Lukas Wagner [Tue, 14 Nov 2023 12:59:34 +0000 (13:59 +0100)]
ui: dc: remove unneeded notification events panel
The notification event settings are replaced by notification matchers,
which will combine the notification routing and filtering into a
single concept.
As reported in the community forum and reproduced locally, issuing a
QEMU guest agent command would lead to an error when proxying to
another node:
> root@pve8a2 ~ # pvesh create /nodes/pve8a1/qemu/126/agent/exec --command 'whoami'
> Wide character in die at /usr/share/perl5/PVE/RESTHandler.pm line 918.
> proxy handler failed: Agent error: Guest agent command failed, error was 'Failed to execute child process “ARRAY(0x55842bb161a0)” (No such file or directory)'
Fix it, by splitting up array references correctly.
Stefan Lendl [Fri, 17 Nov 2023 14:26:13 +0000 (15:26 +0100)]
gitignore: add more build artefacts to ignore list and anchor to root
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
[ TL: fix subject & use more specific glob ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Aaron Lauterer [Wed, 8 Nov 2023 12:10:34 +0000 (13:10 +0100)]
api: osd: destroy: remove mclock max iops settings
Ceph does a quick benchmark when creating a new OSD and stores the
osd_mclock_max_capacity_iops_{ssd,hdd} settings in the config DB.
When destroying the OSD, Ceph does not automatically remove these
settings. Keeping them can be problematic if a new OSD with potentially
more performance is added and ends up getting the same OSD ID.
Therefore, we remove these settings ourselves when destroying an OSD.
Removing both variants, hdd and ssd should be fine, as the MON does not
complain if the setting does not exist.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com> Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
ship default link config to disable systemd link mac-policy
since debian 11, systemd is changing behaviour of MAC address of
bridge, but also bond, where the mac is generated randomly instead
inherit from the first slave.
We tried to fix that with ifupdown2, but that seems to produce some
regressions and independent of that there was still another problem.
Namely, if a bridge don't have any slaves, systemd is keeping bridge
offline.
That mean that a dhcp daemon like kea can't bind on a standalone
bridge (used for s-nat for example), until a tap interface is started.
So, set up a systemd link config to disable the systemd mac policy by
default (this don't break already fixed ifupdown2 mac).
Funnily CentOS && Fedora also disable it already:
https://fedoraproject.org/wiki/Changes/MAC_Address_Policy_none
https://gitlab.com/redhat/centos-stream/rpms/systemd/-/blob/c8953519504bf2e694bfbc2b02a456c1056f252e/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch#L43
Before this patch:
```
~ ip a sh dev vmbr1
vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 10
```
After this patch:
```
~ ip a sh dev vmbr1
vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
```
Signed-off-by: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
[ TL: move to /usr/lib/.. where distro files belong and add comment ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
- set degraded as warning instead working
- set undersized as warning instead error
- rename error as critical
- add "busy" (info-blue) color for working state
- use warning (orange) color for warning state
Signed-off-by: Alexandre Derumier <aderumier@odiso.com> Tested-By: Aaron Lauterer <a.lauterer@proxmox.com> Reviewed-By: Aaron Lauterer <a.lauterer@proxmox.com>
[ TL: fold in CSS class addition ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Christian Ebner [Wed, 9 Aug 2023 10:55:28 +0000 (12:55 +0200)]
fix #4442: Add date-time filtering for firewall logs
Extend the current firewall log view to add date time based filtering.
The user can switch between live view, which shows logs from the
unrotated log file, or to filter mode, where date time based filtering,
including rotated logs can be performed.
Enable the feature by setting the property and the submit format
for since and until timestamps expected by the api.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Thomas Lamprecht [Mon, 13 Nov 2023 13:12:33 +0000 (14:12 +0100)]
api: acme meta: require Sys.Audit on the node
As even though restricted to some specific endpoints and formats, one
can still scan HTTP, potentially also on the LAN.
We can do this here as the API call is new and was never packaged
since introduced, so this isn't a breaking change.
The TOS one will be removed with the next major release, so not a
problem anymore from then one.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Folke Gleumes [Tue, 31 Oct 2023 09:05:12 +0000 (10:05 +0100)]
api/acme: deprecate tos endpoint in favor of meta
The ToS endpoint ignored data that is needed to detect if EAB needs to
be used. Instead of adding a new endpoint that does the same request,
the tos endpoint is deprecated and replaced by the meta endpoint,
that returns all information returned by the directory.
Dominik Csapak [Thu, 9 Nov 2023 10:56:24 +0000 (11:56 +0100)]
ui: add tooltips to non-full tags globally
by using the delegate function of ExtJS' tooltips on the global
Workspace element and using the proper css selectors
this way, we can limit the tooltips to the non-full ones
(in contrast to using data-qtip on the element, which would
always be show, even for tags with the 'full' style)
Dominik Csapak [Thu, 9 Nov 2023 10:47:59 +0000 (11:47 +0100)]
ui: bulk actions: rework filters and include tags
This moves the filters out of the grid header for the BulkActions and
puts them into their own fieldset above the grid. With that, we can
easily include a tags filter (one include and one exclude list).
The filter fieldset is collapsible and shows the active filters in
parenthesis. aside from that the filter should be the same as before.
To achieve the result, we regenerate the filterFn on every change of
every filter field, and set it with an 'id' so that only that filter is
overridden each time.
To make this work, we have to change three tiny details:
* manually set the labelWidths for the fields, otherwise it breaks
the ones in the fieldset.
* change the counting in the 'getErrors' of the VMSelector, so that we
actually get the count of selected VMs, not the one from the
selectionModel
* override the plugins to '' in the BulkAction windows, so that e.g. in
the backup window we still have the filters in the grid header
(we could add a filter box there too, but that is already very crowded
and would take up too much space for now)
Folke Gleumes [Tue, 7 Nov 2023 11:38:52 +0000 (12:38 +0100)]
fix #2336: ui: adjust message for bulk start/stop/migrate
The message in the Task Log has been 'Start/Stop/Migrate all...',
which is misleading since not everything might be affected by bulk actions.
This also affects the messages send at a nodes startup and shutdown, but
since this just affects a subgroup of VMs/Containers (those who are
onboot=1) the new wording still applies better than the previous.
Aaron Lauterer [Wed, 23 Aug 2023 09:44:27 +0000 (11:44 +0200)]
fix #4631: ceph: osd: create: add osds-per-device
Allows to automatically create multiple OSDs per physical device. The
main use case are fast NVME drives that would be bottlenecked by a
single OSD service.
By using the 'ceph-volume lvm batch' command instead of the 'ceph-volume
lvm create' for multiple OSDs / device, we don't have to deal with the
split of the drive ourselves.
But this means that the parameters to specify a DB or WAL device won't
work as the 'batch' command doesn't use them. Dedicated DB and WAL
devices don't make much sense anyway if we place the OSDs on fast NVME
drives.
Some other changes to how the command is built were needed as well, as
the 'batch' command needs the path to the disk as a positional argument,
not as '--data /dev/sdX'.
We drop the '--cluster-fsid' parameter because the 'batch' command
doesn't accept it. The 'create' will fall back to reading it from the
ceph.conf file.
Removal of OSDs works as expected without any code changes. As long as
there are other OSDs on a disk, the VG & PV won't be removed, even if
'cleanup' is enabled.
The '--no-auto' parameter is used to avoid the following deprecation
warning:
```
--> DEPRECATION NOTICE
--> You are using the legacy automatic disk sorting behavior
--> The Pacific release will change the default to --no-auto
--> passed data devices: 1 physical, 0 LVM
--> relative data size: 0.3333333333333333
```
Stoiko Ivanov [Wed, 11 Oct 2023 13:23:42 +0000 (15:23 +0200)]
pve7to8: check for proper grub meta-package for bootmode
This should catch installations from our ISO on non-ZFS in uefi mode,
which won't get the updated grub efi binary installed upon upgrade,
because grub-pc is installed instead of grub-efi-amd64.
Adding this to pve7to8 should make this even more visible, than the
corresponding patch for promxox-kernel-helper (warnings printed during
regular package upgrades might be overlooked more easily than
a yellow line in the major upgrade checkscript)
The if/else order was chosen to limit the nesting level of the long
messages.
ui: guest wizard: increase height to match 4:3 ratio
solving an issue where the CPU extra-flags grid had less space than
it's fixed height allowed.
While we also could have reduced that height, having a nicer ratio and
a bit more vertical "breathing room" seem slightly nicer to me.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Wed, 25 Oct 2023 11:09:38 +0000 (13:09 +0200)]
ui: wizards: allow adding tags in the qemu/lxc create wizard
in the general tab in the advanced section.
For that to work, we introduce a new option for the TagEditContainer
named 'editOnly', which controls now the cancel/finish buttons,
automatically enter edit mode and disable enter/escape keypresses.
We also prevent now the loading of tags while in edit mode, so the tags
don't change while editing (this can be jarring and unexpected).
Then we wrap that all in a FieldSet that implements the Field mixin, so
we can easily use that in the wizard. There we set a maxHeight so that
the field can grow so that it still fits in the wizard.
To properly align the input with the '+' button, we have to add a custom
css class there. (In the hbox we could set the alignment, but this is
not possible in the 'column' layout)
node console: restrict all non-login commands to root@pam
and not just upgrade.
note that the only other non-login command (ceph_install) is restricted to
root@pam in the web UI anyway, and that the termproxy endpoint is lacking this
check and thus always falls back to a login prompt for non-login commands
requested by non-root users.
Aaron Lauterer [Tue, 3 Oct 2023 11:36:37 +0000 (13:36 +0200)]
report: dir2text: ignore special . and .. files
So far this hasn't been an issue as each user of dir2text wanted files
with a specific pattern. But if we want every file in the directory, we
need to skip the special files '.' and '..'.
Thomas Lamprecht [Sun, 29 Oct 2023 18:47:40 +0000 (19:47 +0100)]
ui: disable new notification UI for now, will be reworked
Lukas is currently reworking this so that we have a single panel,
where the filters are match-entries that can also provide the
functionality of the hard-coded filters in the other panel, reducing
complexity and adding flexibility.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 19 Oct 2023 13:36:05 +0000 (15:36 +0200)]
ui: tags: fix focus for edit mode
such that one can tab through the editable tag fields.
We have to handle that manually, since ExtJs does not expect
contenteditable html tags for focus handling.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Christoph Heiss [Wed, 5 Jul 2023 11:12:49 +0000 (13:12 +0200)]
ui: container guest status: show distro logo and name in summary header
It fits neatly there, is rather intrusive and yet still visible at
first sight. It also solves the problem of having to create a bigger
row, so that the icon is still easily recognisable. At the default
font-size of 13pt, this really wasn't the case.
Verified that each supported distro is present in the font and the
name matches up and tested through all supported distros (including
'unmanaged').
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com> Reviewed-by: Dominik Csapak <d.csapak@proxmox.com> Tested-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: html-encode, just to be sure, as reviewed by Dominik ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Christoph Heiss [Wed, 5 Jul 2023 11:12:48 +0000 (13:12 +0200)]
ui: container guest status: show privileged status as new row
As that info is not available through the store (which stores the
status), it must be fetched separately.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com> Reviewed-by: Dominik Csapak <d.csapak@proxmox.com> Tested-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: rework subject and avoid arror-fn for controller to keep `this`
working, as reviewed by Dominik ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This is due the API call returning a "download" object (as seen above),
which contains (among some other things) a file handle to read the
response from.
With this patch, the response from such endpoints is now correctly read
and displayed. Only handles combinations of `Content-Encoding` == 'gzip'
and either 'text/plain' or 'application/json' for `Content-Type`.
This tries to mimic the behavior of the API server implementation when
encountering `download` objects.
Tested this with all four output formats 'text', 'json', 'json-pretty'
and 'yaml', as well as "cross-node" in a local test cluster.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
Thomas Lamprecht [Tue, 10 Oct 2023 13:29:21 +0000 (15:29 +0200)]
ui: ceph warnings: lower opacity for no-details text
to make it more clear that this is not the details, but a UI text
placeholder.
Add a `pmx-faded` class that reduced opacity, as there where recent
discussion about adding such a utility class to widget-toolkit anyway.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 10 Oct 2023 06:19:33 +0000 (08:19 +0200)]
ui: ceph warnings: use normal font-weight
The use of the <pre> tag will result in font-family `monospace`, and
monospace fonts are often a bit odd w.r.t. size and weight. E.g.,
without this I get a light-font selected, which is hardly visible.
Set the weight to normal, which should not hurt those that got a
better font selection by there system/browser already.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 10 Oct 2023 06:17:29 +0000 (08:17 +0200)]
ui: ceph warnings: render whitespace as pre-wrap
To avoid potential horizontal scrolling on smaller screens, which can
be a PITA as the scroll bar is at the bottom, so users have to scroll
down to move it left and right..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Aaron Lauterer [Mon, 2 Oct 2023 09:00:26 +0000 (11:00 +0200)]
ui: ceph: improve discoverability of warning details
by
* replacing the info button with expandable rows that contain the
details of the warning
* adding two action buttons to copy the summary and details
* making the text selectable
The row expander works like the one in the mail gateway tracking center
-> doubleclick only opens it.
The height of the warning grid is limited to not grow too large.
A Diffstore is used to avoid expanded rows being collapsed on an update.
The rowexpander cannot hide the toggle out of the box. Therefore, if
there is no detailed message for a warning, we show a placeholder text.
We could consider extending it in the future to only show the toggle if
a defined condition is met.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
We already trim correctly in the API endpoint's code, but that happens
after the parameter verification from the REST server, and as
patterns are anchored between ^$pattern$ there by default, it fails if
someone sends some whitespace before/after the actual key.
Simply allow arbitrary whitespace, but only at the API endpoint
itself, do not adapt the subscription pattern to avoid that an actual
whitespace sneaks in and let some lower level code throw up on it.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
ui: vm selector: gracefully handle empty IDs in setValue function
An empty string is passed by the backup job window when using
selection mode 'all', would be converted to [""] and wrongly add an
entry with VMID 0 because the item "" could not be found in the store.
Reported in the community forum:
https://forum.proxmox.com/threads/130164/
Fixes: 7a5ca76a ("fix #4239: ui: show selected but non-existing vmids in backup edit") Suggested-by: Dominik Csapak <d.csapak@proxmox.com> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>