[pve-devel] [PATCH container 1/1] add hookscript to containers
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jan 23 19:49:44 CET 2019
On Wed, Jan 23, 2019 at 03:38:21PM +0100, Dominik Csapak wrote:
> On 1/23/19 3:29 PM, Fabian Grünbichler wrote:
> > same as qemu-server, I'd limit adding a hookscript to a CT config to
> > root at pam (for now).
>
> yes you are correct
>
> i thought we had the same default as for vms (new ones default to
> root at pam only, maybe we should do this for cts also?)
ACK, assuming all the current permission checks (or lack thereof) remain
identical ;)
> > On Mon, Jan 21, 2019 at 09:44:36AM +0100, Dominik Csapak wrote:
> > > this adds the config (hookscript) and executes it
> > > on four points in time for the container
> > >
> > > the same notes as with vms are in place regarding
> > > when the script is called
> > >
> > > Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> > > ---
> > > src/PVE/LXC.pm | 6 ++++++
> > > src/PVE/LXC/Config.pm | 18 +++++++++++++++++-
> > > src/lxc-pve-poststop-hook | 3 +++
> > > 3 files changed, 26 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
> > > index ab15ec0..445f9c0 100644
> > > --- a/src/PVE/LXC.pm
> > > +++ b/src/PVE/LXC.pm
> > > @@ -26,6 +26,7 @@ use PVE::AccessControl;
> > > use PVE::ProcFSTools;
> > > use PVE::Syscall;
> > > use PVE::LXC::Config;
> > > +use PVE::GuestHelpers;
> > > use Time::HiRes qw (gettimeofday);
> > > @@ -1912,11 +1913,13 @@ sub vm_start {
> > > my $cmd = ['systemctl', 'start', "pve-container\@$vmid"];
> > > + PVE::GuestHelpers::exec_hookscript($conf, $vmid, 'pre-start', 1);
> > > eval { PVE::Tools::run_command($cmd); };
> > > if (my $err = $@) {
> > > unlink $skiplock_flag_fn;
> > > die $err;
> > > }
> > > + PVE::GuestHelpers::exec_hookscript($conf, $vmid, 'post-start');
> > > return;
> > > }
> > > @@ -1939,6 +1942,9 @@ sub vm_stop {
> > > die "failed to open container ${vmid}'s command socket: $!\n";
> > > }
> > > + my $conf = PVE::LXC::Config->load_config($vmid);
> > > + PVE::GuestHelpers::exec_hookscript($conf, $vmid, 'pre-stop');
> > > +
> > > # Stop the container:
> > > my $cmd = ['lxc-stop', '-n', $vmid];
> > > diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
> > > index 061ec8e..c1e2011 100644
> > > --- a/src/PVE/LXC/Config.pm
> > > +++ b/src/PVE/LXC/Config.pm
> > > @@ -457,6 +457,12 @@ my $confdesc = {
> > > format => $features_desc,
> > > description => "Allow containers access to advanced features.",
> > > },
> > > + hookscript => {
> > > + optional => 1,
> > > + type => 'string',
> > > + format => 'pve-volume-id',
> > > + description => 'Script that will be exectued during various steps in the containers lifetime.',
> > > + },
> > > };
> > > my $valid_lxc_conf_keys = {
> > > @@ -896,7 +902,7 @@ sub update_pct_config {
> > > delete $conf->{$opt};
> > > PVE::LXC::write_cgroup_value("memory", $vmid,
> > > "memory.memsw.limit_in_bytes", -1);
> > > - } elsif ($opt eq 'description' || $opt eq 'onboot' || $opt eq 'startup') {
> > > + } elsif ($opt eq 'description' || $opt eq 'onboot' || $opt eq 'startup' || $opt eq 'hookscript') {
> > > delete $conf->{$opt};
> > > } elsif ($opt eq 'nameserver' || $opt eq 'searchdomain' ||
> > > $opt eq 'tty' || $opt eq 'console' || $opt eq 'cmode') {
> > > @@ -1091,6 +1097,16 @@ sub update_pct_config {
> > > } elsif ($opt eq 'features') {
> > > next if $hotplug_error->($opt);
> > > $conf->{$opt} = $value;
> > > + } elsif ($opt eq 'hookscript') {
> > > + my $storage_cfg = PVE::Storage::config();
> > > + my ($path, undef, $type) = PVE::Storage::path($storage_cfg, $value);
> > > +
> > > + die "'$value' is not in the scripts directory\n"
> > > + if $type ne 'scripts';
> > > +
> > > + warn "script '$path' is not found, setting anyway\n"
> > > + if ! -f $path;
> >
> > and also here - does this really make sense?
> >
>
> same rationale as for vms
ditto ;)
More information about the pve-devel
mailing list