[pve-devel] [RFC v3 pve-container] CT protection mode added
Alen Grizonic
a.grizonic at proxmox.com
Fri Sep 4 14:20:22 CEST 2015
v3 changes:
- disk removal prevention
- preventing restore over existing CT
- changed error and man messages
---
src/PVE/API2/LXC.pm | 9 ++++++++-
src/PVE/API2/LXC/Config.pm | 10 +++++++++-
src/PVE/LXC.pm | 10 ++++++++++
3 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index d5acace..80312b2 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -235,9 +235,13 @@ __PACKAGE__->register_method({
my $restore = extract_param($param, 'restore');
+ my $conf = PVE::LXC::load_config($vmid);
+
if ($restore) {
# fixme: limit allowed parameters
+ die "unable to overwrite existing CT $vmid - protection mode enabled\n"
+ if (($same_container_exists) &&($conf->{protection} == 1));
}
my $force = extract_param($param, 'force');
@@ -297,7 +301,7 @@ __PACKAGE__->register_method({
$archive = PVE::Storage::abs_filesystem_path($storage_cfg, $ostemplate);
}
- my $conf = {};
+ $conf = {};
my $no_disk_param = {};
foreach my $opt (keys %$param) {
@@ -535,6 +539,9 @@ __PACKAGE__->register_method({
my $storage_cfg = cfs_read_file("storage.cfg");
+ die "can't remove CT $vmid - protection mode enabled\n"
+ if ($conf->{protection} == 1);
+
die "unable to remove CT $vmid - used in HA resources\n"
if PVE::HA::Config::vm_is_ha_managed($vmid);
diff --git a/src/PVE/API2/LXC/Config.pm b/src/PVE/API2/LXC/Config.pm
index 95eafaa..b601a66 100644
--- a/src/PVE/API2/LXC/Config.pm
+++ b/src/PVE/API2/LXC/Config.pm
@@ -115,6 +115,8 @@ __PACKAGE__->register_method({
PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
+ my $conf = PVE::LXC::load_config($vmid);
+
foreach my $opt (@delete) {
raise_param_exc({ delete => "you can't use '-$opt' and " .
"-delete $opt' at the same time" })
@@ -122,6 +124,13 @@ __PACKAGE__->register_method({
if (!PVE::LXC::option_exists($opt)) {
raise_param_exc({ delete => "unknown option '$opt'" });
+ } elsif ($opt eq 'protection') {
+ die "can't remove CT $vmid protection option - protection mode enabled\n" .
+ "use \"pct set {vmid} -protection 0\" command instead\n"
+ if ($conf->{protection} == 1);
+ } elsif ($opt eq 'rootfs' || $opt =~ m/^mp(\d+)$/) {
+ die "can't remove CT $vmid storage - protection mode enabled\n"
+ if ($conf->{protection} == 1);
}
}
@@ -131,7 +140,6 @@ __PACKAGE__->register_method({
my $code = sub {
- my $conf = PVE::LXC::load_config($vmid);
PVE::LXC::check_lock($conf);
PVE::Tools::assert_if_modified($digest, $conf->{digest});
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index e296047..ef61bec 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -175,6 +175,12 @@ my $confdesc = {
enum => ['shell', 'console', 'tty'],
default => 'tty',
},
+ protection => {
+ optional => 1,
+ type => 'boolean',
+ description => "Sets the protection flag of the container. This will prevent the container or container's disk remove operation.",
+ default => 0,
+ },
};
my $valid_lxc_conf_keys = {
@@ -1097,6 +1103,8 @@ sub update_pct_config {
next if !$running;
my $netid = $1;
PVE::Network::veth_delete("veth${vmid}i$netid");
+ } elsif ($opt eq 'protection') {
+ delete $conf->{$opt};
} elsif ($opt eq 'rootfs' || $opt =~ m/^mp(\d+)$/) {
die "implement me"
} else {
@@ -1165,6 +1173,8 @@ sub update_pct_config {
} else {
update_net($vmid, $conf, $opt, $net, $netid, $rootdir);
}
+ } elsif ($opt eq 'protection') {
+ $conf->{$opt} = $value ? 1 : 0;
} elsif ($opt eq 'rootfs' || $opt =~ m/^mp(\d+)$/) {
die "implement me: $opt";
} else {
--
2.1.4
More information about the pve-devel
mailing list