Le mardi 13 juin 2023 à 13:21 +0200, Fabian Grünbichler a écrit :
> On June 12, 2023 7:43 pm, Alexandre Derumier wrote:
> > if vnet has not been generated (this should never happend)
> > warn the user to check if "source /etc/network/interfaces.d/sdn'
> > exist
> >
> > Signed-off-by: Alexandre Der
Am 14/06/2023 um 15:05 schrieb Fiona Ebner:
> There are some use sites, e.g. HA manager, pvescheduler that
> incorrectly use priority level 'warn'. Likely because that is allowed
> for some other log helpers in the codebase. Instead of fixing them all
> one-by-one, simply allow 'warn' as a priority
Am 13/06/2023 um 10:43 schrieb Dominik Csapak:
> by adding an empty text to the dropdown, and disabling the other
> possibly invalid fields, so that it's clear why the panel is invalid
>
> as soon as there is an ldap/ad realm, it gets autoselected anyway and
> the fields get re-enabled.
>
> Signe
Am 14/06/2023 um 14:33 schrieb Stoiko Ivanov:
> v1->v2:
> * actually added the /etc/hosts from an alpine template (seems I
> fat-fingered a cp iniially) for patch 2 - sorry for the fuzz
>
> original cover-letter for v1:
> the patch from:
> https://lists.proxmox.com/pipermail/pve-devel/2023-June/
Am 14/06/2023 um 14:31 schrieb Dominik Csapak:
> to get a fast overview in which groups each user is.
>
> for that we need to add the 'full=1' parameter.
>
> this only tokens/groups to the api call, but we have that info in the
> backend after parsing the config anyway, so it should not be very
>
Am 14/06/2023 um 14:51 schrieb Fiona Ebner:
> Am 13.06.23 um 15:42 schrieb Alexander Zeidler:
>> Signed-off-by: Alexander Zeidler
>> ---
>> src/PVE/VZDump/Common.pm | 6 ++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/src/PVE/VZDump/Common.pm b/src/PVE/VZDump/Common.pm
>> index a6fe4
There are some use sites, e.g. HA manager, pvescheduler that
incorrectly use priority level 'warn'. Likely because that is allowed
for some other log helpers in the codebase. Instead of fixing them all
one-by-one, simply allow 'warn' as a priority too.
Suggested-by: Thomas Lamprecht
Signed-off-by
Am 13.06.23 um 15:42 schrieb Alexander Zeidler:
> Signed-off-by: Alexander Zeidler
> ---
> src/PVE/VZDump/Common.pm | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/PVE/VZDump/Common.pm b/src/PVE/VZDump/Common.pm
> index a6fe483..28ab0d3 100644
> --- a/src/PVE/VZDump/Common.pm
v1->v2:
* actually added the /etc/hosts from an alpine template (seems I
fat-fingered a cp iniially) for patch 2 - sorry for the fuzz
original cover-letter for v1:
the patch from:
https://lists.proxmox.com/pipermail/pve-devel/2023-June/057420.html
broke the setup for templates which don't contai
adaptation to adhere to perlcritics recommendation led to the snapshot
tests to not work anymore:
```
Undefined subroutine &Test::MockModule called at snapshot-test.pm line 300.
```
With this the snapshot tests still run and perlcritic seems happy
Fixes: f505de300431134b202ad5a88f55721cb95e6fe4
S
based on test-alpine-002
Signed-off-by: Stoiko Ivanov
---
src/test/test-alpine-003/config | 2 ++
src/test/test-alpine-003/etc/alpine-release | 1 +
src/test/test-alpine-003/etc/hostname.exp | 1 +
src/test/test-alpine-003/etc/hosts| 3 +++
src/test/test-alpin
to get a fast overview in which groups each user is.
for that we need to add the 'full=1' parameter.
this only tokens/groups to the api call, but we have that info in the
backend after parsing the config anyway, so it should not be very
costly.
Signed-off-by: Dominik Csapak
---
www/manager6/dc
On 6/14/23 14:13, Fiona Ebner wrote:
Am 14.06.23 um 13:44 schrieb Aaron Lauterer:
On 6/14/23 13:38, Thomas Lamprecht wrote:
Am 14/06/2023 um 13:28 schrieb Aaron Lauterer:
This reverts commit cdef3abb25984c369571626b38f97f92a0a2fd15.
The bug should be fixed by now [0]. The reproducer doesn'
Am 14.06.23 um 13:44 schrieb Aaron Lauterer:
> On 6/14/23 13:38, Thomas Lamprecht wrote:
>> Am 14/06/2023 um 13:28 schrieb Aaron Lauterer:
>>> This reverts commit cdef3abb25984c369571626b38f97f92a0a2fd15.
>>>
>>> The bug should be fixed by now [0]. The reproducer doesn't cause any
>>> issues in my
Tested with my viommu patches installed on my host so that I can use iommu
inside
a VM and pass though virtual devices to Level-2 VMs.
I created a pve8 vm and a pve8 2-node vm cluster.
I used the Web UI for this testing but made a quick test with pvesh on the
API (/cluster/mapping/pci).
PCI:
*
On 6/14/23 13:38, Thomas Lamprecht wrote:
Am 14/06/2023 um 13:28 schrieb Aaron Lauterer:
This reverts commit cdef3abb25984c369571626b38f97f92a0a2fd15.
The bug should be fixed by now [0]. The reproducer doesn't cause any
issues in my tests.
[0] https://github.com/openzfs/zfs/issues/8541
hm
Am 14/06/2023 um 13:08 schrieb Fabian Grünbichler:
> adapt to recent changes:
> - PVESDNUser role, SDN.Use privilege
> - Permissions.Modify no longer part of PVESysAdmin and PVEAdmin
> - PVE reserved prefix for builtin roles
>
> and add some notes and warnings about dangerous aspects of permission
Am 14/06/2023 um 13:28 schrieb Aaron Lauterer:
> This reverts commit cdef3abb25984c369571626b38f97f92a0a2fd15.
>
> The bug should be fixed by now [0]. The reproducer doesn't cause any
> issues in my tests.
>
> [0] https://github.com/openzfs/zfs/issues/8541
hmm, torn on this one; 1 MB aligned ima
Am 03/03/2023 um 08:35 schrieb Fiona Ebner:
> Using the word 'agent' is highly confusing here as there is no QMP
> agent and thus wrongly suggests that the value is related to the
> guest agent[0].
>
> [0]: https://forum.proxmox.com/threads/123590/post-537716
>
> Signed-off-by: Fiona Ebner
> ---
Am 14/06/2023 um 12:43 schrieb Stoiko Ivanov:
> +++ b/src/test/test-alpine-003/etc/hosts
> @@ -0,0 +1,5 @@
> +127.0.0.1localhost localhost.localdomain
> +::1 localhost localhost.localdomain
Misses the "LXC_NAME" line we want to test that it gets removed?
> +# --- BEGIN PVE ---
> +12
This reverts commit cdef3abb25984c369571626b38f97f92a0a2fd15.
The bug should be fixed by now [0]. The reproducer doesn't cause any
issues in my tests.
[0] https://github.com/openzfs/zfs/issues/8541
Signed-off-by: Aaron Lauterer
---
AFAICT this has an affect on EFI disks which after this revert
Ping
Am 03.03.23 um 08:35 schrieb Fiona Ebner:
> Using the word 'agent' is highly confusing here as there is no QMP
> agent and thus wrongly suggests that the value is related to the
> guest agent[0].
>
> [0]: https://forum.proxmox.com/threads/123590/post-537716
>
> Signed-off-by: Fiona Ebner
>
If a disk image reports a size of '-1', something is most likely amiss.
The RBD storage plugin for example returns it, if the image is broken
and only remnants remain.
In such a situation, instead of showing '-1 B', we bette show nothing.
Signed-off-by: Aaron Lauterer
---
This patch is not neces
It can happen, that an RBD image isn't cleaned up 100%. Calling 'rbd ls
-l' will then show errors that it is not possible to open the image in
question:
```
rbd: error opening vm-103-disk-1: (2) No such file or directory
rbd: listing images failed: (2) No such file or directory
```
Originally we o
adapt to recent changes:
- PVESDNUser role, SDN.Use privilege
- Permissions.Modify no longer part of PVESysAdmin and PVEAdmin
- PVE reserved prefix for builtin roles
and add some notes and warnings about dangerous aspects of permission
management, and missing parts.
Signed-off-by: Fabian Grünbich
based on test-alpine-002
Signed-off-by: Stoiko Ivanov
---
src/test/test-alpine-003/config | 2 ++
src/test/test-alpine-003/etc/alpine-release | 1 +
src/test/test-alpine-003/etc/hostname.exp | 1 +
src/test/test-alpine-003/etc/hosts| 5 +
src/test/test-alp
the patch from:
https://lists.proxmox.com/pipermail/pve-devel/2023-June/057420.html
broke the setup for templates which don't contain /etc/hosts.
This was fixed in a follow-up by Thomas.
Sorry for not noticing the broken tests (they are currently skipped if
building with sbuild, which I used)!
pat
adaptation to adhere to perlcritics recommendation led to the snapshot
tests to not work anymore:
```
Undefined subroutine &Test::MockModule called at snapshot-test.pm line 300.
```
With this the snapshot tests still run and perlcritic seems happy
Fixes: f505de300431134b202ad5a88f55721cb95e6fe4
S
instead, fallback to a plain login shell if the current user is not already
root. both current custom commands are effectively a root shell, so it's not
possible to allow them for regular users.
note that the non-login commands via xtermjs already had the fallback behaviour
(i.e., no check for $pa
non-login commands are still restricted to root@pam if they where before.
Signed-off-by: Fabian Grünbichler
---
PVE/API2/Nodes.pm | 10 +-
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index 81c7f3788..649735115 100644
--- a/PVE/API2/N
the last patch is RFC since we likely want to add another change to improve the
UX, but there are several options which are all a bit meh.
Fabian Grünbichler (3):
node console: restrict all non-login commands to root@pam
node console: allow usage for non-pam realms
node console: lift root@pa
and not just upgrade.
note that the only other non-login command (ceph_install) is restricted to
root@pam in the web UI anyway, and that the termproxy endpoint is lacking this
check and thus always falls back to a login prompt for non-login commands
requested by non-root users.
Signed-off-by: Fab
so if there are many storages and/or nodes, it makes the list of
storages a bit clearer
to do that we have to add a virtual field to group by that is not the
same as the 'type' of the individual entries (otherwise the grouping
logic does insert them wrong)
to not pollute the column list in the se
otherwise we might run into an exception further down
Signed-off-by: Dominik Csapak
---
www/manager6/panel/ConfigPanel.js | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/www/manager6/panel/ConfigPanel.js
b/www/manager6/panel/ConfigPanel.js
index d578f944..5192d2bc 100644
Am 13.06.23 um 15:42 schrieb Alexander Zeidler:
> Signed-off-by: Alexander Zeidler
> ---
> src/PVE/VZDump/Common.pm | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/PVE/VZDump/Common.pm b/src/PVE/VZDump/Common.pm
> index a6fe483..28ab0d3 100644
> --- a/src/PVE/VZDump/Common.pm
Am 13.06.23 um 15:42 schrieb Alexander Zeidler:
> configuring pbs-entries-max can avoid failing backups due to a high
> amount of files in folders where a folder exclusion is not possible
>
> Signed-off-by: Alexander Zeidler
> ---
> src/PVE/VZDump/LXC.pm | 5 +
> 1 file changed, 5 insertions
Am 13.06.23 um 15:42 schrieb Alexander Zeidler:
> Unify style before adding another parameter check
>
> Signed-off-by: Alexander Zeidler
> ---
> PVE/API2/Backup.pm | 7 +--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/PVE/API2/Backup.pm b/PVE/API2/Backup.pm
> index 45e
oops.. typo in the commit title!
3893 and not 3892!
On 6/14/23 11:30, Aaron Lauterer wrote:
The new optional bridge_vids field allows to set that property via the
GUI. Since the backend needs to support it, the field needs to be
explicitly enabled.
For now, Proxmox VE (PVE) is the use case.
S
For that we need to add a new format option that checks against valid
VLAN tags and ranges, for example: 2 4 100-200
The check, if the default value should be used, needs to fail not just
when not defined, but also in case it is an empty string.
Signed-off-by: Aaron Lauterer
---
no changes since
The new optional bridge_vids field allows to set that property via the
GUI. Since the backend needs to support it, the field needs to be
explicitly enabled.
For now, Proxmox VE (PVE) is the use case.
Signed-off-by: Aaron Lauterer
---
changes since v2:
add a new option to the NodeNetworkEdit wid
Signed-off-by: Aaron Lauterer
---
no changes since v1
PVE/API2/Network.pm | 5 +
1 file changed, 5 insertions(+)
diff --git a/PVE/API2/Network.pm b/PVE/API2/Network.pm
index 00d964a7..6f4367cb 100644
--- a/PVE/API2/Network.pm
+++ b/PVE/API2/Network.pm
@@ -66,6 +66,11 @@ my $confdesc = {
Signed-off-by: Aaron Lauterer
---
www/manager6/node/Config.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
index 6ed2172a..77a6467c 100644
--- a/www/manager6/node/Config.js
+++ b/www/manager6/node/Config.js
@@ -179,6 +179,7 @@ Ext.d
reworks the panel to use a controller, so that we can easily
add the selector for mapped pci devices
shows now a selection between 'raw' and 'mapped' devices, where
'raw' ones work like before, and 'mapped' ones take the values
form the hardware map config
Signed-off-by: Dominik Csapak
---
www/
this adds the typical section config crud API calls for
USB and PCI resource mapping to /cluster/resource/{TYPE}
the only special thing that this series does is the list call
for both has a special 'check-node' parameter that uses the
'proxyto_callback' to reroute the api call to the given node
so
this will be the base class for trees for the individual mapping types,
e.g. pci and usb mapping.
there are a few things to configure, but the overall code sharing is
still significant, and should work out fine for future mapping types
Signed-off-by: Dominik Csapak
---
www/manager6/Makefile
uses the new ResourceMapTree to add the CRUD interfaces for the
mappings.
We add both of them into a single panel, since the datacenter menu
already has many entries, and without a proper summary for the group, we
cannot really put them in a category
Signed-off-by: Dominik Csapak
---
changes fro
This contains the window to edit a PCI mapping for a single host.
It is designed to work in 3 modes:
* without an id and a nodename: for new mappings
* with an id but without nodename: for adding new host mappings to an
existing one
* with id and nodename: when editing an existing host mapping
explain why someone would want it, how to configure and which privileges
are necessary
Signed-off-by: Dominik Csapak
---
new in v6
qm-pci-passthrough.adoc | 8
qm.adoc | 86 +
2 files changed, 94 insertions(+)
diff --git a/qm-pci-pas
if the migration is an offline migration and when the mapping on
the target node exists, otherwise not
this does not change the behaviour for 'raw' devices in the config
those can still be forced to be migrated, like before
Signed-off-by: Dominik Csapak
---
www/manager6/window/Migrate.js | 52 +
very similar to the PCIMapEdit window, but we only ever allow one
mapping per host
Signed-off-by: Dominik Csapak
---
changes from v5:
* add onlineHelp
www/manager6/Makefile | 3 +-
www/manager6/window/USBMapEdit.js | 217 ++
2 files changed, 219 insertio
akin to the PCISelector, but uses the api for mapped devices
Signed-off-by: Dominik Csapak
---
www/manager6/Makefile | 1 +
www/manager6/form/PCIMapSelector.js | 112
2 files changed, 113 insertions(+)
create mode 100644 www/manager6/form/PCIMapSelec
Signed-off-by: Dominik Csapak
---
test/cfg2cmd/q35-linux-hostpci-mapping.conf | 17
.../q35-linux-hostpci-mapping.conf.cmd| 36
test/run_config2command_tests.pl | 82 +++
3 files changed, 135 insertions(+)
create mode 100644 test/cfg2cmd/q35-l
similar to PCIMapSelector
Signed-off-by: Dominik Csapak
---
www/manager6/Makefile | 1 +
www/manager6/form/USBMapSelector.js | 98 +
2 files changed, 99 insertions(+)
create mode 100644 www/manager6/form/USBMapSelector.js
diff --git a/www/manager6/Mak
this patch allows configuring pci devices that are mapped via cluster
resource mapping when the user has 'Resource.Use' on the ACL path
'/mapping/pci/{ID}' (in addition to the usual required vm config
privileges)
When given multiple mappings in the config, we use them as alternatives
for the pass
this patch allows configuring usb devices that are mapped via
cluster resource mapping when the user has 'Resource.Use' on the ACL
path '/resource/usb/{ID}' (in addition to the usual required vm config
privileges)
for now, this is only valid if there is exactly one mapping for the
host, since we d
this is a grid field for selecting multiple pci devices at once, like we
need for the mapped pci ui. There we want to be able to select multiple
devices such that one gets selected automatically
we can select a whole slot here, but that disables selecting the
individual functions of that device.
similar to the pciselector, make it accept a plain nodename,
or no node at all and provide a setNodename function
to keep backwards compatibility, also check pveSelNode for the nodename
Signed-off-by: Dominik Csapak
---
www/manager6/form/USBSelector.js | 32 +++-
1 f
qemu/HardwareView:
with the new Hardware privileges, we want to adapt a few places where
we now allow to show the add/edit window with those permissions.
form/{PCI,USB}Selector:
increase the minHeight property of the PCI/USBSelector, so that
the user can see the error message if he has not enoug
namely the filtering while preserving the original string,
it's just one line, but having a shorthand for it still makes it a bit
nicer
Signed-off-by: Dominik Csapak
---
changes from v5:
* removed list parser (was unused)
* changed the filter helper to a simple 'filter' call
(the double map bef
to be able to select 'mapped' usb devices
Signed-off-by: Dominik Csapak
---
www/manager6/qemu/USBEdit.js | 36 +++-
1 file changed, 35 insertions(+), 1 deletion(-)
diff --git a/www/manager6/qemu/USBEdit.js b/www/manager6/qemu/USBEdit.js
index fe51d186..cfcdd31f 1
in pve-http-server the proxyto_callback always has a complete list of
parameters, not only the ones in the url, so adapt the implementation
here to do the same
Signed-off-by: Dominik Csapak
---
PVE/CLI/pvesh.pm | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/PVE/CL
they can only be migrated to nodes where there exists a mapping and if
the migration is done offline
Signed-off-by: Dominik Csapak
---
chnages from v5:
* renamed to $missing_mappings_by_node and $missing_mappings
PVE/QemuMigrate.pm | 23 ---
1 file changed, 20 insertions(+),
this series is the remaining part to add a cluster-wide device mapping for pci
and usb
devices. so that an admin can configure a device to be availble for
migration and configuring for uses that are non-root
(the existing pattern can be copied easily for other types, e.g.
markus upcoming folder sh
for offline migration, limit the allowed nodes to the ones where the
mapped resources are available
this adds new info to the api call namely the 'mapped-resources' list,
as well as the 'unavailable-resources' info in the 'not_allowed_nodes'
object
Signed-off-by: Dominik Csapak
---
changes from
by adding them to their own list, saving the nodes where
they are not allowed, and return those on 'wantarray' so we don't break
existing callers that don't expect it.
Signed-off-by: Dominik Csapak
---
changes from v5:
* renamed hash to missing_mappings_by_node
PVE/QemuServer.pm| 43
65 matches
Mail list logo