Re: [pve-devel] [PATCH] add APT hook to prevent proxmox-ve removal

On 3/23/18 12:21 PM, Fabian Grünbichler wrote: > since this happens quite regularly when users accidentally install > conflicting packages. > works good! But touching $check_file once makes it stay permanent, rendering the hook useless for the next time. E:g., when I have a messed up system and

Re: [pve-devel] [guest-common] fix #1694: Replication risks permanently losing sync in high loads due to timeout bug

On 3/23/18 12:15 PM, Wolfgang Link wrote: > If the pool is under heavy load ZFS will low prioritized deletion jobs. > This ends in a timeout and the program logic will delete the current sync > snapshot. > On the next run the former sync snapshots will also removed because they are > not in the

Re: [pve-devel] [RFC firewall 0/8] rebased ebtables patches

>>While on the one hand I'd like to move to nftables, I don't have check nftables since a long time, does it have all we need now ? >> and on the other >>hand I like the idea of attaching xdp programs to interfaces for the >>purpose of eg. MAC filtering, !!great ! could be usefull to ddos

[pve-devel] [PATCH manager 1/2] ui: Parser: add BWLimit and general FormatString parser

Signed-off-by: Thomas Lamprecht --- www/manager6/Parser.js | 43 +++ 1 file changed, 43 insertions(+) diff --git a/www/manager6/Parser.js b/www/manager6/Parser.js index 8253bd80..5616d5b0 100644 --- a/www/manager6/Parser.js +++

[pve-devel] [PATCH manager 2/2] ui: storages: add restore bwlimit field to all storages

Can be used to set the per-storage restore bandwidth limit. Signed-off-by: Thomas Lamprecht --- www/manager6/storage/Base.js | 32 1 file changed, 32 insertions(+) diff --git a/www/manager6/storage/Base.js b/www/manager6/storage/Base.js

Re: [pve-devel] OAuth2 Authentication

Hi Dietmar, On Wed, Mar 28, 2018 at 5:17 PM, Dietmar Maurer wrote: > I though OAuth2 is not even a authentication protocol, so how do you > want to implement authentication on top of OAuth2? OpenID connect? Both should work (at least with GitLab). I just tried - for another

Re: [pve-devel] OAuth2 Authentication

Hi Andreas, > Is OAuth2 on the list of features you want to have in PVE and if so, > is someone working on it? > We're migration step-by-step every service in our infrastructure > towards OAuth2 and it would be great to authenticate against OAuth2 > too. I though OAuth2 is not even a

[pve-devel] applied: [PATCH pve-kernel-4.15 kernel] fix #1633: potential deadlock with shmem

applied this and the 4.13 one On 3/28/18 3:14 PM, Fabian Grünbichler wrote: > Signed-off-by: Fabian Grünbichler > --- > ...-not-wait-for-lock_page-in-shmem_unused_h.patch | 103 > + > 1 file changed, 103 insertions(+) > create mode 100644 >

[pve-devel] [PATCH pve-kernel-4.13 kernel] fix #1633: potential deadlock with shmem

Signed-off-by: Fabian Grünbichler --- ...-not-wait-for-lock_page-in-shmem_unused_h.patch | 103 + 1 file changed, 103 insertions(+) create mode 100644 patches/kernel/0022-mm-shmem-do-not-wait-for-lock_page-in-shmem_unused_h.patch diff --git

[pve-devel] [PATCH pve-kernel-4.15 kernel] fix #1633: potential deadlock with shmem

Signed-off-by: Fabian Grünbichler --- ...-not-wait-for-lock_page-in-shmem_unused_h.patch | 103 + 1 file changed, 103 insertions(+) create mode 100644 patches/kernel/0007-mm-shmem-do-not-wait-for-lock_page-in-shmem_unused_h.patch diff --git

[pve-devel] OAuth2 Authentication

Hi, Is OAuth2 on the list of features you want to have in PVE and if so, is someone working on it? We're migration step-by-step every service in our infrastructure towards OAuth2 and it would be great to authenticate against OAuth2 too. Best, Lnxbil / Andreas Steinel

[pve-devel] applied [PATCH manager v2 0/4] ui: refactor storage plugins add/create

applied series On 03/27/2018 02:19 PM, Thomas Lamprecht wrote: changes v1 -> v2: * 3/4 is new and solves a problem with the StorageEdit controller on block based storages * remove 'controller' usages from child storage plugins, they get it from the base class * no ECMAScript 6 arrow

[pve-devel] [PATCH kernel 4.13][applied] bump version to 4.13.16-44

Signed-off-by: Fabian Grünbichler --- Makefile | 2 +- debian/changelog | 6 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index fad37e0..c94b910 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ RELEASE=5.1

[pve-devel] [PATCH kernel 4.15][applied] bump version to 4.15.10-3

Signed-off-by: Fabian Grünbichler --- Makefile | 2 +- debian/changelog | 6 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 06b6dee..58b65d3 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ RELEASE=5.1

[pve-devel] [RFC firewall 6/8] apply ebtables_ruleset

From: Alexandre Derumier need ebtables-save && ebtables-restore, ebtables debian package don't include them. ebtables-restore need to restore the full ruleset (atomicaly), so we can't update only 1 chain Signed-off-by: Alexandre Derumier Signed-off-by: Wolfgang Bumiller

[pve-devel] [RFC firewall 7/8] avoid double spaces in ruleset_addrule

ebtables doesn't have comment rules we could store the digest in, so we need to match the ebtables-save output instead. Signed-off-by: Wolfgang Bumiller --- src/PVE/Firewall.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/PVE/Firewall.pm

[pve-devel] [RFC firewall 5/8] compile ebtables rules

From: Alexandre Derumier -A FORWARD -j PVEFW-FORWARD -A PVEFW-FORWARD -p IPv4 -j ACCEPT #filter mac in iptables for ipv4, so we can speedup rules with conntrack established -A PVEFW-FORWARD -p IPv6 -j ACCEPT -A PVEFW-FORWARD -o fwln+ -j PVEFW-FWBR-OUT -A

[pve-devel] [RFC firewall 8/8] add ebtables dependency

Signed-off-by: Wolfgang Bumiller --- debian/control | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index c6c0ccf..e959ae3 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,8 @@ Standards-Version: 3.8.4

[pve-devel] [RFC firewall 2/8] parse_protocol_file: support lines without end comments

Signed-off-by: Wolfgang Bumiller --- src/PVE/Firewall.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index d8f05d8..ac48507 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -892,7 +892,7 @@ sub

[pve-devel] [RFC firewall 1/8] split parser out of get_etc_protocols

Into a reusable parse_protocol_file. Signed-off-by: Wolfgang Bumiller --- src/PVE/Firewall.pm | 18 -- 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 038d560..d8f05d8 100644 ---

[pve-devel] [RFC firewall 0/8] rebased ebtables patches

While on the one hand I'd like to move to nftables, and on the other hand I like the idea of attaching xdp programs to interfaces for the purpose of eg. MAC filtering, we do still have this patch series around which wasn't much work to rebase to the current code base and does its job... Back when

[pve-devel] [RFC firewall 4/8] /etc/services can also define 'sctp' services

Signed-off-by: Wolfgang Bumiller --- src/PVE/Firewall.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index eb07be0..c8a430c 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -860,7 +860,7 @@ sub

[pve-devel] [RFC firewall 3/8] add get_etc_ethertypes

Signed-off-by: Wolfgang Bumiller --- src/PVE/Firewall.pm | 8 1 file changed, 8 insertions(+) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index ac48507..eb07be0 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -919,6 +919,14 @@ sub