[lxc-devel] [lxd/master] #7868: `proxy` device support for VMs (NAT-only)

[grant-he on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 440 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201210/66c5e20b/attachment.bin>
-------------- next part --------------
From d1c9b0e1afe1b5b7868b8918cc769c8740eab3c5 Mon Sep 17 00:00:00 2001
From: JLRDRAGON92000 <jlrdragon at gmail.com>
Date: Fri, 4 Dec 2020 22:58:58 -0600
Subject: [PATCH 1/3] lxd/device: allow adding proxy device to VM instances

Signed-off-by: Jared Rankin <jared.rankin at utexas.edu>
---
 lxd/device/proxy.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lxd/device/proxy.go b/lxd/device/proxy.go
index d169a4671e..c114c0230f 100644
--- a/lxd/device/proxy.go
+++ b/lxd/device/proxy.go
@@ -48,7 +48,7 @@ type proxyProcInfo struct {
 
 // validateConfig checks the supplied config for correctness.
 func (d *proxy) validateConfig(instConf instance.ConfigReader) error {
-	if !instanceSupported(instConf.Type(), instancetype.Container) {
+	if !instanceSupported(instConf.Type(), instancetype.Container, instancetype.VM) {
 		return ErrUnsupportedDevType
 	}
 
@@ -85,6 +85,10 @@ func (d *proxy) validateConfig(instConf instance.ConfigReader) error {
 		return err
 	}
 
+	if instConf.Type() == instancetype.VM && !shared.IsTrue(d.config["nat"]) {
+		return fmt.Errorf("Only NAT mode is supported for proxies on VM instances")
+	}
+
 	listenAddr, err := ProxyParseAddr(d.config["listen"])
 	if err != nil {
 		return err

From 3d0fad9d218f6a188ef1a7fa25536e4fdfae100e Mon Sep 17 00:00:00 2001
From: JLRDRAGON92000 <jlrdragon at gmail.com>
Date: Fri, 4 Dec 2020 23:00:01 -0600
Subject: [PATCH 2/3] lxd/instance/drivers: run device post-start hooks in QEMU
 driver

Signed-off-by: Jared Rankin <jared.rankin at utexas.edu>
---
 lxd/instance/drivers/driver_qemu.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go
index e243634547..ef1b42f657 100644
--- a/lxd/instance/drivers/driver_qemu.go
+++ b/lxd/instance/drivers/driver_qemu.go
@@ -794,6 +794,7 @@ func (vm *qemu) Start(stateful bool) error {
 	}
 
 	devConfs := make([]*deviceConfig.RunConfig, 0, len(vm.expandedDevices))
+	postStartHooks := []func() error{}
 
 	// Setup devices in sorted order, this ensures that device mounts are added in path order.
 	for _, d := range vm.expandedDevices.Sorted() {
@@ -817,6 +818,11 @@ func (vm *qemu) Start(stateful bool) error {
 			}
 		})
 
+		// Add post-start hooks
+		if len(runConf.PostHooks) > 0 {
+			postStartHooks = append(postStartHooks, runConf.PostHooks...)
+		}
+
 		devConfs = append(devConfs, runConf)
 	}
 
@@ -1071,6 +1077,15 @@ func (vm *qemu) Start(stateful bool) error {
 		return err
 	}
 
+	// Run any post-start hooks.
+	err = vm.runHooks(postStartHooks)
+	if err != nil {
+		op.Done(err)
+		// Shut down the VM if hooks fail.
+		vm.Stop(false)
+		return err
+	}
+
 	// Database updates
 	err = vm.state.Cluster.Transaction(func(tx *db.ClusterTx) error {
 		// Record current state

From 4cf11b2ad0224d859825f858be7e9fb8f3850d5b Mon Sep 17 00:00:00 2001
From: JLRDRAGON92000 <jlrdragon at gmail.com>
Date: Thu, 10 Dec 2020 15:57:44 -0600
Subject: [PATCH 3/3] doc: update `proxy` doc to reflect VM support

Signed-off-by: Jared Rankin <jared.rankin at utexas.edu>
---
 doc/instances.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/instances.md b/doc/instances.md
index dece79586a..9ef66151b9 100644
--- a/doc/instances.md
+++ b/doc/instances.md
@@ -766,7 +766,7 @@ mode        | int       | 0660              | no        | Mode of the device in
 
 ### Type: proxy
 
-Supported instance types: container
+Supported instance types: container (`nat` and non-`nat` modes), VM (`nat` mode only)
 
 Proxy devices allow forwarding network connections between host and instance.
 This makes it possible to forward traffic hitting one of the host's