[pve-devel] applied: [PATCH manager 1/2] pvereport: dir2text: ignore special . and .. files
On 03/10/2023 13:36, Aaron Lauterer wrote: > So far this hasn't been an issue as each user of dir2text wanted files > with a specific pattern. But if we want every file in the directory, we > need to skip the special files '.' and '..'. > > Signed-off-by: Aaron Lauterer > --- > PVE/Report.pm | 1 + > 1 file changed, 1 insertion(+) > > applied, thanks! I made an (only tangentially) related follow-up, adding a short hint about what should get output to start of $text in dir2text, as it seems IMO possible helpful when to get a bit more active hint that there are no files when combing through logs. ___ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] aüüöoed: [PATCH docs] correct outdated info about gui header
On 02/11/2023 16:08, Dominik Csapak wrote: > the header part of the gui did change, by moving the user name into a > button, which now contains more user specific actions. Update it to be > correct again. > applied, with some language follow-ups, thanks — keeping such things up-to-date is important work! > Signed-off-by: Dominik Csapak > --- > pve-gui.adoc | 18 ++ > 1 file changed, 10 insertions(+), 8 deletions(-) > > diff --git a/pve-gui.adoc b/pve-gui.adoc > index 9f63a7e..046fb9f 100644 > --- a/pve-gui.adoc > +++ b/pve-gui.adoc > @@ -101,21 +101,23 @@ search bar nearside you can search for specific objects > (VMs, > containers, nodes, ...). This is sometimes faster than selecting an > object in the resource tree. > > -To the right of the search bar we see the identity (login name). The > -gear symbol is a button opening the 'My Settings' dialog. There you > -can customize some client side user interface setting (reset the saved > -login name, reset saved layout). > - > -The rightmost part of the header contains four buttons: > +The right part of the header contains four buttons: > > [horizontal] > -Help :: Opens a new browser window showing the reference documentation. > +Documentation :: Opens a new browser window showing the reference > documentation. > > Create VM :: Opens the virtual machine creation wizard. > > Create CT :: Open the container creation wizard. > > -Logout :: Logout, and show the login dialog again. > +Identity Menu :: Displays the identity and contains user specific > options. IMO that name is rather odd.. changed to "User Menu" I connected the following paragraph with the above definition-list entry by placing a "+" on the empty line, that way they are separate paragraphs but still indented on the same level, which IMO makes sense for the menu child entries. > + > +The identity menu contains various user specific options, such as the 'My "various user specific options" is a repetition from the list above, sticks especially out because it's already a bit superfluous there too, i.e., what else would the "user menu" contain? ^^ > +Settings' dialog. There you can customize some client side user interface > +setting (reset the saved login name, reset saved layout). I reworded to avoid the parenthesis, but they were mostly pre-exsiting, so just mentioning for the record. > + > +It also contains a shortcut to the 'TFA', 'Language' and 'Color Theme' > +settings, as well as the Logout option. > > > [[gui_my_settings]] ___ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] applied: [PATCH zfsonlinux] add patch for spurious warning on `zfs mount -a`
On 02/11/2023 18:33, Stoiko Ivanov wrote: > reported in our community forum: > https://forum.proxmox.com/threads/.135635/post-60036 The dot isn't required, but it seems the anchor # really is, your link goes to an ancient post without that, switched it to: https://forum.proxmox.com/threads/135635/#post-60036 > > the small fix was merged upstream: > https://github.com/openzfs/zfs/pull/15468 > > minimally tested by building with this patch and running > `zfs mount -a` on an affected system. > > Signed-off-by: Stoiko Ivanov > --- > this patch fixes a cosmetic issue, but might help keep support requests down > a bit. > also quickly skimmed through the other patches in upstream/master and > salsa.debian.org - but currently don't think anything needs to be pulled in > urgently > > ...runcate_shares-without-etc-exports.d.patch | 76 +++ > debian/patches/series | 1 + > 2 files changed, 77 insertions(+) > create mode 100644 > debian/patches/0012-Fix-nfs_truncate_shares-without-etc-exports.d.patch > > applied, thanks! ___ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] applied: [PATCH zfsonlinux] add patch for spurious warning on `zfs mount -a`
On 02/11/2023 18:33, Stoiko Ivanov wrote: > reported in our community forum: > https://forum.proxmox.com/threads/.135635/post-60036 > > the small fix was merged upstream: > https://github.com/openzfs/zfs/pull/15468 > > minimally tested by building with this patch and running > `zfs mount -a` on an affected system. > > Signed-off-by: Stoiko Ivanov > --- > this patch fixes a cosmetic issue, but might help keep support requests down > a bit. > also quickly skimmed through the other patches in upstream/master and > salsa.debian.org - but currently don't think anything needs to be pulled in > urgently > > ...runcate_shares-without-etc-exports.d.patch | 76 +++ > debian/patches/series | 1 + > 2 files changed, 77 insertions(+) > create mode 100644 > debian/patches/0012-Fix-nfs_truncate_shares-without-etc-exports.d.patch > > applied, thanks! ___ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] applied-series: [PATCH 00/12] installer: add crate for common code
On 25/10/2023 17:59, Aaron Lauterer wrote: > since work on the auto installer is happenning in parallel, now would be > a good point to move commonly used code into its own crate. Otherwise > the auto-installer will always have to play catch up with the ongoing > development of the tui installer. > > I tried to split up the commits as much as possible, but there are two > larger ones, copying most the code over to the new repo and making the > switch. The former because it is difficult to pull apart the parts that > belong together. The latter needed to be this big as most local > occurences needed to be removed at the same time to avoid dependency > conflicts. > > One last things that is missing, is the "InstallConfig" struct. > This should also be part of the common crate, but I need to look further > into how to make it possible that it can be created from structs of each > crate (tui, auto) as implementing a ::From can only be done within the > crate where the struct lives IIUC. > > This series depends on the patches by Christoph to remove the global > unsafe setup info, version 2 [0]. Without those patches applied first, > this series will not apply. > > [0] https://lists.proxmox.com/pipermail/pve-devel/2023-October/059628.html > > Aaron Lauterer (12): > add proxmox-installer-common crate > common: copy common code from tui-installer > common: utils: add dependency for doc test > common: make InstallZfsOption public > common: disk_checks: make functions public > tui-installer: add dependency for new common crate > tui: switch to common crate > tui: remove now unused utils.rs > common: add installer_setup method > common: document installer_setup method > tui: use installer_setup from common cate > tui: remove unused read_json function applied series, with Christoph's build-sys fix squashed into your first patch, and his R-b added, thanks! ___ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH zfsonlinux] add patch for spurious warning on `zfs mount -a`
reported in our community forum:
https://forum.proxmox.com/threads/.135635/post-60036
the small fix was merged upstream:
https://github.com/openzfs/zfs/pull/15468
minimally tested by building with this patch and running
`zfs mount -a` on an affected system.
Signed-off-by: Stoiko Ivanov
---
this patch fixes a cosmetic issue, but might help keep support requests down
a bit.
also quickly skimmed through the other patches in upstream/master and
salsa.debian.org - but currently don't think anything needs to be pulled in
urgently
...runcate_shares-without-etc-exports.d.patch | 76 +++
debian/patches/series | 1 +
2 files changed, 77 insertions(+)
create mode 100644
debian/patches/0012-Fix-nfs_truncate_shares-without-etc-exports.d.patch
diff --git
a/debian/patches/0012-Fix-nfs_truncate_shares-without-etc-exports.d.patch
b/debian/patches/0012-Fix-nfs_truncate_shares-without-etc-exports.d.patch
new file mode 100644
index ..7eb9721d
--- /dev/null
+++ b/debian/patches/0012-Fix-nfs_truncate_shares-without-etc-exports.d.patch
@@ -0,0 +1,76 @@
+From Mon Sep 17 00:00:00 2001
+From: siv0
+Date: Tue, 31 Oct 2023 21:57:54 +0100
+Subject: [PATCH] Fix nfs_truncate_shares without /etc/exports.d
+
+Calling nfs_reset_shares on Linux prints a warning:
+`failed to lock /etc/exports.d/zfs.exports.lock: No such file or
+directory`
+when /etc/exports.d does not exist. The directory gets created, when a
+filesystem is actually exported through nfs_toggle_share and
+nfs_init_share. The truncation of /etc/exports.d/zfs.exports happens
+unconditionally when calling `zfs mount -a` (via zfs_do_mount and
+share_mount in `cmd/zfs/zfs_main.c`).
+
+Fixing the issue only in the Linux part, since the exports file on
+freebsd is in `/etc/zfs/`, which seems present on 2 FreeBSD systems I
+have access to (through `/etc/zfs/compatibility.d/`), while a Debian
+box does not have the directory even if `/usr/sbin/exportfs` is
+present through the `nfs-kernel-server` package.
+
+The code for exports_available is copied from nfs_available above.
+
+Fixes: ede037cda73675f42b1452187e8dd3438fafc220
+("Make zfs-share service resilient to stale exports")
+
+Reviewed-by: Brian Atkinson
+Reviewed-by: Brian Behlendorf
+Signed-off-by: Stoiko Ivanov
+Closes #15369
+Closes #15468
+(cherry picked from commit 41e55b476bcfc90f1ad81c02c5375367fdace9e9)
+Signed-off-by: Stoiko Ivanov
+---
+ lib/libshare/os/linux/nfs.c | 18 ++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/lib/libshare/os/linux/nfs.c b/lib/libshare/os/linux/nfs.c
+index 004946b0c..3dce81840 100644
+--- a/lib/libshare/os/linux/nfs.c
b/lib/libshare/os/linux/nfs.c
+@@ -47,6 +47,7 @@
+
+
+ static boolean_t nfs_available(void);
++static boolean_t exports_available(void);
+
+ typedef int (*nfs_shareopt_callback_t)(const char *opt, const char *value,
+ void *cookie);
+@@ -539,6 +540,8 @@ nfs_commit_shares(void)
+ static void
+ nfs_truncate_shares(void)
+ {
++ if (!exports_available())
++ return;
+ nfs_reset_shares(ZFS_EXPORTS_LOCK, ZFS_EXPORTS_FILE);
+ }
+
+@@ -566,3 +569,18 @@ nfs_available(void)
+
+ return (avail == 1);
+ }
++
++static boolean_t
++exports_available(void)
++{
++ static int avail;
++
++ if (!avail) {
++ if (access(ZFS_EXPORTS_DIR, F_OK) != 0)
++ avail = -1;
++ else
++ avail = 1;
++ }
++
++ return (avail == 1);
++}
diff --git a/debian/patches/series b/debian/patches/series
index 710cbfbe..6a5ab10f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@
0009-arc-stat-summary-guard-access-to-l2arc-MFU-MRU-stats.patch
0010-zvol-Remove-broken-blk-mq-optimization.patch
0011-Revert-zvol-Temporally-disable-blk-mq.patch
+0012-Fix-nfs_truncate_shares-without-etc-exports.d.patch
--
2.39.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH v2 container 1/1] Add device passthrough
On 30/10/2023 14:34, Wolfgang Bumiller wrote:
On Tue, Oct 24, 2023 at 02:55:53PM +0200, Filip Schauer wrote:
Add a dev[n] argument to the container config to pass devices through to
a container. A device can be passed by its path. Alternatively a mapped
USB device can be passed through with usbmapping=.
Signed-off-by: Filip Schauer
---
src/PVE/LXC.pm| 34 +++-
src/PVE/LXC/Config.pm | 60 +++
2 files changed, 93 insertions(+), 1 deletion(-)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index c9b5ba7..a3ddb62 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -5,7 +5,8 @@ use warnings;
use Cwd qw();
use Errno qw(ELOOP ENOTDIR EROFS ECONNREFUSED EEXIST);
-use Fcntl qw(O_RDONLY O_WRONLY O_NOFOLLOW O_DIRECTORY);
+use Fcntl qw(O_RDONLY O_WRONLY O_NOFOLLOW O_DIRECTORY :mode);
+use File::Basename;
use File::Path;
use File::Spec;
use IO::Poll qw(POLLIN POLLHUP);
@@ -639,6 +640,37 @@ sub update_lxc_config {
$raw .= "lxc.mount.auto = sys:mixed\n";
}
+# Clear passthrough directory from previous run
+my $passthrough_dir = "/var/lib/lxc/$vmid/passthrough";
+File::Path::rmtree($passthrough_dir);
I think we need to make a few changes here.
First: we don't necessarily need this directory.
Having a device list would certainly be nice, but it makes more sense to
just have a file we can easily parse (possibly even just a json hash),
like the `devices` file we already create in the pre-start hook, except
prepared *for* the pre-start hook, which *should* be able to just
`mknod` the devices right into the container's `/dev` on startup.
Devices mknoded into the container's /dev directory in the pre-start
hook will not be visible in the container once it is fully started.
Meanwhile mknoding a device to a different path inside the container
works fine. It seems that LXC mounts over the /dev directory. This can
be solved by calling mknod in lxc-pve-autodev-hook, but this does not
work with unprivileged containers without the mknod capability.
So are bind mounts our only option without modifying LXC,
or am I overlooking something?
We'd also avoid "lingering" device nodes with potentially harmful
uid/permissions in /var, which is certainly better from a security POV.
But note that we do need the `lxc.cgroup2.*` entries before starting the
container in order to ensure the devices cgroup has the right
permissions.
+
+PVE::LXC::Config->foreach_passthrough_device($conf, sub {
+ my ($key, $sanitized_path) = @_;
+
+ my $absolute_path = "/$sanitized_path";
+ my ($mode, $rdev) = (stat($absolute_path))[2, 6];
+ die "Could not find major and minor ids of device $absolute_path.\n"
+ unless ($mode && $rdev);
+
+ my $major = PVE::Tools::dev_t_major($rdev);
+ my $minor = PVE::Tools::dev_t_minor($rdev);
+ my $device_type_char = S_ISBLK($mode) ? 'b' : 'c';
+ my $passthrough_device_path = "$passthrough_dir/$sanitized_path";
+ File::Path::make_path(dirname($passthrough_device_path));
+ PVE::Tools::run_command([
+ '/usr/bin/mknod',
+ '-m', '0660',
+ $passthrough_device_path,
+ $device_type_char,
+ $major,
+ $minor
+ ]);
It's probably worth adding a helper for the mknod syscall to
`PVE::Tools`, there are a bunch of syscalls in there already.
+ chown 10, 10, $passthrough_device_path if ($unprivileged);
^ This isn't necessarily the correct id. Users may have custom id
mappings.
`PVE::LXC::parse_id_maps($conf)` returns the mapping alongside the root
uid and gid. (See for example `sub mount_all` for how it's used.
+
+ $raw .= "lxc.cgroup2.devices.allow = $device_type_char $major:$minor
rw\n";
+ $raw .= "lxc.mount.entry = $passthrough_device_path $sanitized_path none
bind,create=file\n";
+});
+
# WARNING: DO NOT REMOVE this without making sure that loop device nodes
# cannot be exposed to the container with r/w access (cgroup perms).
# When this is enabled mounts will still remain in the monitor's namespace
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 56e1f10..edd813e 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -29,6 +29,7 @@ mkdir $lockdir;
mkdir "/etc/pve/nodes/$nodename/lxc";
my $MAX_MOUNT_POINTS = 256;
my $MAX_UNUSED_DISKS = $MAX_MOUNT_POINTS;
+my $MAX_DEVICES = 256;
# BEGIN implemented abstract methods from PVE::AbstractConfig
@@ -908,6 +909,49 @@ for (my $i = 0; $i < $MAX_UNUSED_DISKS; $i++) {
}
}
+PVE::JSONSchema::register_format('pve-lxc-dev-string', \&verify_lxc_dev_string);
+sub verify_lxc_dev_string {
+my ($dev, $noerr) = @_;
+
+if (
+ $dev =~m@/\.\.?/@ ||
+ $dev =~m@/\.\.?$@ ||
+ $dev !~ m!^/dev/!
+) {
+ return undef if $noerr;
+ die "$dev is not a valid device path\n";
+}
+
+return $dev;
+}
+
+my $dev_d
[pve-devel] [PATCH docs] correct outdated info about gui header
the header part of the gui did change, by moving the user name into a button, which now contains more user specific actions. Update it to be correct again. Signed-off-by: Dominik Csapak --- pve-gui.adoc | 18 ++ 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/pve-gui.adoc b/pve-gui.adoc index 9f63a7e..046fb9f 100644 --- a/pve-gui.adoc +++ b/pve-gui.adoc @@ -101,21 +101,23 @@ search bar nearside you can search for specific objects (VMs, containers, nodes, ...). This is sometimes faster than selecting an object in the resource tree. -To the right of the search bar we see the identity (login name). The -gear symbol is a button opening the 'My Settings' dialog. There you -can customize some client side user interface setting (reset the saved -login name, reset saved layout). - -The rightmost part of the header contains four buttons: +The right part of the header contains four buttons: [horizontal] -Help :: Opens a new browser window showing the reference documentation. +Documentation :: Opens a new browser window showing the reference documentation. Create VM :: Opens the virtual machine creation wizard. Create CT :: Open the container creation wizard. -Logout :: Logout, and show the login dialog again. +Identity Menu :: Displays the identity and contains user specific options. + +The identity menu contains various user specific options, such as the 'My +Settings' dialog. There you can customize some client side user interface +setting (reset the saved login name, reset saved layout). + +It also contains a shortcut to the 'TFA', 'Language' and 'Color Theme' +settings, as well as the Logout option. [[gui_my_settings]] -- 2.39.2 ___ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
