Re: [libvirt] [PATCH v3] lxc: Inherit namespace feature

20 Aug 2015

Have tested the code changes. here are the logs.  Please review the patch
sent in another mail.

Really appreciate the efforts to make the code very efficient.


test logs:

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// create ../lxc/cn-02.xml
Domain cn02 created from ../lxc/cn-02.xml

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml |
grep -A 3 -B 3 share
<type>exe</type>
</os>
<lxc:namespace>
     <lxc:sharenet type='name' value='cn02'/>
</lxc:namespace>
<vcpu>1</vcpu>
<clock offset='utc'/>
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// list
 Id    Name                           State
----------------------------------------------------
 6828  cn02                           running

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from
../lxc/share_lxc.xml

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// list
 Id    Name                           State
----------------------------------------------------
 6828  cn02                           running
 8774  cn-03                          running

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// lxc-enter-namespace cn02 --noseclabel /sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 52:54:00:a7:e5:3d
          inet addr:192.168.122.183  Bcast:192.168.122.255
Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fea7:e53d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:105 errors:0 dropped:2 overruns:0 frame:0
          TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:14169 (14.1 KB)  TX bytes:32554 (32.5 KB)


imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 52:54:00:a7:e5:3d
          inet addr:192.168.122.183  Bcast:192.168.122.255
Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fea7:e53d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:114 errors:0 dropped:2 overruns:0 frame:0
          TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15289 (15.2 KB)  TX bytes:40891 (40.8 KB)


imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// destroy cn02
Domain cn02 destroyed

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
eth0: error fetching interface information: Device not found
error: internal error: Child process (10238) unexpected exit status 1

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ip netns exec red
ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:32 errors:0 dropped:0 overruns:0 frame:0
          TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2528 (2.5 KB)  TX bytes:2528 (2.5 KB)

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// list
 Id    Name                           State
----------------------------------------------------
 8774  cn-03                          running

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// destroy cn-03
Domain cn-03 destroyed

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml |
grep -A 3 -B 3 share
<type>exe</type>
</os>
<lxc:namespace>
     <lxc:sharenet type='netns' value='red'/>
</lxc:namespace>
<vcpu>1</vcpu>
<clock offset='utc'/>
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// create ../lxc/share_lxc.xml
Domain cn-03 created from ../lxc/share_lxc.xml

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3792 (3.7 KB)  TX bytes:3792 (3.7 KB)


imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// destroy cn-03Domain cn-03 destroyed

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ip netns exec red
ifconfig lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3792 (3.7 KB)  TX bytes:3792 (3.7 KB)

imran@imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml |
grep -A 3 -B 3 share<type>exe</type>
</os>
<lxc:namespace>
     <lxc:sharenet type='pid' value='1'/>
</lxc:namespace>
<vcpu>1</vcpu>
<clock offset='utc'/>
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from
../lxc/share_lxc.xml

imran@imran-VirtualBox:~/programming/libvirt$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 08:00:27:a8:fd:bf
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
          TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:251962232 (251.9 MB)  TX bytes:4930611 (4.9 MB)
          Interrupt:19 Base address:0xd020

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 08:00:27:a8:fd:bf
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
          TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:251962232 (251.9 MB)  TX bytes:4930611 (4.9 MB)
          Interrupt:19 Base address:0xd020


imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// destroy cn-03
Domain cn-03 destroyed

imran@imran-VirtualBox:~/programming/libvirt$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 08:00:27:a8:fd:bf
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
          TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:251962232 (251.9 MB)  TX bytes:4930611 (4.9 MB)
          Interrupt:19 Base address:0xd020

imran@imran-VirtualBox:~/programming/libvirt$


On Thu, Aug 20, 2015 at 4:10 PM, Imran Khan <ik.nitk@gmail.com> wrote:
...
Thanks to Daniel for making additional changes.  And Thanks Michal for
review it again.
This patch has some functionality breakages. I am working on it. will send
the new patch soon
-imran
On Thu, Aug 20, 2015 at 4:53 AM, Michal Privoznik <mprivozn@redhat.com>
wrote:
...
On 14.08.2015 14:09, Daniel P. Berrange wrote:
...
From: Imran Khan <ik.nitk@gmail.com>
This patch adds feature for lxc containers to inherit namespaces.
This is very similar to what lxc-tools or docker provides.  Look
for "man lxc-start" and you will find that you can pass command
args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
networking option in which you can give --net=container:NAME_or_ID
as an option for sharing +namespace.
...
From this patch you can add extra libvirt option to share
s/>//
...
namespace in following way.
<lxc:namespace>
    <lxc:sharenet type='netns' value='red'/>
    <lxc:shareipc type='pid' value='12345'/>
    <lxc:shareuts type='name' value='container1'/>
  </lxc:namespace>
The netns option is specific to sharenet. It can be used to
inherit from existing network namespace.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 docs/drvlxc.html.in           |  21 ++++++
 docs/schemas/domaincommon.rng |  42 ++++++++++++
 po/POTFILES.in                |   1 +
 src/Makefile.am               |   6 +-
 src/lxc/lxc_conf.c            |   2 +-
 src/lxc/lxc_container.c       |  71 ++++++++++++++++++--
 src/lxc/lxc_container.h       |   2 +
 src/lxc/lxc_controller.c      |  45 ++++++++++++-
 src/lxc/lxc_domain.c          | 149
++++++++++++++++++++++++++++++++++++++++++
 src/lxc/lxc_domain.h          |  26 ++++++++
 src/lxc/lxc_process.c         | 149
++++++++++++++++++++++++++++++++++++++++++
 tests/lxcxml2xmltest.c        |   1 +
 12 files changed, 506 insertions(+), 9 deletions(-)
...

diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index e99b039..9699377 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -359,6 +359,135 @@ char
*virLXCProcessSetupInterfaceDirect(virConnectPtr conn,
     return ret;
 }
+static const char *nsInfoLocal[VIR_LXC_DOMAIN_NAMESPACE_LAST] = {
+    [VIR_LXC_DOMAIN_NAMESPACE_SHARENET] = "net",
+    [VIR_LXC_DOMAIN_NAMESPACE_SHAREIPC] = "ipc",
+    [VIR_LXC_DOMAIN_NAMESPACE_SHAREUTS] = "uts",
+};
+
+static int virLXCProcessSetupNamespaceName(virConnectPtr conn, int
ns_type, const char *name)
+{
+    virLXCDriverPtr driver = conn->privateData;
+    int fd = -1;
+    virDomainObjPtr vm;
+    char *path;
+
+    vm = virDomainObjListFindByName(driver->domains, name);
+    if (!vm) {
+        virReportError(VIR_ERR_NO_DOMAIN,
+                       _("No domain with matching name '%s'"), name);
+        return -1;
+    }
+
+    if (virAsprintf(&path, "/proc/%lld/ns/%s",
+                    (long long int)vm->pid,
+                    nsInfoLocal[ns_type]) < 0)
+        goto cleanup;
+
+    if ((fd = open(path, O_RDONLY)) < 0) {
+        virReportSystemError(errno,
+                             _("failed to open ns %s"),
+
 virLXCDomainNamespaceTypeToString(ns_type));
+        goto cleanup;
+    }
+
+ cleanup:
+    VIR_FREE(path);
+    virObjectUnlock(vm);
+    virObjectUnref(vm);
+    return fd;
+}
+
+
+static int virLXCProcessSetupNamespacePID(int ns_type, const char
*name)
+{
+    int fd;
+    char *path;
+
+    if (virAsprintf(&path, "/proc/%s/ns/%s",
+                    name,
+                    nsInfoLocal[ns_type]) < 0)
+        return -1;
+    fd = open(path, O_RDONLY);
+    VIR_FREE(path);
+    if (fd < 0) {
+        virReportSystemError(errno,
+                             _("failed to open ns %s"),
+
 virLXCDomainNamespaceTypeToString(ns_type));
+        return -1;
+    }
+    return fd;
+}
+
+
+static int virLXCProcessSetupNamespaceNet(int ns_type, const char
*name)
+{
+    char *path;
+    int fd;
+    if (ns_type != VIR_LXC_DOMAIN_NAMESPACE_SHARENET) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s"
s/$/,/
...
+                       _("'netns' namespace source can only be "
+                         "used with sharenet"));
+        return -1;
+    }
+
+    if (virAsprintf(&path, "/var/run/netns/%s", name) < 0)
+        return  -1;
+    fd = open(path, O_RDONLY);
+    VIR_FREE(path);
+    if (fd < 0) {
+        virReportSystemError(errno,
+                             _("failed to open netns %s"), name);
+        return -1;
+    }
+    return fd;
+}
+
+
...
diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c
index 3e00347..8d824b9 100644
--- a/tests/lxcxml2xmltest.c
+++ b/tests/lxcxml2xmltest.c
@@ -133,6 +133,7 @@ mymain(void)
     DO_TEST("filesystem-root");
     DO_TEST("idmap");
     DO_TEST("capabilities");
+    DO_TEST("sharenet");
Have you forgot to git add tests/lxcxml2xmldata/lxc-sharenet.xml?
I like the idea though. I'm tempted to ACK this if you fix all the small
issues I've raised.
Michal

    