Skip to content

L
lxc
Switch branch/tag
  1. 28 Apr, 2015 3 commits
  3. 24 Apr, 2015 2 commits
  5. 22 Apr, 2015 9 commits
    • use poll instead of select · 2366b8a7
      Serge Hallyn authored 
      Particularly when using the go-lxc api with lots of threads, it
happens that if the open files limit is > 1024, we will try to
select on fd > 1024 which breaks on glibc.

So use poll instead of select.
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
    • logs: introduce a thread-local 'current' lxc_config (v2) · 858377e4
      Serge Hallyn authored 
      The logging code uses a global log_fd and log_level to direct
logging (ERROR(), etc).  While the container configuration file allows
for lxc.loglevel and lxc.logfile, those are only used at configuration
file read time to set the global variables.  This works ok in the
lxc front-end programs, but becomes a problem with threaded API users.

The simplest solution would be to not allow per-container configuration
files, but it'd be nice to avoid that.

Passing a logfd or lxc_conf into every ERROR/INFO/etc call is "possible",
but would be a huge complication as there are many functions, including
struct member functions and callbacks, which don't have that info and
would need to get it from somewhere.

So the approach I'm taking here is to say that all real container work
is done inside api calls, and therefore the API calls themselves can
set a thread-local variable indicating which log info to use.  If
unset, then use the global values.  The lxc-* programs, when called
with a '-o logfile' argument, set a global variable to indicate that
the user-specified value should be used.

In this patch:

If the lxc container configuration specifies a loglevel/logfile, only
set the lxc_config's logfd and loglevel according to those, not the
global values.

Each API call is wrapped to set/unset the current_config.  (The few
exceptions are calls which do not result in any log actions)

Update logfile appender to use the logfile specified in lxc_conf if (a)
current_config is set and (b) the lxc-* command did not override it.

Changelog (2015-04-21):
	. always re-set current_config to NULL at end of an API
	  call, rather than storing the previous value.  We don't
	  nest API calls.
	. remove the log_lock stuff which wasn't used
	. lxc_conf_free: if the config is current_config, set
	  current_config to NULL.  (It can't be another thread's
	  current_config, or we wouldn't be freeing it)
	. lxc_check_inherited: don't close fd if it is the
	  current_config->logfd.  Note this is only called when
	  starting a container, so we have no other threads at
	  this point.

Changelog (2015-04-22)
	. Unset the per-container logfd on destroy
	.
	. Do so before we rm the containerdir.  Otherwise if the logfile is set
	. to $lxcpath/$name/log, the containerdir won't be fully deleted.
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
    • lxc-busybox: add OpenSSH support · ed52814c
      Bogdan Purcareata authored 
      Add an additional template parameter for SSH support in the container. Currently
this can be implemented using the Dropbear or OpenSSH utility. The respective
tool needs to be available on the host Linux.

If the parameter is omitted, the template will look for the Dropbear utility on
the host and install it if it is available (legacy behavior).

Adding OpenSSH support has been done following the model in the lxc-sshd
template.
Signed-off-by: 's avatarBogdan Purcareata <bogdan.purcareata@freescale.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
    • c/r: re-open fds after clone() · 507cee36
      Tycho Andersen authored 
      If we don't re-open these after clone, the init process has a pointer to the
parent's /dev/{zero,null}. CRIU seese these and wants to dump the parent's
mount namespace, which is unnecessary. Instead, we should just re-open
stdin/out/err after we do the clone and pivot root, to ensure that we have
pointers to the devcies in init's rootfs instead of the host's.

v2: Only close fds if the container was daemonized. This didn't turn out as
    nicely as described on the list because lxc_start() doesn't actually have
    the struct lxc_container, so it cant see the flag. Instead, we just pass it
    down everywhere.
Signed-off-by: 's avatarTycho Andersen <tycho.andersen@canonical.com>
Acked-by: 's avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
    • c/r: enable hugetlbfs in criu · dd62857a
      Tycho Andersen authored 
      In vivid containers hugetlbfs is mounted, but it is not one of the hardcoded
fses in criu, so we need to tell criu that it is okay to automount it.
Signed-off-by: 's avatarTycho Andersen <tycho.andersen@canonical.com>
Acked-by: 's avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
    • c/r: check version of criu · 8ba5ced7
      Tycho Andersen authored 
      Note that we allow both a tagged version or a git build that has sufficient
patches for the features we require.

v2: close criu's stderr too
Signed-off-by: 's avatarTycho Andersen <tycho.andersen@canonical.com>
Acked-by: 's avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
    • c/r: move criu code to its own file · e29fe1dd
      Tycho Andersen authored 
      Trying to cage the beast that is lxccontainer.c.
Signed-off-by: 's avatarTycho Andersen <tycho.andersen@canonical.com>
Acked-by: 's avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
    • c/r: use criu option instead of lxc-restore-net · cba98d12
      Tycho Andersen authored 
      As of criu 1.5, the --veth-pair argument supports an additional parameter that
is the bridge name to attach to. This enables us to get rid of the goofy
action-script hack that passed bridge names as environment variables.

This patch is on top of the systemd/lxcfs mount rework patch, as we probably
want to wait to use 1.5 options until it has been out for a while and is in
distros.
Signed-off-by: 's avatarTycho Andersen <tycho.andersen@canonical.com>
Acked-by: 's avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
    • c/r: rework external mountpoint handling v4 · 40962b64
      Tycho Andersen authored 
      CRIU now supports autodetection of external mounts via the --ext-mount-map auto
--enable-external-sharing --enable-external-masters options, so we don't need
to explicitly pass the cgmanager mount or any of the mounts from the config.
This also means that lxcfs mounts (since they are bind mounts from outside the
container) are autodetected, meaning that c/r of containers using lxcfs works.

A further advantage of this patch is that it addresses some of the ugliness
that was in the exec_criu() function. There are other criu options that will
allow us to trim this even further, though.

Finally, with --enable-external-masters, criu understands slave mounts in the
container with shared mounts in the peer group that are outside the namespace.
This allows containers on a systemd host to be dumped and restored correctly.

However, these options have just landed in criu trunk today, and the next
tagged release will be 1.6 on June 1, so we should avoid merging this into any
stable releases until then.

v2: remount / as private before bind mounting the container's directory for
    criu. The problem here is that if / is mounted as shared, even if we
    unshare() the /var/lib/lxc/rootfs mountpoint propagates outside of our
    mount namespace, which is bad, since we don't want to leak mounts. In
    particular, this leak confuses criu the second time it goes to checkpoint
    the container.

v3: whoops, we really want / as MS_SLAVE | MS_REC here, to match what start
    does

v4: rebase onto master for revert of logging patch
Signed-off-by: 's avatarTycho Andersen <tycho.andersen@canonical.com>
Acked-by: 's avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
  7. 14 Apr, 2015 4 commits
  9. 13 Apr, 2015 7 commits
  11. 10 Apr, 2015 2 commits
  13. 07 Apr, 2015 1 commit
  15. 06 Apr, 2015 12 commits