Commit Graph

334 Commits

Author SHA1 Message Date
Fabian Grünbichler
4568bc58ac fix #2890: also detect & renew DNS-only ACME certs
this call site was apparently missed when we refactored the node config
/ ACME interaction.

Suggested/Reported-by: Frédéric Bourqui
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-07-27 10:53:32 +02:00
Thomas Lamprecht
1181d41e32 Revert "Close #1623: replace apt-get to apt"
This reverts commit c89d1756bf.
2020-07-08 10:55:56 +02:00
Moayad Almalat
c89d1756bf Close #1623: replace apt-get to apt
Signed-off-by: Moayad Almalat <m.almalat@proxmox.com>
2020-07-07 18:52:28 +02:00
Thomas Lamprecht
e1101552bf cert renew: note reason why renewal due to long lifetime is done 2020-04-27 18:28:59 +02:00
Fabian Grünbichler
34f8507b29 certs: early renew long-lived certificates
if our self-signed certificate expires in more than 825 days, but was
created after July 2019 it won't be accepted by modern Apple devices. we
fixed the issuance to generate shorter-lived certificates in November
2019, this cleans up the existing ones to fix this and similar future
issues.

two years / 730 days as cut-off was chosen since it's our new maximum
self-signed certificate lifetime, and should thus catch all old-style
certificates.

another positive side-effect is that we can now phase out support for
older certificates faster, e.g. if we want to move to bigger keys,
different signature algorithms, or anything else in that direction.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-04-27 13:14:10 +02:00
Thomas Lamprecht
f18dacb78f pveversion: fix removed packages with residual configs
Those ain't 'not correctly installed', so do not suggest the user
that.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-12-03 14:12:50 +01:00
Thomas Lamprecht
ea93e03e55 followup: be slightly more verbose on error or renew
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-26 13:23:45 +01:00
Dominik Csapak
9c284459e9 renew pve-ssl.pem when it nearly expires
but only if the cert is issued by the ca in /etc/pve/pve-root-ca.pem
(by checking the issuer and openssl verify)

this way we can reduce the lifetime of the certs without having
to worry that they ran out

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2019-11-26 13:13:04 +01:00
Thomas Lamprecht
ca0fc07dd4 fix #844: allow to pre-delay start-all-marked guests on boot
Add a simple ExecStartPre command which reads the local node config,
and if a delay is set the helper sleeps that long then exists.

The systemd-unit approach was chosen as this ensures that we really
only delay when doing the startall on node boot. The pve-guests
service does not allows manual stops, starts or restarts, it can only
be pulled in by the multi-user.target

Mark this command with "-" to tell systemd that errors of it should
not cause an abort, it's a best-effort approach.

The journal from a 2 second delay would look like:
> Nov 19 13:13:48 dev6 systemd[1]: Starting PVE guests...
> Nov 19 13:13:48 dev6 pve-startall-delay[2318]: Delaying on-boot 'startall' command for 2 second(s).
> ...
> Nov 19 13:13:50 dev6 pve-guests[2339]: <root@pam> starting task UPID:dev6:00000924:00000529:5DD3DC7E:startall::root@pam:

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-20 20:20:58 +01:00
Fabian Grünbichler
a029c045e9 use PVE::DataCenterConfig
to make sure that the corresponding cfs_read_file works() works.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2019-11-18 12:25:35 +01:00
Thomas Lamprecht
09df2aac59 pve5to6 will never be a POD based man page, fake it for now
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-25 09:51:00 +02:00
Thomas Lamprecht
f72c8f8c1c followups: pve5to6
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-25 09:04:07 +02:00
Fabian Grünbichler
a5d0627800 upgrade checklist
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2019-06-25 09:03:42 +02:00
Thomas Lamprecht
3331257e0f bin/make: fix pod2man generation
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-25 09:03:42 +02:00
Christian Ebner
3fa3cc5640 Fix 1891 Generate zsh tab completion scripts for cli tools
This patch builds the  zsh tab completion scripts for the cli tools of
pve-manager.
In order for it to work, the latest version of pve-common and pve-docs
including the corresponding patches have to be installed on the build
system.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
2019-02-20 12:12:07 +01:00
Thomas Lamprecht
f5c6df4537 pveperf: print errno on die if sensible
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-31 13:50:37 +01:00
Thomas Lamprecht
8b4162f03e pveperf: use fsync syscall from PVE::Tools
allows to drop the libfile-sync-perl dependency

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-31 11:44:15 +01:00
Fabian Grünbichler
946a2dadd2 build: use pve-doc-generator to verify API
and move API verification to 'check' target, where it belongs.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-10-18 14:17:08 +02:00
Fabian Grünbichler
829fe4acc2 build: use pve-doc-generator for bash-completion
and bump build-depends accordingly

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-10-18 14:17:08 +02:00
Fabian Grünbichler
203b6f3565 build: set PERL_DOC_INC_DIRS
this allows correct builds without pve-manager installed, with a clean
fall-back to the old behaviour in case pve-doc-generator is too old.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-10-18 14:17:08 +02:00
Dietmar Maurer
bd0e50532b pvesh cleanup: use a handler class - PVE/CLI/pvesh.pm 2018-07-26 15:20:15 +02:00
Dietmar Maurer
b35fe93178 pvesh: implement 'ls' command 2018-07-26 13:09:08 +02:00
Dietmar Maurer
9bb8ce6be0 pvesh: do not use CLIHandler $option parameter, simplify code 2018-07-26 13:09:08 +02:00
Dietmar Maurer
25b6579121 pvesh: use standard output options
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2018-07-11 11:27:13 +02:00
Dietmar Maurer
864a5845ec pvesh usage: correctly handle uri paramaeters, cleanups
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2018-07-11 11:27:13 +02:00
Dietmar Maurer
4012507fd7 pvesh usage: new option --returns to print result schema
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2018-07-11 11:27:13 +02:00
Wolfgang Bumiller
9730f1e239 fixup pvesh for changes in pve-common
In pve-common the following changes happened:
  0adee98 ("cli_handler: pass common output options as separate parameter")
  352b7a1 ("PVE::CLIFormatter - implement new output options")
We now get the format passed via an options hash in the
output function instead of seeing it as an api call
parameter.

Similarly, --quiet is now already handled there.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-07-11 10:51:14 +02:00
Dietmar Maurer
be96a59334 pvesh: complete rewrite using PVE::CLIHandler
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2018-07-11 10:36:32 +02:00
Dietmar Maurer
a306ed1315 pvesh - remove interactive readline mode
We have good command line completion and history with 'bash', so there is
no real need to duplicate this functionality.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2018-07-11 10:36:32 +02:00
Dominik Csapak
396530df43 fix correct call to 'usage_str'
we forgot to give usage_str also the param_mapping sub,
else it fails on calling 'help'

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2018-06-28 13:15:13 +02:00
Dominik Csapak
067e452b48 use PVE::RESTHandler explicitly
since we use it in the code

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2018-06-27 12:19:52 +02:00
Dominik Csapak
12248c4dce replace read_password with param_mapping in pvesh
and use get_standard_mapping from CLIHandler

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2018-06-27 12:19:45 +02:00
Thomas Lamprecht
8f01459822 cleanup: move bin/test to toplevel
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-20 13:04:51 +02:00
Thomas Lamprecht
81c713fcfd cleanup: rename bin/init.d to services
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-20 13:04:51 +02:00
Fabian Grünbichler
3706711822 test: replication: adapt test data
otherwise the checks in write_config fail

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-05-14 13:58:11 +02:00
Fabian Grünbichler
c5ee787b12 test: replication: mock cfs_(write|lock)_file
which is needed since the HA recovery series

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-05-14 13:57:26 +02:00
René Jochum
58dc554cd0 Extend the .gitignore(s)
Signed-off-by: René Jochum <rene@jochums.at>
2018-05-04 14:50:04 +02:00
Fabian Grünbichler
9f6d12faca pveupdate: add ACME certificate renewal
renew certificate if an acme config entry and a custom certificate
exists on the local node and the certificate expires soon.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-05-02 11:34:52 +02:00
Fabian Grünbichler
bc0da05b6c add pvenode CLIHandler
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-05-02 11:34:52 +02:00
Thomas Lamprecht
8bbdba04e6 pve-daily-update.service: add Wants/After for pve-cluster.service
Else systemd may start this to early on boot, before pve-cluster is
up and ready, if it missed and update because the node was offline.
This fails the services as it cannot do any IPC with pmxcfs

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-03-23 11:52:42 +01:00
Thomas Lamprecht
1605fdfacd pveupdate: replace cron job with systemd timer
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-03-12 15:14:13 +01:00
Thomas Lamprecht
00ad5582b8 services: remove obsolete init.d scripts
They all have a systemd service file so no need for them anymore

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-03-12 14:19:41 +01:00
Thomas Lamprecht
ba5aef794b buildsys: add %.1.pod make target to reduce duplication
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-03-12 14:19:41 +01:00
Thomas Lamprecht
a14ad9bc57 remove obsolete (rgmanager era) HA resource agent
This was used by rgmanager which was superseeded in 2015 with our
ha-manager for PVE 4.0

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-03-12 14:19:41 +01:00
Dietmar Maurer
9e7b17dbc8 pveupdate - always run check for available updates 2017-12-21 10:17:56 +01:00
Wolfgang Link
9fe22a12ba Send an email when a replication job fails.
A email notification will be send for each job when the job fails.
This message will only send when an error occurs and the fail count is on 1.

Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-12-13 14:51:07 +01:00
Dominik Csapak
050b8c0247 fix #1539: add missing shellquote for proxied commands of pvesh
if we do not do this, passing arguments with spaces
(e.g., pvesh set YYY --param "one word")
leads to ssh calls like this:
ssh REMOTE pvesh set YYY --param one word

which cannot be parsed correctly

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2017-10-31 08:28:10 +01:00
Philip Abernethy
6deb6f623a Use run_cli_handler instead of deprecated run_cli 2017-10-18 15:32:52 +02:00
Wolfgang Bumiller
25fbd7691e test: mock PVE::Cluster::cfs_update
Because the replication's purge_old_state() function now
fails if cfs_update() fails, and since it tries to access
the actual local pmxcfs it should never have been called by
tests anyway.
2017-10-18 15:31:00 +02:00
Wolfgang Bumiller
a435fcab5b init: shorter pve-guests.service Description 2017-09-11 15:53:41 +02:00