this is (via file_get_contents and file_copy) used for reading from
pmxcfs, which has a file size limit of 512k. since quite a number of
call sites would need to explicitly override this (and then get updated
if we bump the limit on the pmxcfs side again in the future), making our
default file reader compatible by default seems the better solution.
Stefan Reiter [Thu, 25 Jun 2020 11:35:39 +0000 (13:35 +0200)]
JSONSchema: add format validator support and cleanup check_format
Adds a third, optional parameter to register_format that allows specifying
a function that will be called after parsing and can validate the parsed
data. A validator should die on failed validation, and can also change the
parsed object by returning a modified version of it.
This is useful so one can register a format with its hash, thus allowing
documentation to be generated automatically, while still enforcing certain
validation rules.
The validator only needs to be called in parse_property_string, since
check_format always calls parse_property_string if there is a
possibility of a validator existing at all. parse_property_string should
then be called with named formats for best effect, as only then can
validators be used.
Clean up 'check_format' as well (which pretty much amounts to a rewrite).
No existing functionality is intentionally changed.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Inotify: write_network_interfaces : always autostart bond slaves interfaces
Currently, bond slaves are mostly working without autostart,
because bond slaves scripts from ifupdown1 && also ifupdown2
have some kind of hacks to start the slaves.
But if users want to do some tuning on the ifaces, they are not applied.
Also, with ifupdown2 + ovs, this kind of hack is not implemented (yet), so the
slaves of the bond are still down.
Debian/Ubuntu official docs always set "auto ethX" for bond slaves,
it's really more clean like this.
network: bridge add IF: do not add all VLANs if $trunks are passed
fixes commit 89ea13ef6b1555f92309da5c298e16579163eaf4 and
restores old behavior, the "if !$trunks" post-if was a bit suble, it
did not guard the die, but the system command previously - the die
was || (ORd) to the command, bad code style to begin with..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stoiko Ivanov [Tue, 5 May 2020 15:01:07 +0000 (17:01 +0200)]
ProcFSTools: fix read_meminfo without KSM
on kernel configs where KSM is not enabled (e.g. an openstack instance at
OVH) the file /sys/kernel/mm/ksm/pages_sharing does not exist.
In that case there is no memory shared so assuming 0 is reasonable.
While this is not the case with our shipped kernel, and thus will probably
not happen on a PVE installation, PMG can run quite happily with a different
kernel (the reporter had this on an openstack instance at OVH).
a quick grep through our codebase showed only the API2::Nodes::Nodeinfo::status
call as user of the memshared property.
print_text_table: handle undefined values in comparision
by introducing a safe_compare helper. Fixes warnings, e.g.
pvesh get /nodes/<NODE>/network
would print "use of uninitialized"-warnings if there are inactive
network interfaces, because for those, 'active' is undef.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com> Tested-by: Oguz Bektas <o.bektas@proxmox.com>
we use this format for all 'delete' options but we have some options
that have a '-' in the name (e.g. 'sync-defaults-options') that cannot
be deleted if it is not included
cpuset: replace 'kind' with an 'effective' boolean
All of our users of this function currently either pass
'effective_cpus' or nothing (undef), and in cgroupv2 the
effective-cpuset file uses a different naming scheme.
Since this is only a distinction between "intended" and
"effective", use this as a boolean instead, for easier
future cgroupv2 support.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Fri, 13 Mar 2020 10:01:01 +0000 (11:01 +0100)]
runtest: clone config before passing to write to avoid side effects
write changes some parts of the config, if this is a reference to the
config used for checking parsing it may lead to unexpected failures
due to those side effects..
For me it was "cidr" and "cidr6" getting deleted, and thus upcomming
tests for a compat change failing without any apparent reason.. :/
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 12 Mar 2020 14:21:55 +0000 (15:21 +0100)]
inotify: fix compatibillity with address + netmask separate passed
fixes commit 78c6656c9aba1d57786f916717c2622a3059fb6 which dropped
writing out the netmask but missed to add compat code for the case
where the caller did not suplly a address in CIDR format already.
Check if an address ends with /\d+, if not see if a netmask is
available and add that similar how it gets handled on read.
If ifupdown2 is installed we really want to have it synced with this
version, also with OVS (ifupdown2 handles that break) - this is part
of the version barrier.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 20 Feb 2020 15:20:00 +0000 (16:20 +0100)]
add LDAP Wrapper code
This will be used for PMG and PVE LDAP Authentication & Sync.
The code is largely copied/inspired by the already existing LDAP code in
PVEs AccessControl and PMGs LDAPCache
Thomas Lamprecht [Fri, 21 Feb 2020 12:49:18 +0000 (13:49 +0100)]
get_ip_from_hostname: check all address we get from getaddrinfo_all for non-local IP
This was limited without reason to checking only the first IP we get
returned from getaddrinfo_all, but we can have multiple IPs for a
hostname, and possible one of them is local but another not, so check
all and only die if no non-local address at all got found.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Christian Ebner [Thu, 20 Feb 2020 15:33:07 +0000 (16:33 +0100)]
zsh-completion: Add missing flag to compadd
This fixes an issue with zsh completion where certain words were not added to the
list of matches, but incorrectly interpreted as flags or options.
By passing the "--" flag, compadd is notified that all following arguments should
be considered for completion and not interpreted as flags or options for compadd.
Details can be found in the compadd documentation:
http://zsh.sourceforge.net/Doc/Release/Completion-Widgets.html#Completion-Builtin-Commands
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Signed-off-by: Wolfgang Link <w.link@proxmox.com>
[ Thomas: Add ACME tag and reference GET-as-POST[1] ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 13 Jan 2020 16:25:10 +0000 (17:25 +0100)]
certs: generate_csr: allow to set CN explicit
Else, when used with ACME, the SAN is always sorted so we always get
the Subject Alternative Name sorting alphabetically first, which
doesn't necessarily has to be the "primary" domain. While this is
rather cosmetically (all SANs are equal) it could still result it
flapping CN when SANs and thus possibly the order changes, e.g., in
our CDN mirror pool. It also doesn't costs anything to allow control
over this, so why not..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>