[libvirt] [PATCH v3] lxc: Inherit namespace feature
Imran Khan
ik.nitk at gmail.com
Wed Aug 26 07:48:15 UTC 2015
Hello experts,
Gentle reminder !
thanks a lot for all the help !!
-imran
On Thu, Aug 20, 2015 at 7:20 PM, Imran Khan <ik.nitk at gmail.com> wrote:
> Have tested the code changes. here are the logs. Please review the patch
> sent in another mail.
>
> Really appreciate the efforts to make the code very efficient.
>
>
> test logs:
>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// create ../lxc/cn-02.xml
> Domain cn02 created from ../lxc/cn-02.xml
>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml |
> grep -A 3 -B 3 share
> <type>exe</type>
> </os>
> <lxc:namespace>
> <lxc:sharenet type='name' value='cn02'/>
> </lxc:namespace>
> <vcpu>1</vcpu>
> <clock offset='utc'/>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// list
> Id Name State
> ----------------------------------------------------
> 6828 cn02 running
>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from
> ../lxc/share_lxc.xml
>
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// list
> Id Name State
> ----------------------------------------------------
> 6828 cn02 running
> 8774 cn-03 running
>
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// lxc-enter-namespace cn02 --noseclabel /sbin/ifconfig eth0
> eth0 Link encap:Ethernet HWaddr 52:54:00:a7:e5:3d
> inet addr:192.168.122.183 Bcast:192.168.122.255
> Mask:255.255.255.0
> inet6 addr: fe80::5054:ff:fea7:e53d/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:105 errors:0 dropped:2 overruns:0 frame:0
> TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:14169 (14.1 KB) TX bytes:32554 (32.5 KB)
>
>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
> eth0 Link encap:Ethernet HWaddr 52:54:00:a7:e5:3d
> inet addr:192.168.122.183 Bcast:192.168.122.255
> Mask:255.255.255.0
> inet6 addr: fe80::5054:ff:fea7:e53d/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:114 errors:0 dropped:2 overruns:0 frame:0
> TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:15289 (15.2 KB) TX bytes:40891 (40.8 KB)
>
>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// destroy cn02
> Domain cn02 destroyed
>
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
> eth0: error fetching interface information: Device not found
> error: internal error: Child process (10238) unexpected exit status 1
>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ip netns exec red
> ifconfig
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:65536 Metric:1
> RX packets:32 errors:0 dropped:0 overruns:0 frame:0
> TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:2528 (2.5 KB) TX bytes:2528 (2.5 KB)
>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// list
> Id Name State
> ----------------------------------------------------
> 8774 cn-03 running
>
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// destroy cn-03
> Domain cn-03 destroyed
>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml |
> grep -A 3 -B 3 share
> <type>exe</type>
> </os>
> <lxc:namespace>
> <lxc:sharenet type='netns' value='red'/>
> </lxc:namespace>
> <vcpu>1</vcpu>
> <clock offset='utc'/>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// create ../lxc/share_lxc.xml
> Domain cn-03 created from ../lxc/share_lxc.xml
>
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:65536 Metric:1
> RX packets:48 errors:0 dropped:0 overruns:0 frame:0
> TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:3792 (3.7 KB) TX bytes:3792 (3.7 KB)
>
>
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// destroy cn-03Domain cn-03 destroyed
>
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ip netns exec red
> ifconfig lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:65536 Metric:1
> RX packets:48 errors:0 dropped:0 overruns:0 frame:0
> TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:3792 (3.7 KB) TX bytes:3792 (3.7 KB)
>
> imran at imran-VirtualBox:~/programming/libvirt$ cat ../lxc/share_lxc.xml |
> grep -A 3 -B 3 share<type>exe</type>
> </os>
> <lxc:namespace>
> <lxc:sharenet type='pid' value='1'/>
> </lxc:namespace>
> <vcpu>1</vcpu>
> <clock offset='utc'/>
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// create ../lxc/share_lxc.xml Domain cn-03 created from
> ../lxc/share_lxc.xml
>
> imran at imran-VirtualBox:~/programming/libvirt$ ifconfig eth0
> eth0 Link encap:Ethernet HWaddr 08:00:27:a8:fd:bf
> inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
> inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
> TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:251962232 (251.9 MB) TX bytes:4930611 (4.9 MB)
> Interrupt:19 Base address:0xd020
>
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// lxc-enter-namespace cn-03 --noseclabel /sbin/ifconfig eth0
> eth0 Link encap:Ethernet HWaddr 08:00:27:a8:fd:bf
> inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
> inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
> TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:251962232 (251.9 MB) TX bytes:4930611 (4.9 MB)
> Interrupt:19 Base address:0xd020
>
>
> imran at imran-VirtualBox:~/programming/libvirt$ sudo ./run ./tools/virsh -c
> lxc:/// destroy cn-03
> Domain cn-03 destroyed
>
> imran at imran-VirtualBox:~/programming/libvirt$ ifconfig eth0
> eth0 Link encap:Ethernet HWaddr 08:00:27:a8:fd:bf
> inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
> inet6 addr: fe80::a00:27ff:fea8:fdbf/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:178204 errors:13 dropped:0 overruns:0 frame:0
> TX packets:88943 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:251962232 (251.9 MB) TX bytes:4930611 (4.9 MB)
> Interrupt:19 Base address:0xd020
>
> imran at imran-VirtualBox:~/programming/libvirt$
>
>
> On Thu, Aug 20, 2015 at 4:10 PM, Imran Khan <ik.nitk at gmail.com> wrote:
>
>> Thanks to Daniel for making additional changes. And Thanks Michal for
>> review it again.
>> This patch has some functionality breakages. I am working on it. will
>> send the new patch soon
>>
>> -imran
>>
>> On Thu, Aug 20, 2015 at 4:53 AM, Michal Privoznik <mprivozn at redhat.com>
>> wrote:
>>
>>> On 14.08.2015 14:09, Daniel P. Berrange wrote:
>>> > From: Imran Khan <ik.nitk at gmail.com>
>>> >
>>> > This patch adds feature for lxc containers to inherit namespaces.
>>> > This is very similar to what lxc-tools or docker provides. Look
>>> > for "man lxc-start" and you will find that you can pass command
>>> > args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
>>> > networking option in which you can give --net=container:NAME_or_ID
>>> > as an option for sharing +namespace.
>>> >
>>> >>From this patch you can add extra libvirt option to share
>>>
>>> s/>//
>>>
>>> > namespace in following way.
>>> >
>>> > <lxc:namespace>
>>> > <lxc:sharenet type='netns' value='red'/>
>>> > <lxc:shareipc type='pid' value='12345'/>
>>> > <lxc:shareuts type='name' value='container1'/>
>>> > </lxc:namespace>
>>> >
>>> > The netns option is specific to sharenet. It can be used to
>>> > inherit from existing network namespace.
>>> >
>>> > Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
>>> > ---
>>> > docs/drvlxc.html.in | 21 ++++++
>>> > docs/schemas/domaincommon.rng | 42 ++++++++++++
>>> > po/POTFILES.in | 1 +
>>> > src/Makefile.am | 6 +-
>>> > src/lxc/lxc_conf.c | 2 +-
>>> > src/lxc/lxc_container.c | 71 ++++++++++++++++++--
>>> > src/lxc/lxc_container.h | 2 +
>>> > src/lxc/lxc_controller.c | 45 ++++++++++++-
>>> > src/lxc/lxc_domain.c | 149
>>> ++++++++++++++++++++++++++++++++++++++++++
>>> > src/lxc/lxc_domain.h | 26 ++++++++
>>> > src/lxc/lxc_process.c | 149
>>> ++++++++++++++++++++++++++++++++++++++++++
>>> > tests/lxcxml2xmltest.c | 1 +
>>> > 12 files changed, 506 insertions(+), 9 deletions(-)
>>> >
>>>
>>> > diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
>>> > index e99b039..9699377 100644
>>> > --- a/src/lxc/lxc_process.c
>>> > +++ b/src/lxc/lxc_process.c
>>> > @@ -359,6 +359,135 @@ char
>>> *virLXCProcessSetupInterfaceDirect(virConnectPtr conn,
>>> > return ret;
>>> > }
>>> >
>>> > +static const char *nsInfoLocal[VIR_LXC_DOMAIN_NAMESPACE_LAST] = {
>>> > + [VIR_LXC_DOMAIN_NAMESPACE_SHARENET] = "net",
>>> > + [VIR_LXC_DOMAIN_NAMESPACE_SHAREIPC] = "ipc",
>>> > + [VIR_LXC_DOMAIN_NAMESPACE_SHAREUTS] = "uts",
>>> > +};
>>> > +
>>> > +static int virLXCProcessSetupNamespaceName(virConnectPtr conn, int
>>> ns_type, const char *name)
>>> > +{
>>> > + virLXCDriverPtr driver = conn->privateData;
>>> > + int fd = -1;
>>> > + virDomainObjPtr vm;
>>> > + char *path;
>>> > +
>>> > + vm = virDomainObjListFindByName(driver->domains, name);
>>> > + if (!vm) {
>>> > + virReportError(VIR_ERR_NO_DOMAIN,
>>> > + _("No domain with matching name '%s'"), name);
>>> > + return -1;
>>> > + }
>>> > +
>>> > + if (virAsprintf(&path, "/proc/%lld/ns/%s",
>>> > + (long long int)vm->pid,
>>> > + nsInfoLocal[ns_type]) < 0)
>>> > + goto cleanup;
>>> > +
>>> > + if ((fd = open(path, O_RDONLY)) < 0) {
>>> > + virReportSystemError(errno,
>>> > + _("failed to open ns %s"),
>>> > +
>>> virLXCDomainNamespaceTypeToString(ns_type));
>>> > + goto cleanup;
>>> > + }
>>> > +
>>> > + cleanup:
>>> > + VIR_FREE(path);
>>> > + virObjectUnlock(vm);
>>> > + virObjectUnref(vm);
>>> > + return fd;
>>> > +}
>>> > +
>>> > +
>>> > +static int virLXCProcessSetupNamespacePID(int ns_type, const char
>>> *name)
>>> > +{
>>> > + int fd;
>>> > + char *path;
>>> > +
>>> > + if (virAsprintf(&path, "/proc/%s/ns/%s",
>>> > + name,
>>> > + nsInfoLocal[ns_type]) < 0)
>>> > + return -1;
>>> > + fd = open(path, O_RDONLY);
>>> > + VIR_FREE(path);
>>> > + if (fd < 0) {
>>> > + virReportSystemError(errno,
>>> > + _("failed to open ns %s"),
>>> > +
>>> virLXCDomainNamespaceTypeToString(ns_type));
>>> > + return -1;
>>> > + }
>>> > + return fd;
>>> > +}
>>> > +
>>> > +
>>> > +static int virLXCProcessSetupNamespaceNet(int ns_type, const char
>>> *name)
>>> > +{
>>> > + char *path;
>>> > + int fd;
>>> > + if (ns_type != VIR_LXC_DOMAIN_NAMESPACE_SHARENET) {
>>> > + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s"
>>>
>>> s/$/,/
>>>
>>> > + _("'netns' namespace source can only be "
>>> > + "used with sharenet"));
>>> > + return -1;
>>> > + }
>>> > +
>>> > + if (virAsprintf(&path, "/var/run/netns/%s", name) < 0)
>>> > + return -1;
>>> > + fd = open(path, O_RDONLY);
>>> > + VIR_FREE(path);
>>> > + if (fd < 0) {
>>> > + virReportSystemError(errno,
>>> > + _("failed to open netns %s"), name);
>>> > + return -1;
>>> > + }
>>> > + return fd;
>>> > +}
>>> > +
>>> > +
>>>
>>>
>>> > diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c
>>> > index 3e00347..8d824b9 100644
>>> > --- a/tests/lxcxml2xmltest.c
>>> > +++ b/tests/lxcxml2xmltest.c
>>> > @@ -133,6 +133,7 @@ mymain(void)
>>> > DO_TEST("filesystem-root");
>>> > DO_TEST("idmap");
>>> > DO_TEST("capabilities");
>>> > + DO_TEST("sharenet");
>>>
>>> Have you forgot to git add tests/lxcxml2xmldata/lxc-sharenet.xml?
>>> I like the idea though. I'm tempted to ACK this if you fix all the small
>>> issues I've raised.
>>>
>>> Michal
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150826/f980c6d7/attachment-0001.htm>
More information about the libvir-list
mailing list