[lxc-devel] [lxd/master] Bugfixes
stgraber on Github
lxc-bot at linuxcontainers.org
Tue May 9 04:20:01 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170509/750cf770/attachment.bin>
-------------- next part --------------
From 87814639c0197f23ffdb60f64d9a5abb6ca3eee7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 8 May 2017 13:53:46 -0400
Subject: [PATCH 1/4] client: Fill the server fingerprint if missing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
client/lxd_server.go | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/client/lxd_server.go b/client/lxd_server.go
index b358e22..2e42f39 100644
--- a/client/lxd_server.go
+++ b/client/lxd_server.go
@@ -1,6 +1,7 @@
package lxd
import (
+ "github.com/lxc/lxd/shared"
"github.com/lxc/lxd/shared/api"
)
@@ -16,6 +17,15 @@ func (r *ProtocolLXD) GetServer() (*api.Server, string, error) {
return nil, "", err
}
+ // Fill in certificate fingerprint if not provided
+ if server.Environment.CertificateFingerprint == "" && server.Environment.Certificate != "" {
+ var err error
+ server.Environment.CertificateFingerprint, err = shared.CertFingerprintStr(server.Environment.Certificate)
+ if err != nil {
+ return nil, "", err
+ }
+ }
+
// Add the value to the cache
r.server = &server
From 3cd7b77397e752a8e4e67ca567ec630aee0dbe99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 8 May 2017 13:54:00 -0400
Subject: [PATCH 2/4] lxc/remote: Show the fingerprint as string not hex
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #3293
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxc/remote.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxc/remote.go b/lxc/remote.go
index 1050721..d9b04ed 100644
--- a/lxc/remote.go
+++ b/lxc/remote.go
@@ -229,7 +229,7 @@ func (c *remoteCmd) addServer(config *lxd.Config, server string, addr string, ac
if !acceptCert {
digest := shared.CertFingerprint(certificate)
- fmt.Printf(i18n.G("Certificate fingerprint: %x")+"\n", digest)
+ fmt.Printf(i18n.G("Certificate fingerprint: %s")+"\n", digest)
fmt.Printf(i18n.G("ok (y/n)?") + " ")
line, err := shared.ReadStdin()
if err != nil {
From f23cbadf0a002cd42ed1301a7f97af3388623498 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 8 May 2017 14:00:50 -0400
Subject: [PATCH 3/4] daemon: Set ServerFingerprint
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We somehow forgot to do that a long time ago. Our client has always been
computing it itself instead, lets just set it to save some hashing time
on the client side.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/api_1.0.go | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/lxd/api_1.0.go b/lxd/api_1.0.go
index 31ed765..3e9c85f 100644
--- a/lxd/api_1.0.go
+++ b/lxd/api_1.0.go
@@ -162,8 +162,13 @@ func api10Get(d *Daemon, r *http.Request) Response {
}
var certificate string
+ var certificateFingerprint string
if len(d.tlsConfig.Certificates) != 0 {
certificate = string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: d.tlsConfig.Certificates[0].Certificate[0]}))
+ certificateFingerprint, err = shared.CertFingerprintStr(certificate)
+ if err != nil {
+ return InternalError(err)
+ }
}
architectures := []string{}
@@ -177,17 +182,18 @@ func api10Get(d *Daemon, r *http.Request) Response {
}
env := api.ServerEnvironment{
- Addresses: addresses,
- Architectures: architectures,
- Certificate: certificate,
- Driver: "lxc",
- DriverVersion: lxc.Version(),
- Kernel: kernel,
- KernelArchitecture: kernelArchitecture,
- KernelVersion: kernelVersion,
- Server: "lxd",
- ServerPid: os.Getpid(),
- ServerVersion: version.Version}
+ Addresses: addresses,
+ Architectures: architectures,
+ Certificate: certificate,
+ CertificateFingerprint: certificateFingerprint,
+ Driver: "lxc",
+ DriverVersion: lxc.Version(),
+ Kernel: kernel,
+ KernelArchitecture: kernelArchitecture,
+ KernelVersion: kernelVersion,
+ Server: "lxd",
+ ServerPid: os.Getpid(),
+ ServerVersion: version.Version}
drivers := readStoragePoolDriversCache()
for _, driver := range drivers {
From bc05e3450c72b3a8ee74b20b390d118fb2bddf2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 9 May 2017 00:05:07 -0400
Subject: [PATCH 4/4] Remove the Docker profile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is no longer needed as recent kernel support apparmor namespacing
in privileged and unprivileged containers.
Just use:
lxc launch ubuntu:16.04 blah -c security.nesting=true
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/db.go | 2 +-
lxd/db_profiles.go | 22 ----------------------
lxd/db_test.go | 18 +++++++++---------
3 files changed, 10 insertions(+), 32 deletions(-)
diff --git a/lxd/db.go b/lxd/db.go
index 02cab4c..1185998 100644
--- a/lxd/db.go
+++ b/lxd/db.go
@@ -254,7 +254,7 @@ func createDb(db *sql.DB) (err error) {
return err
}
- return dbProfileCreateDocker(db)
+ return nil
}
func dbGetSchema(db *sql.DB) (v int) {
diff --git a/lxd/db_profiles.go b/lxd/db_profiles.go
index cfddf87..1fb21fb 100644
--- a/lxd/db_profiles.go
+++ b/lxd/db_profiles.go
@@ -116,28 +116,6 @@ func dbProfileCreateDefault(db *sql.DB) error {
return nil
}
-func dbProfileCreateDocker(db *sql.DB) error {
- id, _, err := dbProfileGet(db, "docker")
-
- if id != -1 {
- // docker profile already exists
- return nil
- }
-
- config := map[string]string{
- "security.nesting": "true",
- "linux.kernel_modules": "overlay, nf_nat"}
- aadisable := map[string]string{
- "path": "/sys/module/apparmor/parameters/enabled",
- "type": "disk",
- "source": "/dev/null",
- }
- devices := map[string]map[string]string{"aadisable": aadisable}
-
- _, err = dbProfileCreate(db, "docker", "Profile supporting docker in containers", config, devices)
- return err
-}
-
// Get the profile configuration map from the DB
func dbProfileConfig(db *sql.DB, name string) (map[string]string, error) {
var key, value string
diff --git a/lxd/db_test.go b/lxd/db_test.go
index 08e08fb..b917796 100644
--- a/lxd/db_test.go
+++ b/lxd/db_test.go
@@ -17,16 +17,16 @@ import (
const DB_FIXTURES string = `
INSERT INTO containers (name, architecture, type) VALUES ('thename', 1, 1);
INSERT INTO profiles (name) VALUES ('theprofile');
- INSERT INTO containers_profiles (container_id, profile_id) VALUES (1, 3);
+ INSERT INTO containers_profiles (container_id, profile_id) VALUES (1, 2);
INSERT INTO containers_config (container_id, key, value) VALUES (1, 'thekey', 'thevalue');
INSERT INTO containers_devices (container_id, name, type) VALUES (1, 'somename', 1);
INSERT INTO containers_devices_config (key, value, container_device_id) VALUES ('configkey', 'configvalue', 1);
INSERT INTO images (fingerprint, filename, size, architecture, creation_date, expiry_date, upload_date) VALUES ('fingerprint', 'filename', 1024, 0, 1431547174, 1431547175, 1431547176);
INSERT INTO images_aliases (name, image_id, description) VALUES ('somealias', 1, 'some description');
INSERT INTO images_properties (image_id, type, key, value) VALUES (1, 0, 'thekey', 'some value');
- INSERT INTO profiles_config (profile_id, key, value) VALUES (3, 'thekey', 'thevalue');
- INSERT INTO profiles_devices (profile_id, name, type) VALUES (3, 'devicename', 1);
- INSERT INTO profiles_devices_config (profile_device_id, key, value) VALUES (2, 'devicekey', 'devicevalue');
+ INSERT INTO profiles_config (profile_id, key, value) VALUES (2, 'thekey', 'thevalue');
+ INSERT INTO profiles_devices (profile_id, name, type) VALUES (2, 'devicename', 1);
+ INSERT INTO profiles_devices_config (profile_device_id, key, value) VALUES (1, 'devicekey', 'devicevalue');
`
type dbTestSuite struct {
@@ -115,24 +115,24 @@ func (s *dbTestSuite) Test_deleting_a_profile_cascades_on_related_tables() {
s.Nil(err)
// Make sure there are 0 container_profiles entries left.
- statements = `SELECT count(*) FROM containers_profiles WHERE profile_id = 3;`
+ statements = `SELECT count(*) FROM containers_profiles WHERE profile_id = 2;`
err = s.db.QueryRow(statements).Scan(&count)
s.Equal(count, 0, "Deleting a profile didn't delete the container association!")
// Make sure there are 0 profiles_devices entries left.
- statements = `SELECT count(*) FROM profiles_devices WHERE profile_id == 3;`
+ statements = `SELECT count(*) FROM profiles_devices WHERE profile_id == 2;`
err = s.db.QueryRow(statements).Scan(&count)
s.Nil(err)
s.Equal(count, 0, "Deleting a profile didn't delete the related profiles_devices!")
// Make sure there are 0 profiles_config entries left.
- statements = `SELECT count(*) FROM profiles_config WHERE profile_id == 3;`
+ statements = `SELECT count(*) FROM profiles_config WHERE profile_id == 2;`
err = s.db.QueryRow(statements).Scan(&count)
s.Nil(err)
s.Equal(count, 0, "Deleting a profile didn't delete the related profiles_config! There are %d left")
// Make sure there are 0 profiles_devices_config entries left.
- statements = `SELECT count(*) FROM profiles_devices_config WHERE profile_device_id == 4;`
+ statements = `SELECT count(*) FROM profiles_devices_config WHERE profile_device_id == 3;`
err = s.db.QueryRow(statements).Scan(&count)
s.Nil(err)
s.Equal(count, 0, "Deleting a profile didn't delete the related profiles_devices_config!")
@@ -424,7 +424,7 @@ func (s *dbTestSuite) Test_dbProfileConfig() {
var result map[string]string
var expected map[string]string
- _, err = s.db.Exec("INSERT INTO profiles_config (profile_id, key, value) VALUES (3, 'something', 'something else');")
+ _, err = s.db.Exec("INSERT INTO profiles_config (profile_id, key, value) VALUES (2, 'something', 'something else');")
s.Nil(err)
result, err = dbProfileConfig(s.db, "theprofile")
More information about the lxc-devel
mailing list