qemu-server.git
21 months agod/control: bump version dependency on libpve-guest-common-perl
Thomas Lamprecht [Mon, 17 Sep 2018 13:34:19 +0000 (15:34 +0200)]
d/control: bump version dependency on libpve-guest-common-perl

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
21 months agod/control: add libpve-guest-common-perl as build dependency
Thomas Lamprecht [Mon, 17 Sep 2018 13:33:56 +0000 (15:33 +0200)]
d/control: add libpve-guest-common-perl as build dependency

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
21 months agoadd new tests for 'runningmachine' and rollback
Dominik Csapak [Fri, 14 Sep 2018 12:08:44 +0000 (14:08 +0200)]
add new tests for 'runningmachine' and rollback

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
21 months agofixup comment formatting
Thomas Lamprecht [Mon, 17 Sep 2018 13:49:14 +0000 (15:49 +0200)]
fixup comment formatting

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
21 months agoensure correct machine type gets saved on snapshot
Dominik Csapak [Fri, 14 Sep 2018 12:08:43 +0000 (14:08 +0200)]
ensure correct machine type gets saved on snapshot

instead of overwriting the 'machine' config in the snapshot,
use its own 'runningmachine' config only for the snapshot

this way, we do not lose the machine type if it was
explicitely set during the snapshot, but deleted afterwards

we also have to adapt the tests for this

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
21 months agouse new snapshot rollback hook to handle machine type
Dominik Csapak [Fri, 14 Sep 2018 12:08:42 +0000 (14:08 +0200)]
use new snapshot rollback hook to handle machine type

this was in guest-common, makes more sense to do it here - it's not
guest agnostic after all.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
21 months agoqemu 3.0 : add hv_synic && hv_stimer hyperv enlightment
Alexandre Derumier [Fri, 31 Aug 2018 13:43:01 +0000 (15:43 +0200)]
qemu 3.0 : add hv_synic && hv_stimer hyperv enlightment

This fix cpu bug on last win10 updates

21 months agobump version to 5.0-34
Thomas Lamprecht [Thu, 13 Sep 2018 09:39:04 +0000 (11:39 +0200)]
bump version to 5.0-34

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
21 months agoimprove 'pending changes' message for clone
Dominik Csapak [Wed, 12 Sep 2018 08:53:52 +0000 (10:53 +0200)]
improve 'pending changes' message for clone

$newconf->{pending} is a reference to an empty hash, which is not falsy,
thus we always printed the warning

so check if there are actual values there and if yes,
give the names of the properties for which pending changes are found

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
22 months agod/control: add build dependency to qemu-utils
Thomas Lamprecht [Tue, 4 Sep 2018 08:22:43 +0000 (10:22 +0200)]
d/control: add build dependency to qemu-utils

the OVF tests use `qemu-img`, which is provided by either our
pve-qemu(-kvm) or qemu-utils (upstream).

Use qemu-utils as it's provided by ours and upstreams package and
thus makes bootstrapping easier, e.g., if our qemu package is not yet
installed this can still be build.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
22 months agod/control: add libio-multiplex-perl as build dependency
Thomas Lamprecht [Tue, 4 Sep 2018 08:14:41 +0000 (10:14 +0200)]
d/control: add libio-multiplex-perl as build dependency

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
22 months agoadd ibpb, ssbd, virt-ssbd, amd-ssbd, amd-no-ssb, pdpe1gb cpu flags
Alexandre Derumier [Mon, 20 Aug 2018 15:53:18 +0000 (17:53 +0200)]
add ibpb, ssbd, virt-ssbd, amd-ssbd, amd-no-ssb, pdpe1gb cpu flags

> The following are important CPU features that should be used on
> Intel x86 hosts, when available in the host CPU. Some of them
> require explicit configuration to enable, as they are not included
> by default in some, or all, of the named CPU models listed above.
> In general all of these features are included if using “Host
> passthrough” or “Host model”.
>
> pcid: Recommended to mitigate the cost of the Meltdown
> (CVE-2017-5754) fix. Included by default in Haswell, Broadwell &
> Skylake Intel CPU models. Should be explicitly turned on for
> Westmere, SandyBridge, and IvyBridge Intel CPU models. Note that
> some desktop/mobile Westmere CPUs cannot support this feature.
>
> spec-ctrl: Required to enable the Spectre (CVE-2017-5753 and
> CVE-2017-5715) fix, in cases where retpolines are not sufficient.
> Included by default in Intel CPU models with -IBRS suffix. Must be
> explicitly turned on for Intel CPU models without -IBRS suffix.
> Requires the host CPU microcode to support this feature before it
> can be used for guest CPUs.
>
> ssbd: Required to enable the CVE-2018-3639 fix. Not included by
> default in any Intel CPU model. Must be explicitly turned on for
> all Intel CPU models. Requires the host CPU microcode to support
> this feature before it can be used for guest CPUs.
>
> pdpe1gbr: Recommended to allow guest OS to use 1GB size pages.Not
> included by default in any Intel CPU model. Should be explicitly
> turned on for all Intel CPU models. Note that not all CPU hardware
> will support this feature.
-- https://www.berrange.com/posts/2018/06/29/cpu-model-configuration-for-qemu-kvm-on-x86-hosts/

22 months agofix #1865: CloudInit doesn't add IPv6
David Limbeck [Wed, 22 Aug 2018 09:35:49 +0000 (11:35 +0200)]
fix #1865: CloudInit doesn't add IPv6

Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
22 months agoqm rescan: fix typo in dryrun description
Thomas Lamprecht [Tue, 21 Aug 2018 07:21:41 +0000 (09:21 +0200)]
qm rescan: fix typo in dryrun description

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
22 months agobump version to 5.0-33
Thomas Lamprecht [Mon, 20 Aug 2018 12:43:37 +0000 (14:43 +0200)]
bump version to 5.0-33

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
23 months agoFix #1242 : clone_disk : call qga fstrim after clone
Stoiko Ivanov [Wed, 1 Aug 2018 18:29:05 +0000 (20:29 +0200)]
Fix #1242 : clone_disk : call qga fstrim after clone

Some storage like rbd or lvm can't keep thin-provising after a qemu-mirror.

Call qga guest-fstrim if qga is available and fstrim_cloned_disks is enabled
after move_disk and migrate.

Co-Authored-By: Alexandre Derumier <aderumier@odiso.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
23 months agoMake agent a property string, add fstrim_cloned_disks
Stoiko Ivanov [Wed, 1 Aug 2018 18:29:04 +0000 (20:29 +0200)]
Make agent a property string, add fstrim_cloned_disks

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
23 months agovmstatus: define return propertries
Dietmar Maurer [Wed, 1 Aug 2018 10:55:29 +0000 (12:55 +0200)]
vmstatus: define return propertries

We can use the same properties in vmlist and vmstatus.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
23 months agovmlist: document 'uptime' and 'cpus' returmn value
Dietmar Maurer [Tue, 31 Jul 2018 11:31:49 +0000 (13:31 +0200)]
vmlist: document 'uptime' and 'cpus' returmn value

23 months agobump version to 5.0-32
Thomas Lamprecht [Mon, 30 Jul 2018 08:56:15 +0000 (10:56 +0200)]
bump version to 5.0-32

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
23 months agoagent: import used check_agent_error method
Thomas Lamprecht [Mon, 30 Jul 2018 08:59:44 +0000 (10:59 +0200)]
agent: import used check_agent_error method

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
23 months agoapi/agent: do not dereference params hash before passing to agent_cmd
Thomas Lamprecht [Mon, 30 Jul 2018 08:41:48 +0000 (10:41 +0200)]
api/agent: do not dereference params hash before passing to agent_cmd

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
23 months agobump version to 5.0-31
Thomas Lamprecht [Mon, 30 Jul 2018 08:25:29 +0000 (10:25 +0200)]
bump version to 5.0-31

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
23 months agoadd missing import of 'agent_cmd'
Dominik Csapak [Mon, 30 Jul 2018 06:24:59 +0000 (08:24 +0200)]
add missing import of 'agent_cmd'

see https://pve.proxmox.com/pipermail/pve-user/2018-July/169712.html

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
23 months agoFix #1717: delete snapshot when vm running and drive not attached
Alexandre Derumier [Wed, 11 Jul 2018 11:55:53 +0000 (13:55 +0200)]
Fix #1717: delete snapshot when vm running and drive not attached

changelog v2:
 - remove hash
 - remove check if cdrom

if we try to delete a snapshot, and that is disk from the snapshot
is not attached anymore (unused), we can't delete the snapshot
with qemu snapshot delete command (for storage which use it (qcow2,rbd,...))

example:

...
unused0: rbd:vm-107-disk-3

[snap1]
...
scsi2: rbd:vm-107-disk-3,size=1G

-> die
 qmp command 'delete-drive-snapshot' failed - Device 'drive-scsi2' not found

If drive is not attached, we need to use the storage snapshot delete command

23 months agobump version to 5.0-30
Thomas Lamprecht [Tue, 17 Jul 2018 09:39:31 +0000 (11:39 +0200)]
bump version to 5.0-30

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
23 months agoqm: move 'agent' command into 'guest' comand group
Thomas Lamprecht [Wed, 11 Jul 2018 11:27:51 +0000 (13:27 +0200)]
qm: move 'agent' command into 'guest' comand group

with a backwards compatible alias

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
23 months agoqm: rename 'ga' command group to 'guest'
Thomas Lamprecht [Thu, 12 Jul 2018 12:44:50 +0000 (14:44 +0200)]
qm: rename 'ga' command group to 'guest'

https://pve.proxmox.com/pipermail/pve-devel/2018-July/033010.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
23 months agoFix SPICE multi-monitor mode on q35
Dzmitry Kotsikau [Wed, 4 Jul 2018 11:51:32 +0000 (14:51 +0300)]
Fix SPICE multi-monitor mode on q35

Signed-off-by: Dzmitry Kotsikau <dkotsikau@gmail.com>
2 years agoqemu agent: fixup error message letter-case
Thomas Lamprecht [Wed, 11 Jul 2018 09:26:00 +0000 (11:26 +0200)]
qemu agent: fixup error message letter-case

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoimplement file-write via guest-agent in the api
Dominik Csapak [Tue, 26 Jun 2018 12:15:49 +0000 (14:15 +0200)]
implement file-write via guest-agent in the api

writes the given content to the file

the size is at the moment limited by the max post size of the
pveproxy/daemon, so we set the maxLength to 60k

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoimplement file-read api call via guest-agent
Dominik Csapak [Tue, 26 Jun 2018 12:15:48 +0000 (14:15 +0200)]
implement file-read api call via guest-agent

this api call reads a file via the guest agent,
(in 1MB chunks) but is limited to 16MiB (for now)

if the file is bigger, the output gets truncated and a
'truncated' flag is set in the return object

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoadd exec(-status) to qm
Dominik Csapak [Tue, 26 Jun 2018 12:15:47 +0000 (14:15 +0200)]
add exec(-status) to qm

on the commandline the implementation for exec is a bit different
because there we want (by default) to wait for the result,
as opposed to the api, where it is enough to return the pid and
let the client handle the polling

this behaviour is optional and can be turned off, as well as the
timeout of 30 seconds

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoimplement agent exec api call
Dominik Csapak [Tue, 26 Jun 2018 12:15:46 +0000 (14:15 +0200)]
implement agent exec api call

this imitates the qemu-guest-agent interface
with an 'exec' api call which returns a pid
and an 'exec-status' api call which takes a pid

the command for the exec call is given as an 'alist'
which means that when using we have to give the 'command'
parameter multiple times e.g.

pvesh create <...>/exec --command ls --command '-lha' --command '/home/user'

so that we avoid having to deal with shell escaping etc.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoadd 'passwd' to qm
Dominik Csapak [Tue, 26 Jun 2018 12:15:45 +0000 (14:15 +0200)]
add 'passwd' to qm

this adds a command 'qm ga passwd' so that we can reuse
'qm ga' for future guest agent calls

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoimplement set-user-password guest agent api call
Dominik Csapak [Tue, 26 Jun 2018 12:15:44 +0000 (14:15 +0200)]
implement set-user-password guest agent api call

this executes the guest agent command 'set-user-password'
with which one can change the password of an existing user in the vm

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoadd Agent helper package
Dominik Csapak [Tue, 26 Jun 2018 12:15:43 +0000 (14:15 +0200)]
add Agent helper package

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoqm: add more return schema definitions
Dietmar Maurer [Tue, 10 Jul 2018 11:59:37 +0000 (13:59 +0200)]
qm: add more return schema definitions

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoqm rescan: add dryrun option
Thomas Lamprecht [Wed, 11 Jul 2018 06:40:07 +0000 (08:40 +0200)]
qm rescan: add dryrun option

tells an user what would get touched, so he has a chance to fix
unwanted things before changes are actually made.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agorescan update_disksize: be more verbose
Thomas Lamprecht [Wed, 11 Jul 2018 06:40:06 +0000 (08:40 +0200)]
rescan update_disksize: be more verbose

Else an user has no idea what, or if something happened.

Gets printed to tty when using qm rescan or to tasklog for the case
where we do a rescan after restoring a backup.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agorescan: comment that this is a temporarily workaround
Thomas Lamprecht [Thu, 5 Jul 2018 06:46:11 +0000 (08:46 +0200)]
rescan: comment that this is a temporarily workaround

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoFix #1650: add content type filter to rescan
Alwin Antreich [Tue, 3 Jul 2018 15:41:09 +0000 (17:41 +0200)]
Fix #1650: add content type filter to rescan

Unused disk(s) appeared after a rescan of storages. Especially shown
with ceph pools, where two storage entries are made, <storage>_ct and
<storage>_vm. The rescan method did include images from both storages.

This patch filters any storage not containing the content type 'images'.

Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
2 years agod/control: update pve-common version dependency
Thomas Lamprecht [Wed, 27 Jun 2018 11:40:42 +0000 (13:40 +0200)]
d/control: update pve-common version dependency

as we use the new param_mapping functionallity from PVE::CLIHandler

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoqm: PVE::PTY is not used anymore
Thomas Lamprecht [Wed, 27 Jun 2018 11:58:33 +0000 (13:58 +0200)]
qm: PVE::PTY is not used anymore

2 years agouse get_standard_mapping for cipassword_map
Dominik Csapak [Mon, 25 Jun 2018 10:33:26 +0000 (12:33 +0200)]
use get_standard_mapping for cipassword_map

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agobump version to 5.0-29
Thomas Lamprecht [Fri, 15 Jun 2018 10:13:34 +0000 (12:13 +0200)]
bump version to 5.0-29

2 years agod/control: update version dependency on pve-common
Thomas Lamprecht [Fri, 15 Jun 2018 10:11:01 +0000 (12:11 +0200)]
d/control: update version dependency on pve-common

To ensure we have the enw Systemd module available to use

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agouse the new PVE::SystemD package
Wolfgang Bumiller [Fri, 15 Jun 2018 09:00:53 +0000 (11:00 +0200)]
use the new PVE::SystemD package

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agouse 'system_wakeup' to resume suspended vms
Dominik Csapak [Wed, 13 Jun 2018 09:17:26 +0000 (11:17 +0200)]
use 'system_wakeup' to resume suspended vms

when a vm is suspended (e.g. autosuspend on windows)
we detect that it is not running, display the resume button,
but 'cont' does not wakeup the system from suspend

with this we can wake up suspended vms

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoapi create: cleanup the new config log on error
Wolfgang Bumiller [Tue, 12 Jun 2018 08:50:41 +0000 (10:50 +0200)]
api create: cleanup the new config log on error

Otherwise cases like trying to restore a protected VM would
leave a lock in the config.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoapi create: allow auto vm start after create finished
Thomas Lamprecht [Fri, 1 Jun 2018 14:37:41 +0000 (16:37 +0200)]
api create: allow auto vm start after create finished

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoreserve config with create lock early
Thomas Lamprecht [Fri, 1 Jun 2018 14:37:40 +0000 (16:37 +0200)]
reserve config with create lock early

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoAPI/create: move locking inside worker
Thomas Lamprecht [Fri, 1 Jun 2018 14:37:39 +0000 (16:37 +0200)]
API/create: move locking inside worker

Move the locking inside worker, so that the process doing the actual
work (create or restore) holds the lock, and can call functions which
do locking without deadlocking.

This mirrors the behaviour we use for containers, and allows to add
an 'autostart' parameter which starts the VM after successful
creation. vm_start needs the lock and as not the worker but it's
parents held it, it couldn't know that it was actually save to
continue...

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agobump version to 5.0-28
Thomas Lamprecht [Mon, 11 Jun 2018 10:55:33 +0000 (12:55 +0200)]
bump version to 5.0-28

2 years agorefactor Makefile for PVE/QemuServer/ directory
Dominik Csapak [Thu, 7 Jun 2018 11:16:50 +0000 (13:16 +0200)]
refactor Makefile for PVE/QemuServer/ directory

this makes it easier to add new files there

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agocloud-init: nocloud v1: use lower case mac address
Wolfgang Bumiller [Wed, 6 Jun 2018 14:13:26 +0000 (16:13 +0200)]
cloud-init: nocloud v1: use lower case mac address

because cloud-init...

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agocloud-init: nocloud v1: set ip and netmask instead of cidr
Wolfgang Bumiller [Wed, 6 Jun 2018 14:13:25 +0000 (16:13 +0200)]
cloud-init: nocloud v1: set ip and netmask instead of cidr

because of centos7's broken cloud-init version

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agobump version to 5.0-27
Thomas Lamprecht [Tue, 5 Jun 2018 13:25:03 +0000 (15:25 +0200)]
bump version to 5.0-27

2 years agoAdd .gitignore
René Jochum [Wed, 18 Apr 2018 20:26:00 +0000 (22:26 +0200)]
Add .gitignore

Signed-off-by: René Jochum <rene@jochums.at>
2 years agoadd nowarn to qga_check_running
Thomas Lamprecht [Wed, 30 May 2018 06:20:25 +0000 (08:20 +0200)]
add nowarn to qga_check_running

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoqm agent : check if qga service is running
Alexandre Derumier [Mon, 28 May 2018 15:36:29 +0000 (17:36 +0200)]
qm agent : check if qga service is running

2 years agofix #1779: vzdump: ensure guest-fsfreeze-thaw is called on error
Wolfgang Bumiller [Wed, 23 May 2018 09:07:39 +0000 (11:07 +0200)]
fix #1779: vzdump: ensure guest-fsfreeze-thaw is called on error

as QMPClient's queue_execute can throw an error

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agofix #1780: change datacenter.conf to datacenter.cfg
Dominik Csapak [Tue, 22 May 2018 14:44:33 +0000 (16:44 +0200)]
fix #1780: change datacenter.conf to datacenter.cfg

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agocleanup balloon after start call
Dominik Csapak [Mon, 14 May 2018 12:03:05 +0000 (14:03 +0200)]
cleanup balloon after start call

the not definedness check is unecessary here, since it does not
do anything then, and to check balloon twice is also not necessary

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agofix logic of deleting balloon
Dominik Csapak [Mon, 14 May 2018 12:03:04 +0000 (14:03 +0200)]
fix logic of deleting balloon

Deleting the balloon config entry means resetting it to its
default. This means having a balloon device but not actually
doing any ballooning with it (iow. resetting the VM's
'balloon' value to its specified memory.).
Hotplugging a balloon device (coming from explicit '0' to
any other value (including deleting it)) is not possible.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agonote that auto-ballooning is done by pvestatd
Dominik Csapak [Mon, 14 May 2018 12:03:03 +0000 (14:03 +0200)]
note that auto-ballooning is done by pvestatd

so that one is not confused when seeing that the shares
parameter does nothing in qemu-server

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoactivate volume for cloudinit disk
Dominik Csapak [Fri, 18 May 2018 12:59:02 +0000 (14:59 +0200)]
activate volume for cloudinit disk

because it does not have to be activated (e.g. in case of lvm)

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agobump version to 5.0-26
Wolfgang Bumiller [Mon, 14 May 2018 12:08:39 +0000 (14:08 +0200)]
bump version to 5.0-26

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoimplement permission checks for cloud-init related options
Dietmar Maurer [Thu, 3 May 2018 12:10:57 +0000 (14:10 +0200)]
implement permission checks for cloud-init related options

Most cloud-init options are network related, so we simply check
for VM.Config.Network priviledge.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2 years agostart: fork before entering scope
Wolfgang Bumiller [Mon, 7 May 2018 10:09:10 +0000 (12:09 +0200)]
start: fork before entering scope

To avoid potential cleanup & post-start actions to cause
unwanted processes (such as gpg-agent) to be started as part
of the scope, as the enter_systemd_scope() function causes
the current process to enter the scope.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agofix #1749: do not copy pending changes when cloning a vm
Dominik Csapak [Wed, 2 May 2018 09:23:59 +0000 (11:23 +0200)]
fix #1749: do not copy pending changes when cloning a vm

cloning a vm means copying the current state, not the
state of 'some time in the future, when the vm is started again'
we should not copy the pending changes, which also fixes the
issue that we got a wrong pending change on the disks,net,smbios,etc.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoAdd pci.3 to pve-q35.cfg required by virtio-scsi-single
Kamil Trzciński [Sun, 29 Apr 2018 16:17:08 +0000 (18:17 +0200)]
Add pci.3 to pve-q35.cfg required by virtio-scsi-single

(commit message reworked from original[1])
As a temporary workaround add always a pci.3 bridge so that if
virtio-scsi-single is used, either directly or indirectly if SCSI and
iothread is selected, the respective bridge is available:

> The case where we do miss the pci.3 bridge is when using
> virtio-scsi-single, regardless of whether io threads are enabled,
> because we always put those controllers on pci bus 3 (see
> QemuServer/PCI.pm)
-- [2]

A long term solution would be to always add those bridges dynamically
and just filter out the ones which are already inside the pve-q35.cfg
file .

[1]: https://pve.proxmox.com/pipermail/pve-devel/2018-April/031768.html
[2]: https://pve.proxmox.com/pipermail/pve-devel/2018-April/031787.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agobump version to 5.0-25
Wolfgang Bumiller [Fri, 13 Apr 2018 13:12:09 +0000 (15:12 +0200)]
bump version to 5.0-25

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agocollect device list for nested pci-bridges
Dominik Csapak [Thu, 12 Apr 2018 15:04:56 +0000 (17:04 +0200)]
collect device list for nested pci-bridges

when using q35 as machine type, there are nested pci-bridges,
but we only checked the first layer

this resulted in not being able to hotplug scsi devices,
because scsihw0 was deeper in the pci-bridge construct, we did not see
it and tried to add it (which fails of course)

this patch checks all bridges, regardless how deeply nested they are

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agofix #1697: only check machine type for pxe
Dominik Csapak [Fri, 13 Apr 2018 09:59:08 +0000 (11:59 +0200)]
fix #1697: only check machine type for pxe

it is not necessary to check the romfile of the running vm
for .pxe machine types, since the machine type itself is not
hot-pluggable

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoreadd nbd_stop
Dominik Csapak [Fri, 13 Apr 2018 12:13:42 +0000 (14:13 +0200)]
readd nbd_stop

we accidentally moved nbd_stop to CloudInit.pm in
commit 0c9a7596f6b686ead232927851200554c997fa44

and removed it in
commit 3db6e4ab708b29e9e59572efd8e44558c84bad6d

without realizing that live local storage migration still depends on it

readd it

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agodisk: serial no must now be passed to device not drive
Thomas Lamprecht [Thu, 5 Apr 2018 08:54:41 +0000 (10:54 +0200)]
disk: serial no must now be passed to device not drive

With QEMU 2.10 the serial parameter of the -drive command line option
was deprecated [1], so move the logic which adds this parameter now
to the -drive analogue -device CLI option.

Features marked deprecated will continue to work for two releases[2],
so we need to switch over before 2.12, AFAICT.

[1]: https://wiki.qemu.org/ChangeLog/2.10#Deprecated_options
[2]: https://qemu.weilnetz.de/doc/qemu-doc.html#Deprecated-features

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoqemu-img convert: use cache=none for ZFS only
Fabian Grünbichler [Mon, 26 Mar 2018 08:15:51 +0000 (10:15 +0200)]
qemu-img convert: use cache=none for ZFS only

since this requires O_DIRECT support by the underlying storage, which
might not be available.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 years agoqemu-img convert: use cache=none
Fabian Grünbichler [Fri, 23 Mar 2018 10:12:16 +0000 (11:12 +0100)]
qemu-img convert: use cache=none

this fixes an issue with zvols, which require cache=none and eat up all
free memory as buffered pages otherwise

https://github.com/zfsonlinux/zfs/issues/7235

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agobump version to 5.0-24
Thomas Lamprecht [Thu, 22 Mar 2018 08:29:30 +0000 (09:29 +0100)]
bump version to 5.0-24

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agodeps: cloud-init now needs qemu >= 2.11.1-4
Wolfgang Bumiller [Thu, 22 Mar 2018 07:20:30 +0000 (08:20 +0100)]
deps: cloud-init now needs qemu >= 2.11.1-4

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agouse pve-edk2-firmware for supporting OVMF
Thomas Lamprecht [Fri, 16 Mar 2018 12:58:27 +0000 (13:58 +0100)]
use pve-edk2-firmware for supporting OVMF

depend on new pve-edk2-firmware package and adapt the OVMF CODE/VARS
path accordingly

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agocommit_cloudinit_disk : add -n option to qemu-img dd
Alexandre Derumier [Wed, 21 Mar 2018 11:19:17 +0000 (12:19 +0100)]
commit_cloudinit_disk : add -n option to qemu-img dd

2 years agosync bwlimit description with the container one
Thomas Lamprecht [Wed, 21 Mar 2018 10:15:09 +0000 (11:15 +0100)]
sync bwlimit description with the container one

2 years agofixup: remove unneeded if branch
Thomas Lamprecht [Wed, 21 Mar 2018 10:12:26 +0000 (11:12 +0100)]
fixup: remove unneeded if branch

$readfrom equals $archive here, and we're already in the branch with
the condition that both are not equal to '-'

2 years agorestore: implement rate limiting
Wolfgang Bumiller [Thu, 22 Feb 2018 16:15:24 +0000 (17:15 +0100)]
restore: implement rate limiting

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agostop passing default '-k' QEMU option from datacenter.cfg
Thomas Lamprecht [Tue, 20 Mar 2018 13:26:43 +0000 (14:26 +0100)]
stop passing default '-k' QEMU option from datacenter.cfg

Modern noVNC does not needs this anymore, actually things may get
worse if it's used. E.g., when one sets 'de' and the VM locale is
'de' you may get a 'ĸ' (unicode kra) if you want to send an ampersand
character through pressing SHIFT + 6.

Qemus manual pages confirms that this is most times not needed
anymore:

 > -k language
 >    Use keyboard layout language (for example "fr" for
 >    French). This option is only needed where it is not
 >    easy to get raw PC keycodes (e.g. on Macs, with some
 >    X11 servers or with a VNC or curses display). You don't
 >    normally need to use it on PC/Linux or PC/Windows
 >    hosts.
 -- man kvm

An user can always set it per VM, wew simply remove the implict
default derived from the cluster wide datacenter.cfg

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agocleanup: remove duplicate mac address assignment
Wolfgang Bumiller [Wed, 21 Mar 2018 09:33:39 +0000 (10:33 +0100)]
cleanup: remove duplicate mac address assignment

The git history of this is not immediately obvious due to
the date of the cloud init patches, but the removal of this
line was basically reverted by them later at merge-time.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoclone: add command line completion for newid
Dietmar Maurer [Fri, 16 Mar 2018 10:05:56 +0000 (11:05 +0100)]
clone: add command line completion for newid

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2 years agoclone: use better default for parameter 'full'
Dietmar Maurer [Fri, 16 Mar 2018 10:05:55 +0000 (11:05 +0100)]
clone: use better default for parameter 'full'

template => linked clone
normal VM => full clone

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2 years agocloudinit: hide password on the api
Dominik Csapak [Thu, 15 Mar 2018 14:36:50 +0000 (15:36 +0100)]
cloudinit: hide password on the api

since password is easily decrypted, hide it on the api
if someone needs it, they can get it directly from the
config

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoremove legacy vm_monitor_command
Thomas Lamprecht [Tue, 13 Mar 2018 07:21:59 +0000 (08:21 +0100)]
remove legacy vm_monitor_command

We introduced our QMP socket with commit
c971c4f2213524f27125f558978a428b53628f34 (29.05.2012)

Already tried to remove this with commit
7b7c6d1b5dcee25e1194d4b8a0219bd5c31a5639 (13.07.2012)

But reverted that to allow migration of VMs still using the old
montior to ones which already switched over to the new QMP one,
in commit dab36e1ee924be0efab3f85937c23910b456f4b9 (17.08.2012)
see bug #242 for reference

This was all done  and released in PVE 2.2, as no migration through
nodes differing more than one major version is possible we can
finally remove this code for good.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agocloud-init: make parameter order consistent
Dominik Csapak [Mon, 12 Mar 2018 15:25:06 +0000 (16:25 +0100)]
cloud-init: make parameter order consistent

we have '$conf, $vmid' elsewhere for cloudinit, this was the only
function which had them in reverse

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agocloud-init: add manage_etc_hosts to cloud init config
Dominik Csapak [Mon, 12 Mar 2018 15:25:05 +0000 (16:25 +0100)]
cloud-init: add manage_etc_hosts to cloud init config

so that we get the hostname there
(e.g. sudo complains that it cannot resolve the hostname)

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agocloud-init: use default hostname when none is set
Dominik Csapak [Mon, 12 Mar 2018 15:25:04 +0000 (16:25 +0100)]
cloud-init: use default hostname when none is set

use "VM$vmid" like we do in a container

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agocloud-init: make cipassword interactive on the CLI
Wolfgang Bumiller [Mon, 12 Mar 2018 12:04:16 +0000 (13:04 +0100)]
cloud-init: make cipassword interactive on the CLI

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agoMove name argument to improve visibility in a process list
Herman van Rink [Mon, 12 Mar 2018 12:28:14 +0000 (13:28 +0100)]
Move name argument to improve visibility in a process list

Signed-off-by: Herman van Rink <rink@initfour.nl>
2 years agocloud-init: replace password parameter in log messages
Wolfgang Bumiller [Mon, 12 Mar 2018 11:28:49 +0000 (12:28 +0100)]
cloud-init: replace password parameter in log messages

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agostart: always stop an existing $vmid.scope
Wolfgang Bumiller [Fri, 16 Feb 2018 11:44:58 +0000 (12:44 +0100)]
start: always stop an existing $vmid.scope

Checking for the cgroup directory is a kind of time-of-check
time-of-use race condition stop-mode backups seem to
occasionally run into on some systems.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agocloud-init: pre-hash passwords
Wolfgang Bumiller [Thu, 8 Mar 2018 13:57:19 +0000 (14:57 +0100)]
cloud-init: pre-hash passwords

We don't leave this up to cloud-init as we don't want
un-hashed values at all in our configs.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>