Re: [PATCH v3] lxc: Inherit namespace feature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Have tested the code changes. here are the logs.  Please review the patch sent in another mail.

Really appreciate the efforts to make the code very efficient.


test logs:

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// create ../lxc/cn-02.xml
Domain cn02 created from ../lxc/cn-02.xml

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml | grep -A 3 -B 3 share
<type>exe</type>
</os>
<lxc:namespace>
     <lxc:sharenet type='name' value='cn02'/>
</lxc:namespace>
<vcpu>1</vcpu>
<clock offset='utc'/>
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// list
 Id    Name                           State
----------------------------------------------------
 6828  cn02                           running

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from ../lxc/share_lxc.xml

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// list
 Id    Name                           State
----------------------------------------------------
 6828  cn02                           running
 8774  cn-03                          running

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// lxc-enter-namespace cn02 --noseclabel /sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 52:54:00:a7:e5:3d 
          inet addr:192.168.122.183  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fea7:e53d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:105 errors:0 dropped:2 overruns:0 frame:0
          TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:14169 (14.1 KB)  TX bytes:32554 (32.5 KB)


imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 52:54:00:a7:e5:3d 
          inet addr:192.168.122.183  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fea7:e53d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:114 errors:0 dropped:2 overruns:0 frame:0
          TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15289 (15.2 KB)  TX bytes:40891 (40.8 KB)


imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// destroy cn02
Domain cn02 destroyed

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
eth0: error fetching interface information: Device not found
error: internal error: Child process (10238) unexpected exit status 1

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ip netns exec red ifconfig
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:32 errors:0 dropped:0 overruns:0 frame:0
          TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2528 (2.5 KB)  TX bytes:2528 (2.5 KB)

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// list
 Id    Name                           State
----------------------------------------------------
 8774  cn-03                          running

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// destroy cn-03
Domain cn-03 destroyed

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml | grep -A 3 -B 3 share
<type>exe</type>
</os>
<lxc:namespace>
     <lxc:sharenet type='netns' value='red'/>
</lxc:namespace>
<vcpu>1</vcpu>
<clock offset='utc'/>
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// create ../lxc/share_lxc.xml
Domain cn-03 created from ../lxc/share_lxc.xml

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3792 (3.7 KB)  TX bytes:3792 (3.7 KB)


imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// destroy cn-03Domain cn-03 destroyed

imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$
imran@imran-VirtualBox:~/programming/libvirt$ sudo ip netns exec red ifconfig lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3792 (3.7 KB)  TX bytes:3792 (3.7 KB)

imran@imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml | grep -A 3 -B 3 share<type>exe</type>
</os>
<lxc:namespace>
     <lxc:sharenet type='pid' value='1'/>
</lxc:namespace>
<vcpu>1</vcpu>
<clock offset='utc'/>
imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from ../lxc/share_lxc.xml

imran@imran-VirtualBox:~/programming/libvirt$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 08:00:27:a8:fd:bf 
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
          TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:251962232 (251.9 MB)  TX bytes:4930611 (4.9 MB)
          Interrupt:19 Base address:0xd020

imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 08:00:27:a8:fd:bf 
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
          TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:251962232 (251.9 MB)  TX bytes:4930611 (4.9 MB)
          Interrupt:19 Base address:0xd020


imran@imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c lxc:/// destroy cn-03
Domain cn-03 destroyed

imran@imran-VirtualBox:~/programming/libvirt$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 08:00:27:a8:fd:bf 
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
          TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:251962232 (251.9 MB)  TX bytes:4930611 (4.9 MB)
          Interrupt:19 Base address:0xd020

imran@imran-VirtualBox:~/programming/libvirt$


On Thu, Aug 20, 2015 at 4:10 PM, Imran Khan <ik.nitk@xxxxxxxxx> wrote:
Thanks to Daniel for making additional changes.  And Thanks Michal for review it again. 
This patch has some functionality breakages. I am working on it. will send the new patch soon

-imran

On Thu, Aug 20, 2015 at 4:53 AM, Michal Privoznik <mprivozn@xxxxxxxxxx> wrote:
On 14.08.2015 14:09, Daniel P. Berrange wrote:
> From: Imran Khan <ik.nitk@xxxxxxxxx>
>
> This patch adds feature for lxc containers to inherit namespaces.
> This is very similar to what lxc-tools or docker provides.  Look
> for "man lxc-start" and you will find that you can pass command
> args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
> networking option in which you can give --net=container:NAME_or_ID
> as an option for sharing +namespace.
>
>>From this patch you can add extra libvirt option to share

s/>//

> namespace in following way.
>
>   <lxc:namespace>
>     <lxc:sharenet type='netns' value='red'/>
>     <lxc:shareipc type='pid' value='12345'/>
>     <lxc:shareuts type='name' value='container1'/>
>   </lxc:namespace>
>
> The netns option is specific to sharenet. It can be used to
> inherit from existing network namespace.
>
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
>  docs/drvlxc.html.in           |  21 ++++++
>  docs/schemas/domaincommon.rng |  42 ++++++++++++
>  po/POTFILES.in                |   1 +
>  src/Makefile.am               |   6 +-
>  src/lxc/lxc_conf.c            |   2 +-
>  src/lxc/lxc_container.c       |  71 ++++++++++++++++++--
>  src/lxc/lxc_container.h       |   2 +
>  src/lxc/lxc_controller.c      |  45 ++++++++++++-
>  src/lxc/lxc_domain.c          | 149 ++++++++++++++++++++++++++++++++++++++++++
>  src/lxc/lxc_domain.h          |  26 ++++++++
>  src/lxc/lxc_process.c         | 149 ++++++++++++++++++++++++++++++++++++++++++
>  tests/lxcxml2xmltest.c        |   1 +
>  12 files changed, 506 insertions(+), 9 deletions(-)
>

> diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
> index e99b039..9699377 100644
> --- a/src/lxc/lxc_process.c
> +++ b/src/lxc/lxc_process.c
> @@ -359,6 +359,135 @@ char *virLXCProcessSetupInterfaceDirect(virConnectPtr conn,
>      return ret;
>  }
>
> +static const char *nsInfoLocal[VIR_LXC_DOMAIN_NAMESPACE_LAST] = {
> +    [VIR_LXC_DOMAIN_NAMESPACE_SHARENET] = "net",
> +    [VIR_LXC_DOMAIN_NAMESPACE_SHAREIPC] = "ipc",
> +    [VIR_LXC_DOMAIN_NAMESPACE_SHAREUTS] = "uts",
> +};
> +
> +static int virLXCProcessSetupNamespaceName(virConnectPtr conn, int ns_type, const char *name)
> +{
> +    virLXCDriverPtr driver = conn->privateData;
> +    int fd = -1;
> +    virDomainObjPtr vm;
> +    char *path;
> +
> +    vm = virDomainObjListFindByName(driver->domains, name);
> +    if (!vm) {
> +        virReportError(VIR_ERR_NO_DOMAIN,
> +                       _("No domain with matching name '%s'"), name);
> +        return -1;
> +    }
> +
> +    if (virAsprintf(&path, "/proc/%lld/ns/%s",
> +                    (long long int)vm->pid,
> +                    nsInfoLocal[ns_type]) < 0)
> +        goto cleanup;
> +
> +    if ((fd = open(path, O_RDONLY)) < 0) {
> +        virReportSystemError(errno,
> +                             _("failed to open ns %s"),
> +                             virLXCDomainNamespaceTypeToString(ns_type));
> +        goto cleanup;
> +    }
> +
> + cleanup:
> +    VIR_FREE(path);
> +    virObjectUnlock(vm);
> +    virObjectUnref(vm);
> +    return fd;
> +}
> +
> +
> +static int virLXCProcessSetupNamespacePID(int ns_type, const char *name)
> +{
> +    int fd;
> +    char *path;
> +
> +    if (virAsprintf(&path, "/proc/%s/ns/%s",
> +                    name,
> +                    nsInfoLocal[ns_type]) < 0)
> +        return -1;
> +    fd = open(path, O_RDONLY);
> +    VIR_FREE(path);
> +    if (fd < 0) {
> +        virReportSystemError(errno,
> +                             _("failed to open ns %s"),
> +                             virLXCDomainNamespaceTypeToString(ns_type));
> +        return -1;
> +    }
> +    return fd;
> +}
> +
> +
> +static int virLXCProcessSetupNamespaceNet(int ns_type, const char *name)
> +{
> +    char *path;
> +    int fd;
> +    if (ns_type != VIR_LXC_DOMAIN_NAMESPACE_SHARENET) {
> +        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s"

s/$/,/

> +                       _("'netns' namespace source can only be "
> +                         "used with sharenet"));
> +        return -1;
> +    }
> +
> +    if (virAsprintf(&path, "/var/run/netns/%s", name) < 0)
> +        return  -1;
> +    fd = open(path, O_RDONLY);
> +    VIR_FREE(path);
> +    if (fd < 0) {
> +        virReportSystemError(errno,
> +                             _("failed to open netns %s"), name);
> +        return -1;
> +    }
> +    return fd;
> +}
> +
> +


> diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c
> index 3e00347..8d824b9 100644
> --- a/tests/lxcxml2xmltest.c
> +++ b/tests/lxcxml2xmltest.c
> @@ -133,6 +133,7 @@ mymain(void)
>      DO_TEST("filesystem-root");
>      DO_TEST("idmap");
>      DO_TEST("capabilities");
> +    DO_TEST("sharenet");

Have you forgot to git add tests/lxcxml2xmldata/lxc-sharenet.xml?
I like the idea though. I'm tempted to ACK this if you fix all the small
issues I've raised.

Michal


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]