pve-common.git
12 hours agoJSONSchema: use validator in print_property_string too master
Stefan Reiter [Thu, 25 Jun 2020 11:35:40 +0000 (13:35 +0200)]
JSONSchema: use validator in print_property_string too

Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
12 hours agoJSONSchema: add format validator support and cleanup check_format
Stefan Reiter [Thu, 25 Jun 2020 11:35:39 +0000 (13:35 +0200)]
JSONSchema: add format validator support and cleanup check_format

Adds a third, optional parameter to register_format that allows specifying
a function that will be called after parsing and can validate the parsed
data. A validator should die on failed validation, and can also change the
parsed object by returning a modified version of it.

This is useful so one can register a format with its hash, thus allowing
documentation to be generated automatically, while still enforcing certain
validation rules.

The validator only needs to be called in parse_property_string, since
check_format always calls parse_property_string if there is a
possibility of a validator existing at all. parse_property_string should
then be called with named formats for best effect, as only then can
validators be used.

Clean up 'check_format' as well (which pretty much amounts to a rewrite).
No existing functionality is intentionally changed.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
3 days agobump version to 6.1-4
Thomas Lamprecht [Fri, 3 Jul 2020 12:17:04 +0000 (14:17 +0200)]
bump version to 6.1-4

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 days agofollouwp: improve comment detection and refactor slightly
Thomas Lamprecht [Fri, 26 Jun 2020 07:55:21 +0000 (09:55 +0200)]
follouwp: improve comment detection and refactor slightly

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 days agoschema: register 'timezone' format and add verification method
Oguz Bektas [Wed, 17 Jun 2020 13:32:29 +0000 (15:32 +0200)]
schema: register 'timezone' format and add verification method

/usr/share/zoneinfo/zone.tab has the valid list of time zones.

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 weeks agofix #2796: debian/postinst: check for existing /etc/aliases
Stoiko Ivanov [Fri, 12 Jun 2020 09:14:38 +0000 (11:14 +0200)]
fix #2796: debian/postinst: check for existing /etc/aliases

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 weeks agofix #2374: bridge-ports is assumed to be defined
Mira Limbeck [Wed, 10 Jun 2020 14:03:38 +0000 (16:03 +0200)]
fix #2374: bridge-ports is assumed to be defined

bridge-ports is an optional parameter but was assumed to be defined in
the code. This resulted in 'use of uninitialized value' warnings.

By reordering of the $ports definition before the replace, we get rid of
the 'use of uninitialized value' when no bridge-port is specified.

In the second case we set it to an empty string when it is undefined.

Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
4 weeks agobump version to 6.1-3
Thomas Lamprecht [Mon, 8 Jun 2020 15:37:13 +0000 (17:37 +0200)]
bump version to 6.1-3

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 weeks agoInotify: write_network_interfaces : always autostart bond slaves interfaces
Alexandre Derumier [Sun, 7 Jun 2020 11:39:47 +0000 (13:39 +0200)]
Inotify: write_network_interfaces : always autostart bond slaves interfaces

Currently, bond slaves are mostly working without autostart,
because bond slaves scripts from ifupdown1 && also ifupdown2
 have some kind of hacks to start the slaves.

But if users want to do some tuning on the ifaces, they are not applied.

Also, with ifupdown2 + ovs, this kind of hack is not implemented (yet), so the
slaves of the bond are still down.

Debian/Ubuntu official docs always set "auto ethX" for bond slaves,
it's really more clean like this.

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
4 weeks agoAdd cpu core count to /nodes/{id}/status API result
Mike Beattie [Fri, 29 May 2020 10:58:52 +0000 (22:58 +1200)]
Add cpu core count to /nodes/{id}/status API result

This is useful for when collecting data for Guest OS licensing (Microsoft)
where physical core count matters, not socket or thread count.

The "cpus" value counts threads when Hyperthreading is enabled.

Signed-off-by: Mike Beattie <mike@ethernal.org>
4 weeks agonetwork: vlan-aware bridge: fix pvid when trunks is defined
Alexandre Derumier [Mon, 25 May 2020 11:05:08 +0000 (13:05 +0200)]
network: vlan-aware bridge: fix pvid when trunks is defined

Currently, when a trunks is defined, the vlan tag is not used
for pvid with vlan-aware bridge. (It's ok with ovs switch)

example:

net0: e1000=BA:90:68:B8:CF:F5,bridge=vmbr1,tag=2,trunks=2-11

before
------
tap100i0  2-11

after
-----
tap100i0  2 PVID Egress Untagged
 3-11

No regression for other configurations:

net0: e1000=BA:90:68:B8:CF:F5,bridge=vmbr1

before
------
tap100i0  1 PVID Egress Untagged
 2-4094

after
-----
tap100i0  1 PVID Egress Untagged
 2-4094

net0: e1000=BA:90:68:B8:CF:F5,bridge=vmbr1,tag=2

before
------
tap100i0  2 PVID Egress Untagged

after
-----
tap100i0  2 PVID Egress Untagged

net0: e1000=BA:90:68:B8:CF:F5,bridge=vmbr1,trunks=2-11

before
------
tap100i0  1 PVID Egress Untagged
 2-11

after
-----
tap100i0  1 PVID Egress Untagged
 2-11

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
8 weeks agoread_bridge_mtu: public method instead private
Alexandre Derumier [Fri, 17 Apr 2020 05:47:05 +0000 (07:47 +0200)]
read_bridge_mtu: public method instead private

8 weeks agobump version to 6.1-2
Thomas Lamprecht [Sat, 9 May 2020 19:01:10 +0000 (21:01 +0200)]
bump version to 6.1-2

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 weeks agonetwork: bridge add IF: do not add all VLANs if $trunks are passed
Thomas Lamprecht [Sat, 9 May 2020 18:53:28 +0000 (20:53 +0200)]
network: bridge add IF: do not add all VLANs if $trunks are passed

fixes commit 89ea13ef6b1555f92309da5c298e16579163eaf4 and
restores old behavior, the "if !$trunks" post-if was a bit suble, it
did not guard the die, but the system command previously - the die
was || (ORd) to the command, bad code style to begin with..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agobump version to 6.1-1
Thomas Lamprecht [Wed, 6 May 2020 10:14:10 +0000 (12:14 +0200)]
bump version to 6.1-1

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agonetwork: fix adding vlan tags to bridge
Fabian Grünbichler [Wed, 6 May 2020 10:03:20 +0000 (12:03 +0200)]
network: fix adding vlan tags to bridge

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agoProcFSTools: fix read_meminfo without KSM
Stoiko Ivanov [Tue, 5 May 2020 15:01:07 +0000 (17:01 +0200)]
ProcFSTools: fix read_meminfo without KSM

on kernel configs where KSM is not enabled (e.g. an openstack instance at
OVH) the file /sys/kernel/mm/ksm/pages_sharing does not exist.
In that case there is no memory shared so assuming 0 is reasonable.

While this is not the case with our shipped kernel, and thus will probably
not happen on a PVE installation, PMG can run quite happily with a different
kernel (the reporter had this on an openstack instance at OVH).

a quick grep through our codebase showed only the API2::Nodes::Nodeinfo::status
call as user of the memshared property.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2 months agoprint_text_table: handle undefined values in comparision
Fabian Ebner [Tue, 28 Apr 2020 08:18:26 +0000 (10:18 +0200)]
print_text_table: handle undefined values in comparision

by introducing a safe_compare helper. Fixes warnings, e.g.
pvesh get /nodes/<NODE>/network
would print "use of uninitialized"-warnings if there are inactive
network interfaces, because for those, 'active' is undef.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
Tested-by: Oguz Bektas <o.bektas@proxmox.com>
2 months agofix #2696: avoid 'undefined value' warning in 'pvesh help unknown'
Stefan Reiter [Mon, 4 May 2020 12:02:47 +0000 (14:02 +0200)]
fix #2696: avoid 'undefined value' warning in 'pvesh help unknown'

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2 months agobump version to 6.0-20
Fabian Grünbichler [Mon, 20 Apr 2020 08:04:10 +0000 (10:04 +0200)]
bump version to 6.0-20

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agoJSONSchema: allow to import parse_property_string
Thomas Lamprecht [Sat, 2 May 2020 16:42:35 +0000 (18:42 +0200)]
JSONSchema: allow to import parse_property_string

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agobuild: remove ACME modules
Fabian Grünbichler [Mon, 20 Apr 2020 08:03:08 +0000 (10:03 +0200)]
build: remove ACME modules

from Makefile as well

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agoMove the code to proxmox-acme and add a dependency on it.
Wolfgang Link [Thu, 16 Apr 2020 05:18:20 +0000 (07:18 +0200)]
Move the code to proxmox-acme and add a dependency on it.

Signed-off-by: Wolfgang Link <w.link@proxmox.com>
2 months agosection config: use croak so that the error is from the callers POV
Thomas Lamprecht [Wed, 29 Apr 2020 12:51:59 +0000 (14:51 +0200)]
section config: use croak so that the error is from the callers POV

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agoJSONSchema: extend pve-configid regex by '-'
Dominik Csapak [Thu, 9 Apr 2020 14:10:41 +0000 (16:10 +0200)]
JSONSchema: extend pve-configid regex by '-'

we use this format for all 'delete' options but we have some options
that have a '-' in the name (e.g. 'sync-defaults-options') that cannot
be deleted if it is not included

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 months agonetwork: replace system() with run_command()
Fabian Grünbichler [Wed, 8 Apr 2020 12:02:50 +0000 (14:02 +0200)]
network: replace system() with run_command()

easier to read and extend, and safer as well.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agonetwork: remove unused debug code
Fabian Grünbichler [Wed, 8 Apr 2020 12:02:48 +0000 (14:02 +0200)]
network: remove unused debug code

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agoinotify: trailing whitespaces: comment and drop now superfluous chomp
Thomas Lamprecht [Tue, 7 Apr 2020 16:12:54 +0000 (18:12 +0200)]
inotify: trailing whitespaces: comment and drop now superfluous chomp

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agoInotify: read_interfaces : remove trailing whitespaces
Alexandre Derumier [Sun, 5 Apr 2020 08:33:00 +0000 (10:33 +0200)]
Inotify: read_interfaces : remove trailing whitespaces

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
3 months agobump version to 6.0-19
Thomas Lamprecht [Sat, 4 Apr 2020 17:55:27 +0000 (19:55 +0200)]
bump version to 6.0-19

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoidmap followup: avoid false-negatives through falsy values in collision check
Thomas Lamprecht [Thu, 2 Apr 2020 15:30:55 +0000 (17:30 +0200)]
idmap followup: avoid false-negatives through falsy values in collision check

By using "exists" when checking if a hash entry is set, else things
like "0" could get accepted by mistake.

Also cleanup the code a little, like dropping the "PVE::JSONSchema::"
prefix, this is now in that module after all.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoJSONSchema: add idmap parser and storagepair format
Fabian Grünbichler [Mon, 30 Mar 2020 11:41:28 +0000 (13:41 +0200)]
JSONSchema: add idmap parser and storagepair format

generalized from the start to support extension to bridges or other
entities as well.

this gets us incremental support for the CLI, e.g.:

--targetstorage foo:bar --targetstorage bar:baz --targetstorage foo

creates a mapping of

foo=>bar
bar=>baz

with a default of foo

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
3 months agocpuset: also split write methods
Wolfgang Bumiller [Wed, 1 Apr 2020 10:20:59 +0000 (12:20 +0200)]
cpuset: also split write methods

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 months agocpuset: allow empty cpusets
Wolfgang Bumiller [Wed, 1 Apr 2020 10:20:58 +0000 (12:20 +0200)]
cpuset: allow empty cpusets

This is explicitly allowed in the documentation and happens
easily with cgroupv2 as there it is used to inherit from the
closest ancestor.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 months agoRegister acme-plugin-format
Wolfgang Link [Tue, 31 Mar 2020 10:08:35 +0000 (12:08 +0200)]
Register acme-plugin-format

Signed-off-by: Wolfgang Link <w.link@proxmox.com>
3 months agoReuse id parse code.
Wolfgang Link [Tue, 31 Mar 2020 10:08:34 +0000 (12:08 +0200)]
Reuse id parse code.

The storage_id is the same as the plugin_id.

Signed-off-by: Wolfgang Link <w.link@proxmox.com>
3 months agocpuset: cgroupv2 support
Wolfgang Bumiller [Mon, 30 Mar 2020 14:30:35 +0000 (16:30 +0200)]
cpuset: cgroupv2 support

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 months agocpuset: further factorization
Wolfgang Bumiller [Mon, 30 Mar 2020 14:30:34 +0000 (16:30 +0200)]
cpuset: further factorization

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 months agocpuset: replace 'kind' with an 'effective' boolean
Wolfgang Bumiller [Mon, 30 Mar 2020 14:30:33 +0000 (16:30 +0200)]
cpuset: replace 'kind' with an 'effective' boolean

All of our users of this function currently either pass
'effective_cpus' or nothing (undef), and in cgroupv2 the
effective-cpuset file uses a different naming scheme.

Since this is only a distinction between "intended" and
"effective", use this as a boolean instead, for easier
future cgroupv2 support.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 months agocpuset: cleanup/refactor
Wolfgang Bumiller [Mon, 30 Mar 2020 14:30:32 +0000 (16:30 +0200)]
cpuset: cleanup/refactor

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 months agobump version to 6.0-18
Thomas Lamprecht [Sat, 21 Mar 2020 15:49:51 +0000 (16:49 +0100)]
bump version to 6.0-18

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoldap: add optional classes to query_users
Dominik Csapak [Fri, 13 Mar 2020 12:18:43 +0000 (13:18 +0100)]
ldap: add optional classes to query_users

and filter by it

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
3 months agoldap: optionally save group name by attribute
Dominik Csapak [Fri, 13 Mar 2020 12:18:42 +0000 (13:18 +0100)]
ldap: optionally save group name by attribute

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
3 months agobump version to 6.0-17
Thomas Lamprecht [Fri, 13 Mar 2020 11:25:03 +0000 (12:25 +0100)]
bump version to 6.0-17

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agot.list-interfaces.pl: add cidr address test
Alexandre Derumier [Fri, 13 Mar 2020 10:48:11 +0000 (11:48 +0100)]
t.list-interfaces.pl: add cidr address test

also reuse wanted values

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoinotify/interfaces: fallback to cidr for address on write
Thomas Lamprecht [Fri, 13 Mar 2020 10:36:31 +0000 (11:36 +0100)]
inotify/interfaces: fallback to cidr for address on write

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoinotify/interfaces: ensure cidr, address and netmask are set correctly
Thomas Lamprecht [Fri, 13 Mar 2020 10:14:55 +0000 (11:14 +0100)]
inotify/interfaces: ensure cidr, address and netmask are set correctly

This should bring back compatibillity in the read site and one for
all clears that cidr is cidr, netmask is mask and address is address
(outgoing).

We're still very flexible on what can be written out.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agotest: list ifaces: fix indentation of expected structure
Thomas Lamprecht [Fri, 13 Mar 2020 10:07:17 +0000 (11:07 +0100)]
test: list ifaces: fix indentation of expected structure

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoINotify: sort and spli module usage
Thomas Lamprecht [Fri, 13 Mar 2020 10:04:46 +0000 (11:04 +0100)]
INotify: sort and spli module usage

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoruntest: clone config before passing to write to avoid side effects
Thomas Lamprecht [Fri, 13 Mar 2020 10:01:01 +0000 (11:01 +0100)]
runtest: clone config before passing to write to avoid side effects

write changes some parts of the config, if this is a reference to the
config used for checking parsing it may lead to unexpected failures
due to those side effects..

For me it was "cidr" and "cidr6" getting deleted, and thus upcomming
tests for a compat change failing without any apparent reason.. :/

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agobump version to 6.0-16
Thomas Lamprecht [Thu, 12 Mar 2020 15:15:21 +0000 (16:15 +0100)]
bump version to 6.0-16

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoinotify: fix compatibillity with address + netmask separate passed
Thomas Lamprecht [Thu, 12 Mar 2020 14:21:55 +0000 (15:21 +0100)]
inotify: fix compatibillity with address + netmask separate passed

fixes commit 78c6656c9aba1d57786f916717c2622a3059fb6 which dropped
writing out the netmask but missed to add compat code for the case
where the caller did not suplly a address in CIDR format already.

Check if an address ends with /\d+, if not see if a netmask is
available and add that similar how it gets handled on read.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-By: Stoiko Ivanov <s.ivanov@proxmox.com>
3 months agoinotify: indentation fix
Thomas Lamprecht [Thu, 12 Mar 2020 14:21:15 +0000 (15:21 +0100)]
inotify: indentation fix

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agobump version to 6.0-15
Thomas Lamprecht [Mon, 9 Mar 2020 16:02:16 +0000 (17:02 +0100)]
bump version to 6.0-15

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoLDAP: fix missing newline in error message
Thomas Lamprecht [Mon, 9 Mar 2020 16:29:37 +0000 (17:29 +0100)]
LDAP: fix missing newline in error message

seems like LDAP->new doesn't adds it, so we get the ". at
/path/to/module.pm line xy" ugly error

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agod/control: break pmg-api (<< 6.1-7)
Thomas Lamprecht [Mon, 9 Mar 2020 15:59:44 +0000 (16:59 +0100)]
d/control: break pmg-api (<< 6.1-7)

as we now register the ldap-simple-attr' format, and double
registrations result in exceptions.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoadd ldap-simple-attr from pmg
Dominik Csapak [Fri, 6 Mar 2020 10:05:36 +0000 (11:05 +0100)]
add ldap-simple-attr from pmg

we also need it in pve

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
3 months agoRESTHandler getopt_usage: schema properties can be undef
Thomas Lamprecht [Mon, 9 Mar 2020 11:24:07 +0000 (12:24 +0100)]
RESTHandler getopt_usage: schema properties can be undef

While seldom some of our API endpoints do not define it, e.g., the
world readable /access/ticket call.

As all of the stack can cope with that just fine make getopt_usage
also follow that behavior and don't assume that properties has to be
defined.

This fixes a complaint about undefined value use in the following
calls:
 pvesh usage /access/ticket
 pmgsh help /access

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoinotify: read interfaces: avoid uninitialized value access
Thomas Lamprecht [Mon, 9 Mar 2020 10:28:21 +0000 (11:28 +0100)]
inotify: read interfaces: avoid uninitialized value access

check if 'ovs_type' is defined first

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoRevert "Network: tap_create|plug : sdn : use bridge_vlan"
Thomas Lamprecht [Mon, 9 Mar 2020 06:32:06 +0000 (07:32 +0100)]
Revert "Network: tap_create|plug : sdn : use bridge_vlan"

With revert "network: followup: move graceful require SDN out from
subs" squashed.

This reverts commit c02d6d1c96a97cbdfb47d0ff28bca833bce2f91a.
This reverts commit 35f2791ffa3f855c8f24a10f1f09f1262e3d9fab.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agobump version to 6.0-14
Thomas Lamprecht [Sat, 7 Mar 2020 16:51:19 +0000 (17:51 +0100)]
bump version to 6.0-14

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agonetwork: followup: move graceful require SDN out from subs
Thomas Lamprecht [Sat, 7 Mar 2020 17:09:15 +0000 (18:09 +0100)]
network: followup: move graceful require SDN out from subs

As "require" is evaluated on module load only once,  we either have
it or not, so move it to the top to avoid code duplication

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoNetwork: tap_create|plug : sdn : use bridge_vlan
Alexandre Derumier [Mon, 10 Feb 2020 16:26:47 +0000 (17:26 +0100)]
Network: tap_create|plug : sdn : use bridge_vlan

find correct bridge/vlan from vnet config

3 months agod/control: record break of older ifupdown2
Thomas Lamprecht [Sat, 7 Mar 2020 17:01:13 +0000 (18:01 +0100)]
d/control: record break of older ifupdown2

If ifupdown2 is installed we really want to have it synced with this
version, also with OVS (ifupdown2 handles that break) - this is part
of the version barrier.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoINotify : fix OVSBond && OvsintPort order + tests
Alexandre Derumier [Tue, 18 Feb 2020 05:33:46 +0000 (06:33 +0100)]
INotify : fix OVSBond && OvsintPort order + tests

OVSBond was missing
OvsintPort under ethx interfaces

3 months agoINotify: fix unknown for unknown ovs_type
Alexandre Derumier [Tue, 18 Feb 2020 05:33:47 +0000 (06:33 +0100)]
INotify: fix unknown for unknown ovs_type

if user defined manually ovs_type OVSTunnel or OVSPatchPort,
the type is empty.

set type=unknown first to avoid this kind of mistake

3 months agoINotify: detect ifupdown2 from executable not path
Alexandre Derumier [Fri, 21 Feb 2020 09:28:12 +0000 (10:28 +0100)]
INotify: detect ifupdown2 from executable not path

Seem than addons.conf file is not removed on "apt remove ifupdown2",
so /usr/share/ifupdown2 is not removed too.

3 months agoINotify: use auto for ovs interfaces with ifupdown2
Alexandre Derumier [Fri, 21 Feb 2020 09:28:11 +0000 (10:28 +0100)]
INotify: use auto for ovs interfaces with ifupdown2

Need the ifupdown2 openvswitch addon !

4 months agobump version to 6.0-13
Thomas Lamprecht [Wed, 4 Mar 2020 14:44:18 +0000 (15:44 +0100)]
bump version to 6.0-13

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agoadd LDAP Wrapper code
Dominik Csapak [Thu, 20 Feb 2020 15:20:00 +0000 (16:20 +0100)]
add LDAP Wrapper code

This will be used for PMG and PVE LDAP Authentication & Sync.
The code is largely copied/inspired by the already existing LDAP code in
PVEs AccessControl and PMGs LDAPCache

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
4 months agofix #2618: increase maximum port for spice to 61999
Dominik Csapak [Tue, 3 Mar 2020 09:47:30 +0000 (10:47 +0100)]
fix #2618: increase maximum port for spice to 61999

and expose the range in its own sub to reuse it in http-server

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
4 months agofollowup cleanup and fix missing semicolon
Thomas Lamprecht [Wed, 4 Mar 2020 14:11:35 +0000 (15:11 +0100)]
followup cleanup and fix missing semicolon

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agoremove extra space after address && gateway options
Alexandre Derumier [Thu, 20 Feb 2020 11:55:19 +0000 (12:55 +0100)]
remove extra space after address && gateway options

only 1 space like all others options

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
4 months agoINotify: use cidr for address on config change
Alexandre Derumier [Thu, 20 Feb 2020 11:55:18 +0000 (12:55 +0100)]
INotify: use cidr for address on config change

netmask/broadcast options are deprecated since buster
https://manpages.debian.org/buster/ifupdown/interfaces.5.en.html

This still read both "old address/netmask" or "address cidr" format,
but always convert it to cidr address format

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
4 months agoget_ip_from_hostname: check all address we get from getaddrinfo_all for non-local IP
Thomas Lamprecht [Fri, 21 Feb 2020 12:49:18 +0000 (13:49 +0100)]
get_ip_from_hostname: check all address we get from getaddrinfo_all for non-local IP

This was limited without reason to checking only the first IP we get
returned from getaddrinfo_all, but we can have multiple IPs for a
hostname, and possible one of them is local but another not, so check
all and only die if no non-local address at all got found.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agozsh-completion: Add missing flag to compadd
Christian Ebner [Thu, 20 Feb 2020 15:33:07 +0000 (16:33 +0100)]
zsh-completion: Add missing flag to compadd

This fixes an issue with zsh completion where certain words were not added to the
list of matches, but incorrectly interpreted as flags or options.

By passing the "--" flag, compadd is notified that all following arguments should
be considered for completion and not interpreted as flags or options for compadd.

Details can be found in the compadd documentation:
http://zsh.sourceforge.net/Doc/Release/Completion-Widgets.html#Completion-Builtin-Commands

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
4 months agoINotify : check_bridge : fix bridge-ports with vlan tagged interface
Alexandre Derumier [Fri, 7 Feb 2020 11:40:28 +0000 (12:40 +0100)]
INotify : check_bridge : fix bridge-ports with vlan tagged interface

Currently with strip vlan tag, that's wrong because
mtu && others check are done the main interface.

4 months agoINotify: check bridge ip: add missing check if method is not defined
Alexandre Derumier [Fri, 7 Feb 2020 11:40:27 +0000 (12:40 +0100)]
INotify: check bridge ip: add missing check if method is not defined

4 months agoINotify: fix mtu check && add test
Alexandre Derumier [Fri, 7 Feb 2020 11:40:26 +0000 (12:40 +0100)]
INotify: fix mtu check && add test

reverse the parent-child. (bridge-port is the parent)

5 months agobump version to 6.0-12
Thomas Lamprecht [Fri, 31 Jan 2020 09:33:14 +0000 (10:33 +0100)]
bump version to 6.0-12

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agosystemd: add un-/escape_unit helpers
Thomas Lamprecht [Fri, 31 Jan 2020 09:24:24 +0000 (10:24 +0100)]
systemd: add un-/escape_unit helpers

moved from pve-storage, we need to reuse it in another module there,
as it's a general method lets just move it here already.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agoprocfs: add check_kernel_release
Thomas Lamprecht [Fri, 31 Jan 2020 09:22:21 +0000 (10:22 +0100)]
procfs: add check_kernel_release

adapted from Wolfgan's patch[0] for a pve-container feature check, as
this is a general check let's move it here.

[0]: https://pve.proxmox.com/pipermail/pve-devel/2020-January/041477.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agobump version to 6.0-11
Thomas Lamprecht [Tue, 28 Jan 2020 10:33:07 +0000 (11:33 +0100)]
bump version to 6.0-11

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agoAPI schema: add 'allowtoken' property
Fabian Grünbichler [Tue, 21 Jan 2020 12:53:56 +0000 (13:53 +0100)]
API schema: add 'allowtoken' property

to mark which API methods should be available to clients authenticated using an API token.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
5 months agotests: unknown interfaces order: rename vlan interfaces to unknown
Alexandre Derumier [Sat, 25 Jan 2020 09:27:04 +0000 (10:27 +0100)]
tests: unknown interfaces order: rename vlan interfaces to unknown

vlan(X) interfaces are not unknown anymore
use generic name instead

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
5 months agoINotify: improve vlan interface parsing
Alexandre Derumier [Sat, 25 Jan 2020 09:27:03 +0000 (10:27 +0100)]
INotify: improve vlan interface parsing

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
5 months agoAdd build dependency libtest-mockmodule-perl
Moayad [Mon, 20 Jan 2020 14:26:43 +0000 (15:26 +0100)]
Add build dependency libtest-mockmodule-perl

Signed-off-by: Moayad Almalat <m.almalat@proxmox.com>
5 months agoACME: comment fixup some POST to GET-as-POST
Thomas Lamprecht [Wed, 15 Jan 2020 13:28:51 +0000 (14:28 +0100)]
ACME: comment fixup some POST to GET-as-POST

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agoACME: Change authorization call
Wolfgang Link [Wed, 15 Jan 2020 12:07:44 +0000 (13:07 +0100)]
ACME: Change authorization call

As Let's Encrypt will no more allow GET calls[0], we have to change
to GET-as-POST[1] requests.

[0]: https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380/4
[1]: https://tools.ietf.org/html/rfc8555#section-6.3

Signed-off-by: Wolfgang Link <w.link@proxmox.com>
[ Thomas: Add ACME tag and reference GET-as-POST[1] ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agobump version to 6.0-10
Thomas Lamprecht [Mon, 13 Jan 2020 16:52:07 +0000 (17:52 +0100)]
bump version to 6.0-10

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agocerts: generate_csr: allow to set CN explicit
Thomas Lamprecht [Mon, 13 Jan 2020 16:25:10 +0000 (17:25 +0100)]
certs: generate_csr: allow to set CN explicit

Else, when used with ACME, the SAN is always sorted so we always get
the Subject Alternative Name sorting alphabetically first, which
doesn't necessarily has to be the "primary" domain. While this is
rather cosmetically (all SANs are equal) it could still result it
flapping CN when SANs and thus possibly the order changes, e.g., in
our CDN mirror pool. It also doesn't costs anything to allow control
over this, so why not..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agofollowup code cleanup
Thomas Lamprecht [Sat, 11 Jan 2020 15:15:02 +0000 (16:15 +0100)]
followup code cleanup

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agofollowup trailing whitespace fixes
Thomas Lamprecht [Sat, 11 Jan 2020 15:12:33 +0000 (16:12 +0100)]
followup trailing whitespace fixes

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agoINotify: network : add ovs_mtu option
Alexandre Derumier [Thu, 9 Jan 2020 13:11:03 +0000 (14:11 +0100)]
INotify: network : add ovs_mtu option

This is also rewriting any "mtu" option on a ovs interface
to "ovs_mtu"

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
5 months agoINotify: add bond-primary option
Alexandre Derumier [Thu, 9 Jan 2020 13:11:02 +0000 (14:11 +0100)]
INotify: add bond-primary option

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
5 months agoINotify: allow vlan tagged bridge interface on non-vlanaware bridge
Alexandre Derumier [Thu, 9 Jan 2020 13:11:01 +0000 (14:11 +0100)]
INotify: allow vlan tagged bridge interface on non-vlanaware bridge

Seem that it's working too with non-vlanaware bridge

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
5 months agoInotify: forbid ip address on bridged interface.
Alexandre Derumier [Thu, 9 Jan 2020 13:11:00 +0000 (14:11 +0100)]
Inotify: forbid ip address on bridged interface.

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
5 months agoINotify: remove allow-hotplug from /etc/network/interfaces
Alexandre Derumier [Tue, 7 Jan 2020 00:59:17 +0000 (01:59 +0100)]
INotify: remove allow-hotplug from /etc/network/interfaces

for user installing proxmox on top of debian,
debian install by default the first nic with allow-hotplug.

This is conflicting with "auto ...", but worst with ovs "allow-ovs ...".

User have reported race with ovs, where ovs vmbr was up before the nic.
https://forum.proxmox.com/threads/no-network-on-server-unless-i-ifdown-ifup-vmbr0.62733/

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
5 months agoREST Handler: check for value defindness when untainting
Thomas Lamprecht [Wed, 8 Jan 2020 09:32:12 +0000 (10:32 +0100)]
REST Handler: check for value defindness when untainting

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agosort module usage + some newlines for readabilty
Thomas Lamprecht [Wed, 8 Jan 2020 09:31:39 +0000 (10:31 +0100)]
sort module usage + some newlines for readabilty

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>