});
next if !$net-{firewall};skip is net firewall is
disable
but for openvz venet, we need to have an option somewhere.
I think this would make it more clear.
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Dietmar Maurer diet
?
Yes it's a custom 3.10.43 vanilla kernel. As i was using 3.10 already
since a year as i needed some feature not supported by the RHEL 5 kernel.
Will look into the kernel source code.
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: pve-devel
Hi,
i get the same problem with the official redhat PVE Kernel.
What i don't understand is that it works fine with vmbr1 but not with
vmbr0.
Interfaces file on host:
auto vmbr0
iface vmbr0 inet static
address XX.XX.XX.XX
netmask 255.255.255.128
gateway XX.XX.XX.XX
What is the difference between the normal tap device without firewall -
which works fine for me on vmbr0 and vmbr1 and the firewall tap one?
Stefan
Am 16.06.2014 11:10, schrieb Stefan Priebe - Profihost AG:
Hi,
i get the same problem with the official redhat PVE Kernel.
What i don't
:92
fwpr2004p0 Link encap:Ethernet HWaddr b2:47:35:28:2c:de
I think this should get cleaned in that case?
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel@pve.proxmox.com
Envoyé: Lundi 16
original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel@pve.proxmox.com
Envoyé: Lundi 16 Juin 2014 11:40:59
Objet: Re: [pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error
524
Am 16.06.2014 11:37
the netconsole driver breaks this. I'll have a look at it.
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel@pve.proxmox.com
Envoyé: Lundi 16 Juin 2014 11:40:59
Objet: Re: [pve-devel] can't add
Am 13.06.2014 09:41, schrieb Dietmar Maurer:
Hi Stefan,
I just assembled a noVNC package:
https://git.proxmox.com/?p=novnc-pve.git;a=summary
Note: I use different paths, so that we do not conflict with upstream
package.
Great. Anything to test?
Stefan
Am 13.06.2014 12:07, schrieb Dietmar Maurer:
I am still a bit unhappy with the qemu-server side. I will try to work on
that next
week.
To test with your qemu-server patches you need to apply:
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index ebacc95..ab4ba00 100644
---
Hi,
OK my test setup is up and running.
I'm not really familiar with the current firewall code in PVE.
Are the global rules really global or just copied to each VM while
they're created?
Is it later possible to give a user the possibility to do its own
firewall stuff but not being allowed to
Am 12.06.2014 10:41, schrieb Dietmar Maurer:
-Original Message-
From: Alexandre DERUMIER [mailto:aderum...@odiso.com]
Sent: Donnerstag, 12. Juni 2014 10:37
To: Dietmar Maurer
Cc: pve-devel@pve.proxmox.com; Stefan Priebe
Subject: Re: [pve-devel] pve-firewall : add ipfilter
Am 13.06.2014 14:54, schrieb Dietmar Maurer:
OK seems my testing is wrong.
What is did:
/etc/pve/firewall/2004.fw:
[IPSET ipfilter-net0]
10.10.28.5
I then enabled the Firewall for this VM.
Also enabled the firewall in cluster.fw?
The VM has now 10.10.28.4 on net0 - but the VM is
Hi,
i would like to have different levels of firewall. Something the USER /
VM Owner can control and something the PVE Manage / Sysadmin can control.
So i can give the user the ability to use the new cool firewall code but
i can still be shure that he doesn't use a DHCP Server, didn't disable
Maurer diet...@proxmox.com
À: Stefan Priebe - Profihost AG s.pri...@profihost.ag, Alexandre
DERUMIER aderum...@odiso.com
Cc: pve-devel@pve.proxmox.com
Envoyé: Vendredi 13 Juin 2014 14:54:32
Objet: RE: [pve-devel] pve-firewall : add ipfilter protection
OK seems my testing is wrong.
What
original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Dietmar Maurer diet...@proxmox.com, Alexandre DERUMIER
aderum...@odiso.com
Cc: pve-devel@pve.proxmox.com
Envoyé: Vendredi 13 Juin 2014 14:39:36
Objet: Re: [pve-devel] pve-firewall : add ipfilter protection
Hi,
OK
Hi,
Am 12.06.2014 08:39, schrieb Dietmar Maurer:
OK, I finally understand the problem. I guess I will implement the suggestion
from Alexandre:
[ipset ipfilter-net0]
...
I guess that will work for you?
OK, Implemented - please can you test?
Sounds great! I'll hopefully have a test case
Would it make sense to also allow ip/mask notation so pve knows more about the
network? May be display user ip settings?
Stefan
Excuse my typo sent from my mobile phone.
Am 11.06.2014 um 04:03 schrieb Alexandre Derumier aderum...@odiso.com:
currently only for qemu.
for openvz:
-veth
Am 11.06.2014 10:07, schrieb Dietmar Maurer:
Would it make sense to also allow ip/mask notation so pve knows more about
the network? May be display user ip settings?
Don't have tested, but I think it should work. I'll test that today.
I just applied a simplified version of your patch.
I
Am 11.06.2014 um 17:26 schrieb Dietmar Maurer diet...@proxmox.com:
192.168.0.1
10.0.0.0/8
Thanks - will try that but how to bind this to mac addressesv or network
interfaces? I mean a user can have multiple network interfaces.
Maybe he is allowed to use IPA on net0 and IPB on net1
Greets,
Stefan
Alexandre
- Mail original -
De: Alexandre DERUMIER aderum...@odiso.com
À: Stefan Priebe - Profihost AG s.pri...@profihost.ag
Cc: pve-devel@pve.proxmox.com
Envoyé: Jeudi 5 Juin 2014 13:20:30
Objet: Re: [pve-devel] pve-firewall: dhcp snooping
I would prefer
Am 04.06.2014 17:24, schrieb Dietmar Maurer:
I am unable to apply this patch:
error: patch failed: debian/patches/series:28
error: debian/patches/series: patch does not apply
Patch failed at 0001 fix another aio bug
0001-aio-fix-qemu_bh_schedule-bh-ctx-race-condition.patch
my fault
beeing allowed to use one ip it
is a lot of work to create pools for each.
I would prefer a solution which covers both.
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel@pve.proxmox.com, Dietmar
Hi,
wouldn't it make sense if pveproxy generally set the
Strict-Transport-Security Header?
--
Stefan
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Am 04.06.2014 11:13, schrieb Dietmar Maurer:
currently adding a new CDROM is allowed if you have VM.Config.CDROM rights.
But you can't delete it with these rights.
You get an exception regarding missing VM.Config.Disk rights.
Is this correct?
Do you talk about add/remove a CDROM device,
inside proxmox.
But dietmar correctly comments on how do we know the IP. Or just as a
textfield set in the creation wizard? Makes this sence.
What are the enable DHCP and MAC Filter Options in the Firewall Options
Menu?
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri
for example ?
in this case, maybe in a external config is better.
There's also:
https://github.com/michael-dev/ebtables-dhcpsnooping/
which monitors simply the dhcp traffic and automatically add the
relevant rules to ebtables.
- Mail original -
De: Stefan Priebe - Profihost AG s.pri
everybody can configure any ip he wants and send packets with it.
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: Dietmar Maurer diet...@proxmox.com, pve-devel@pve.proxmox.com
Envoyé: Mercredi 4 Juin
Am 04.06.2014 14:13, schrieb Dietmar Maurer:
What happen in case of a malicious hacker, which send false dhcp response
over the network ?
Where / at which point? Normally you have a trusted MAC and IP for DHCP
Server.
Then on the switches itself you also use DHCP Snooping. So how could an
Am 04.06.2014 14:19, schrieb Dietmar Maurer:
I'm just afraid about the current situation which has no security at all. So
everybody can configure any ip he wants and send packets with it.
The 'allowed_ips' ipset idea is very easy to implement ...
OK so adding option IP to each netX. Just
Am 03.06.2014 05:46, schrieb Dietmar Maurer:
Also, It seems quite easy to support multiple auth. The server just
needs to send all supported auth modes in
ui/vnc.c method protocol_version()
something like:
} else {
VNC_DEBUG(Telling client we support auth %d\n, vs-auth);
Am 03.06.2014 09:58, schrieb Dietmar Maurer:
OK - but which advantage do we get
You patch seem to break VNC when started via /etc/inetd.conf
Also, simply using normal VNC features seems more correct to me.
beside we need to care about another
patch while upgrading qemu versions?
The idea
Am 03.06.2014 10:14, schrieb Dietmar Maurer:
websocket
Opens an additional TCP listening port dedicated to VNC
Websocket connections. By definition the Websocket port is
5700+display. If host is specified connections will only be
Am 03.06.2014 10:23, schrieb Dietmar Maurer:
Anyways, this is not really important right now. Just want to show
that the current approach is not really optional (useless encrypt/decrypt
which
wastes CPU power).
at which stage?
HTTPS == SSH == kvm
So I think we encrypt traffic twice.
Am 03.06.2014 10:32, schrieb Dietmar Maurer:
OK it's the same for java. There we have ssh and vencrypt in RBD
Sure. But not for SPICE.
yeah for WSS we would need a special proxy running inside pveproxy. As
for self signed certs wss needs to run on the SAME port as the webui. As
no browser
Am 03.06.2014 10:41, schrieb Dietmar Maurer:
Sure. But not for SPICE.
yeah for WSS we would need a special proxy running inside pveproxy.
pveproxy is wrong place for that. I think spiceproxy would work better
(unencrypted).
As for self
signed certs wss needs to run on the SAME port as
Am 03.06.2014 11:02, schrieb Dietmar Maurer:
As for self
signed certs wss needs to run on the SAME port as the webui. As no
browser supports accepting certs for WSS.
Do we need the same port or the same cert?
Sadly yes. All browsers save the acceptance of a cert for host + cert + port
Am 02.06.2014 01:21, schrieb Alexandre DERUMIER:
Hi,
I don't see patch 8/8 on the mailing. (too big patch ?)
Did you found it?
- Mail original -
De: Stefan Priebe s.pri...@profihost.ag
À: pve-devel@pve.proxmox.com
Envoyé: Dimanche 1 Juin 2014 22:49:17
Objet: [pve-devel]
Am 02.06.2014 01:34, schrieb Alexandre DERUMIER:
can't apply.
defines.mk, missing
WWWJSDIR=${WWWBASEDIR}/js
www/Makefile, missing
SUBDIRS = . bootstrap
seem that your are use a old git revision
Yes - sorry. I've no test infrastructure running the firewall code right
now. There
Am 02.06.2014 02:46, schrieb Alexandre DERUMIER:
I need to add key to wsproxy to get it work
, '--key', '/etc/pve/local/pve-ssl.key'
So, now it's finally connecting :)
fixed - was using a custom .pem file containing an officially signed
cert and also the key.
Stefan
- Mail
Am 02.06.2014 03:12, schrieb Alexandre DERUMIER:
But I can't get keyboard working :(
- keyboard don't work for me (french keyboard ?), tested on linux and windows
guest
Funny this works absolutely fine under windows for me. But you're
correct it does not under linux.
I'll check if i can
don't have jquery available. No
idea how to attach something to onmouseover and out for a div element
without jquery.
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel@pve.proxmox.com
Envoyé: Lundi 2
Am 02.06.2014 03:12, schrieb Alexandre DERUMIER:
But I can't get keyboard working :(
OK solved will post a new patch series soon.
some firsts notes:
- mouse is working fine.
- I can connect novnc and java applet at the same time, that's great !
- youtube video (108Op) matrix trailer,
Am 02.06.2014 03:46, schrieb Alexandre DERUMIER:
also,
with firefox, it can't connect by default on a wss with a self signed
certificate
https://github.com/kanaka/websockify/issues/34
(even if the certificate is already accept for https on gui).
maybe, this can be resolved with using
Am 02.06.2014 09:58, schrieb Alexandre DERUMIER:
changes since V1:
- fix keyboard focus problems on linux
Confirm, It's working fine now. (archlinux, chrome/firefox)
great
[PATCH 1/7] depend on novnc
don't apply here
strange it's based on
* 1e34164 - (3 days ago) IPSet GUI: display
I rebased that one on top of upstream/master and git could appliy it
correctly to the wrong method ;-) That's tricky.
Stefan
Am 02.06.2014 09:57, schrieb Alexandre DERUMIER:
This part is wrong
-
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1354,6 +1354,16
Am 02.06.2014 10:55, schrieb Dietmar Maurer:
I think Dietmar need to manually authorized big patches.
(maybe it was novnc package?)
There is no patch on the list.
I don't miss one. All patches should be on the list.
Stefan
___
pve-devel mailing
use the java vnc console or the novnc one.
Stefan
Am 02.06.2014 10:28, schrieb Stefan Priebe - Profihost AG:
I rebased that one on top of upstream/master and git could appliy it
correctly to the wrong method ;-) That's tricky.
Stefan
Am 02.06.2014 09:57, schrieb Alexandre DERUMIER
02.06.2014 11:21, schrieb Stefan Priebe - Profihost AG:
It seems my patch breaks vncproxy forwarding from machine a to machine
b. But i don't get what i've done wrong.
If i'm connected to server A and want to use console of a vm that runs
on server b i get:
TASK ERROR: unable to find
Hi,
is there a way to execute a monitor command on VM 100 running on 1 from
server 2?
I need this to change the VNC parameters on a target VM.
Stefan
___
pve-devel mailing list
pve-devel@pve.proxmox.com
Am 02.06.2014 um 14:52 schrieb Dietmar Maurer diet...@proxmox.com:
I need this to change the VNC parameters on a target VM.
Besides, I don't really think this is the right way. VNC should simply
support several auth types.
But it does not in qemu. It's an enum in the code supporting only
Am 02.06.2014 um 14:51 schrieb Dietmar Maurer diet...@proxmox.com:
is there a way to execute a monitor command on VM 100 running on 1 from
server 2?
I need this to change the VNC parameters on a target VM.
Maybe you can use ssh to execute a command on the other node.
Yeah but there is
Am 01.06.2014 um 11:16 schrieb Alexandre DERUMIER aderum...@odiso.com:
Yes, indeed. (not sure about ssl/wss)
But that mean too that each vm need to listen on 1 tcp port to handle vnc
connection.
(I think a proxy + qemu on unix socket is better in this case)
Yes. I'll try to port the
Am 01.06.2014 um 14:57 schrieb Dietmar Maurer diet...@proxmox.com:
Seems noVNC already assembled a debian package which includes all necessary
files:
noVNC/debian/novnc.install
Can't you simply use that package for now (make pve-manager depends on that
package).
This should be good
Hi,
has anybody ever thought about giving a tenant pve access?
I see various problems for example how to ensure that he can change their
network type (virtio, e1000) but not their mac. How to ensure that mac = ip
binding is correct? ...
Greets,
Stefan
Excuse my typo sent from my mobile
Am 28.05.2014 06:24, schrieb Dietmar Maurer:
But i'm getting pretty often this message:
ipcc_send_rec failed: Resource temporarily unavailable ipcc_send_rec failed:
Resource temporarily unavailable ipcc_send_rec failed: Resource temporarily
unavailable ipcc_send_rec failed: Resource
Am 12.05.2014 um 06:04 schrieb Dietmar Maurer diet...@proxmox.com:
Is there any other machanism usable for this task?
PVE::Cluster::cfs_lock() ?
(in Cluster.pm)
But such lock have a timeout, so please do not try to hold them longer that
60 seconds.
PVE::Cluster::cfs_lock()
Hello,
today i was wondering why old vms did not migrate.
I receive the following output:
kvm: Device needs media, but drive is empty
kvm: Device initialization failed.
kvm: Initialization of device ide-hd failed
= output of the started VM on the target machine.
Stefan
Hi,
sorry this was my failure but still i can't migrate to a qemu 1.7
machine to a qemu 2.0 machine.
Even the target machine was started with:
-machine type=pc-i440fx-1.7
Sadly there is no useful output. Just Migration status: failed
Stefan
Am 09.05.2014 14:20, schrieb Stefan Priebe
Thanks, simply added the ip to vmbr0v102.
Stefan
Excuse my typo sent from my mobile phone.
Am 25.04.2014 um 06:15 schrieb Dietmar Maurer diet...@proxmox.com:
Cc: pve-devel@pve.proxmox.com
Subject: Re: [pve-devel] using a vlan on host and guest
Am 24.04.2014 22:04, schrieb Pablo Ruiz:
-8_amd64.deb
From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of
Stefan Priebe - Profihost AG
Sent: Sonntag, 20. April 2014 18:49
To: pve-devel
Subject: [pve-devel] CVE in qemu
cve.circl.lu/cve/CVE-2014-0…
Greets,
Stefan
Am 26.03.2014 08:47, schrieb Alexandre DERUMIER:
Hi Stefan,
Do you see interrupts only when data transfer occur ?
Not really sure how to check as data transfer occours all the time.
I known that qemu usb3 implementation use less interrupts,
maybe could we try to implemented it in
in
guest.
will try that too.
Do you know if i need to change the
/usr/share/qemu-server/pve-usb.cfg
file?
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel@pve.proxmox.com
Envoyé: Mercredi
currently).
Mhm seems it does not change anything also with XHCI the load of the kvm
process is pretty high while the guest itself is idle or seems to be idle.
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
i would use a kvm debug package and then use the segfault kernel line to
identify the line where the segfault happens.
I sent patches for this a year ago.
Stefan
Am 25.03.2014 07:06, schrieb Dietmar Maurer:
(just an idea, but couldn't it be related to slow backups storages ? )
Already
Am 25.03.2014 06:08, schrieb Dietmar Maurer:
Still on my todo list.
OK thanks
I am currently busy, because I am working on the firewall.
And there is that backup bug, and I am still unable to reproduce it. ...
i'm missing a response to a lot of patches sent in Feb and Mar?
Am 05.03.2014 um 08:57 schrieb Alexandre DERUMIER aderum...@odiso.com:
Maybe related to the patch you applied (and sent to the list)?
No,this was without the patch applied :(
Do you have dropped packets at ifconfig view for the network cards?
I'll ask to the qemu mailing list.
Do you
why we have discusted in the mailing about to find a way to block
change of non hotplugable / hot change values in pve-manager.
How do others fix this problem? libvirt and co.? Do you know that?
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À
opteron servers, so
i'm interested to improve memory access performance)
Same for me but i haven't found any guides...
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: pve-devel pve-devel@pve.proxmox.com
Envoyé: Mercredi 19 Février 2014
Hello,
can somebody please explain to be what's the problem with saving the kvm
command of the last start as JSON array inside the conf file and use
that one for migration?
I'm seeing several problems with migration and modifing the
configuration while the VM is running.
Or is there a way to
Am 19.02.2014 11:57, schrieb Dietmar Maurer:
can somebody please explain to be what's the problem with saving the kvm
command of the last start as JSON array inside the conf file and use that one
for migration?
I think there is no guarantee that the same configuration generates the same
Am 19.02.2014 12:24, schrieb Dietmar Maurer:
B.) is to unflexible.
I think this is good enough.
but what about hot plugging cpus? I'm already working on hot plugging
memory.
So not allowing to modify will fail for hot plug memory and hot plug
cpu. These two will become very important the
you don't have these dimmev and memdev
devices as you have 32GB directly incl. in the machine.
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Dietmar Maurer diet...@proxmox.com, pve-devel@pve.proxmox.com
Envoyé: Mercredi 19 Février 2014 12:51
Am 19.02.2014 13:21, schrieb Daniel Hunsaker:
B. Do not allow to modify the configuration while the VM is running
(and hotplug disabled)
In other words, while the VM is running, we disable all modifications
except those allowed by whatever hotplugging support we have enabled.
If it can't
and qom-get (sadly around 20 qom queries for each dimm /
memdev). Or to store memory / dimm adds in temporarily in config file
until a vm is newly started.
Greets,
Stefan
Am 19.02.2014 13:34, schrieb Stefan Priebe - Profihost AG:
Am 19.02.2014 13:24, schrieb Alexandre DERUMIER:
but what about
Am 19.02.2014 um 16:18 schrieb Dietmar Maurer diet...@proxmox.com:
3.) I would like to store the generated command line of each start in the
command file to be sure at restore or migration the exact and correct
command line is used
I consider this wrong and very dangerous. The stored
Am 19.02.2014 um 18:28 schrieb Alexandre DERUMIER aderum...@odiso.com:
INotify does not work with the cluster file system (/etc/pve).
ok, I didn't known.
But we can implement some kind of polling (inside pvestatd).
Yes. (do we need to compute all chains ? or only group chains and update
Am 19.02.2014 um 19:04 schrieb Dietmar Maurer diet...@proxmox.com:
Yes. (do we need to compute all chains ? or only group chains and
update them if checksum change ?)
Why not use mtime of the file?
time resolution is 1 second, so that whay you can miss changes.
That's not correct Linux
Hello,
I've added maxcpu setting to all qemu conf's.
But then all migrations from machines still booted without will fail. Any ideas
how to solve this?
Greets,
Stefan
Excuse my typo sent from my mobile phone.___
pve-devel mailing list
Hi,
at least windows needs numa setting to have memory hot plug working.
Is there any reason we don't add it by default?
Greets,
Stefan
Excuse my typo sent from my mobile phone.___
pve-devel mailing list
pve-devel@pve.proxmox.com
Am 17.02.2014 13:14, schrieb Dietmar Maurer:
two weeks ago you wrote about a defaults prototype you have. Any chance
to have a look at those patches?
I can post the prototype if you want to work on that?
I can't guarantee to work on that one. But i'm highly interested and i
would like to.
Am 16.02.2014 um 10:05 schrieb Alexandre DERUMIER aderum...@odiso.com:
ok so you addd maxcpus: 128 to each configto have it silently enabled?
Yes ;)
Just be carefull to set only 1 socket, as hotplug is core by core
(I have also send pve-manager patches in the mailing, but dietmar don't
be
just 32GB free mem.
Then try to start a machine with maxmem 48GB and minimal/current balloon
value of 4GB.
It will fail...
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel
Hi Alexandre,
i see the following Problem regarding the basic IP Tables
implementation. The iptables binary is not thread safe / can't be run
in parallel. It then exits with exit code 4 and you see a kernel message
Ressource temporarly unavailable.
This means you have to check each iptables
Hi,
yes / sure it tested it ;-)
I used an S2 TV Card from Digital Devices for it. Which has multiple Sub
Devices in it's IOMMU Group for
sound, video, ...
Stefan
Am 13.02.2014 15:23, schrieb Dietmar Maurer:
Great! I assume you tested that? If so, what devices did you use to test?
Additionally tested:
Adaptec sas raid controller and an USB 3.0 controller
Stefan
Excuse my typo sent from my mobile phone.
Am 13.02.2014 um 15:24 schrieb Stefan Priebe - Profihost AG
s.pri...@profihost.ag:
Hi,
yes / sure it tested it ;-)
I used an S2 TV Card from Digital Devices
Am 12.02.2014 12:40, schrieb Dietmar Maurer:
I am still a bit scared about possible side effect.
No problem - do you have special ones in mind? So may be i can check or
workaround?
But worse, it does not work with most storage types anyways.
That's correct.
I agree that this can be handy
Am 12.02.2014 13:03, schrieb Dietmar Maurer:
I am still a bit scared about possible side effect.
No problem - do you have special ones in mind? So may be i can check or
workaround?
The 'isBase' flag is not set for those images (they are cloned, but isBase is
not set).
Not sure if that
Am 12.02.2014 20:23, schrieb Dietmar Maurer:
As this truly depends on storage backend - for example this is allowed for
sheepdog. Or do you just mean it must be a feature flag in the Storage
Plugin?
If it is allowed or not is another question.
My question was if we can detect if a
the migration,
the features are off by default. (at least on source)
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel@pve.proxmox.com
Envoyé: Lundi 10 Février 2014 08:00:22
Objet: Re: [pve-devel] [PATCH
patches, to be sure that capabilities are
turned on or off)
Thanks
Stefan
- Mail original -
De: Alexandre DERUMIER aderum...@odiso.com
À: Stefan Priebe - Profihost AG s.pri...@profihost.ag
Cc: pve-devel@pve.proxmox.com
Envoyé: Lundi 10 Février 2014 09:33:17
Objet: Re: [pve
Am 10.02.2014 12:52, schrieb Dietmar Maurer:
Are you sure that your vms didn't have xbzrle enabled from a previous
migration ?
(Because when the capability is turned on once, it's always enabled
for next migrations)
mhm might be - i thought i was sure they don't. Sorry about that. At least
Am 10.02.2014 um 07:42 schrieb Alexandre DERUMIER aderum...@odiso.com:
I won't try them ;-) xbzrle is just unstable since a long time i don't
believe it's suddenly stable ;-
Yes, same here, I also wanted to say that it's was not stable yet.
No idea why they enable all features now by
Am 07.02.2014 09:32, schrieb Alexandre DERUMIER:
cloning from snapshot is not possible for qcow2 files.
we need to check if feature is available in storage plugin.
Yes this is already implented through an ajax call in GUI which disabled
the 'clone' button.
Stefan
(through api vm_feature)
.
On Feb 7, 2014 1:38 AM, Alexandre DERUMIER aderum...@odiso.com
mailto:aderum...@odiso.com wrote:
Yes this is already implented through an ajax call in GUI which
disabled
the 'clone' button.
Oh,ok perfect :)
- Mail original -
De: Stefan Priebe
Am 07.02.2014 09:27, schrieb Alexandre DERUMIER:
Thanks for the patch stefan, I'll try them next week.
about this patch,
- if ($param-{full} || !PVE::Storage::volume_is_base($storecfg,
$drive-{file})) {
+ if ($param-{full}) {
die Full clone feature is not available
if
Am 07.02.2014 12:59, schrieb Alexandre DERUMIER:
why use
if length $snapname;
for tests ?
if $snapname should be enough.
If $snapname is 0mysnap it isn't as perl would interpret this as false
- Mail original -
De: Stefan Priebe s.pri...@profihost.ag
À:
with Virtio--Blk-Data-Plane)
A that was the culprit. Something without live migration isn't usable at
least to me.
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Cesar Peschiera br...@click.com.py, pve-devel@pve.proxmox.com
Envoyé: Jeudi 6 Février 2014
-stream, drive-mirror, block-commit) are
not supported.
So this would add so may exceptions to pve... i don't thing anybody
wants that.
Stefan
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: Cesar Peschiera br
Am 06.02.2014 11:22, schrieb Orit Wasserman:
On 02/06/2014 09:20 AM, Stefan Priebe - Profihost AG wrote:
Am 05.02.2014 21:15, schrieb Dr. David Alan Gilbert:
* Stefan Priebe (s.pri...@profihost.ag) wrote:
Hello,
after live migrating machines with a lot of memory (32GB, 48GB, ...)
i see
://lkml.indiana.edu/hypermail/linux/kernel/1106.3/01340.html
Maybe is it a guest kernel bug ?
- Mail original -
De: Stefan Priebe - Profihost AG s.pri...@profihost.ag
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel@pve.proxmox.com, qemu-devel qemu-de...@nongnu.org
Envoyé: Jeudi 6
301 - 400 of 755 matches
Mail list logo
