5
0
mirror of git://git.proxmox.com/git/pve-common.git synced 2025-01-05 17:17:36 +03:00
Commit Graph

1098 Commits

Author SHA1 Message Date
Thomas Lamprecht
ffe0b0e075 runtest: clone config before passing to write to avoid side effects
write changes some parts of the config, if this is a reference to the
config used for checking parsing it may lead to unexpected failures
due to those side effects..

For me it was "cidr" and "cidr6" getting deleted, and thus upcomming
tests for a compat change failing without any apparent reason.. :/

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-13 11:02:01 +01:00
Thomas Lamprecht
3219cb94e3 bump version to 6.0-16
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-12 16:15:21 +01:00
Thomas Lamprecht
f6c9d9a4f3 inotify: fix compatibillity with address + netmask separate passed
fixes commit 78c6656c9aba1d57786f916717c2622a3059fb6 which dropped
writing out the netmask but missed to add compat code for the case
where the caller did not suplly a address in CIDR format already.

Check if an address ends with /\d+, if not see if a netmask is
available and add that similar how it gets handled on read.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-By: Stoiko Ivanov <s.ivanov@proxmox.com>
2020-03-12 16:10:18 +01:00
Thomas Lamprecht
040fc87d59 inotify: indentation fix
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-12 15:21:15 +01:00
Thomas Lamprecht
75c83508f6 bump version to 6.0-15
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-09 17:30:29 +01:00
Thomas Lamprecht
1175979f78 LDAP: fix missing newline in error message
seems like LDAP->new doesn't adds it, so we get the ". at
/path/to/module.pm line xy" ugly error

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-09 17:30:29 +01:00
Thomas Lamprecht
1714a63b36 d/control: break pmg-api (<< 6.1-7)
as we now register the ldap-simple-attr' format, and double
registrations result in exceptions.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-09 16:59:47 +01:00
Dominik Csapak
283ac2bae1 add ldap-simple-attr from pmg
we also need it in pve

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-03-09 12:34:06 +01:00
Thomas Lamprecht
772038d440 RESTHandler getopt_usage: schema properties can be undef
While seldom some of our API endpoints do not define it, e.g., the
world readable /access/ticket call.

As all of the stack can cope with that just fine make getopt_usage
also follow that behavior and don't assume that properties has to be
defined.

This fixes a complaint about undefined value use in the following
calls:
 pvesh usage /access/ticket
 pmgsh help /access

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-09 12:26:06 +01:00
Thomas Lamprecht
d2513a84df inotify: read interfaces: avoid uninitialized value access
check if 'ovs_type' is defined first

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-09 11:28:38 +01:00
Thomas Lamprecht
4566729d4e Revert "Network: tap_create|plug : sdn : use bridge_vlan"
With revert "network: followup: move graceful require SDN out from
subs" squashed.

This reverts commit c02d6d1c96.
This reverts commit 35f2791ffa.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-09 07:33:13 +01:00
Thomas Lamprecht
5cc59b7903 bump version to 6.0-14
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-07 18:10:58 +01:00
Thomas Lamprecht
35f2791ffa network: followup: move graceful require SDN out from subs
As "require" is evaluated on module load only once,  we either have
it or not, so move it to the top to avoid code duplication

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-07 18:10:58 +01:00
Alexandre Derumier
c02d6d1c96 Network: tap_create|plug : sdn : use bridge_vlan
find correct bridge/vlan from vnet config
2020-03-07 18:10:58 +01:00
Thomas Lamprecht
55163d614a d/control: record break of older ifupdown2
If ifupdown2 is installed we really want to have it synced with this
version, also with OVS (ifupdown2 handles that break) - this is part
of the version barrier.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-07 18:02:49 +01:00
Alexandre Derumier
36bbe29db8 INotify : fix OVSBond && OvsintPort order + tests
OVSBond was missing
OvsintPort under ethx interfaces
2020-03-07 17:48:01 +01:00
Alexandre Derumier
c688b8e683 INotify: fix unknown for unknown ovs_type
if user defined manually ovs_type OVSTunnel or OVSPatchPort,
the type is empty.

set type=unknown first to avoid this kind of mistake
2020-03-07 17:37:53 +01:00
Alexandre Derumier
bc6713dfff INotify: detect ifupdown2 from executable not path
Seem than addons.conf file is not removed on "apt remove ifupdown2",
so /usr/share/ifupdown2 is not removed too.
2020-03-07 16:57:33 +01:00
Alexandre Derumier
d34d739328 INotify: use auto for ovs interfaces with ifupdown2
Need the ifupdown2 openvswitch addon !
2020-03-07 16:57:33 +01:00
Thomas Lamprecht
d31273b42f bump version to 6.0-13
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-04 15:44:18 +01:00
Dominik Csapak
261ea3cad6 add LDAP Wrapper code
This will be used for PMG and PVE LDAP Authentication & Sync.
The code is largely copied/inspired by the already existing LDAP code in
PVEs AccessControl and PMGs LDAPCache

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-03-04 15:33:50 +01:00
Dominik Csapak
30aeac2ef2 fix #2618: increase maximum port for spice to 61999
and expose the range in its own sub to reuse it in http-server

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-03-04 15:30:37 +01:00
Thomas Lamprecht
202eaa4776 followup cleanup and fix missing semicolon
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-04 15:12:59 +01:00
Alexandre Derumier
beedabb4ab remove extra space after address && gateway options
only 1 space like all others options

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2020-03-04 14:59:34 +01:00
Alexandre Derumier
378c6656c9 INotify: use cidr for address on config change
netmask/broadcast options are deprecated since buster
https://manpages.debian.org/buster/ifupdown/interfaces.5.en.html

This still read both "old address/netmask" or "address cidr" format,
but always convert it to cidr address format

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2020-03-04 14:59:34 +01:00
Thomas Lamprecht
5bd1e56b7a get_ip_from_hostname: check all address we get from getaddrinfo_all for non-local IP
This was limited without reason to checking only the first IP we get
returned from getaddrinfo_all, but we can have multiple IPs for a
hostname, and possible one of them is local but another not, so check
all and only die if no non-local address at all got found.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-02-21 13:54:16 +01:00
Christian Ebner
630fe0a735 zsh-completion: Add missing flag to compadd
This fixes an issue with zsh completion where certain words were not added to the
list of matches, but incorrectly interpreted as flags or options.

By passing the "--" flag, compadd is notified that all following arguments should
be considered for completion and not interpreted as flags or options for compadd.

Details can be found in the compadd documentation:
http://zsh.sourceforge.net/Doc/Release/Completion-Widgets.html#Completion-Builtin-Commands

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
2020-02-21 09:45:14 +01:00
Alexandre Derumier
a70e9925ae INotify : check_bridge : fix bridge-ports with vlan tagged interface
Currently with strip vlan tag, that's wrong because
mtu && others check are done the main interface.
2020-02-07 12:56:24 +01:00
Alexandre Derumier
dd3004e266 INotify: check bridge ip: add missing check if method is not defined 2020-02-07 12:56:24 +01:00
Alexandre Derumier
968c90f174 INotify: fix mtu check && add test
reverse the parent-child. (bridge-port is the parent)
2020-02-07 12:56:24 +01:00
Thomas Lamprecht
7c67d20d92 bump version to 6.0-12
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-31 13:45:56 +01:00
Thomas Lamprecht
b4f88e889f systemd: add un-/escape_unit helpers
moved from pve-storage, we need to reuse it in another module there,
as it's a general method lets just move it here already.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-31 13:45:56 +01:00
Thomas Lamprecht
1446e6a896 procfs: add check_kernel_release
adapted from Wolfgan's patch[0] for a pve-container feature check, as
this is a general check let's move it here.

[0]: https://pve.proxmox.com/pipermail/pve-devel/2020-January/041477.html

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-31 13:45:56 +01:00
Thomas Lamprecht
5bd218329e bump version to 6.0-11
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-28 11:33:29 +01:00
Fabian Grünbichler
4c72ade059 API schema: add 'allowtoken' property
to mark which API methods should be available to clients authenticated using an API token.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-01-27 18:39:26 +01:00
Alexandre Derumier
f82c73738d tests: unknown interfaces order: rename vlan interfaces to unknown
vlan(X) interfaces are not unknown anymore
use generic name instead

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2020-01-25 16:01:34 +01:00
Alexandre Derumier
bbe7d3edf3 INotify: improve vlan interface parsing
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2020-01-25 16:01:34 +01:00
Moayad
c3733145eb Add build dependency libtest-mockmodule-perl
Signed-off-by: Moayad Almalat <m.almalat@proxmox.com>
2020-01-20 16:02:37 +01:00
Thomas Lamprecht
83ef072e57 ACME: comment fixup some POST to GET-as-POST
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-15 14:28:51 +01:00
Wolfgang Link
b9ca506c37 ACME: Change authorization call
As Let's Encrypt will no more allow GET calls[0], we have to change
to GET-as-POST[1] requests.

[0]: https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380/4
[1]: https://tools.ietf.org/html/rfc8555#section-6.3

Signed-off-by: Wolfgang Link <w.link@proxmox.com>
[ Thomas: Add ACME tag and reference GET-as-POST[1] ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-15 13:54:02 +01:00
Thomas Lamprecht
629dc37548 bump version to 6.0-10
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-13 17:52:07 +01:00
Thomas Lamprecht
0e4d81adb8 certs: generate_csr: allow to set CN explicit
Else, when used with ACME, the SAN is always sorted so we always get
the Subject Alternative Name sorting alphabetically first, which
doesn't necessarily has to be the "primary" domain. While this is
rather cosmetically (all SANs are equal) it could still result it
flapping CN when SANs and thus possibly the order changes, e.g., in
our CDN mirror pool. It also doesn't costs anything to allow control
over this, so why not..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-13 17:38:08 +01:00
Thomas Lamprecht
055f076be5 followup code cleanup
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-11 16:15:02 +01:00
Thomas Lamprecht
6f830d1d24 followup trailing whitespace fixes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-11 16:12:33 +01:00
Alexandre Derumier
2d1e9a02c3 INotify: network : add ovs_mtu option
This is also rewriting any "mtu" option on a ovs interface
to "ovs_mtu"

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2020-01-11 16:11:04 +01:00
Alexandre Derumier
b94d05ecc6 INotify: add bond-primary option
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2020-01-11 16:11:04 +01:00
Alexandre Derumier
c8ff0bdf3d INotify: allow vlan tagged bridge interface on non-vlanaware bridge
Seem that it's working too with non-vlanaware bridge

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2020-01-11 16:11:04 +01:00
Alexandre Derumier
f5d8be06b6 Inotify: forbid ip address on bridged interface.
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2020-01-11 16:11:04 +01:00
Alexandre Derumier
c86cfb8bbd INotify: remove allow-hotplug from /etc/network/interfaces
for user installing proxmox on top of debian,
debian install by default the first nic with allow-hotplug.

This is conflicting with "auto ...", but worst with ovs "allow-ovs ...".

User have reported race with ovs, where ovs vmbr was up before the nic.
https://forum.proxmox.com/threads/no-network-on-server-unless-i-ifdown-ifup-vmbr0.62733/

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2020-01-08 10:32:36 +01:00
Thomas Lamprecht
12349ad05f REST Handler: check for value defindness when untainting
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-08 10:32:12 +01:00