[pve-devel] Vmbr bridge permissions and SDN improvements?

Hi, We're currently using version 7.1-10 and have the use case where we need to hide the vmbr bridges from normal users to prevent them circumventing network security that is applied through SDN vNets. For context, our setup is a Proxmox cluster that is used as a learning environment for stude

Re: [pve-devel] Vmbr bridge permissions and SDN improvements?

--- Begin Message --- Hi Neil, Have you considered using nested Proxmox servers, so that you only have the desired networks in students' nested Promoxes? Cheers El 4/3/22 a las 12:08, Neil Hawker escribió: Hi, We're currently using version 7.1-10 and have the use case where we need to hide

[pve-devel] [PATCH pve-container 1/2] pct: set worker user for pull_file/push_file calls

was previously unset, causing a 'root@pve' to show up in the task logs instead of the regular 'root@pam'. Signed-off-by: Oguz Bektas --- src/PVE/CLI/pct.pm | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/PVE/CLI/pct.pm b/src/PVE/CLI/pct.pm index 462917b..99c160c 1

[pve-devel] [PATCH common 2/2] REST environment: default to 'root@pam' for forked workers in case no user was specified

previously we had a default of 'root@pve', which doesn't exist. since the username is only relevant for the task logs, we can change it to 'root@pam' without ill effects. also add a warning in case there are other call sites that we missed where fork_worker is called without a user variable (found

[pve-devel] [PATCH v3 manager 0/4] ui: lxc/qemu: add reassign for disks and volumes

This series adds the UI to reassign a disk / volume from one guest to another. To avoid button clutter, the Move, Reassing and Resize buttons are moved into a new submenu called "Disk/Volume Action". Patch 2 to 4 are optional. Patch 2 changes the labels for Move, Reassign and Resize to remove Vol

[pve-devel] [PATCH v3 manager 2/4] ui: lxc/qemu: disk/volume action simplify menu items

We already know that we are acting upon a disk / volume due to the submenu we are in. Signed-off-by: Aaron Lauterer --- www/manager6/lxc/Resources.js | 6 +++--- www/manager6/qemu/HardwareView.js | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/www/manager6/lxc/Reso

[pve-devel] [PATCH v3 manager 3/4] ui: BusTypeSelector: change noVirtIO to withVirtIO

Double negated properties make it harder than necessary to parse conditions. Signed-off-by: Aaron Lauterer --- www/manager6/form/BusTypeSelector.js| 4 ++-- www/manager6/form/ControllerSelector.js | 4 ++-- www/manager6/qemu/CDEdit.js | 2 +- www/manager6/qemu/CIDriveEdit.js

[pve-devel] [PATCH v3 manager 4/4] ui: hdmove: modernize/refactor

Signed-off-by: Aaron Lauterer --- changes since v2: * switch from generic window to proxmox edit v1: much of the feedback to the HDReassign.js from the first patch has been incorporated here as well. * reducing predefined cbind values for more arrow functions * using more arrow functions in gen

[pve-devel] [PATCH v3 manager 1/4] ui: lxc/qemu: add disk reassign and action submenu

For the new HDReassign component, we follow the approach of HDMove to have one componend for qemu and lxc. To avoid button clutter, a new "Disk/Volume action" button is introduced. It holds the Move, Reassign and Resize buttons in a submenu. Signed-off-by: Aaron Lauterer --- changes since v2: *

Re: [pve-devel] Vmbr bridge permissions and SDN improvements?

Hi Eneko Thank you for the suggestion, we hadn’t thought about nested virtualization which is an interesting idea. My initial thoughts are this would create additional complexity with management of the platform (provisioning, authentication and licensing) and system overheads. Your suggestion

[pve-devel] [PATCH qemu-server 0/2] close #2949: add virtio-mem support

This patch add virtio-mem support, through a new maxmemory option. a 4GB static memory is needed for DMA+boot memory, as this memory is almost always un-unpluggeable. 1 virtio-mem pci device is setup for each numa node on pci.4 bridge virtio-mem use a fixed blocksize with 32k max blocksize, so b

[pve-devel] [PATCH qemu-server 2/2] tests: add virtio-mem tests

Signed-off-by: Alexandre Derumier --- test/cfg2cmd/simple-virtio-mem-big.conf | 12 + test/cfg2cmd/simple-virtio-mem-big.conf.cmd | 59 + test/cfg2cmd/simple-virtio-mem.conf | 13 + test/cfg2cmd/simple-virtio-mem.conf.cmd | 31 +++ 4 files chang

[pve-devel] [PATCH qemu-server 1/2] add virtio-mem support

This patch add virtio-mem support, through a new maxmemory option. a 4GB static memory is needed for DMA+boot memory, as this memory is almost always un-unpluggeable. 1 virtio-mem pci device is setup for each numa node on pci.4 bridge virtio-mem use a fixed blocksize with 32k max blocksize, so b

[pve-devel] [PATCH pve-docs] pve-network: Fix routed configuration example

In my previous fixup, I forgot to update the interface name in the line to enable proxy ARP. Signed-off-by: Dylan Whyte --- pve-network.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pve-network.adoc b/pve-network.adoc index f92ba4d..c5e9a17 100644 --- a/pve-network.ado

Re: [pve-devel] Vmbr bridge permissions and SDN improvements?

Hi, my patches from october are here https://lists.proxmox.com/pipermail/pve-devel/2021-October/050211.html (does somebody have time to review them ?) Le vendredi 04 mars 2022 à 11:08 +, Neil Hawker a écrit : > Hi, > > We're currently using version 7.1-10 and have the use case where we > ne

[pve-devel] [PATCH v11 qemu-server 01/14] device unplug: verify that unplugging scsi disk completed

Avoids the error adding drive failed: Duplicate ID 'drive-scsi1' for drive that could happen when switching over to a new disk (e.g. via qm set), if unplugging wasn't fast enough. Signed-off-by: Fabian Ebner --- New in v11. PVE/QemuServer.pm | 1 + 1 file changed, 1 insertion(+) diff --git

[pve-devel] [PATCH v11 qemu-server 04/14] clone disk: remove check for min QEMU version 2.7

Upgrading a cluster node entails re-starting or migrating VMs and even PVE 6.0 already had QEMU 4.0. Signed-off-by: Fabian Ebner --- New in v11. PVE/QemuServer.pm | 7 --- 1 file changed, 7 deletions(-) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index b7e6a8e..c0fca49 100644 --- a

[pve-devel] [PATCH v11 qemu-server 10/14] image convert: allow block device as source

Necessary to import from an existing storage using block-device volumes like ZFS. Signed-off-by: Dominic Jäger [split into its own patch] Signed-off-by: Fabian Ebner --- No changes from v10. PVE/QemuServer.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/QemuServer.p

[pve-devel] [PATCH v11 qemu-server 02/14] api: create disks: always activate/update size when attaching existing volume

For creation, activation and size update never triggered, because the passed in $conf is essentially the same as the creation $settings, so the disk was always detected to be the same as the "existing" one. But actually, all disks are new, so it makes sense to do it. For update, activation and siz

[pve-devel] [PATCH v11 qemu-server 14/14] api: update vm: print drive string for newly allocated/imported drives

In the spirit of c75bf16 ("qm importdisk: tell user to what VM disk we actually imported"), and so that the information is not lost once qm importdisk switches to re-using the API call. Added for cloudinit too, because a new disk is allocated. Signed-off-by: Fabian Ebner --- New in v11. The na

[pve-devel] [PATCH-SERIES v11 qemu-server/manager] API for disk import and OVF

Extend qm importdisk/importovf functionality to the API. Changes from v10: * Add fix for device unplug issue (patch #1). * Add fixes related to calling create_disks() (patches #2 #3). * Refactor clone_disk() in preparation to re-use it for import (patches #4 #5 #6). * Add pat

[pve-devel] [PATCH v11 qemu-server 11/14] api: factor out check/cleanup for drive params

Signed-off-by: Fabian Ebner --- New in v11. PVE/API2/Qemu.pm | 38 +- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm index 01321c8..791a23f 100644 --- a/PVE/API2/Qemu.pm +++ b/PVE/API2/Qemu.pm @@ -63,6 +63,

[pve-devel] [PATCH v11 qemu-server 06/14] clone disk: allow cloning from an unused or unreferenced disk

and also when source and target drivename are different. In those cases, it is done via qemu-img convert/dd. In preparation to allow import from existing PVE-managed disks. Signed-off-by: Fabian Ebner --- New in v11. PVE/API2/Qemu.pm | 2 ++ PVE/QemuServer.pm | 29 +++---

[pve-devel] [PATCH v11 qemu-server 09/14] api: add endpoint for parsing .ovf files

Co-developed-by: Fabian Grünbichler Signed-off-by: Dominic Jäger [split into its own patch + minor improvements/style fixes] Signed-off-by: Fabian Ebner --- Changes from v10: * Add "Path to" to 'manifest' parameter description. PVE/API2/Qemu/Makefile | 2 +- PVE/API2/Qemu/OVF.pm | 55 +

[pve-devel] [PATCH v11 qemu-server 13/14] api: support VM disk import

From: Dominic Jäger Extend qm importdisk functionality to the API. Co-authored-by: Fabian Grünbichler Co-authored-by: Dominic Jäger Signed-off-by: Fabian Ebner --- Changes from v10: * Switch to using clone_disk for PVE-managed volumes and check for VM.Clone in the permission check

[pve-devel] [PATCH v11 qemu-server 08/14] parse ovf: untaint path when calling file_size_info

Prepare for calling parse_ovf via API, where the -T switch is used. Signed-off-by: Fabian Ebner --- Changes from v10: * Move untaint to outside of the function call. PVE/QemuServer/OVF.pm | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/PVE/QemuServer/OVF.pm b/P

[pve-devel] [PATCH v11 qemu-server 07/14] schema: add pve-volume-id-or-absolute-path

Signed-off-by: Dominic Jäger [split into its own patch + style fixes] Signed-off-by: Fabian Ebner --- No changes from v10. PVE/QemuServer.pm | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 0217d16..b5fb457 100644 -

[pve-devel] [PATCH v11 qemu-server 03/14] api: update: pass correct config when creating disks

While the new options should be written to the pending config, the decisions (currently only one) in create_disks needs to be made for the current config. Seems to fix EFI disk creation, but actually, it's only future-proofing, because, currently, the same OVMF_VARS file is used independently of $

[pve-devel] [PATCH v11 qemu-server 05/14] clone disk: group source and target parameters

to make the interface more digestible. Signed-off-by: Fabian Ebner --- New in v11. PVE/API2/Qemu.pm | 52 +++ PVE/QemuServer.pm | 9 ++-- 2 files changed, 41 insertions(+), 20 deletions(-) diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm index

[pve-devel] [PATCH v11 manager 1/1] api: nodes: add readovf endpoint

Because the paths under /nodes/{node}/qemu/ are already occupied by a {vmid} regex, it's not possible to use /nodes/{node}/qemu/readovf for the new call. As the call does not depend upon a particular vmid, it's placed under /nodes/{node} instead. Signed-off-by: Dominic Jäger [split into its own p

[pve-devel] [PATCH v11 qemu-server 12/14] schema: drive: use separate schema when disk allocation is possible

via the special syntax :. Not worth it by itself, but this is anticipating a new 'import-from' parameter which is only used upon import/allocation, but shouldn't be part of the schema for the config or other API enpoints. Signed-off-by: Fabian Ebner --- Changes from v10: * Add initial space

Re: [pve-devel] [PATCH pve-manager v2] fix #3903: jobs: add remove vmid from jobs helper

Am 07.03.22 um 07:43 schrieb Hannes Laimer: > Signed-off-by: Hannes Laimer > --- > changed back to v1, but without the unnecessary stuff. Thanks for the > feedback @Fabian Ebner > > PVE/Jobs.pm | 17 - > 1 file changed, 16 insertions(+), 1 deletion(-) > > diff --git a/PVE/Jobs.p

[pve-devel] [PATCH qemu-server] api: vm_start: 'force-cpu' is for internal migration use only

'force-cpu' parameter was introduced to allow live-migration of VMs with custom CPU models; it does not need to be allowed for general use on vm_start for regular users, since they would be able to set arbitrary cpu types or cpuid parameters that aren't supported. Signed-off-by: Oguz Bektas ---

Re: [pve-devel] [PATCH kernel] Backport two io-wq fixes relevant for io_uring

--- Begin Message --- Hi, Sorry for getting back on this thread after a few months, but is the Windows-case mentioned here the case that is discussed in this forum-thread: https://forum.proxmox.com/threads/windows-vms-stuck-on-boot-after-proxmox-upgrade-to-7-0.100744/page-3