OpenNebula
diff --git a/‎install.sh‎
Lines changed: 2 additions & 0 deletions b/‎install.sh‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎share/pkgs/sudoers/centos/opennebula‎
Lines changed: 1 addition & 1 deletion b/‎share/pkgs/sudoers/centos/opennebula‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎share/pkgs/sudoers/debian/opennebula‎
Lines changed: 1 addition & 1 deletion b/‎share/pkgs/sudoers/debian/opennebula‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎share/sudoers/sudoers.rb‎
Lines changed: 1 addition & 1 deletion b/‎share/sudoers/sudoers.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/im_mad/remotes/lxc-probes.d/host/system/pci.rb‎
Lines changed: 1 addition & 0 deletions b/‎src/im_mad/remotes/lxc-probes.d/host/system/pci.rb‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/im_mad/remotes/lxc-probes.d/pci.conf‎
Lines changed: 1 addition & 0 deletions b/‎src/im_mad/remotes/lxc-probes.d/pci.conf‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/vmm_mad/remotes/lib/kvm/opennebula_vm.rb‎
Lines changed: 0 additions & 5 deletions b/‎src/vmm_mad/remotes/lib/kvm/opennebula_vm.rb‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎src/vmm_mad/remotes/lib/lxc/client.rb‎
Lines changed: 42 additions & 0 deletions b/‎src/vmm_mad/remotes/lib/lxc/client.rb‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎src/vmm_mad/remotes/lib/lxc/container.rb‎
Lines changed: 179 additions & 25 deletions b/‎src/vmm_mad/remotes/lib/lxc/container.rb‎
Lines changed: 179 additions & 25 deletions
@@ -1171,6 +1171,7 @@ IM_PROBES_LXC_HOST_SYSTEM_FILES="\
      src/im_mad/remotes/lxc-probes.d/host/system/name.sh \
      src/im_mad/remotes/kvm-probes.d/host/system/clean_db.rb \
      src/im_mad/remotes/lxc-probes.d/host/system/numa_host.rb \
+     src/im_mad/remotes/lxc-probes.d/host/system/pci.rb \
      src/im_mad/remotes/lxc-probes.d/host/system/version.sh"
 
 IM_PROBES_LXC_VM_MONITOR_FILES="\
@@ -1182,6 +1183,7 @@ IM_PROBES_LXC_VM_STATUS_FILES="\
 
 IM_PROBES_ETC_LXC_PROBES_FILES="\
     src/im_mad/remotes/lxc-probes.d/forecast.conf \
+    src/im_mad/remotes/lxc-probes.d/pci.conf \
     src/im_mad/remotes/lib/probe_db.conf"
 
 IM_PROBES_VERSION="src/im_mad/remotes/VERSION"
 
@@ -5,7 +5,7 @@ Cmnd_Alias ONE_CEPH = /usr/bin/rbd
 Cmnd_Alias ONE_HA = /usr/bin/systemctl start opennebula-flow, /usr/bin/systemctl stop opennebula-flow, /usr/bin/systemctl start opennebula-gate, /usr/bin/systemctl stop opennebula-gate, /usr/bin/systemctl start opennebula-hem, /usr/bin/systemctl stop opennebula-hem, /usr/bin/systemctl start opennebula-showback.timer, /usr/bin/systemctl stop opennebula-showback.timer, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/sbin/arping, /usr/sbin/ip address *
 Cmnd_Alias ONE_LVM = /usr/sbin/lvcreate, /usr/sbin/lvremove, /usr/sbin/lvs, /usr/sbin/vgdisplay, /usr/sbin/lvchange, /usr/sbin/lvscan, /usr/sbin/lvextend, /usr/sbin/dmsetup
 Cmnd_Alias ONE_NFS = /usr/bin/mount, /usr/bin/umount, /usr/bin/sed -i -f /proc/self/fd/0 /etc/fstab
-Cmnd_Alias ONE_LXC = /usr/bin/mount, /usr/bin/umount, /usr/bin/bindfs, /usr/sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /usr/sbin/e2fsck, /usr/sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd
+Cmnd_Alias ONE_LXC = /usr/bin/mount, /usr/bin/umount, /usr/bin/bindfs, /usr/sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /usr/bin/lxc-device, /usr/sbin/e2fsck, /usr/sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd
 Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh
 Cmnd_Alias ONE_NET = /usr/sbin/iptables, /usr/sbin/ip6tables, /usr/sbin/ipset, /usr/sbin/ip link *, /usr/sbin/ip neighbour *, /usr/sbin/ip route *, /usr/sbin/ip rule *, /usr/sbin/ip tuntap *, /usr/sbin/nft, /var/tmp/one/vnm/tproxy, /usr/sbin/bridge vlan *
 Cmnd_Alias ONE_NETAPP = /usr/sbin/blockdev, /usr/sbin/multipath, /usr/sbin/multipathd, /usr/sbin/iscsiadm, /usr/bin/tee, /usr/bin/find
 
@@ -5,7 +5,7 @@ Cmnd_Alias ONE_CEPH = /usr/bin/rbd
 Cmnd_Alias ONE_HA = /usr/bin/systemctl start opennebula-flow, /usr/bin/systemctl stop opennebula-flow, /usr/bin/systemctl start opennebula-gate, /usr/bin/systemctl stop opennebula-gate, /usr/bin/systemctl start opennebula-hem, /usr/bin/systemctl stop opennebula-hem, /usr/bin/systemctl start opennebula-showback.timer, /usr/bin/systemctl stop opennebula-showback.timer, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/bin/arping, /usr/sbin/ip address *
 Cmnd_Alias ONE_LVM = /usr/sbin/lvcreate, /usr/sbin/lvremove, /usr/sbin/lvs, /usr/sbin/vgdisplay, /usr/sbin/lvchange, /usr/sbin/lvscan, /usr/sbin/lvextend, /usr/sbin/dmsetup
 Cmnd_Alias ONE_NFS = /usr/bin/mount, /usr/bin/umount, /usr/bin/sed -i -f /proc/self/fd/0 /etc/fstab
-Cmnd_Alias ONE_LXC = /usr/bin/mount, /usr/bin/umount, /usr/bin/bindfs, /usr/sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /usr/sbin/e2fsck, /usr/sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd
+Cmnd_Alias ONE_LXC = /usr/bin/mount, /usr/bin/umount, /usr/bin/bindfs, /usr/sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /usr/bin/lxc-device, /usr/sbin/e2fsck, /usr/sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd
 Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh
 Cmnd_Alias ONE_NET = /usr/sbin/iptables, /usr/sbin/ip6tables, /usr/sbin/ipset, /usr/sbin/ip link *, /usr/sbin/ip neighbour *, /usr/sbin/ip route *, /usr/sbin/ip rule *, /usr/sbin/ip tuntap *, /usr/sbin/nft, /var/tmp/one/vnm/tproxy, /usr/sbin/bridge vlan *
 Cmnd_Alias ONE_NETAPP = /usr/sbin/blockdev, /usr/sbin/multipath, /usr/sbin/multipathd, /usr/sbin/iscsiadm, /usr/bin/tee, /usr/bin/find
 
@@ -73,7 +73,7 @@ def initialize(lib_location)
             :LXC => [
                 'mount', 'umount', 'bindfs', 'losetup', 'qemu-nbd', 'lxc-attach', 'lxc-config',
                 'lxc-create', 'lxc-destroy', 'lxc-info', 'lxc-ls', 'lxc-start', 'lxc-stop',
-                'lxc-console', 'e2fsck', 'resize2fs', 'xfs_growfs', 'rbd-nbd'
+                'lxc-console', 'e2fsck', 'resize2fs', 'xfs_growfs', 'rbd-nbd', 'lxc-device'
             ],
             :MARKET => ["#{lib_location}/sh/create_container_image.sh"],
             :MEM => ['sysctl vm.drop_caches=3 vm.compact_memory=1'],
 
@@ -0,0 +1 @@
+../../../node-probes.d/pci.rb
@@ -0,0 +1 @@
+../node-probes.d/pci.conf
@@ -408,11 +408,6 @@ def initialize(xml_action)
             @xpath_prefix = ''
         end
 
-        # @return true if the VM includes a PCI device being attached
-        def pci_attach?
-            @xml.exist? "TEMPLATE/PCI[ATTACH='YES']"
-        end
-
         #-----------------------------------------------------------------------
         #  This function generates a XML document to attach a new interface
         #  to the VM. The interface specification supports the same OpenNebula
 
@@ -30,6 +30,7 @@ class LXCClient
         :create     => 'lxc-create',
         :destroy    => 'lxc-destroy',
         :info       => 'lxc-info',
+        :device     => 'lxc-device',
         :ls         => 'lxc-ls',
         :start      => 'lxc-start',
         :stop       => 'lxc-stop'
@@ -107,6 +108,47 @@ def list(options = {})
         stdout.split
     end
 
+    #-----------------------------------------------------------------------
+    # Command Injection
+    #-----------------------------------------------------------------------
+
+    def attach(name, cmd, options = {}, detach = false)
+        cmd = append_options("#{COMMANDS[:attach]} -n #{name} -- #{cmd}", options)
+
+        if detach
+            Command.container_cmd(name, cmd)
+        else
+            Command.execute_detach(cmd)
+        end
+    end
+
+    def bash(name, cmd, options = {})
+        cmd = "/bin/bash -c \"#{cmd}\""
+        cmd = append_options("#{COMMANDS[:attach]} -n #{name} -- #{cmd}", options)
+        Command.execute_log(cmd)
+    end
+
+    #-----------------------------------------------------------------------
+    # Device Management
+    #-----------------------------------------------------------------------
+
+    def attach_device(name, device_host, device_guest = nil, options = {})
+        devices = '' + device_host
+        devices << " #{device_guest}" if device_guest
+
+        cmd = append_options("#{COMMANDS[:device]} -n #{name} add #{devices}", options)
+        Command.container_cmd(name, cmd)
+    end
+
+    def detach_device(name, device_guest, device_host = nil, options = {})
+        devices = ''
+        devices << device_guest
+        devices << " #{device_host}" if device_host
+
+        cmd = append_options("#{COMMANDS[:device]} -n #{name} del #{devices}", options)
+        Command.container_cmd(name, cmd)
+    end
+
     private
 
     # append options to cmd string
 
@@ -20,6 +20,7 @@
 
 require 'client'
 require 'opennebula_vm'
+require 'tempfile'
 
 # LXC Container abstraction. Handles container native and added
 # operations. Allows to gather container config and status data
@@ -39,6 +40,9 @@ def initialize(one, client)
         @client = client
 
         @name = @one.vm_name
+
+        @driver_config = @one.lxcrc
+        @driver_config.merge!(:id_map => 0) if @one.privileged?
     end
 
     class << self
@@ -96,11 +100,8 @@ def create(options = {})
         error   = false
         mounted = []
 
-        lxcrc = @one.lxcrc
-        lxcrc.merge!(:id_map => 0) if @one.privileged?
-
         @one.disks.each do |disk|
-            if disk.mount(lxcrc)
+            if disk.mount(@driver_config)
                 mounted << disk
             else
                 error = true
@@ -141,7 +142,7 @@ def start
             return false
         end
 
-        return true if wait_deploy(5)
+        return true if wait_deploy(5) && configure_pci_nics
 
         clean(true)
         return false
@@ -159,23 +160,48 @@ def shutdown
     def reboot
         rc = @client.stop(@name)
 
-        # Remove nic from ovs-switch if needed
-        @one.get_nics.each do |nic|
-            del_bridge_port(nic) # network driver matching implemented here
-        end
+        # # avoid bind mounts on new container restart
+        # @one.disks.each {|d| return false unless d.clean_live }
+
+        # lxc-stop doesn't remove ovs host side nic
+        @one.nics.each {|n| @one.del_bridge_port(n) }
 
         return false unless rc
 
-        @client.start(@name)
+        # Make sure container starts with an updated configuration file
+        file = Tempfile.new
+        file.write(@one.to_lxc)
+        file.flush
+        file.rewind
+
+        # starting without ovs host side nic removal results in error
+        @client.start(@name, { :rcfile => file.path })
+        wait_deploy(5)
     end
 
+    #---------------------------------------------------------------------------
+    # Storage
+    #---------------------------------------------------------------------------
+
     def clean(ignore_err = false)
+        disks = @one.disks
+
+        # sort disks so rootfs is last during cleanup operations
+        disks.each do |disk|
+            next unless disk.rootfs?
+
+            disks << disks.delete(disk)
+            break
+        end
+
+        # rubocop:disable Style/CombinableLoops
         # Unmap storage
-        @one.disks.each do |disk|
+        disks.each do |disk|
             rc = disk.umount({ :ignore_err => ignore_err })
 
             return false if ignore_err != true && !rc
         end
+        # rubocop:enable Style/CombinableLoops
 
         # Clean bindpoint
         FileUtils.rm_rf(@one.bind_folder) if Dir.exist?(@one.bind_folder)
@@ -184,6 +210,92 @@ def clean(ignore_err = false)
         @client.destroy(@name) if @client.list.include?(@name)
     end
 
+    def attach_disk(id = nil, guest_path = nil)
+        id ||= @one.hotplug_disk_id
+        guest_path ||= "/#{@driver_config[:mountopts][:mountpoint].gsub('$id', id.to_s)}"
+
+        disk = @one.disk(id)
+        container_path = @one.bind_mount_path(guest_path)
+
+        disk.mount(@driver_config)
+        disk.pass_mount(container_path)
+    end
+
+    def detach_disk(id = nil)
+        id ||= @one.hotplug_disk_id
+        disk = @one.disk(id)
+
+        # umount the entry inside the container
+        cmd = "umount #{disk.mountpoint}"
+        return false unless execute(cmd)
+
+        disk.umount
+    end
+
+    def attach_context
+        return true unless @one.has_context?
+
+        id = @one.context_id
+        guest_path = '/context'
+
+        attach_disk(id, guest_path)
+    end
+
+    def detach_context
+        return true unless @one.has_context?
+
+        detach_disk(@one.context_id)
+    end
+
+    #---------------------------------------------------------------------------
+    # Network
+    #---------------------------------------------------------------------------
+
+    def attach_nic(mac)
+        if @one.pci_attach?
+            nic     = @one.hotplug_pci
+            pci_nic = @one.nic_name_by_address(nic['ADDRESS'])
+
+            @client.attach_device(@name, pci_nic)
+        else
+            nic = @one.nic_by_mac(mac)
+
+            veth_peer = @one.create_veth_pair(nic)
+            return false unless veth_peer
+
+            if !@one.add_bridge_port(nic)
+                @one.delete_nic(nic['TARGET'])
+                return false
+            end
+
+            return true if @client.attach_device(@name, LXCVM.veth_peer(nic),
+                                                 LXCVM.nic_guest(nic))
+
+            @one.del_bridge_port(nic)
+            @one.delete_nic(nic['TARGET'])
+            false
+        end
+    end
+
+    def detach_nic(mac)
+        if @one.pci_attach?
+            nic     = @one.hotplug_pci
+            pci_nic = nic_name_by_short_address(nic['SHORT_ADDRESS'])
+
+            @client.detach_device(@name, pci_nic)
+        else
+            nic = @one.nic_by_mac(mac)
+
+            return false unless @client.detach_device(@name, LXCVM.nic_guest(nic),
+                                                      LXCVM.veth_peer(nic))
+
+            return true if !@one.del_bridge_port(nic)
+
+            @one.delete_nic(nic['TARGET'])
+            true
+        end
+    end
+
     #---------------------------------------------------------------------------
     # VNC
     #---------------------------------------------------------------------------
@@ -192,8 +304,64 @@ def vnc(signal)
         @one.vnc(signal, @one.lxcrc[:vnc][:command], @one.lxcrc[:vnc])
     end
 
+    #---------------------------------------------------------------------------
+    # Command Injection
+    #---------------------------------------------------------------------------
+
+    def restart_context
+        cmd = 'service one-context-reconfigure restart'
+        execute(cmd, true)
+
+        configure_pci_nics
+    end
+
+    # Trigger context pci configuration script without translated PCI device address
+    # one-context will fail to setup device due to VM_ADDRESS
+    def configure_pci_nics
+        pci_nics = @one.pci_nics
+
+        return true if pci_nics.empty?
+
+        cmd = 'set -a; source /context/context.sh;'
+        pci_nics.each do |nic|
+            # override VM_ADDRESS
+            id = nic['NIC_ID']
+            address = nic['SHORT_ADDRESS']
+
+            cmd << " export PCI#{id}_ADDRESS=#{address};"
+        end
+        # find -lname fails on alpine. -lname not an option
+        cmd << ' /etc/one-context.d/loc-10-network-pci local'
+
+        bash(cmd)
+        true
+    end
+
+    def execute(cmd, detach = false)
+        @client.attach(@name, cmd, {}, detach)
+    end
+
+    def bash(cmd)
+        @client.bash(@name, cmd, {})
+    end
+
     private
 
+    def get_pci_nic_name_by_short_address(address)
+        # find -lname fails on alpine. -lname not an option
+        cmd = "find /sys/class/net/*/device -lname *#{address}" # same as loc-10-network-pci lookup
+
+        rc, o, _e = bash(cmd)
+
+        if rc != 0
+            msg = "#{__method__} PCI Device #{address} not found inside container"
+            OpenNebula::DriverLogger msg
+            return false
+        end
+
+        o.split('/')[4] # /sys/class/net/dev159/device
+    end
+
     # Waits for the container to be RUNNING
     #  @param timeout[Integer] seconds to wait for the conatiner to start
     def wait_deploy(timeout)
@@ -207,18 +375,4 @@ def wait_deploy(timeout)
         running?
     end
 
-    def del_bridge_port(nic)
-        return true unless /ovswitch/ =~ nic['VN_MAD']
-
-        cmd = 'sudo -n ovs-vsctl --if-exists del-port '\
-        "#{nic['BRIDGE']} #{nic['TARGET']}"
-
-        rc, _o, e = Command.execute(cmd, false, 1)
-
-        return true if rc.zero?
-
-        OpenNebula::DriverLogger.log_error "#{__method__}: #{e}"
-        false
-    end
-
 end