ceph luminous does not use the 'name' property in the metadata
everywhere, so fall back to 'id'
this makes the ceph dashboard usable while having still luminous
(relevant for upgrading)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
The aim of this patch is to reorder/rework the code of the api call
so that it gets more readable
it adds comments of what/why something is done, removes
code duplication between db/wal checks/creation
There are two changes in behaviour:
* when a device is given more than once via the api,
the user gets a parameter exception for the db or wal
with the information that the explicit defined devices must be
different
* we check the usage for db/wal before the worker, so that the user
gets instant feedback if a device is already in use
(this is more for api users than for gui users, since we do those
checks there also)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
since the size of an LV can only be a multiple of 512b, we round
down to the next kib
we then have to mulitply it by 1024 for the partition, since
append_partition expects bytes and not kib
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
similar to the MDS api, so that DELETE and POST calls can operate on
the same path. This does not changes the CLI pveceph interface
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
As in a situation where we /had/ a manager but destroyed it this
key's value is a empty string, and if we pass that to the WebUI we
get strange results form of a ghost MGR entry with ExtJS auto-ID
generation as name -> pretty confusing.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
no point in first building a list if we can just remove it directly
afterwards, it's eval-ed anyway and $osd_list did not get touched
in-between.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
with this, osd destruction is left to ceph-volume if the osd was created
with ceph-volume, else our old code remains mostly the same since
we want to be able to destroy upgraded osds
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this completely rewrites the ceph os creation api call using ceph-volume
since ceph-disk is not available anymore
breaking changes:
no filestore anymore, journal_dev -> db_dev
it is now possible to give a specific size for db/wal, default
is to read from ceph db/config and fallback is
10% of osd for block.db and 1% of osd for block.wal
the reason is that ceph-volume does not autocreate those itself
(like ceph-disk) but you have to create it yourself
if the db/wal device has an lvm on it with naming scheme 'ceph-UUID'
it uses that and creates a new lv
if we detect partitions, we create a new partition at the end
if the disk is not used at all, we create a pv/vg/lv for it
it is not possible to create osds on luminous with this api call anymore,
anyone needing this has to use ceph-disk directly
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
as already announced over two months ago[0], remove the unofficial
SheepDog plugin now completely. Besides that it was never fully
supported in Proxmox VE one of its main developer and ex-maintainer
declared it as abandoned[1], and thus just let's remove it, git
allows to resurrect it any time if a wonder happens anyway.
[0]: https://pve.proxmox.com/pipermail/pve-user/2019-March/170497.html
[1]: http://lists.wpkg.org/pipermail/sheepdog/2019-March/068449.html
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
since we will have a seperate gui for the manager, we do not need this
anymore
this is a breaking api change
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
and use the broadcast when a service is added/removed
we will use 'get_cluster_service' in the future when we generate a list
of services of a specific type
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
add two new api calls in /cluster/ceph
status:
the same as /nodes/NODE/ceph/status, but accessible without
nodename, which we don't need, as in the hyperconverged case, all nodes
have the ceph.conf which contains the info on how to connect to the
monitors
metadata:
combines data from the cluster filesystem about the services,
as well as the 'ceph YYY metadata' info we get from ceph.
with this info we can convieniently display which services exists,
which are running and which versions they have
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wit commit a74ba607d4 we switched over
to using the dpkg-dev provided helpers to set package version,
architecture and such in the buildsystem.
But unlike other repositories we used the version also for giving it
back over the API through the during build generated PVE::pvecfg
module, which wasn't fully updated to the new style.
This patch does that, and also cleans up semantics a bit, the
following two changed:
release is now the Debian release, instead of the "package release"
(i.e., the -X part of a full package version).
version is now simply the full (pve-manager) version, e.g., 6.0-1 or
the currently for testing used 6.0-0+1
This allows to do everything we used this information for even in a
slightly easier way (no string concat needed anymore), and fits also
with the terminology we often used in our public channels (mailing
lists, forum, website)
Remove some cruft as we touch things.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
From Nautilus release changelog[0]:
> The auid property for cephx users and RADOS pools has been removed.
> This was an undocumented and partially implemented capability that
> allowed cephx users to map capabilities to RADOS pools that they
> “owned”. Because there are no users we have removed this support.
[0]: https://ceph.com/releases/v14-2-0-nautilus-released/
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This partially reverts commit f9b08743a5
as we had some wrong assumptions about lastentries and the other
params, so just note conflicts in the description but let the tool
itself make the checks
This reverts commit f9b08743a5.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
this uses the new journalreader instead of journalctl, which is a bit
faster and can read from/to cursor and returns a start/end cursor
also you can give an unix epoch as time parameters
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
ceph nautilus changed the structure of 'pg dump osds'
they moved the data one level below
parse both new and old format, and bail if it returns anything else
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
otherwise this potentially returns outdated information (like the
cluster being quorate when corosync has crashed on all nodes 5 minutes
ago).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
It makes sense to not give users without Sys.Audit permissions to
much information over a node and this is relatively easy and cheap to
check and enforce at those two points.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Oguz Bektas <o.bektas@proxmox.com>
Reword the error message in find_mon_ip to make it more clear, that
there is no active IP configuration for the ceph public network.
Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
If calls aren't proxied to the selected node, which seems legit in
some cases, this will cause some misleading errors while ceph is
not installed on that node. Therefor the calls should now always get
proxied.
Signed-off-by: Tim Marx <t.marx@proxmox.com>
it's a bit strange that one cannot pass the default value explicitly,
helpfull when calling this API path through the CLI envrionment,
which currently cannot have optional fixed-positioned default values
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
As this is now the default behavior in all other ceph api endpoints,
I adapted the status api correspondingly.
We also pass our ceph configuration file directly when connecting to
RADOS, so a /etc/ceph/ceph.conf isn't necessarily required to
indicate a fully setup and enabled PVE-ceph environment.
Signed-off-by: Tim Marx <t.marx@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Instead of opening proc/mounts through IO::File directly for parsing,
the patch uses ProcFSTools. This way it also takes care of eventual
decoding.
Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
When destroying an OSD over API or CLI, e.g. by executing:
'pveceph osd destroy <num> --cleanup'
all disks associated with the OSD got wiped with dd, which included
any shared and by others still in use ones, e.g., separate disks with
DB/WAL.
The patch changes 'wipe_disks' to wipe the partition instead of the
whole disk.
Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
over from the time where corosync was still bnased on XML configs
(pre PVE 4.0). This was not used, and XML::Parser is not Export
based, so it does not pushes some methods into the using modules
namespace
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
when using 'check_permissions' directly, we have to actually use the
nodename in the path, else we check the wrong permission and one
needed to have propagating 'Sys.Audit' permissions on '/nodes' for
this to work.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This adds the bash completion for the wakeonlan API call.
The bash completion returns only those nodes which are offline according to the
member status.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
both task sources use PVE::Tools::upid_decode, which ensures all of the
':' delimited fields are set.
this only leaves 'status' and 'endtime' as optional, which are not set
for currently running tasks.
reorder them in the code for easier matching with their on-disk format.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Acked-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
convenience filter if caller is only interested in certain actions
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
otherwise there is no way to find out about (all) active tasks over the
API if their UPIDs were not recorded when the initial API calls happened.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Use the new format to verify the MAC addresses.
The wakeonlan API call now returns the MAC address of the node to wake on
successful sending of the WoL packet.
pvenode finally displays this MAC address to the user as feedback.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Checks if the specified target node even exists before trying to read its MAC
address from the config and sending the wake on LAN magic packet.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Provides the basic functionality to provide a wake on LAN feature implementation
to start nodes in a cluster from other nodes.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
It makes more sense to have it there, especially since we want to
split out the service parts into a seperate file.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Allow to specify a separate cluster network when initializing ceph.
Ceph docs[0] imply a possibility for performance increase and
enhanced security in environments where the public network serves not
fully trusted peers, which could else provoke a DOS to the cluster
traffic[0].
Make this optional, but if passed `network` is required too.
[0]: http://docs.ceph.com/docs/luminous/rados/configuration/network-config-ref/
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
A MDS gets only active once a FS is there, and we need an MDS active
to be able to add a storage, as the CephFS plugin does an immediate
mount check. As an MDS needs some time to get active we had a
problematic time window where this mounting could fail.
Wait for a MDS to get in active state.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Allow to create a new CephFS instance and allow to list them.
As deletion requires coordination between the active MDS and all
standby MDS next in line this needs a bit more work. One could mark
the MDS cluster down and stop the active, that should work but as
destroying is quite a sensible operation, in production not often
needed I deemed it better to document this only, and leaving API
endpoints for this to the future.
For index/list I slightly transform the result of an RADOS `fs ls`
monitor command, this would allow relative easy display of a CephFS
and it's backing metadata and data pools in a GUI.
While for now it's not enabled by default and marked as experimental,
this API is designed to host multiple CephFS instances - we may not
need this at all, but I did not want to limit us early. And anybody
liking to experiment can use it after the respective ceph.conf
settings.
When encountering errors try to rollback. As we verified at the
beginning that we did not reused pools, destroy the ones which we
created.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Co-authored-by: Alwin Antreich <a.antreich@proxmox.com>
Allow to create, list and destroy and Ceph Metadata Server (MDS) over
the API and the CLI `pveceph` tool.
Besides setting up the local systemd service template and the MDS
data directory we also add a reference to the MDS in the ceph.conf
We note the backing host (node) from the respective MDS and set up a
'mds standby for name' = 'pve' so that the PVE created ones are a
single group. If we decide to add integration for rank/path specific
MDS (possible useful for CephFS with quite a bit of load) then this
may help as a starting point.
On create, check early if a reference already exists in ceph.conf and
abort in that case. If we only see existing data directories later
on we abort but do not remove them, they could well be from an older
manual create - where it's possible dangerous to just remove it. Let
the user handle it themself in that case.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Co-authored-by: Alwin Antreich <a.antreich@proxmox.com>
We will reuse this in the future, e.g., when creating a data and
metadata pool for CephFS.
Allow to pass a $rados object (to reuse it, as initializing is not
that cheap) but also create it if it's undefined, fro convenience.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
most of this was imported by just copying without verifying if all is
actually required. Some lost its purpose as we re-used more from our
existing module code base (e.g., pve-common) but wasn't actually
removed.
As this file includes two perl modules you need to take a bit caution
when looking at this, as some things are used in one module but not
the other - simple grep'ing at this may give false positives.
Also add PVE::API2::Storage use which was missing here.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
most of this was imported by just copying without verifying if all is
actually required. Some lost its purpose as we re-used more from our
existing module code base (e.g., pve-common) but wasn't actually
removed.
As this file includes two perl modules you need to take a bit caution
when looking at this, as some things are used in one module but not
the other - simple grep'ing at this may give false positives.
Also include the missing IO::File use.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
this will be used for the api endpoints in the future as
PVE::API2::Scan instead of PVE::API2::Storage::Scan since it will
contain endpoints to other modules (like qemu-server for pci/usb
scanning)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This patch removes the separate storage entries for CT & VM to the same
ceph pool. Instead only one entry is made as we can now map/unmap
volumes actively in pve-container.
Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
workaround to keep the subscription popup on login even without 'Sys.Audit'
permissions but remove the subscription details in the GUI for unauthorized
users.
this allows the disk to be reused as ceph disk by zeroing the first 200M
of the destroyed disk. disks are iterated separately from partitions to
prevent duplicate wipes.
Signed-off-by: David Limbeck <d.limbeck@proxmox.com>
This add a new api to online reload networking configuration
with ifupdown2.
This work with native ifupdown2 modules, as ifupdown2 have
interface dependency relationships.
Some specific interfaces options can't be reloaded online
(because kernel don't implement it), it this case, we ifdown/ifup
theses interfaces. (mainly vxlan interfaces options)
btrfs is deprecated since Luminous and it will no more be tested.
If btrfs is used, you have to add an extra parameter to ceph.conf
to allow ceph-disk to activate btrfs OSD's.
In our default config this is not the case.
From Luminous release note [1]:
"We no longer test the FileStore ceph-osd backend in combination with
btrfs. We recommend against using btrfs. If you are using
btrfs-based OSDs and want to upgrade to luminous you will need to
add the follwing to your ceph.conf:
enable experimental unrecoverable data corrupting features = btrfs
The code is mature and unlikely to change, but we are only
continuing to test the Jewel stable branch against btrfs. We
recommend moving these OSDs to FileStore with XFS or BlueStore."
[1] https://ceph.com/releases/v12-2-0-luminous-released/
openvz is deprecated but can still be a return value
maxcpu can be a real number (e.g., for CT if cpulimit is 1.5 and
cores is not set), and may not be an integer
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
we have the defaults documented here, so set them here too
otherwise if the default change in PVE::Tools, we probably forget to
update the api description
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
since letsencrypt updates their implementation to the ACMEv2 spec [1],
we should correctly parse the order status
1: https://community.letsencrypt.org/t/acmev2-order-ready-status/62866
note that we (for now) try to be compatbile to both versions,
with and without ready state, this can be changed when all letsencrypt
apis have changed
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
we inherited the import from PVE::RESTHandler but may want to get rid
of it there. So explicitly import it here.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
else all non-root users get an empty dropdown box for the directories
and get no feedback why that is
with this, they can select it, but ultimately get an api error if the
permissions are not sufficient
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
We defined 'default' as fallback default value for the optional
pve-acme-account-name standard option but did not honored that.
Thus we got a perl error ($account_name not defined) if we did not
passed a name. Fix that by actually falling back to 'default' in this
case.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
to allow retrieval of certificate information, and uploading or removing
of custom certificate files.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
for creating/ordering a new certificate and renewing respectively
revoking an existing one.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
for registering, updating, refreshing and deactiving a PVE-managed ACME
account, as well as for retrieving the (optional, but required if
available) terms of service of the ACME API provider / CA.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
this currently only contains a description and the node-specific ACME
configuration, but I am sure we can find other goodies to put there.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
instead of lexically by package name
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
so that we can filter the journal by service
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
use the pveupgrade command directly without bash inbetween,
the incorrect quoting led to '--shell' not being passed to
pveupgrade and closing the connection
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
A email notification will be send for each job when the job fails.
This message will only send when an error occurs and the fail count is on 1.
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Allow users which have Sys.Audit on a specific node to get the
subscription status and those with Sys.Modify to set and check
(update) it.
This mirrors the required permissions from other node specific
actions, e.g., APT (package management).
We always showed the Subscription Panel and all its elements in the
WebUI, so no need for change there.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
If a CIDR gets passed to Net::IP it is expected to not be from the
middle of an subnet, i.e., 192.168.1.12/24 is *not* OK but
192.168.1.0/24 would be OK.
As the Network/interfaces files also accepts CIDR notation for the
'address' param (now also for IPv4) this let to problems in our node
monitor IP detection code, which used the interface file and Net::IP to
find any address from the ceph public network.
So change to our newer helper PVE::Network::get_local_ip_from_cidr to
get all configured and ready (=up) IPs from this network.
Also handle the case where multiple networks where returned, add a
parameter to allow specifying one of those and ask the user to do so.
If no public network is configured and no mon-address parameter was
passed, we fall back to the remote node IP of the node, as was done
previously. We expect that the user only overwrites the mon-address
if he knows what he do and omit checks here.
With ignored or still queued services we have no hastate for a
service in the manager status available.
As we use hastate in the web UI to determine if a service is
configured for HA this could lead to confusion there.
For example, the VM/CT 'Manage HA' window thinks tries to add the
service again if its in the 'ignored' state, and then the backend
errors out because it is already configured.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
with this we also have to send '0' to from the frontend, when the
bluestore checkbox is not checked
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
while OSDs units should only be runtime enable and disappear on reboots,
this serves as an additional safeguard to ensure no leftover units can
exist.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
vdisk_list can potentially take very long, and we don't want
the API request to time out.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
introduce new API parameter 'add_storages'. if set, one
storage each is configured using the created pool:
- for containers using KRBD
- for VMs using librbd
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
add version check to ceph init to require luminous or higher and
fix#1481: check existence of ceph binaries before use
Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
in the gui this is already the default, so make it also the default
in the backend (also 2/1 is really bad as a default)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this adds information about bluestore (which devices and if
bluestore/filestore) to show in the gui
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
we get the names in the backend, and give them as an additional field
in the api call, and use it in the grid
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this patch does a few things
1. we introduce a new api call /nodes/nodename/ceph/rules
which gets us a list of crush rules
2. we introduce a new CephRuleSelector which is a simple combobox
with the data from the api call ceph/rules
3. we use this in the create pool window
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
since ceph 12.1.1 the (deprecated) parameter 'crush_ruleset' is removed
and replaced with 'crush_rule' while changing this, change from
integer to string so that we can later use the names of the rules
instead of the id
(for now there seems to be a bug that you can only use the name and
not the id)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
we now have to remove 5 types of partitions:
data/metadata
journal
block
block.db
block.wal
this patch fixes the detection of block/block.db/block.wal
generalizes it
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
we reuse the 'journal_dev' parameter for bluestores block.db
and add a new parameter 'wal_dev' for bluestores write ahead log
if only journal_dev is given, use it for both db and wal
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this patch adds the create-/destroymgr commands to the api and pveceph,
so that advanced users can split monitor and manager daemons
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
we now want to add a ceph-mgr daemon to every node where a ceph-mon
daemon runs, as per ceph documentation recommendation, because in
luminous the mgr daemons will not be automatically created/started
with a monitor anymore
we also give the createmon an optional id parameter, so that one
can set a custom id, and make the creation/removal of the manager
optional but the default
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
with ceph 12.1.1 luminous, ceph has reorganized its json
interface of the ceph status and ceph health call
so to get everything we need, we have to also get
the ceph health detail information into our
status call
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
The --filestore flag is now required see doc of ceph.
If the --bluestore argument is given, a bluestore objectstore will be
created. If --filestore is provided, a legacy FileStore objectstore
will be created. If neither is specified, we default to BlueStore.
/nodes/<node>/replication => list status of all jobs
/nodes/<node>/replication/<id>/status => individual job status
/nodes/<node>/replication/<id>/log => job log
If on bootup one of our VMs is locked by an backup we safely can
assume that this backup job does not run anymore and that the lock
has no reason anymore and just hinders uptime of services.
As at this time we (the node) have quorum so we may safely assume
that we have a consistent view of the cluster and all our VMs really
belong to us. We just need to ensure that we do not run into an
automatic backup jobs, so execute our code with VZDumps lock or
timeout.
Log in the Task and Sys log that we removed the lock, so that an
admin easily sees that there may be need for cleaning leftovers from
an interrupted backup.
Addresses bug #1024
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
small refactoring in get_filtered_vmlist: save a VMs config in its
own subhash to avoid collisions with other data which we want to save
in the vmid list, for now this is only `type` but in the next patch
I want to save also the class
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
extjs cannot "convert" and id from other fields, so the ids in the
diffstore and the realstore are different and we re-add every element on
every update
to mitigate this, we generate the id (which is "uid:hostname") in the
backend, and simply use it in the frontend
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
since bash does not play well with utf8 encoded input,
eg. pressing ALTGR + M on an english intl keyboard layout int novnc
does not enter the mu symbol but makes bash think you pressed alt+5,
we should use login without authorization when logging in as root
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
use the new keeplocale parameter from run_command and do not delete the
LANG and LANGUAGE variable for the vncshell
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
instead of using get_start_stop_list in a rather hacky way use the
new get_filtered_vmlist method and adapt the loop, as now only one
level is required.
most changes are just an indent shift left as we lost an unnecessary
loop level
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
we used get_start_stop_list for assembling a list of VMIDs for
stopall, startall and migrateall.
While get_start_stop_list did already some filtering we did some
more in the specific startall and stopall calls.
Add a new private helper which does all the filtering and just
assemble the startup order in the get_start_stop_list method.
Move the template and ha managed filtering in the new
get_filtered_vmlist method, this allows us to remove the filtering
from the API calls them self and we do not load the vms config twice
(it was cached, but nonetheless unnecessary)
get_filtered_vmlist is also intended to be used by migrateall in a
next patch
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Instead, pass the HTTP server as last argument to the page formater,
so that we can call $server->create_auth_cookie().
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
this is a simple filter which allows us to limit the actions to specific
vmids
this makes it much simpler to start/stop/migrate a range of vms
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this adds a hastate field to all vms/ct which have ha enabled
we will use this for showing the error state in the tree (in the webgui)
and for the cluster dashboard (to count the error state guests)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
instead of using
'/dev/${real_dev}'
we use the devpath property directly
also we skip the smart check in the cleanup
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
instead of getting all disks, only get the info
from the one we get as parameter
and use the 'devname' value for the
ceph commands instead of the parameter itself
(this fixes the cciss!cXdY cciss/cXdY mismatch)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
As some Makefiles in sub directories do not implement the distclean
target, namely:
PVE/Service/Makefile
PVE/CLI/Makefile
This target is broken.
As all other implementations just redirect to the 'clean' target I
do not implement the missing ones but rather remove all such
targets. Keep it just in the top level directory, for consistence
sake with other pve repos, and redirect it there directly to the
clean target.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
removes the check for dir or nfs storage,
because a few lines below we check for
the content type vztmpl
which should only be allowed when we have a
location where we put templates, thus we should
be able to download them there
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
With the new calculation $pe->{maxcpu} was used before being
initialized to zero. Moving the initialization up.
Additionally setting $pe->{cpu} to $entry->{cpu} if maxcpu
is not set seems pointless as with its factor (maxcpu)
initialized to zero it is cancelled out anyway.
we only added the % of the vms in a pool
which lead to wrong results
e.g. having a pool with 3 vms with 4 cores each and a
cpu usage of 50% each (2 cores at 100%)
lead to :
vm1 50%
vm2 50%
vm3 50%
pool 150%
instead we new calculate the percentage for the whole pool
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
also introduces a force parameter to this call
if force is true, the call destroys the ceph pool
even when it is use
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
VZDump->new() dies when a tmpdir or dumpdir is configured
but does not exist. At this point the error is not being
reported via email.
This also moves the instantiation of VZDump into the worker
since new() can now call sendmail() on error.
Additionally rather than only showing a single error if both
tmpdir and dumpdir don't exist, both are included in the
message.
Refactored and now using PVE::QemuConfig and PVE::LXC::Config
Moved the next if.. statements into the corresponding branches
Signed-off-by: Caspar Smit <casparsmit@supernas.eu>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
allow the since/until parameters which journalctl understands
We use a really simple regex to check a valit date (time) stamp.
This can be done as this API call gets mainly used by the GUI where
we have full controll over what we send and additional journalctl
has already a good timestamp parser which can handle that.
Do not only allow root@pam to admin ceph server as some user do not
want to allow root logins and users with the Sys.Modify permission
should be able to modify ceph related stuff.
We use basically the following permissions:
Sys.Modify:
for any delete, add, modify action (POST, PUT, DELETE)
Sys.Audit and Datastore.Audit:
for any status/information view action (GET)
Sys.Log:
for viewing the Ceph log (was already implemented)
We have two exceptions creating and destroying osds. Those may only
be done by 'root@pam' for security reasons.
Also show users with any of those capabilities the ceph tab in the
web GUI.
Addresses bug#818
If set limit the maximal worker count to the new datacenter.cfg
setting 'max_workers'.
For stopall we prefer this over the cpu count if it's set.
For migrateall we prefer the parameter but allow now to ommit
the parameter and then we use the new setting if set.
if both are not set we throw an error.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
