we need to parse the config even if it does not exist - it will return
the 'standalone' entry that's needed to be backwards compatible with
existing setups.
Dominik Csapak [Thu, 7 May 2020 08:27:12 +0000 (10:27 +0200)]
ui: node/ACME: only enable order button when it should work
to order a ceritificate, we need at least one configured domain, and
the configured account (or default) must exist
so track the domaincount in the viewmodel and introduce a
'canOrder' formula which is only true when domaincount > 0 and
account is set (if the configured account does not exist, or no account
exists at all we set 'account' to 'null')
Dominik Csapak [Thu, 7 May 2020 08:27:07 +0000 (10:27 +0200)]
NodeConfig/get_acme_conf: make domains always a hash
on all call sites, we assume $cfg->{domains} is a hash, but if we do not
have any domains configured, that fails with
'Can't use an undefined value as a HASH reference at ...'
It's not 100% true, but for the user more understandable. IF we
actually change such that this detail matters we can still go for a
"Better" solution then, as it will need UI updates anyway..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Wed, 6 May 2020 14:31:12 +0000 (16:31 +0200)]
ui: node/ACME: rework ACME grid for plugin based domains
This is basically a complete rework of the ACME grid.
Instead of having an ObjectGrid, we now have a normal
GridPanel which allows us to show a row for each Domain.
But to achieve this, we need to manually fill the store with data
from the 'acme' and 'acmedomainX' entries of the node config.
We also add an AccountSelector to the tbar and a link to the
datacenter->acme panel (when there is no account)
this also removes the 'register account' and 'view account' buttons,
since those are now available in datacenter->acme
Dominik Csapak [Wed, 6 May 2020 14:31:11 +0000 (16:31 +0200)]
ui: node/ACME: add ACMEDomainEdit
which expects a nodeconfig (for digest and domaincount)
and for the edit case, the parsed 'domain' object
this editwindow has three fields:
* type selector (standalone/dns)
* domain
* plugin (only for dns)
if the user chooses dns but there are already the maximum count of
acmedomainX entries, the type field gets invalid (with a error tooltip)
the onGetValues method is non-trivial, because of the mixing of
acmedomainX and acme.domain values, so we have to be careful
that we delete/edit the correct entry
Stefan Reiter [Wed, 6 May 2020 10:34:59 +0000 (12:34 +0200)]
gui: never collapse notes for templates
There's no graphs on screen, so no reason to collapse the notes to save
space. Besides, it looked a bit funky expanding the notes on smaller
screens, since they always jumped to the bottom to fill the space...
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Fabian Ebner [Wed, 6 May 2020 08:14:27 +0000 (10:14 +0200)]
Improve storage selection on restore
Previously, the blank '' would be passed along and lead to a
parameter verfication failure.
For LXC the default behavior in the backend is to use 'local', so
disallow blank and auto-select the first storage supporting'rootdir'
instead.
For QEMU the default behavior in the backend is to use the
original layout from the backup configuration file, which
makes sense to use as the default in the GUI as well.
vzdump: set 'pbs' option when backing up to PBS target
this unifies the logic into a single place instead of all over this
module and the plugins.
it also fixes tons of 'uninitialized value' warnings when backing up
with --dumpdir but no --storage set, since the existing conditions for
PBS targets are missing a definedness check.
Dominik Csapak [Tue, 5 May 2020 12:38:17 +0000 (14:38 +0200)]
ui: add ACMEPluginEdit window
this is a rather complex edit window, because we dynamically create form
fields according to the schema we get from the api
to do this properly we have to handle a few things:
* we have to properly set the values on edit
* we have to properly track the original values
* we have to merge and split with/from the generic 'data' field
(so that if a plugin has some extra fields that we did not include in
the schema the user can still enter them)
Dominik Csapak [Tue, 5 May 2020 12:38:14 +0000 (14:38 +0200)]
ACME: add challengeschema api call
which returns a list of challenge api types with the schema of their
required data (if it exists)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ Thomas: adapt to my changes from proxmox-acme schema def and change
path from challengeschema to challenge-schema ]
Stefan Reiter [Mon, 23 Mar 2020 12:41:14 +0000 (13:41 +0100)]
gui/cluster: add structured peerLinks to join info
Instead of the old 'ring_addr' property (which is kept for
compatibility), we also encode the link numbers into the new peerLinks
structure. This allows us to display which IP is assigned to which link
on the cluster in the join dialog, helping a user identify which link
should receive which interface on the new node.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Stefan Reiter [Mon, 23 Mar 2020 12:41:13 +0000 (13:41 +0100)]
gui/cluster: add CorosyncLinkEdit component to support up to 8 links
CorosyncLinkEdit is a Panel that contains between one and 8
CorosyncLinkSelectors. These can be added or removed with according
buttons.
Values submitted to the API are calculated by each
ProxmoxNetworkSelector itself. This works because ExtJS searches
recursively through all child components for ones with a value to be
submitted, i.e. the CorosyncLinkEdit and CorosyncLinkSelector components
are not part of data submission at all.
Change ClusterEdit.js to use the new component for cluster join and
create. To make space in layout, move 'password' field to the side
(where the network-selector previously was) and use 'hbox' panel for
horizontal layouting to avoid spacing issues with languages where the
fieldLabel doesn't fit on one line.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
This patch adds the zstd to the compression selection for backup on the
GUI and add .zst to the backup file filter. Including zstd as package
install dependency.
d/postinst: triggers: call updatecerts manually on reloads
if pve-manager gets triggered we will normally always do a reload,
that means that updatecerts call won't get triggered, as systemd
doesn't executes the ExecStartPre directives in the reload case.
Do it ourself
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
As proxmox-acme has now a default delay for DNS challenge plugins,
which is the important one. Those are just for not overloading the
acme servers with a lot of requests, but once the challenge was
propagate they have it verified pretty quickly, so reduce delay for
checking validation after first requesting it down to 10 seconds
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
re-loading it always would mean that we could potentially switch the
config to something completely different, and the mix of the previous
and the old could result in total bogus actions.
Better to use the same one for one full order, even if it may get
"outdated" it was still valid in the past and most important
coherent.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
api: acme plugins: we're not the storage content API endpoint
Drop various leftovers from the storage content API module this was
based on, e.g., ACME plugins have no fixed options and the like.
Also, the descriptions shouldn't mention "storage".
Further, drop the "update_config" "helper" with its operations
effectively only increasing code complexity and adding another rabbit
hole to jump into.
IF, this should have been factoring out the lock+read+write cycle
only, living the rest to a passed CODE-ref, but honestly that saves
only really the read and write config lines, and at this point
nothing is really gained, so just let it be.
Should have been actually three or so separate patches, but to deep
into this rabbit hole to care..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
NodeConfig: ensure locked context has current view
similar to the recent changes for pve-guest-common - we start each API
call with a cfs_update, but while we were waiting for the flock another
R-M-W cycle might have happened, so we need to refresh after obtaining
the lock.
for now mostly due to the "nice" property of the acmedomains which
do not use their property key as index but actually the doamain.
Without this one could set up duplicated domain entries just fine,
but once using them -> error.
This is not nice UX, so verify node config before writing an updated
one out, to catch those issues.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
instead of relying that the authorization URLs and the ordered
identifiers are sorted the same way for already validated
authorizations.
on the contrary, RFC 8555 even says:
"The authorizations required are dictated by server policy; there may
not be a 1:1 relationship between the order identifiers and the
authorizations required."
authorizations MUST always include a single identifier, no matter which
state they are in.
exact same thing commit 67cb91e4d7c98ab8cf4d8047af5e3789932bb52c
already did for the old location of this, but indentation error was
introduced again when moving it (fix y'all editors..)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
projects / pve-manager.git / log