Thomas Lamprecht [Thu, 13 Jan 2022 16:07:38 +0000 (17:07 +0100)]
d/control: hack: drop libpve-rs-perl dependency for now
not available on PMG and other places we use this lib (infra stuff)..
the perlmod stuff needs to be either more conditionally included, the
perlmod move to a more generic library (proxmox-rs?) or duplicated to
at least pmg-rs (albeit that wouldn't solve the infra pain points)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
new fields has been added recently, but values are not initialized
https://git.proxmox.com/?p=pve-common.git;a=commit;h=5a82eb712e4c879a271686f07c589fadc0b09185
as total of all fields is compute later, this can give undef values
Dominik Csapak [Wed, 1 Dec 2021 08:55:14 +0000 (09:55 +0100)]
CalendarEvent: use rust implementation
by replacing the parsing code and 'compute_next_event' by their
PVE::RS::CalendarEvent equivalent
adapt the tests, since we do not have access to the internal structure
(and even if we had, it would be different) and the error messages
are different
the 'compute_next_event' and parsing tests still pass though
for re-use in qemu-server/pve-container, which already have this option
duplicated. the '-pair' is needed for remote migration, but can also be
a nice addition to regular intra-cluster migration to lift the
restriction of having identically named bridges.
Oguz Bektas [Thu, 21 Oct 2021 14:36:19 +0000 (16:36 +0200)]
cgroup: cpu quota: fix resetting period length for v1
The CFS period µs value for cgroup v1 needs to be >= 1 µs and <= 1 s,
so resetting it to -1 (like we cab do for the quota) cannot work.
So, when the period is passed as undefined it should be set to 100ms,
i.e., the actual default value:
> - cpu.cfs_quota_us: the total available run-time within a period (in microseconds)
> - cpu.cfs_period_us: the length of a period (in microseconds)
> - cpu.stat: exports throttling statistics [explained further below]
>
> The default values are:
> cpu.cfs_period_us=100ms
> cpu.cfs_quota=-1
-- https://www.kernel.org/doc/html/v5.14/scheduler/sched-bwc.html
This issue was there since initial addition in its original repo,
pve-container commit 26b645e2.
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
[ Thomas: add more information, adapt commit subject to reduce
redundancy, link to new RsT based doc page with a fixed version ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 15 Oct 2021 09:23:22 +0000 (11:23 +0200)]
tempfile: improve base path selection
The path is not /that/ relevant privacy wise as we try to use
`O_TMPFILE` anyway and defaulting to /run generates trouble for calls
from non-root processes.
Try the user session run dir first, then /run if root or /tmp else.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 15 Oct 2021 08:36:09 +0000 (10:36 +0200)]
tools: fix some perlcritic lints
- Two-argument "open" used at line 462, column 3. See page 207 of
PBP. (Severity: 5)
- Subroutine "new" called using indirect syntax at line 487, column
15. See page 349 of PBP. (Severity: 5)
- Bareword file handle opened at line 1533, column 5. See pages 202,
204 of PBP. (Severity: 5)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
commit c86cfb8bbd9b505d06b580582297fa670561437b dropped allow-hotplug
from the primary interfaces file completely on write, but that breaks
setups that come from plain Debian.
Instead, as stop-gap measurement, transform "allow-hotplug" to auto
in the PVE controlled config.
That avoids conflict and improves installing PVE on top of plain
Debian, as the interface still comes up after the first reboot.
But it is not ideal auto is not the same as hotplug, so we need to
also track that difference in the future, but that needs some
adaptions in the API too (change autostart from boolean to
string+enum or so=
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 27 Sep 2021 06:57:10 +0000 (08:57 +0200)]
subscription: switch verification domain over to shop.proxmox.com
With the merger the shop got moved from shop.maurer-it to
shop.proxmox.com, while we transparently redirect we also want to
stop doing that in a few years, so use new domain.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Sat, 18 Sep 2021 12:38:59 +0000 (14:38 +0200)]
net: add get_local_ip helper
Sometimes we need to have a fallback for gai (get_ip_from_hostname)
but cannot yet rely on configured networks (get_reachable_networks)
from kernel POV (those may not have been configured yet, e.g., on
boot), so the ones configured in /etc/network/interfaces would be
nice too then, as they're the ones that will get configured soon
anyway on boot.
Add a new helper that takes in all those sources and allows to return
a single (first found) or all of those addresses.
Still prioritize the address we get from getaddrinfo, as there the
admin has control through /etc/hosts, DNS and gai.conf and treat the
remaining ones as fallback.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 17 Sep 2021 14:25:51 +0000 (16:25 +0200)]
net: add get_reachable_networks
will be used for the issue banner generators and for some "get
nodeip" calls as fallback for get_ip_from_hostname, which tends to
fail in our CT envs (e.g., PMG)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
it's an invalid combination that causes the network reload/setup to
fail. unfortunately, this is not caught by ifupdown2 itself, but only
rejected by the kernel with ERANGE over netlink.
Dominik Csapak [Mon, 21 Jun 2021 13:55:16 +0000 (15:55 +0200)]
SysFSTools: change 'product' to 'device'
so it is more consistend with the source (it comes from the file
'device') as well as the subsytem_device field
the only place we use that field is in the same file in pci_dev_bind_to_vfio,
which we also change here, so that should not be a breaking change
(in qemu-server we only really use the existance and the has_fl_reset
flag)
Fabian Ebner [Mon, 10 May 2021 12:18:15 +0000 (14:18 +0200)]
network: add canonical_ip function
Net::IP doesn't seem to have a function for it and normalizing to the full
quad-form is less then ideal if we inted to output IPv6 addresses returned by
that function at some point.
Instead, use NetAddr::IP, which is already used in pve-network.
tools: download_file_from_url: move check for existing file outside eval
it is not necessary to include this block in the eval which when it
fails tries to unlink $tmpdest, because in the check for the existing
file $tmpdest is not used.
tools: download_file_from_url: adapt error messages to start at new line
the front end expects the error message to be the first part of the
last line. putting the new line at the beginning of the die message
does not work, either.
Thomas Lamprecht [Tue, 15 Jun 2021 14:45:30 +0000 (16:45 +0200)]
inotify: also detect VLAN id from "vlan\d+" ifaces
We support also vlanX, with X being a integer for the VLAN id, as
valid vlan iface name, so support that too here.
and make the dev name check for definedness, even if "0" is currently
not really supported (officially) it is still a valid iface name for
the kernel (which takes any byte).
The VLAN id is in the range of [2, 4094] (inclusive) so defined check
is not required there.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
inotify: read_interfaces: add vlan-id and vlan-raw-device on dot notation vlan interfaces
Setting the vlan-id and vlan-raw-device value for vlan devices that
follow the dot notaton (interface.vlan) aligns how dot notation vlan
devices and vlan devices that use the explicit vlan-id and
vlan-raw-device options, available with ifupdown2, are represented in
API return values.
Previously the type for both was 'vlan' but only the latter showed more
details.
Setting these values here should not have any influence on how the
interfaces file is being written as these two values are already
filtered in __write_etc_network_interfaces for dot notation devices.
Thomas Lamprecht [Tue, 15 Jun 2021 12:11:07 +0000 (14:11 +0200)]
tools: download_file_from_url: improve UX and avoid cyclic dependencies
plus some refactoring
* drop worker, cannot be done here (RPCEnv is in pve-access-control)
* actually output the wrong "got" hash on mismatch
* die on existing file with mismatched
* drop double array for passing cmd
* drop `/usr/bin` prefix
* adapt rename error message
* add error handling for unlinking the temp. file
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
adds a common function to download arbitrary files from urls.
code is based on
manager:PVE/API2/Nodes.pm:aplinfo
Security notice: this function does not perform any permission
checking. The callee has to make sure, that only authorized users may
use this function.
Caution: This function is able to download files from internal
networks (which would not be visible/accessible from outside), the
callee needs to ensure that unprivileged (e.g., non root@pam or the
like) can only pass OK URLs (e.g., resolving to public routable IPs)
Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stoiko Ivanov [Wed, 5 May 2021 14:36:24 +0000 (16:36 +0200)]
daemon: add compat code for pmgproxy 6.x
The changes to the listening behavior introduced with PVE 6.4 break
backwardscompatibility w.r.t. listening address and logging, which
should not be changed without explictly notifying the user.
This patch re-adds the family parameter, which is still used by
pmgproxy and based on its existence creates the socket as before.
compared to the IO::Socket::IP->new call used before 390fc10dc4a696dd30646cbdd018ad08d855175f, the only change is the
renaming of 'LocalAddr' to 'LocalHost' (which are synonymous in
IO::Socket::IP [0])
It can simply be reverted with the release of pmg-api 7.0 (where
we'll record the change in the release-notes and upgrade-page)
Stoiko Ivanov [Wed, 5 May 2021 14:36:23 +0000 (16:36 +0200)]
daemon: explicitly bind to wildcard address.
with the recent change in pve-manager pveproxy (and spiceproxy)
try binding to '::' per default. This fails for hosts having disabled
ipv6 via kernel commandline.
Our desired behavior of binding on '::' and only falling back to
'0.0.0.0' in case this is not supported is not directly possible with
IO::Socket::IP->new (or rather by Socket::GetAddrInfo, which at least
on my system always returns the v4 wildcard-address first).
the code now binds to:
* the provided $host if not undef
* '::' if $host is not set
* '0.0.0.0' if $host is not set and binding on '::' yields undef,
which means that it failed to create a socket which normally means
that IPv6 is disabled
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stoiko Ivanov [Wed, 5 May 2021 14:36:22 +0000 (16:36 +0200)]
daemon: drop Domain parameter from create_reusable_socket
The Domain parameter for IO::Socket::IP is not used/needed.
It is needed to create a IP Socket when calling IO::Socket->new,
but here we call IO::Socket::IP-new directly (see [0]).
Fabian Ebner [Thu, 18 Mar 2021 08:44:18 +0000 (09:44 +0100)]
schema: check format: parse list formats as arrays
Previously, the returned value would be only the last element or undef in case
of an empty list. There's only a handful of callers of check_format() that look
at the return value and AFAICT none of the exisitng ones is for a -list format.
But best to avoid any future surprises.