-#!/bin/bash
+#!/bin/sh
-# Abort if any command returns an error value
+# Abort if any command returns an error value
set -e
-# This script is called as the last step of the installation of the
-# package. All the package's files are in place, dpkg has already
-# done its automatic conffile handling, and all the packages we depend
-# of are already fully installed and configured.
+# This script is called as the last step of the installation of the package.
+# All the package's files are in place, dpkg has already done its automatic
+# conffile handling, and all the packages we depend of are already fully
+# installed and configured.
+
+set_lvm_conf() {
+ local FORCE="$1"
+ LVM_CONF_MARKER="# added by pve-manager to avoid scanning"
+
+ # keep user changes afterwards provided marker is still there..
+ if grep -qLF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf && test -z "$FORCE"; then
+ return 0 # only do these changes once
+ fi
+
+ export LVM_SUPPRESS_FD_WARNINGS=1
+
+ OLD_VALUE="$(lvmconfig --typeconfig diff devices/global_filter || true)"
+ NEW_VALUE='global_filter=["r|/dev/zd.*|","r|/dev/rbd.*|"]'
+
+ # update global_filter if:
+ # it is empty and there is no marker OR exactly the one we set before 8.1.4
+ if (! grep -qF "$LVM_CONF_MARKER" /etc/lvm/lvm.conf && test -z "$OLD_VALUE")\
+ || (echo "$OLD_VALUE" | grep -qF '="r|/dev/zd.*|"');
+ then
+ SET_FILTER=1
+ BACKUP=1
+ # print warning if global_filter is set but not our old/new default
+ elif test -n "$OLD_VALUE"\
+ && ! echo "$OLD_VALUE" | grep -qF '="r|/dev/zd.*|"'\
+ && ! echo "$OLD_VALUE" | grep -qF "$NEW_VALUE";
+ then
+ echo "non-default 'global_filter' value '$OLD_VALUE' in /etc/lvm/lvm.conf, not setting '$NEW_VALUE' automatically"
+ echo "consider adapting your 'global_filter' manually."
+ fi
+ # should be the default since bullseye
+ if lvmconfig --typeconfig full devices/scan_lvs | grep -qv 'scan_lvs=0'; then
+ SET_SCAN_LVS=1
+ BACKUP=1
+ fi
+ if test -n "$BACKUP"; then
+ echo "Backing up lvm.conf before setting pve-manager specific settings.."
+ cp -vb /etc/lvm/lvm.conf /etc/lvm/lvm.conf.bak
+ fi
+ if test -n "$SET_FILTER"; then
+ echo "Setting 'global_filter' in /etc/lvm/lvm.conf to prevent zvols and rbds from being scanned:"
+ echo "$OLD_VALUE => $NEW_VALUE"
+ if test -n "$OLD_VALUE"; then
+ sed -i -e "s/$LVM_CONF_MARKER ZFS zvols/$LVM_CONF_MARKER ZFS zvols and Ceph rbds/" /etc/lvm/lvm.conf
+ sed -i -e "s!^\([[:space:]]*\)\(global_filter[[:space:]]*=.*\)\$!\1# \2\n\1$NEW_VALUE!" /etc/lvm/lvm.conf
+ else
+ cat >> /etc/lvm/lvm.conf <<EOF
+devices {
+ $LVM_CONF_MARKER ZFS zvols and Ceph rbds
+ $NEW_VALUE
+}
+EOF
+ fi
+ fi
+ if test -n "$SET_SCAN_LVS"; then
+ echo "Adding scan_lvs=0 setting to /etc/lvm/lvm.conf to prevent LVs from being scanned."
+ # comment out existing setting
+ sed -i -e 's/^\([[:space:]]*scan_lvs[[:space:]]*=\)/#\1/' /etc/lvm/lvm.conf
+ # add new section with our setting
+ cat >> /etc/lvm/lvm.conf <<EOF
+devices {
+ $LVM_CONF_MARKER LVM volumes
+ scan_lvs=0
+ }
+EOF
+ fi
+
+ if ! lvmconfig --validate; then
+ echo "Invalid LVM config detected - restoring from /etc/lvm/lvm.conf.bak"
+ mv /etc/lvm/lvm.conf.bak /etc/lvm/lvm.conf
+ fi
+}
+
+migrate_apt_auth_conf() {
+ output=""
+ removed=""
+ match=0
+
+ while read -r l; do
+ if echo "$l" | grep -q "^machine enterprise.proxmox.com/debian/pve"; then
+ match=1
+ elif echo "$l" | grep -q "machine"; then
+ match=0
+ fi
+
+ if test "$match" = "1"; then
+ removed="$removed\n$l"
+ else
+ output="$output\n$l"
+ fi
+ done < /etc/apt/auth.conf
+
+ if test -n "$removed"; then
+ if test ! -e /etc/apt/auth.conf.d/pve.conf; then
+ echo "Migrating APT auth config for enterprise.proxmox.com to /etc/apt/auth.conf.d/pve.conf .."
+ echo "$removed" > /etc/apt/auth.conf.d/pve.conf
+ else
+ echo "Removing stale APT auth config from /etc/apt/auth.conf"
+ fi
+ echo "$output" > /etc/apt/auth.conf
+ fi
+}
case "$1" in
triggered)
test -f /etc/pve/local/pve-ssl.pem || exit 0;
test -e /proxmox_install_mode && exit 0;
- # Note: reload-or-try-restart fails if service is not active
- systemctl --quiet is-active pvedaemon.service && deb-systemd-invoke reload-or-try-restart pvedaemon.service
- systemctl --quiet is-active pvestatd.service && deb-systemd-invoke reload-or-try-restart pvestatd.service
- systemctl --quiet is-active pveproxy.service && deb-systemd-invoke reload-or-try-restart pveproxy.service
- systemctl --quiet is-active spiceproxy.service && deb-systemd-invoke reload-or-try-restart spiceproxy.service
+ # the ExecStartPre doesn't triggers on service reload, so just in case
+ pvecm updatecerts --silent || true
+
+ deb-systemd-invoke reload-or-try-restart pvedaemon.service
+ deb-systemd-invoke reload-or-try-restart pvestatd.service
+ deb-systemd-invoke reload-or-try-restart pveproxy.service
+ deb-systemd-invoke reload-or-try-restart spiceproxy.service
+ deb-systemd-invoke reload-or-try-restart pvescheduler.service
exit 0;;
mkdir /etc/pve 2>/dev/null || true
- # remove old cron.daily update job to randomize it
- if test -e /etc/cron.daily/pve; then
- echo "Remove old update script from cron.daily"
- rm /etc/cron.daily/pve
- fi
-
- if dpkg --compare-versions "$2" '<=' '5.1-47'; then
- # remove old/unused init.d files
- OLD_INITD_FILES="pvebanner pvenetcommit pve-manager pvedaemon pveproxy pvestatd spiceproxy"
- for f in ${OLD_INITD_FILES}; do rm -f "/etc/init.d/$f"; done
- fi
-
- # create new daily randomize update cronjob if not exist
- MIN="$(shuf -i 0-59 -n 1)"
- HOUR="$(shuf -i 2-5 -n 1)"
- cat <<EOF >/etc/cron.d/pveupdate
-# automatically generated - do not edit
-${MIN} ${HOUR} * * * root /usr/bin/pveupdate
-EOF
-
if test ! -e /var/lib/pve-manager/apl-info/download.proxmox.com; then
- mkdir -p /var/lib/pve-manager/apl-info
- cp /usr/share/doc/pve-manager/aplinfo.dat /var/lib/pve-manager/apl-info/download.proxmox.com
- pveam update || true
+ mkdir -p /var/lib/pve-manager/apl-info
+ cp /usr/share/doc/pve-manager/aplinfo.dat /var/lib/pve-manager/apl-info/download.proxmox.com
+ pveam update || true
fi
- if ! test -f /root/.forward || ! grep -q '|/usr/bin/pvemailforward' /root/.forward; then
- echo '|/usr/bin/pvemailforward' >>/root/.forward
+ # Always try to clean old entry, even when proxmox-mail-forward entry is already present.
+ # This ensures it will still be cleaned after an upgrade following a downgrade.
+ if test -f /root/.forward; then
+ sed -i '\!|/usr/bin/pvemailforward!d' /root/.forward
fi
- if [ -f /etc/systemd/system/ceph.service ]; then
- md5=$(md5sum /etc/systemd/system/ceph.service)
- if [[ "$md5" == "21b2e7a7c4ffcf92ad0ec2c905e88e5b /etc/systemd/system/ceph.service" ]]; then
- echo "Updating PVE ceph.service to correct install target.."
- cp /usr/share/doc/pve-manager/examples/ceph.service /etc/systemd/system/ceph.service
- systemctl --system daemon-reload >/dev/null || true
- systemctl --system disable ceph.service
- systemctl --system enable ceph.service
- echo " done"
- fi
+ if ! test -f /root/.forward || ! grep -q '|/usr/bin/proxmox-mail-forward' /root/.forward; then
+ echo '|/usr/bin/proxmox-mail-forward' >>/root/.forward
fi
systemctl --system daemon-reload >/dev/null || true
# same as dh_systemd_enable (code copied)
- for timer in pvesr; do
- deb-systemd-helper unmask $timer.timer >/dev/null || true
-
- # was-enabled defaults to true, so new installations run enable.
- if deb-systemd-helper --quiet was-enabled $timer.timer; then
- # Enables the unit on first installation, creates new
- # symlinks on upgrades if the unit file has changed.
- deb-systemd-helper enable $timer.timer >/dev/null || true
- else
- # Update the statefile to add new symlinks (if any), which need to be
- # cleaned up on purge. Also remove old symlinks.
- deb-systemd-helper update-state $timer.timer >/dev/null || true
- fi
+ UNITS="pvedaemon.service pveproxy.service spiceproxy.service pvestatd.service pvebanner.service pvescheduler.service pve-daily-update.timer"
+ NO_RESTART_UNITS="pvenetcommit.service pve-guests.service"
+
+ for unit in ${UNITS} ${NO_RESTART_UNITS}; do
+ deb-systemd-helper unmask "$unit" >/dev/null || true
+
+ # was-enabled defaults to true, so new installations run enable.
+ if deb-systemd-helper --quiet was-enabled "$unit"; then
+ # Enables the unit on first installation, creates new
+ # symlinks on upgrades if the unit file has changed.
+ deb-systemd-helper enable "$unit" >/dev/null || true
+ else
+ # Update the statefile to add new symlinks (if any), which need to be
+ # cleaned up on purge. Also remove old symlinks.
+ deb-systemd-helper update-state "$unit" >/dev/null || true
+ fi
done
- for service in pvedaemon pveproxy spiceproxy pvestatd pvebanner pvenetcommit pve-guests; do
- deb-systemd-helper unmask $service.service >/dev/null || true
-
- # was-enabled defaults to true, so new installations run enable.
- if deb-systemd-helper --quiet was-enabled $service.service; then
- # Enables the unit on first installation, creates new
- # symlinks on upgrades if the unit file has changed.
- deb-systemd-helper enable $service.service >/dev/null || true
- else
- # Update the statefile to add new symlinks (if any), which need to be
- # cleaned up on purge. Also remove old symlinks.
- deb-systemd-helper update-state $service.service >/dev/null || true
- fi
- done
+ # FIXME: remove after beta is over and add hunk to actively remove the repo
+ BETA_SOURCES="/etc/apt/sources.list.d/pvetest-for-beta.list"
+ if test -f "$BETA_SOURCES" && dpkg --compare-versions "$2" 'lt' '8.0.2' && dpkg --compare-versions "$2" 'gt' '8.0~'; then
+ echo "Removing the during beta added pvetest repository file again"
+ rm -v "$BETA_SOURCES" || true
+ fi
- if test ! -e /proxmox_install_mode; then
+ if test ! -e /proxmox_install_mode && test -n "$2" && dpkg --compare-versions "$2" 'lt' '8.1.4~'; then
+ if test -e /etc/lvm/lvm.conf ; then
+ set_lvm_conf 1
+ fi
+ fi
- for service in pvedaemon pveproxy spiceproxy pvestatd; do
- deb-systemd-invoke reload-or-restart $service
- done
+ set_lvm_conf
- deb-systemd-invoke start pvesr.timer >/dev/null || true
+ if test ! -e /proxmox_install_mode; then
+ # modeled after code generated by dh_start
+ for unit in ${UNITS}; do
+ if test -n "$2"; then
+ dh_action="reload-or-restart";
+ else
+ dh_action="start"
+ fi
+ if systemctl -q is-enabled "$unit"; then
+ deb-systemd-invoke $dh_action "$unit"
+ fi
+ done
fi
- # rewrite banner
- test -e /proxmox_install_mode || pvebanner || true
-
- #a2ensite pve.conf >/dev/null 2>&1
-
- # There are three sub-cases:
- if test "${2+set}" != set; then
- # We're being installed by an ancient dpkg which doesn't remember
- # which version was most recently configured, or even whether
- # there is a most recently configured version.
- :
-
- elif test -z "$2" -o "$2" = "<unknown>"; then
- # The package has not ever been configured on this system, or was
- # purged since it was last configured.
- :
-
- else
- # Version $2 is the most recently configured version of this
- # package.
- if dpkg --compare-versions "$2" '<=' '5.0-23'; then
- # 5.0-23 temporarily reverted the removal of the startcom CA in
- # ca-certificates; we've since switched to let's encrypt
- update-ca-certificates >/dev/null 2>&1
- fi
-
- fi ;;
+ if test ! -e /proxmox_install_mode && test -n "$2" && dpkg --compare-versions "$2" 'lt' '7.2-11~'; then
+ if test -e /etc/apt/auth.conf ; then
+ migrate_apt_auth_conf
+ fi
+ fi
+ ;;
abort-upgrade|abort-remove|abort-deconfigure)
;;