Dietmar Maurer [Thu, 24 Jun 2021 08:17:59 +0000 (10:17 +0200)]
ui: implement OpenId login
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
[ Thomas: amended the following changes:
- factor out openid_login_param to widget-toolkit as
getOpenIDRedirectionAuthorization and use it
- use camel case to match our JS style guide and our framework (and
basically the rest of the JS world)
- minor cleanups like moving variable definition into the single if
branch their used
] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
these were mostly releveant for upgrading from Corosync 2.x to 3.x - so
keep the warnings/errors, but reduce the noise a bit by skipping lots of
PASS output.
api: cluster/backupinfo: rework bogus index endpoint
This had a myriad of issues:
* marked as protected, thus forwarded to the privileged daemon even
if it just returned static information
* did not return directory index but a "stub" string, which does not
makes sense.
* not named index
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 29 Jun 2021 15:51:55 +0000 (17:51 +0200)]
d/postinst: regenerate machine-id also for 4.0 beta ISOs
With some poking around I got the hold of more released ISO files,
while beta it seems that we have some loyal installations setup with
a 4.0 beta and updated to 7.0 beta[0] (cool stuff!)
Fabian Ebner [Wed, 30 Jun 2021 09:16:18 +0000 (11:16 +0200)]
pve6to7: more fine-grained detection of misconfigured guest volumes
If neither 'rootdir' nor 'images' are configured on a storage, but
there are guest images, just log the number of volumes found. If they
are relevant for migration, the check for unreferenced volumes will
catch them later.
Also detect content type mismatch for all volumes of existing guests,
which also covers the case of a VM image on a storage with only
'rootdir' and vice versa. To catch all such unreferenced volumes too,
it is necessary to scan all storages that do not have both content
types configured.
Change the message from 'will not work' to 'might not work'. If a
volume only referenced by a snapshot is misconfigured, it doesn't mean
that the guest doesn't work at all. Or it might be an ISO on a
misconfigured storage.
Hannes Laimer [Mon, 28 Jun 2021 10:40:34 +0000 (12:40 +0200)]
api: cluster/resources: add 'name' property to return schema
VM names are returned by the endpoint anyway, therefore it makes sense
to add it to the endpoint specification so it also appears in the API
docs and is visible when using pvesh with text output.
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
now that we no longer ship our own LVM packages, set the relevant
filtering options here if they are missing.
for an upgrade from PVE 6.x, the following two scenarios are likely:
A: user edited config provided by our old lvm2 package. it likely
contains our (or a modified) global_filter, but the old scan_lvs
default. in this case we ignore global_filter as long as it contains our
'don't scan zvols' entry, and set scan_lvs to false.
B: config provided by our old lvm2 package was taken over by default
config from stock lvm2 package. scan_lvs defaults to false already, but
global_filter is unset (scan everything), so we need to set our own
global_filter excluding zvols.
other combinations should be handled fine as well.
for new installs (installer, install on top of Debian Bullseye) we are
always in scenario B.
Thomas Lamprecht [Tue, 22 Jun 2021 10:14:53 +0000 (12:14 +0200)]
d/postinst: handle static machine-id from 4.0 <= x <= 5.4
We could also just check the mtime of the machine-id as heuristic,
but extracting the machine-ids from our ISO archive was pretty
straight forward and avoids special handling for from Debian
installed systems, so use that.
The 6.0 one should never trigger as there we had the fix already out,
but it may be that some internal installation missed that and it
doesn't hurt to check, so include it.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Aaron Lauterer [Tue, 22 Jun 2021 08:07:26 +0000 (10:07 +0200)]
ui: dc: backup: fix job detail search
'for...in array' returns the id in the array but not the value,
'for...of array' returns the values.
Another issue that I ran into was if the property did not exist.
Checking if the property evaluates to false will catch situations where
the property does not exist or is null. All other situations where there
is a value for the name, id or type, should evaluate to true if present
as they are strings or the VMID.
Fabian Ebner [Mon, 21 Jun 2021 14:31:39 +0000 (16:31 +0200)]
pve6to7: add check for guest images on misconfigured storages
migration and (container) startup will no longer work when the storage's content
type is not correct, and unreferenced volumes on such storages will not be
scanned for anymore.
Thomas Lamprecht [Fri, 18 Jun 2021 17:23:13 +0000 (19:23 +0200)]
ui: notes edit: set maxLength on text area
the backend will have actual explicit length limits on the
description properties (was limited indirectly through PUT/POST
request size limit of 64 KiB), so convey that limit also in the GUI.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Mon, 7 Jun 2021 10:31:58 +0000 (12:31 +0200)]
ui: ceph/Pools: defuse min_size warning
we should not warn for ceph's built-in default value for min_size as
having the min_size half of the size (rounded up) is ok and even the
default for ceph
Since there seems to be no 'quorum based' pg inconsistency recovery[0],
only a copy from the authoritative osd, there is nothing wrong
with setting that.
Alwin Antreich [Mon, 10 May 2021 12:18:26 +0000 (14:18 +0200)]
fix #2422: allow multiple Ceph public networks
Multiple public networks can be defined in the ceph.conf. The networks need to
be routed to each other.
Support handling multiple IPs for a single monitor. By default, one address from
each public network is selected for monitor creation, but, as before, it can be
overwritten with the mon-address parameter, now taking a list of addresses.
On removal, make sure the all addresses are removed from the mon_host entry in
the ceph configuration.
Fabian Ebner [Mon, 10 May 2021 12:18:25 +0000 (14:18 +0200)]
api: ceph: mon: fix handling of IPv6 addresses in destroymon
by also comparing the canonical form to decide when to remove an address. When
getting the IP from the rados information, also drop eventual brackets, so our
existing function can handle it. Add the brackets back within the
remove_addr_from_mon_host function.
Fabian Ebner [Mon, 10 May 2021 12:18:18 +0000 (14:18 +0200)]
api: ceph: create mon: handle ms_bind_ipv* options more generally
mostly relevant to prepare support for IPv4/IPv6 dual stack mode as a special
case of the planned support for mutliple public networks.
As before, only set the false value when we are dealing with the first address,
but also be explicit about the IPv4 case as the defaults might change in the
future.
Then, when an address of a different type comes along later, set the relevant
bind option to true.
the two checks make sure that:
* no user defined role 'PVEPoolUser' exists
* the user gets a hint for roles only containing Pool.Allocate and
not Pool.Audit
a very simple parser for user.cfg was implemented to be able to
parse the (in pve 6 invalid) Pool.Audit permission
and also show the retention options that will be used for a given storage. A
user with Datastore.AllocateSpace and VM.Backup can already remove backups from
the GUI manually, so it shouldn't be a problem if they can set the remove flag
when starting a manual backup in the GUI.
Fabian Ebner [Thu, 6 May 2021 12:16:29 +0000 (14:16 +0200)]
ui: backup window: set loading mask early enough
but not too early. Because of an ExtJS bug/limitation, it can only happen after
the window is rendered, so use an afterrender listener. Without setting the
mask there, the window will be active already before the storage selectors
change listener triggers, which can only happen after the storage selectors
store is loaded.
Made noticable by the new "filling in defaults" behavior, but the issue was
already present earlier, where the compression selector for PBS storages would
be disabled late, after the window was already active.
Also move the setValue call into the afterrender listener, so ordering is easy
to verify/more stable.
Reported-by: Thomas Lamprecht <t.lamprecht@proxmox.com> Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
Fabian Ebner [Thu, 6 May 2021 12:16:27 +0000 (14:16 +0200)]
ui: backup window: avoid issuing API call with null/empty parameter
could be triggered when there are no backup storages at all configured or if
the 'Backup now' button is clicked before the storage selector from the guests
'Backup' tab could load its store.