Dominik Csapak [Wed, 6 May 2020 14:31:12 +0000 (16:31 +0200)]
ui: node/ACME: rework ACME grid for plugin based domains
This is basically a complete rework of the ACME grid.
Instead of having an ObjectGrid, we now have a normal
GridPanel which allows us to show a row for each Domain.
But to achieve this, we need to manually fill the store with data
from the 'acme' and 'acmedomainX' entries of the node config.
We also add an AccountSelector to the tbar and a link to the
datacenter->acme panel (when there is no account)
this also removes the 'register account' and 'view account' buttons,
since those are now available in datacenter->acme
Dominik Csapak [Wed, 6 May 2020 14:31:11 +0000 (16:31 +0200)]
ui: node/ACME: add ACMEDomainEdit
which expects a nodeconfig (for digest and domaincount)
and for the edit case, the parsed 'domain' object
this editwindow has three fields:
* type selector (standalone/dns)
* domain
* plugin (only for dns)
if the user chooses dns but there are already the maximum count of
acmedomainX entries, the type field gets invalid (with a error tooltip)
the onGetValues method is non-trivial, because of the mixing of
acmedomainX and acme.domain values, so we have to be careful
that we delete/edit the correct entry
Stefan Reiter [Wed, 6 May 2020 10:34:59 +0000 (12:34 +0200)]
gui: never collapse notes for templates
There's no graphs on screen, so no reason to collapse the notes to save
space. Besides, it looked a bit funky expanding the notes on smaller
screens, since they always jumped to the bottom to fill the space...
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Fabian Ebner [Wed, 6 May 2020 08:14:27 +0000 (10:14 +0200)]
Improve storage selection on restore
Previously, the blank '' would be passed along and lead to a
parameter verfication failure.
For LXC the default behavior in the backend is to use 'local', so
disallow blank and auto-select the first storage supporting'rootdir'
instead.
For QEMU the default behavior in the backend is to use the
original layout from the backup configuration file, which
makes sense to use as the default in the GUI as well.
vzdump: set 'pbs' option when backing up to PBS target
this unifies the logic into a single place instead of all over this
module and the plugins.
it also fixes tons of 'uninitialized value' warnings when backing up
with --dumpdir but no --storage set, since the existing conditions for
PBS targets are missing a definedness check.
Dominik Csapak [Tue, 5 May 2020 12:38:17 +0000 (14:38 +0200)]
ui: add ACMEPluginEdit window
this is a rather complex edit window, because we dynamically create form
fields according to the schema we get from the api
to do this properly we have to handle a few things:
* we have to properly set the values on edit
* we have to properly track the original values
* we have to merge and split with/from the generic 'data' field
(so that if a plugin has some extra fields that we did not include in
the schema the user can still enter them)
Dominik Csapak [Tue, 5 May 2020 12:38:14 +0000 (14:38 +0200)]
ACME: add challengeschema api call
which returns a list of challenge api types with the schema of their
required data (if it exists)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ Thomas: adapt to my changes from proxmox-acme schema def and change
path from challengeschema to challenge-schema ]
Stefan Reiter [Mon, 23 Mar 2020 12:41:14 +0000 (13:41 +0100)]
gui/cluster: add structured peerLinks to join info
Instead of the old 'ring_addr' property (which is kept for
compatibility), we also encode the link numbers into the new peerLinks
structure. This allows us to display which IP is assigned to which link
on the cluster in the join dialog, helping a user identify which link
should receive which interface on the new node.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Stefan Reiter [Mon, 23 Mar 2020 12:41:13 +0000 (13:41 +0100)]
gui/cluster: add CorosyncLinkEdit component to support up to 8 links
CorosyncLinkEdit is a Panel that contains between one and 8
CorosyncLinkSelectors. These can be added or removed with according
buttons.
Values submitted to the API are calculated by each
ProxmoxNetworkSelector itself. This works because ExtJS searches
recursively through all child components for ones with a value to be
submitted, i.e. the CorosyncLinkEdit and CorosyncLinkSelector components
are not part of data submission at all.
Change ClusterEdit.js to use the new component for cluster join and
create. To make space in layout, move 'password' field to the side
(where the network-selector previously was) and use 'hbox' panel for
horizontal layouting to avoid spacing issues with languages where the
fieldLabel doesn't fit on one line.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
This patch adds the zstd to the compression selection for backup on the
GUI and add .zst to the backup file filter. Including zstd as package
install dependency.
d/postinst: triggers: call updatecerts manually on reloads
if pve-manager gets triggered we will normally always do a reload,
that means that updatecerts call won't get triggered, as systemd
doesn't executes the ExecStartPre directives in the reload case.
Do it ourself
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
As proxmox-acme has now a default delay for DNS challenge plugins,
which is the important one. Those are just for not overloading the
acme servers with a lot of requests, but once the challenge was
propagate they have it verified pretty quickly, so reduce delay for
checking validation after first requesting it down to 10 seconds
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
re-loading it always would mean that we could potentially switch the
config to something completely different, and the mix of the previous
and the old could result in total bogus actions.
Better to use the same one for one full order, even if it may get
"outdated" it was still valid in the past and most important
coherent.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
api: acme plugins: we're not the storage content API endpoint
Drop various leftovers from the storage content API module this was
based on, e.g., ACME plugins have no fixed options and the like.
Also, the descriptions shouldn't mention "storage".
Further, drop the "update_config" "helper" with its operations
effectively only increasing code complexity and adding another rabbit
hole to jump into.
IF, this should have been factoring out the lock+read+write cycle
only, living the rest to a passed CODE-ref, but honestly that saves
only really the read and write config lines, and at this point
nothing is really gained, so just let it be.
Should have been actually three or so separate patches, but to deep
into this rabbit hole to care..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
NodeConfig: ensure locked context has current view
similar to the recent changes for pve-guest-common - we start each API
call with a cfs_update, but while we were waiting for the flock another
R-M-W cycle might have happened, so we need to refresh after obtaining
the lock.
for now mostly due to the "nice" property of the acmedomains which
do not use their property key as index but actually the doamain.
Without this one could set up duplicated domain entries just fine,
but once using them -> error.
This is not nice UX, so verify node config before writing an updated
one out, to catch those issues.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
instead of relying that the authorization URLs and the ordered
identifiers are sorted the same way for already validated
authorizations.
on the contrary, RFC 8555 even says:
"The authorizations required are dictated by server policy; there may
not be a 1:1 relationship between the order identifiers and the
authorizations required."
authorizations MUST always include a single identifier, no matter which
state they are in.
exact same thing commit 88ab01e8f7cfdc57f89046b62d66b86b0f891cec
already did for the old location of this, but indentation error was
introduced again when moving it (fix y'all editors..)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
ui: don't block offline migration due non-referenced disk in the config
All local disks can/will be migrated if not for a reason we don't
know about yet at this stage. The disks we get from the API call as
'local_disks' are either referenced by the config or by snapshots in
the config (which was not checked for and the reason one could run
into the 'else if' branch).
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
if our self-signed certificate expires in more than 825 days, but was
created after July 2019 it won't be accepted by modern Apple devices. we
fixed the issuance to generate shorter-lived certificates in November
2019, this cleans up the existing ones to fix this and similar future
issues.
two years / 730 days as cut-off was chosen since it's our new maximum
self-signed certificate lifetime, and should thus catch all old-style
certificates.
another positive side-effect is that we can now phase out support for
older certificates faster, e.g. if we want to move to bigger keys,
different signature algorithms, or anything else in that direction.
this modifies AuthEditBase so that if there is a sync inputpanel specified,
we display it in a second tab (we need to modify the bodyPadding here,
else the whole window has too much padding)
we use the same panel for both ldap/ad, since the most options behave
the same (except for user_attribute, but the default for AD is
sAMAccount which i think is good enough for now, users can still
override it in the cli)
ui: Utils: delete_if_default: add values by correct type
if 'delete' is an Array, we want to push into it, not append a string
this could be an issue when we use an edit window with multiple inputpanels
and deleteEmpty set on some fields
Thomas Lamprecht [Sun, 26 Apr 2020 10:29:24 +0000 (12:29 +0200)]
ui: drop login-user fixed token edit due to multi window/z-index issues
We normally do not stack windows and it breaks/allows some funky
stuff.. As this isn't really required and can be done just fine over
the the DC -> Token panel, especially as we prefill the username to
the logged in one for new tokens now..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>