Bug 1031169

Summary: No longer able to update the container configuation file
Product: Red Hat Enterprise Linux 7 Reporter: Martin Jenner <mjenner>
Component: libvirt-sandboxAssignee: Daniel Berrangé <berrange>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.0CC: ajia, berrange
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-sandbox-0.5.0-7.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 12:32:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 860099    

Description Martin Jenner 2013-11-15 19:08:11 UTC
Description of problem: 

In the past you were able to update a conatainer configuration file before starting a container to add additional bind mount files - example

cat <<EOF >> /etc/libvirt-sandbox/services/vm2.sandbox

[mount.99]
type=GVirSandboxConfigMountHostBind
target=/etc/shadow
source=/var/lib/libvirt/filesystems/vm2/etc/shadow

EOF

I am told this method is no longer available now we are using persistant containers under libvirt, the only option would be to start editing the container xml 'virsh edit vm1'

Comment from Dan Berrange:

The 'virt-sandbox-service upgrade vm1' command ought to be able to
handle this use case, but I think it does not currently. Please file
a bug for this, since I think we can easily deal with it.

Comment 2 Daniel Berrangé 2013-11-29 11:57:18 UTC
commit eaf0297b4fc8d1aab78b092b80ea36768aeafc02
Author: Daniel P. Berrange <berrange>
Date:   Fri Nov 29 11:54:56 2013 +0000

    Add support for re-creating sandbox configuration files
    
    Extend the upgrade command so that it can be used to re-create
    the sandbox config file at any time. It will load the main
    config and re-create the libvirt config to match it.
    
    Signed-off-by: Daniel P. Berrange <berrange>

Comment 4 Alex Jia 2013-12-03 04:00:35 UTC
# virt-sandbox-service create --copy -N dhcp,source=default --unitfile crond.service foo
Created sandbox container dir /var/lib/libvirt/filesystems/foo
Created unit file /etc/systemd/system/foo_sandbox.service
Created sandbox config /etc/libvirt-sandbox/services/foo/config/sandbox.cfg

# virsh -c lxc:/// list --inactive|grep foo
 -     foo                            shut off

# virsh -c lxc:/// dumpxml foo|grep test
# echo "123" > /var/lib/libvirt/filesystems/foo/etc/test

# chcon -u  system_u -r object_r -t 'svirt_sandbox_file_t' -l s0 /var/lib/libvirt/filesystems/foo/etc/test

# ll -Z /var/lib/libvirt/filesystems/foo/etc/test
-rw-r--r--. root root system_u:object_r:svirt_sandbox_file_t:s0 /var/lib/libvirt/filesystems/foo/etc/test

# cat <<EOF >> /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
> [mount.99]
> type=GVirSandboxConfigMountHostBind
> target=/etc/test
> source=/var/lib/libvirt/filesystems/foo/etc/test
> EOF

# grep "mount.99" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
[mount.99]
type=GVirSandboxConfigMountHostBind
target=/etc/test
source=/var/lib/libvirt/filesystems/foo/etc/test

# virt-sandbox-service upgrade foo
Re-created sandbox config /etc/libvirt-sandbox/services/foo/config/sandbox.cfg

Notes, the update_config() is correctly called in the 'class Container' from bin/virt-sandbox-service.

# virsh -c lxc:/// dumpxml foo|grep test -B 1
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='/var/lib/libvirt/filesystems/foo/etc/test'/>
      <target dir='/etc/test'/>

Notes, can see the latest updating in persistent XML config of the container.

# grep "mount.99" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg

Notes, but previous modification is removed from the sandbox.cfg after upgrading, I think it's not an expected result, for example, for this scenario, the container can't be successfully started due to the following error then users want to update configuration in the sandbox.cfg again rather than using 'virsh -c lxc:/// edit' to modify it, this returns back to original question.

# virsh -c lxc:/// start foo
error: Failed to start domain foo
error: internal error: guest failed to start: Failed to create bind target /etc/test: Read-only file system


# rpm -q libvirt-sandbox libvirt kernel systemd
libvirt-sandbox-0.5.0-7.el7.x86_64
libvirt-1.1.1-13.el7.x86_64
kernel-3.10.0-0.rc7.64.el7.x86_64
systemd-206-7.el7.x86_64

Comment 5 Daniel Berrangé 2013-12-03 09:15:53 UTC
> # virsh -c lxc:/// start foo
> error: Failed to start domain foo
> error: internal error: guest failed to start: Failed to create bind target /etc/test: Read-only file system

The target directory (/etc/test) must be one that actually exists in the host already.

Comment 6 Alex Jia 2013-12-03 17:12:21 UTC
(In reply to Daniel Berrange from comment #5)
> > # virsh -c lxc:/// start foo
> > error: Failed to start domain foo
> > error: internal error: guest failed to start: Failed to create bind target /etc/test: Read-only file system
> 
> The target directory (/etc/test) must be one that actually exists in the
> host already.

Daniel, yes, I see, but this is a deliberate operation. In fact, if I don't start the container then can't hit this error, it's not relevant with above issue, I will quote my previous question again:

"""
# grep "mount.99" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg

Notes, but previous modification is removed from the sandbox.cfg after upgrading, I think it's not an expected result
"""

Comment 7 Daniel Berrangé 2013-12-03 17:17:21 UTC
(In reply to Alex Jia from comment #6)
> """
> # grep "mount.99" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
> 
> Notes, but previous modification is removed from the sandbox.cfg after
> upgrading, I think it's not an expected result
> """

Did you really have 98 mounts present already ?  The mount numbers must be continuous without gaps. So if you don't have a mount.1, mount.2, mount..... all the way to mount.98, your mount.99 will be ignored.

Comment 8 Alex Jia 2013-12-04 04:00:09 UTC
(In reply to Daniel Berrange from comment #7)
> Did you really have 98 mounts present already ?  The mount numbers must be
> continuous without gaps. So if you don't have a mount.1, mount.2, mount.....
> all the way to mount.98, your mount.99 will be ignored.

Daniel, it shoule be a root reason, thanks for your explanation. BTW, has any document say it on sandbox.libvirt.org or man page?


Move the bug to 'VERIFIED' status based on the following testing.

# grep "mount.16" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
[mount.16]
type=GVirSandboxConfigMountHostBind
target=/etc/cron.d
source=/var/lib/libvirt/filesystems/foo/etc/cron.d

# cat <<EOF >> /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
> [mount.17]
> type=GVirSandboxConfigMountHostBind
> target=/etc/test
> source=/var/lib/libvirt/filesystems/foo/etc/test
> EOF

# grep "mount.17" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
[mount.17]
type=GVirSandboxConfigMountHostBind
target=/etc/test
source=/var/lib/libvirt/filesystems/foo/etc/test

# virt-sandbox-service upgrade foo
Re-created sandbox config /etc/libvirt-sandbox/services/foo/config/sandbox.cfg

# virsh -c lxc:/// dumpxml foo|grep test -B 1
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='/var/lib/libvirt/filesystems/foo/etc/test'/>
      <target dir='/etc/test'/>

# grep "mount.17" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
[mount.17]
type=GVirSandboxConfigMountHostBind
target=/etc/test
source=/var/lib/libvirt/filesystems/foo/etc/test

Notes, the modification is reserved in sandbox.cfg after upgrading, it's an expected result.

# virsh -c lxc:/// start foo
error: Failed to start domain foo
error: internal error: guest failed to start: Failed to create bind target /etc/test: Read-only file system

Notes, an expected result, the target directory (/etc/test) doesn't exist in the
host.

To change target directory to '/etc/shadow' then upgrade configuration again.

# virsh -c lxc:// domstate foo
shut off

# grep "mount.17" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
[mount.17]
type=GVirSandboxConfigMountHostBind
target=/etc/shadow
source=/var/lib/libvirt/filesystems/foo/etc/test

# virt-sandbox-service upgrade foo
Re-created sandbox config /etc/libvirt-sandbox/services/foo/config/sandbox.cfg

# grep "mount.17" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
[mount.17]
type=GVirSandboxConfigMountHostBind
target=/etc/shadow
source=/var/lib/libvirt/filesystems/foo/etc/test

# virsh -c lxc:/// dumpxml foo|grep test -A 2
      <source dir='/var/lib/libvirt/filesystems/foo/etc/test'/>
      <target dir='/etc/shadow'/>
    </filesystem>

# virsh -c lxc:/// start foo
Domain foo started

# virt-sandbox-service -c lxc:/// execute foo -- /bin/sh
sh-4.2# mount|grep shadow
/dev/mapper/rhel-00 on /etc/shadow type ext4 (rw,relatime,seclabel,data=ordered)
sh-4.2# cat /etc/shadow
123
sh-4.2# 

Notes, everything is okay and can see expected result.


Further testing:

1. the same file is mounted to different point.

# virsh -c lxc:// domstate foo
shut off

# grep "mount.17" -A 8 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
[mount.17]
type=GVirSandboxConfigMountHostBind
target=/etc/shadow
source=/var/lib/libvirt/filesystems/foo/etc/test

[mount.18]
type=GVirSandboxConfigMountHostBind
target=/etc/fstab
source=/var/lib/libvirt/filesystems/foo/etc/test

# virt-sandbox-service upgrade foo
Re-created sandbox config /etc/libvirt-sandbox/services/foo/config/sandbox.cfg

# grep "mount.17" -A 8 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
[mount.17]
type=GVirSandboxConfigMountHostBind
target=/etc/shadow
source=/var/lib/libvirt/filesystems/foo/etc/test

[mount.18]
type=GVirSandboxConfigMountHostBind
target=/etc/fstab
source=/var/lib/libvirt/filesystems/foo/etc/test

# virsh -c lxc:/// dumpxml foo|grep test -A 2
      <source dir='/var/lib/libvirt/filesystems/foo/etc/test'/>
      <target dir='/etc/shadow'/>
    </filesystem>
--
      <source dir='/var/lib/libvirt/filesystems/foo/etc/test'/>
      <target dir='/etc/fstab'/>
    </filesystem>

# virsh -c lxc:// start foo
Domain foo started

# virt-sandbox-service -c lxc:/// execute foo -- /bin/sh
sh-4.2# cat /etc/shadow
123
sh-4.2# cat /etc/fstab
123

2. doesn't exist host file 

# grep "mount.19" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
[mount.19]
type=GVirSandboxConfigMountHostBind
target=/etc/fstab
source=/var/lib/libvirt/filesystems/foo/etc/noexist

# virt-sandbox-service upgrade foo
Re-created sandbox config /etc/libvirt-sandbox/services/foo/config/sandbox.cfg

# grep "mount.19" -A 3 /etc/libvirt-sandbox/services/foo/config/sandbox.cfg
[mount.19]
type=GVirSandboxConfigMountHostBind
target=/etc/fstab
source=/var/lib/libvirt/filesystems/foo/etc/noexist

# virsh -c lxc:/// dumpxml foo|grep noexist -A 1
      <source dir='/var/lib/libvirt/filesystems/foo/etc/noexist'/>
      <target dir='/etc/fstab'/>
    </filesystem>

# virsh -c lxc:// start foo
error: Failed to start domain foo
error: internal error: guest failed to start: Failed to access '/var/lib/libvirt/filesystems/foo/etc/noexist': No such file or directory

Notes, an expected result.

3. doesn't exist mount point

It has been done by original testing.

Comment 10 Ludek Smid 2014-06-13 12:32:51 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.