Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 7d7e1bf2755eb459fdcf2a47ac1bc15166c06640)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The check isn't specific enough, it also catches deb-src entries and
would give a false impression of security in certain circumstances, or
lead to false negatives in case you have a deb-src entry for
buster/updates even though you have bullseye-security in just the next
line -- something that isn't that uncommon for developers.
Signed-off-by: Rhonda D'Vine <rhonda@deb.at>
Reviewed-by: Fabian Ebner <f.ebner@proxmox.com>
(cherry picked from commit f00ebb3699621c795a515151b1f2632c731ed556)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
If the same local storage is configured twice with content type
separation, migration in PVE 6 would lead to the volumes being
duplicated. As that would happen for every migration, such an issue
would likely be noticed already, and in PVE 7 such configuration is
not problematic for migration anymore. Also, misconfigured
unreferenced volumes are not an issue with respect to the upgrade
itself, just drop the check.
It's not necessary to scan storages with either 'images' or 'rootdir'
anymore, as only the log_info() remains.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 5dc51df910620a47459228e05675c2af81cbc46d)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Shared storages are not scanned for migration either, so they cannot
be problematic in this context. This could lead to false positives
where it actually is completely unproblematic:
https://forum.proxmox.com/threads/proxmox-ve-7-0-released.92007/post-401165
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
(cherry picked from commit 5071033e2e76defdf83971a6c434f10a74d771e6)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
since the pattern for the suite changed.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
(cherry picked from commit e88941e826c1edc2418e1b7a5d4a236be105dec9)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit d0ec7e3e2fca754ed9a92716392c47af75efb4e9)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 999b4335ef1dc69777198cdd2fd4c63bae0bbe97)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The check is rather straight forward - and might help users who
passthrough devices to their containers.
Reported in our community forum:
https://forum.proxmox.com/threads/pve-7-0-lxc-intel-quick-sync-passtrough-not-working-anymore.92025/
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
(cherry picked from commit 4cc5130b5678123135ae82ceb96e9c6da6fe1248)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
we don't have a mandatory Ceph major version upgrade this time around,
so this check does not make sense. instead, we want noout until the full
cluster is upgraded. let's use the simple approach and just flip the
switch to "turn off noout if all of Ceph is a single version" in the PVE
7.x branch.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
(cherry picked from commit 5617b13b915e79c582de5d2c9f8d8d814e79559a)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
and drop the Nautilus OSD upgrade check while we are at it..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
(cherry picked from commit d1c51d86cab38d099fc64443f6b18717fb57eb9f)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
these were mostly relevant for the Luminous -> Nautilus upgrade, and we
don't need to list all the default passing states that our tooling sets
up anyway.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
(cherry picked from commit efa7075778552938accc108368515f52343cbdfc)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
the old one is not available post-upgrade, let's use a single codepath
for this.
the new API only allows querying user-settable flags, but the only flags
we check besides 'noout' are not relevant for an upgrade of PVE 6.x to
7.x (PVE 6.x only supports Nautilus+ which requires these flags to be
set in order to work) so we can just drop those outdated checks instead
of extending/refactoring the API.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
(cherry picked from commit 05dc1ab498ff457b43723ab3e166fa27eff37063)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 8e0530c4130051ddde74fbc4567954de46f80ead)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 4e55d526905dc1d182e7e98c2f4276261879c82d)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 8b805a70c8bd1f206a37b3f834600c35870af382)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 500ccca1a5cea8ccac2d18fb8d0b8ac8b5102768)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
and place the container cgroupv2 support checks behind it.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
(cherry picked from commit 98e6cd63cf5327ab522918f1a8001719bc0f5ae6)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Helpers copied from pve-container to avoid versioned bumps.
Early returns when no containers are running, or the containers don't
use systemd, as well as returning after finding the first affected
container to minimize impact and resource usage.
Checking running containers first since following /proc/<pid>/root is
cheaper than mounting all volumes for a container
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
(cherry picked from commit 97441e982adcaaff52f80c8e7e28798817d18c44)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
these were mostly releveant for upgrading from Corosync 2.x to 3.x - so
keep the warnings/errors, but reduce the noise a bit by skipping lots of
PASS output.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
If neither 'rootdir' nor 'images' are configured on a storage, but
there are guest images, just log the number of volumes found. If they
are relevant for migration, the check for unreferenced volumes will
catch them later.
Also detect content type mismatch for all volumes of existing guests,
which also covers the case of a VM image on a storage with only
'rootdir' and vice versa. To catch all such unreferenced volumes too,
it is necessary to scan all storages that do not have both content
types configured.
Change the message from 'will not work' to 'might not work'. If a
volume only referenced by a snapshot is misconfigured, it doesn't mean
that the guest doesn't work at all. Or it might be an ISO on a
misconfigured storage.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
If there is a log_fail, because of misconfigured 'none' content type, the final
log_pass should not be printed.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
which will be a hard error (i.e. section will be skipped when parsing) in PVE
7.0
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
(cherry picked from commit 1cad0c7fdf1398e08625077dfa30d53256ef475b)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
migration and (container) startup will no longer work when the storage's content
type is not correct, and unreferenced volumes on such storages will not be
scanned for anymore.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
(cherry picked from commit fffa98eaf05dc944a78a9fa23f9882c6357f9f6c)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 33015eb881f65030a1a2a6ebee57c5891edc6c6f)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
make it a bit more like the actual one - remove whitespace padding, use
same regex/split calls.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
the two checks make sure that:
* no user defined role 'PVEPoolUser' exists
* the user gets a hint for roles only containing Pool.Allocate and
not Pool.Audit
a very simple parser for user.cfg was implemented to be able to
parse the (in pve 6 invalid) Pool.Audit permission
Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com>
Note that it's not possible to use read_vzdump_defaults() and storage_config(),
because they auto-converts maxfiles already.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
