Signed-off-by: Alexandre Derumier
---
data/src/status.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/data/src/status.c b/data/src/status.c
index b197e61..d9650bd 100644
--- a/data/src/status.c
+++ b/data/src/status.c
@@ -94,6 +94,8 @@ static memdb_change_t memdb_change_array[] = {
Signed-off-by: Alexandre Derumier
---
data/PVE/Cluster.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 18bd235..b53dcd7 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -95,6 +95,8 @@ my $observed = {
'ha/fence.cfg' => 1,
Changelog v2:
add files in status.c
Alexandre Derumier (2):
add 'sdn.cfg' && 'sdn.cfg.new' to observed files
add sdn.cfg && sdn.cfg.new to status.c
data/PVE/Cluster.pm | 2 ++
data/src/status.c | 2 ++
2 files changed, 4 insertions(+)
--
2.20.1
Signed-off-by: Alexandre Derumier
---
data/src/status.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/data/src/status.c b/data/src/status.c
index b197e61..d9650bd 100644
--- a/data/src/status.c
+++ b/data/src/status.c
@@ -94,6 +94,8 @@ static memdb_change_t memdb_change_array[] = {
Am 6/19/19 um 1:45 PI schrieb Dominik Csapak:
> this series updates ceph init and monitor creation/destruction
> for nautilus
>
> after this patch series it will not be possible to create new monitors
> with luminous anymore, and it may not be possible to destroy them either
>
> if someone needs
Am 6/19/19 um 1:53 PM schrieb Dominik Csapak:
> On 6/18/19 11:44 AM, Thomas Lamprecht wrote:
>> On 6/18/19 11:01 AM, Stefan Reiter wrote:
>>> Signed-off-by: Stefan Reiter
>>> ---
>>>
>>> This one still fits nicely IMO, for the next version though, maybe 2.6+
>>> or similar would be better.
>>>
Signed-off-by: Fabian Grünbichler
---
DEBRELEASE is only used for the download target, so we can just rename the
tar.gz
changelog.Debian| 6 ++
Makefile| 5 +++--
..._3.0.1.orig.tar.gz =>
a bit cumbersome since in both cases we repackage Debian, which is currently
very deep into hard freeze and thus not likely to update. for corosync it does
allow us to drop quite some patches/replace them with upstream cherry-picks.
maybe we do want to evaluate switching to ZFS style upstream git
On 6/18/19 11:44 AM, Thomas Lamprecht wrote:
On 6/18/19 11:01 AM, Stefan Reiter wrote:
Signed-off-by: Stefan Reiter
---
This one still fits nicely IMO, for the next version though, maybe 2.6+
or similar would be better.
www/manager6/Utils.js | 2 +-
1 file changed, 1 insertion(+), 1
so that multiple users cannot remove a monitor simultaniously
Signed-off-by: Dominik Csapak
---
PVE/API2/Ceph/MON.pm | 33 ++---
1 file changed, 22 insertions(+), 11 deletions(-)
diff --git a/PVE/API2/Ceph/MON.pm b/PVE/API2/Ceph/MON.pm
index 928667f4..37762f86
otherwise it is possible that multiple users create monitors at the same
time, resulting in a wrong ceph.conf and probably worse
Signed-off-by: Dominik Csapak
---
changes from v1:
* replace $firstmon use with $rados
PVE/API2/Ceph/MON.pm | 97 +---
in nautilus, the default msgr protocol is v2, but it has to be
explicitely given to monmaptool, also we don't want to use the
monitor sections anymore so only update mon_host
ceph can cope with mixed mon_host and monitor sections, so this is
not a problem
also the ceph-create-keys part is not
we need to remove an ip, ip:port or a ipvector from monhost
so use multiple regex search and replaces for this
this looks not really nice, but due to the strange format
of the line (e.g. ',' is a seperator inside and outside of a vector,
also ipv6 adresses may be surrounded with [] but so are
by using our new 'get_services_info'
this already checks for nautilus+ style 'mon_host' key in the ceph.conf
for the ip address
Signed-off-by: Dominik Csapak
---
changes from v1:
* removed $firstmon and use $rados instead
* add explaining comments
PVE/API2/Ceph/MON.pm | 41
a 'mon remove' does this already for us, so do not stop it
this lead to a race where we could stop the next to the last monitor
before it was removed from the cluster, leading to a state
where two monitor were needed for quorum, but only one did exist
Signed-off-by: Dominik Csapak
---
this series updates ceph init and monitor creation/destruction
for nautilus
after this patch series it will not be possible to create new monitors
with luminous anymore, and it may not be possible to destroy them either
if someone needs to create a monitor after upgrading to this package,
it
Signed-off-by: Dominik Csapak
---
changes from v1:
* add mondir to parameters (was missing)
* replaced post if with normal if
* replaced '-d || die' with 'die if ! -d'
PVE/API2/Ceph/MON.pm | 21 +++--
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git
On 6/19/19 9:39 AM, Oguz Bektas wrote:
> we use sha1 while generating our csrf token, switched to hmac sha256 as
> suggested in owasp csrf cheatsheet[0].
>
> [0]:
>
On 6/19/19 12:03 PM, Dominik Csapak wrote:
> On 6/19/19 11:58 AM, Thomas Lamprecht wrote:
>> On 6/18/19 3:42 PM, Dominik Csapak wrote:
>>> + # ip only
>>> + $monhost =~ s/(^|[ ,;]+)\Q$addr\E(?:[ ,;]+|$)/$1/;
>>> + # ip + port
>>> + $monhost =~ s/(^|[
Signed-off-by: Tim Marx
---
PVE/API2/Backup.pm | 7 ++-
PVE/API2/VZDump.pm | 9 +++--
PVE/API2Tools.pm | 23 +++
PVE/VZDump.pm | 12 ++--
4 files changed, 46 insertions(+), 5 deletions(-)
diff --git a/PVE/API2/Backup.pm b/PVE/API2/Backup.pm
index
Signed-off-by: Tim Marx
---
PVE/API2/Backup.pm| 32 ++--
PVE/API2/VZDump.pm| 8 +++
PVE/API2Tools.pm | 22 +--
PVE/VZDump.pm | 54 +++
www/manager6/dc/Backup.js | 32
Signed-off-by: Tim Marx
---
www/manager6/dc/Backup.js | 77 +++
1 file changed, 71 insertions(+), 6 deletions(-)
diff --git a/www/manager6/dc/Backup.js b/www/manager6/dc/Backup.js
index c056a647..34052746 100644
--- a/www/manager6/dc/Backup.js
+++
On 6/19/19 11:58 AM, Thomas Lamprecht wrote:
On 6/18/19 3:42 PM, Dominik Csapak wrote:
we need to remove an ip, ip:port or a ipvector from monhost
so use multiple regex search and replaces for this
this looks not really nice, but due to the strange format
of the line (e.g. ',' is a seperator
On 6/19/19 11:46 AM, Fabian Grünbichler wrote:
> to fix an issue where valid tickets could be rejected 5 minutes after a
> key rotation, where the minimum age is exactly 0 seconds.
>
> thanks Dominik for triaging!
>
> Signed-off-by: Fabian Grünbichler
> ---
>
> Notes:
> note: this should
On 6/18/19 3:42 PM, Dominik Csapak wrote:
> we need to remove an ip, ip:port or a ipvector from monhost
> so use multiple regex search and replaces for this
>
> this looks not really nice, but due to the strange format
> of the line (e.g. ',' is a seperator inside and outside of a vector,
> also
to fix an issue where valid tickets could be rejected 5 minutes after a
key rotation, where the minimum age is exactly 0 seconds.
thanks Dominik for triaging!
Signed-off-by: Fabian Grünbichler
---
Notes:
note: this should probably be applied to master and stable-5
PVE/AccessControl.pm |
to shrink the window between the two file_set_contents calls. we don't
need the mtimes to line up exactly since we have 300s of uncertainty
anyway, but generating an RSA key could take a while ;)
Signed-off-by: Fabian Grünbichler
---
PVE/AccessControl.pm | 2 +-
1 file changed, 1 insertion(+),
we cannot fully close this window, and don't need to anyway since we
apply +-300s when calculating ticket age ranges, but documenting where
mtime is used and what we expect seems like a good idea for future
readers.
Signed-off-by: Fabian Grünbichler
---
PVE/AccessControl.pm | 3 +++
1 file
On 6/18/19 3:42 PM, Dominik Csapak wrote:
> Signed-off-by: Dominik Csapak
> ---
> PVE/API2/Ceph/MON.pm | 19 +--
> 1 file changed, 13 insertions(+), 6 deletions(-)
>
> diff --git a/PVE/API2/Ceph/MON.pm b/PVE/API2/Ceph/MON.pm
> index 832a275e..2d116bb0 100644
> ---
On 6/18/19 3:42 PM, Dominik Csapak wrote:
Signed-off-by: Dominik Csapak
---
PVE/API2/Ceph/MON.pm | 19 +--
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/PVE/API2/Ceph/MON.pm b/PVE/API2/Ceph/MON.pm
index 832a275e..2d116bb0 100644
--- a/PVE/API2/Ceph/MON.pm
+++
On 6/19/19 9:17 AM, Dominik Csapak wrote:
> we want a consistent config has, regardless of how the user or a tool
> adds it to the config, so we map ' ' and '-' to '_' in the keys
>
> this way we can always access the correct key without trying multiple
> times
>
> Signed-off-by: Dominik Csapak
Kernels 4.18+ (4.17+ for evmcs) support new Hyper-V enlightenments for
Windows KVM guests. QEMU supports these since 3.0 and 3.1 respectively.
tlbflush and ipi improve performance on overcommitted systems, evmcs
improves nested virtualization.
It's not entirely clear to me if Win7 already
On 6/19/19 9:21 AM, Wolfgang Bumiller wrote:
> If this doesn't fix the case where stop mode backups fail to restart
> because systemd hasn't realized the scope is gone (after we shutdown its
> only process and shot a `systemctl stop` command after it...), then I
> don't know...
applied, much
we use sha1 while generating our csrf token, switched to hmac sha256 as
suggested in owasp csrf cheatsheet[0].
[0]:
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md#token-based-mitigation
pve-access-control:
Oguz Bektas (1):
Signed-off-by: Oguz Bektas
---
PVE/AccessControl.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 5de060d..499f0be 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -212,7 +212,7 @@ my $csrf_prevention_secret;
Signed-off-by: Oguz Bektas
---
src/PVE/Ticket.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/Ticket.pm b/src/PVE/Ticket.pm
index b5d2758..d5d0041 100644
--- a/src/PVE/Ticket.pm
+++ b/src/PVE/Ticket.pm
@@ -20,7 +20,7 @@ sub assemble_csrf_prevention_token {
Signed-off-by: Oguz Bektas
---
src/PVE/Ticket.pm | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/PVE/Ticket.pm b/src/PVE/Ticket.pm
index 5935ba5..b5d2758 100644
--- a/src/PVE/Ticket.pm
+++ b/src/PVE/Ticket.pm
@@ -33,7 +33,13 @@ sub verify_csrf_prevention_token {
If this doesn't fix the case where stop mode backups fail to restart
because systemd hasn't realized the scope is gone (after we shutdown its
only process and shot a `systemctl stop` command after it...), then I
don't know...
___
pve-devel mailing list
And split out the common code into a systemd_call() sub.
This connects to the systemd bus and waits for a UnitRemoved
event to occur for the specified unit, with an optional
timeout.
We'll use this in qemu-server to wait for a VM's scope to
disappear completely before trying to start a VM's
This should help with the rare case where stop mode backups
fail to restart due to the $vmid.scope not being completely
gone when we want to restart. This queries systemd via dbus,
and if the scope is still there, awaits a UnitRemoved signal
for the scope from dbus.
For now with a 5 second
we want a consistent config has, regardless of how the user or a tool
adds it to the config, so we map ' ' and '-' to '_' in the keys
this way we can always access the correct key without trying multiple
times
Signed-off-by: Dominik Csapak
---
i forgot to send this patch, it is necessary to get
41 matches
Mail list logo
