--- Begin Message ---
Thanks Fiona !
>>While 'snapshot-as-volume-chain' is not the perfect proxy, as that's
>>not only for LVM, it's an experimental feature that covers the LVM
>>case and it seems like a nice fit to try out the new option on
>>file-based storages too.
I'll try to do test with qco
ping
On 5/27/25 15:57, Stefan Hanreich wrote:
> Since we now have proxmox-log as the standard crate for logging purposes,
> migrate proxmox-firewall to the new logging crate.
>
> The old logging setup was also tied with the debugging mechanisms described in
> the documentation. I used that opport
ping
Hannes and I tried to fix the errors that appear when starting FRR
10.3.1 (even on a blank config). The errors look similar to these:
Jul 22 08:36:09 pve1 zebra[845]: libyang Invalid boolean value "".
(/frr-vrf:lib/vrf/state/active)
Jul 22 08:36:09 pve1 zebra[845]: libyang Invalid
Thanks for taking a look at this!
On 24/07/2025 10:22, Daniel Herzig wrote:
> Thanks for documenting this!
>
> I'd even go one step further and discourage the use of bonds in one of
> the sections of 'Cluster Network' in `pvecm.adoc` as well. Best with a
> link to the new 'Corosync over Bonds' se
pve-common now allows arbitrary names for physical interfaces, without
being restricted by PHYSICAL_NIC_RE. In order to detect physical
interfaces, pvestatd now needs to query 'ip link' for the type of an
interface instead of relying on the regular expression.
On the receiving end, PullMetric cann
The parser for /e/n/i relied on PHYSICAL_NIC_RE for detecting physical
interfaces. In order to allow arbitrary interface names for pinning
physical interfaces, switch over to detecting physical interfaces via
'ip link' instead.
Signed-off-by: Stefan Hanreich
---
src/PVE/INotify.pm | 25 +
With the changes to physical interface detection in pve-common and
pve-manager, it is now possible to use arbitrary names for physical
interfaces in our network stack. This allows the removal of the
existing, hardcoded, prefixes.
Signed-off-by: Stefan Hanreich
---
PVE/CLI/proxmox_network_interfa
This patch series lifts the restriction for naming physical interfaces.
Previously we relied on a regex (PHYSICAL_NIC_RE) for determining whether an
interface was physical or not. This patch series changes that, by querying the
kernel for the type of the interface and using that to determine whethe
Am 24.07.25 um 2:10 PM schrieb Fabian Grünbichler:
> avoid calling qemu_blockdev_options on a volid+snapshot that is potentially
> already invalid if it has been removed/renamed by the storage layer. instead,
> generate the node name of the old node that we want to replace/remove
> directly,
> sin
Am 24.07.25 um 12:11 schrieb Shannon Sterz:
> newer isos ship with new deb822 style repository configurations in
> `/etc/apt/sources.list.d/debian.sources`. make the installer set the
> mirror in the correct file again.
>
> Signed-off-by: Shannon Sterz
> ---
> only did some rudimentary testing he
--- Begin Message ---
Hello proxmox developers,
I am very interested in the steps to build the patch for OIDC integrations
such as zitadel which need a custom audiences field as seen in the issues I
contained at the footer of this message. I would love to build this in my
production proxmox instan
Discard will only work when the setting is applied to all nodes in
the throttle->fmt->file chain.
Fixes: 2ea50f8b ("blockdev: add helpers to generate blockdev commandline")
Signed-off-by: Fiona Ebner
---
src/PVE/QemuServer/Blockdev.pm| 10 +++
src/test/cfg2cmd/aio.conf.cmd
it seems to me that the patch does not apply on the latest master. Does
this patch require some other patch be build upon?
On 7/23/25 1:11 PM, Fiona Ebner wrote:
With the switch to '-blockdev', it is necessary to explicitly specify
the device ID for SCSI drives, see also [0]. Otherwise, the dev
The 'disk-size' format in the JSON schema in pve-common was changed to
print more verbose, non-ambiguous disk size suffixes. While the
previous commit changed the necessary test cases to not fail, adapt
all tests to match how configurations are actually written now.
Add a dedicated restore test wh
---
qm.conf.5-opts.adoc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/qm.conf.5-opts.adoc b/qm.conf.5-opts.adoc
index ce45ca7..401bfdb 100644
--- a/qm.conf.5-opts.adoc
+++ b/qm.conf.5-opts.adoc
@@ -107,6 +107,8 @@ by the guest firmware (BIOS/UEFI). If you require multiple
disks for bootin
---
qm.adoc | 10 ++
1 file changed, 10 insertions(+)
diff --git a/qm.adoc b/qm.adoc
index 0548c46..d60e16c 100644
--- a/qm.adoc
+++ b/qm.adoc
@@ -1136,6 +1136,16 @@ you need to set the client resolution in the OVMF menu
(which you can reach
with a press of the ESC button during boot),
*** BLURB HERE ***
Jérôme Avond (1):
Add informations on PXE/iPXE/HTTP boot with OVMF uEFI
qm.adoc | 10 ++
1 file changed, 10 insertions(+)
--
2.43.0
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bi
*** BLURB HERE ***
Jérôme Avond (2):
Add informations on PXE/iPXE/HTTP boot with OVMF uEFI
Info on RNG required for UEFI/netboot
qm.adoc | 10 ++
qm.conf.5-opts.adoc | 2 ++
2 files changed, 12 insertions(+)
--
2.43.0
___
p
---
qm.adoc | 10 ++
1 file changed, 10 insertions(+)
diff --git a/qm.adoc b/qm.adoc
index 0548c46..d60e16c 100644
--- a/qm.adoc
+++ b/qm.adoc
@@ -1136,6 +1136,16 @@ you need to set the client resolution in the OVMF menu
(which you can reach
with a press of the ESC button during boot),
---
qm.adoc | 10 ++
1 file changed, 10 insertions(+)
diff --git a/qm.adoc b/qm.adoc
index 0548c46..d60e16c 100644
--- a/qm.adoc
+++ b/qm.adoc
@@ -1136,6 +1136,16 @@ you need to set the client resolution in the OVMF menu
(which you can reach
with a press of the ESC button during boot),
*** BLURB HERE ***
Jérôme Avond (1):
Add informations on PXE/iPXE/HTTP boot with OVMF uEFI
qm.adoc | 10 ++
1 file changed, 10 insertions(+)
--
2.43.0
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bi
Superseded-by:
https://lore.proxmox.com/pve-devel/20250724141730.468243-1-g.gol...@proxmox.com/
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
## Introduction
This patch series lays the groundwork for the Proxmox Datacenter Manager
SDN/EVPN integration on the Proxmox VE side by introducing global locking for
the SDN configuration. It is intended to be used by the PDM implementation to
prevent concurrent changes to the SDN configuration,
From: Stefan Hanreich
The parameter is optional, so all existing create/update/delete
invocations can work as before, only failing if the global lock is
currently set. This ensures backwards-compatibility with the existing
calls to the API in the frontend. If the lock is set, users will get
an er
From: Stefan Hanreich
This adds the functionality of rolling back the pending configuration
to the currently running configuration, resetting all changes made
since last applying the SDN configuration. This is mainly thought as
an escape hatch for failed PDM transactions.
You can invoke the endp
From: Stefan Hanreich
Add a new cluster-wide lock for SDN that prevents any changes to the
configuration if the generated lock-secret is not provided. It works
by generating and storing a secret in sdn/.lock which gets checked by
lock_sdn_config on every invocation. If the lock file exists, then
From: Stefan Hanreich
This endpoint exposes the newly introduced global lock functionality
via the API. It adds endpoints for acquiring and releasing the lock.
Acquiring the lock is as simple as:
pvesh create /cluster/sdn/lock
The flag 'allow-pending' governs whether the lock should be acquir
From: Stefan Hanreich
Committing the configuration now requires a lock on the SDN
configuration, which was not required before. This is to prevent
concurrent callers from applying the SDN configuration, while the lock
is held. If there is no lock set, then this function behaves the same
as before
Without the 'discard-no-unref', a qcow2 file can grow beyond what
'qemu-img measure' reports, because of fragmentation. This can lead to
IO errors with qcow2 on top of LVM storages, where the containing LV
is allocated with that size. Guard enabling the option with
having 'snapshot-as-volume-chain'
The 'lvmqcow2_external_snapshot' test case uses qcow2 on top of LVM
which can only be used with that option currently.
Signed-off-by: Fiona Ebner
---
src/test/run_qemu_img_convert_tests.pl | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/test/run_qemu_img_convert_tests.pl
b/src/test/run_
Certain options like read-only need to be set on all nodes in the
throttle->fmt->file chain to apply correctly and consistently.
Signed-off-by: Fiona Ebner
---
src/PVE/QemuServer/Blockdev.pm | 19 +++
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/src/PVE/QemuServ
Signed-off-by: Fiona Ebner
---
src/test/run_qemu_img_convert_tests.pl | 39 +-
1 file changed, 38 insertions(+), 1 deletion(-)
diff --git a/src/test/run_qemu_img_convert_tests.pl
b/src/test/run_qemu_img_convert_tests.pl
index 4bfcf4fb..64c98327 100755
--- a/src/test/run_
Signed-off-by: Fiona Ebner
---
src/test/run_qemu_img_convert_tests.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/run_qemu_img_convert_tests.pl
b/src/test/run_qemu_img_convert_tests.pl
index a3c4cb59..3f7fb98e 100755
--- a/src/test/run_qemu_img_convert_tests.pl
+
First part is fixing discard in combination with -blockdev. The option
needs to be set for the whole throttle->fmt->file chain to make it
work.
Second part is fixing bug #6543, qcow2 can grow beyond what qemu-img
measure reports, because of fragmentation when the discard-no-unref
option is not use
avoid calling qemu_blockdev_options on a volid+snapshot that is potentially
already invalid if it has been removed/renamed by the storage layer. instead,
generate the node name of the old node that we want to replace/remove directly,
since nothing besides the name is used in this code path anyway..
On Thu, 17 Jul 2025 11:12:24 +0200, Hannes Laimer wrote:
>
Applied, thanks!
[1/1] sdn: fabrics: remove duplicate paragraph in OSPF section
commit: e043270aa8e99e6f8e1df6d2538f1870e183306b
___
pve-devel mailing list
pve-devel@lists.proxmox.com
newer isos ship with new deb822 style repository configurations in
`/etc/apt/sources.list.d/debian.sources`. make the installer set the
mirror in the correct file again.
Signed-off-by: Shannon Sterz
---
only did some rudimentary testing here, but fixing this up might be nice
in the long run.
Pr
This is obsolete, see the recent discussion in the bugzilla entry. I'll
work out other patches that use the discard-no-unref option to avoid the
issue.
___
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/list
forgot to run make tidy...
https://lore.proxmox.com/pve-devel/20250724093459.76397-1-s.hanre...@proxmox.com/T/#t
On 7/24/25 11:32, Stefan Hanreich wrote:
> Several improvements to the network interface pinning tool:
> * interfaces are now iterated according to ifindex
> * output of the mapping is
Instead of printing a separate line for each altname, the tool now
only prints one line per physical interface. The primary name is used
as an identifier and the altnames are printed additionally in
parentheses (if they exist). Additionally, the output is now sorted by
ifindex (just as the pin orde
If a specific interface is specified via the interface parameter,
users can now additionally specify a target-name. This makes it easier
for users to assign specific names to specific interfaces, according
to their preferences.
Signed-off-by: Stefan Hanreich
---
PVE/CLI/proxmox_network_interface
'if' has been added as a possible prefix for physical nics in
pve-common. Add it as a possible prefix for pinning network interfaces
here as well.
Signed-off-by: Stefan Hanreich
---
PVE/CLI/proxmox_network_interface_pinning.pm | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
d
Several improvements to the network interface pinning tool:
* interfaces are now iterated according to ifindex
* output of the mapping is now sorted and less verbose
* users can now set a specific target name
* if has been introduced as an additional legal prefix
Still looking into removing the PH
While ifindex is not guaranteed to be stable across reboots, it seems
like a good enough heuristic for making sure interfaces with multiple
ports are clamped together when pinning.
Signed-off-by: Stefan Hanreich
---
PVE/CLI/proxmox_network_interface_pinning.pm | 6 +-
1 file changed, 5 inser
Instead of printing a separate line for each altname, the tool now
only prints one line per physical interface. The primary name is used
as an identifier and the altnames are printed additionally in
parentheses (if they exist). Additionally, the output is now sorted by
ifindex (just as the pin orde
While ifindex is not guaranteed to be stable across reboots, it seems
like a good enough heuristic for making sure interfaces with multiple
ports are clamped together when pinning.
Signed-off-by: Stefan Hanreich
---
PVE/CLI/proxmox_network_interface_pinning.pm | 6 +-
1 file changed, 5 inser
If a specific interface is specified via the interface parameter,
users can now additionally specify a target-name. This makes it easier
for users to assign specific names to specific interfaces, according
to their preferences.
Signed-off-by: Stefan Hanreich
---
PVE/CLI/proxmox_network_interface
'if' has been added as a possible prefix for physical nics in
pve-common. Add it as a possible prefix for pinning network interfaces
here as well.
Signed-off-by: Stefan Hanreich
---
PVE/CLI/proxmox_network_interface_pinning.pm | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
d
Several improvements to the network interface pinning tool:
* interfaces are now iterated according to ifindex
* output of the mapping is now sorted and less verbose
* users can now set a specific target name
* if has been introduced as an additional legal prefix
Still looking into removing the PH
with the 'tls' feature offers a callback method that can be used within
openssl's `set_verify_callback` with a given expected fingerprint.
The logic is inspired by our perl and proxmox-websocket-tunnel
verification logic:
Use openssl's verification if no fingerprint is pinned. If a fingerprint
is
There are currently 3 slightly different implementations of the openssl
verify callback in place. They differ in how an explicit fingerprint
would be checked:
* pbs-client: if verification was on, a valid certificate would trump a
wrong epxlicit fingerprint
* proxmox-websocket-tunnel: if an expl
instead of implementing it here. This changes the behavior when giving a
fingerprint explicitly when the certificate chain is trusted by openssl.
Previously this would be accepted due to openssls checks, regardless if
the given fingerprint would match or not.
With this patch, a given fingerprint h
This changes the validation logic by always checking the fingerprint of
the leaf certificate, ignoring the openssl verification if a fingerprint
is configured. This now aligns with our perl implementation and the one
for proxmox-websocket-tunnel.
Before, a valid certificate chain would have preced
no functional change intended, since the callback there should implement
the same behavior.
With this, we can drop the dependency on itertools.
Signed-off-by: Dominik Csapak
---
Cargo.toml | 3 +--
src/main.rs | 67 +
2 files changed, 28 ins
Currently, the first character can also be a digit, '.', '-', or '_'.
Almost all other configuration IDs in Proxmox VE require starting with
a letter, so force this for new pool names too.
A pool with ID '0' can be added, but not parsed, because it will
evaluate to false in PVE/AccessControl.pm's
Thanks for documenting this!
I'd even go one step further and discourage the use of bonds in one of
the sections of 'Cluster Network' in `pvecm.adoc` as well. Best with a
link to the new 'Corosync over Bonds' section, with your decent
explanation. That way it would be more difficult to miss fo
56 matches
Mail list logo
