--- Begin Message ---
Forgot to add "ifupdown2" to [PATCH], so resend. Oops
On 2024-11-13 04:06, Jing Luo wrote:
Prepare for debian trixie. Upstream has not yet made a new release
since
Dec 2023, backporting this commit to make ifupdown2 work on trixie.
Also
fixes an RC bug on debian (#1074250)
sent a v7
https://lore.proxmox.com/pve-devel/20241115165753.2664489-1-a.laute...@proxmox.com/T/#t
On 2024-11-12 10:25, Aaron Lauterer wrote:
Dropped patch 1/7 that introduced PVE::Tools::list_is_empty. We check
direclty in the two call sites.
Patches 2 & 3 from the previous series have been a
The API itself allows several list separators. The network configuration
for bridge_vids expects a space separated list. We therefore convert it
initially to a space separated list.
Signed-off-by: Aaron Lauterer
---
I opted for a comment before the step where we split and reassemble the
list with
After some back and forth on v5 regarding the UI label and extra
textinfo, another series.
I dropped the T-B and R-B tags for this series, as the last non-trivial
patch that had them changed the appearance of the UI field considerably.
this version reworks a few parts since
v6:
* drop extra expla
Signed-off-by: Aaron Lauterer
---
new in v7, kept as a separate patch so it is easier to decide if we want
that or not.
src/node/NetworkEdit.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/node/NetworkEdit.js b/src/node/NetworkEdit.js
index e4fe2db..ece3e02 100644
--- a/src/node/Netwo
The new optional bridge_vids field allows to set that property via the
GUI. Since the backend needs to support it, the field needs to be
explicitly enabled.
For now, Proxmox VE (PVE) is the use case.
Signed-off-by: Aaron Lauterer
---
I dropped the T-B and R-B tags as these last changes do change
Signed-off-by: Aaron Lauterer
---
changes since
v6: none
v5: none
v4: none
v3: none
v2: none
www/manager6/node/Config.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
index d27592ce..7bdfb6d9 100644
--- a/www/manager6/node/Config.js
'schema' describes the purpose the of this object better and is a more
"industry-standard" term.
Changes it for both locations where we currently have such an object.
Signed-off-by: Christoph Heiss
---
No hard feelings though if stay with $format-info if that is indeed
preferred.
proxmox-fetch
Am 15.11.24 um 16:35 schrieb Christian Ebner:
> If a subset of disks associated with a pre-existing ZFS pool are
> selected for installation, the pool might still be importable
> (required for the rename) but will be in a `degraded` state.
> Currently, only pools in `online` state will be considere
Am 15.11.24 um 16:29 schrieb Shannon Sterz:
> these icons are multiply style because they seem to be handled
> differently across products. so this in essence "double inverts" them
> in the context where that is needed
>
> Signed-off-by: Shannon Sterz
> ---
> src/proxmox-dark/scss/other/_icons.s
but only when we detect the 'ova-needs-extraction' warning.
This can be used to select the storage where the disks contained in an
OVA will be extracted to temporarily.
Signed-off-by: Dominik Csapak
---
www/manager6/window/GuestImport.js | 23 +++
1 file changed, 23 insertion
in directory storages, we don't need the 'import/' part of the volumes,
as that is implied in dir based storages
Signed-off-by: Dominik Csapak
---
www/manager6/Utils.js | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/www/manager6/Utils.js b/www/manager6/Utils.js
index
If a subset of disks associated with a pre-existing ZFS pool are
selected for installation, the pool might still be importable
(required for the rename) but will be in a `degraded` state.
Currently, only pools in `online` state will be considered for
renameing, leading a possibly clashing pool name
So it behaves the same way the 'old' firewall did. Since currently
ct state invalid are always dropped on the guest table, regardless
of the option. The host behaviour is not changed as it would
require `forward` to match the 'old' behaviour.
Signed-off-by: Hannes Laimer
---
based on what @Stefan
these icons are multiply style because they seem to be handled
differently across products. so this in essence "double inverts" them
in the context where that is needed
Signed-off-by: Shannon Sterz
---
src/proxmox-dark/scss/other/_icons.scss | 7 +++
1 file changed, 7 insertions(+)
diff --g
since there we already have the size information
Signed-off-by: Dominik Csapak
---
www/manager6/storage/Browser.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www/manager6/storage/Browser.js b/www/manager6/storage/Browser.js
index 763abc70..c0b66acc 100644
--- a/www/manag
moves the filepath code a bit more closer to where it's actually used
checks the contained path before trying to find it's absolute path
properly add error handling to realpath
instead of checking the combined ovf_path + filepath, just make sure
filepath can't point to anythign besides a file in t
but only for non esxi ones, since that does not allow
uploading/downloading there
Signed-off-by: Dominik Csapak
---
www/manager6/storage/Browser.js| 9 +++--
www/manager6/window/UploadToStorage.js | 1 +
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/www/manager6/stor
copies the OVF.pm and relevant ovf tests from qemu-server.
We need it here, and it uses PVE::Storage already, and since there is no
intermediary package/repository we could put it, it seems fitting in
here.
Put it in a new GuestImport module
Signed-off-by: Dominik Csapak
---
changes from v5:
* o
sent a v6:
https://lore.proxmox.com/pve-devel/20241115151749.633407-1-d.csa...@proxmox.com/
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Signed-off-by: Dominik Csapak
---
www/manager6/Utils.js| 1 +
www/manager6/form/ContentTypeSelector.js | 2 +-
www/manager6/storage/CephFSEdit.js | 2 +-
www/manager6/storage/GlusterFsEdit.js| 2 +-
4 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/www/m
since 'virtual guests' only make sense for a hypervisor, not e.g. a
directory for OVAs
also change the icon from 'desktop' to 'cloud-download' in the
non-esxi case
Signed-off-by: Dominik Csapak
---
www/manager6/storage/Browser.js | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff
Signed-off-by: Dominik Csapak
---
www/manager6/window/GuestImport.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/www/manager6/window/GuestImport.js
b/www/manager6/window/GuestImport.js
index 2577ece2..1483d97f 100644
--- a/www/manager6/window/GuestImport.js
+++ b/www/manager6/window/Gues
check to be imported files for external references if they are of
content type 'import'.
Signed-off-by: Dominik Csapak
---
new in v6
PVE/API2/Qemu.pm | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 58aaabbe..cbbd1e36 1006
in the same branch as 'vztmpl' and 'iso'
Signed-off-by: Dominik Csapak
---
src/PVE/Storage.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm
index c6a8894..31faa5e 100755
--- a/src/PVE/Storage.pm
+++ b/src/PVE/Storage.pm
@@ -542,7 +542
in DirPlugin and not Plugin (because of cyclic dependency of
Plugin -> OVF -> Storage -> Plugin otherwise)
only ovf is currently supported (though ova will be shown in import
listing), expects the files to not be in a subdir, and adjacent to the
ovf file.
listed will be all ovf/qcow2/raw/vmdk fil
This series enables importing ova/ovf from directory based storages,
inclusive upload/download via the webui (ova only).
It also improves the ovf importer by parsing the ostype, nics, bootorder
(and firmware from vmware exported files).
I opted to move the OVF.pm to pve-storage, since there is no
and delete it here (incl tests; they live in pve-storage now).
Signed-off-by: Dominik Csapak
---
PVE/CLI/qm.pm | 4 +-
PVE/QemuServer/Makefile | 1 -
PVE/QemuServer/OVF.pm | 242 --
debian/control
when 'import-from' contains a disk image that needs extraction
(currently only from an 'ova' archive), do that in 'create_disks'
and overwrite the '$source' volid.
Collect the names into a 'delete_sources' list, that we use later
to clean it up again (either when we're finished with importing or i
the api part was never in use by anything
Signed-off-by: Dominik Csapak
---
PVE/API2/Qemu/Makefile | 2 +-
PVE/API2/Qemu/OVF.pm | 53 --
2 files changed, 1 insertion(+), 54 deletions(-)
delete mode 100644 PVE/API2/Qemu/OVF.pm
diff --git a/PVE/API2/Qem
From: Fabian Grünbichler
creating non-raw disk images with arbitrary content is only possible with raw
access to the storage, but checking for references to external files doesn't
hurt, in case for non pve-managed volumes.
Signed-off-by: Fabian Grünbichler
[ DC: removed prolematic checks for p
this is to override the target extraction storage for the option disk
extraction for 'import-from'. This way if the storage does not
supports the content type 'images', one can give an alternative one.
Signed-off-by: Dominik Csapak
---
PVE/API2/Qemu.pm | 46 +
we only want to show that icon in the tree when the storage is solely
used for importing, not when it's just one of several content types.
Signed-off-by: Dominik Csapak
---
www/manager6/Utils.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www/manager6/Utils.js b/www/manag
importable formats are currently ova/ovf/vmx
Signed-off-by: Dominik Csapak
---
www/manager6/storage/Browser.js | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/www/manager6/storage/Browser.js b/www/manager6/storage/Browser.js
index 934ce706..822257e7 100644
--- a/www/ma
introducing a separate regex that only contains ova, since
upload/downloading ovfs does not make sense (since the disks are then
missing).
Add a sanity check after up/downloading the ova file (and delete if it
does not match).
Signed-off-by: Dominik Csapak
---
changes from v2:
* add sanity check
and reuse the DirPlugin implementation
Signed-off-by: Dominik Csapak
Reviewed-by: Fiona Ebner
---
src/PVE/Storage/BTRFSPlugin.pm | 5 +
src/PVE/Storage/CIFSPlugin.pm | 6 +-
src/PVE/Storage/CephFSPlugin.pm| 6 +-
src/PVE/Storage/GlusterfsPlugin.pm | 6 +-
src/PVE/St
since we want to handle ova files (which are only ovf+images bundled in
a tar file) for import, add code that handles that.
we introduce a valid volname for files contained in ovas like this:
storage:import/archive.ova/disk-1.vmdk
by basically treating the last part of the path as the name for
simply add all parsed disks to the boot order in the order we encounter
them (similar to the esxi plugin).
Signed-off-by: Dominik Csapak
Reviewed-by: Fiona Ebner
---
src/PVE/GuestImport/OVF.pm | 6 +-
src/test/run_ovf_tests.pl | 3 +++
2 files changed, 8 insertions(+), 1 deletion(-)
diff
if the base image (parent) of an image contains whitespace in it's path
(e.g. a space), the current untainting would not match and it would seem
there was no parent.
Fix that by adapting the untaint regex
Signed-off-by: Dominik Csapak
---
src/PVE/Storage/Plugin.pm | 2 +-
1 file changed, 1 inse
by iterating over the relevant parts and trying to parse out the
'ResourceSubType'. The content of that is not standardized, but I only
ever found examples that are compatible with vmware, meaning it's
either 'e1000', 'e1000e' or 'vmxnet3' (in various capitalizations; thus
the `lc()`)
As a fallbac
use the standards info about the ostypes to map to our own
(see comment for link to the relevant part of the dmtf schema)
every type that is not listed we map to 'other', so no need to have it
in a list.
Signed-off-by: Dominik Csapak
Reviewed-by: Fiona Ebner
---
src/PVE/GuestImport/OVF.pm | 69
it seems there is no part of the ovf standard that handles which type of
bios there is (at least i could not find it). Every ovf/ova i tested
either has no info about it, or has it in a vmware specific property
which we parse here.
Signed-off-by: Dominik Csapak
Reviewed-by: Fiona Ebner
---
src/
On 14.11.24 10:32 AM, Dominik Csapak wrote:
> This series enables importing ova/ovf from directory based storages,
> inclusive upload/download via the webui (ova only).
>
> It also improves the ovf importer by parsing the ostype, nics, bootorder
> (and firmware from vmware exported files).
>
> I
Am 22.02.24 um 15:28 schrieb Alexandre Derumier:
> remove self._sysctl_slaac call for bridge, or it'll be called twice
>
> Signed-off-by: Alexandre Derumier
> ---
> ...6-slaac-support-inet6-auto-accept_ra.patch | 32 +++
> 1 file changed, 12 insertions(+), 20 deletions(-)
>
>
a
Am 25.03.24 um 18:01 schrieb Alexandre Derumier:
> Signed-off-by: Alexandre Derumier
> ---
> src/PVE/Network/SDN/Zones/VlanPlugin.pm| 3 +++
> src/test/zones/vlan/bridge/expected_sdn_interfaces | 4
> src/test/zones/vlan/bridge/sdn_config | 2 +-
> 3 files changed, 8
On 14.11.24 10:32 AM, Dominik Csapak wrote:
> and reuse the DirPlugin implementation
>
> Signed-off-by: Dominik Csapak
Reviewed-by: Fiona Ebner
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo
On 11/15/24 15:58, Thomas Lamprecht wrote:
> Am 15.11.24 um 14:44 schrieb Stefan Hanreich:
>>> Shouldn't we try to get the MTU of the bridge when it's set to 'auto'
>>> and then setup the other interfaces accordingly? Or am I
>>> misunderstanding what 'auto' does?
>>
>> While this is still an is
Gave this patch a quick spin, worked on my machine.
Tested-by: Stefan Hanreich
The other patch is only required for DHCP so let's leave it for now (and
doesn't apply on current master, but that's trivial..).
___
pve-devel mailing list
pve-devel@lists
Am 15.11.24 um 14:44 schrieb Stefan Hanreich:
>> Shouldn't we try to get the MTU of the bridge when it's set to 'auto'
>> and then setup the other interfaces accordingly? Or am I
>> misunderstanding what 'auto' does?
>
> While this is still an issue, it at least makes the MTU work if it is
> expli
Am 15.11.24 um 15:08 schrieb Dominik Csapak:
> this makes now use of the new sorting order since now we have
> nodes, storages, and guests on one level in the tag view
>
> Signed-off-by: Dominik Csapak
> ---
> this replaces my previous patch:
> ui: resource tree: show nodes/storages in pool/tag
Am 15.11.24 um 13:43 schrieb Christian Ebner:
> Making the system bootable can take some time if many disks are used
> for installation, which could be misinterpreted as a hanging
> installer. Add a please be patient output when more than 3 disks are
> used.
>
> Output changes from `make system bo
Am 15.11.24 um 11:32 schrieb Christoph Heiss:
> This ensure backwards-compatibility of older version of
> proxmox-auto-install-assistant and newer ISOs/auto-installer version.
>
> Otherwise, it fails with a "missing key `partition_label`" error on
> start.
>
> While proxmox-auto-install-assistant
On 14.11.24 10:32 AM, Dominik Csapak wrote:
> introducing a separate regex that only contains ova, since
> upload/downloading ovfs does not make sense (since the disks are then
> missing).
>
> Signed-off-by: Dominik Csapak
Reviewed-by: Fiona Ebner
Maybe we could do a quick check that it's a t
There is already 8.5.6 [1] out which, among bug fixes, fixes a series of
CVE's as well - some of them with relatively high score. I'll test a
bump to 8.5.6 instead and send a new patch for that if everything works.
[1] https://github.com/FRRouting/frr/releases/tag/frr-8.5.6
On 2/22/24 18:36, Ale
On 11/15/24 14:44, Fiona Ebner wrote:
On 15.11.24 2:39 PM, Dominik Csapak wrote:
On 11/15/24 14:35, Fiona Ebner wrote:
On 14.11.24 10:32 AM, Dominik Csapak wrote:
@@ -244,22 +235,31 @@ ovf:Item[rasd:InstanceID='%s']/
rasd:ResourceType", $controller_id);
my $adress_on_controller = $xpc-
this makes now use of the new sorting order since now we have
nodes, storages, and guests on one level in the tag view
Signed-off-by: Dominik Csapak
---
this replaces my previous patch:
ui: resource tree: show nodes/storages in pool/tag view by default
changes from that v1:
* don't show the sto
Signed-off-by: Markus Frank
---
www/manager6/Makefile | 1 +
www/manager6/dc/Config.js | 10 +++
www/manager6/dc/DirMapView.js | 50 +++
3 files changed, 61 insertions(+)
create mode 100644 www/manager6/dc/DirMapView.js
diff --git a/www/manager6/
Signed-off-by: Markus Frank
---
www/manager6/Makefile | 1 +
www/manager6/window/DirMapEdit.js | 230 ++
2 files changed, 231 insertions(+)
create mode 100644 www/manager6/window/DirMapEdit.js
diff --git a/www/manager6/Makefile b/www/manager6/Makefile
i
Signed-off-by: Markus Frank
---
www/manager6/Makefile | 1 +
www/manager6/form/DirMapSelector.js | 63 +
2 files changed, 64 insertions(+)
create mode 100644 www/manager6/form/DirMapSelector.js
diff --git a/www/manager6/Makefile b/www/manager6/Makefile
Signed-off-by: Markus Frank
---
www/manager6/Makefile | 1 +
www/manager6/Utils.js | 1 +
www/manager6/qemu/HardwareView.js | 19 +
www/manager6/qemu/VirtiofsEdit.js | 137 ++
4 files changed, 158 insertions(+)
create mode 100644 www/m
Signed-off-by: Markus Frank
---
PVE/API2/Qemu.pm | 6 ++
PVE/QemuServer.pm | 4
2 files changed, 10 insertions(+)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index a369a32b..90ed8f81 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -5252,6 +5252,12 @@ __PACKAGE__->register_
Add it to both the perl side (PVE/Cluster.pm) and pmxcfs side
(status.c).
This dir.cfg is used to map directory IDs to paths on selected hosts.
Signed-off-by: Markus Frank
Reviewed-by: Fiona Ebner
---
src/PVE/Cluster.pm | 1 +
src/pmxcfs/status.c | 1 +
2 files changed, 2 insertions(+)
diff -
Virtio-fs is a shared file system that enables sharing a directory
between host and guest VMs. It takes advantage of the locality of
virtual machines and the hypervisor to get a higher throughput than
the 9p remote file system protocol.
build-order:
1. cluster
2. guest-common
3. docs
4. qemu-serve
Signed-off-by: Markus Frank
---
PVE/API2/Cluster/Mapping.pm | 7 +
PVE/API2/Cluster/Mapping/Dir.pm | 317 ++
PVE/API2/Cluster/Mapping/Makefile | 1 +
3 files changed, 325 insertions(+)
create mode 100644 PVE/API2/Cluster/Mapping/Dir.pm
diff --git a/PVE/AP
Signed-off-by: Markus Frank
---
debian/control | 1 +
1 file changed, 1 insertion(+)
diff --git a/debian/control b/debian/control
index aa5f4c6d..386b83da 100644
--- a/debian/control
+++ b/debian/control
@@ -57,6 +57,7 @@ Depends: dbus,
socat,
swtpm,
swtpm-tools,
+
add support for sharing directories with a guest vm.
virtio-fs needs virtiofsd to be started.
In order to start virtiofsd as a process (despite being a daemon it is
does not run in the background), a double-fork is used.
virtiofsd should close itself together with QEMU.
There are the parameters
Adds a config file for directories by using a 'map' property string for
each node mapping.
Next to node & path, there is the optional submounts parameter in the
map property string that is used to announce other mounted file systems
in the specified directory.
Additionally there are the default s
Add checks for directory mapping to the check_local_resources function.
Since the VM needs to be powered off for migration, migration should
work with a directory on shared storage with all caching settings.
Signed-off-by: Markus Frank
---
PVE/QemuServer.pm| 10 +-
test/Migr
Signed-off-by: Markus Frank
---
qm.adoc | 97 +++--
1 file changed, 95 insertions(+), 2 deletions(-)
diff --git a/qm.adoc b/qm.adoc
index b550888..c958013 100644
--- a/qm.adoc
+++ b/qm.adoc
@@ -1081,6 +1081,98 @@ recommended to always use a lim
On 14.11.24 10:32 AM, Dominik Csapak wrote:
> by iterating over the relevant parts and trying to parse out the
> 'ResourceSubType'. The content of that is not standardized, but I only
> ever found examples that are compatible with vmware, meaning it's
> either 'e1000', 'e1000e' or 'vmxnet3' (in var
On 14.11.24 10:32 AM, Dominik Csapak wrote:
> use the standards info about the ostypes to map to our own
> (see comment for link to the relevant part of the dmtf schema)
>
> every type that is not listed we map to 'other', so no need to have it
> in a list.
>
> Signed-off-by: Dominik Csapak
Rev
On 14.11.24 10:32 AM, Dominik Csapak wrote:
> simply add all parsed disks to the boot order in the order we encounter
> them (similar to the esxi plugin).
>
> Signed-off-by: Dominik Csapak
Reviewed-by: Fiona Ebner
___
pve-devel mailing list
pve-deve
> On 15.11.2024 14:35 CET Thomas Lamprecht wrote:
>
>
> Am 15.11.24 um 13:43 schrieb Christian Ebner:
> > Making the system bootable can take some time if many disks are used
> > for installation, which could be misinterpreted as a hanging
> > installer. Add a please be patient output when mo
On 14.11.24 10:32 AM, Dominik Csapak wrote:
> it seems there is no part of the ovf standard that handles which type of
> bios there is (at least i could not find it). Every ovf/ova i tested
> either has no info about it, or has it in a vmware specific property
> which we parse here.
>
> Signed-off
On 4/4/24 15:58, Stefan Hanreich wrote:
> I've tested this on my machine. It works if the MTU is explicitly set in
> the zone configuration. If the MTU is set on the bridge to something
> else than 1500 and the zone configuration has 'auto', then the MTU of
> all other interfaces and bridges is sti
On 15.11.24 2:39 PM, Dominik Csapak wrote:
> On 11/15/24 14:35, Fiona Ebner wrote:
>> On 14.11.24 10:32 AM, Dominik Csapak wrote:
>>> @@ -244,22 +235,31 @@ ovf:Item[rasd:InstanceID='%s']/
>>> rasd:ResourceType", $controller_id);
>>> my $adress_on_controller = $xpc-
>>> >findvalue('rasd:Addres
On Fri, Nov 15, 2024 at 02:39:16PM +0100, Thomas Lamprecht wrote:
> Am 15.11.24 um 14:34 schrieb Christoph Heiss:
> > On Thu, Nov 14, 2024 at 09:23:48PM +0100, Thomas Lamprecht wrote:
> >> [..]
> >> So it really would be great to allow overriding that ordering.
> >>
> >> Simplest way might be to le
On 11/15/24 14:13, Stefan Hanreich wrote:
> I see two ways of solving this problem:
>
> * We introduce a knob at VM level that lets you decide whether to drop
> ct invalid traffic or not. (Invalid traffic would then still be
> evaluated by the firewall rules if it's allowed in principle, as is the
On 11/15/24 14:35, Fiona Ebner wrote:
On 14.11.24 10:32 AM, Dominik Csapak wrote:
@@ -244,22 +235,31 @@ ovf:Item[rasd:InstanceID='%s']/rasd:ResourceType",
$controller_id);
my $adress_on_controller = $xpc->findvalue('rasd:AddressOnParent',
$item_node);
my $pve_disk_address = id_
Am 15.11.24 um 14:34 schrieb Christoph Heiss:
> On Thu, Nov 14, 2024 at 09:23:48PM +0100, Thomas Lamprecht wrote:
>> [..]
>> So it really would be great to allow overriding that ordering.
>>
>> Simplest way might be to leave it out here, or well go for the default we
>> want
>> (in doubt -> dice r
Am 15.11.24 um 13:43 schrieb Christian Ebner:
> Making the system bootable can take some time if many disks are used
> for installation, which could be misinterpreted as a hanging
> installer. Add a please be patient output when more than 3 disks are
> used.
>
> Output changes from `make system bo
On 14.11.24 10:32 AM, Dominik Csapak wrote:
> @@ -244,22 +235,31 @@ ovf:Item[rasd:InstanceID='%s']/rasd:ResourceType",
> $controller_id);
> my $adress_on_controller = $xpc->findvalue('rasd:AddressOnParent',
> $item_node);
> my $pve_disk_address = id_to_pve($controller_type) .
> $adre
On Thu, Nov 14, 2024 at 09:23:48PM +0100, Thomas Lamprecht wrote:
> [..]
> So it really would be great to allow overriding that ordering.
>
> Simplest way might be to leave it out here, or well go for the default we want
> (in doubt -> dice roll), and write out a systemd unit snippet during
> inst
On 11/15/24 13:33, Hannes Laimer wrote:
> We only add a `block-conntrack-invalid` jump to the in chain, if
> the `nf_conntrack_allow_invalid` option is not set in the config. But we
> already drop connections with an invalid ct state by default. So we have
> to either allow connections with an i
On 11/15/24 13:11, Fiona Ebner wrote:
On 14.11.24 10:32 AM, Dominik Csapak wrote:
diff --git a/src/PVE/GuestImport.pm b/src/PVE/GuestImport.pm
new file mode 100644
index 000..c89fbc9
--- /dev/null
+++ b/src/PVE/GuestImport.pm
@@ -0,0 +1,78 @@
+package PVE::GuestImport;
+
+use strict;
+use wa
Making the system bootable can take some time if many disks are used
for installation, which could be misinterpreted as a hanging
installer. Add a please be patient output when more than 3 disks are
used.
Output changes from `make system bootable` to
`make system bootable (please be patient)`
Sig
We only add a `block-conntrack-invalid` jump to the in chain, if
the `nf_conntrack_allow_invalid` option is not set in the config. But we
already drop connections with an invalid ct state by default. So we have
to either allow connections with an invalid ct state by default, or explicitly
allow the
Since forward rules only take effect when the nftables firewall is
enabled, show a warning to users that informs them of this.
Signed-off-by: Stefan Hanreich
---
www/manager6/grid/FirewallRules.js | 22 ++
1 file changed, 22 insertions(+)
diff --git a/www/manager6/grid/Firew
v4 here:
https://lore.proxmox.com/pve-devel/20241115121109.170200-2-s.hanre...@proxmox.com/T/
On 11/12/24 13:25, Stefan Hanreich wrote:
> ## Introduction
>
> This patch series introduces a new direction for firewall rules: forward.
> Additionally this patch series introduces defining firewall rul
v4 here:
https://lore.proxmox.com/pve-devel/20241115120937.169342-1-s.hanre...@proxmox.com/T/
On 11/12/24 13:25, Stefan Hanreich wrote:
> This patch series adds support for autogenerating ipsets for SDN objects. It
> autogenerates ipsets for every VNet as follows:
>
> * ipset containing all IP ra
Added a new direction section, mostly so I can write about the forward
direction and explain its use cases.
Signed-off-by: Stefan Hanreich
---
Makefile | 1 +
gen-pve-firewall-vnet-opts.pl | 12 +
pve-firewall-vnet-opts.adoc | 8 +++
pve-firewall.adoc | 9
On 14.11.24 10:32 AM, Dominik Csapak wrote:
> diff --git a/src/PVE/GuestImport.pm b/src/PVE/GuestImport.pm
> new file mode 100644
> index 000..c89fbc9
> --- /dev/null
> +++ b/src/PVE/GuestImport.pm
> @@ -0,0 +1,78 @@
> +package PVE::GuestImport;
> +
> +use strict;
> +use warnings;
> +
> +use Fi
Signed-off-by: Stefan Hanreich
Reviewed-by: Wolfgang Bumiller
Tested-by: Hannes Dürr
---
.../resources/proxmox-firewall.nft| 54
proxmox-firewall/src/firewall.rs | 122 +-
proxmox-firewall/src/rule.rs | 5 +-
.../integration_
Expose the ability to create vnet-level firewalls in the PVE UI
Signed-off-by: Stefan Hanreich
Tested-by: Hannes Dürr
---
www/manager6/Makefile| 2 +
www/manager6/dc/Config.js| 8 +++
www/manager6/sdn/FirewallPanel.js| 50 ++
www/manager6/sdn/Fi
Enables us to use the new forward direction as an option when creating
or editing firewall rules. By introducing firewall_type we can switch
between the available directions depending on which ruleset is being
edited.
Signed-off-by: Stefan Hanreich
Tested-by: Hannes Dürr
---
www/manager6/dc/Con
Signed-off-by: Stefan Hanreich
Reviewed-by: Wolfgang Bumiller
Tested-by: Hannes Dürr
---
src/PVE/API2/Firewall/Makefile | 1 +
src/PVE/API2/Firewall/Rules.pm | 84
src/PVE/API2/Firewall/Vnet.pm | 169 +
src/PVE/Firewall.pm| 10 ++
Signed-off-by: Stefan Hanreich
Reviewed-by: Wolfgang Bumiller
Tested-by: Hannes Dürr
---
src/PVE/Firewall.pm | 127 ++--
src/PVE/Firewall/Helpers.pm | 12
2 files changed, 132 insertions(+), 7 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE
This adds the ability to dynamically configure and change the base_url
for the firewall options. This is needed for the SDN firewall dialog,
that updates the firewall components based on the selected vnet. This
avoids having to reinstantiate the component every time the user
selects a new vnet.
Si
Add the configuration options for vnet-level firewalls to the options
component. Additionally add the new policy_forward configuration
option to the datacenter-level firewall as well.
Signed-off-by: Stefan Hanreich
Tested-by: Hannes Dürr
---
www/manager6/grid/FirewallOptions.js | 38 +++
Signed-off-by: Stefan Hanreich
Reviewed-by: Wolfgang Bumiller
---
src/PVE/API2/Network/SDN/Vnets.pm | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/PVE/API2/Network/SDN/Vnets.pm
b/src/PVE/API2/Network/SDN/Vnets.pm
index 05915f6..e48b048 100644
--- a/src/PVE/API2/Network/SDN/Vnets.
1 - 100 of 142 matches
Mail list logo
