Stefan Hanreich [Fri, 22 Dec 2023 09:58:06 +0000 (10:58 +0100)]
postinst: filter rbds in lvm
Since LVM 2.03.15 RBD devices are also scanned by default [1]. This
can lead to guest volumes being recognized and displayed on the host
when using KRBD for RBD-backed disks. In order to prevent this we add
an additional filter to the LVM config to avoid scanning rbds.
This also prevents a bug where LVM created a very high amount of
archive entries when there were logical volumes with the same path
available. This could happen when two guests with RBD disks had the
same LVM layout or a guest and host had the same layout.
previous behavior:
If there is no marker in the LVM conf and global_filter does not
contain '/dev/zd.*': replace the global_filter with our version
new behavior:
Replace the global_filter iff:
- There is no marker and global_filter is empty
- The global_filter is exactly the old default
If we don't replace the filter and it is a non-default value: We print
a warning. Addtionally we force this function to run once when
upgrading from older versions.
The previous versions could replace custom global_filters where the
comment had been removed and the zvol directive removed. The new
behavior is slightly more conservative, but works the same in other
cases.
Lukas Wagner [Fri, 1 Dec 2023 13:24:09 +0000 (14:24 +0100)]
api: replication: allow users to enumerate accessible replication jobs
Previously, the /cluster/replication API handler would fail completely
with a HTTP 403 if a user does have VM.Audit permissions for
a single VM/CT. That was due to the 'noerr' parameter not set for
$rpcenv->check()
Fiona Ebner [Mon, 4 Dec 2023 09:29:56 +0000 (10:29 +0100)]
ui: iso selector: disable all fields to avoid bogus validation
The validation logic of the inner fields from the ISO selector was not
disabled, so a user would need to select a valid storage and ISO file
before being able to make any other choice for the general CD-ROM
drive source (no-media or physical-drive).
Call the parent method to ensure all the inner fields get actually
disabled so that their validators also get disarmed if not relevant.
Reported in the communiy forum:
https://forum.proxmox.com/threads/136960/post-611704
Fixes: fc7b556d ("ui: refactor iso-selector out of the cd input panel") Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
[ TL: add more background to commit message/subject ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 23 Nov 2023 10:07:19 +0000 (11:07 +0100)]
ui: pool view: fix editing nested pools
for nested pools we have to provide the pool id via a get parameter
instead of in the path, and also we have to extract the data from the
returned array.
To do this, changet the cbind url handler, remove the autoLoad one,
and handle the load ourselves.
Lukas Wagner [Thu, 23 Nov 2023 09:54:03 +0000 (10:54 +0100)]
ui: perm paths: change /mapping/notification to /mapping/notifications
The ACL path was changed during the notification system rework.
This change adapts the list of predefined ACL paths in the
'Add {User,Group,API Token} Permission' dialog window to reflect
this change.
Dominik Csapak [Thu, 23 Nov 2023 08:25:42 +0000 (09:25 +0100)]
ui: resource tree: remove wrong comment
that function is not only there for the storage indicators, but
generally for adding additional information, such as tags, and for
wrapping in a span for making tooltip selection easier.
Thomas Lamprecht [Wed, 22 Nov 2023 15:07:09 +0000 (16:07 +0100)]
api: node status: cache boot mode info
it's not that expensive but we call the endpoint that returns the boot
mode info very frequently, and EFI vars are provided by the firmware,
and there are lots of known cases where firmware was just a plain
mess.
So, don't risk that overly frequent reads will cause some weird side
effect and rather just cache the whole info, it cannot change without
a reboot anyway.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Hanreich [Wed, 22 Nov 2023 12:29:51 +0000 (13:29 +0100)]
ipam: send ip to delete endpoint
The ip parameter has been added to the delete endpoint, so only a
specific mapping gets deleted instead of all mappings for that mac
address. Reflect this change in the UI.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Thomas Lamprecht [Wed, 22 Nov 2023 12:24:43 +0000 (13:24 +0100)]
ui: node summary: reduce noise in current kernel version
use the new 'current-kernel' object returned by the node status API to
render a more useable (less noise) version information.
Keep fallback for old one to better work with upgrades (major and
minor) to this version in a cluster, where the web UI one uses might
be the new one, but a node one looks at still have the old manager.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Lukas Wagner [Tue, 21 Nov 2023 12:52:37 +0000 (13:52 +0100)]
vzdump: support 'notification-mode' parameter
This parameter lets us choose between the 'legacy' notification
system (sendmail to some email addresses) and the 'new' notification
system (pub-sub based system with targets and matchers).
'auto' (default) will use the 'legacy' system if a mail address is
provided and the 'new' system if not.
This is allows users to opt-in/opt-out from the new notification
system, which might be a bit chatty by default.
ui: ceph pool edit: rework with controller and formulas
instead of relying purely on listeners that then manually change other
components, we can use binds, formulas and a basic controller.
This makes it quite a bit easier to let multiple components react to
changes.
A cbind is used for the size component to set the initial start value.
Other options, like using setValue in the controller init, will trigger
the change listener and therefore can affect the min size without any
user interaction.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com> Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
fix #2515: ui: ceph pool create: use configured defaults for size and min_size
Instead of hard coded defaults for the size and min_size parameter,
check if we have defaults configured in the ceph.conf or config db and
use those.
There are clusters where different defaults are needed. For example if
the cluster spans two rooms and needs to survive the loss of one. A
size/min_size of 4/2 are common defaults in such a situation.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com> Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This new endpoint allows to get the values of config keys that are
either set in the config db or the ceph.conf file.
Values that are set in the ceph.conf file have priority over values set
in the conifg db via 'ceph config set'.
Expects the --config-keys parameter as a semicolon separated list of
"<section>:<config key>" where the section is a section in the ceph.conf
or config db. For example: global:osd_pool_default_size
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com> Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 21 Nov 2023 13:16:34 +0000 (14:16 +0100)]
ui: vm wizard: reword label for extra drive for virtio-drivers
while a user can attach anything, we change the defaults for, e.g.,
scsi controller or network to virtio if this is ticked, so try to hint
that a bit better
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Tue, 21 Nov 2023 08:35:51 +0000 (09:35 +0100)]
ui: qemu wizard: use better boot order for second cd drive
in the case we add a second cd drive (for windows), we don't want the
backend logic to only include the first one, since we cannot know
which is bootable and which is (probably) the virtio iso.
so instead, emulate the backend logic for the wizard but include both cd
drives in that case, otherwise let the backend decide like before
Dominik Csapak [Mon, 20 Nov 2023 15:45:43 +0000 (16:45 +0100)]
ui: vm wizard: allow second iso for windows vms
Having a second CD-drive is useful for adding the virtio-win driver
ISO for new installs, and thus we change the default disk type to scsi
and network type to VirtIO.
Add special logic to the OSTypeInputPanel when 'insideWizard' is true
to add an additional checkbox + iso selector
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
since poolid can now contain `/`, it's not possible to use it (properly) as
path parameter anymore.
accordingly:
- merge `read_pool` (`GET /pools/{poolid}`) into 'index' (`GET
/pools/?poolid={poolid}`) (requires clients to extract the only member of the returned array if they want to query an individual pool)
- move `update_pool` to `/pools`, deprecating the old variant with path parameter
- move `delete_pool` to `/pools`, deprecating the old variant with path parameter
- deprecate `read_pool` API endpoint
pool creation is blocked for nested pools where the parent does not already
exist. similarly, the checks for deletion are extended to block deletion if
sub-pools still exist.
the old API endpoints continue to work for non-nested pools. `pvesh ls /pools`
is semi-broken for nested pools, listing the entries, but no methods on them,
since they reference the old API. fixing this would require extending the REST
handling to support a new type of child reference.
Dominik Csapak [Mon, 20 Nov 2023 08:02:42 +0000 (09:02 +0100)]
ui: fix zero-sized panels on fresh chrome start
it seems in new versions of chrome , this triggers too early on a fresh
start (when autostarting a pve tab), resulting in the
'viewWidth'/'viewHeight' being zero pixels. This means we set the width
of the left and the height of the bottom panel to zero pixels, making
them functionally invisible.
To prevent that, check that the 'viewWidth'/'viewHeight' is big enough
so that the panels still have least 50 pixels left before setting their
size.
Reported in the Forum:
https://forum.proxmox.com/threads/136636/
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: point to forum thread ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Lukas Wagner [Tue, 14 Nov 2023 12:59:42 +0000 (13:59 +0100)]
api: notification: add disable and origin params
'disable' can be set to disable a matcher/target.
'origin' signals whether the configuration entry
was created by the user or whether it was built-in/
built-in-and-modified.
Lukas Wagner [Tue, 14 Nov 2023 12:59:41 +0000 (13:59 +0100)]
notify: add API routes for smtp endpoints
The Perl part of the API methods primarily defines the API schema,
checks for any needed privileges and then calls the actual Rust
implementation exposed via perlmod. Any errors returned by the Rust
code are translated into PVE::Exception, so that the API call fails
with the correct HTTP error code.
Lukas Wagner [Tue, 14 Nov 2023 12:59:34 +0000 (13:59 +0100)]
ui: dc: remove unneeded notification events panel
The notification event settings are replaced by notification matchers,
which will combine the notification routing and filtering into a
single concept.
As reported in the community forum and reproduced locally, issuing a
QEMU guest agent command would lead to an error when proxying to
another node:
> root@pve8a2 ~ # pvesh create /nodes/pve8a1/qemu/126/agent/exec --command 'whoami'
> Wide character in die at /usr/share/perl5/PVE/RESTHandler.pm line 918.
> proxy handler failed: Agent error: Guest agent command failed, error was 'Failed to execute child process “ARRAY(0x55842bb161a0)” (No such file or directory)'
Fix it, by splitting up array references correctly.
Stefan Lendl [Fri, 17 Nov 2023 14:26:13 +0000 (15:26 +0100)]
gitignore: add more build artefacts to ignore list and anchor to root
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
[ TL: fix subject & use more specific glob ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Aaron Lauterer [Wed, 8 Nov 2023 12:10:34 +0000 (13:10 +0100)]
api: osd: destroy: remove mclock max iops settings
Ceph does a quick benchmark when creating a new OSD and stores the
osd_mclock_max_capacity_iops_{ssd,hdd} settings in the config DB.
When destroying the OSD, Ceph does not automatically remove these
settings. Keeping them can be problematic if a new OSD with potentially
more performance is added and ends up getting the same OSD ID.
Therefore, we remove these settings ourselves when destroying an OSD.
Removing both variants, hdd and ssd should be fine, as the MON does not
complain if the setting does not exist.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com> Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
ship default link config to disable systemd link mac-policy
since debian 11, systemd is changing behaviour of MAC address of
bridge, but also bond, where the mac is generated randomly instead
inherit from the first slave.
We tried to fix that with ifupdown2, but that seems to produce some
regressions and independent of that there was still another problem.
Namely, if a bridge don't have any slaves, systemd is keeping bridge
offline.
That mean that a dhcp daemon like kea can't bind on a standalone
bridge (used for s-nat for example), until a tap interface is started.
So, set up a systemd link config to disable the systemd mac policy by
default (this don't break already fixed ifupdown2 mac).
Funnily CentOS && Fedora also disable it already:
https://fedoraproject.org/wiki/Changes/MAC_Address_Policy_none
https://gitlab.com/redhat/centos-stream/rpms/systemd/-/blob/c8953519504bf2e694bfbc2b02a456c1056f252e/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch#L43
Before this patch:
```
~ ip a sh dev vmbr1
vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 10
```
After this patch:
```
~ ip a sh dev vmbr1
vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
```
Signed-off-by: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
[ TL: move to /usr/lib/.. where distro files belong and add comment ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
- set degraded as warning instead working
- set undersized as warning instead error
- rename error as critical
- add "busy" (info-blue) color for working state
- use warning (orange) color for warning state
Signed-off-by: Alexandre Derumier <aderumier@odiso.com> Tested-By: Aaron Lauterer <a.lauterer@proxmox.com> Reviewed-By: Aaron Lauterer <a.lauterer@proxmox.com>
[ TL: fold in CSS class addition ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Christian Ebner [Wed, 9 Aug 2023 10:55:28 +0000 (12:55 +0200)]
fix #4442: Add date-time filtering for firewall logs
Extend the current firewall log view to add date time based filtering.
The user can switch between live view, which shows logs from the
unrotated log file, or to filter mode, where date time based filtering,
including rotated logs can be performed.
Enable the feature by setting the property and the submit format
for since and until timestamps expected by the api.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Thomas Lamprecht [Mon, 13 Nov 2023 13:12:33 +0000 (14:12 +0100)]
api: acme meta: require Sys.Audit on the node
As even though restricted to some specific endpoints and formats, one
can still scan HTTP, potentially also on the LAN.
We can do this here as the API call is new and was never packaged
since introduced, so this isn't a breaking change.
The TOS one will be removed with the next major release, so not a
problem anymore from then one.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>