There's also support for ending a task with warnings now, so the logic "status
not 'OK' means error" does not work anymore.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
Net::IP doesn't seem to have a function for it and normalizing to the full
quad-form is less then ideal if we inted to output IPv6 addresses returned by
that function at some point.
Instead, use NetAddr::IP, which is already used in pve-network.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
is_ip_in_cidr('fd80:1::10', '127.0.0.1/24') would result in
Use of uninitialized value in numeric eq (==)
as overlaps() returns undef in such a case.
Note that there are (albeit few) existing callers that don't specify $version.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
it is not necessary to include this block in the eval which when it
fails tries to unlink $tmpdest, because in the check for the existing
file $tmpdest is not used.
We support also vlanX, with X being a integer for the VLAN id, as
valid vlan iface name, so support that too here.
and make the dev name check for definedness, even if "0" is currently
not really supported (officially) it is still a valid iface name for
the kernel (which takes any byte).
The VLAN id is in the range of [2, 4094] (inclusive) so defined check
is not required there.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Setting the vlan-id and vlan-raw-device value for vlan devices that
follow the dot notaton (interface.vlan) aligns how dot notation vlan
devices and vlan devices that use the explicit vlan-id and
vlan-raw-device options, available with ifupdown2, are represented in
API return values.
Previously the type for both was 'vlan' but only the latter showed more
details.
Setting these values here should not have any influence on how the
interfaces file is being written as these two values are already
filtered in __write_etc_network_interfaces for dot notation devices.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
plus some refactoring
* drop worker, cannot be done here (RPCEnv is in pve-access-control)
* actually output the wrong "got" hash on mismatch
* die on existing file with mismatched
* drop double array for passing cmd
* drop `/usr/bin` prefix
* adapt rename error message
* add error handling for unlinking the temp. file
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
adds a common function to download arbitrary files from urls.
code is based on
manager:PVE/API2/Nodes.pm:aplinfo
Security notice: this function does not perform any permission
checking. The callee has to make sure, that only authorized users may
use this function.
Caution: This function is able to download files from internal
networks (which would not be visible/accessible from outside), the
callee needs to ensure that unprivileged (e.g., non root@pam or the
like) can only pass OK URLs (e.g., resolving to public routable IPs)
Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This reverts commit a3777dce67.
With the upcoming release of pmg-api 7.0 we included the changes for
configuring a LISTEN_IP, thus this compatibility code is not needed
anymore.
Quickly tested with current pmg-api master
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
The changes to the listening behavior introduced with PVE 6.4 break
backwardscompatibility w.r.t. listening address and logging, which
should not be changed without explictly notifying the user.
This patch re-adds the family parameter, which is still used by
pmgproxy and based on its existence creates the socket as before.
compared to the IO::Socket::IP->new call used before
390fc10dc4, the only change is the
renaming of 'LocalAddr' to 'LocalHost' (which are synonymous in
IO::Socket::IP [0])
It can simply be reverted with the release of pmg-api 7.0 (where
we'll record the change in the release-notes and upgrade-page)
[0] https://perldoc.perl.org/IO::Socket::IP
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
with the recent change in pve-manager pveproxy (and spiceproxy)
try binding to '::' per default. This fails for hosts having disabled
ipv6 via kernel commandline.
Our desired behavior of binding on '::' and only falling back to
'0.0.0.0' in case this is not supported is not directly possible with
IO::Socket::IP->new (or rather by Socket::GetAddrInfo, which at least
on my system always returns the v4 wildcard-address first).
the code now binds to:
* the provided $host if not undef
* '::' if $host is not set
* '0.0.0.0' if $host is not set and binding on '::' yields undef,
which means that it failed to create a socket which normally means
that IPv6 is disabled
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The Domain parameter for IO::Socket::IP is not used/needed.
It is needed to create a IP Socket when calling IO::Socket->new,
but here we call IO::Socket::IP-new directly (see [0]).
[0] https://perldoc.perl.org/IO::Socket::IP
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Previously, the returned value would be only the last element or undef in case
of an empty list. There's only a handful of callers of check_format() that look
at the return value and AFAICT none of the exisitng ones is for a -list format.
But best to avoid any future surprises.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
They can be used like loopback, but not limited to only 1 interface.
It's needed for bgp with multipath/ecmp to have a unique src ip
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
It has not shown any real value in the last decade+ it was enabled,
and it can actually add quite some performance overhead. E.g., if an
API endpoint returns a few 100k of relatively simple entries we can
easily require several seconds, even tens of seconds, to run the
return validation - making it easier to run into timeouts along the
transmit path to the client.
The CLI handler has it still enabled, normally there's no timeout
there as no HTTP transmit path is involved, and d.csapak had a slight
preference for that in an off-list discussion.
The actual implementations in PMG or PVE could enable it too if
running under debug mode.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
as is already supported by the UI (and PBS).
A nice bonus is that warn() can be used by both workers and non-workers. For
workers, the output is redirected/duplicated as set up by {fork,tee}_worker(),
and non-erroring workers that issued a warning will end in a WARNINGS state.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
*_prepare creates a fifo for streaming data back to clients directly,
filefile_restore_extract blocks and should be called from a background
worker - while it is running outcoming data can be read from the FIFO.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
More helpful for a user to know what they're missing.
Suggested-by: Dominic Jäger <d.jaeger@proxmox.com>
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
When the 'Domain' configuration of IO::Socket::IP is set to PF_INET6,
it will prefer IPv6, but since we don't set 'V6Only' it will also
listen on IPv4 interfaces[0].
Drop the now obsoleted '$family' parameter.
[0]: https://perldoc.perl.org/IO::Socket::IP#REPLACING-IO::Socket-DEFAULT-BEHAVIOUR
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Currently this happened if (and only if) at least one
positional parameter was passed.
We run into this with
`pmgconfig cert delete <type> [<restart>]`
vs
`pvenode cert delete [<restart>]`
where in the PVE case the `restart` option was simply
omitted, whereas for PMG due to the existence of `<type>`
the `restart` option was explicitly passedset in the $opts
hash but ended up being `undef`.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>