Dominik Csapak [Fri, 28 Jun 2019 11:22:27 +0000 (13:22 +0200)]
ceph: mon create: fix not starting monitor if no public_addr is in conf
when there is no 'public_network' in the config, the monitor
can only find an ip if it is given explicitly, either via commandline
(not possible with systemd) or via the ceph.conf
Stoiko Ivanov [Thu, 27 Jun 2019 18:27:58 +0000 (20:27 +0200)]
config: remove pve-apt.conf
Instead of marking all pve-kernel-.* packages as NeverAutoRemove we compile
a list of specific versions to keep.
This functionality is added in the proxmox-ve package (along with the config
for booting kernels with systemd-boot).
Thomas Lamprecht [Fri, 28 Jun 2019 06:42:19 +0000 (08:42 +0200)]
5to6: get_pkg: cache version list
this is a short running script, so the version list can be re-used,
the chance that there where updates in between are slim and racy
anyway. IF getting the versions did not succeeded, we still retry on
every call though, simpler and ensures a warning is printed in the
caller check vicinity.
Makes script noticeable faster.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 24 Jun 2019 12:52:05 +0000 (14:52 +0200)]
ui: workspace: cope better with upgrade related false positive 401 HTTP codes
While we nowadays can work much better with package upgrades relating
the cluster stack it still happens that a pve-cluster upgrade can
produce a false-positive 401 (auth failure) code for a currently
valid ticket, e.g., because a pmxcfs lock was requested but the
pmxcfs was currently not mounted due an upgrade triggered restart.
A frequent case for a few false positive 401 is also a cluster
creation, especially if not done over the web GUI.
Thus add a counter, which gets set to 0 on each successful login or
ticket renewal and gets increased on each 401 error. Only show the
logged out window if we get five or more 401 responses. While 5 may
sound a bit much one needs to remember that we always have quite a
few API call in flight (resource update store, stores from current
panel ...) and thus, if one got really auth denied it will still show
quite fast (1 to 5 seconds, depending on which panel is currently
opened). Further, the backend naturally does not allows to do
anything during this time, this has no security implications
whatsoever.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Wed, 19 Jun 2019 11:45:54 +0000 (13:45 +0200)]
ceph: mon destroy: do not stop monitor ourselves
a 'mon remove' does this already for us, so do not stop it
this lead to a race where we could stop the next to the last monitor
before it was removed from the cluster, leading to a state
where two monitor were needed for quorum, but only one did exist
Dominik Csapak [Wed, 19 Jun 2019 11:45:53 +0000 (13:45 +0200)]
ceph: mon destroy: remove from mon_host
we need to remove an ip, ip:port or a ipvector from monhost
so use multiple regex search and replaces for this
this looks not really nice, but due to the strange format
of the line (e.g. ',' is a seperator inside and outside of a vector,
also ipv6 adresses may be surrounded with [] but so are vectors),
i found no better way
Dominik Csapak [Wed, 19 Jun 2019 11:45:49 +0000 (13:45 +0200)]
ceph: mon create: add to mon_host with msgr2
in nautilus, the default msgr protocol is v2, but it has to be
explicitely given to monmaptool, also we don't want to use the
monitor sections anymore so only update mon_host
ceph can cope with mixed mon_host and monitor sections, so this is
not a problem
also the ceph-create-keys part is not necessary anymore since
this is done by the monitor itself now
Thomas Lamprecht [Tue, 18 Jun 2019 15:15:03 +0000 (17:15 +0200)]
ceph: setup symlinks: ensure global ceph config directory exists
normally this gets created on package installation, but could be
deleted, e.g., by a debug purge. As it costs nothing to create just
do a mkdir on it, which does not fails if it already exists..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Tue, 18 Jun 2019 13:42:48 +0000 (15:42 +0200)]
ceph: services: do not create rados object in get_services_info
we always gave one, and the only reason why it could be undef
is that we could not connect, so it makes no sense to try again
and add unecessary time to the api call
Dominik Csapak [Tue, 18 Jun 2019 13:42:45 +0000 (15:42 +0200)]
ceph: init: update inital config for nautilus
since we do not support creating filestore osds anymore, drop
the journal size from the config
and move the keyring from global to client
this makes it possible to omit the osd keyring path
(which was the default but got overwritten from the global section)
Thomas Lamprecht [Mon, 17 Jun 2019 10:41:16 +0000 (12:41 +0200)]
ui: migrate: add source node field and rebalance field positions
This makes the window more symmetric, and additional has the
following small advantages:
* to the left we now have static fields only, user modifiable ones
are all to the right (with shorter distance to the migrate "submit"
button here)
* if one starts the migration from the tree's context menu it may not
be really clear where the VM currently is located at, so showing
the source node can help (especially on bigger clusters with a
huge target node list)
* more symmetric
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This patch refactors the migrate ui to incoperate the viewmodel approach
which should help if we need to add functionality in future iterations.
Additionally it is now possible to migrate with local disks.
network api : reload : don't allow openswitch at all
ifupdown2 reload can't work with openswitch until we implement
ovs.
I don't think that too much users are mixing ovs && bridge anyway.
It's possible to use ifupdown2 with ovs for ifup/down with ifupdown script,
but config need to be changed, and I don't have tested too much.
(maybe add a conflict in ifupdown2 package with openvswitch package for now)
Thomas Lamprecht [Mon, 10 Jun 2019 17:04:10 +0000 (19:04 +0200)]
gui: tree: add lock information to tooltips
This was already proposed by Dominik[0], but it was was wished for a
faster backend backing of this[1], and as with most wishes one needs
to either be content with what's there or (try) to improve it one
self.. So with the IPCC approach proposed as backing for this I'd
like to add this again. It differs from [0] a bit, first it's rebased
as parts of the tooltip stuff got already applied[2].
I use "Config locked (<LOCK>)" as text for this, as it
1. Clarifies what the lock symbol means, which is always a good thing
for tooltips
2. repeating the lock symbol here again would show the users three
lock symbols at the same time if the VM was selected in the tree
(the tree one, the VM config panel one, and this tool tip one)
this is a bit much, so don't do it.