Thomas Lamprecht [Tue, 28 Mar 2023 16:46:38 +0000 (18:46 +0200)]
ui: user edit: rework interaction of realm and view model
avoid accessing private members directly but rather try to use the
public API, this then allows us do drop declaring a reference on the
realm combobox, which was not directly used and thus a bit subtle.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 28 Mar 2023 15:05:07 +0000 (17:05 +0200)]
cli: manager, tape, debug: setup auth context to make local connect work
The manager, tape and debug admin and debug CLI tools all are meant
to run locally on the PBS directly and often directly by the root
user.
So for convenience they will create a valid API ticket for `root@pam`
to connect via localhost to the API proxy, either transparently if
the UID is 0 (= root) or interactively by asking the password of the
root user.
In d97ff8ae ("use new auth api crate") the API key handling was
reworked, but while the call sites that get the auth keys for signing
a ticket where adapted to use the new auth_keyring helper, the
reworked API keeps the key in shared OnceCell which needs to be
actually setup once per executable to the respective correct key,
i.e., public for the proxy, which only checks signatures, but never
creates them, and private for all those that want to sign tickets;
and that was only added for the prrivileged and public daemon, but
not above mentioned CLI tools.
So all calls into the tools that actually required to create a ticket
for connecting to the local API panicked.
Fix this by adding a call to setup_auth_context in the main entry
point of each of those CLI tools, so that they have the private key
available to be used if the tools is executed by root.
Fixes: d97ff8ae ("use new auth api crate") Reported-by: Friedrich Weber <f.weber@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Tue, 28 Mar 2023 13:11:48 +0000 (15:11 +0200)]
ui: dark mode: add dark mode colors to the datastore usage charts
For the `Datastore -> Summary` overview for all configured datastores.
Fix is adapted from the PVE's ceph's status details or performance
runningCharts, which are both similar (but not really the same)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ T: expand commit message to note that this is adapted from PVE ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Sterz [Thu, 9 Feb 2023 11:41:39 +0000 (12:41 +0100)]
fix #4521: api/tasks: replace upid as filename for task log downloads
previously the upid would just be used without a file extension when
downloading a task log. this lead to rather strange filenames that
appeared unfamiliar to users as the upid is not very prevalent in the
gui. set a proper file name based on the node name, worker type and a
time stamp instead. also add the ".log" file extension to indicate
that these files contain logs.
Dominik Csapak [Fri, 24 Mar 2023 15:53:21 +0000 (16:53 +0100)]
docs: implement auto dark mode
the colors are inspired/copied from the pmg/pve docs dark mode, but
i tried to apply them such that theme is faithful to the original
docs style regarding contrast etc.
the backup is finished at that point, the only lock clash that is possible when
dropping the exclusive and attempting to obtain a shared lock would be
- the snapshot is pruned/removed
- the backup is in a pre-upgrade process, and the post-upgrade process opens a reader
the first case is OK, if the other invocation wins the race and removes the
snapshot verification is pointless anyway.
the second case means the snapshot is not verified directly after completion
(this fact would be logged in the backup task log), but usable immediately for
pulling/restoring/..
this should decrease the chances of triggering the issues described in #4523
Lukas Wagner [Mon, 13 Feb 2023 14:29:31 +0000 (15:29 +0100)]
manager: use view_task_result function for realm sync
Previously, the same approach as in `proxmox-backup-debug` was used.
With the changes from this commit, realm syncing uses the same method for
waiting for task output as other parts of `proxmox-backup-manager`.
Lukas Wagner [Mon, 13 Feb 2023 14:31:04 +0000 (15:31 +0100)]
realm sync: show warnings if attributes do not meet their constraints
Previously, if the value of a synced property did not validate properly
(e.g only 1 character in length instead of the required 2), the whole
sync job failed without any useful error message.
In this commit, the values are validated manually by their
respective StringSchema. If the validation fails, the value is
ignored and a warning is displayed in the task log.
In addition to that, some error messages have been improved.
Also, user sync is now more fault-tolerant in general, showing
warnings if something goes wrong while creating/updating a
single user, instead of aborting the whole sync job.
Reported-by: Friedrich Weber <f.weber@proxmox.com> Signed-off-by: Lukas Wagner <l.wagner@proxmox.com> Tested-by: Friedrich Weber <f.weber@proxmox.com>
gives a higher (runtime) control via PBS_LOG, so that users can decide
themselves which messages, sources and levels are interesting for a particular
use case.
Thomas Lamprecht [Tue, 14 Mar 2023 16:54:14 +0000 (17:54 +0100)]
proxy: limit theme value in length and disallow '/'
while with rust strings we cannot inject \0, it feels a bit safer to
enforce some basic restrictions, with length and not containing any
slash seems sensible enough.
Admins should not put sensible data as theme-XYZ.css files in
/usr/share (which is normally readable by all system users anyway)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Sterz [Wed, 8 Mar 2023 16:41:40 +0000 (17:41 +0100)]
ui: remove white backgrounds from package versions and system report
removes the style that gets added directly to the element of the
package versions and system report views. this makes them harder to
style through css as normal selectors cannot override the element's
style. since they behave properly without these styles anyway, remove
them.
Dominik Csapak [Tue, 28 Feb 2023 13:17:21 +0000 (14:17 +0100)]
fix #4412: tape: initial WORM support
the only thing preventing us from using WORM tapes was that we relied
on being able to rewrite the media set label when first using a tape
that was pre-allocated in a media-pool.
so instead of needing to write a meida set label with a special uuid,
just save the pool in the media label itself. This has currently no
downsides, as we're not able to move tapes from one pool to another
anyway.
this makes some checks a bit trickier, as we now have to get the pool
out of the media set label and as a fallback look into the media label.
such new tapes can still be read and restored by older proxmox-bacukp-server
versions. The only thing missing is when a tape labeled with the new
format that has an assigned pool, that pool won't show up when the tape
is inventoried in an old version (but can still be used otherwise).
since commit 139acf37 ("tape: inventory: skip unassigned tapes")
we skip unassigned tapes (special all-zero media-set uuid) when we look
for a catalog. We accidentally skipped storing it in the inventory
completely, which means we never inventoried completely empty tapes.
to fix that, simply move the check below the inserting in the inventory
Lukas Wagner [Thu, 9 Feb 2023 13:31:23 +0000 (14:31 +0100)]
auth: add dummy OpenIdAuthenticator struct
When manually adding a user, `lookup_authenticator` is called
to verify whether a realm actually exists. Thus is is necessary
to have dummy implementation for the `ProxmoxAuthenticator` trait
for OpenID realms.
Lukas Wagner [Thu, 9 Feb 2023 13:31:16 +0000 (14:31 +0100)]
api: add routes for managing LDAP realms
Note: bind-passwords set via the API are not stored in `domains.cfg`,
but in a separate `ldap_passwords.json` file located in
`/etc/proxmox-backup/`.
Similar to the already existing `shadow.json`, the file is
stored with 0600 permissions and is owned by root.
Friedrich Weber [Thu, 2 Feb 2023 16:00:14 +0000 (17:00 +0100)]
fix #4341: manager cli: add commands to run prune/sync/verify jobs
Running configured jobs was already possible using the Web UI, but not
using the CLI. To fix that, this commit adds the following commands to
`proxmox-backup-manager`:
* prune-job run <id>
* sync-job run <id>
* verify-job run <id>
Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
Lukas Wagner [Thu, 19 Jan 2023 15:52:32 +0000 (16:52 +0100)]
api: serde-rename deleteable properties to kebab-case
In former commit, the enum members were renamed to be CamelCase, in
accordance with the usual Rust style guide. However, this broke the
GUI in some places due to failing JSON property deserialization.
To fix this, some serde(rename = "kebab-case") directives were added.
Some properties were also serde-renamed to snake_case, otherwise
it would have been necessary to also modify proxmox-widget-toolkit
as well as PVE source code. This can follow in a later commit if so
desired.
`proxmox-backup-client task log ..` and `proxmox-backup-manager task log ..`
are used to view the logs of tasks that have been started by another client, so
interrupting the task progress view should not forward the interrupt to the
running task. other call sites of the same helper(s) that spawn a task and then
print its progress should keep the old behaviour of interrupting the spawned
task on C^c.
Dominik Csapak [Mon, 16 Jan 2023 08:21:44 +0000 (09:21 +0100)]
fix #4466: show snapshots in media content again
while refactoring the the empty media set checks, we accidentally
reversed one check from !is_empty to unassigned, which now never
included the right media sets.
reversing the condition fixes that.
fixes 52517f7b: ("tape: hide internal use of all zero uuid for unassigned tapes")
Fiona Ebner [Thu, 5 Jan 2023 10:19:32 +0000 (11:19 +0100)]
http client: suppress "storing login ticket"-error when not using a TTY
as a stop-gap measure. Otherwise, task logs for PVE backups started
via non-CLI will have the message
> storing login ticket failed: $XDG_RUNTIME_DIR must be set
show up when running a proxmox-backup-client command (e.g. setting
notes and when uploading the log). This is confusing to users[0].
Dominik Csapak [Tue, 29 Nov 2022 08:16:11 +0000 (09:16 +0100)]
disk: zfs: improve error logging for zfs commands
zfs errors might include a newline in the output (e.g. when trying to
create a mirror on two differently sized disks), which trips up our
task log status parser since that expectes a 'TASK {status}' on the
beginning of the first line.
print the error from zfs into the log and bail out with a short notice
to check the task log
this fixes the 'unknown error' issue in the ui when an error happnes
during the zfs commands
Christoph Heiss [Mon, 12 Dec 2022 14:10:56 +0000 (15:10 +0100)]
fix #4346: pbs-client: don't fail silently when storing ticket
Instead, report an error if storing the ticket info failed, so that the
user is informed that something went wrong and follow-up commands might
require authentication again.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>