The documentation 'man vzdump' states that the value is in KiB/s. This
is correct, as seen in the plugin implementations, where the value is
multiplied by 1024.
Signed-off-by: Fiona Ebner
---
PVE/VZDump.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/VZDump.pm b/PVE/VZ
Seems like I regenerated the patches once, after writing a comment so
I'll leave it here:
This is certainly the minimally invasive way to go about this, but it
has the downside of having to load the cluster configuration twice. Once
for validating all rules properly and once for providing the meth
They act like virtual ipsets, similar to ipfilter-net, that can be
used for defining firewall rules for sdn objects dynamically.
The changes in proxmox-ve-config also introduced a dedicated struct
for representing ip ranges, so we update the existing code, so that it
uses that struct as well.
Sig
Signed-off-by: Stefan Hanreich
---
proxmox-firewall/Cargo.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/proxmox-firewall/Cargo.toml b/proxmox-firewall/Cargo.toml
index 4246f18..c0ce579 100644
--- a/proxmox-firewall/Cargo.toml
+++ b/proxmox-firewall/Cargo.toml
@@ -25,4 +
Signed-off-by: Stefan Hanreich
---
src/PVE/API2/Firewall/Cluster.pm | 3 ++-
src/PVE/API2/Firewall/Rules.pm | 18 +++---
src/PVE/API2/Firewall/VM.pm | 3 ++-
3 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/src/PVE/API2/Firewall/Cluster.pm b/src/PVE/API2/Firewa
Used for obtaining the IPSets that get autogenerated by the nftables
firewall. The returned configuration has the same format as the
pve-firewall uses internally, making it compatible with the existing
pve-firewall code.
Signed-off-by: Stefan Hanreich
---
pve-rs/Cargo.toml | 1 +
pve-
Signed-off-by: Stefan Hanreich
---
proxmox-ve-config/tests/sdn/main.rs | 144 ++
.../tests/sdn/resources/running-config.json | 54 +++
2 files changed, 198 insertions(+)
create mode 100644 proxmox-ve-config/tests/sdn/main.rs
create mode 100644 proxmox-ve-config/
Signed-off-by: Stefan Hanreich
---
proxmox-ve-config/src/lib.rs | 1 +
proxmox-ve-config/src/sdn/mod.rs | 240 +++
2 files changed, 241 insertions(+)
create mode 100644 proxmox-ve-config/src/sdn/mod.rs
diff --git a/proxmox-ve-config/src/lib.rs b/proxmox-ve-conf
Since we now have a standalone repository for Proxmox VE related
crates, add the required files for packaging the crates contained in
this repository.
Signed-off-by: Stefan Hanreich
---
.cargo/config.toml | 5 ++
.gitignore | 8 +++
Cargo.toml
Almost every type should implement them anyway, and many of them are
required for those types to be used in BTreeMaps, which the nftables
firewall uses for generating stable output.
Additionally, we derive Serialize and Deserialize for a few types that
occur in the sdn configuration. The following
Signed-off-by: Stefan Hanreich
---
.../src/firewall/types/address.rs | 81 +++
proxmox-ve-config/src/firewall/types/rule.rs | 6 +-
2 files changed, 31 insertions(+), 56 deletions(-)
diff --git a/proxmox-ve-config/src/firewall/types/address.rs
b/proxmox-ve-config/s
Signed-off-by: Stefan Hanreich
---
proxmox-ve-config/src/firewall/types/address.rs | 10 ++
proxmox-ve-config/src/firewall/types/ipset.rs | 14 ++
2 files changed, 24 insertions(+)
diff --git a/proxmox-ve-config/src/firewall/types/address.rs
b/proxmox-ve-config/src/firewal
This patch series adds support for autogenerating ipsets for SDN objects. It
autogenerates ipsets for every VNet as follows:
* ipset containing all IP ranges of the VNet
* ipset containing all gateways of the VNet
* ipset containing all IP ranges of the subnet - except gateways
* ipset containing
This is mainly used in proxmox-perl-rs, so the generated ipsets can be
used in pve-firewall where only CIDRs are supported.
Signed-off-by: Stefan Hanreich
---
.../src/firewall/types/address.rs | 818 ++
1 file changed, 818 insertions(+)
diff --git a/proxmox-ve-config
Similar to how the IPAM module works, we separate the internal
representation from the concrete schema of the configuration file.
We provide structs for parsing the running SDN configuration and a
struct that is used internally for representing an SDN configuration,
as well as a method for convert
This module includes structs for representing the JSON schema from the
PVE ipam. Those can be used to parse the current IPAM state.
We also include a general Ipam struct, and provide a method for
converting the PVE IPAM to the general struct. The idea behind this
is that we have multiple IPAM plug
Also add example SDN configuration files that get automatically
loaded, which can be used for future tests.
Signed-off-by: Stefan Hanreich
---
proxmox-firewall/src/config.rs| 69 +++
.../tests/input/.running-config.json | 45
proxmox-firewall
Signed-off-by: Stefan Hanreich
---
src/PVE/Firewall.pm | 43 +--
1 file changed, 41 insertions(+), 2 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 09544ba..95325a0 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2
We generate the following ipsets for every vnet in the running sdn
configuration:
* {vnet}-all: contains all subnets of the vnet
* {vnet}-no-gateway: contains all subnets of the vnet except for all
gateways
* {vnet}-gateway: contains all gateways in the vnet
* {vnet}-dhcp: contains all dhcp rang
Signed-off-by: Stefan Hanreich
---
proxmox-ve-config/tests/sdn/main.rs | 45 +++
proxmox-ve-config/tests/sdn/resources/ipam.db | 26 +++
2 files changed, 71 insertions(+)
create mode 100644 proxmox-ve-config/tests/sdn/resources/ipam.db
diff --git a/proxmox-ve-c
For every guest that has at least one entry in the IPAM we generate an
ipset with the name `+dc/guest-ipam-{vmid}`. The ipset contains all
IPs from all zones for a guest with {vmid}.
Signed-off-by: Stefan Hanreich
---
.../src/firewall/types/address.rs | 9
proxmox-ve-config/src
Signed-off-by: Stefan Hanreich
---
proxmox-ve-config/src/common/mod.rs | 30 +
proxmox-ve-config/src/lib.rs| 1 +
2 files changed, 31 insertions(+)
create mode 100644 proxmox-ve-config/src/common/mod.rs
diff --git a/proxmox-ve-config/src/common/mod.rs
b/pro
Currently we are using tuples to represent IP ranges which is
suboptimal. Validation logic and invariant checking needs to happen at
every site using the IP range rather than having a unified struct for
enforcing those invariants.
Signed-off-by: Stefan Hanreich
---
.../src/firewall/types/address
A range can be used to store multiple IP addresses in an ipset that do
not neatly fit into a single CIDR.
Signed-off-by: Stefan Hanreich
---
proxmox-ve-config/src/firewall/types/ipset.rs | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/proxmox-ve-config/src/firewall/ty
as discussed off-list, we might want to offer a
"--remove-orphaned-files" mode for sync and gc, and clean up orphaned
dirs (need to be detected first) and files (already are) in addition to
this.
this patch already gets rid of the orphaned dirs created during regular
operations with a very low cha
On June 25, 2024 4:53 pm, Filip Schauer wrote:
> Add the ability to move a backup, ISO, container template or snippet
> between storages and nodes via an API method. Moving a VMA backup to a
> Proxmox Backup Server requires the proxmox-vma-to-pbs package to be
> installed. Currently only VMA backup
these can just as well be `die` statements right there, there is no complicated
cleanup that would warrant a goto statement..
Signed-off-by: Fabian Grünbichler
---
src/PVE/Storage/Plugin.pm | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/PVE/Storage/Plugin.pm
Add a concise section about what PBS change detection mode is and
what it affects, including a table with a description of the modes.
Signed-off-by: Christian Ebner
---
vzdump.adoc | 24
1 file changed, 24 insertions(+)
diff --git a/vzdump.adoc b/vzdump.adoc
index 79d4b
Currently, the whole mode selector is labeled as experimental, this
does however give the impression that also the default legacy mode is
an experimental mode.
To clarify that only the `data` and `metadata` change detection modes
are experimental, move the experimental label to the individual
modes
29 matches
Mail list logo
