Ceph does a quick benchmark when creating a new OSD and stores the
osd_mclock_max_capacity_iops_{ssd,hdd} settings in the config DB.
When destroying the OSD, Ceph does not automatically remove these
settings. Keeping them can be problematic if a new OSD with potentially
more performance is added and ends up getting the same OSD ID.
Therefore, we remove these settings ourselves when destroying an OSD.
Removing both variants, hdd and ssd should be fine, as the MON does not
complain if the setting does not exist.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
since debian 11, systemd is changing behaviour of MAC address of
bridge, but also bond, where the mac is generated randomly instead
inherit from the first slave.
We tried to fix that with ifupdown2, but that seems to produce some
regressions and independent of that there was still another problem.
Namely, if a bridge don't have any slaves, systemd is keeping bridge
offline.
https://www.justinsteven.com/posts/2023/03/26/virtualbox-bridge-ports-none-no-carrier-debian-11/
That mean that a dhcp daemon like kea can't bind on a standalone
bridge (used for s-nat for example), until a tap interface is started.
So, set up a systemd link config to disable the systemd mac policy by
default (this don't break already fixed ifupdown2 mac).
Funnily CentOS && Fedora also disable it already:
https://fedoraproject.org/wiki/Changes/MAC_Address_Policy_nonec895351950/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch (L43)
Before this patch:
```
~ ip a sh dev vmbr1
vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 10
```
After this patch:
```
~ ip a sh dev vmbr1
vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
```
Signed-off-by: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
[ TL: move to /usr/lib/.. where distro files belong and add comment ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
support for it got added to Proxmox repositories, so there is no need to use
custom logic and manual fetching for this anymore.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Working could be confused with "being ok", which isn't what we want to
convey here, as the lack of this status doesn't mean something "isn't
working".
So use busy, not 100% perfect but a bit closer to what we want to
convey while not taking up a whole paragraph or the like.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Like ceph mgr dashboard, we need a warning state.
- set degraded as warning instead working
- set undersized as warning instead error
- rename error as critical
- add "busy" (info-blue) color for working state
- use warning (orange) color for warning state
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Tested-By: Aaron Lauterer <a.lauterer@proxmox.com>
Reviewed-By: Aaron Lauterer <a.lauterer@proxmox.com>
[ TL: fold in CSS class addition ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Extend the current firewall log view to add date time based filtering.
The user can switch between live view, which shows logs from the
unrotated log file, or to filter mode, where date time based filtering,
including rotated logs can be performed.
Enable the feature by setting the property and the submit format
for since and until timestamps expected by the api.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
caaIdentities was mistakenly labled as a string in a previous patch
and not as an array of strings, as it is defined in the rfc [0].
[0] https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
That way it shows up in the task-log that something was requested that
cannot work currently.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
As even though restricted to some specific endpoints and formats, one
can still scan HTTP, potentially also on the LAN.
We can do this here as the API call is new and was never packaged
since introduced, so this isn't a breaking change.
The TOS one will be removed with the next major release, so not a
problem anymore from then one.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Since external account binding is advertised the same way as the ToS,
it can be detected when creating an account and asked for if needed.
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
Reviewed-by: Fabian.Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Fabian.Grünbichler <f.gruenbichler@proxmox.com>
Besides the switch from tos to meta endpoint, this fixes a visual bug,
where the 'Accept TOS' button would show up, even if no ToS was needed.
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
Reviewed-by: Fabian.Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Fabian.Grünbichler <f.gruenbichler@proxmox.com>
The ToS endpoint ignored data that is needed to detect if EAB needs to
be used. Instead of adding a new endpoint that does the same request,
the tos endpoint is deprecated and replaced by the meta endpoint,
that returns all information returned by the directory.
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
Reviewed-by: Fabian.Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Fabian.Grünbichler <f.gruenbichler@proxmox.com>
This setting was removed in [1] as part of the v13.0.2 tag. Running
ceph config set global osd_pg_bits 42
results in
Error EINVAL: unrecognized config option 'osd_pg_bits'
So we mark this api as deprecated and make it a no-op operation.
[1] e6acf2d1d5
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
stop the tooltip show when the there is no text
this could happen for e.g. nodes that should not have a tooltip
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
it shouldn't be called that often, and if we save it, it gets outdated,
e.g. when starting/stopping a guest
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
by using the delegate function of ExtJS' tooltips on the global
Workspace element and using the proper css selectors
this way, we can limit the tooltips to the non-full ones
(in contrast to using data-qtip on the element, which would
always be show, even for tags with the 'full' style)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
and exclude the tags for that, since we want the tags to have their own
tooltips
we use the delegate function of the tooltips for that
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This moves the filters out of the grid header for the BulkActions and
puts them into their own fieldset above the grid. With that, we can
easily include a tags filter (one include and one exclude list).
The filter fieldset is collapsible and shows the active filters in
parenthesis. aside from that the filter should be the same as before.
To achieve the result, we regenerate the filterFn on every change of
every filter field, and set it with an 'id' so that only that filter is
overridden each time.
To make this work, we have to change three tiny details:
* manually set the labelWidths for the fields, otherwise it breaks
the ones in the fieldset.
* change the counting in the 'getErrors' of the VMSelector, so that we
actually get the count of selected VMs, not the one from the
selectionModel
* override the plugins to '' in the BulkAction windows, so that e.g. in
the backup window we still have the filters in the grid header
(we could add a filter box there too, but that is already very crowded
and would take up too much space for now)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
For a better screen-space utilization use two columns and remove the
local-storage warning, since this is rather obvious anyway.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: slight commit message rewording ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The message in the Task Log has been 'Start/Stop/Migrate all...',
which is misleading since not everything might be affected by bulk actions.
This also affects the messages send at a nodes startup and shutdown, but
since this just affects a subgroup of VMs/Containers (those who are
onboot=1) the new wording still applies better than the previous.
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
Allows to automatically create multiple OSDs per physical device. The
main use case are fast NVME drives that would be bottlenecked by a
single OSD service.
By using the 'ceph-volume lvm batch' command instead of the 'ceph-volume
lvm create' for multiple OSDs / device, we don't have to deal with the
split of the drive ourselves.
But this means that the parameters to specify a DB or WAL device won't
work as the 'batch' command doesn't use them. Dedicated DB and WAL
devices don't make much sense anyway if we place the OSDs on fast NVME
drives.
Some other changes to how the command is built were needed as well, as
the 'batch' command needs the path to the disk as a positional argument,
not as '--data /dev/sdX'.
We drop the '--cluster-fsid' parameter because the 'batch' command
doesn't accept it. The 'create' will fall back to reading it from the
ceph.conf file.
Removal of OSDs works as expected without any code changes. As long as
there are other OSDs on a disk, the VG & PV won't be removed, even if
'cleanup' is enabled.
The '--no-auto' parameter is used to avoid the following deprecation
warning:
```
--> DEPRECATION NOTICE
--> You are using the legacy automatic disk sorting behavior
--> The Pacific release will change the default to --no-auto
--> passed data devices: 1 physical, 0 LVM
--> relative data size: 0.3333333333333333
```
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
use title case, or upper case for abbreviations, everywhere.
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
[ TL: adapt commit subject to our style guides ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The Subnet's CIDR in the Edit view is called 'Subnet'.
Also refer to it as Subnet in the list view.
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
[ TL: prefix commit subject with sub-system ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This should catch installations from our ISO on non-ZFS in uefi mode,
which won't get the updated grub efi binary installed upon upgrade,
because grub-pc is installed instead of grub-efi-amd64.
Adding this to pve7to8 should make this even more visible, than the
corresponding patch for promxox-kernel-helper (warnings printed during
regular package upgrades might be overlooked more easily than
a yellow line in the major upgrade checkscript)
The if/else order was chosen to limit the nesting level of the long
messages.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
solving an issue where the CPU extra-flags grid had less space than
it's fixed height allowed.
While we also could have reduced that height, having a nicer ratio and
a bit more vertical "breathing room" seem slightly nicer to me.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
in the general tab in the advanced section.
For that to work, we introduce a new option for the TagEditContainer
named 'editOnly', which controls now the cancel/finish buttons,
automatically enter edit mode and disable enter/escape keypresses.
We also prevent now the loading of tags while in edit mode, so the tags
don't change while editing (this can be jarring and unexpected).
Then we wrap that all in a FieldSet that implements the Field mixin, so
we can easily use that in the wizard. There we set a maxHeight so that
the field can grow so that it still fits in the wizard.
To properly align the input with the '+' button, we have to add a custom
css class there. (In the hbox we could set the alignment, but this is
not possible in the 'column' layout)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
and not just upgrade.
note that the only other non-login command (ceph_install) is restricted to
root@pam in the web UI anyway, and that the termproxy endpoint is lacking this
check and thus always falls back to a login prompt for non-login commands
requested by non-root users.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
the /etc/pve/sdn directory contains the config files, not just what they
translate to in interface configs (/etc/network/interfaces.d/snd).
The current way will also include dotifiles that may contain the
current/running state. Which can be useful to troubleshoot.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
With the SDN becoming more prevalent, it is a good idea to include any
additional config files in '/etc/network/interfaces.d'.
Since no special suffix is enforced, we need to match against any file.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
So far this hasn't been an issue as each user of dir2text wanted files
with a specific pattern. But if we want every file in the directory, we
need to skip the special files '.' and '..'.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
