Dominik Csapak [Tue, 12 May 2020 10:11:10 +0000 (12:11 +0200)]
pve5to6: add check for ovmf vms with potentially broken efi disk
we wrongly mapped some efidisks into the vm, and fixed it in pve6
this potentially needs manual intervention, so warn the user about
which vms might be affected
Dominik Csapak [Tue, 12 May 2020 10:11:09 +0000 (12:11 +0200)]
pve5to6: add check for stock debian kernel package
on current debian buster, stock kernel images recommend
firmware-linux-free which conflict with our pve-firmware package
which leads to apt wanting to remove promxox-ve
check for the meta package in the update check script
Thomas Lamprecht [Wed, 26 Jun 2019 12:33:56 +0000 (14:33 +0200)]
use https links to our sites
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 2dc23b7e2ea493a4f79f7cdca7c7b635eb8c50e0) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 29 May 2018 12:16:32 +0000 (14:16 +0200)]
add PVE 5.4 End-of-Life notice
since pve 5.4 goes out of support in July, add a notice at the top with
a link to the faq, where the EOL dates are and also the upgrade
process is described and linked in short.
Originally-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit d0d77138702da3fda802abe2323e5bc7e5a1935e) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 22 May 2019 19:15:47 +0000 (21:15 +0200)]
buildsys: use dpkg-dev makefile helpers for pkg info
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit bcef9bde68a920a4d204beb8ec1d5f334f7fbb78) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 194745b924d8fbda70a3bccdd9724defb7a2633d) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 23 Jul 2019 07:46:54 +0000 (09:46 +0200)]
5to6: cleanup cert check and make more general
If we need to add other types or increases the min size this makes it
easier as it's just a schematic definition.
Also just do a pass/fail on each cert, so drop the last "summary
pass".
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 6c7e4ab4e24592a8dfa5dac3f5047064e17254f2) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Debian Buster raised the default security level (1 -> 2) for TLS
connections.
This moves from the 80 bit security level to the 112 bit security level
and will require 2048 bit or larger RSA and DHE keys, 224 bit or larger
ECC keys, and SHA-2.
Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
(cherry picked from commit 501f8505210553093243db6d279f936498e76124) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
since Corosync 2.x has a different default value for ip_version, we
don't want to backport this for general usage in PVE::Corosync. the
check here needs the default of Corosync 3.x, since that is what we
upgrade to.
5to6: only tell to solve problems if fails are present
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit be1072fb3bee0c15fbe67637289ab39adf64b6d7) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5to6: improve final note on errors and/or warning a bit
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit a14a5aaf678d9f5ba6235616b091684a9042cf4a) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 71f6edacdf6f5694f10a196626b950c66665d121) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5to6: check common services pveproxy pvedaemon pvestatd
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 0192b0a2c2d5e2debb8e0a3e9279e73399e288ec) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5to6: add log_systemd_unit_state and use for pve-cluster and corosync
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit fa1c414e265c1fe47673c069a114cbc9199d8347) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit a82c200a9e11033f0f696a0af6bb5e6d522ca883) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 88d757d0c02fe62f57432a133e222a0fbd057e4e) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5to6: fixup: really set $total_votes to 0 if not defined
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 176116b22ffae4993f5b3e25977ea08c6aca4dc9) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5to6: followup: also detect ceph conf keys separated with -
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 09250673d60b34febd220944c2a904758cf91618) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5to6: ceph mon host check: switch config check from defined to hash values exist
we can get here if a empty (or one with just comments) ceph.conf
exists
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 153d6912879b0053af54a9218e10aa57ed43fc96) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5to6: ceph global mon host check: also detect mon-host
and adapt message a bit
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit f696b0c355d0e9400da7f10530a957ede2b4e433) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
having ipv6 enabled while not disabling ipv4 prevents
nautilus osds to start if no ipv4 network is given (because they
are trying to bind to both ip families and die if one of them
is not found)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit 9e98f1fecf1c09811239b2c6183107a00b149de0) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5to6: followup: still include nodename in IP check
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit eb7dae8bba7f57abdf16d3843ce6716786d04bf8) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
do not suggest that we ever supported it as first class storage, it
was always just a experimental support and upstream is
EOL/unmaintained now.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 95c3dc246008b64cdc66e77f08a4862f531e7f0a) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 5a7a3630d770604a0d187190a6e9e6046048eb65) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
pve5to6: followup: improve coding style and outputs a bit
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 6e41184b1a7af21523380c7cb5080462d89bbcf4) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 28 Jun 2019 06:42:19 +0000 (08:42 +0200)]
5to6: get_pkg: cache version list
this is a short running script, so the version list can be re-used,
the chance that there where updates in between are slim and racy
anyway. IF getting the versions did not succeeded, we still retry on
every call though, simpler and ensures a warning is printed in the
caller check vicinity.
Makes script noticeable faster.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 24 Jun 2019 12:52:05 +0000 (14:52 +0200)]
ui: workspace: cope better with upgrade related false positive 401 HTTP codes
While we nowadays can work much better with package upgrades relating
the cluster stack it still happens that a pve-cluster upgrade can
produce a false-positive 401 (auth failure) code for a currently
valid ticket, e.g., because a pmxcfs lock was requested but the
pmxcfs was currently not mounted due an upgrade triggered restart.
A frequent case for a few false positive 401 is also a cluster
creation, especially if not done over the web GUI.
Thus add a counter, which gets set to 0 on each successful login or
ticket renewal and gets increased on each 401 error. Only show the
logged out window if we get five or more 401 responses. While 5 may
sound a bit much one needs to remember that we always have quite a
few API call in flight (resource update store, stores from current
panel ...) and thus, if one got really auth denied it will still show
quite fast (1 to 5 seconds, depending on which panel is currently
opened). Further, the backend naturally does not allows to do
anything during this time, this has no security implications
whatsoever.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 25 Jun 2019 08:04:59 +0000 (10:04 +0200)]
pve5to6: avoid Use of uninitialized value $osd_flags in pattern match
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit b8b6003fde296c00ac1f798311e46bcc1a47ed65) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 25 Jun 2019 07:09:24 +0000 (09:09 +0200)]
pve5to6 will never be a POD based man page, fake it for now
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 09df2aac59f255dc48fbbca5c2299b89e6015663) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 25 Jun 2019 07:04:07 +0000 (09:04 +0200)]
followups: pve5to6
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit f72c8f8c1c7e5bd52e98da36cc5f6464b614bae2) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 25 Jun 2019 07:03:33 +0000 (09:03 +0200)]
bin/make: fix pod2man generation
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 3331257e0fbc0acbcc55df338b4ca9b1d9558eba) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
gui: vm: add CPU flag selector with tri-state awareness
This allows to select the tri-state (enforce on, enforce off, default
from QEMU+CPU Model) for each CPU flag independently.
For this a grid with a widgetcolumn is used hosting tree radio
buttons for each state. They're marked '+' for enforce on, '-' for
enforce off and the default has no label, as it isn't easy to add in
such a way that it does not confuses people and does not looks
completely ugly.. But, to help people which have a hard time figuring
out what the states mean, a fake column was added showing the current
selected state's outcome in words.
For show casing the new nice interface add all currently supported
flags from out API-
It could be worth to add some selected CPU model awareness, so that
flags are only enabled if they can make sense with the selected
model. But one should be able to add this relative easily with this
as base.
The hardcoded flag lists is not ideal, we should try to generate this
in the future, but here already qemu-server is lacking and this is
rather independent of the fact and can be done later one just fine
too.
Note that this /is/ an *advanced* feature so not visible for all
directly, while I try to document in short what a flag does it surely
isn't perfect and to short to explain all nuances, they should give
enough pointers to know if it's relevant at all (amd / intel cpu) and
for what one should research
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Revert "buildsys: use dpkg-dev makefile helpers for pkg info"
As we'd need to also cherry-pick commit b597d23d354665ddea247c3ad54ece1b84921768 to make this correct, but
it is more or less a API breakage which we cannot backport in
stable-5 so don't do that but revert this one here, bummer.
Thomas Lamprecht [Thu, 16 May 2019 08:31:00 +0000 (10:31 +0200)]
ui: FW log ratelimit: avoid access on possible undefined rate
This is an optional parameter and needs to be guarded, a simple
"truthy" check is enough, as eithers it's missing or a more complex
string (i.e., it cannot be '0' or the like)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 15 May 2019 14:02:09 +0000 (16:02 +0200)]
partially revert "api/nodes journal: add and enforce parameter conflicts"
This partially reverts commit 51c45d6b4df5eebd831ece8507f6e0d6d132212a
as we had some wrong assumptions about lastentries and the other
params, so just note conflicts in the description but let the tool
itself make the checks
Oguz Bektas [Wed, 15 May 2019 13:21:56 +0000 (15:21 +0200)]
fix #2185: add option to change nfs version on gui
this enables us to specify an nfs version while editing/creating an nfs
mount. it used to default to vers=3 without the ability to change it in
gui. now it supports: 3, 4, 4.1 and 4.2
it should also be possible to add further options in the future (rsize,
wsize, timeo, etc.) on this screen.
Co-Authored-by: Dominik Csapak <d.csapak@proxmox.com> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>