and also show the retention options that will be used for a given storage. A
user with Datastore.AllocateSpace and VM.Backup can already remove backups from
the GUI manually, so it shouldn't be a problem if they can set the remove flag
when starting a manual backup in the GUI.
ui: backup: fill in some of the configured vzdump defaults
Do not fill in the default for compression, because the initial default for the
backend is to not compress, while the current default for the UI is zstd, which
is preferable.
The 'defaults' API call expects the user to have permissions on the storage,
because retention options are storage-dependent. Use a flag initialDefaults to
make sure storage-independent properties are only set once, so they are not
reset when a user changes the storage after editing them.
api: vzdump: add call to get currently configured vzdump defaults
on a given node (and storage).
There is no datacenter/storage fallback for the bandwidth limit, so the default
can just be returned as is. While the bandwidth limit is a root-only option when
executing the backup, it still makes sense to return it for all users, so they
can see what's going to be used.
To make them load the updated librados2, as else they may potentially
not be able to communicate with the potentially newer ceph monitors,
as Debian 10 ships Jewel (12.2) by default...
While we could do some more fancy signaling to the workers to reload
the lib, that is rather a PITA and complex solution for something
that happens once in a blue moon.
We may want to add a trigger in ceph for this on updates though, that
would effectively fix this too - but needs to be thought out better.
So for now lets go with the simplest solution.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 27 Apr 2021 10:29:58 +0000 (12:29 +0200)]
api: ceph/monitor: automatically disable insecure global ID reclaim after creating first monitor
nautilus 14.2.20 and octopus 15.2.11 fixed a security issue with
reclaiming the global ID auth (CVE-2021-20288). As fixing this issue
means that older client won't be able to connect anymore, the fix was
done behind a switch, with a HEALTH warning if it was not active
(i.e., disallowed connection from older clients).
New installations have this switch also at the insecure level, for
compat reasons, so lets deactivate it ourself after monitor creation
to avoid the health warning and slightly insecure setup (in default
PVE ceph the whole issue was of rather low impact/risk). But, only do
so when creating the first monitor of a ceph cluster, to avoid
breaking existing setups by accident.
An admin can always switch it back again, e.g., if they're recovering
from some failure and need to setup fresh monitors but have still old
clients.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Makes it possible to configure the RBD namespace via the GUI.
RBD namespaces must be configured manually. The most likely use case is
when connecting to an external Ceph cluster as this makes it possible to
separate client PVE clusters by namespace, not by pool.
Thomas Lamprecht [Mon, 26 Apr 2021 10:30:56 +0000 (12:30 +0200)]
ui: ceph status: use two column layout for 1600+ window width
Looks already OK at that size, and one gets a better overview.
We have a slightly complex layout here (to columns which should be
above each other) so we cannot just use the generic helper, but
that's OK here - it *is* a special view.
Note, not all people use full-sized windows all the time, so the
widths here must not only be considered in terms of display
resolutions...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 23 Apr 2021 16:51:57 +0000 (18:51 +0200)]
ui: ceph pools: avoid resetting crush rule hwne editing a pool
we are only allowed to set autoselect the first record after load on
creation, else we may change the value by mistake which, if the admin
does not notices when changing some other setting, can be quite fatal
as it can trigger a huge rebalance, where the cause may then not even
be obvious and thus an admin be quite baffled.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
ui: set file name for spice console download in chrome
When the virt-viewer file is downloaded we already set a file name in
Android, so the file type may be recognized. Also doing this in
Chrome (and Chromium based browsers) allows users to "alyways open
files of this type". So the browser automatically opens the console
window without user interaction.
Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Limiting the length of the source and dest paramters helps to avoid
problems with iptables-restore which would not apply a rule if a
parameter is larger than the parameter buffer (1024)[0]. As the API is
already limiting this, we should also reflect that in the GUI and give
people a hint that IP sets are most likely the better approach.
fix #3385: api: network: check for used ports before writing
Currently the check for used ports for bonds and bridges happens
while rendering '/etc/network/interfaces.new' in PVE::Inotify
(pve-common).
However at that stage the new/updated interface is already merged
with the old settings, making it impossible to indicate where a NIC
is currently used.
The code is adapted from the renderer in
PVE::Inotify::__write_etc_network_interfaces.
Tested on a virtual PVE instance.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The purge parameter is always explicitly set, which is different from the
existing behavior, but it does not rely on what the default in the backend is.
we want to use spice for vms more than xtermjs if both are available
(since spice must be chosen as display in that case)
so the resulting order of preference for vms is:
spice
xtermjs
novnc
since all methods work for containers always, there we use
xtermjs by default, or what is chosen in the datacenter option
Thomas Lamprecht [Wed, 21 Apr 2021 15:34:22 +0000 (17:34 +0200)]
api: ceph pool create: replace left-over complex error handling
this was from the time where we had a loop here to add two storages,
one for KRDB-only and one for KRBD-never. Nowadays we can handle the
mixed case just fine, but the patch dropping that forget to cleanup
the error handling..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 21 Apr 2021 11:11:39 +0000 (13:11 +0200)]
ui: size-field: add more units
This would probably benefit from being an object alá:
```
'GiB': {
base: 2,
order: 30,
},
```
but that would be a transparent internal change, and the current way
isn't yet a limitation, so ...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Since Ceph Nautilus 14.2.10 and Octopus 15.2.2 the min_size of a pool is
calculated by the size (round(size / 2)). When size is applied after
min_size to the pool, the manual specified min_size will be overwritten.
* add the ability to edit an existing pool
* allow adjustment of autoscale settings
* warn if user specifies min_size 1
* disallow min_size 1 on pool create
* calculate min_size replica by size
In Ceph Octopus the device_health_metrics pool is auto-created with 1
PG. Since Ceph has the ability to split/merge PGs, hitting the wrong PG
count is now less of an issue anyhow.