The changes to the listening behavior introduced with PVE 6.4 break
backwardscompatibility w.r.t. listening address and logging, which
should not be changed without explictly notifying the user.
This patch re-adds the family parameter, which is still used by
pmgproxy and based on its existence
with the recent change in pve-manager pveproxy (and spiceproxy)
try binding to '::' per default. This fails for hosts having disabled
ipv6 via kernel commandline.
Our desired behavior of binding on '::' and only falling back to
'0.0.0.0' in case this is not supported is not directly possible with
v2 -> v3:
* dropped the T-b tags
* Thanks to Thomas vigilant look and memory - added a patch to keep the behavior
for pmgproxy as it currently is (listenaddress determined by the family
returned by getaddrinfo on the nodename) - huge Thanks!!
** the patch is kept separate, as to be revertible
Given that quite a few HOWTOs on the internet suggest disabling ipv6
support via kernel commandline, which can cause quite many undesired
side-effects (e.g. ip6tables as used in pve-firewall errors out)
this patch adds a short section documenting, that disabling ipv6 is
not necessary usually and
With recent changes to the listening socket code in pve-manager
the proxy daemons now usually bind to '::' and ipv4 clients are
read as v4-mapped-v6 addresses [0] from :::0:0/96.
This caused the allow_from/deny_from matching to break.
This patch addresses the issue by normalizing addresses
Signed-off-by: Stoiko Ivanov
---
pveproxy.adoc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/pveproxy.adoc b/pveproxy.adoc
index 665e575..09ac5cf 100644
--- a/pveproxy.adoc
+++ b/pveproxy.adoc
@@ -45,7 +45,8 @@ POLICY="allow"
IP addresses can be specified using
Net::IP objects are bound to a version - 0/0 is treated as ipv4 only.
If 'all' is present in the allow_from/deny_from list we should also
add ::/0 for matching all ipv6 addresses.
Signed-off-by: Stoiko Ivanov
---
PVE/APIServer/Utils.pm | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
The Domain parameter for IO::Socket::IP is not used/needed.
It is needed to create a IP Socket when calling IO::Socket->new,
but here we call IO::Socket::IP-new directly (see [0]).
[0] https://perldoc.perl.org/IO::Socket::IP
Signed-off-by: Stoiko Ivanov
---
src/PVE/Daemon.pm | 1 -
1 file
Seems certain hosting environments (e.g. OVH) set net.ipv6.bindv6only
to 1, which caused problems for those users after the 6.4 upgrade.
Signed-off-by: Stoiko Ivanov
---
pveproxy.adoc | 9 +
1 file changed, 9 insertions(+)
diff --git a/pveproxy.adoc b/pveproxy.adoc
index
This patch fixes a regression for hosts disabling ipv6 via kernel
commandline ('ipv6.disable=1')introduced in commit
fc087ec2b924dc9c72d3bf80face8a1731c15405
(disabling IPv6 via sysctl did not exhibit these problems)
by hardcoding the address to '::', pveproxy and spiceproxy failed to
start with:
On 30.04.21 01:15, Alexandre Derumier wrote:
> Signed-off-by: Alexandre Derumier
> ---
> PVE/API2/Network/SDN/Zones.pm | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
>
applied, thanks!
Are there any pending fixes you know of or is a version bump now OK for you.
On 30.04.21 00:55, Alexandre Derumier wrote:
> Same than for storage
>
FYI, from a quick look this seems OK, but I'll wait at least until we
have VM and CT support ready before applying this.
> Signed-off-by: Alexandre Derumier
> ---
> PVE/Network/SDN/Ipams.pm | 48
On 29.04.21 23:58, Alexandre Derumier wrote:
> Signed-off-by: Alexandre Derumier
> ---
> pvesdn.adoc | 23 ++-
> 1 file changed, 14 insertions(+), 9 deletions(-)
>
>
applied, thanks!
___
pve-devel mailing list
hi,
> > tested the following to verify:
> >> I tested it in the following scenarios:
> >> * ipv6 disabled via kernel commandline (listen on 0.0.0.0)
> >> * ipv6 disabled via sysctl (listen on 0.0.0.0)
> >> * no settings dual-stacked (listen on *)
> >> * no settings v6 only (listen on *)
> >>
> >
On 5/5/21 08:02, aderum...@odiso.com wrote:
Hi Moula,
local device migration is not related to this remote migration serie,
but maybe some improvement could be done.
I'm think about usb device, where we could have the same device on
multiple hosts. (like a security dongle for example).
I
On 05.05.21 10:26, Lorenz Stechauner wrote:
> Signed-off-by: Lorenz Stechauner
> ---
> src/PVE/ACME/DNSChallenge.pm | 14 +-
> 1 file changed, 13 insertions(+), 1 deletion(-)
>
>
applied, thanks!
___
pve-devel mailing list
Signed-off-by: Lorenz Stechauner
---
src/PVE/ACME/DNSChallenge.pm | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/PVE/ACME/DNSChallenge.pm b/src/PVE/ACME/DNSChallenge.pm
index 29311c9..ce66f3c 100644
--- a/src/PVE/ACME/DNSChallenge.pm
+++
Le mercredi 05 mai 2021 à 08:59 +0200, Thomas Lamprecht a écrit :
> rustup is the "rust native" way to setup rust: https://rustup.rs/
>
> Some people here have both, Packaged rust for clean package builds
> and
> some nightly version for testing newer features in development or
> such
> things.
>
Thanks Dietmar, it's building fine now !
Le mercredi 05 mai 2021 à 08:43 +0200, Dietmar Maurer a écrit :
> > currently, I have tried to build "proxmox" rust
> >
> > https://git.proxmox.com/?p=proxmox.git;a=shortlog
> > with a simple
> > "make deb" + installed needed build depend.
> >
> > but I
On 05.05.21 08:59, Thomas Lamprecht wrote:
>> Seem to be a missing package ?
> Did you setup the devel repository?
>
> deb http://download.proxmox.com/debian/devel buster main
>
> And installed all build-dependencies? Maybe there are some missing in
> d/control..
>
> May want to ensure you have
On 05.05.21 08:36, aderum...@odiso.com wrote:
> Hi,
> I try to build proxmox rust package to test the remote migration,
>
> I'm a noob with rust, so I have begin too look at proxmox-backup doc
>
> https://git.proxmox.com/?p=proxmox-backup.git;a=blob_plain;f=README.rst;hb=HEAD
>
> ``rustup``
> currently, I have tried to build "proxmox" rust
>
> https://git.proxmox.com/?p=proxmox.git;a=shortlog
> with a simple
> "make deb" + installed needed build depend.
>
> but I have this error
>
>
> "
> test src/tools/websocket.rs - tools::websocket::create_frame (line 161)
> ... ok
> test
Hi,
I try to build proxmox rust package to test the remote migration,
I'm a noob with rust, so I have begin too look at proxmox-backup doc
https://git.proxmox.com/?p=proxmox-backup.git;a=blob_plain;f=README.rst;hb=HEAD
``rustup`` Toolchain
We normally want to build with
On 29.04.21 23:00, Alexandre Derumier wrote:
> some user want to be able to define a vnet without vlan,
> so at qinq zone level, to be able to see traffic from others vnets of this
> qinq zone.
> Some example of usage is a inter-vnet firewall/gateway vm.
>
> Signed-off-by: Alexandre Derumier
>
Hi Moula,
local device migration is not related to this remote migration serie,
but maybe some improvement could be done.
I'm think about usb device, where we could have the same device on
multiple hosts. (like a security dongle for example).
I think for usb we should be able to
25 matches
Mail list logo