- ovsint port mtu need to be set with ""ovs-vsctl set mtu-request"
- update mtu on already existing interfaces (fwbr,fwln,tap,veth)
if existing tap|veth interface is replugged on a different mtu bridge
Dominik Csapak [Fri, 12 Aug 2022 09:29:48 +0000 (11:29 +0200)]
SysFSTools: get name from mediated device types
Some vendors also provide a 'name' file here for the type, which, in case of
NVIDIA, is the official name for the vGPU type in their documentation,
so extract and return it too (if it exists).
proc fs tools: handle proc/stat without guest values
PMG is often run as a container, and in certain environments (like
Virtuozzo 7), the last two values (guest and guest_nice) might not be
present. This led to a division by zero, because the total value was
never updated.
Reported in the community forum:
https://forum.proxmox.com/threads/106896/
Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
tools: use int() on all integer syscall parameters
this should fix an issue where users with custom id mappings
get bad ownership on intermediate directories caused by the
rootuid/gid being the string "100000" in perl instead of the
number 100000...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
REST handler: get property description: escape curly braces for asciidoc
Text enclosed in unescaped curly braces will be interpreted as an
attribute reference breaking and e.g. lead to the description not
showing up at all a generated man page further down the line.
Dominik Csapak [Mon, 28 Feb 2022 13:48:19 +0000 (14:48 +0100)]
SysFSTools: allow longer pci domains
by default, there is only one pci domain ('0000'), but there are systems
where there are more, and they don't need to be exactly 4 characters
long (see [0]), so extend that regex to allow domains 4 characters or
longer
network: add support for disabling bridge learning on tap|veth|fwln ports
Currently, if bridge receive an unknown dest mac (network bug/attack/..),
we are flooding packets to all bridge ports.
This can waste cpu time, even more with firewall enabled.
Also, if firewall is used with reject action, the src mac of RST
packet is the original unknown dest mac.
(This can block the server at Hetzner for example)
So, we can disable learning && unicast_flood on tap|veth|fwln port interface.
Then mac address need to be add statically in bridge fdb.
Oguz Bektas [Tue, 15 Mar 2022 11:52:39 +0000 (12:52 +0100)]
RESTenv: fork worker: fallback to 'root@pam' for task log user-id
The fallback had a "typo" in the realm and used 'root@pve' (pve vs.
pam) since initial import from SVN, but off-list talks with Dietmar
suggest that 'root@pam' was always the intended fallback value.
Call sites without a defined user parameter (found only push_file and
pull_file from pve-container) were logging the task-owner user as
'root@pve' which isn't a default one, so it wouldn't exist in most
setups.
For clarity, add a comment that this is only used for the task logs.
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
[ T: Reword/add to commit message slightly ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
currently these are used by qemu-server for mapping source and target
storages, but this mechanism will be extended to network bridge maps and
re-used in pve-container as well, so let's put it next to the schema
definitions/helpers.
Thomas Lamprecht [Thu, 13 Jan 2022 16:07:38 +0000 (17:07 +0100)]
d/control: hack: drop libpve-rs-perl dependency for now
not available on PMG and other places we use this lib (infra stuff)..
the perlmod stuff needs to be either more conditionally included, the
perlmod move to a more generic library (proxmox-rs?) or duplicated to
at least pmg-rs (albeit that wouldn't solve the infra pain points)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
new fields has been added recently, but values are not initialized
https://git.proxmox.com/?p=pve-common.git;a=commit;h=5a82eb712e4c879a271686f07c589fadc0b09185
as total of all fields is compute later, this can give undef values
Dominik Csapak [Wed, 1 Dec 2021 08:55:14 +0000 (09:55 +0100)]
CalendarEvent: use rust implementation
by replacing the parsing code and 'compute_next_event' by their
PVE::RS::CalendarEvent equivalent
adapt the tests, since we do not have access to the internal structure
(and even if we had, it would be different) and the error messages
are different
the 'compute_next_event' and parsing tests still pass though
for re-use in qemu-server/pve-container, which already have this option
duplicated. the '-pair' is needed for remote migration, but can also be
a nice addition to regular intra-cluster migration to lift the
restriction of having identically named bridges.
Oguz Bektas [Thu, 21 Oct 2021 14:36:19 +0000 (16:36 +0200)]
cgroup: cpu quota: fix resetting period length for v1
The CFS period µs value for cgroup v1 needs to be >= 1 µs and <= 1 s,
so resetting it to -1 (like we cab do for the quota) cannot work.
So, when the period is passed as undefined it should be set to 100ms,
i.e., the actual default value:
> - cpu.cfs_quota_us: the total available run-time within a period (in microseconds)
> - cpu.cfs_period_us: the length of a period (in microseconds)
> - cpu.stat: exports throttling statistics [explained further below]
>
> The default values are:
> cpu.cfs_period_us=100ms
> cpu.cfs_quota=-1
-- https://www.kernel.org/doc/html/v5.14/scheduler/sched-bwc.html
This issue was there since initial addition in its original repo,
pve-container commit 26b645e2.
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
[ Thomas: add more information, adapt commit subject to reduce
redundancy, link to new RsT based doc page with a fixed version ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 15 Oct 2021 09:23:22 +0000 (11:23 +0200)]
tempfile: improve base path selection
The path is not /that/ relevant privacy wise as we try to use
`O_TMPFILE` anyway and defaulting to /run generates trouble for calls
from non-root processes.
Try the user session run dir first, then /run if root or /tmp else.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 15 Oct 2021 08:36:09 +0000 (10:36 +0200)]
tools: fix some perlcritic lints
- Two-argument "open" used at line 462, column 3. See page 207 of
PBP. (Severity: 5)
- Subroutine "new" called using indirect syntax at line 487, column
15. See page 349 of PBP. (Severity: 5)
- Bareword file handle opened at line 1533, column 5. See pages 202,
204 of PBP. (Severity: 5)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
commit c86cfb8bbd9b505d06b580582297fa670561437b dropped allow-hotplug
from the primary interfaces file completely on write, but that breaks
setups that come from plain Debian.
Instead, as stop-gap measurement, transform "allow-hotplug" to auto
in the PVE controlled config.
That avoids conflict and improves installing PVE on top of plain
Debian, as the interface still comes up after the first reboot.
But it is not ideal auto is not the same as hotplug, so we need to
also track that difference in the future, but that needs some
adaptions in the API too (change autostart from boolean to
string+enum or so=
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 27 Sep 2021 06:57:10 +0000 (08:57 +0200)]
subscription: switch verification domain over to shop.proxmox.com
With the merger the shop got moved from shop.maurer-it to
shop.proxmox.com, while we transparently redirect we also want to
stop doing that in a few years, so use new domain.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Sat, 18 Sep 2021 12:38:59 +0000 (14:38 +0200)]
net: add get_local_ip helper
Sometimes we need to have a fallback for gai (get_ip_from_hostname)
but cannot yet rely on configured networks (get_reachable_networks)
from kernel POV (those may not have been configured yet, e.g., on
boot), so the ones configured in /etc/network/interfaces would be
nice too then, as they're the ones that will get configured soon
anyway on boot.
Add a new helper that takes in all those sources and allows to return
a single (first found) or all of those addresses.
Still prioritize the address we get from getaddrinfo, as there the
admin has control through /etc/hosts, DNS and gai.conf and treat the
remaining ones as fallback.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 17 Sep 2021 14:25:51 +0000 (16:25 +0200)]
net: add get_reachable_networks
will be used for the issue banner generators and for some "get
nodeip" calls as fallback for get_ip_from_hostname, which tends to
fail in our CT envs (e.g., PMG)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
it's an invalid combination that causes the network reload/setup to
fail. unfortunately, this is not caught by ifupdown2 itself, but only
rejected by the kernel with ERANGE over netlink.
Dominik Csapak [Mon, 21 Jun 2021 13:55:16 +0000 (15:55 +0200)]
SysFSTools: change 'product' to 'device'
so it is more consistend with the source (it comes from the file
'device') as well as the subsytem_device field
the only place we use that field is in the same file in pci_dev_bind_to_vfio,
which we also change here, so that should not be a breaking change
(in qemu-server we only really use the existance and the has_fl_reset
flag)