[pve-devel] [PATCH V2 pve-common 1/1] network: tap_plug: fix mtu
- ovsint port mtu need to be set with ""ovs-vsctl set mtu-request"
- update mtu on already existing interfaces (fwbr,fwln,tap,veth)
if existing tap|veth interface is replugged on a different mtu bridge
Signed-off-by: Alexandre Derumier
---
src/PVE/Network.pm | 31 +--
1 file changed, 21 insertions(+), 10 deletions(-)
diff --git a/src/PVE/Network.pm b/src/PVE/Network.pm
index c83b1bb..d3eb5e0 100644
--- a/src/PVE/Network.pm
+++ b/src/PVE/Network.pm
@@ -219,6 +219,11 @@ my $bridge_disable_interface_learning = sub {
my $bridge_add_interface = sub {
my ($bridge, $iface, $tag, $trunks) = @_;
+my $bridgemtu = read_bridge_mtu($bridge);
+eval {
+ PVE::Tools::run_command(['/sbin/ip', 'link', 'set', $iface, 'mtu',
$bridgemtu]);
+};
+
# drop link local address (it can't be used when on a bridge anyway)
disable_ipv6($iface);
iface_set_master($iface, $bridge);
@@ -259,6 +264,9 @@ my $ovs_bridge_add_port = sub {
push @$cmd, "trunks=". join(',', $trunks) if $trunks;
push @$cmd, "vlan_mode=native-untagged" if $tag && $trunks;
+my $bridgemtu = read_bridge_mtu($bridge);
+push @$cmd, '--', 'set', 'Interface', $iface, "mtu_request=$bridgemtu";
+
if ($internal) {
# second command
push @$cmd, '--', 'set', 'Interface', $iface, 'type=internal';
@@ -271,9 +279,12 @@ my $ovs_bridge_add_port = sub {
};
my $activate_interface = sub {
-my ($iface) = @_;
+my ($iface, $mtu) = @_;
-eval { run_command(['/sbin/ip', 'link', 'set', $iface, 'up']) };
+my $cmd = ['/sbin/ip', 'link', 'set', $iface, 'up'];
+push (@$cmd, ('mtu', $mtu)) if $mtu;
+
+eval { run_command($cmd) };
die "can't activate interface '$iface' - $@\n" if $@;
};
@@ -354,8 +365,9 @@ sub veth_create {
# up vethpair
disable_ipv6($veth);
disable_ipv6($vethpeer);
-&$activate_interface($veth);
-&$activate_interface($vethpeer);
+&$activate_interface($veth, $bridgemtu);
+&$activate_interface($vethpeer, $bridgemtu);
+
}
sub veth_delete {
@@ -373,8 +385,10 @@ my $create_firewall_bridge_linux = sub {
my ($vmid, $devid) = &$parse_tap_device_name($iface);
my ($fwbr, $vethfw, $vethfwpeer) = &$compute_fwbr_names($vmid, $devid);
+my $bridgemtu = read_bridge_mtu($bridge);
+
&$cond_create_bridge($fwbr);
-&$activate_interface($fwbr);
+&$activate_interface($fwbr, $bridgemtu);
copy_bridge_config($bridge, $fwbr);
veth_create($vethfw, $vethfwpeer, $bridge);
@@ -395,15 +409,12 @@ my $create_firewall_bridge_ovs = sub {
my $bridgemtu = read_bridge_mtu($bridge);
&$cond_create_bridge($fwbr);
-&$activate_interface($fwbr);
+&$activate_interface($fwbr, $bridgemtu);
&$bridge_add_interface($fwbr, $iface);
&$ovs_bridge_add_port($bridge, $ovsintport, $tag, 1, $trunks);
-&$activate_interface($ovsintport);
-
-# set the same mtu for ovs int port
-run_command(['/sbin/ip', 'link', 'set', $ovsintport, 'mtu', $bridgemtu]);
+&$activate_interface($ovsintport, $bridgemtu);
&$bridge_add_interface($fwbr, $ovsintport);
&$bridge_disable_interface_learning($ovsintport) if $no_learning;
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH V2 pve-common 0/1] network: tap_plug: fix mtu bugs
changelog v2: - rebase on last git a forum user have reported strange bug with ovs + mtu9000 when switching between 2 ovs bridge with different mtu. (1500 vs 9000) https://forum.proxmox.com/threads/ovs-problem-with-mtu-9000-on-vms-assigned-to-vmbr0.105172/ (user confirmed that this patch fix the problem) I have found 2 bugs: 1) ovsint port mtu need to be set with ""ovs-vsctl set mtu-request" (ip link set mtu 9000 don't seem to do nothing on ovs-int port, maybe this have change with last ovs version.) fresh start of a vm 100 + firewall on ovs with mtu 9000: 153: tap100i0: mtu 9000 qdisc pfifo_fast master fwbr100i0 state UNKNOWN group default qlen 1000 link/ether 62:42:32:cc:a2:24 brd ff:ff:ff:ff:ff:ff 154: fwbr100i0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 46:f6:b7:95:23:86 brd ff:ff:ff:ff:ff:ff 155: fwln100o0: mtu 1500 qdisc noqueue master fwbr100i0 state UNKNOWN group default qlen 1000 2) when switching between 2 bridges or ovs with differents mtu, mtu are not updated on existing interfaces (veth,tap, fwbr, fwnl) vm start : vmbr0 mtu=1500 + firewall - 200: tap100i0: mtu 1500 qdisc pfifo_fast master fwbr100i0 state UNKNOWN group default qlen 1000 link/ether 62:42:32:cc:a2:24 brd ff:ff:ff:ff:ff:ff 206: fwbr100i0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 46:f6:b7:95:23:86 brd ff:ff:ff:ff:ff:ff 207: fwpr100p0@fwln100i0: mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000 link/ether 0a:2e:f5:f4:22:e3 brd ff:ff:ff:ff:ff:ff 208: fwln100i0@fwpr100p0: mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000 link/ether 96:0e:94:11:c1:45 brd ff:ff:ff:ff:ff:ff switch to vmbr1 mtu=9000 + firewall -- 200: tap100i0: mtu 1500 qdisc pfifo_fast master fwbr100i0 state UNKNOWN group default qlen 1000 link/ether 62:42:32:cc:a2:24 brd ff:ff:ff:ff:ff:ff 209: fwbr100i0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 46:f6:b7:95:23:86 brd ff:ff:ff:ff:ff:ff 210: fwpr100p0@fwln100i0: mtu 9000 qdisc noqueue master vmbr3 state UP group default qlen 1000 link/ether 0a:2e:f5:f4:22:e3 brd ff:ff:ff:ff:ff:ff 211: fwln100i0@fwpr100p0: mtu 9000 qdisc noqueue master fwbr100i0 state UP group default qlen 1000 link/ether 96:0e:94:11:c1:45 brd ff:ff:ff:ff:ff:ff Alexandre Derumier (1): network: tap_plug: fix mtu src/PVE/Network.pm | 31 +-- 1 file changed, 21 insertions(+), 10 deletions(-) -- 2.30.2 ___ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH qemu-server] Starting a running VM does not return an error
code anymore This was adapted to match the behaviour of stopping a VM that's
already stopped and the new container patches.
Signed-off-by: Daniel Tschlatscher
---
PVE/QemuServer.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 6a9f6b3..8d82b6f 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -5346,7 +5346,7 @@ sub vm_start {
$params->{resume} = $has_suspended_lock || defined($conf->{vmstate});
- die "VM $vmid already running\n" if $running;
+ return if $running;
if (my $storagemap = $migrate_opts->{storagemap}) {
my $replicated = $migrate_opts->{replicated_volumes};
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH v3 container] fix: #3927: Error codes when starting/stopping
containers Stopping and starting a container that is already in the desired
state will not return an error value on the CLI anymore. The same as VMs do,
when they are stopped but not running.
Signed-off-by: Daniel Tschlatscher
---
Changes from v2: return statements are now in the correct subroutines.
src/PVE/API2/LXC/Status.pm | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/PVE/API2/LXC/Status.pm b/src/PVE/API2/LXC/Status.pm
index f7e3128..364db10 100644
--- a/src/PVE/API2/LXC/Status.pm
+++ b/src/PVE/API2/LXC/Status.pm
@@ -154,7 +154,7 @@ __PACKAGE__->register_method({
raise_param_exc({ skiplock => "Only root may use this option." })
if $skiplock && $authuser ne 'root@pam';
- die "CT $vmid already running\n" if PVE::LXC::check_running($vmid);
+ my $pid = PVE::LXC::check_running($vmid);
PVE::Cluster::check_cfs_quorum();
@@ -183,6 +183,8 @@ __PACKAGE__->register_method({
die "you can't start a CT if it's a template\n"
if PVE::LXC::Config->is_template($conf);
+ return if $pid; # Container is already running
+
if (!$skiplock && !PVE::LXC::Config->has_lock($conf,
'mounted')) {
PVE::LXC::Config->check_lock($conf);
}
@@ -238,7 +240,7 @@ __PACKAGE__->register_method({
raise_param_exc({ skiplock => "Only root may use this option." })
if $skiplock && $authuser ne 'root@pam';
- die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid);
+ my $pid = PVE::LXC::check_running($vmid);
if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne
'ha') {
@@ -260,6 +262,8 @@ __PACKAGE__->register_method({
syslog('info', "stopping CT $vmid: $upid\n");
+ return if !$pid;
+
my $conf = PVE::LXC::Config->load_config($vmid);
if (!$skiplock && !PVE::LXC::Config->has_lock($conf,
'mounted')) {
PVE::LXC::Config->check_lock($conf);
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH manager 1/2] pveam: remove: add content type check
Signed-off-by: Fabian Ebner
---
PVE/CLI/pveam.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/CLI/pveam.pm b/PVE/CLI/pveam.pm
index 6c26f209..67a912bd 100644
--- a/PVE/CLI/pveam.pm
+++ b/PVE/CLI/pveam.pm
@@ -170,7 +170,7 @@ __PACKAGE__->register_method ({
my $cfg = PVE::Storage::config();
- PVE::Storage::check_volume_access($rpcenv, $authuser, $cfg, undef,
$template);
+ PVE::Storage::check_volume_access($rpcenv, $authuser, $cfg, undef,
$template, 'vztmpl');
my $abs_path = PVE::Storage::abs_filesystem_path($cfg, $template);
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH storage 2/4] check volume accesss: add content type parameter
Adding such a check here avoids the need to parse at the call sites in
many cases.
Signed-off-by: Fabian Ebner
---
PVE/Storage.pm | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index efa304a..83760c4 100755
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -473,11 +473,16 @@ sub parse_volume_id {
# test if we have read access to volid
sub check_volume_access {
-my ($rpcenv, $user, $cfg, $vmid, $volid) = @_;
+my ($rpcenv, $user, $cfg, $vmid, $volid, $type) = @_;
my ($sid, $volname) = parse_volume_id($volid, 1);
if ($sid) {
my ($vtype, undef, $ownervm) = parse_volname($cfg, $volid);
+
+ # Need to allow 'images' when expecting 'rootdir' too - not cleanly
separated in plugins.
+ die "unable to use volume $volid - content type needs to be '$type'\n"
+ if defined($type) && $vtype ne $type && ($type ne 'rootdir' ||
$vtype ne 'images');
+
if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
# require at least read access to storage, (custom) templates/ISOs
could be sensitive
$rpcenv->check_any($user, "/storage/$sid",
['Datastore.AllocateSpace', 'Datastore.Audit']);
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH container 1/1] api: create/modify: add content type checks
Signed-off-by: Fabian Ebner
---
For root@pam, the check is skipped in check_ct_modify_config_perm()
(everything is), but I didn't want to refactor the whole function
just for this...
src/PVE/API2/LXC.pm | 10 +-
src/PVE/LXC.pm | 9 -
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 84712f7..ea4827f 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -283,7 +283,15 @@ __PACKAGE__->register_method({
$archive = '-';
die "restore from pipe requires rootfs parameter\n" if
!defined($param->{rootfs});
} else {
- PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg,
$vmid, $ostemplate);
+ my $content_type = $restore ? 'backup' : 'vztmpl';
+ PVE::Storage::check_volume_access(
+ $rpcenv,
+ $authuser,
+ $storage_cfg,
+ $vmid,
+ $ostemplate,
+ $content_type,
+ );
$archive = $ostemplate;
}
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index b07d986..fe63087 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -1272,7 +1272,14 @@ sub check_ct_modify_config_perm {
my $sid = $1;
$rpcenv->check($authuser, "/storage/$sid",
['Datastore.AllocateSpace']);
} else {
- PVE::Storage::check_volume_access($rpcenv, $authuser,
$storage_cfg, $vmid, $volid);
+ PVE::Storage::check_volume_access(
+ $rpcenv,
+ $authuser,
+ $storage_cfg,
+ $vmid,
+ $volid,
+ 'rootdir',
+ );
}
} elsif ($opt eq 'memory' || $opt eq 'swap') {
$rpcenv->check_vm_perm($authuser, $vmid, $pool,
['VM.Config.Memory']);
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH qemu-server 1/1] api: create/modify: add content type checks
Signed-off-by: Fabian Ebner
---
PVE/API2/Qemu.pm | 27 ---
1 file changed, 24 insertions(+), 3 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index cb6973f1..1dd0cf28 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -104,7 +104,14 @@ my $check_storage_access = sub {
raise_param_exc({ storage => "storage '$storeid' does not support
vm images"})
if !$scfg->{content}->{images};
} else {
- PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg,
$vmid, $volid);
+ PVE::Storage::check_volume_access(
+ $rpcenv,
+ $authuser,
+ $storecfg,
+ $vmid,
+ $volid,
+ 'images',
+ );
}
});
@@ -230,7 +237,14 @@ my $create_disks = sub {
delete $disk->{format}; # no longer needed
$res->{$ds} = PVE::QemuServer::print_drive($disk);
} else {
- PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg,
$vmid, $volid);
+ PVE::Storage::check_volume_access(
+ $rpcenv,
+ $authuser,
+ $storecfg,
+ $vmid,
+ $volid,
+ 'images',
+ );
PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
@@ -645,7 +659,14 @@ __PACKAGE__->register_method({
die "pipe requires cli environment\n" if $rpcenv->{type} ne
'cli';
$archive = { type => 'pipe' };
} else {
- PVE::Storage::check_volume_access($rpcenv, $authuser,
$storecfg, $vmid, $archive);
+ PVE::Storage::check_volume_access(
+ $rpcenv,
+ $authuser,
+ $storecfg,
+ $vmid,
+ $archive,
+ 'backup',
+ );
$archive = $parse_restore_archive->($storecfg, $archive);
}
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH storage 4/4] api: file restore: use check_volume_access to restrict content type
Signed-off-by: Fabian Ebner
---
PVE/API2/Storage/FileRestore.pm | 12
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/PVE/API2/Storage/FileRestore.pm b/PVE/API2/Storage/FileRestore.pm
index a4bad44..ccc56e5 100644
--- a/PVE/API2/Storage/FileRestore.pm
+++ b/PVE/API2/Storage/FileRestore.pm
@@ -111,14 +111,12 @@ __PACKAGE__->register_method ({
my $cfg = PVE::Storage::config();
my $scfg = PVE::Storage::storage_config($cfg, $storeid);
- PVE::Storage::check_volume_access($rpcenv, $user, $cfg, undef, $volid);
+ PVE::Storage::check_volume_access($rpcenv, $user, $cfg, undef, $volid,
'backup');
raise_param_exc({'storage' => "Only PBS storages supported for
file-restore."})
if $scfg->{type} ne 'pbs';
- my ($vtype, $snap) = PVE::Storage::parse_volname($cfg, $volid);
- raise_param_exc({'volume' => 'Not a backup archive.'})
- if $vtype ne 'backup';
+ my (undef, $snap) = PVE::Storage::parse_volname($cfg, $volid);
my $client = PVE::PBSClient->new($scfg, $storeid);
my $ret = $client->file_restore_list($snap, $path, $base64);
@@ -177,14 +175,12 @@ __PACKAGE__->register_method ({
my $cfg = PVE::Storage::config();
my $scfg = PVE::Storage::storage_config($cfg, $storeid);
- PVE::Storage::check_volume_access($rpcenv, $user, $cfg, undef, $volid);
+ PVE::Storage::check_volume_access($rpcenv, $user, $cfg, undef, $volid,
'backup');
raise_param_exc({'storage' => "Only PBS storages supported for
file-restore."})
if $scfg->{type} ne 'pbs';
- my ($vtype, $snap) = PVE::Storage::parse_volname($cfg, $volid);
- raise_param_exc({'volume' => 'Not a backup archive.'})
- if $vtype ne 'backup';
+ my (undef, $snap) = PVE::Storage::parse_volname($cfg, $volid);
my $client = PVE::PBSClient->new($scfg, $storeid);
my $fifo = $client->file_restore_extract_prepare();
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH storage 1/4] check volume access: allow if user has VM.Config.Disk
Listing guest images should not require Datastore.Allocate in this
case. In preparation for adding disk import to the GUI.
Signed-off-by: Fabian Ebner
---
PVE/Storage.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index 6112991..efa304a 100755
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -486,6 +486,8 @@ sub check_volume_access {
} elsif ($vtype eq 'backup' && $ownervm) {
$rpcenv->check($user, "/storage/$sid", ['Datastore.AllocateSpace']);
$rpcenv->check($user, "/vms/$ownervm", ['VM.Backup']);
+ } elsif (($vtype eq 'images' || $vtype eq 'rootdir') && $ownervm) {
+ $rpcenv->check($user, "/vms/$ownervm", ['VM.Config.Disk']);
} else {
# allow if we are Datastore administrator
$rpcenv->check($user, "/storage/$sid", ['Datastore.Allocate']);
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH manager 2/2] api: vzdump: extract config: add content type check
Signed-off-by: Fabian Ebner
---
PVE/API2/VZDump.pm | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/PVE/API2/VZDump.pm b/PVE/API2/VZDump.pm
index 2c0df4c3..1adc169a 100644
--- a/PVE/API2/VZDump.pm
+++ b/PVE/API2/VZDump.pm
@@ -267,7 +267,14 @@ __PACKAGE__->register_method ({
my $authuser = $rpcenv->get_user();
my $storage_cfg = PVE::Storage::config();
- PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg,
undef, $volume);
+ PVE::Storage::check_volume_access(
+ $rpcenv,
+ $authuser,
+ $storage_cfg,
+ undef,
+ $volume,
+ 'backup',
+ );
return PVE::Storage::extract_vzdump_config($storage_cfg, $volume);
}});
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH storage 3/4] pvesm: extract config: add content type check
Signed-off-by: Fabian Ebner
---
PVE/CLI/pvesm.pm | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/PVE/CLI/pvesm.pm b/PVE/CLI/pvesm.pm
index 190de91..44d15fd 100755
--- a/PVE/CLI/pvesm.pm
+++ b/PVE/CLI/pvesm.pm
@@ -170,7 +170,14 @@ __PACKAGE__->register_method ({
my $authuser = $rpcenv->get_user();
my $storage_cfg = PVE::Storage::config();
- PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg,
undef, $volume);
+ PVE::Storage::check_volume_access(
+ $rpcenv,
+ $authuser,
+ $storage_cfg,
+ undef,
+ $volume,
+ 'backup',
+ );
my $config_raw = PVE::Storage::extract_vzdump_config($storage_cfg,
$volume);
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH-SERIES storage/manager/container/qemu-server] improve check_volume_access
The first patch is in preparation for the import-from API, allowing users with VM.Config.Disk to list images of their VMs. The rest of the series introduces a content type parameter to check_volume_access() for future-proofing. Dependency bumps for storage are needed for the parameter to actually have an effect. storage: Fabian Ebner (4): check volume access: allow if user has VM.Config.Disk check volume accesss: add content type parameter pvesm: extract config: add content type check api: file restore: use check_volume_access to restrict content type PVE/API2/Storage/FileRestore.pm | 12 PVE/CLI/pvesm.pm| 9 - PVE/Storage.pm | 9 - 3 files changed, 20 insertions(+), 10 deletions(-) manager: Fabian Ebner (2): pveam: remove: add content type check api: vzdump: extract config: add content type check PVE/API2/VZDump.pm | 9 - PVE/CLI/pveam.pm | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) container: Fabian Ebner (1): api: create/modify: add content type checks src/PVE/API2/LXC.pm | 10 +- src/PVE/LXC.pm | 9 - 2 files changed, 17 insertions(+), 2 deletions(-) qemu-server Fabian Ebner (1): api: create/modify: add content type checks PVE/API2/Qemu.pm | 27 --- 1 file changed, 24 insertions(+), 3 deletions(-) -- 2.30.2 ___ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH proxmox-openid-rs] add http proxy support
ureq has support for a HTTP proxy, but no support for HTTPS proxy yet.
ureq doesn't query `all_proxy` and `ALL_PROXY` environment variables by
itself the way curl does. So set the proxy in code if any of the above
environment variables are set.
Signed-off-by: Mira Limbeck
---
src/http_client.rs | 15 ---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/http_client.rs b/src/http_client.rs
index 5cceafb..a732a98 100644
--- a/src/http_client.rs
+++ b/src/http_client.rs
@@ -40,9 +40,18 @@ pub enum Error {
}
fn ureq_agent() -> Result {
-Ok(ureq::AgentBuilder::new()
-.tls_connector(Arc::new(native_tls::TlsConnector::new()?))
-.build())
+let mut agent =
+
ureq::AgentBuilder::new().tls_connector(Arc::new(native_tls::TlsConnector::new()?));
+if let Ok(val) = std::env::var("all_proxy") {
+let proxy = ureq::Proxy::new(val).map_err(Box::new)?;
+agent = agent.proxy(proxy);
+} else if let Ok(val) = std::env::var("ALL_PROXY") {
+let proxy = ureq::Proxy::new(val).map_err(Box::new)?;
+agent = agent.proxy(proxy);
+}
+
+
+Ok(agent.build())
}
///
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH access-control] api: get user: declare token schema
Signed-off-by: Wolfgang Bumiller
---
The tokens are a mapping from tokenid to the token data, so let's
include this in the output specification.
We don't really make use of additionalProperties like this yet but it
*is* supported in PVE::JSONSchema, and it's the only way to clarify what
this is supposed to be.
src/PVE/API2/User.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 244264e..49d42d3 100644
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -323,6 +323,7 @@ __PACKAGE__->register_method ({
tokens => {
optional => 1,
type => 'object',
+ additionalProperties => get_standard_option('token-info'),
},
},
type => "object"
--
2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH proxmox-openid-rs] add http proxy support
On Mon, Mar 21, 2022 at 02:24:54PM +0100, Mira Limbeck wrote:
> ureq has support for a HTTP proxy, but no support for HTTPS proxy yet.
>
> ureq doesn't query `all_proxy` and `ALL_PROXY` environment variables by
> itself the way curl does. So set the proxy in code if any of the above
> environment variables are set.
>
> Signed-off-by: Mira Limbeck
> ---
> src/http_client.rs | 15 ---
> 1 file changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/src/http_client.rs b/src/http_client.rs
> index 5cceafb..a732a98 100644
> --- a/src/http_client.rs
> +++ b/src/http_client.rs
> @@ -40,9 +40,18 @@ pub enum Error {
> }
>
> fn ureq_agent() -> Result {
> -Ok(ureq::AgentBuilder::new()
> -.tls_connector(Arc::new(native_tls::TlsConnector::new()?))
> -.build())
> +let mut agent =
> +
> ureq::AgentBuilder::new().tls_connector(Arc::new(native_tls::TlsConnector::new()?));
> +if let Ok(val) = std::env::var("all_proxy") {
Just add
.or_else(|_| std::env::var("ALL_PROXY"))
to the query instead of duplicating the body ;-)
> +let proxy = ureq::Proxy::new(val).map_err(Box::new)?;
> +agent = agent.proxy(proxy);
> +} else if let Ok(val) = std::env::var("ALL_PROXY") {
since this is identical code:
> +let proxy = ureq::Proxy::new(val).map_err(Box::new)?;
> +agent = agent.proxy(proxy);
> +}
> +
> +
> +Ok(agent.build())
> }
>
> ///
> --
> 2.30.2
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] applied: [PATCH access-control] api: get user: declare token schema
On 21.03.22 15:29, Wolfgang Bumiller wrote: > Signed-off-by: Wolfgang Bumiller > --- > The tokens are a mapping from tokenid to the token data, so let's > include this in the output specification. > > We don't really make use of additionalProperties like this yet but it > *is* supported in PVE::JSONSchema, and it's the only way to clarify what > this is supposed to be. > > src/PVE/API2/User.pm | 1 + > 1 file changed, 1 insertion(+) > > applied, thanks! ___ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH access-control/manager v2] fix #3668: improving realm sync
On 04.02.22 15:24, Dominik Csapak wrote: > this deprecates the 'full' sync option and replaces it with > a 'mode' option, where we add a third one that updates > the current users (while retaining their custom set attributes not > exisiting in the source) and removing users that don't exist anymore > in the source > I'm not yet 100% sure about the specific mode names, as sync normally means 100% sync, I'll see if I find some other tool (rsync?) with similar option naming problems. Independent from the specific names, this really needs a docs patch, ideally with a table listing the modi as rows and having the various "user added", "user removed", "properties added/updated", "properties removed" as columns, for a better understanding of the effects.. > sorry for the long time between versions, i was distracted by > various different things... > > one "weird" thing that happens is when having a cluster and not all > nodes are on the newest version if someone adds this option to the realm > config. then everytime when the config is parsed on the older nodes, > a warning is printed into the journal you could work around this by getting the node versions from the pmxcfs node kv store, currently only the manager version but we can do a bump with versioned dependency there too, hopefully with a manager that has the ldap sync job (ui) that I request since years shipped too ;-P Not that we need to go that mechanism, we already tell everyone that a cluster needs to be the same level of versions to work 100% correctly anyway. > though this is the same for all new options in the domains.cfg, so i > don't really see a way around this (besides allowing > additionalProperties, but this would also first work on the next > update) > > changes from v1: > * replace the 'remove-vanished' by a new 'mode' selection and adding > an appropriate mode > > pve-access-control: > > Dominik Csapak (2): > realm-sync: replace 'full' option with 'mode' > fix #3668: realm-sync: add mode 'sync' > > src/PVE/API2/Domains.pm | 59 ++--- > src/PVE/Auth/Plugin.pm | 20 +++--- > 2 files changed, 66 insertions(+), 13 deletions(-) > > pve-manager: > > Dominik Csapak (1): > ui: realm sync: replace 'full' with 'mode' > > www/manager6/dc/AuthEditLDAP.js | 11 ++- > www/manager6/dc/SyncWindow.js | 9 + > 2 files changed, 11 insertions(+), 9 deletions(-) > ___ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
