Commit Graph

1050 Commits

Author SHA1 Message Date
Thomas Lamprecht
3e0176e6bb bump version to 8.2.7
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-09-23 11:43:28 +02:00
Thomas Lamprecht
50e7a31db3 d/control: bump versioned dependency of common and http-server
to ensure the 'dowload_allowed' schema property is understood.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-09-23 11:24:49 +02:00
Thomas Lamprecht
414ce79a1d bump version to 8.2.6
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-09-20 17:47:21 +02:00
Thomas Lamprecht
ce602b2d54 d/copyright: run wrap-and-sort -tkn
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-09-16 13:59:02 +02:00
Thomas Lamprecht
12c0a59769 bump version to 8.2.5
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-09-12 17:20:54 +02:00
Lukas Wagner
5732ad6584 pvestatd: store subsystem status data in a shared cache
This commit adds a new module PVE::PullMetric. This module allows
us to store the status data of various subsystems, including status
data for the most recent pvestatd update loops. Right now, we
store 6 old generations - including the most recent values, that gives
70 seconds of stat history (based on a 10 second pvestatd update loop
interval).

This cache allows us to add support for pull-style metric collection
systems, be it Prometheus/OpenMetrics or some custom, JSON based
metric format.

This patch raises the required lib{proxmox,pve}-perl-rs version
requirements, since we need the new bindings for proxmox-shared-cache.

Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
[WB: actually bump *runtime* deps in d/control]
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-08-14 14:18:34 +02:00
Lukas Wagner
876e531ad7 d/control: bump proxmox-widget-toolkit dependency to 4.1.4
We need
  "utils: add mechanism to add and override translatable notification
  event descriptions in the product specific UIs"
otherwise there is an error in the browser console.

Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>
2024-07-22 19:34:58 +02:00
Lukas Wagner
f5a97f1f5d api: jobs: vzdump: pass job 'job-id' parameter
This allows us to access the backup job id in the send_notification
function, where we can set it as metadata for the notification.
The 'job-id' parameter can only be used by 'root@pam' to prevent
abuse. This has the side effect that manually triggered backup jobs
cannot have the 'job-id' parameter at the moment. To mitigate that,
manually triggered backup jobs could be changed so that they
are not performed by a direct API call by the UI, but by requesting
pvescheduler to execute the job in the near future (similar to how
manually triggered replication jobs work).

Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>
 [ TL: fleece in d/control bump for guest-common now that the version
   is known ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-07-22 19:23:18 +02:00
Maximiliano Sandoval
1d4dd057ef changelog: fix typos
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
2024-07-17 18:02:59 +02:00
Fabian Grünbichler
faa83925c9 bump version to 8.2.4
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2024-06-10 14:00:15 +02:00
Fabian Grünbichler
600d40d715 d/control: bump pve-container
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2024-06-10 13:57:37 +02:00
Wolfgang Bumiller
b4648c6905 bump version to 8.2.3
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-06-04 11:09:02 +02:00
Thomas Lamprecht
9355359cd7 bump version to 8.2.2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-04-23 21:36:08 +02:00
Thomas Lamprecht
676cb7dbff bump version to 8.2.1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-04-22 19:49:33 +02:00
Thomas Lamprecht
1c471ec66f d/control: add proxmox-firewall as recommended dependency
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-04-22 11:27:17 +02:00
Thomas Lamprecht
0501ee9e9c d/control: wrap-and-sort -tkn
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-04-22 11:27:17 +02:00
Thomas Lamprecht
020674df36 d/copyright: update years
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-04-21 13:06:52 +02:00
Thomas Lamprecht
5d18490f84 bump version to 8.2.0
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-04-21 13:04:08 +02:00
Thomas Lamprecht
8b871e1b4d d/control: bump versioned dependency for widget-toolkit and common
To ensure that the lifting of the bridge name == vmbr\d+ restriction
works correctly and that the new notes view double-click editing
setting can work.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-04-21 13:01:57 +02:00
Fiona Ebner
cb1653fdad bump version to 8.1.11
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2024-04-19 17:18:55 +02:00
Fiona Ebner
96c50c22cc d/control bump versioned dependency for libpve-(guest-)common-perl and qemu-server
to make the backup fleecing feature available. The bump for
qemu-server is also required for moving unused disks of VMs.

The bump for libpve-common-perl is required because of pve-common
commit c302a28 ("json schema: add format description for
pve-storage-id standard option"), which is required for API
verification.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2024-04-19 17:15:03 +02:00
Thomas Lamprecht
05ca3b6037 d/control: bump versioned b-d for guest-common
so that our replication regression tests work correctly.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-04-18 10:22:22 +02:00
Fabian Grünbichler
8d47732670 d/postinst: make deb-systemd-invoke non-fatal
else this can break an upgrade for unrelated reasons (regular debhelper also
constructs the restart invocations like this, it even redirects output to
/dev/null)

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2024-04-17 16:56:13 +02:00
Fabian Grünbichler
b76dc13ba5 postinst: move dir creation to helper
and guard it to only run on ceph-using systems (the regular 'inited' check
doesn't work as a guard for this, because it checks for new-style inits
including the dir existing).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2024-04-11 14:56:16 +02:00
Fabian Grünbichler
85c14e2826 postinst: remove blank lines
it looks confusing in `apt ..` output

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2024-04-11 11:56:10 +02:00
Fabian Grünbichler
59dd868c1f d/control: depend on pve-storage with new ceph parser
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2024-04-11 11:55:47 +02:00
Fabian Grünbichler
2ff48ca76c postinst: replace placeholder with actual version
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2024-04-11 10:55:35 +02:00
Max Carrara
11edd5d88d fix #4759: ceph: configure ceph-crash.service and its key
Due to Ceph dropping privileges when running the 'ceph-crash' daemon
[0], it is necessary to allow the daemon to authenticate with its
cluster in a safe manner.

In order to avoid exposing sensitive keyrings or somehow escalating
its privileges again, 'ceph-crash' is therefore provided with its own
keyring in the '/etc/pve/ceph' directory. This directory, due to being
on 'pmxcfs', may be read by members of the 'www-data' group, which
'ceph-crash' is made part of [1].

Expected Configuration
----------------------

 1. A keyring file named '/etc/pve/ceph/ceph.client.crash.keyring'
    exists
 2. A section named 'client.crash' exists in '/etc/pve/ceph.conf'
 3. The 'client.crash' section has a key named 'keyring' which
    references the keyring file as '/etc/pve/ceph/$cluster.$name.keyring'
 4. The 'client.crash' section has *no* key named 'key'

New Clusters
------------

The keyring file is created and the conf file is updated after the first
monitor has been created (when calling `pveceph mon create`).

Existing Clusters
-----------------

A new helper script creates and configures the 'client.crash' keyring in
`postinst`, if:
 * Ceph is installed
 * Ceph is initialized ('/etc/pve/ceph.conf' and '/etc/pve/ceph' exist)
 * Connection to RADOS is successful

If the above conditions are met, the helper script ensures that the
existing configuration matches the expected configuration mentioned
above.

The configuration is not changed if it is already as expected.

The helper script may be called again manually if the `postinst` hook
fails. It is installed to '/usr/share/pve-manager/helpers/pve-init-ceph-crash'.

Existing `client.crash` Key
---------------------------

If a key named 'client.crash' already exists within the cluster, it is
reused and not regenerated.

[0]: https://github.com/ceph/ceph/pull/48713
[1]: https://git.proxmox.com/?p=ceph.git;a=commitdiff;h=f72c698a55905d93e9a0b7b95674616547deba8a

Signed-off-by: Max Carrara <m.carrara@proxmox.com>
Tested-by: Friedrich Weber <f.weber@proxmox.com>
2024-04-11 10:42:11 +02:00
Max Carrara
a51a28e3cd ceph: introduce '/etc/pve/ceph'
This commit adds the '/etc/pve/ceph' directory to our overall expected
Ceph configuration.

This directory is meant to store cluster-wide, non-private
configuration files used by Ceph applications and services that are
executed with lower privileges, such as 'ceph-crash.service'.

The existence of the directory is now also checked for when checking
whether Ceph is configured correctly. This makes it easier for our
other tooling to rely on the directory's existence, reducing the
number of otherwise needless frequent checking.

* For new clusters: `pveceph init` now creates '/etc/pve/ceph' when
  called.

* For existing clusters: The 'postinst' hook this commit adds ensures
  that '/etc/pve/ceph' is created when updating.

Signed-off-by: Max Carrara <m.carrara@proxmox.com>
Tested-by: Friedrich Weber <f.weber@proxmox.com>
2024-04-11 10:42:11 +02:00
Thomas Lamprecht
4b06efb5db bump version to 8.1.10
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-03-28 19:57:10 +01:00
Thomas Lamprecht
71ba92b1c9 bump version to 8.1.9
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-03-28 18:12:50 +01:00
Thomas Lamprecht
d29041d9f8 bump version to 8.1.8
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-03-27 14:36:05 +01:00
Thomas Lamprecht
d5336b9e2b d/control: bump versioned dependencies for libpve-storage-perl
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-03-27 14:36:05 +01:00
Thomas Lamprecht
bbbaf45d62 bump version to 8.1.7
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-03-22 16:08:20 +01:00
Thomas Lamprecht
a2ae3c5011 d/control: bump versioned deps for widget-toolkit and access-control
to ensure the new password confirmation API and UI is available

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-03-22 16:08:20 +01:00
Thomas Lamprecht
01200f7d73 bump version to 8.1.6
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-03-14 15:26:40 +01:00
Thomas Lamprecht
60e01c6ac2 bump version to 8.1.5
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-03-14 15:13:30 +01:00
Thomas Lamprecht
385f48fb21 d/control: bump versioned dependency for libpve-access-control
to ensure the newly checked Sys.AccessNetwork privilege is available.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-02-28 15:53:51 +01:00
Thomas Lamprecht
e1a0e868c7 ui: adapt to fix of Korean language code
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-02-02 17:07:33 +01:00
Thomas Lamprecht
395dbe6b7b d/postinst: fix up whitespace indentation
we actually use a sane one here so do not mess with that

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-01-10 10:35:43 +01:00
Thomas Lamprecht
ec5affc9e4 bump version to 8.1.4
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-01-10 10:30:41 +01:00
Stefan Hanreich
250d7b07f1 postinst: filter rbds in lvm
Since LVM 2.03.15 RBD devices are also scanned by default [1]. This
can lead to guest volumes being recognized and displayed on the host
when using KRBD for RBD-backed disks. In order to prevent this we add
an additional filter to the LVM config to avoid scanning rbds.

This also prevents a bug where LVM created a very high amount of
archive entries when there were logical volumes with the same path
available. This could happen when two guests with RBD disks had the
same LVM layout or a guest and host had the same layout.

previous behavior:
If there is no marker in the LVM conf and global_filter does not
contain '/dev/zd.*': replace the global_filter with our version

new behavior:
Replace the global_filter iff:
- There is no marker and global_filter is empty
- The global_filter is exactly the old default

If we don't replace the filter and it is a non-default value: We print
a warning. Addtionally we force this function to run once when
upgrading from older versions.

The previous versions could replace custom global_filters where the
comment had been removed and the zvol directive removed. The new
behavior is slightly more conservative, but works the same in other
cases.

[1] 6a431eb242

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
2024-01-09 10:33:27 +01:00
Thomas Lamprecht
b46aac3b42 bump version to 8.1.3
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-23 11:20:06 +01:00
Thomas Lamprecht
38d153d6c7 bump version to 8.1.2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-23 11:00:27 +01:00
Thomas Lamprecht
95ece724d5 d/control: bump versioned dependency for libpve-guest-common-perl
Ensure new notification-mode property is recognized for backup jobs.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-23 10:40:57 +01:00
Thomas Lamprecht
3f088b4a50 bump version to 8.1.1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-22 19:37:14 +01:00
Thomas Lamprecht
4898513c4e bump version to 8.1.0
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-22 14:56:12 +01:00
Thomas Lamprecht
c6a1e4e8f0 d/control: upgrade libpve-network-perl dependency to recommendation
could actually be a hard dependency too

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-22 14:56:00 +01:00
Wolfgang Bumiller
c5026e4687 bump access-control to 8.0.7 for nested pools
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-11-20 12:26:13 +01:00
Thomas Lamprecht
fd1a0ae1b3 bump version to 8.0.9
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-11-18 12:24:14 +01:00