IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
this call site was apparently missed when we refactored the node config
/ ACME interaction.
Suggested/Reported-by: Frédéric Bourqui
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
if our self-signed certificate expires in more than 825 days, but was
created after July 2019 it won't be accepted by modern Apple devices. we
fixed the issuance to generate shorter-lived certificates in November
2019, this cleans up the existing ones to fix this and similar future
issues.
two years / 730 days as cut-off was chosen since it's our new maximum
self-signed certificate lifetime, and should thus catch all old-style
certificates.
another positive side-effect is that we can now phase out support for
older certificates faster, e.g. if we want to move to bigger keys,
different signature algorithms, or anything else in that direction.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
but only if the cert is issued by the ca in /etc/pve/pve-root-ca.pem
(by checking the issuer and openssl verify)
this way we can reduce the lifetime of the certs without having
to worry that they ran out
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Add a simple ExecStartPre command which reads the local node config,
and if a delay is set the helper sleeps that long then exists.
The systemd-unit approach was chosen as this ensures that we really
only delay when doing the startall on node boot. The pve-guests
service does not allows manual stops, starts or restarts, it can only
be pulled in by the multi-user.target
Mark this command with "-" to tell systemd that errors of it should
not cause an abort, it's a best-effort approach.
The journal from a 2 second delay would look like:
> Nov 19 13:13:48 dev6 systemd[1]: Starting PVE guests...
> Nov 19 13:13:48 dev6 pve-startall-delay[2318]: Delaying on-boot 'startall' command for 2 second(s).
> ...
> Nov 19 13:13:50 dev6 pve-guests[2339]: <root@pam> starting task UPID:dev6:00000924:00000529:5DD3DC7E:startall::root@pam:
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This patch builds the zsh tab completion scripts for the cli tools of
pve-manager.
In order for it to work, the latest version of pve-common and pve-docs
including the corresponding patches have to be installed on the build
system.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
this allows correct builds without pve-manager installed, with a clean
fall-back to the old behaviour in case pve-doc-generator is too old.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
In pve-common the following changes happened:
0adee98 ("cli_handler: pass common output options as separate parameter")
352b7a1 ("PVE::CLIFormatter - implement new output options")
We now get the format passed via an options hash in the
output function instead of seeing it as an api call
parameter.
Similarly, --quiet is now already handled there.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
We have good command line completion and history with 'bash', so there is
no real need to duplicate this functionality.
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
renew certificate if an acme config entry and a custom certificate
exists on the local node and the certificate expires soon.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Else systemd may start this to early on boot, before pve-cluster is
up and ready, if it missed and update because the node was offline.
This fails the services as it cannot do any IPC with pmxcfs
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
A email notification will be send for each job when the job fails.
This message will only send when an error occurs and the fail count is on 1.
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
if we do not do this, passing arguments with spaces
(e.g., pvesh set YYY --param "one word")
leads to ssh calls like this:
ssh REMOTE pvesh set YYY --param one word
which cannot be parsed correctly
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Because the replication's purge_old_state() function now
fails if cfs_update() fails, and since it tries to access
the actual local pmxcfs it should never have been called by
tests anyway.