[pve-devel] [PATCH v2] CT protection mode

Tue Sep 22 11:24:01 CEST 2015

[PATCH 2] changes:

- added common check_protection subroutine
- disk removal or update operation
- restore over protected CT prevention
- changed man page message

---
 src/PVE/API2/LXC.pm |  6 ++++--
 src/PVE/LXC.pm      | 15 ++++++++++++---
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index e1f57da..085a696 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -172,6 +172,9 @@ __PACKAGE__->register_method({
 
 	if (!($same_container_exists && $restore && $force)) {
 	    PVE::Cluster::check_vmid_unused($vmid);
+	} else {
+	    my $conf = PVE::LXC::load_config($vmid);
+	    PVE::LXC::check_protection($conf, "unable to restore CT $vmid");
 	}
 
 	my $password = extract_param($param, 'password');
@@ -463,8 +466,7 @@ __PACKAGE__->register_method({
 
 	my $storage_cfg = cfs_read_file("storage.cfg");
 
-	die  "can't remove CT $vmid - protection mode enabled\n"
-	    if $conf->{protection};
+	PVE::LXC::check_protection($conf, "can't remove CT $vmid");
 
 	die "unable to remove CT $vmid - used in HA resources\n"
 	    if PVE::HA::Config::vm_is_ha_managed($vmid);
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 3c77c5b..93eec43 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -181,7 +181,7 @@ my $confdesc = {
     protection => {
 	optional => 1,
 	type => 'boolean',
-	description => "Sets the protection flag of the container. This will prevent the remove operation.",
+	description => "Sets the protection flag of the container. This will prevent the remove operation. This will prevent the CT or CT's disk remove/update operation.",
 	default => 0,
     },
 };
@@ -981,6 +981,14 @@ sub check_lock {
     die "VM is locked ($conf->{'lock'})\n" if $conf->{'lock'};
 }
 
+sub check_protection {
+    my ($vm_conf, $err_msg) = @_;
+
+    if ($vm_conf->{protection}) {
+	die "$err_msg - protection mode enabled\n";
+    }
+}
+
 sub update_lxc_config {
     my ($storage_cfg, $vmid, $conf) = @_;
 
@@ -1130,11 +1138,10 @@ sub update_pct_config {
 	    } elsif ($opt eq 'protection') {
 		delete $conf->{$opt};
 	    } elsif ($opt =~ m/^mp(\d+)$/) {
+		check_protection($conf, "can't remove CT $vmid drive '$opt'");
 		delete $conf->{$opt};
 		push @nohotplug, $opt;
 		next if $running;
-	    } elsif ($opt eq 'rootfs') {
-		die "implement me"
 	    } else {
 		die "implement me"
 	    }
@@ -1204,11 +1211,13 @@ sub update_pct_config {
 	} elsif ($opt eq 'protection') {
 	    $conf->{$opt} = $value ? 1 : 0;
         } elsif ($opt =~ m/^mp(\d+)$/) {
+	    check_protection($conf, "can't update CT $vmid drive '$opt'");
 	    $conf->{$opt} = $value;
 	    $new_disks = 1;
 	    push @nohotplug, $opt;
 	    next;
         } elsif ($opt eq 'rootfs') {
+	    check_protection($conf, "can't update CT $vmid drive '$opt'");
 	    die "implement me: $opt";
 	} else {
 	    die "implement me: $opt";
-- 
2.1.4



