The check isn't specific enough, it also catches deb-src entries and
would give a false impression of security in certain circumstances, or
lead to false negatives in case you have a deb-src entry for
buster/updates even though you have bullseye-security in just the next
line -- something that isn't that uncommon for developers.
Signed-off-by: Rhonda D'Vine <rhonda@deb.at>
Reviewed-by: Fabian Ebner <f.ebner@proxmox.com>
If the same local storage is configured twice with content type
separation, migration in PVE 6 would lead to the volumes being
duplicated. As that would happen for every migration, such an issue
would likely be noticed already, and in PVE 7 such configuration is
not problematic for migration anymore. Also, misconfigured
unreferenced volumes are not an issue with respect to the upgrade
itself, just drop the check.
It's not necessary to scan storages with either 'images' or 'rootdir'
anymore, as only the log_info() remains.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Shared storages are not scanned for migration either, so they cannot
be problematic in this context. This could lead to false positives
where it actually is completely unproblematic:
https://forum.proxmox.com/threads/proxmox-ve-7-0-released.92007/post-401165
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
we don't have a mandatory Ceph major version upgrade this time around,
so this check does not make sense. instead, we want noout until the full
cluster is upgraded. let's use the simple approach and just flip the
switch to "turn off noout if all of Ceph is a single version" in the PVE
7.x branch.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
these were mostly relevant for the Luminous -> Nautilus upgrade, and we
don't need to list all the default passing states that our tooling sets
up anyway.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
the old one is not available post-upgrade, let's use a single codepath
for this.
the new API only allows querying user-settable flags, but the only flags
we check besides 'noout' are not relevant for an upgrade of PVE 6.x to
7.x (PVE 6.x only supports Nautilus+ which requires these flags to be
set in order to work) so we can just drop those outdated checks instead
of extending/refactoring the API.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Helpers copied from pve-container to avoid versioned bumps.
Early returns when no containers are running, or the containers don't
use systemd, as well as returning after finding the first affected
container to minimize impact and resource usage.
Checking running containers first since following /proc/<pid>/root is
cheaper than mounting all volumes for a container
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
these were mostly releveant for upgrading from Corosync 2.x to 3.x - so
keep the warnings/errors, but reduce the noise a bit by skipping lots of
PASS output.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
If neither 'rootdir' nor 'images' are configured on a storage, but
there are guest images, just log the number of volumes found. If they
are relevant for migration, the check for unreferenced volumes will
catch them later.
Also detect content type mismatch for all volumes of existing guests,
which also covers the case of a VM image on a storage with only
'rootdir' and vice versa. To catch all such unreferenced volumes too,
it is necessary to scan all storages that do not have both content
types configured.
Change the message from 'will not work' to 'might not work'. If a
volume only referenced by a snapshot is misconfigured, it doesn't mean
that the guest doesn't work at all. Or it might be an ISO on a
misconfigured storage.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
If there is a log_fail, because of misconfigured 'none' content type, the final
log_pass should not be printed.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
migration and (container) startup will no longer work when the storage's content
type is not correct, and unreferenced volumes on such storages will not be
scanned for anymore.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
make it a bit more like the actual one - remove whitespace padding, use
same regex/split calls.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
the two checks make sure that:
* no user defined role 'PVEPoolUser' exists
* the user gets a hint for roles only containing Pool.Allocate and
not Pool.Audit
a very simple parser for user.cfg was implemented to be able to
parse the (in pve 6 invalid) Pool.Audit permission
Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com>
Note that it's not possible to use read_vzdump_defaults() and storage_config(),
because they auto-converts maxfiles already.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
