Increase subuid/subgid range for root user

To support use of distinct subuid/subgid ranges per LXD container, the default range for the root user must be increased to support > 1 running container in this configuration. Increase subuid/subgid range to support 5000 containers with distinct ranges. Restart LXD daemon if idmap configuration changes, to ensure that the full range of subid's are used. Change-Id: I8b87dad736abaffdbd7afac090429790d3b03c96 Closes-Bug: 1648056
2016-12-07 12:58:23 +00:00 · 2016-12-07 12:58:23 +00:00 · f0773c9952
parent 0547b964ec
commit f0773c9952
2 changed files with 63 additions and 0 deletions
--- a/hooks/lxd_utils.py
+++ b/hooks/lxd_utils.py
@ -43,6 +43,7 @@ from charmhelpers.core.host import (
    umount,
    service_stop,
    service_start,
+    service_restart,
    pwgen,
    lsb_release,
    is_container,
@ -432,6 +433,7 @@ def configure_lxd_host():
                    'Y\n' if config('enable-ext4-userns') else 'N\n'
                )

+        configure_uid_mapping()
    elif ubuntu_release == "vivid":
        log('Vivid deployment - loading overlay kernel module', level=INFO)
        cmd = ['modprobe', 'overlay']
@ -510,3 +512,30 @@ def zpools():
        return pools
    except CalledProcessError:
        return []
+
+SUBUID = '/etc/subuid'
+SUBGID = '/etc/subgid'
+DEFAULT_COUNT = '327680000'  # 5000 containers
+ROOT_USER = 'root'
+
+
+def configure_uid_mapping():
+    '''Extend root user /etc/{subuid,subgid} mapping for LXD use'''
+    restart_lxd = False
+    for uidfile in (SUBUID, SUBGID):
+        with open(uidfile, 'r+') as f_id:
+            ids = []
+            for s_id in f_id.readlines():
+                _id = s_id.strip().split(':')
+                if (_id[0] == ROOT_USER and
+                        _id[2] != DEFAULT_COUNT):
+                    _id[2] = DEFAULT_COUNT
+                    restart_lxd = True
+                ids.append(_id)
+            f_id.seek(0)
+            for _id in ids:
+                f_id.write('{}:{}:{}\n'.format(*_id))
+            f_id.truncate()
+    if restart_lxd:
+        # NOTE: restart LXD to pickup changes in id map config
+        service_restart('lxd')
--- a/unit_tests/test_lxd_utils.py
+++ b/unit_tests/test_lxd_utils.py
@ -204,3 +204,37 @@ class TestLXDUtilsAssessStatus(testing.CharmTestCase):
        self.get_upstream_version.assert_called_with(
            lxd_utils.VERSION_PACKAGE
        )
+
+
+class TestConfigureUIDGID(testing.CharmTestCase):
+    """Tests for hooks.lxd_utils.configure_uid_mapping."""
+
+    TO_PATCH = [
+        'check_call',
+        'service_restart'
+    ]
+
+    UIDMAP = [
+        'lxd:100000:65536',
+        'root:100000:65536',
+        'ubuntu:165536:65536',
+    ]
+
+    def setUp(self):
+        super(TestConfigureUIDGID, self).setUp(
+            lxd_utils, self.TO_PATCH)
+
+    def test_configure_uid_mapping(self):
+        with testing.patch_open() as (_open, _file):
+            _file.readlines.return_value = self.UIDMAP
+            lxd_utils.configure_uid_mapping()
+            _open.assert_has_calls([
+                mock.call('/etc/subuid', 'r+'),
+                mock.call('/etc/subgid', 'r+')
+            ])
+            _file.write.assert_has_calls([
+                mock.call('lxd:100000:65536\n'),
+                mock.call('root:100000:327680000\n'),
+                mock.call('ubuntu:165536:65536\n')
+            ])
+        self.service_restart.assert_called_with('lxd')