[lxc-devel] [lxd/master] Bugfixes
stgraber on Github
lxc-bot at linuxcontainers.org
Fri Jul 22 20:35:06 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160722/dd2c6e12/attachment.bin>
-------------- next part --------------
From 97c526777839221f8593f0937985401e521a12df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 22 Jul 2016 15:39:58 -0400
Subject: [PATCH 1/8] Add "lxc profile unset" to help message
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2227
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxc/profile.go | 1 +
po/lxd.pot | 21 +++++++++++----------
2 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/lxc/profile.go b/lxc/profile.go
index 6e424a9..377644b 100644
--- a/lxc/profile.go
+++ b/lxc/profile.go
@@ -54,6 +54,7 @@ lxc profile create <profile> Create a profile.
lxc profile copy <profile> <remote> Copy the profile to the specified remote.
lxc profile get <profile> <key> Get profile configuration.
lxc profile set <profile> <key> <value> Set profile configuration.
+lxc profile unset <profile> <key> Unset profile configuration.
lxc profile delete <profile> Delete a profile.
lxc profile edit <profile>
Edit profile, either by launching external editor or reading STDIN.
diff --git a/po/lxd.pot b/po/lxd.pot
index 2c250d3..e02ca6b 100644
--- a/po/lxd.pot
+++ b/po/lxd.pot
@@ -7,7 +7,7 @@
msgid ""
msgstr "Project-Id-Version: lxd\n"
"Report-Msgid-Bugs-To: lxc-devel at lists.linuxcontainers.org\n"
- "POT-Creation-Date: 2016-07-19 12:41-0700\n"
+ "POT-Creation-Date: 2016-07-22 15:39-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
"Language-Team: LANGUAGE <LL at li.org>\n"
@@ -86,7 +86,7 @@ msgstr ""
msgid "'/' not allowed in snapshot name"
msgstr ""
-#: lxc/profile.go:253
+#: lxc/profile.go:254
msgid "(none)"
msgstr ""
@@ -159,7 +159,7 @@ msgstr ""
msgid "Can't unset key '%s', it's not currently set."
msgstr ""
-#: lxc/profile.go:419
+#: lxc/profile.go:420
msgid "Cannot provide container name to list"
msgstr ""
@@ -187,7 +187,7 @@ msgstr ""
msgid "Config key/value to apply to the new container"
msgstr ""
-#: lxc/config.go:531 lxc/config.go:596 lxc/image.go:729 lxc/profile.go:217
+#: lxc/config.go:531 lxc/config.go:596 lxc/image.go:729 lxc/profile.go:218
#, c-format
msgid "Config parsing error: %s"
msgstr ""
@@ -547,6 +547,7 @@ msgid "Manage configuration profiles.\n"
"lxc profile copy <profile> <remote> Copy the profile to the specified remote.\n"
"lxc profile get <profile> <key> Get profile configuration.\n"
"lxc profile set <profile> <key> <value> Set profile configuration.\n"
+ "lxc profile unset <profile> <key> Unset profile configuration.\n"
"lxc profile delete <profile> Delete a profile.\n"
"lxc profile edit <profile>\n"
" Edit profile, either by launching external editor or reading STDIN.\n"
@@ -848,7 +849,7 @@ msgid "Presents details on how to use LXD.\n"
"lxd help [--all]"
msgstr ""
-#: lxc/profile.go:218
+#: lxc/profile.go:219
msgid "Press enter to open the editor again"
msgstr ""
@@ -879,22 +880,22 @@ msgstr ""
msgid "Processes: %d"
msgstr ""
-#: lxc/profile.go:274
+#: lxc/profile.go:275
#, c-format
msgid "Profile %s added to %s"
msgstr ""
-#: lxc/profile.go:169
+#: lxc/profile.go:170
#, c-format
msgid "Profile %s created"
msgstr ""
-#: lxc/profile.go:239
+#: lxc/profile.go:240
#, c-format
msgid "Profile %s deleted"
msgstr ""
-#: lxc/profile.go:305
+#: lxc/profile.go:306
#, c-format
msgid "Profile %s removed from %s"
msgstr ""
@@ -903,7 +904,7 @@ msgstr ""
msgid "Profile to apply to the new container"
msgstr ""
-#: lxc/profile.go:255
+#: lxc/profile.go:256
#, c-format
msgid "Profiles %s applied to %s"
msgstr ""
From 40c5603da142a962e4f71053b770b08653737dbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 22 Jul 2016 15:46:21 -0400
Subject: [PATCH 2/8] doc: Document raw.seccomp
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2228
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
doc/configuration.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/doc/configuration.md b/doc/configuration.md
index 0415d7e..3fc98a5 100644
--- a/doc/configuration.md
+++ b/doc/configuration.md
@@ -84,6 +84,7 @@ limits.processes | integer | - (max) | yes
linux.kernel\_modules | string | - | yes | - | Comma separated list of kernel modules to load before starting the container
raw.apparmor | blob | - | yes | - | Apparmor profile entries to be appended to the generated profile
raw.lxc | blob | - | no | - | Raw LXC configuration to be appended to the generated one
+raw.seccomp | blob | - | no | container\_syscall\_filtering | Raw Seccomp configuration
security.nesting | boolean | false | yes | - | Support running lxd (nested) inside the container
security.privileged | boolean | false | no | - | Runs the container in privileged mode
security.syscalls.blacklist\_default | boolean | true | no | container\_syscall\_filtering | Enables the default syscall blacklist
From 6b411d5aa7e968432dd52b7cc8824589ffc54d40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 22 Jul 2016 15:48:00 -0400
Subject: [PATCH 3/8] Fix limits.cpu.allowance and limits.cpu.priority
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2229
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
shared/container.go | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/shared/container.go b/shared/container.go
index bf997d1..1d45164 100644
--- a/shared/container.go
+++ b/shared/container.go
@@ -196,20 +196,27 @@ var KnownContainerConfigKeys = map[string]func(value string) error{
"boot.host_shutdown_timeout": isInt64,
"limits.cpu": isAny,
+ "limits.cpu.allowance": isAny,
+ "limits.cpu.priority": isInt64,
+
"limits.disk.priority": isInt64,
- "limits.memory": isAny,
+
+ "limits.memory": isAny,
"limits.memory.enforce": func(value string) error {
return isOneOf(value, []string{"soft", "hard"})
},
"limits.memory.swap": isBool,
"limits.memory.swap.priority": isInt64,
- "limits.network.priority": isInt64,
- "limits.processes": isInt64,
+
+ "limits.network.priority": isInt64,
+
+ "limits.processes": isInt64,
"linux.kernel_modules": isAny,
- "security.privileged": isBool,
- "security.nesting": isBool,
+ "security.nesting": isBool,
+ "security.privileged": isBool,
+
"security.syscalls.blacklist_default": isBool,
"security.syscalls.blacklist_compat": isBool,
"security.syscalls.blacklist": isAny,
From 06e8c20fb5ad8ea7054b8259534cbd2d4a39ca30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 22 Jul 2016 16:03:01 -0400
Subject: [PATCH 4/8] Fix limits.disk.priority when set to 0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2230
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/container_lxc.go | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index b2e8b4b..590d0ab 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -641,7 +641,13 @@ func (c *containerLXC) initLXC() error {
return err
}
- err = lxcSetConfigItem(cc, "lxc.cgroup.blkio.weight", fmt.Sprintf("%d", priorityInt*100))
+ // Minimum valid value is 10
+ priority := priorityInt * 100
+ if priority == 0 {
+ priority = 10
+ }
+
+ err = lxcSetConfigItem(cc, "lxc.cgroup.blkio.weight", fmt.Sprintf("%d", priority))
if err != nil {
return err
}
@@ -2247,7 +2253,13 @@ func (c *containerLXC) Update(args containerArgs, userRequested bool) error {
}
}
- err = c.CGroupSet("blkio.weight", fmt.Sprintf("%d", priorityInt*100))
+ // Minimum valid value is 10
+ priority := priorityInt * 100
+ if priority == 0 {
+ priority = 10
+ }
+
+ err = c.CGroupSet("blkio.weight", fmt.Sprintf("%d", priority))
if err != nil {
return err
}
From 3b7c28158e7d74e83deda641b79516a80c6c7f9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 22 Jul 2016 16:12:23 -0400
Subject: [PATCH 5/8] Document and validate limits.*.priority values
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2231
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
doc/configuration.md | 8 ++++----
shared/container.go | 25 +++++++++++++++++++++----
2 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/doc/configuration.md b/doc/configuration.md
index 3fc98a5..5047daf 100644
--- a/doc/configuration.md
+++ b/doc/configuration.md
@@ -73,13 +73,13 @@ boot.host\_shutdown\_timeout | integer | 30 | yes
environment.\* | string | - | yes (exec) | - | key/value environment variables to export to the container and set on exec
limits.cpu | string | - (all) | yes | - | Number or range of CPUs to expose to the container
limits.cpu.allowance | string | 100% | yes | - | How much of the CPU can be used. Can be a percentage (e.g. 50%) for a soft limit or hard a chunk of time (25ms/100ms)
-limits.cpu.priority | integer | 10 (maximum) | yes | - | CPU scheduling priority compared to other containers sharing the same CPUs (overcommit)
-limits.disk.priority | integer | 5 (medium) | yes | - | When under load, how much priority to give to the container's I/O requests
+limits.cpu.priority | integer | 10 (maximum) | yes | - | CPU scheduling priority compared to other containers sharing the same CPUs (overcommit) (integer between 0 and 10)
+limits.disk.priority | integer | 5 (medium) | yes | - | When under load, how much priority to give to the container's I/O requests (integer between 0 and 10)
limits.memory | string | - (all) | yes | - | Percentage of the host's memory or fixed value in bytes (supports kB, MB, GB, TB, PB and EB suffixes)
limits.memory.enforce | string | hard | yes | - | If hard, container can't exceed its memory limit. If soft, the container can exceed its memory limit when extra host memory is available.
limits.memory.swap | boolean | true | yes | - | Whether to allow some of the container's memory to be swapped out to disk
-limits.memory.swap.priority | integer | 10 (maximum) | yes | - | The higher this is set, the least likely the container is to be swapped to disk
-limits.network.priority | integer | 0 (minimum) | yes | - | When under load, how much priority to give to the container's network requests
+limits.memory.swap.priority | integer | 10 (maximum) | yes | - | The higher this is set, the least likely the container is to be swapped to disk (integer between 0 and 10)
+limits.network.priority | integer | 0 (minimum) | yes | - | When under load, how much priority to give to the container's network requests (integer between 0 and 10)
limits.processes | integer | - (max) | yes | - | Maximum number of processes that can run in the container
linux.kernel\_modules | string | - | yes | - | Comma separated list of kernel modules to load before starting the container
raw.apparmor | blob | - | yes | - | Apparmor profile entries to be appended to the generated profile
diff --git a/shared/container.go b/shared/container.go
index 1d45164..721aa19 100644
--- a/shared/container.go
+++ b/shared/container.go
@@ -158,6 +158,23 @@ func isInt64(value string) error {
return nil
}
+func isPriority(value string) error {
+ if value == "" {
+ return nil
+ }
+
+ valueInt, err := strconv.ParseInt(value, 10, 64)
+ if err != nil {
+ return fmt.Errorf("Invalid value for an integer: %s", value)
+ }
+
+ if valueInt < 0 || valueInt > 10 {
+ return fmt.Errorf("Invalid value for a limit '%s'. Must be between 0 and 10.", value)
+ }
+
+ return nil
+}
+
func isBool(value string) error {
if value == "" {
return nil
@@ -197,18 +214,18 @@ var KnownContainerConfigKeys = map[string]func(value string) error{
"limits.cpu": isAny,
"limits.cpu.allowance": isAny,
- "limits.cpu.priority": isInt64,
+ "limits.cpu.priority": isPriority,
- "limits.disk.priority": isInt64,
+ "limits.disk.priority": isPriority,
"limits.memory": isAny,
"limits.memory.enforce": func(value string) error {
return isOneOf(value, []string{"soft", "hard"})
},
"limits.memory.swap": isBool,
- "limits.memory.swap.priority": isInt64,
+ "limits.memory.swap.priority": isPriority,
- "limits.network.priority": isInt64,
+ "limits.network.priority": isPriority,
"limits.processes": isInt64,
From 22ed78ec000d0f5fb373b6b140d4aa1e8b5f6c90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 22 Jul 2016 16:16:12 -0400
Subject: [PATCH 6/8] Fix simplestreams size reporting
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes reporting of image size when an image rootfs is available
both as .squashfs and .tar.xz.
Rather than add the size of all files, only add the size of the files
we'll actually use.
Closes #2223
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
shared/simplestreams.go | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/shared/simplestreams.go b/shared/simplestreams.go
index b1f4423..fbbe8be 100644
--- a/shared/simplestreams.go
+++ b/shared/simplestreams.go
@@ -120,7 +120,6 @@ func (s *SimpleStreamsManifest) ToLXD() ([]ImageInfo, map[string][][]string) {
}
found += 1
- size += item.Size
if fingerprint == "" {
if item.LXDHashSha256SquashFs != "" {
fingerprint = item.LXDHashSha256SquashFs
@@ -138,6 +137,8 @@ func (s *SimpleStreamsManifest) ToLXD() ([]ImageInfo, map[string][][]string) {
filename = fields[len(fields)-1]
metaPath = item.Path
metaHash = item.HashSha256
+
+ size += item.Size
}
if rootfsPath == "" || rootfsHash == "" {
@@ -150,6 +151,8 @@ func (s *SimpleStreamsManifest) ToLXD() ([]ImageInfo, map[string][][]string) {
rootfsPath = item.Path
rootfsHash = item.HashSha256
}
+
+ size += item.Size
}
}
From a311a640561514c68ea17c74528b4dd9a4285db1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 22 Jul 2016 16:25:04 -0400
Subject: [PATCH 7/8] Better handle missing or invalid device types
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2210
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/container.go | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/lxd/container.go b/lxd/container.go
index 8242de7..a602ce1 100644
--- a/lxd/container.go
+++ b/lxd/container.go
@@ -175,7 +175,15 @@ func containerValidDevices(devices shared.Devices, profile bool, expanded bool)
}
// Check each device individually
- for _, m := range devices {
+ for name, m := range devices {
+ if m["type"] == "" {
+ return fmt.Errorf("Missing device type for device '%s'", name)
+ }
+
+ if !shared.StringInSlice(m["type"], []string{"none", "nic", "disk", "unix-char", "unix-block"}) {
+ return fmt.Errorf("Invalid device type for device '%s'", name)
+ }
+
for k, _ := range m {
if !containerValidDeviceConfigKey(m["type"], k) {
return fmt.Errorf("Invalid device configuration key for %s: %s", m["type"], k)
From 8e6a9b994d29706ca86d371eb8051bbbc17a0b52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 22 Jul 2016 16:34:13 -0400
Subject: [PATCH 8/8] Fix nic hotplug with openvswitch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2106
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/container_lxc.go | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 590d0ab..ed85235 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -3785,10 +3785,18 @@ func (c *containerLXC) createNetworkDevice(name string, m shared.Device) (string
}
if m["nictype"] == "bridged" {
- err = exec.Command("ip", "link", "set", n1, "master", m["parent"]).Run()
- if err != nil {
- deviceRemoveInterface(n2)
- return "", fmt.Errorf("Failed to add interface to bridge: %s", err)
+ if shared.PathExists(fmt.Sprintf("/sys/class/net/%s/bridge", m["parent"])) {
+ err = exec.Command("ip", "link", "set", n1, "master", m["parent"]).Run()
+ if err != nil {
+ deviceRemoveInterface(n2)
+ return "", fmt.Errorf("Failed to add interface to bridge: %s", err)
+ }
+ } else {
+ err = exec.Command("ovs-vsctl", "add-port", m["parent"], n1).Run()
+ if err != nil {
+ deviceRemoveInterface(n2)
+ return "", fmt.Errorf("Failed to add interface to bridge: %s", err)
+ }
}
}
More information about the lxc-devel
mailing list