proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-07-13 20:56:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

code cleanups

Browse Source
This commit is contained in:
Dietmar Maurer 2013-04-11 08:17:34 +02:00
parent c2e9823c0a
commit f91072d56f
4 changed files with 80 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
PVE/APIDaemon.pm
View File

@ -2,25 +2,17 @@ package PVE::APIDaemon;
use strict; use strict;
use warnings; use warnings;
use vars qw(@ISA); use POSIX ":sys_wait_h";
use IO::Socket::INET; use IO::Socket::INET;
use PVE::SafeSyslog; use PVE::SafeSyslog;
use PVE::INotify;
use PVE::RPCEnvironment;
use PVE::HTTPServer; use PVE::HTTPServer;
use POSIX qw(EINTR);
use POSIX ":sys_wait_h";
use IO::Handle;
use IO::Select;
use JSON;
my $workers = {}; my $workers = {};
sub new { sub new {
my ($this, %args) = @_; my ($this, %args) = @_;
my $class = ref($this) || $this; my $class = ref($this) || $this;
die "no lockfile" if !$args{lockfile}; die "no lockfile" if !$args{lockfile};
@ -43,7 +35,7 @@ sub new {
$cfg->{lockfh} = $lockfh; $cfg->{lockfh} = $lockfh;
$cfg->{max_workers} = 3 if !$cfg->{max_workers}; $cfg->{max_workers} = 3 if !$cfg->{max_workers};
$cfg->{trusted_env} = 0 if !defined($cfg->{trusted_env}); $cfg->{trusted_env} = 0 if !defined($cfg->{trusted_env});
return $self; return $self;
} }
@ -52,9 +44,9 @@ sub worker_finished {
syslog('info', "worker $cpid finished"); syslog('info', "worker $cpid finished");
} }
sub finish_workers { sub finish_workers {
local $!; local $?; local $!; local $?;
foreach my $cpid (keys %$workers) { foreach my $cpid (keys %$workers) {
my $waitpid = waitpid ($cpid, WNOHANG); my $waitpid = waitpid ($cpid, WNOHANG);
if (defined($waitpid) && ($waitpid == $cpid)) { if (defined($waitpid) && ($waitpid == $cpid)) {
@ -75,7 +67,7 @@ sub test_workers {
} }
sub start_workers { sub start_workers {
my ($self, $rpcenv) = @_; my ($self) = @_;
my $count = 0; my $count = 0;
foreach my $cpid (keys %$workers) { foreach my $cpid (keys %$workers) {
@ -104,10 +96,8 @@ sub start_workers {
$SIG{TERM} = $SIG{QUIT} = 'DEFAULT'; # we handle that with AnyEvent $SIG{TERM} = $SIG{QUIT} = 'DEFAULT'; # we handle that with AnyEvent
eval { eval {
# try to init inotify my $server = PVE::HTTPServer->new(%{$self->{cfg}});
# fixme: poll $server->run();
PVE::INotify::inotify_init();
$self->handle_connections($rpcenv);
}; };
if (my $err = $@) { if (my $err = $@) {
syslog('err', $err); syslog('err', $err);
@ -130,7 +120,7 @@ sub terminate_server {
my $previous_alarm = alarm (10); my $previous_alarm = alarm (10);
eval { eval {
local $SIG{ALRM} = sub { die "timeout\n" }; local $SIG{ALRM} = sub { die "timeout\n" };
while ((my $pid = waitpid (-1, 0)) > 0) { while ((my $pid = waitpid (-1, 0)) > 0) {
if (defined($workers->{$pid})) { if (defined($workers->{$pid})) {
delete ($workers->{$pid}); delete ($workers->{$pid});
@ -140,11 +130,11 @@ sub terminate_server {
alarm(0); # avoid race condition alarm(0); # avoid race condition
}; };
my $err = $@; my $err = $@;
alarm ($previous_alarm); alarm ($previous_alarm);
if ($err) { if ($err) {
syslog('err', "error stopping workers (will kill them now) - $err"); syslog('err', "error stopping workers (will kill them now) - $err");
foreach my $cpid (keys %$workers) { foreach my $cpid (keys %$workers) {
# KILL childs still alive! # KILL childs still alive!
if (kill (0, $cpid)) { if (kill (0, $cpid)) {
@ -159,10 +149,6 @@ sub terminate_server {
sub start_server { sub start_server {
my $self = shift; my $self = shift;
my $atfork = sub { close($self->{cfg}->{socket}); };
my $rpcenv = PVE::RPCEnvironment->init(
$self->{cfg}->{trusted_env} ? 'priv' : 'pub', atfork => $atfork);
eval { eval {
my $old_sig_chld = $SIG{CHLD}; my $old_sig_chld = $SIG{CHLD};
local $SIG{CHLD} = sub { local $SIG{CHLD} = sub {
@ -171,11 +157,11 @@ sub start_server {
}; };
my $old_sig_term = $SIG{TERM}; my $old_sig_term = $SIG{TERM};
local $SIG{TERM} = sub { local $SIG{TERM} = sub {
terminate_server (); terminate_server ();
&$old_sig_term(@_) if $old_sig_term; &$old_sig_term(@_) if $old_sig_term;
}; };
local $SIG{QUIT} = sub { local $SIG{QUIT} = sub {
terminate_server(); terminate_server();
&$old_sig_term(@_) if $old_sig_term; &$old_sig_term(@_) if $old_sig_term;
}; };
@ -188,8 +174,8 @@ sub start_server {
}; };
for (;;) { # forever for (;;) { # forever
$self->start_workers($rpcenv); $self->start_workers();
sleep (5); sleep (5);
$self->test_workers(); $self->test_workers();
} }
}; };
@ -200,18 +186,4 @@ sub start_server {
} }
} }
sub send_error {
my ($c, $code, $msg) = @_;
$c->send_response(HTTP::Response->new($code, $msg));
}
sub handle_connections {
my ($self, $rpcenv) = @_;
my $server = PVE::HTTPServer->new(%{$self->{cfg}}, rpcenv => $rpcenv);
$server->run();
}
1; 1;

124
PVE/HTTPServer.pm
View File

@ -30,7 +30,6 @@ use CGI; # fixme: remove this!
$CGI::DISABLE_UPLOADS = 1; # no uploads $CGI::DISABLE_UPLOADS = 1; # no uploads
$CGI::POST_MAX = 1024 * 10; # max 10K posts $CGI::POST_MAX = 1024 * 10; # max 10K posts
use Scalar::Util qw/weaken/; # fixme: remove?
use Data::Dumper; # fixme: remove use Data::Dumper; # fixme: remove
my $known_methods = { my $known_methods = {
@ -69,7 +68,7 @@ sub log_aborted_request {
if ($error) { if ($error) {
syslog("err", "problem with client $reqstate->{peer_host}; $error"); syslog("err", "problem with client $reqstate->{peer_host}; $error");
} }
$self->log_request($reqstate); $self->log_request($reqstate);
} }
@ -87,12 +86,12 @@ sub client_do_disconnect {
shutdown($hdl->{fh}, 1); shutdown($hdl->{fh}, 1);
# clear all handlers # clear all handlers
$hdl->on_drain(undef); $hdl->on_drain(undef);
$hdl->on_read(undef); $hdl->on_read(undef);
$hdl->on_eof(undef); $hdl->on_eof(undef);
$self->{conn_count}--; $self->{conn_count}--;
#print "$$: client_do_disconnect $self->{conn_count} $hdl\n"; print "$$: CLOSE FH" . $hdl->{fh}->fileno() . " CONN$self->{conn_count}\n" if $self->{debug};
} }
sub finish_response { sub finish_response {
@ -106,15 +105,15 @@ sub finish_response {
if (!$self->{end_loop} && $reqstate->{keep_alive} > 0) { if (!$self->{end_loop} && $reqstate->{keep_alive} > 0) {
# print "KEEPALIVE $reqstate->{keep_alive}\n"; # print "KEEPALIVE $reqstate->{keep_alive}\n";
$hdl->on_read(sub { $hdl->on_read(sub {
eval { $self->push_request_header($reqstate); }; eval { $self->push_request_header($reqstate); };
warn $@ if $@; warn $@ if $@;
}); });
} else { } else {
$hdl->on_drain (sub { $hdl->on_drain (sub {
eval { eval {
$self->client_do_disconnect($reqstate); $self->client_do_disconnect($reqstate);
}; };
warn $@ if $@; warn $@ if $@;
}); });
} }
@ -140,7 +139,7 @@ sub response {
$reqstate->{log}->{code} = $code; $reqstate->{log}->{code} = $code;
my $res = "HTTP/1.0 $code $msg\015\012"; my $res = "HTTP/1.0 $code $msg\015\012";
my $ctime = time(); my $ctime = time();
my $date = HTTP::Date::time2str($ctime); my $date = HTTP::Date::time2str($ctime);
$resp->header('Date' => $date); $resp->header('Date' => $date);
@ -155,12 +154,7 @@ sub response {
$resp->header('Server' => "pve-api-daemon/3.0"); $resp->header('Server' => "pve-api-daemon/3.0");
my $content_length; my $content_length;
if (ref($content) eq "CODE") { if ($content) {
$reqstate->{keep_alive} = 0;
# fixme:
} elsif ($content) {
$content_length = length($content); $content_length = length($content);
@ -172,10 +166,11 @@ sub response {
} }
$resp->header("Content-Length" => $content_length); $resp->header("Content-Length" => $content_length);
$reqstate->{log}->{content_length} = $content_length; $reqstate->{log}->{content_length} = $content_length;
} else { } else {
$resp->remove_header("Content-Length"); $resp->remove_header("Content-Length");
} }
if ($reqstate->{keep_alive} > 0) { if ($reqstate->{keep_alive} > 0) {
$resp->push_header('Connection' => 'Keep-Alive'); $resp->push_header('Connection' => 'Keep-Alive');
} else { } else {
@ -183,7 +178,7 @@ sub response {
} }
$res .= $resp->headers_as_string("\015\012"); $res .= $resp->headers_as_string("\015\012");
#print "SEND(supress content) $res\n"; #print "SEND(without content) $res\n" if $self->{debug};
$res .= "\015\012"; $res .= "\015\012";
$res .= $content; $res .= $content;
@ -198,7 +193,7 @@ sub error {
my ($self, $reqstate, $code, $msg, $hdr, $content) = @_; my ($self, $reqstate, $code, $msg, $hdr, $content) = @_;
eval { eval {
my $resp = HTTP::Response->new($code, $msg, $hdr, $content); my $resp = HTTP::Response->new($code, $msg, $hdr, $content);
$self->response($reqstate, $resp); $self->response($reqstate, $resp);
}; };
warn $@ if $@; warn $@ if $@;
@ -209,14 +204,14 @@ sub send_file_start {
eval { eval {
# print "SEND FILE $filename\n"; # print "SEND FILE $filename\n";
# Note: aio_load() this is not really async unless we use IO::AIO! # Note: aio_load() this is not really async unless we use IO::AIO!
eval { eval {
my $fh = IO::File->new($filename, '<') || my $fh = IO::File->new($filename, '<') ||
die "$!\n"; die "$!\n";
my $stat = File::stat::stat($fh) || my $stat = File::stat::stat($fh) ||
die "$!\n"; die "$!\n";
my $data; my $data;
my $len = sysread($fh, $data, $stat->size); my $len = sysread($fh, $data, $stat->size);
die "got short file\n" if !defined($len) || $len != $stat->size; die "got short file\n" if !defined($len) || $len != $stat->size;
@ -224,27 +219,27 @@ sub send_file_start {
my $ct; my $ct;
if ($filename =~ m/\.css$/) { if ($filename =~ m/\.css$/) {
$ct = 'text/css'; $ct = 'text/css';
} elsif ($filename =~ m/\.js$/) { } elsif ($filename =~ m/\.js$/) {
$ct = 'application/javascript'; $ct = 'application/javascript';
} elsif ($filename =~ m/\.png$/) { } elsif ($filename =~ m/\.png$/) {
$ct = 'image/png'; $ct = 'image/png';
} elsif ($filename =~ m/\.gif$/) { } elsif ($filename =~ m/\.gif$/) {
$ct = 'image/gif'; $ct = 'image/gif';
} elsif ($filename =~ m/\.jar$/) { } elsif ($filename =~ m/\.jar$/) {
$ct = 'application/java-archive'; $ct = 'application/java-archive';
} else { } else {
die "unable to detect content type"; die "unable to detect content type";
} }
my $header = HTTP::Headers->new(Content_Type => $ct); my $header = HTTP::Headers->new(Content_Type => $ct);
my $resp = HTTP::Response->new(200, "OK", $header, $data); my $resp = HTTP::Response->new(200, "OK", $header, $data);
$self->response($reqstate, $resp, $stat->mtime); $self->response($reqstate, $resp, $stat->mtime);
}; };
if (my $err = $@) { if (my $err = $@) {
$self->error($reqstate, 501, $err); $self->error($reqstate, 501, $err);
} }
}; };
warn $@ if $@; warn $@ if $@;
} }
@ -254,9 +249,9 @@ sub proxy_request {
eval { eval {
my $target; my $target;
if ($host eq 'localhost') { if ($host eq 'localhost') {
$target = "http://$host:85$abs_uri"; $target = "http://$host:85$abs_uri";
} else { } else {
$target = "https://$host:8006$abs_uri"; $target = "https://$host:8006$abs_uri";
} }
my $headers = { my $headers = {
@ -283,19 +278,17 @@ sub proxy_request {
} }
} }
# fixme: tls_ctx;
my $w; $w = http_request( my $w; $w = http_request(
$method => $target, $method => $target,
headers => $headers, headers => $headers,
timeout => 30, timeout => 30,
resurse => 0, resurse => 0,
body => $content, body => $content,
sub { sub {
my ($body, $hdr) = @_; my ($body, $hdr) = @_;
undef $w; undef $w;
eval { eval {
my $code = delete $hdr->{Status}; my $code = delete $hdr->{Status};
my $msg = delete $hdr->{Reason}; my $msg = delete $hdr->{Reason};
@ -361,24 +354,24 @@ sub handle_api2_request {
my $clientip = $headers->header('PVEClientIP'); my $clientip = $headers->header('PVEClientIP');
$rpcenv->init_request(params => $params); $rpcenv->init_request(params => $params);
my $res = PVE::REST::rest_handler($rpcenv, $clientip, $method, $path, $rel_uri, $ticket, $token); my $res = PVE::REST::rest_handler($rpcenv, $clientip, $method, $path, $rel_uri, $ticket, $token);
# fixme: eval { $userid = $rpcenv->get_user(); }; # todo: eval { $userid = $rpcenv->get_user(); };
my $userid = $rpcenv->{user}; # this is faster my $userid = $rpcenv->{user}; # this is faster
$rpcenv->set_user(undef); # clear after request $rpcenv->set_user(undef); # clear after request
$reqstate->{log}->{userid} = $userid; $reqstate->{log}->{userid} = $userid;
if ($res->{proxy}) { if ($res->{proxy}) {
if ($self->{trusted_env}) { if ($self->{trusted_env}) {
$self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR, "proxy not allowed"); $self->error($reqstate, HTTP_INTERNAL_SERVER_ERROR, "proxy not allowed");
return; return;
} }
$self->proxy_request($reqstate, $r, $clientip, $res->{proxy}, $method, $self->proxy_request($reqstate, $r, $clientip, $res->{proxy}, $method,
$r->uri, $ticket, $token, $res->{proxy_params}); $r->uri, $ticket, $token, $res->{proxy_params});
return; return;
@ -391,7 +384,7 @@ sub handle_api2_request {
$resp->header("Content-Type" => $ct); $resp->header("Content-Type" => $ct);
$resp->content($raw); $resp->content($raw);
$self->response($reqstate, $resp); $self->response($reqstate, $resp);
return; return;
}; };
warn $@ if $@; warn $@ if $@;
@ -415,7 +408,7 @@ sub handle_request {
return; return;
} }
if ($path =~ m!/api2!) { if ($path =~ m!/api2!) {
$self->handle_api2_request($reqstate); $self->handle_api2_request($reqstate);
return; return;
} }
@ -436,7 +429,7 @@ sub handle_request {
die "internal error - no handler"; die "internal error - no handler";
} }
return; return;
} }
if ($self->{dirs} && ($method eq 'GET')) { if ($self->{dirs} && ($method eq 'GET')) {
# we only allow simple names # we only allow simple names
@ -491,7 +484,7 @@ sub unshift_read_header {
my $len = $r->header('Content-Length'); my $len = $r->header('Content-Length');
my $pveclientip = $r->header('PVEClientIP'); my $pveclientip = $r->header('PVEClientIP');
# fixme: # fixme: how can we make PVEClientIP header trusted?
if ($self->{trusted_env} && $pveclientip) { if ($self->{trusted_env} && $pveclientip) {
$reqstate->{peer_host} = $pveclientip; $reqstate->{peer_host} = $pveclientip;
} else { } else {
@ -536,7 +529,7 @@ sub push_request_header {
eval { eval {
#print "got request header: $line\n"; #print "got request header: $line\n";
$reqstate->{keep_alive}--; $reqstate->{keep_alive}--;
if ($line =~ /(\S+)\040(\S+)\040HTTP\/(\d+)\.(\d+)/o) { if ($line =~ /(\S+)\040(\S+)\040HTTP\/(\d+)\.(\d+)/o) {
@ -549,7 +542,7 @@ sub push_request_header {
$self->{request_count}++; # only count valid request headers $self->{request_count}++; # only count valid request headers
if ($self->{request_count} >= $self->{max_requests}) { if ($self->{request_count} >= $self->{max_requests}) {
$self->{end_loop} = 1; $self->{end_loop} = 1;
} }
$reqstate->{log} = { requestline => $line }; $reqstate->{log} = { requestline => $line };
$reqstate->{proto}->{maj} = $maj; $reqstate->{proto}->{maj} = $maj;
@ -609,12 +602,10 @@ sub accept {
die $errmsg if $errmsg; die $errmsg if $errmsg;
} }
fh_nonblocking $clientfh, 1; fh_nonblocking $clientfh, 1;
$self->{conn_count}++; $self->{conn_count}++;
print "$$: ACCEPT OK $self->{conn_count} FH" . $clientfh->fileno() . "\n";
return $clientfh; return $clientfh;
} }
@ -624,7 +615,7 @@ sub wait_end_loop {
$self->{end_loop} = 1; $self->{end_loop} = 1;
undef $self->{socket_watch}; undef $self->{socket_watch};
if ($self->{conn_count} <= 0) { if ($self->{conn_count} <= 0) {
$self->{end_cond}->send(1); $self->{end_cond}->send(1);
return; return;
@ -633,7 +624,7 @@ sub wait_end_loop {
# else we need to wait until all open connections gets closed # else we need to wait until all open connections gets closed
my $w; $w = AnyEvent->timer (after => 1, interval => 1, cb => sub { my $w; $w = AnyEvent->timer (after => 1, interval => 1, cb => sub {
eval { eval {
# fixme: test for active connections instead? # todo: test for active connections instead (we can abort idle connections)
if ($self->{conn_count} <= 0) { if ($self->{conn_count} <= 0) {
undef $w; undef $w;
$self->{end_cond}->send(1); $self->{end_cond}->send(1);
@ -642,7 +633,7 @@ sub wait_end_loop {
warn $@ if $@; warn $@ if $@;
}); });
} }
sub accept_connections { sub accept_connections {
my ($self) = @_; my ($self) = @_;
@ -670,7 +661,7 @@ sub accept_connections {
}; };
if (my $err = $@) { syslog('err', $err); } if (my $err = $@) { syslog('err', $err); }
}, },
on_error => sub { on_error => sub {
my ($hdl, $fatal, $message) = @_; my ($hdl, $fatal, $message) = @_;
eval { eval {
$self->log_aborted_request($reqstate, $message); $self->log_aborted_request($reqstate, $message);
@ -680,7 +671,7 @@ sub accept_connections {
}, },
($self->{tls_ctx} ? (tls => "accept", tls_ctx => $self->{tls_ctx}) : ())); ($self->{tls_ctx} ? (tls => "accept", tls_ctx => $self->{tls_ctx}) : ()));
print "$$: ACCEPT OK $reqstate->{hdl} $self->{conn_count}\n"; print "$$: ACCEPT FH" . $clientfh->fileno() . " CONN$self->{conn_count}\n" if $self->{debug};
$self->push_request_header($reqstate); $self->push_request_header($reqstate);
} }
@ -696,7 +687,7 @@ sub accept_connections {
# Note: We can't open log file in non-blocking mode and use AnyEvent::Handle, # Note: We can't open log file in non-blocking mode and use AnyEvent::Handle,
# because we write from multiple processes, and that would arbitrarily mix output # because we write from multiple processes, and that would arbitrarily mix output
# of all processes. # of all processes.
sub open_access_log { sub open_access_log {
my ($self, $filename) = @_; my ($self, $filename) = @_;
@ -729,12 +720,19 @@ sub new {
my $class = ref($this) || $this; my $class = ref($this) || $this;
foreach my $req (qw(rpcenv socket lockfh lockfile)) { foreach my $req (qw(socket lockfh lockfile)) {
die "misssing required argument '$req'" if !defined($args{$req}); die "misssing required argument '$req'" if !defined($args{$req});
} }
my $self = bless { %args }, $class; my $self = bless { %args }, $class;
# init inotify
PVE::INotify::inotify_init();
my $atfork = sub { close($self->{socket}); };
$self->{rpcenv} = PVE::RPCEnvironment->init(
$self->{trusted_env} ? 'priv' : 'pub', atfork => $atfork);
fh_nonblocking($self->{socket}, 1); fh_nonblocking($self->{socket}, 1);
$self->{end_loop} = 0; $self->{end_loop} = 0;
@ -748,11 +746,11 @@ sub new {
$self->{end_cond} = AnyEvent->condvar; $self->{end_cond} = AnyEvent->condvar;
if ($self->{ssl}) { if ($self->{ssl}) {
$self->{tls_ctx} = AnyEvent::TLS->new(%{$self->{ssl}}); $self->{tls_ctx} = AnyEvent::TLS->new(%{$self->{ssl}});
} }
$self->open_access_log($self->{logfile}) if $self->{logfile}; $self->open_access_log($self->{logfile}) if $self->{logfile};
$self->{socket_watch} = AnyEvent->io(fh => $self->{socket}, poll => 'r', cb => sub { $self->{socket_watch} = AnyEvent->io(fh => $self->{socket}, poll => 'r', cb => sub {
eval { eval {
if ($self->{conn_count} >= $self->{max_conn}) { if ($self->{conn_count} >= $self->{max_conn}) {
@ -764,7 +762,7 @@ sub new {
}); });
} else { } else {
$self->accept_connections(); $self->accept_connections();
} }
}; };
warn $@ if $@; warn $@ if $@;
}); });
@ -774,11 +772,15 @@ sub new {
$self->wait_end_loop(); $self->wait_end_loop();
}); });
$self->{quit_watch} = AnyEvent->signal(signal => "QUIT", cb => sub { $self->{quit_watch} = AnyEvent->signal(signal => "QUIT", cb => sub {
undef $self->{quit_watch}; undef $self->{quit_watch};
$self->wait_end_loop(); $self->wait_end_loop();
}); });
$self->{inotify_poll} = AnyEvent->timer(after => 5, interval => 5, cb => sub {
PVE::INotify::poll(); # read inotify events
});
return $self; return $self;
} }

3
bin/pvedaemon
View File

@ -34,8 +34,6 @@ $SIG{'__WARN__'} = sub {
$0 = "pvedaemon"; $0 = "pvedaemon";
PVE::APIDaemon::enable_debug() if $opt_debug;
# create dir for dtach sockets # create dir for dtach sockets
mkdir "/var/run/dtach"; mkdir "/var/run/dtach";
@ -47,6 +45,7 @@ eval {
port => 85, port => 85,
trusted_env => 1, # partly trusted, because only local programs can connect trusted_env => 1, # partly trusted, because only local programs can connect
lockfile => $lockfile, lockfile => $lockfile,
debug => $opt_debug,
keep_alive => 100, keep_alive => 100,
max_conn => 500, max_conn => 500,
max_requests => 1000); max_requests => 1000);

3
bin/pveproxy
View File

@ -52,8 +52,6 @@ POSIX::setuid($uid) || die "setuid $uid failed - $!\n";
# just to be sure # just to be sure
die "detected strange uid/gid\n" if !($UID == $uid && $EUID == $uid && $GID eq "$gid $gid" && $EGID eq "$gid $gid"); die "detected strange uid/gid\n" if !($UID == $uid && $EUID == $uid && $GID eq "$gid $gid" && $EGID eq "$gid $gid");
PVE::APIDaemon::enable_debug() if $opt_debug;
sub add_dirs { sub add_dirs {
my ($result_hash, $alias, $subdir) = @_; my ($result_hash, $alias, $subdir) = @_;
@ -86,6 +84,7 @@ eval {
keep_alive => 100, keep_alive => 100,
max_conn => 500, max_conn => 500,
max_requests => 1000, max_requests => 1000,
debug => $opt_debug,
trusted_env => 0, # not trusted, anyone can connect trusted_env => 0, # not trusted, anyone can connect
logfile => '/var/log/pveproxy/access.log', logfile => '/var/log/pveproxy/access.log',
lockfile => $lockfile, lockfile => $lockfile,