[lxc-devel] [lxd/master] Bugfixes
stgraber on Github
lxc-bot at linuxcontainers.org
Fri Jul 8 20:50:46 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160708/b8707616/attachment.bin>
-------------- next part --------------
From b4280e05b92186fa05b05da8bc2c1966aedf6f42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 8 Jul 2016 15:43:20 -0400
Subject: [PATCH 1/4] Don't share http client with go routines
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2186
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxc/list.go | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/lxc/list.go b/lxc/list.go
index 6e2f9b7..a4863c3 100644
--- a/lxc/list.go
+++ b/lxc/list.go
@@ -231,6 +231,11 @@ func (c *listCmd) listContainers(d *lxd.Client, cinfos []shared.ContainerInfo, f
for i := 0; i < threads; i++ {
cStatesWg.Add(1)
go func() {
+ d, err := lxd.NewClient(&d.Config, d.Name)
+ if err != nil {
+ return
+ }
+
for {
cName, more := <-cStatesQueue
if !more {
@@ -251,6 +256,11 @@ func (c *listCmd) listContainers(d *lxd.Client, cinfos []shared.ContainerInfo, f
cSnapshotsWg.Add(1)
go func() {
+ d, err := lxd.NewClient(&d.Config, d.Name)
+ if err != nil {
+ return
+ }
+
for {
cName, more := <-cSnapshotsQueue
if !more {
From e7f54b51408a39c94df2be2b959bd19eb1792f31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 8 Jul 2016 15:58:19 -0400
Subject: [PATCH 2/4] Add comment to iptables rules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2125
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd-bridge/lxd-bridge | 36 ++++++++++++++++++------------------
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/lxd-bridge/lxd-bridge b/lxd-bridge/lxd-bridge
index f3c5f00..a1eab2a 100755
--- a/lxd-bridge/lxd-bridge
+++ b/lxd-bridge/lxd-bridge
@@ -113,7 +113,7 @@ start() {
if [ -n "${LXD_IPV4_ADDR}" ] && [ -n "${LXD_IPV4_NETMASK}" ] && [ -n "${LXD_IPV4_NETWORK}" ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward
if [ "${LXD_IPV4_NAT}" = "true" ]; then
- iptables "${use_iptables_lock}" -t nat -A POSTROUTING -s "${LXD_IPV4_NETWORK}" ! -d "${LXD_IPV4_NETWORK}" -j MASQUERADE
+ iptables "${use_iptables_lock}" -t nat -A POSTROUTING -s "${LXD_IPV4_NETWORK}" ! -d "${LXD_IPV4_NETWORK}" -j MASQUERADE -m comment --comment "managed by lxd-bridge"
fi
LXD_IPV4_ARG="--listen-address ${LXD_IPV4_ADDR} --dhcp-range ${LXD_IPV4_DHCP_RANGE} --dhcp-lease-max=${LXD_IPV4_DHCP_MAX}"
fi
@@ -131,18 +131,18 @@ start() {
ip -6 addr add dev "${LXD_BRIDGE}" "${LXD_IPV6_ADDR}/${LXD_IPV6_MASK}"
if [ "${LXD_IPV6_NAT}" = "true" ]; then
- ip6tables "${use_iptables_lock}" -t nat -A POSTROUTING -s "${LXD_IPV6_NETWORK}" ! -d "${LXD_IPV6_NETWORK}" -j MASQUERADE
+ ip6tables "${use_iptables_lock}" -t nat -A POSTROUTING -s "${LXD_IPV6_NETWORK}" ! -d "${LXD_IPV6_NETWORK}" -j MASQUERADE -m comment --comment "managed by lxd-bridge"
fi
LXD_IPV6_ARG="--dhcp-range=${LXD_IPV6_ADDR},ra-stateless,ra-names --listen-address ${LXD_IPV6_ADDR}"
fi
- iptables "${use_iptables_lock}" -I INPUT -i "${LXD_BRIDGE}" -p udp --dport 67 -j ACCEPT
- iptables "${use_iptables_lock}" -I INPUT -i "${LXD_BRIDGE}" -p tcp --dport 67 -j ACCEPT
- iptables "${use_iptables_lock}" -I INPUT -i "${LXD_BRIDGE}" -p udp --dport 53 -j ACCEPT
- iptables "${use_iptables_lock}" -I INPUT -i "${LXD_BRIDGE}" -p tcp --dport 53 -j ACCEPT
- iptables "${use_iptables_lock}" -I FORWARD -i "${LXD_BRIDGE}" -j ACCEPT
- iptables "${use_iptables_lock}" -I FORWARD -o "${LXD_BRIDGE}" -j ACCEPT
- iptables "${use_iptables_lock}" -t mangle -A POSTROUTING -o "${LXD_BRIDGE}" -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+ iptables "${use_iptables_lock}" -I INPUT -i "${LXD_BRIDGE}" -p udp --dport 67 -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables "${use_iptables_lock}" -I INPUT -i "${LXD_BRIDGE}" -p tcp --dport 67 -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables "${use_iptables_lock}" -I INPUT -i "${LXD_BRIDGE}" -p udp --dport 53 -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables "${use_iptables_lock}" -I INPUT -i "${LXD_BRIDGE}" -p tcp --dport 53 -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables "${use_iptables_lock}" -I FORWARD -i "${LXD_BRIDGE}" -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables "${use_iptables_lock}" -I FORWARD -o "${LXD_BRIDGE}" -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables "${use_iptables_lock}" -t mangle -A POSTROUTING -o "${LXD_BRIDGE}" -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -m comment --comment "managed by lxd-bridge"
LXD_DOMAIN_ARG=""
if [ -n "${LXD_DOMAIN}" ]; then
@@ -182,20 +182,20 @@ stop() {
if [ -d /sys/class/net/${LXD_BRIDGE} ]; then
ifdown ${LXD_BRIDGE}
- iptables ${use_iptables_lock} -D INPUT -i ${LXD_BRIDGE} -p udp --dport 67 -j ACCEPT
- iptables ${use_iptables_lock} -D INPUT -i ${LXD_BRIDGE} -p tcp --dport 67 -j ACCEPT
- iptables ${use_iptables_lock} -D INPUT -i ${LXD_BRIDGE} -p udp --dport 53 -j ACCEPT
- iptables ${use_iptables_lock} -D INPUT -i ${LXD_BRIDGE} -p tcp --dport 53 -j ACCEPT
- iptables ${use_iptables_lock} -D FORWARD -i ${LXD_BRIDGE} -j ACCEPT
- iptables ${use_iptables_lock} -D FORWARD -o ${LXD_BRIDGE} -j ACCEPT
- iptables ${use_iptables_lock} -t mangle -D POSTROUTING -o ${LXD_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+ iptables ${use_iptables_lock} -D INPUT -i ${LXD_BRIDGE} -p udp --dport 67 -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables ${use_iptables_lock} -D INPUT -i ${LXD_BRIDGE} -p tcp --dport 67 -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables ${use_iptables_lock} -D INPUT -i ${LXD_BRIDGE} -p udp --dport 53 -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables ${use_iptables_lock} -D INPUT -i ${LXD_BRIDGE} -p tcp --dport 53 -j ACCEPT -m comment --comment "managed by lxd-bridge" -m comment --comment "managed by lxd-bridge"
+ iptables ${use_iptables_lock} -D FORWARD -i ${LXD_BRIDGE} -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables ${use_iptables_lock} -D FORWARD -o ${LXD_BRIDGE} -j ACCEPT -m comment --comment "managed by lxd-bridge"
+ iptables ${use_iptables_lock} -t mangle -D POSTROUTING -o ${LXD_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -m comment --comment "managed by lxd-bridge"
if [ -n "${LXD_IPV4_NETWORK}" ] && [ "${LXD_IPV4_NAT}" = "true" ]; then
- iptables ${use_iptables_lock} -t nat -D POSTROUTING -s ${LXD_IPV4_NETWORK} ! -d ${LXD_IPV4_NETWORK} -j MASQUERADE
+ iptables ${use_iptables_lock} -t nat -D POSTROUTING -s ${LXD_IPV4_NETWORK} ! -d ${LXD_IPV4_NETWORK} -j MASQUERADE -m comment --comment "managed by lxd-bridge"
fi
if [ "${HAS_IPV6}" = "true" ] && [ -n "${LXD_IPV6_NETWORK}" ] && [ "${LXD_IPV6_NAT}" = "true" ]; then
- ip6tables ${use_iptables_lock} -t nat -D POSTROUTING -s ${LXD_IPV6_NETWORK} ! -d ${LXD_IPV6_NETWORK} -j MASQUERADE
+ ip6tables ${use_iptables_lock} -t nat -D POSTROUTING -s ${LXD_IPV6_NETWORK} ! -d ${LXD_IPV6_NETWORK} -j MASQUERADE -m comment --comment "managed by lxd-bridge"
fi
if [ -e "${varrun}/dnsmasq.pid" ]; then
From 9af463505f3b02e255cecd53a7a0691659769962 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 8 Jul 2016 16:18:32 -0400
Subject: [PATCH 3/4] Add sanity checks for common problems
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Beats having to read the LXC log.
Closes #2190
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/container_lxc.go | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 8761e3e..ff4f5af 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -958,6 +958,24 @@ func (c *containerLXC) startCommon() (string, error) {
return "", fmt.Errorf("The container is already running")
}
+ // Sanity checks for devices
+ for name, m := range c.expandedDevices {
+ switch m["type"] {
+ case "disk":
+ if m["source"] != "" && !shared.PathExists(m["source"]) {
+ return "", fmt.Errorf("Missing source '%s' for disk '%s'", m["source"], name)
+ }
+ case "nic":
+ if m["parent"] != "" && !shared.PathExists(fmt.Sprintf("/sys/class/net/%s", m["parent"])) {
+ return "", fmt.Errorf("Missing parent '%s' for nic '%s'", m["parent"], name)
+ }
+ case "unix-char", "unix-block":
+ if m["path"] != "" && !shared.PathExists(m["path"]) {
+ return "", fmt.Errorf("Missing source '%s' for device '%s'", m["path"], name)
+ }
+ }
+ }
+
// Load any required kernel modules
kernelModules := c.expandedConfig["linux.kernel_modules"]
if kernelModules != "" {
From d21a3a686d9b6d89fd485685dd91b9a9bb49717f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 8 Jul 2016 16:49:57 -0400
Subject: [PATCH 4/4] Return more error information back to the user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2190
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/container_lxc.go | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index ff4f5af..6fc42e0 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -1246,6 +1246,7 @@ func (c *containerLXC) Start(stateful bool) error {
c.daemon.lxcpath,
configPath).CombinedOutput()
+ // Capture debug output
if string(out) != "" {
for _, line := range strings.Split(strings.TrimRight(string(out), "\n"), "\n") {
shared.Debugf("forkstart: %s", line)
@@ -1253,12 +1254,40 @@ func (c *containerLXC) Start(stateful bool) error {
}
if err != nil && !c.IsRunning() {
+ // Attempt to extract the LXC errors
+ log := ""
+ logPath := filepath.Join(c.LogPath(), "lxc.log")
+ if shared.PathExists(logPath) {
+ logContent, err := ioutil.ReadFile(logPath)
+ if err == nil {
+ for _, line := range strings.Split(string(logContent), "\n") {
+ fields := strings.Fields(line)
+ if len(fields) < 4 {
+ continue
+ }
+
+ // We only care about errors
+ if fields[2] != "ERROR" {
+ continue
+ }
+
+ // Prepend the line break
+ if len(log) == 0 {
+ log += "\n"
+ }
+
+ log += fmt.Sprintf(" %s\n", strings.Join(fields[0:], " "))
+ }
+ }
+ }
+
+ // Return the actual error
return fmt.Errorf(
- "Error calling 'lxd forkstart %s %s %s': err='%v'",
+ "Error calling 'lxd forkstart %s %s %s': err='%v'%s",
c.name,
c.daemon.lxcpath,
filepath.Join(c.LogPath(), "lxc.conf"),
- err)
+ err, log)
}
return nil
More information about the lxc-devel
mailing list