[lxc-devel] [lxd/master] Bugfixes
stgraber on Github
lxc-bot at linuxcontainers.org
Thu Jun 16 20:43:28 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160616/3c41e04e/attachment.bin>
-------------- next part --------------
From b2039dd030efb39ef011df51ee90aaf81d838e63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 16 Jun 2016 15:56:59 -0400
Subject: [PATCH 1/4] Fail to add an existing certificate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/certificates.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/certificates.go b/lxd/certificates.go
index a0502aa..f40ae02 100644
--- a/lxd/certificates.go
+++ b/lxd/certificates.go
@@ -141,7 +141,7 @@ func certificatesPost(d *Daemon, r *http.Request) Response {
fingerprint := certGenerateFingerprint(cert)
for _, existingCert := range d.clientCerts {
if fingerprint == certGenerateFingerprint(&existingCert) {
- return EmptySyncResponse
+ return BadRequest(fmt.Errorf("Certificate already in trust store"))
}
}
From 8555723c814bc0b00b03ad8213cfb9d73819ca77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 16 Jun 2016 16:25:13 -0400
Subject: [PATCH 2/4] Fix failure to restore on btrfs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2058
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/storage_btrfs.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/storage_btrfs.go b/lxd/storage_btrfs.go
index 2710c0c..f1b6a7d 100644
--- a/lxd/storage_btrfs.go
+++ b/lxd/storage_btrfs.go
@@ -249,7 +249,7 @@ func (s *storageBtrfs) ContainerRestore(
} else {
// Remove the backup, we made
if s.isSubvolume(sourceBackupPath) {
- return s.subvolDelete(sourceBackupPath)
+ return s.subvolsDelete(sourceBackupPath)
}
os.RemoveAll(sourceBackupPath)
}
From 129040d89359484376808fe8e542ea8aa993db16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 16 Jun 2016 16:40:08 -0400
Subject: [PATCH 3/4] Set Location on sync POST requests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2092
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/certificates.go | 17 ++++++++---------
lxd/images.go | 4 ++--
lxd/profiles.go | 4 ++--
lxd/response.go | 10 ++++++++++
4 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/lxd/certificates.go b/lxd/certificates.go
index f40ae02..021b48f 100644
--- a/lxd/certificates.go
+++ b/lxd/certificates.go
@@ -96,20 +96,25 @@ func saveCert(d *Daemon, host string, cert *x509.Certificate) error {
}
func certificatesPost(d *Daemon, r *http.Request) Response {
+ // Parse the request
req := certificatesPostBody{}
-
if err := shared.ReadToJSON(r.Body, &req); err != nil {
return BadRequest(err)
}
+ // Access check
+ if !d.isTrustedClient(r) && d.PasswordCheck(req.Password) != nil {
+ return Forbidden
+ }
+
if req.Type != "client" {
return BadRequest(fmt.Errorf("Unknown request type %s", req.Type))
}
+ // Extract the certificate
var cert *x509.Certificate
var name string
if req.Certificate != "" {
-
data, err := base64.StdEncoding.DecodeString(req.Certificate)
if err != nil {
return BadRequest(err)
@@ -120,9 +125,7 @@ func certificatesPost(d *Daemon, r *http.Request) Response {
return BadRequest(err)
}
name = req.Name
-
} else if r.TLS != nil {
-
if len(r.TLS.PeerCertificates) < 1 {
return BadRequest(fmt.Errorf("No client certificate provided"))
}
@@ -145,10 +148,6 @@ func certificatesPost(d *Daemon, r *http.Request) Response {
}
}
- if !d.isTrustedClient(r) && d.PasswordCheck(req.Password) != nil {
- return Forbidden
- }
-
err := saveCert(d, name, cert)
if err != nil {
return SmartError(err)
@@ -156,7 +155,7 @@ func certificatesPost(d *Daemon, r *http.Request) Response {
d.clientCerts = append(d.clientCerts, *cert)
- return EmptySyncResponse
+ return SyncResponseLocation(true, nil, fmt.Sprintf("/%s/certificates/%s", shared.APIVersion, fingerprint))
}
var certificatesCmd = Command{
diff --git a/lxd/images.go b/lxd/images.go
index 8118d8f..b5d8e31 100644
--- a/lxd/images.go
+++ b/lxd/images.go
@@ -1093,7 +1093,7 @@ func aliasesPost(d *Daemon, r *http.Request) Response {
return InternalError(err)
}
- return EmptySyncResponse
+ return SyncResponseLocation(true, nil, fmt.Sprintf("/%s/images/aliases/%s", shared.APIVersion, req.Name))
}
func aliasesGet(d *Daemon, r *http.Request) Response {
@@ -1211,7 +1211,7 @@ func aliasPost(d *Daemon, r *http.Request) Response {
return SmartError(err)
}
- return EmptySyncResponse
+ return SyncResponseLocation(true, nil, fmt.Sprintf("/%s/images/aliases/%s", shared.APIVersion, req.Name))
}
func imageExport(d *Daemon, r *http.Request) Response {
diff --git a/lxd/profiles.go b/lxd/profiles.go
index 32a498a..13ac836 100644
--- a/lxd/profiles.go
+++ b/lxd/profiles.go
@@ -83,7 +83,7 @@ func profilesPost(d *Daemon, r *http.Request) Response {
fmt.Errorf("Error inserting %s into database: %s", req.Name, err))
}
- return EmptySyncResponse
+ return SyncResponseLocation(true, nil, fmt.Sprintf("/%s/profiles/%s", shared.APIVersion, req.Name))
}
var profilesCmd = Command{
@@ -259,7 +259,7 @@ func profilePost(d *Daemon, r *http.Request) Response {
return InternalError(err)
}
- return EmptySyncResponse
+ return SyncResponseLocation(true, nil, fmt.Sprintf("/%s/profiles/%s", shared.APIVersion, req.Name))
}
// The handler for the delete operation.
diff --git a/lxd/response.go b/lxd/response.go
index 2aa9a05..fc37f9c 100644
--- a/lxd/response.go
+++ b/lxd/response.go
@@ -41,6 +41,7 @@ type syncResponse struct {
success bool
etag interface{}
metadata interface{}
+ location string
}
func (r *syncResponse) Render(w http.ResponseWriter) error {
@@ -58,6 +59,11 @@ func (r *syncResponse) Render(w http.ResponseWriter) error {
status = shared.Failure
}
+ if r.location != "" {
+ w.Header().Set("Location", r.location)
+ w.WriteHeader(201)
+ }
+
resp := syncResp{Type: lxd.Sync, Status: status.String(), StatusCode: status, Metadata: r.metadata}
return WriteJSON(w, resp)
}
@@ -78,6 +84,10 @@ func SyncResponseETag(success bool, metadata interface{}, etag interface{}) Resp
return &syncResponse{success: success, metadata: metadata, etag: etag}
}
+func SyncResponseLocation(success bool, metadata interface{}, location string) Response {
+ return &syncResponse{success: success, metadata: metadata, location: location}
+}
+
var EmptySyncResponse = &syncResponse{success: true, metadata: make(map[string]interface{})}
// File transfer response
From 634990c8c95add4fc79e6f2380674b8a85c7d8f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 16 Jun 2016 16:42:47 -0400
Subject: [PATCH 4/4] Clarify ZFS snapshot shortcomings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #2055
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
doc/storage-backends.md | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/doc/storage-backends.md b/doc/storage-backends.md
index 4b4ce0e..0c6e2e8 100644
--- a/doc/storage-backends.md
+++ b/doc/storage-backends.md
@@ -63,3 +63,11 @@ rsync is used to transfer the container content across.
one. You can however create new containers from older snapshots which
makes it possible to confirm the snapshots is indeed what you want to
restore before you remove the newer snapshots.
+
+ Also note that container copies use ZFS snapshots, so you also cannot
+ restore a container to a snapshot taken before the last copy without
+ having to also delete container copies.
+
+ Copying the wanted snapshot into a new container and then deleting
+ the old container does however work, at the cost of loosing any other
+ snapshot the container may have had.
More information about the lxc-devel
mailing list