[pve-devel] [PATCH container] use BEGIN/END markers for gateway scripts

Wolfgang Bumiller w.bumiller at proxmox.com
Fri May 13 11:10:21 CEST 2016 

remove_gateway_scripts() for debian containers can easily
match user-created scripts since it's not strict enough,
which now that we always clean up gateways appears to be an
issue for some.

To deal with this we update this portion to also use
BEGIN/END markers like we did with other files. (Note that
this means we explicitly include the BEGIN/END comment lines
in the 'attribute' list while parsing sections.)

In order to not break existing container configurations we
now remove either a begin/end marked section in
remove_gateway_scripts(), or if none was found fall back to
a much stricter variant of the old matching algorithm which
only triggers if the gateway setup lines are complete and
unmodified.
---
 src/PVE/LXC/Setup/Debian.pm                        | 67 ++++++++++++++--------
 .../test-debian-012/etc/network/interfaces.exp     |  4 ++
 src/test/test-debian-014/config                    |  3 +
 src/test/test-debian-014/etc/hosts.exp             |  2 +-
 src/test/test-debian-014/etc/network/interfaces    | 29 ++++++++++
 .../test-debian-014/etc/network/interfaces.exp     | 38 ++++++++++++
 6 files changed, 118 insertions(+), 25 deletions(-)
 create mode 100644 src/test/test-debian-014/etc/network/interfaces
 create mode 100644 src/test/test-debian-014/etc/network/interfaces.exp

diff --git a/src/PVE/LXC/Setup/Debian.pm b/src/PVE/LXC/Setup/Debian.pm
index c6b2998..e927c37 100644
--- a/src/PVE/LXC/Setup/Debian.pm
+++ b/src/PVE/LXC/Setup/Debian.pm
@@ -79,32 +79,43 @@ sub setup_init {
 sub remove_gateway_scripts {
     my ($attr) = @_;
     my $length = scalar(@$attr);
-    for (my $i = 0; $i < $length; ++$i) {
-	my $a = $attr->[$i];
-	if ($a =~ m@^\s*post-up\s+.*route.*add.*default.*(?:gw|via)\s+(\S+)@) {
-	    my $gw = $1;
-	    if ($i > 0 && $attr->[$i-1] =~ m@^\s*post-up\s+.*route.*add.*\Q$1\E@) {
-		--$i;
-		splice @$attr, $i, 2;
-		$length -= 2;
-	    } else {
-		splice @$attr, $i, 1;
-		$length -= 1;
-	    }
-	    --$i;
-	    next;
+
+    my $found_section = 0;
+    my $keep = 1;
+    @$attr = grep {
+	if ($_ eq '# --- BEGIN PVE ---') {
+	    $found_section = 1;
+	    $keep = 0;
+	    0; # remove this line
+	} elsif ($_ eq '# --- END PVE ---') {
+	    $found_section = 1;
+	    $keep = 1;
+	    0; # remove this line
+	} else {
+	    $keep;
 	}
-	if ($a =~ m@^\s*pre-down\s+.*route.*del.*default.*(?:gw|via)\s+(\S+)@) {
-	    my $gw = $1;
-	    if ($attr->[$i+1] =~ m@^\s*pre-down\s+.*route.*del.*\Q$1\E@) {
-		splice @$attr, $i, 2;
-		$length -= 2;
-	    } else {
-		splice @$attr, $i, 1;
-		$length -= 1;
-	    }
+    } @$attr;
+
+    return if $found_section;
+    # XXX: To deal with existing setups we perform two types of removal for
+    # now. Newly started containers have their routing sections marked with
+    # begin/end comments. For older containers we perform a strict matching on
+    # the routing rules we added. We can probably remove this part at some point
+    # when it is unlikely that old debian setups are still around.
+
+    for (my $i = 0; $i < $length-3; ++$i) {
+	next if $attr->[$i+0] !~ m@^\s*post-up\s+ip\s+route\s+add\s+(\S+)\s+dev\s+(\S+)$@;
+	my ($ip, $dev) = ($1, $2);
+	if ($attr->[$i+1] =~ m@^\s*post-up\s+ip\s+route\s+add\s+default\s+via\s+(\S+)\s+dev\s+(\S+)$@ &&
+	    ($ip eq $1 && $dev eq $2) &&
+	    $attr->[$i+2] =~ m@^\s*pre-down\s+ip\s+route\s+del\s+default\s+via\s+(\S+)\s+dev\s+(\S+)$@ &&
+	    ($ip eq $1 && $dev eq $2) &&
+	    $attr->[$i+3] =~ m@^\s*pre-down\s+ip\s+route\s+del\s+(\S+)\s+dev\s+(\S+)$@ &&
+	    ($ip eq $1 && $dev eq $2))
+	{
+	    splice @$attr, $i, 4;
+	    $length -= 4;
 	    --$i;
-	    next;
 	}
     }
 }
@@ -112,10 +123,12 @@ sub remove_gateway_scripts {
 sub make_gateway_scripts {
     my ($ifname, $gw) = @_;
     return <<"SCRIPTS";
+# --- BEGIN PVE ---
 \tpost-up ip route add $gw dev $ifname
 \tpost-up ip route add default via $gw dev $ifname
 \tpre-down ip route del default via $gw dev $ifname
 \tpre-down ip route del $gw dev $ifname
+# --- END PVE ---
 SCRIPTS
 }
 
@@ -251,6 +264,12 @@ sub setup_network {
     if (my $fh = $self->ct_open_file_read($filename)) {
 	while (defined (my $line = <$fh>)) {
 	    chomp $line;
+	    if ($line =~ m/^# --- (?:BEGIN|END) PVE ---/) {
+		# Include markers in the attribute section so
+		# remove_gateway_scripts() can find them.
+		push @{$section->{attr}}, $line if $section;
+		next;
+	    }
 	    if ($line =~ m/^#/) {
 		$interfaces .= "$line\n";
 		next;
diff --git a/src/test/test-debian-012/etc/network/interfaces.exp b/src/test/test-debian-012/etc/network/interfaces.exp
index 4ce4e16..3efa777 100644
--- a/src/test/test-debian-012/etc/network/interfaces.exp
+++ b/src/test/test-debian-012/etc/network/interfaces.exp
@@ -5,19 +5,23 @@ auto eth0
 iface eth0 inet static
 	address 10.0.0.100
 	netmask 255.255.255.255
+# --- BEGIN PVE ---
 	post-up ip route add 11.0.0.1 dev eth0
 	post-up ip route add default via 11.0.0.1 dev eth0
 	pre-down ip route del default via 11.0.0.1 dev eth0
 	pre-down ip route del 11.0.0.1 dev eth0
+# --- END PVE ---
 
 auto eth1
 iface eth1 inet6 static
 	address fc00::1
 	netmask 64
+# --- BEGIN PVE ---
 	post-up ip route add fc00:1::ff dev eth1
 	post-up ip route add default via fc00:1::ff dev eth1
 	pre-down ip route del default via fc00:1::ff dev eth1
 	pre-down ip route del fc00:1::ff dev eth1
+# --- END PVE ---
 
 auto eth2
 iface eth2 inet6 static
diff --git a/src/test/test-debian-014/config b/src/test/test-debian-014/config
index 8f09fd8..a433a9c 100644
--- a/src/test/test-debian-014/config
+++ b/src/test/test-debian-014/config
@@ -1 +1,4 @@
 hostname: test9
+net0: name=eth0,hwaddr=11:22:33:44:55:66,bridge=vmbr0,ip=10.0.0.100/32,gw=11.0.0.1
+net1: name=eth1,hwaddr=22:33:44:55:66:77,bridge=vmbr1,ip6=fc00::1/64,gw6=fc00:1::ff
+net2: name=eth2,hwaddr=33:44:55:66:77:88,bridge=vmbr2,ip=192.168.0.1/24
diff --git a/src/test/test-debian-014/etc/hosts.exp b/src/test/test-debian-014/etc/hosts.exp
index ac7ee16..0ae8ca1 100644
--- a/src/test/test-debian-014/etc/hosts.exp
+++ b/src/test/test-debian-014/etc/hosts.exp
@@ -1,5 +1,5 @@
 # --- BEGIN PVE ---
 127.0.0.1 localhost.localnet localhost
 ::1 localhost.localnet localhost
-127.0.1.1 test9
+10.0.0.100 test9.proxmox.com test9
 # --- END PVE ---
diff --git a/src/test/test-debian-014/etc/network/interfaces b/src/test/test-debian-014/etc/network/interfaces
new file mode 100644
index 0000000..e53e80f
--- /dev/null
+++ b/src/test/test-debian-014/etc/network/interfaces
@@ -0,0 +1,29 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 10.0.0.100
+	netmask 255.255.255.255
+	post-up ip route add 11.0.0.1 dev eth0
+	post-up ip route add default via 11.0.0.1 dev eth0
+	pre-down ip route del default via 11.0.0.1 dev eth0
+	pre-down ip route del 11.0.0.1 dev eth0
+
+auto eth1
+iface eth1 inet6 static
+	address fc00::1
+	netmask 64
+	post-up ip route add fc00:1::ff/64 dev eth1
+	post-up ip route add default via fc00:1::ff dev eth1
+	pre-down ip route del default via fc00:1::ff/64 dev eth1
+	pre-down ip route del fc00:1::ff dev eth1
+
+auto eth2
+iface eth2 inet static
+	address 192.168.0.1
+	netmask 255.255.255.0
+	post-up ip route add 192.168.1.1 dev eth2 table internal
+	post-up ip route add default via 192.168.1.1 dev eth2 table internal
+	pre-down ip rule add from 192.168.0.128/25 table internal
+	pre-down ip rule add to 192.168.0.128/25 table internal
diff --git a/src/test/test-debian-014/etc/network/interfaces.exp b/src/test/test-debian-014/etc/network/interfaces.exp
new file mode 100644
index 0000000..cadd621
--- /dev/null
+++ b/src/test/test-debian-014/etc/network/interfaces.exp
@@ -0,0 +1,38 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 10.0.0.100
+	netmask 255.255.255.255
+# --- BEGIN PVE ---
+	post-up ip route add 11.0.0.1 dev eth0
+	post-up ip route add default via 11.0.0.1 dev eth0
+	pre-down ip route del default via 11.0.0.1 dev eth0
+	pre-down ip route del 11.0.0.1 dev eth0
+# --- END PVE ---
+
+auto eth1
+iface eth1 inet6 static
+	address fc00::1
+	netmask 64
+# --- BEGIN PVE ---
+	post-up ip route add fc00:1::ff dev eth1
+	post-up ip route add default via fc00:1::ff dev eth1
+	pre-down ip route del default via fc00:1::ff dev eth1
+	pre-down ip route del fc00:1::ff dev eth1
+# --- END PVE ---
+	post-up ip route add fc00:1::ff/64 dev eth1
+	post-up ip route add default via fc00:1::ff dev eth1
+	pre-down ip route del default via fc00:1::ff/64 dev eth1
+	pre-down ip route del fc00:1::ff dev eth1
+
+auto eth2
+iface eth2 inet static
+	address 192.168.0.1
+	netmask 255.255.255.0
+	post-up ip route add 192.168.1.1 dev eth2 table internal
+	post-up ip route add default via 192.168.1.1 dev eth2 table internal
+	pre-down ip rule add from 192.168.0.128/25 table internal
+	pre-down ip rule add to 192.168.0.128/25 table internal
+
-- 
2.1.4

More information about the pve-devel mailing list