead.
+    ns_args=("")
+    if [ "${LXC_HOOK_VERSION:-0}" -eq 0 ]; then
+        for arg in "$@"; do
+            case "${arg}" in
+                uts:* | user:* | net:*) ns_args+=("--${arg/:/=}") ;;
+                *) ;;
+            esac
+        done
+    else
+        ns_args+=("--uts=${LXC_UTS_NS}")
+        ns_args+=("--net=${LXC_NET_NS}")
+        [ -n "${LXC_USER_NS:+x}" ] && ns_args+=("--user=${LXC_USER_NS}")
+    fi
+
+    if [ -e "${pidfile}" ]; then
+        echo "INFO: Stopping DHCP client and releasing leases..." >> "${debugfile}"
+        nsenter ${ns_args[@]} -- \
+          /sbin/dhclient -r ${conffile_arg} -pf "${pidfile}" -lf "${leasefile}" -e "ROOTFS=${rootfs_path}" -sf "${LXC_DHCP_SCRIPT}" -v >> "${debugfile}" 2>&1
+    else
+        echo "WARN: DHCP client is not running, skipping stop hook." >> "${debugfile}"
+    fi
+
+    # dhclient could fail to release the lease and shutdown, try to cleanup after ourselves just in case.
+    nsenter ${ns_args[@]} -- \
+      /bin/sh -c 'pkill --ns $$ --nslist net -f "^/sbin/dhclient"' || true
+    rm -f "${pidfile}"
+}
+
+HOOK_SECTION=
+HOOK_TYPE=
+case "${LXC_HOOK_VERSION:-0}" in
+    0) HOOK_SECTION="${2:-}"; HOOK_TYPE="${3:-}"; shift 3;;
+    1) HOOK_SECTION="${LXC_HOOK_SECTION:-}"; HOOK_TYPE="${LXC_HOOK_TYPE:-}";;
+    *) echo "ERROR: Unsupported hook version: ${LXC_HOOK_VERSION}." >&2; exit 1;;
+esac
+
+if [ "${HOOK_SECTION}" != "lxc" ]; then
+    echo "ERROR: Not running through LXC." >&2
+    exit 1
+fi
+
+case "${HOOK_TYPE}" in
+    start-host) dhclient_start $@;;
+    stop) dhclient_stop $@;;
+    *) usage; exit 1;;
+esac
+
+exit 0

templates/lxc-oci.in

@@ -36,6 +36,7 @@ done
 
 LOCALSTATEDIR="@LOCALSTATEDIR@"
 LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
+LXC_HOOK_DIR="@LXCHOOKDIR@"
 
 # Some useful functions
 cleanup() {
@@ -180,7 +181,7 @@ EOF
     return 0
 }
 
-options=$(getopt -o u:h -l help,url:,username:,password:,no-cache,\
+options=$(getopt -o u:h -l help,url:,username:,password:,no-cache,dhcp,\
 name:,path:,rootfs:,mapped-uid:,mapped-gid: -- "$@")
 
 if [ $? -ne 0 ]; then
@@ -193,6 +194,7 @@ OCI_URL=""
 OCI_USERNAME=
 OCI_PASSWORD=
 OCI_USE_CACHE="true"
+OCI_USE_DHCP="false"
 
 LXC_MAPPED_GID=
 LXC_MAPPED_UID=
@@ -207,6 +209,7 @@ while :; do
         --username)         OCI_USERNAME=$2; shift 2;;
         --password)         OCI_PASSWORD=$2; shift 2;;
         --no-cache)         OCI_USE_CACHE="false"; shift 1;;
+        --dhcp)             OCI_USE_DHCP="true"; shift 1;;
         --name)             LXC_NAME=$2; shift 2;;
         --path)             LXC_PATH=$2; shift 2;;
         --rootfs)           LXC_ROOTFS=$2; shift 2;;
@@ -313,6 +316,15 @@ if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ] && [ -e "${LXC_TEMP
     echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/userns.conf" >> "${LXC_CONF_FILE}"
 fi
 
+if [ -e "${LXC_TEMPLATE_CONFIG}/oci.common.conf" ]; then
+    echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/oci.common.conf" >> "${LXC_CONF_FILE}"
+fi
+
+if [ "${OCI_USE_DHCP}" = "true" ]; then
+    echo "lxc.hook.start-host = ${LXC_HOOK_DIR}/dhclient" >> "${LXC_CONF_FILE}"
+    echo "lxc.hook.stop = ${LXC_HOOK_DIR}/dhclient" >> "${LXC_CONF_FILE}"
+fi
+
 echo "lxc.uts.name = ${LXC_NAME}" >> "${LXC_CONF_FILE}"
 # set the hostname
 cat <<EOF > ${LXC_ROOTFS}/etc/hostname