5
0
mirror of git://git.proxmox.com/git/pve-common.git synced 2025-01-08 01:17:37 +03:00
Commit Graph

1445 Commits

Author SHA1 Message Date
Thomas Lamprecht
2b4c66788a cgroup: allow one to set the memory.high CGv2 knob too
will be used from our current only call site in pve-container.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-04-26 12:20:33 +02:00
Thomas Lamprecht
5aab227bf3 procfs tools: group and order use statements
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-04-26 12:20:33 +02:00
Thomas Lamprecht
52620f86bd memory info: add regex anchor to avoid false positives
if arcstat gets re-ordered or new field that includes 'size' gets
added at the top

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-04-26 12:20:33 +02:00
Thomas Lamprecht
c153bf020f memory info: avoid errors if ZFS arc stat cannot be read
E.g., if used in PMG and running on a kernel without ZFS.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-04-26 12:20:33 +02:00
Matthias Heiserer
b21af8f501 fix #1454: meminfo: also return arcsize
Signed-off-by: Matthias Heiserer <m.heiserer@proxmox.com>
2023-04-26 12:20:33 +02:00
Mira Limbeck
8ebb0f82ac cert: fix invalid CSR version
According to rfc2986 the only valid version is 0. No newer rfc changed
that.
See section 4.1:
https://www.rfc-editor.org/rfc/rfc2986#section-4.1

Manually verifying the CSR with openssl results in the following error:
```
$ openssl req -in bad.csr -text -noout
Certificate Request:
    Data:
        Version: Unknown (2)
```

Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
2023-04-20 14:31:46 +02:00
Wolfgang Bumiller
4cb946a81c fix #4671: use O_DIRECTORY from Fcntl
on ARM this flag has a different value, let's not hardcode
it.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-04-18 09:52:31 +02:00
Thomas Lamprecht
28932ade21 rest handler: minimize scope of no-strict-refs exemption
with a rough check and a slight amount of hope that nothing else in
the module dependent on turning that off for the whole module

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-04-11 16:18:49 +02:00
Thomas Lamprecht
967e98230a various perl critic fixes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-04-11 16:17:10 +02:00
Thomas Lamprecht
016d20715b cli handler: contain no-stricture scope
to please perlcritic's highest severity level and as it makes just
sense to contain such things to the smallest possible scope.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-04-11 15:09:22 +02:00
Thomas Lamprecht
646a36efce cli handler: fix "return" statement followed by "sort" critic
As that's undefined behavior if the containing sub is called in
scalar context.

https://metacpan.org/pod/Perl::Critic::Policy::Subroutines::ProhibitReturnSort

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-04-11 15:08:54 +02:00
Thomas Lamprecht
b66eddb7ff improve code style of exception helper module
fixes a perl critic lint against one-argument use of bless.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-04-11 14:50:05 +02:00
Thomas Lamprecht
5491471e9d bump version to 7.3-4
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-27 10:36:55 +02:00
Dominik Csapak
a0bae1b6e5 fix #4615: REST environment: improve AnyEvent detectíon in child cleanup
I assumed that the 'priv' and 'pub' RESTEnvironment types always
contained an AnyEvent eventloop, but this is actually not the case in
pvestatd and pvescheduler.

But it depended on the used model that AnyEvent used (and auto
detected) if this wrong assumption worked or not. With the
AnyEvent::Impl::Perl there weren't any problems and it seemingly
worked by accident, but when using AnyEvent::Impl::EV (which is
autodetected and used when libev-perl is installed) it interfered
with our SIG_CHLD handlers and only ever called them once. (Not clear
why this happens, maybe because AnyEvent is not setup correctly).

This patch uses $AnyEvent::MODEL as a detection instead since this is
`undef` until the first AnyEvent watcher is created, which should be
only the case where we really use AnyEvent, such as pveproxy and
pvedaemon.

Fixes: 6870afa ("RESTEnvironment: better SIGCHLD handling in AnyEvent event loop")
Link: https://lists.proxmox.com/pipermail/pve-devel/2023-March/056057.html
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-27 10:35:53 +02:00
Thomas Lamprecht
8328617d06 bump version to 7.3-3
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-16 16:35:45 +01:00
Thomas Lamprecht
b3d7568fb6 cli formatter: check data ref when printing array
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-16 16:18:48 +01:00
Fabian Grünbichler
0bda45be46 certificate: actually print openssl errors
print_errs (which is also called internally by die_now) will only
'warn' the collected error stack if the log level is set to tracing.
otherwise, it will just return the error message(s) corresponding to
the error stack as string.

while they are not always the most user-friendly ones, they do
provide additional context that might help to find out what is
actually causing a particular failure. both helpers here actually
provide a meaninful user friendly context (via $msg) as final line.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 [ T: resolve merge conflict due to dropped warn helper ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-11 18:25:04 +01:00
Dominik Csapak
5028848d42 section config: add helper for deleting keys from a entry
This is a pattern that can be found often in Proxmox VE's API stack,
so implement it centrally here for re-use.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-11 18:14:32 +01:00
Dominik Csapak
6870afa455 RESTEnvironment: better SIGCHLD handling in AnyEvent event loop
when we're in an API server that uses AnyEvent, we must postpone
the worker_reaper, since it calls 'active_workers' which might already
be called and then we're inside the lock twice (flocks are per process
for us, see PVE::Tools::lock_file)

This resulted in an error like this:
close (rename) atomic file '/var/log/pve/tasks/active' failed: No such file or directory

We use the fact that only 'pub' and 'priv' RESTEnvironment types are an
api server with anyevent. For other types we call it like before.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-03-07 18:36:47 +01:00
Thomas Lamprecht
1a758ec1dd cert: avoid module-wide variable used only once
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-07 18:36:46 +01:00
Thomas Lamprecht
6baa9131aa cert: check_pem: code reduction/cleanup
mainly by avoiding the useless intermediate variables

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-07 18:36:44 +01:00
Thomas Lamprecht
060a437fe9 cert info: minimal code reduction
shorter and avoids variable are longer in scope than they're used too

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-07 18:36:44 +01:00
Thomas Lamprecht
45a7516103 cert: csr: sensible param default for warn helper, avoid early line breaks
If one sets a param hard-coded to the same vallue in all but one case
it often is a nicer to negate it and but it at the end.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-07 18:36:42 +01:00
Thomas Lamprecht
c1b077456a cert: drop single-use warn helper
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-07 18:36:42 +01:00
Thomas Lamprecht
e8a515e655 cert: move trailing newline into die helper
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-07 18:36:42 +01:00
Thomas Lamprecht
74bb32adde cert: make die helper a private sub and fix code style on use
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-07 18:36:42 +01:00
Fabian Grünbichler
60a05ecd88 certificate: add check_ prefix to cert/key match helper
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-03-07 11:51:35 +01:00
Max Carrara
d602284ccb certificate: fix formatting and whitespace
Signed-off-by: Max Carrara <m.carrara@proxmox.com>
2023-03-07 10:14:42 +01:00
Max Carrara
a3baf76738 certificate: add subroutine that checks if cert and key match
This is done here in order to allow other packages to make use of
this subroutine.

Signed-off-by: Max Carrara <m.carrara@proxmox.com>
2023-03-07 10:14:42 +01:00
Dominik Csapak
d8a0dff1b5 fix #4547: set MTU on dynamically created vlan bridges
Otherwise the created vlan bridge has the default MTU, which is
unexpected when the original bridge has some other MTU configured.

We already do this for the firewall bridges, so we should do so too for
the vlan bridges.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2023-02-24 17:01:40 +01:00
Wolfgang Bumiller
ea9813cecf bump version to 7.3-2
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-01-27 10:30:46 +01:00
Christian Ebner
12a0ec1888 tools: Add callback based filtering for logfile dump
This patch introduces callback based filtering functionality for logfile dumps.
Further, the `dump_logfile` function is split into a reusable part for dumps
generated based on a filehandle. The state parameter can be used to keep the
state for multiple consecutive function invocations.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
2023-01-18 11:13:35 +01:00
Alexandre Derumier
2e3fd24d1a fix #4299: network : disable_ipv6: fix path checking
It's possible to have a
/proc/sys/net/ipv6/ directory

but no
/proc/sys/net/ipv6/conf/$iface/disable_ipv6

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2023-01-16 10:42:06 +01:00
Fabian Grünbichler
7a48f55a8f fix typo
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-01-10 12:25:54 +01:00
Fabian Grünbichler
1ac8e6c135 build: add missing build-dependencies
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-01-10 12:23:44 +01:00
Thomas Lamprecht
9d14c9ddcf bump version to 7.3-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-24 17:13:04 +01:00
Thomas Lamprecht
7b1aa2e84a dump logfile: avoid boolean ternary if already boolean value
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-24 17:12:18 +01:00
Daniel Tschlatscher
f0c1b0c03c dump logfile: return whole log file if limit is 0
The dump_logfile now returns the whole log file if the limit
parameter is set to 0. This must be done explicitly though, as in the
case of 'limit' being undefined, the default as before, 50 will be
used.

Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
2022-11-24 17:12:02 +01:00
Alexandre Derumier
99fc81231e network: add|del_fdb: fix learning check
ovs port don't have sysfs path
"/sys/class/net/$iface/brport/learning"

We need to check if the value is undef too

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2022-11-21 11:23:04 +01:00
Thomas Lamprecht
ae7332752a bump version to 7.2-8
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-20 16:26:29 +01:00
Thomas Lamprecht
0a3c65c003 network: support adding fdb directly in tap_plug
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-20 16:07:58 +01:00
Thomas Lamprecht
bf5bc3637f network: fix whitespace error
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-20 16:07:58 +01:00
Dominik Csapak
76e28e0325 PBSClient: file_restore_list: add extraParams and use timeout
under some conditions, like when calling it in the api where we have
a 30s pveproxy limit, we want to make use of the '--timeout' parameter
of the file-restore binary, but we may want to call it in the future
where we don't want add timeout.

To achieve that, add an extendable 'extra_params' hash parameter to
'file_restore_list' and use the timeout from there.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2022-11-15 13:22:30 +01:00
Thomas Lamprecht
eb6f49f4b2 cache: allow importing nodename method
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-15 07:25:36 +01:00
Thomas Lamprecht
3d4739a9d3 bump version to 7.2-7
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-13 15:54:59 +01:00
Thomas Lamprecht
9659e1c296 d/control: record breaks for older qemu-server/pve-container
as we now auto-detect if the 'bridge-disable-mac-learning' is set in
the Network::tap_plug method and disable learning if so, we need to
ensure that the qemu-server and pve-container can cope with that by
manually registering the guests MAC into the FDB.

So this certainly isn't a hard break, but as network is dead for the
guest on update, if that option is set and the new qemu-server and/or
pve-container packages ain't yet updated, it seems still worthy of a
break.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-13 15:48:24 +01:00
Thomas Lamprecht
ac39d36f57 network: tap plug: auto-disable learning if bridge-disable-mac-learning is set
avoids that we need to repeat the same code hunk two times each for
CT and VM call sites.

If required it can be simply overridden by setting it explicitly on
call.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-13 13:56:50 +01:00
Thomas Lamprecht
65ca174341 procfs tools: modernize write_proc_entry
that unless stuff is just hard to read and against our code style.

note that there's also basically the same helper in SysFSTools, and
neither is really dependent on sysfs or procfs semantics, so both
probably should go away..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-13 13:54:59 +01:00
Thomas Lamprecht
8b7b0cc5fe tests: section config: comment need for warn on debugging
as often only warn really makes it out of perl/our pit of std out/err
handling (e.g., I had a case where neither print STDERR nor syslog
worked, but warn did)

also, the tests are rather brittle w.r.t their expect_fail variant,
as the actual expected error should be enforced.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-13 11:54:34 +01:00
Thomas Lamprecht
ec9e46fae6 job registry: avoid injecting the section id unconditionally in configs
this can result in a broken config due to it getting written out on
write_config serialization, and if a plugin did not declare `id` as
an option it understood (none do currently), it would then fail the
next parse, far from ideal...

As the section ID is available already anyway we should probably just
drop this, but for now avoid rushed changes and just make it
conforming to section config semantics and check if the option is
actually understood by the respective section type we're working on.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-11-13 11:50:42 +01:00