[lxc-devel] [lxd/master] Bugfixes
stgraber on Github
lxc-bot at linuxcontainers.org
Mon Jun 26 22:58:42 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170626/bf9e97b3/attachment.bin>
-------------- next part --------------
From 0134b50a8afc27d4b304a62e1a1a5c26ccec9d6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 23 Jun 2017 20:10:18 -0400
Subject: [PATCH 1/2] doc: markdown escaping
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
doc/storage.md | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/doc/storage.md b/doc/storage.md
index 5980d8959..3b1924bb3 100644
--- a/doc/storage.md
+++ b/doc/storage.md
@@ -5,22 +5,22 @@ Volume keys apply to any volume created in the pool unless the value is
overridden on a per-volume basis.
## Storage pool configuration
-Key | Type | Condition | Default | Description
-:-- | :-- | :-- | :-- | :--
-size | string | appropriate driver and source | 0 | Size of the storage pool in bytes (suffixes supported). (Currently valid for loop based pools and zfs.)
-source | string | - | - | Path to block device or loop file or filesystem entry
-btrfs.mount\_options | string | btrfs driver | user_subvol_rm_allowed | Mount options for block devices
-lvm.thinpool\_name | string | lvm driver | LXDPool | Thin pool where images and containers are created.
-lvm.use\_thinpool | bool | lvm driver | true | Whether the storage pool uses a thinpool for logical volumes.
-lvm.vg\_name | string | lvm driver | name of the pool | Name of the volume group to create.
-rsync.bwlimit | string | - | 0 (no limit) | Specifies the upper limit to be placed on the socket I/O whenever rsync has to be used to transfer storage entities.
-volume.block.filesystem | string | block based driver (lvm) | ext4 | Filesystem to use for new volumes
-volume.block.mount\_options | string | block based driver (lvm) | discard | Mount options for block devices
-volume.size | string | appropriate driver | 0 | Default volume size
-volume.zfs.remove\_snapshots | bool | zfs driver | false | Remove snapshots as needed
-volume.zfs.use\_refquota | bool | zfs driver | false | Use refquota instead of quota for space.
-zfs.clone\_copy | bool | zfs driver | true | Whether to use ZFS lightweight clones rather than full dataset copies.
-zfs.pool\_name | string | zfs driver | name of the pool | Name of the zpool
+Key | Type | Condition | Default | Description
+:-- | :-- | :-- | :-- | :--
+size | string | appropriate driver and source | 0 | Size of the storage pool in bytes (suffixes supported). (Currently valid for loop based pools and zfs.)
+source | string | - | - | Path to block device or loop file or filesystem entry
+btrfs.mount\_options | string | btrfs driver | user\_subvol\_rm\_allowed | Mount options for block devices
+lvm.thinpool\_name | string | lvm driver | LXDPool | Thin pool where images and containers are created.
+lvm.use\_thinpool | bool | lvm driver | true | Whether the storage pool uses a thinpool for logical volumes.
+lvm.vg\_name | string | lvm driver | name of the pool | Name of the volume group to create.
+rsync.bwlimit | string | - | 0 (no limit) | Specifies the upper limit to be placed on the socket I/O whenever rsync has to be used to transfer storage entities.
+volume.block.filesystem | string | block based driver (lvm) | ext4 | Filesystem to use for new volumes
+volume.block.mount\_options | string | block based driver (lvm) | discard | Mount options for block devices
+volume.size | string | appropriate driver | 0 | Default volume size
+volume.zfs.remove\_snapshots | bool | zfs driver | false | Remove snapshots as needed
+volume.zfs.use\_refquota | bool | zfs driver | false | Use refquota instead of quota for space.
+zfs.clone\_copy | bool | zfs driver | true | Whether to use ZFS lightweight clones rather than full dataset copies.
+zfs.pool\_name | string | zfs driver | name of the pool | Name of the zpool
Storage pool configuration keys can be set using the lxc tool with:
From 3c6c483ca0a3d1e21e500a2dc6036fb649f9551f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 26 Jun 2017 18:57:05 -0400
Subject: [PATCH 2/2] lxd/images: Always expand fingerprint
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes an issue where partial fingerprints weren't expanded for
private image copies. LXD will now allow querying the image with a
partial fingerprint using the secret string, LXD will then use that data
to get the full fingerprint and proceeed with the download using that.
Closes #3424
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/daemon_images.go | 13 ++++++++++---
lxd/images.go | 24 ++++++++++++------------
2 files changed, 22 insertions(+), 15 deletions(-)
diff --git a/lxd/daemon_images.go b/lxd/daemon_images.go
index 33d02395c..af4fa94cf 100644
--- a/lxd/daemon_images.go
+++ b/lxd/daemon_images.go
@@ -371,11 +371,18 @@ func (d *Daemon) ImageDownload(op *operation, server string, protocol string, ce
if info == nil {
if secret != "" {
info, _, err = remote.GetPrivateImage(fp, secret)
+ if err != nil {
+ return nil, err
+ }
+
+ // Expand the fingerprint now and mark alias string to match
+ fp = info.Fingerprint
+ alias = info.Fingerprint
} else {
info, _, err = remote.GetImage(fp)
- }
- if err != nil {
- return nil, err
+ if err != nil {
+ return nil, err
+ }
}
}
diff --git a/lxd/images.go b/lxd/images.go
index 8cdb17009..4fcbe60e5 100644
--- a/lxd/images.go
+++ b/lxd/images.go
@@ -1206,15 +1206,15 @@ func imageGet(d *Daemon, r *http.Request) Response {
public := !d.isTrustedClient(r)
secret := r.FormValue("secret")
- if public == true && imageValidSecret(fingerprint, secret) == true {
- public = false
- }
-
- info, response := doImageGet(d, fingerprint, public)
+ info, response := doImageGet(d, fingerprint, false)
if response != nil {
return response
}
+ if !info.Public && public && !imageValidSecret(info.Fingerprint, secret) {
+ return NotFound
+ }
+
etag := []interface{}{info.Public, info.AutoUpdate, info.Properties}
return SyncResponseETag(true, info, etag)
}
@@ -1526,15 +1526,15 @@ func imageExport(d *Daemon, r *http.Request) Response {
public := !d.isTrustedClient(r)
secret := r.FormValue("secret")
- if public == true && imageValidSecret(fingerprint, secret) == true {
- public = false
- }
-
- _, imgInfo, err := dbImageGet(d.db, fingerprint, public, false)
+ _, imgInfo, err := dbImageGet(d.db, fingerprint, false, false)
if err != nil {
return SmartError(err)
}
+ if !imgInfo.Public && public && !imageValidSecret(imgInfo.Fingerprint, secret) {
+ return NotFound
+ }
+
imagePath := shared.VarPath("images", imgInfo.Fingerprint)
rootfsPath := imagePath + ".rootfs"
@@ -1576,7 +1576,7 @@ func imageExport(d *Daemon, r *http.Request) Response {
func imageSecret(d *Daemon, r *http.Request) Response {
fingerprint := mux.Vars(r)["fingerprint"]
- _, _, err := dbImageGet(d.db, fingerprint, false, false)
+ _, imgInfo, err := dbImageGet(d.db, fingerprint, false, false)
if err != nil {
return SmartError(err)
}
@@ -1591,7 +1591,7 @@ func imageSecret(d *Daemon, r *http.Request) Response {
meta["secret"] = secret
resources := map[string][]string{}
- resources["images"] = []string{fingerprint}
+ resources["images"] = []string{imgInfo.Fingerprint}
op, err := operationCreate(operationClassToken, resources, meta, nil, nil, nil)
if err != nil {
More information about the lxc-devel
mailing list