Re: [pve-devel] [PATCH firewall] prevent overwriting ipsets/sec. groups by renaming

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH firewall] prevent overwriting ipsets/sec. groups by renaming

we did not check if the target name of the group/ipset already existed, so we overwrote them Signed-off-by: Dominik Csapak --- src/PVE/API2/Firewall/Groups.pm | 5 + src/PVE/API2/Firewall/IPSet.pm | 5 + 2 files changed, 10 insertions(+) diff --git

Re: [pve-devel] [PATCH] migrate: unlink unix socket before starting migration

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH] migrate: unlink unix socket before starting migration

Just to be sure nobody else has (wrongfully) left that file here. Signed-off-by: Thomas Lamprecht --- PVE/QemuMigrate.pm | 1 + PVE/QemuServer.pm | 5 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm index

Re: [pve-devel] [PATCH firewall 1/2] make group digest stable

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH firewall 2/2] fix allowed group name length

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH ha-manager] use correct verify function for ha-group-node-list

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [RFC manager] Remove IPv4 netmask check

--- This check makes it impossible to use /31 and /32 IPv4 addresses. While this might seem like a reasonable thing to do due to the lack of address space (eg. broadcast addresses), I'm not sure it makes sense to really enforce this limit (anymore). If a hosting provider assigns you a single IP

[pve-devel] [PATCH firewall 1/2] make group digest stable

if we had mulitple security groups and wanted to edit one, we did not have a stable digest, because perl hashes are not sorted this patch sorts the keys before hashing Signed-off-by: Dominik Csapak --- src/PVE/API2/Firewall/Groups.pm | 2 +- 1 file changed, 1

[pve-devel] [PATCH firewall 2/2] fix allowed group name length

the allowed length for an iptable chain is 28 chars we had a max set of 20 but a format of GROUP--IN and GROUP--OUT where is the group name but GROUP--OUT are 10 chars so we just allow 18 chars max Signed-off-by: Dominik Csapak --- src/PVE/Firewall.pm | 2 +- 1 file

[pve-devel] [PATCH ha-manager] use correct verify function for ha-group-node-list

We use pve_verify_nodename but we expect here a value with the syntax: nodename[:priority] So if someone used the optional priority this failed unecessarily. select_service_node in the Manager class expects this value and splits it itself into nodename and priority so we can just return it if it

Re: [pve-devel] [PATCH v2 manager] add vzdump/extractconfig API path

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH v2 container] use PVE::Storage::extract_vzdump_config_tar

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH v5 1/4] migrate: collect migration tunnel child process

applied all 4 patches, thanks. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [RFC qemu-server] use enter_systemd_scope instead of systemd-run

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH v5 4/4] migrate: add some more log output

Output all errors - if any - and add some log outputs on what we qmp commands we do with which parameters, may be helpful when debugging or analyzing a users problem. Also check if the queried status is defined, as on a error this may not be. Signed-off-by: Thomas Lamprecht

[pve-devel] [PATCH v5 3/4] migrate: close tunnel after dest. VM stopped on error

On error let phase2_cleanup close the tunnel as it stops the for incoming migration waiting VM on the destination first, to be safe. Signed-off-by: Thomas Lamprecht --- changes since v4: * this is new and was splitted away from the previous patch as it has another

[pve-devel] [PATCH v5 2/4] migrate: use ssh forwarded UNIX socket tunnel

We cannot guarantee when the SSH forward Tunnel really becomes ready. The check with the mtunnel API call did not help for this prolem as it only checked that the SSH connection itself works and that the destination node has quorum but the forwarded tunnel itself was not checked. The Forward

[pve-devel] [PATCH v5 1/4] migrate: collect migration tunnel child process

use waitpid with WNO_HANG to check if the ssh tunnel child process is still running and collect at the same time if it exited. Signed-off-by: Thomas Lamprecht --- changes since previous veriosn: * adapt to dietmars suggestion, slightly adapted. changed name of the

Re: [pve-devel] [PATCH common 0/4] Various patches (deps, cleanups, enter_systemd_scope)

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH common 0/4] Various patches (deps, cleanups, enter_systemd_scope)

The following changes since commit c1a4a02b98956604917ec0f140094386ba536b21: bump version to 4.0-66 (2016-06-01 11:32:28 +0200) are available in the git repository at: git://github.com/Blub/pve-common.git next you can pull directly via: $ git pull --ff-only

[pve-devel] [PATCH common 3/4] move Network::get_active_interfaces to ProcFSTools

This avoids a circular dependency between PVE::INotify and PVE::Network. Also renamed to get_active_network_interfaces since the package name now doesn't hint at this anymore. --- src/PVE/INotify.pm | 3 ++- src/PVE/Network.pm | 38 --

[pve-devel] [PATCH v2 manager] add vzdump/extractconfig API path

--- only rebased PVE/API2/VZDump.pm | 39 +++ 1 file changed, 39 insertions(+) diff --git a/PVE/API2/VZDump.pm b/PVE/API2/VZDump.pm index 712c712..91b8a27 100644 --- a/PVE/API2/VZDump.pm +++ b/PVE/API2/VZDump.pm @@ -165,3 +165,42 @@

[pve-devel] [RFC qemu-server] use enter_systemd_scope instead of systemd-run

With systemd-run qemu's --daemonize forks often happen before systemd finishes setting up the scopes, which means the limits we apply often don't work. We now use enter_systemd_scope() to create the scope before running qemu directly without systemd-run. Note that vm_start() runs in a

[pve-devel] [PATCH common 4/4] added: enter_systemd_scope

This essentially performas the task of systemd-run while also waiting for the job to finish. With the systemd-run version in jessie we run into a race condition where the executed process can start forking child processes before the systemd daemon is done setting up the scope's cgroups, causing

[pve-devel] [PATCH v2 container] use PVE::Storage::extract_vzdump_config_tar

which is based on the former tar_archive_search_conf code --- Note: requires vzdump config extraction patch series Changes in v2: - us qr operator to pass regexp src/PVE/LXC/Create.pm | 37 + 1 file changed, 1 insertion(+), 36 deletions(-) diff --git

[pve-devel] [PATCH common 1/4] Consider /31 and /32 valid subnet masks.

Since we already allow this for container IP addresses it is reasonable to assume the host might be using such a setup as well. (You can use an additional route to reach the gateway and then simply have no "LAN".) Some people seem to want this... --- src/PVE/JSONSchema.pm | 4 +++-

[pve-devel] [PATCH common 2/4] add netmasks starting from /8 to local netmask list

--- src/PVE/Network.pm | 8 1 file changed, 8 insertions(+) diff --git a/src/PVE/Network.pm b/src/PVE/Network.pm index ab07350..ce4305a 100644 --- a/src/PVE/Network.pm +++ b/src/PVE/Network.pm @@ -56,6 +56,14 @@ our $ipv4_reverse_mask = [ ]; our $ipv4_mask_hash_localnet = { +

[pve-devel] [PATCH v2 storage 0/2] vzdump config extraction

reworked and rebased config extraction from vzdump backup archives changes to v2: - moved client part to pvesm instead of pct/qm - improve error handling for compressed vma files Fabian Grünbichler (2): add extract vzdump config methods add pvesm extractconfig PVE/CLI/pvesm.pm | 38

[pve-devel] [PATCH v2 storage 1/2] add extract vzdump config methods

extract_vzdump_config_tar is an adapted combination of tar_archive_search_conf() and the first part of recover_config(), both from PVE::LXC::Create. a compressed vma backup file needs special error handling because vma exits as soon as it found the config file, which the used decompressors treat

[pve-devel] [PATCH v2 storage 2/2] add pvesm extractconfig

--- PVE/CLI/pvesm.pm | 38 ++ 1 file changed, 38 insertions(+) diff --git a/PVE/CLI/pvesm.pm b/PVE/CLI/pvesm.pm index 6630f87..f5ae277 100755 --- a/PVE/CLI/pvesm.pm +++ b/PVE/CLI/pvesm.pm @@ -53,6 +53,43 @@ __PACKAGE__->register_method ({ }});

Re: [pve-devel] [PATCH firewall] use pve-common's ipv4_mask_hash_localnet

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH firewall] use pve-common's ipv4_mask_hash_localnet

--- src/PVE/Firewall.pm | 21 ++--- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index d8e820d..1fa3e70 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -12,6 +12,7 @@ use PVE::JSONSchema

Re: [pve-devel] [PATCH container 0/3] pct restore mountpoint improvements part 2

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH v2 container] fix and improve bindmount tests

applied ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH container 0/3] pct restore mountpoint improvements part 2

this patch series includes a reworked / cleaned up version of the not-applied parts of the previous mp restore improvement series, as well as an additional fix to reserve the container ID with an empty config file after obtaining the local flock. Fabian Grünbichler (3): ignore ro flag when

[pve-devel] [PATCH container 1/3] ignore ro flag when creating/restoring CT

--- Note: this was previously included in the refactoring patch, got its own patch for clarity's sake.. src/PVE/LXC/Create.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm index 68628a1..123ca81 100644 ---

[pve-devel] [PATCH container 2/3] split up create_rootfs and restore_and_configure

these were only used once and their method signatures were already quite long, so split up into - delete old existing container and write new config - mount - restore archive / extract template - restore configuration / setup new container - unmount --- Changes to previous version: - destroy old

[pve-devel] [PATCH container 3/3] use empty config to reserve container ID

also adapt PVE::LXC::destroy_lxc_container to optionally write an arbitray new config instead of deleting it altogether. the old configuration is replaced by an empty temporary configuration at the moment, but this could easily be reused if/when a "create"-locked config is used instead of an empty

[pve-devel] [PATCH v2 container] fix and improve bindmount tests

fixed leftover mounts after running the tests added another testcase: inject symlink before mount() and restore before verify() --- changes since v2: added missing parameter for the last testcase src/test/bindmount_test.pl | 66 +- 1 file changed,

Re: [pve-devel] [PATCH container] fix and improve bindmount tests

> -die "unexpected test error: $@\n" if $@ ne "symlink encountered at: .$ab\n"; > +die "unexpected test error: $@\n" if $@ ne "bindmount verification failed\n"; > +# Restore setup: > +cleanup(); > +setup(); > +# Race test 2: As above but also reset the symlink back after > __bindmount_do() > +eval

[pve-devel] [PATCH common] Consider /31 and /32 valid subnet masks.

Since we already allow this for container IP addresses it is reasonable to assume the host might be using such a setup as well. (You can use an additional route to reach the gateway and then simply have no "LAN".) Some people seem to want this... --- src/PVE/JSONSchema.pm | 4 +++-

[pve-devel] [PATCH container] fix and improve bindmount tests

fixed leftover mounts after running the tests added another testcase: inject symlink before mount() and restore before verify() --- src/test/bindmount_test.pl | 66 +- 1 file changed, 47 insertions(+), 19 deletions(-) diff --git