[pve-devel] [RFC v3 pve-container] CT protection mode added

Alen Grizonic a.grizonic at proxmox.com
Fri Sep 4 14:20:22 CEST 2015


v3 changes:

- disk removal prevention

- preventing restore over existing CT

- changed error and man messages
---
 src/PVE/API2/LXC.pm        |  9 ++++++++-
 src/PVE/API2/LXC/Config.pm | 10 +++++++++-
 src/PVE/LXC.pm             | 10 ++++++++++
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index d5acace..80312b2 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -235,9 +235,13 @@ __PACKAGE__->register_method({
 
 	my $restore = extract_param($param, 'restore');
 
+	my $conf = PVE::LXC::load_config($vmid);
+
 	if ($restore) {
 	    # fixme: limit allowed parameters
 
+            die  "unable to overwrite existing CT $vmid - protection mode enabled\n"
+                if (($same_container_exists) &&($conf->{protection} == 1));
 	}
 	
 	my $force = extract_param($param, 'force');
@@ -297,7 +301,7 @@ __PACKAGE__->register_method({
 	    $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $ostemplate);
 	}
 
-	my $conf = {};
+	$conf = {};
 
 	my $no_disk_param = {};
 	foreach my $opt (keys %$param) {
@@ -535,6 +539,9 @@ __PACKAGE__->register_method({
 
 	my $storage_cfg = cfs_read_file("storage.cfg");
 
+	die  "can't remove CT $vmid - protection mode enabled\n"
+	    if ($conf->{protection} == 1);
+
 	die "unable to remove CT $vmid - used in HA resources\n"
 	    if PVE::HA::Config::vm_is_ha_managed($vmid);
 
diff --git a/src/PVE/API2/LXC/Config.pm b/src/PVE/API2/LXC/Config.pm
index 95eafaa..b601a66 100644
--- a/src/PVE/API2/LXC/Config.pm
+++ b/src/PVE/API2/LXC/Config.pm
@@ -115,6 +115,8 @@ __PACKAGE__->register_method({
 
 	PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
 
+	my $conf = PVE::LXC::load_config($vmid);
+
 	foreach my $opt (@delete) {
 	    raise_param_exc({ delete => "you can't use '-$opt' and " .
 				  "-delete $opt' at the same time" })
@@ -122,6 +124,13 @@ __PACKAGE__->register_method({
 
 	    if (!PVE::LXC::option_exists($opt)) {
 		raise_param_exc({ delete => "unknown option '$opt'" });
+	    } elsif ($opt eq 'protection') {
+                die "can't remove CT $vmid protection option - protection mode enabled\n" .
+		"use \"pct set {vmid} -protection 0\" command instead\n"
+                    if ($conf->{protection} == 1);
+	    } elsif ($opt eq 'rootfs' || $opt =~ m/^mp(\d+)$/) {
+                die "can't remove CT $vmid storage - protection mode enabled\n"
+		    if ($conf->{protection} == 1);
 	    }
 	}
 
@@ -131,7 +140,6 @@ __PACKAGE__->register_method({
 
 	my $code = sub {
 
-	    my $conf = PVE::LXC::load_config($vmid);
 	    PVE::LXC::check_lock($conf);
 
 	    PVE::Tools::assert_if_modified($digest, $conf->{digest});
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index e296047..ef61bec 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -175,6 +175,12 @@ my $confdesc = {
 	enum => ['shell', 'console', 'tty'],
 	default => 'tty',
     },
+    protection => {
+	optional => 1,
+	type => 'boolean',
+	description => "Sets the protection flag of the container. This will prevent the container or container's disk remove operation.",
+	default => 0,
+    },
 };
 
 my $valid_lxc_conf_keys = {
@@ -1097,6 +1103,8 @@ sub update_pct_config {
 		next if !$running;
 		my $netid = $1;
 		PVE::Network::veth_delete("veth${vmid}i$netid");
+	    } elsif ($opt eq 'protection') {
+		delete $conf->{$opt};
 	    } elsif ($opt eq 'rootfs' || $opt =~ m/^mp(\d+)$/) {
 		die "implement me"
 	    } else {
@@ -1165,6 +1173,8 @@ sub update_pct_config {
 	    } else {
 		update_net($vmid, $conf, $opt, $net, $netid, $rootdir);
 	    }
+	} elsif ($opt eq 'protection') {
+	    $conf->{$opt} = $value ? 1 : 0;
         } elsif ($opt eq 'rootfs' || $opt =~ m/^mp(\d+)$/) {
 	    die "implement me: $opt";
 	} else {
-- 
2.1.4




More information about the pve-devel mailing list