Re: [libvirt] [PATCH v3] lxc: Inherit namespace feature

Have tested the code changes. here are the logs. Please review the patch sent in another mail. Really appreciate the efforts to make the code very efficient. test logs: imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// create ../lxc/cn-02.xml Domain cn02 created from ../lxc/cn-02.xml imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml | grep -A 3 -B 3 share <type>exe</type> </os> <lxc:namespace> <lxc:sharenet type='name' value='cn02'/> </lxc:namespace> <vcpu>1</vcpu> <clock offset='utc'/> imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// list Id Name State ---------------------------------------------------- 6828 cn02 running imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from ../lxc/share_lxc.xml imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// list Id Name State ---------------------------------------------------- 6828 cn02 running 8774 cn-03 running imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// lxc-enter-namespace cn02 --noseclabel /sbin/ifconfig eth0 eth0 Link encap:Ethernet HWaddr 52:54:00:a7:e5:3d inet addr:192.168.122.183 Bcast:192.168.122.255 Mask:255.255.255.0 inet6 addr: fe80::5054:ff:fea7:e53d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:105 errors:0 dropped:2 overruns:0 frame:0 TX packets:58 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:14169 (14.1 KB) TX bytes:32554 (32.5 KB) imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0 eth0 Link encap:Ethernet HWaddr 52:54:00:a7:e5:3d inet addr:192.168.122.183 Bcast:192.168.122.255 Mask:255.255.255.0 inet6 addr: fe80::5054:ff:fea7:e53d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:114 errors:0 dropped:2 overruns:0 frame:0 TX packets:64 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:15289 (15.2 KB) TX bytes:40891 (40.8 KB) imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// destroy cn02 Domain cn02 destroyed imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0 eth0: error fetching interface information: Device not found error: internal error: Child process (10238) unexpected exit status 1 imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ sudo ip netns exec red ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2528 (2.5 KB) TX bytes:2528 (2.5 KB) imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// list Id Name State ---------------------------------------------------- 8774 cn-03 running imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// destroy cn-03 Domain cn-03 destroyed imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml | grep -A 3 -B 3 share <type>exe</type> </os> <lxc:namespace> <lxc:sharenet type='netns' value='red'/> </lxc:namespace> <vcpu>1</vcpu> <clock offset='utc'/> imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from ../lxc/share_lxc.xml imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:48 errors:0 dropped:0 overruns:0 frame:0 TX packets:48 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3792 (3.7 KB) TX bytes:3792 (3.7 KB) imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// destroy cn-03Domain cn-03 destroyed imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ imran@imran-VirtualBox:~/programming/libvirt$ sudo ip netns exec red ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:48 errors:0 dropped:0 overruns:0 frame:0 TX packets:48 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3792 (3.7 KB) TX bytes:3792 (3.7 KB) imran@imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml | grep -A 3 -B 3 share<type>exe</type> </os> <lxc:namespace> <lxc:sharenet type='pid' value='1'/> </lxc:namespace> <vcpu>1</vcpu> <clock offset='utc'/> imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from ../lxc/share_lxc.xml imran@imran-VirtualBox:~/programming/libvirt$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:a8:fd:bf inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:178204 errors:13 dropped:0 overruns:0 frame:0 TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:251962232 (251.9 MB) TX bytes:4930611 (4.9 MB) Interrupt:19 Base address:0xd020 imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:a8:fd:bf inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:178204 errors:13 dropped:0 overruns:0 frame:0 TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:251962232 (251.9 MB) TX bytes:4930611 (4.9 MB) Interrupt:19 Base address:0xd020 imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// destroy cn-03 Domain cn-03 destroyed imran@imran-VirtualBox:~/programming/libvirt$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:a8:fd:bf inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:178204 errors:13 dropped:0 overruns:0 frame:0 TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:251962232 (251.9 MB) TX bytes:4930611 (4.9 MB) Interrupt:19 Base address:0xd020 imran@imran-VirtualBox:~/programming/libvirt$ On Thu, Aug 20, 2015 at 4:10 PM, Imran Khan <ik.nitk(a)gmail.com&gt; wrote: > Thanks to Daniel for making additional changes. And Thanks Michal for > review it again. > This patch has some functionality breakages. I am working on it. will > send the new patch soon > > -imran > > On Thu, Aug 20, 2015 at 4:53 AM, Michal Privoznik <mprivozn(a)redhat.com&gt; > wrote: > >> On 14.08.2015 14:09, Daniel P. Berrange wrote: >> > From: Imran Khan <ik.nitk(a)gmail.com&gt; >> > >> > This patch adds feature for lxc containers to inherit namespaces. >> > This is very similar to what lxc-tools or docker provides. Look >> > for "man lxc-start" and you will find that you can pass command >> > args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker >> > networking option in which you can give --net=container:NAME_or_ID >> > as an option for sharing +namespace. >> > >> >>From this patch you can add extra libvirt option to share >> >> s/>// >> >> > namespace in following way. >> > >> > <lxc:namespace> >> > <lxc:sharenet type='netns' value='red'/> >> > <lxc:shareipc type='pid' value='12345'/> >> > <lxc:shareuts type='name' value='container1'/> >> > </lxc:namespace> >> > >> > The netns option is specific to sharenet. It can be used to >> > inherit from existing network namespace. >> > >> > Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; >> > --- >> > docs/drvlxc.html.in | 21 ++++++ >> > docs/schemas/domaincommon.rng | 42 ++++++++++++ >> > po/POTFILES.in | 1 + >> > src/Makefile.am | 6 +- >> > src/lxc/lxc_conf.c | 2 +- >> > src/lxc/lxc_container.c | 71 ++++++++++++++++++-- >> > src/lxc/lxc_container.h | 2 + >> > src/lxc/lxc_controller.c | 45 ++++++++++++- >> > src/lxc/lxc_domain.c | 149 >> ++++++++++++++++++++++++++++++++++++++++++ >> > src/lxc/lxc_domain.h | 26 ++++++++ >> > src/lxc/lxc_process.c | 149 >> ++++++++++++++++++++++++++++++++++++++++++ >> > tests/lxcxml2xmltest.c | 1 + >> > 12 files changed, 506 insertions(+), 9 deletions(-) >> > >> >> > diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c >> > index e99b039..9699377 100644 >> > --- a/src/lxc/lxc_process.c >> > +++ b/src/lxc/lxc_process.c >> > @@ -359,6 +359,135 @@ char >> *virLXCProcessSetupInterfaceDirect(virConnectPtr conn, >> > return ret; >> > } >> > >> > +static const char *nsInfoLocal[VIR_LXC_DOMAIN_NAMESPACE_LAST] = { >> > + [VIR_LXC_DOMAIN_NAMESPACE_SHARENET] = "net", >> > + [VIR_LXC_DOMAIN_NAMESPACE_SHAREIPC] = "ipc", >> > + [VIR_LXC_DOMAIN_NAMESPACE_SHAREUTS] = "uts", >> > +}; >> > + >> > +static int virLXCProcessSetupNamespaceName(virConnectPtr conn, int >> ns_type, const char *name) >> > +{ >> > + virLXCDriverPtr driver = conn->privateData; >> > + int fd = -1; >> > + virDomainObjPtr vm; >> > + char *path; >> > + >> > + vm = virDomainObjListFindByName(driver->domains, name); >> > + if (!vm) { >> > + virReportError(VIR_ERR_NO_DOMAIN, >> > + _("No domain with matching name '%s'"), name); >> > + return -1; >> > + } >> > + >> > + if (virAsprintf(&path, "/proc/%lld/ns/%s", >> > + (long long int)vm->pid, >> > + nsInfoLocal[ns_type]) < 0) >> > + goto cleanup; >> > + >> > + if ((fd = open(path, O_RDONLY)) < 0) { >> > + virReportSystemError(errno, >> > + _("failed to open ns %s"), >> > + >> virLXCDomainNamespaceTypeToString(ns_type)); >> > + goto cleanup; >> > + } >> > + >> > + cleanup: >> > + VIR_FREE(path); >> > + virObjectUnlock(vm); >> > + virObjectUnref(vm); >> > + return fd; >> > +} >> > + >> > + >> > +static int virLXCProcessSetupNamespacePID(int ns_type, const char >> *name) >> > +{ >> > + int fd; >> > + char *path; >> > + >> > + if (virAsprintf(&path, "/proc/%s/ns/%s", >> > + name, >> > + nsInfoLocal[ns_type]) < 0) >> > + return -1; >> > + fd = open(path, O_RDONLY); >> > + VIR_FREE(path); >> > + if (fd < 0) { >> > + virReportSystemError(errno, >> > + _("failed to open ns %s"), >> > + >> virLXCDomainNamespaceTypeToString(ns_type)); >> > + return -1; >> > + } >> > + return fd; >> > +} >> > + >> > + >> > +static int virLXCProcessSetupNamespaceNet(int ns_type, const char >> *name) >> > +{ >> > + char *path; >> > + int fd; >> > + if (ns_type != VIR_LXC_DOMAIN_NAMESPACE_SHARENET) { >> > + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s" >> >> s/$/,/ >> >> > + _("'netns' namespace source can only be " >> > + "used with sharenet")); >> > + return -1; >> > + } >> > + >> > + if (virAsprintf(&path, "/var/run/netns/%s", name) < 0) >> > + return -1; >> > + fd = open(path, O_RDONLY); >> > + VIR_FREE(path); >> > + if (fd < 0) { >> > + virReportSystemError(errno, >> > + _("failed to open netns %s"), name); >> > + return -1; >> > + } >> > + return fd; >> > +} >> > + >> > + >> >> >> > diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c >> > index 3e00347..8d824b9 100644 >> > --- a/tests/lxcxml2xmltest.c >> > +++ b/tests/lxcxml2xmltest.c >> > @@ -133,6 +133,7 @@ mymain(void) >> > DO_TEST("filesystem-root"); >> > DO_TEST("idmap"); >> > DO_TEST("capabilities"); >> > + DO_TEST("sharenet"); >> >> Have you forgot to git add tests/lxcxml2xmldata/lxc-sharenet.xml? >> I like the idea though. I'm tempted to ACK this if you fix all the small >> issues I've raised. >> >> Michal >> > >