IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
According to rfc2986 the only valid version is 0. No newer rfc changed
that.
See section 4.1:
https://www.rfc-editor.org/rfc/rfc2986#section-4.1
Manually verifying the CSR with openssl results in the following error:
```
$ openssl req -in bad.csr -text -noout
Certificate Request:
Data:
Version: Unknown (2)
```
Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
with a rough check and a slight amount of hope that nothing else in
the module dependent on turning that off for the whole module
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
to please perlcritic's highest severity level and as it makes just
sense to contain such things to the smallest possible scope.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
I assumed that the 'priv' and 'pub' RESTEnvironment types always
contained an AnyEvent eventloop, but this is actually not the case in
pvestatd and pvescheduler.
But it depended on the used model that AnyEvent used (and auto
detected) if this wrong assumption worked or not. With the
AnyEvent::Impl::Perl there weren't any problems and it seemingly
worked by accident, but when using AnyEvent::Impl::EV (which is
autodetected and used when libev-perl is installed) it interfered
with our SIG_CHLD handlers and only ever called them once. (Not clear
why this happens, maybe because AnyEvent is not setup correctly).
This patch uses $AnyEvent::MODEL as a detection instead since this is
`undef` until the first AnyEvent watcher is created, which should be
only the case where we really use AnyEvent, such as pveproxy and
pvedaemon.
Fixes: 6870afa ("RESTEnvironment: better SIGCHLD handling in AnyEvent event loop")
Link: https://lists.proxmox.com/pipermail/pve-devel/2023-March/056057.html
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
print_errs (which is also called internally by die_now) will only
'warn' the collected error stack if the log level is set to tracing.
otherwise, it will just return the error message(s) corresponding to
the error stack as string.
while they are not always the most user-friendly ones, they do
provide additional context that might help to find out what is
actually causing a particular failure. both helpers here actually
provide a meaninful user friendly context (via $msg) as final line.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
[ T: resolve merge conflict due to dropped warn helper ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This is a pattern that can be found often in Proxmox VE's API stack,
so implement it centrally here for re-use.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
when we're in an API server that uses AnyEvent, we must postpone
the worker_reaper, since it calls 'active_workers' which might already
be called and then we're inside the lock twice (flocks are per process
for us, see PVE::Tools::lock_file)
This resulted in an error like this:
close (rename) atomic file '/var/log/pve/tasks/active' failed: No such file or directory
We use the fact that only 'pub' and 'priv' RESTEnvironment types are an
api server with anyevent. For other types we call it like before.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
If one sets a param hard-coded to the same vallue in all but one case
it often is a nicer to negate it and but it at the end.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Otherwise the created vlan bridge has the default MTU, which is
unexpected when the original bridge has some other MTU configured.
We already do this for the firewall bridges, so we should do so too for
the vlan bridges.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This patch introduces callback based filtering functionality for logfile dumps.
Further, the `dump_logfile` function is split into a reusable part for dumps
generated based on a filehandle. The state parameter can be used to keep the
state for multiple consecutive function invocations.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
It's possible to have a
/proc/sys/net/ipv6/ directory
but no
/proc/sys/net/ipv6/conf/$iface/disable_ipv6
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
The dump_logfile now returns the whole log file if the limit
parameter is set to 0. This must be done explicitly though, as in the
case of 'limit' being undefined, the default as before, 50 will be
used.
Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
ovs port don't have sysfs path
"/sys/class/net/$iface/brport/learning"
We need to check if the value is undef too
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
under some conditions, like when calling it in the api where we have
a 30s pveproxy limit, we want to make use of the '--timeout' parameter
of the file-restore binary, but we may want to call it in the future
where we don't want add timeout.
To achieve that, add an extendable 'extra_params' hash parameter to
'file_restore_list' and use the timeout from there.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
as we now auto-detect if the 'bridge-disable-mac-learning' is set in
the Network::tap_plug method and disable learning if so, we need to
ensure that the qemu-server and pve-container can cope with that by
manually registering the guests MAC into the FDB.
So this certainly isn't a hard break, but as network is dead for the
guest on update, if that option is set and the new qemu-server and/or
pve-container packages ain't yet updated, it seems still worthy of a
break.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
avoids that we need to repeat the same code hunk two times each for
CT and VM call sites.
If required it can be simply overridden by setting it explicitly on
call.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
that unless stuff is just hard to read and against our code style.
note that there's also basically the same helper in SysFSTools, and
neither is really dependent on sysfs or procfs semantics, so both
probably should go away..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
as often only warn really makes it out of perl/our pit of std out/err
handling (e.g., I had a case where neither print STDERR nor syslog
worked, but warn did)
also, the tests are rather brittle w.r.t their expect_fail variant,
as the actual expected error should be enforced.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
this can result in a broken config due to it getting written out on
write_config serialization, and if a plugin did not declare `id` as
an option it understood (none do currently), it would then fail the
next parse, far from ideal...
As the section ID is available already anyway we should probably just
drop this, but for now avoid rushed changes and just make it
conforming to section config semantics and check if the option is
actually understood by the respective section type we're working on.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>