[libvirt] [PATCH v3] lxc: Inherit namespace feature
Imran Khan
ik.nitk at gmail.com
Thu Aug 20 13:50:49 UTC 2015
Have tested the code changes. here are the logs. Please review the patch
sent in another mail.
Really appreciate the efforts to make the code very efficient.
test logs:
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// create ../lxc/cn-02.xml
Domain cn02 created from ../lxc/cn-02.xml
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml |
grep -A 3 -B 3 share
<type>exe</type>
</os>
<lxc:namespace>
<lxc:sharenet type='name' value='cn02'/>
</lxc:namespace>
<vcpu>1</vcpu>
<clock offset='utc'/>
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// list
Id Name State
----------------------------------------------------
6828 cn02 running
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from
../lxc/share_lxc.xml
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// list
Id Name State
----------------------------------------------------
6828 cn02 running
8774 cn-03 running
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// lxc-enter-namespace cn02 --noseclabel /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 52:54:00:a7:e5:3d
inet addr:192.168.122.183 Bcast:192.168.122.255
Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fea7:e53d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:105 errors:0 dropped:2 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14169 (14.1 KB) TX bytes:32554 (32.5 KB)
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 52:54:00:a7:e5:3d
inet addr:192.168.122.183 Bcast:192.168.122.255
Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fea7:e53d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:114 errors:0 dropped:2 overruns:0 frame:0
TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15289 (15.2 KB) TX bytes:40891 (40.8 KB)
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// destroy cn02
Domain cn02 destroyed
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
eth0: error fetching interface information: Device not found
error: internal error: Child process (10238) unexpected exit status 1
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ sudo ip netns exec red
ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2528 (2.5 KB) TX bytes:2528 (2.5 KB)
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// list
Id Name State
----------------------------------------------------
8774 cn-03 running
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// destroy cn-03
Domain cn-03 destroyed
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml |
grep -A 3 -B 3 share
<type>exe</type>
</os>
<lxc:namespace>
<lxc:sharenet type='netns' value='red'/>
</lxc:namespace>
<vcpu>1</vcpu>
<clock offset='utc'/>
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// create ../lxc/share_lxc.xml
Domain cn-03 created from ../lxc/share_lxc.xml
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:48 errors:0 dropped:0 overruns:0 frame:0
TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3792 (3.7 KB) TX bytes:3792 (3.7 KB)
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// destroy cn-03Domain cn-03 destroyed
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$
imran at imran-VirtualBox:~/programming/libvirt$ sudo ip netns exec red
ifconfig lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:48 errors:0 dropped:0 overruns:0 frame:0
TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3792 (3.7 KB) TX bytes:3792 (3.7 KB)
imran at imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml |
grep -A 3 -B 3 share<type>exe</type>
</os>
<lxc:namespace>
<lxc:sharenet type='pid' value='1'/>
</lxc:namespace>
<vcpu>1</vcpu>
<clock offset='utc'/>
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from
../lxc/share_lxc.xml
imran at imran-VirtualBox:~/programming/libvirt$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 08:00:27:a8:fd:bf
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:251962232 (251.9 MB) TX bytes:4930611 (4.9 MB)
Interrupt:19 Base address:0xd020
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 08:00:27:a8:fd:bf
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:251962232 (251.9 MB) TX bytes:4930611 (4.9 MB)
Interrupt:19 Base address:0xd020
imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
lxc:/// destroy cn-03
Domain cn-03 destroyed
imran at imran-VirtualBox:~/programming/libvirt$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 08:00:27:a8:fd:bf
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:251962232 (251.9 MB) TX bytes:4930611 (4.9 MB)
Interrupt:19 Base address:0xd020
imran at imran-VirtualBox:~/programming/libvirt$
On Thu, Aug 20, 2015 at 4:10 PM, Imran Khan <ik.nitk at gmail.com> wrote:
> Thanks to Daniel for making additional changes. And Thanks Michal for
> review it again.
> This patch has some functionality breakages. I am working on it. will send
> the new patch soon
>
> -imran
>
> On Thu, Aug 20, 2015 at 4:53 AM, Michal Privoznik <mprivozn at redhat.com>
> wrote:
>
>> On 14.08.2015 14:09, Daniel P. Berrange wrote:
>> > From: Imran Khan <ik.nitk at gmail.com>
>> >
>> > This patch adds feature for lxc containers to inherit namespaces.
>> > This is very similar to what lxc-tools or docker provides. Look
>> > for "man lxc-start" and you will find that you can pass command
>> > args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
>> > networking option in which you can give --net=container:NAME_or_ID
>> > as an option for sharing +namespace.
>> >
>> >>From this patch you can add extra libvirt option to share
>>
>> s/>//
>>
>> > namespace in following way.
>> >
>> > <lxc:namespace>
>> > <lxc:sharenet type='netns' value='red'/>
>> > <lxc:shareipc type='pid' value='12345'/>
>> > <lxc:shareuts type='name' value='container1'/>
>> > </lxc:namespace>
>> >
>> > The netns option is specific to sharenet. It can be used to
>> > inherit from existing network namespace.
>> >
>> > Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
>> > ---
>> > docs/drvlxc.html.in | 21 ++++++
>> > docs/schemas/domaincommon.rng | 42 ++++++++++++
>> > po/POTFILES.in | 1 +
>> > src/Makefile.am | 6 +-
>> > src/lxc/lxc_conf.c | 2 +-
>> > src/lxc/lxc_container.c | 71 ++++++++++++++++++--
>> > src/lxc/lxc_container.h | 2 +
>> > src/lxc/lxc_controller.c | 45 ++++++++++++-
>> > src/lxc/lxc_domain.c | 149
>> ++++++++++++++++++++++++++++++++++++++++++
>> > src/lxc/lxc_domain.h | 26 ++++++++
>> > src/lxc/lxc_process.c | 149
>> ++++++++++++++++++++++++++++++++++++++++++
>> > tests/lxcxml2xmltest.c | 1 +
>> > 12 files changed, 506 insertions(+), 9 deletions(-)
>> >
>>
>> > diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
>> > index e99b039..9699377 100644
>> > --- a/src/lxc/lxc_process.c
>> > +++ b/src/lxc/lxc_process.c
>> > @@ -359,6 +359,135 @@ char
>> *virLXCProcessSetupInterfaceDirect(virConnectPtr conn,
>> > return ret;
>> > }
>> >
>> > +static const char *nsInfoLocal[VIR_LXC_DOMAIN_NAMESPACE_LAST] = {
>> > + [VIR_LXC_DOMAIN_NAMESPACE_SHARENET] = "net",
>> > + [VIR_LXC_DOMAIN_NAMESPACE_SHAREIPC] = "ipc",
>> > + [VIR_LXC_DOMAIN_NAMESPACE_SHAREUTS] = "uts",
>> > +};
>> > +
>> > +static int virLXCProcessSetupNamespaceName(virConnectPtr conn, int
>> ns_type, const char *name)
>> > +{
>> > + virLXCDriverPtr driver = conn->privateData;
>> > + int fd = -1;
>> > + virDomainObjPtr vm;
>> > + char *path;
>> > +
>> > + vm = virDomainObjListFindByName(driver->domains, name);
>> > + if (!vm) {
>> > + virReportError(VIR_ERR_NO_DOMAIN,
>> > + _("No domain with matching name '%s'"), name);
>> > + return -1;
>> > + }
>> > +
>> > + if (virAsprintf(&path, "/proc/%lld/ns/%s",
>> > + (long long int)vm->pid,
>> > + nsInfoLocal[ns_type]) < 0)
>> > + goto cleanup;
>> > +
>> > + if ((fd = open(path, O_RDONLY)) < 0) {
>> > + virReportSystemError(errno,
>> > + _("failed to open ns %s"),
>> > +
>> virLXCDomainNamespaceTypeToString(ns_type));
>> > + goto cleanup;
>> > + }
>> > +
>> > + cleanup:
>> > + VIR_FREE(path);
>> > + virObjectUnlock(vm);
>> > + virObjectUnref(vm);
>> > + return fd;
>> > +}
>> > +
>> > +
>> > +static int virLXCProcessSetupNamespacePID(int ns_type, const char
>> *name)
>> > +{
>> > + int fd;
>> > + char *path;
>> > +
>> > + if (virAsprintf(&path, "/proc/%s/ns/%s",
>> > + name,
>> > + nsInfoLocal[ns_type]) < 0)
>> > + return -1;
>> > + fd = open(path, O_RDONLY);
>> > + VIR_FREE(path);
>> > + if (fd < 0) {
>> > + virReportSystemError(errno,
>> > + _("failed to open ns %s"),
>> > +
>> virLXCDomainNamespaceTypeToString(ns_type));
>> > + return -1;
>> > + }
>> > + return fd;
>> > +}
>> > +
>> > +
>> > +static int virLXCProcessSetupNamespaceNet(int ns_type, const char
>> *name)
>> > +{
>> > + char *path;
>> > + int fd;
>> > + if (ns_type != VIR_LXC_DOMAIN_NAMESPACE_SHARENET) {
>> > + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s"
>>
>> s/$/,/
>>
>> > + _("'netns' namespace source can only be "
>> > + "used with sharenet"));
>> > + return -1;
>> > + }
>> > +
>> > + if (virAsprintf(&path, "/var/run/netns/%s", name) < 0)
>> > + return -1;
>> > + fd = open(path, O_RDONLY);
>> > + VIR_FREE(path);
>> > + if (fd < 0) {
>> > + virReportSystemError(errno,
>> > + _("failed to open netns %s"), name);
>> > + return -1;
>> > + }
>> > + return fd;
>> > +}
>> > +
>> > +
>>
>>
>> > diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c
>> > index 3e00347..8d824b9 100644
>> > --- a/tests/lxcxml2xmltest.c
>> > +++ b/tests/lxcxml2xmltest.c
>> > @@ -133,6 +133,7 @@ mymain(void)
>> > DO_TEST("filesystem-root");
>> > DO_TEST("idmap");
>> > DO_TEST("capabilities");
>> > + DO_TEST("sharenet");
>>
>> Have you forgot to git add tests/lxcxml2xmldata/lxc-sharenet.xml?
>> I like the idea though. I'm tempted to ACK this if you fix all the small
>> issues I've raised.
>>
>> Michal
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150820/82397418/attachment-0001.htm>
More information about the libvir-list
mailing list