Thomas Lamprecht [Wed, 17 May 2023 13:52:24 +0000 (15:52 +0200)]
tape: MAM: replace tuple with struct for better readability
It's needlessly adding mental complexity to always have to translate
usages like info.0 or info.1 in ones head when reading the code.
Transforming this to a struct allows for using descriptive names when
accessing the specific fields and allows for implementing a
constructor per MamFormat, reducing the resulting MAM attribute list
by quite a few lines.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 17 May 2023 12:57:15 +0000 (14:57 +0200)]
tape: avoid panic potential in MAM attribute decoder
We already saw that quite some tape libraries/loaders/... ain't
always _that_ standard conform, and even if it'd be guaranteed, it
just makes no sense to create a potential for panicking the whole
daemon due to some sub-features hiccup, rather go for actual error
handling...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 17 May 2023 12:52:29 +0000 (14:52 +0200)]
tape: update link to IBM SCSI reference LTO 5 - 9
The linked PDF is also captured and archived here:
https://web.archive.org/web/20230517122521/https://www.ibm.com/support/pages/system/files/inline-files/LTO%20SCSI%20Reference_GA32-0928-05%20%28EXTERNAL%29_0.pdf#
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Sterz [Thu, 20 Apr 2023 08:08:53 +0000 (10:08 +0200)]
fix #4357: datastore: take into account namespaces when marking chunks
previously when marking used chunks the namespace wasn't taken into
account and valid snapshots were marked as "strange paths". this lead
to a line in the log of a gc job such as this:
found (and marked) 2 index files outside of expected directory scheme
which some users perceived as an error. parse the namespace too and
only mark the path as strange if parsing the namespace and/or backup
dir fails.
if the user selected a single datastore to restore from tape on a
media-set that includes more than one, the ui suggests (and is
intended to) that only that datastore will be restored on the selected
target.
The logic to construct the store mapping parameter did not consider that
case, and simply gave the target as default store, which meant all
datastores were restored onto the target.
To fix that, we have to get the source datastore from the field, and
construct the correct parameter ("source=target").
fix #4722: allow all netmask values for reverse lookup
the only place this is used (parsing a 'netmask XXX' directive in an interfaces
file) allows any integer as value both when parsing and when validating, so
there is no reason to restrict this to only allow string netmasks >=
8/255.0.0.0 as far as I can tell..
Dominik Csapak [Mon, 8 May 2023 11:03:41 +0000 (13:03 +0200)]
fix #4719: wait for tape to be available in changer
instead of aborting. If the tape is currently e.g. offline, in an
import/export slot or in the wrong drive, this gives the user the chance to
manually move it/insert it, so that the backup job can continue.
Send an e-mail like we do on a standalone drive, but adapt the messages
to contain the changer instead of the drive.
This can help when not all tapes are currently available in the changer.
This was it's own panel for some time but moved into a more general
"Other" panel together with some other settings that are normally
only changed once, on initial setup (better names welcome...).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Hanreich [Tue, 18 Apr 2023 14:59:46 +0000 (16:59 +0200)]
sync job: pull: improve log output
Adding an opening line for every group makes parsing the log easier.
We can also remove the 're-sync [...] done' line, because the next
line should be a progress line anyway.
The new output for the sync job/pull logs looks as follows:
- skipped already synced (happens in most jobs, except for first run)
- re-sync of last synced snapshot (if it still exists on source)
- skipped because of transfer-last (if set and skips something)
- sync of new snapshots (if they exist)
Suggested-By: Fabian Grünbichler <f.gruenbichler@proxmox.com> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Specifying the transfer-last parameter limits the amount of backups
that get synced via the pull command/sync job. The parameter specifies
how many of the N latest backups should get pulled/synced. All other
backups will get skipped.
This is particularly useful in situations where the sync target has
less disk space than the source. Syncing all backups from the source
is not possible if there is not enough disk space on the target.
Additionally this can be used for limiting the amount of data
transferred, reducing load on the network.
The newest backup will always get re-synced, regardless of the setting
of the transfer-last parameter.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
when labeling a tape in a changer, we pre-fill the label field with
the one from the barcode (if it exists). Letting the user change
the label here does not make much sense, since we assume that they are
the same (e.g. for move operations etc.)
So instead simply display the label to protect users from accidentally
changing it. If a user really needs to have a different label than the
suggested one, it's still possible on the cli.
replacable to replaceable
the field 'field_replacable_unit_code' is not currently used anywhere
descriptior to descriptor
Resuqest to Request
and flags2 to flags3 (the number indicates the numbering of the field
and it's the third field, not the second)
tape: implement 6 byte fallback for MODE SENSE/SELECT
there are tape drives (esp. virtual ones) that don't implement the
10-byte variants of MODE SENSE/SELECT. Since the pages we set/request
are never bigger than 255 bytes anyway, we can implement a fallback
with the 6 byte variant here.
Implementing this as a fallback to make sure that existing working
drives keep the existing implementation.
these were previously called out in a comment, but should now be handled (as
much as they can be).
the performance impact shouldn't be too bad, since we only look at the magic 8
bytes at the start of the existing chunk (we already did a stat on it, so that
might even be prefetched already by storage), and only if there is a size
mismatch and encryption is enabled.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
[ T: fold in "just to be sure" touch_chunk calls ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Sterz [Wed, 5 Apr 2023 08:12:09 +0000 (10:12 +0200)]
docs: make logo path and index link absolute
the relative path failed as some pages are more deeply nested, such as
the man page for `proxmox-tape`. this meant that on these pages the
logo wouldn't be displayed correctly and the link lead to a non-
existent file.
Stefan Sterz [Wed, 5 Apr 2023 08:12:08 +0000 (10:12 +0200)]
docs: dark theme, dim borders and minor fixups
this commit adjust several border colors that weren't styled before
and appeared too brightly. also add styles to the "hide search
matches" link that had poor contrasts before.
Dominik Csapak [Thu, 30 Mar 2023 07:20:42 +0000 (09:20 +0200)]
api types: fix non-capturing group syntax
a non capturing group is '(?:)' not '(:?)' so fix that.
None of these regexes are used where would use capturing groups.
DATASTORE_MAP_REGEX and TAPE_RESTORE_SNAPSHOT_REGEX are only used
as api types and BLOCKDEVICE_NAME_REGEX is only used once outside of the
api and there we also don't look at the capturing groups.
provide separate helpers for pub/priv auth keyring access
This used to be the case before the switch to the auth api
crate and is required for some helpers where we don't want
to have to setup the complete auth context.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Tue, 28 Mar 2023 16:46:38 +0000 (18:46 +0200)]
ui: user edit: rework interaction of realm and view model
avoid accessing private members directly but rather try to use the
public API, this then allows us do drop declaring a reference on the
realm combobox, which was not directly used and thus a bit subtle.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 28 Mar 2023 15:05:07 +0000 (17:05 +0200)]
cli: manager, tape, debug: setup auth context to make local connect work
The manager, tape and debug admin and debug CLI tools all are meant
to run locally on the PBS directly and often directly by the root
user.
So for convenience they will create a valid API ticket for `root@pam`
to connect via localhost to the API proxy, either transparently if
the UID is 0 (= root) or interactively by asking the password of the
root user.
In d97ff8ae ("use new auth api crate") the API key handling was
reworked, but while the call sites that get the auth keys for signing
a ticket where adapted to use the new auth_keyring helper, the
reworked API keeps the key in shared OnceCell which needs to be
actually setup once per executable to the respective correct key,
i.e., public for the proxy, which only checks signatures, but never
creates them, and private for all those that want to sign tickets;
and that was only added for the prrivileged and public daemon, but
not above mentioned CLI tools.
So all calls into the tools that actually required to create a ticket
for connecting to the local API panicked.
Fix this by adding a call to setup_auth_context in the main entry
point of each of those CLI tools, so that they have the private key
available to be used if the tools is executed by root.
Fixes: d97ff8ae ("use new auth api crate") Reported-by: Friedrich Weber <f.weber@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Tue, 28 Mar 2023 13:11:48 +0000 (15:11 +0200)]
ui: dark mode: add dark mode colors to the datastore usage charts
For the `Datastore -> Summary` overview for all configured datastores.
Fix is adapted from the PVE's ceph's status details or performance
runningCharts, which are both similar (but not really the same)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ T: expand commit message to note that this is adapted from PVE ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Sterz [Thu, 9 Feb 2023 11:41:39 +0000 (12:41 +0100)]
fix #4521: api/tasks: replace upid as filename for task log downloads
previously the upid would just be used without a file extension when
downloading a task log. this lead to rather strange filenames that
appeared unfamiliar to users as the upid is not very prevalent in the
gui. set a proper file name based on the node name, worker type and a
time stamp instead. also add the ".log" file extension to indicate
that these files contain logs.
Dominik Csapak [Fri, 24 Mar 2023 15:53:21 +0000 (16:53 +0100)]
docs: implement auto dark mode
the colors are inspired/copied from the pmg/pve docs dark mode, but
i tried to apply them such that theme is faithful to the original
docs style regarding contrast etc.
the backup is finished at that point, the only lock clash that is possible when
dropping the exclusive and attempting to obtain a shared lock would be
- the snapshot is pruned/removed
- the backup is in a pre-upgrade process, and the post-upgrade process opens a reader
the first case is OK, if the other invocation wins the race and removes the
snapshot verification is pointless anyway.
the second case means the snapshot is not verified directly after completion
(this fact would be logged in the backup task log), but usable immediately for
pulling/restoring/..
this should decrease the chances of triggering the issues described in #4523
Lukas Wagner [Mon, 13 Feb 2023 14:29:31 +0000 (15:29 +0100)]
manager: use view_task_result function for realm sync
Previously, the same approach as in `proxmox-backup-debug` was used.
With the changes from this commit, realm syncing uses the same method for
waiting for task output as other parts of `proxmox-backup-manager`.
Lukas Wagner [Mon, 13 Feb 2023 14:31:04 +0000 (15:31 +0100)]
realm sync: show warnings if attributes do not meet their constraints
Previously, if the value of a synced property did not validate properly
(e.g only 1 character in length instead of the required 2), the whole
sync job failed without any useful error message.
In this commit, the values are validated manually by their
respective StringSchema. If the validation fails, the value is
ignored and a warning is displayed in the task log.
In addition to that, some error messages have been improved.
Also, user sync is now more fault-tolerant in general, showing
warnings if something goes wrong while creating/updating a
single user, instead of aborting the whole sync job.
Reported-by: Friedrich Weber <f.weber@proxmox.com> Signed-off-by: Lukas Wagner <l.wagner@proxmox.com> Tested-by: Friedrich Weber <f.weber@proxmox.com>
gives a higher (runtime) control via PBS_LOG, so that users can decide
themselves which messages, sources and levels are interesting for a particular
use case.
Thomas Lamprecht [Tue, 14 Mar 2023 16:54:14 +0000 (17:54 +0100)]
proxy: limit theme value in length and disallow '/'
while with rust strings we cannot inject \0, it feels a bit safer to
enforce some basic restrictions, with length and not containing any
slash seems sensible enough.
Admins should not put sensible data as theme-XYZ.css files in
/usr/share (which is normally readable by all system users anyway)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Sterz [Wed, 8 Mar 2023 16:41:40 +0000 (17:41 +0100)]
ui: remove white backgrounds from package versions and system report
removes the style that gets added directly to the element of the
package versions and system report views. this makes them harder to
style through css as normal selectors cannot override the element's
style. since they behave properly without these styles anyway, remove
them.
Dominik Csapak [Tue, 28 Feb 2023 13:17:21 +0000 (14:17 +0100)]
fix #4412: tape: initial WORM support
the only thing preventing us from using WORM tapes was that we relied
on being able to rewrite the media set label when first using a tape
that was pre-allocated in a media-pool.
so instead of needing to write a meida set label with a special uuid,
just save the pool in the media label itself. This has currently no
downsides, as we're not able to move tapes from one pool to another
anyway.
this makes some checks a bit trickier, as we now have to get the pool
out of the media set label and as a fallback look into the media label.
such new tapes can still be read and restored by older proxmox-bacukp-server
versions. The only thing missing is when a tape labeled with the new
format that has an assigned pool, that pool won't show up when the tape
is inventoried in an old version (but can still be used otherwise).
since commit 139acf37 ("tape: inventory: skip unassigned tapes")
we skip unassigned tapes (special all-zero media-set uuid) when we look
for a catalog. We accidentally skipped storing it in the inventory
completely, which means we never inventoried completely empty tapes.
to fix that, simply move the check below the inserting in the inventory
projects / proxmox-backup.git / log