[pve-devel] [PATCH docs 2/2] partially fix #5139: document qnetd port requirement

we could also add a check somewhere in pve-cluster for this. Signed-off-by: Fabian Grünbichler --- pvecm.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pvecm.adoc b/pvecm.adoc index 03fba9f..adfc33f 100644 --- a/pvecm.adoc +++ b/pvecm.adoc @@ -1100,6 +1100,9 @@ columns: https:/

[pve-devel] [PATCH docs 1/2] fix #5140: qdevice SSH access documentation

rephrase in order to not make it seem like password-based access is required. Signed-off-by: Fabian Grünbichler --- pvecm.adoc | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pvecm.adoc b/pvecm.adoc index 1f78585..03fba9f 100644 --- a/pvecm.adoc +++ b/pvecm.adoc @@ -1

Re: [pve-devel] [PATCH access-control] fix #5136: ldap: Decode non-ASCII characters in attributes

Hi, thanks for tackling this! On 12/20/23 15:37, Filip Schauer wrote: Decode non-ASCII character when syncing user attributes, since those will be encoded later on. Without this fix the attributes where encoded twice, resulting in cases such as 'ü' turning into 'ü'. Signed-off-by: Filip Schaue

[pve-devel] [PATCH cluster] ssh: default to 4096 bit keys when generating

Signed-off-by: Fabian Grünbichler --- src/PVE/Cluster/Setup.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PVE/Cluster/Setup.pm b/src/PVE/Cluster/Setup.pm index 07020d7..4b12bb8 100644 --- a/src/PVE/Cluster/Setup.pm +++ b/src/PVE/Cluster/Setup.pm @@ -157,7 +157,7 @@ su

Re: [pve-devel] [PATCH access-control] fix #5136: ldap: Decode non-ASCII characters in attributes

Tested it using Windows Server 2022 and Samba 4.19.2 on Linux, with both LDAP and AD realms. Fixes the problem after a re-sync, LGTM. Tested-by: Christoph Heiss On Wed, Dec 20, 2023 at 03:37:03PM +0100, Filip Schauer wrote: > Decode non-ASCII character when syncing user attributes, since thos

[pve-devel] [RFC cluster 0/2] fix #4886: improve SSH handling

RFC since this would be a bigger change in how we approach intra-cluster SSH access. there are still a few parts that currently don't use SSHInfo, but would need to be switched over if we want to pursue this approach: - get_vnc_connection_info in PVE::API2::Nodes - 'upload' API endpoint in PVE::A

[pve-devel] [RFC cluster 2/2] fix #4886: SSH: pin node's host key if available

if the target node has already stored their SSH host key on pmxcfs, pin it and ignore the global known hosts information. Signed-off-by: Fabian Grünbichler --- src/PVE/SSHInfo.pm | 15 ++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/PVE/SSHInfo.pm b/src/PVE/SSHI

[pve-devel] [RFC cluster 1/2] fix #4886: write node SSH hostkey to pmxcfs

so that we can explicitly pin just this key when doing intra-cluster SSH connections. this works similar to the certificate cache we use for API proxying, but without automatic invalidation, since node A doesn't have access to node B's host key.. Signed-off-by: Fabian Grünbichler --- Notes:

Re: [pve-devel] [PATCH access-control] fix #5136: ldap: Decode non-ASCII characters in attributes

On 12/20/23 15:37, Filip Schauer wrote: Decode non-ASCII character when syncing user attributes, since those will be encoded later on. Without this fix the attributes where encoded twice, resulting in cases such as 'ü' turning into 'ü'. Signed-off-by: Filip Schauer --- src/PVE/Auth/LDAP.pm

[pve-devel] [PATCH pve-manager v3] postinst: filter rbds in lvm

Since LVM 2.03.15 RBD devices are also scanned by default [1]. This can lead to guest volumes being recognized and displayed on the host when using KRBD for RBD-backed disks. In order to prevent this we add an additional filter to the LVM config to avoid scanning rbds. This also prevents a bug whe

[pve-devel] [PATCH common 0/4] fix #5141: fix parsing of explicit vlan devices

patches 1 and 2 are just to make writing the test case in 4 possible in the first place. 3 is the actual fix. Fabian Grünbichler (4): network tests: switch to ifupdown2 network parser: iterate deterministically fix #5141: network parser: fix accidental RE result re-use network tests: test

[pve-devel] [PATCH common 1/4] network tests: switch to ifupdown2

adapt allow-* to auto, and drop the one test where behaviour is not testable anymore. Signed-off-by: Fabian Grünbichler --- test/etc_network_interfaces/runtest.pl| 2 +- .../t.bridge_eth_remove_auto.pl | 24 --- .../t.create_network.pl

[pve-devel] [PATCH common 4/4] network tests: test #5141

Signed-off-by: Fabian Grünbichler --- Notes: apply this before the fix to show problematic behaviour test/etc_network_interfaces/t.vlan-parsing.pl | 54 +++ 1 file changed, 54 insertions(+) create mode 100644 test/etc_network_interfaces/t.vlan-parsing.pl diff --git a/test/

[pve-devel] [PATCH common 3/4] fix #5141: network parser: fix accidental RE result re-use

$1 and friends are not cleared if a RE fails to match, in which case they will contain the captured values from a previous successful match in the same scope. deduplicate the two branches to avoid accidental re-introduction. Signed-off-by: Fabian Grünbichler --- src/PVE/INotify.pm | 19

[pve-devel] [PATCH common 2/4] network parser: iterate deterministically

makes the behaviour easier to analyze, and also helps when testing since it allows constructing test cases that trigger certain order of parsing. Signed-off-by: Fabian Grünbichler --- src/PVE/INotify.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PVE/INotify.pm b/src/