From 4d10cbd366cd4e9d0bc05c7f12073f620e20941d Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 8 Oct 2024 15:45:01 +0100 Subject: [PATCH 1/3] lxd-stophook: Adds stop hook wrapper for the lxd command This command is intended to replace the `lxd` command in the snap so that existing running containers that are stopping will call this script as part of their stop hooks. This will then "route" the command to the `lxd-user` command that will be statically compiled so that it can connect to the running LXD daemon via the unix socket to indicate the container is stopping, even after refreshing the LXD snap to a different core base snap. Signed-off-by: Thomas Parrott --- snapcraft.yaml | 1 + snapcraft/wrappers/lxd-stophook | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100755 snapcraft/wrappers/lxd-stophook diff --git a/snapcraft.yaml b/snapcraft.yaml index 285f66d84..3d6edfae5 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1602,6 +1602,7 @@ parts: organize: commands/snap-query: bin/ hooks/: snap/hooks/ + wrappers/lxd-stophook: bin/lxd wrappers/gpu-2404-custom-wrapper: bin/ wrappers/editor: bin/ wrappers/remote-viewer: bin/ diff --git a/snapcraft/wrappers/lxd-stophook b/snapcraft/wrappers/lxd-stophook new file mode 100755 index 000000000..55dc33177 --- /dev/null +++ b/snapcraft/wrappers/lxd-stophook @@ -0,0 +1,8 @@ +#!/bin/sh +# Use exec so that this script process is replaced. +# This avoids polluting the process tree with this wrapper script. +if [ "$1" = "callhook" ]; then + exec /snap/lxd/current/bin/lxd-user "$@" +fi + +exec lxd "$@" From 75de117a9ca456a082c6a141ee32178197e9974f Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Oct 2024 14:38:13 +0100 Subject: [PATCH 2/3] lxd: Build lxd server binary into /sbin The PATH inside the snap is configured to prefer /sbin over /bin so the lxd binary will still be called by default. The lxd-stophook-wrapper script which will be placed into `/bin/lxd`. Because containers are configured to call `/snap/lxd/current/bin/lxd callhook` which in turn will be routed to `/snap/lxd/current/bin/lxd-user` by the lxd-stophook-wrapper script, which will then connect to LXD's unix socket to indicate to the server that the container is stopping. Because lxd-user is compiled as a static binary this will work across snap core base changes. Signed-off-by: Thomas Parrott --- snapcraft.yaml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index 3d6edfae5..b455808e3 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1401,7 +1401,12 @@ parts: # Build the binaries go build -trimpath -o "${CRAFT_PART_INSTALL}/bin/lxc" github.com/canonical/lxd/lxc - go build -trimpath -o "${CRAFT_PART_INSTALL}/bin/lxd" -tags=libsqlite3 github.com/canonical/lxd/lxd + + # Build LXD server binary into ${CRAFT_PART_INSTALL}/sbin/lxd so that it does not conflict with the + # lxd-stophook wrapper script which is stored in ${CRAFT_PART_INSTALL}/bin/lxd. + # This way when a container stops it will call "/snap/lxd/current/bin/lxd callhook" which is handled by the + # lxd-stophook script, which in turn will execute "/snap/lxd/current/bin/lxd-user callhook" to notify LXD. + go build -trimpath -o "${CRAFT_PART_INSTALL}/sbin/lxd" -tags=libsqlite3 github.com/canonical/lxd/lxd # Build static binaries CGO_ENABLED=0 go build -trimpath -o "${CRAFT_PART_INSTALL}/bin/lxd-agent" -tags=agent,netgo github.com/canonical/lxd/lxd-agent @@ -1440,7 +1445,7 @@ parts: usr/share/misc/: share/misc/ var/lib/usbutils/usb.ids: share/misc/ usr/sbin/: bin/ - sbin/: bin/ + sbin/sgdisk: bin/ prime: - bin/dnsmasq - bin/getfattr @@ -1461,9 +1466,9 @@ parts: - share/misc/usb.ids - bin/lxc - - bin/lxd - bin/lxd-agent - bin/lxd-user + - sbin/lxd lxd-ui: source: https://github.com/canonical/lxd-ui @@ -1546,10 +1551,12 @@ parts: rm -rf "${CRAFT_PRIME}/usr/share/" # Strip binaries (excluding shell scripts and LXCFS) + # The "${CRAFT_PRIME}/bin/lxd" file is ignored as that is the lxd-stophook wrapper script. find "${CRAFT_PRIME}"/bin -type f \ -not -path "${CRAFT_PRIME}/bin/ceph" \ -not -path "${CRAFT_PRIME}/bin/editor" \ -not -path "${CRAFT_PRIME}/bin/lxc-checkconfig" \ + -not -path "${CRAFT_PRIME}/bin/lxd" \ -not -path "${CRAFT_PRIME}/bin/nvidia-container-cli" \ -not -path "${CRAFT_PRIME}/bin/remote-viewer" \ -not -path "${CRAFT_PRIME}/bin/snap-query" \ @@ -1561,6 +1568,9 @@ parts: -not -path "${CRAFT_PRIME}/bin/gpu-2404-custom-wrapper" \ -exec strip -s {} + + # This is the actual LXD binary. + strip --strip-all "${CRAFT_PRIME}/sbin/lxd" + # Strip binaries not under bin/ due to being dynamically # added to the path with `snap set lxd`, like `criu.enable=true` for binary in "${CRAFT_PRIME}/criu/criu"; do From 6a1f4c2e3f03ab474dae6fe357b1de3305cfd497 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Oct 2024 14:38:28 +0100 Subject: [PATCH 3/3] snapcraft: Use --strip-all for clarity Signed-off-by: Thomas Parrott --- snapcraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index b455808e3..d1163c324 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1566,7 +1566,7 @@ parts: -not -path "${CRAFT_PRIME}/bin/uefivars.py" \ -not -path "${CRAFT_PRIME}/bin/lxcfs" \ -not -path "${CRAFT_PRIME}/bin/gpu-2404-custom-wrapper" \ - -exec strip -s {} + + -exec strip --strip-all {} + # This is the actual LXD binary. strip --strip-all "${CRAFT_PRIME}/sbin/lxd"