nautilus 14.2.20 and octopus 15.2.11 fixed a security issue with
reclaiming the global ID auth (CVE-2021-20288). As fixing this issue
means that older client won't be able to connect anymore, the fix was
done behind a switch, with a HEALTH warning if it was not active
(i.e., disallowed connection from older clients).
New installations have this switch also at the insecure level, for
compat reasons, so lets deactivate it ourself after monitor creation
to avoid the health warning and slightly insecure setup (in default
PVE ceph the whole issue was of rather low impact/risk). But, only do
so when creating the first monitor of a ceph cluster, to avoid
breaking existing setups by accident.
An admin can always switch it back again, e.g., if they're recovering
from some failure and need to setup fresh monitors but have still old
clients.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Makes it possible to configure the RBD namespace via the GUI.
RBD namespaces must be configured manually. The most likely use case is
when connecting to an external Ceph cluster as this makes it possible to
separate client PVE clusters by namespace, not by pool.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
Looks already OK at that size, and one gets a better overview.
We have a slightly complex layout here (to columns which should be
above each other) so we cannot just use the generic helper, but
that's OK here - it *is* a special view.
Note, not all people use full-sized windows all the time, so the
widths here must not only be considered in terms of display
resolutions...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Default to keeping the state of the archive, as that has the highest
chance to fully work, but allow to enforce either level.
It'd be good to add some more feedback of the to be restored guest,
i.e., the whole config..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
we are only allowed to set autoselect the first record after load on
creation, else we may change the value by mistake which, if the admin
does not notices when changing some other setting, can be quite fatal
as it can trigger a huge rebalance, where the cause may then not even
be obvious and thus an admin be quite baffled.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The $host variable is set to "::0" by default to listen on wildcard
(with 'Domain' => PF_INET6).
If 'LISTEN_IP' is defined in /etc/default/pveproxy, that IP will be used
instead.
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
and group better, avoid alternating by destroying and restoring
button (prune, file restore, remove) and place file restore and
restore together
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
When the virt-viewer file is downloaded we already set a file name in
Android, so the file type may be recognized. Also doing this in
Chrome (and Chromium based browsers) allows users to "alyways open
files of this type". So the browser automatically opens the console
window without user interaction.
Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
to prevent that they further diverge than they alread have
(pmxInfoWidget got an additional function that is compatible)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Limiting the length of the source and dest paramters helps to avoid
problems with iptables-restore which would not apply a rule if a
parameter is larger than the parameter buffer (1024)[0]. As the API is
already limiting this, we should also reflect that in the GUI and give
people a hint that IP sets are most likely the better approach.
[0] http://git.netfilter.org/iptables/tree/iptables/xshared.c?h=v1.8.7#n469
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
