If we need to add other types or increases the min size this makes it
easier as it's just a schematic definition.
Also just do a pass/fail on each cert, so drop the last "summary
pass".
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Debian Buster raised the default security level (1 -> 2) for TLS
connections.
This moves from the 80 bit security level to the 112 bit security level
and will require 2048 bit or larger RSA and DHE keys, 224 bit or larger
ECC keys, and SHA-2.
Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
do not warn in case there exist nautilus osds
since the upgrade has to be done by the time a user should add new
osds, it does not make sense to warn in that case
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
handle expected votes set to non-standard value, and try to adjust
calculations for qdevice setups.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
having ipv6 enabled while not disabling ipv4 prevents
nautilus osds to start if no ipv4 network is given (because they
are trying to bind to both ip families and die if one of them
is not found)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this already works on luminous, so it does not harm to add it already,
and is recommended when both msgr1 and msgr2 is activated in nautilus
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
mainly because it looks strange to get a warning after the upgrade is
finished and noout has been removed again
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
do not suggest that we ever supported it as first class storage, it
was always just a experimental support and upstream is
EOL/unmaintained now.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
list all vms with either max/host cputype or vmx/svm explicitely set
(this can only happen in the args)
give a general message if none is found at the moment (and do not warn)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this is a short running script, so the version list can be re-used,
the chance that there where updates in between are slim and racy
anyway. IF getting the versions did not succeeded, we still retry on
every call though, simpler and ensures a warning is printed in the
caller check vicinity.
Makes script noticeable faster.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
only as a warning, since this will also trigger a Ceph health warning
and is easily recoverable.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Adds the same check we run in pve-cluster before joining a node to make
sure the hostname resolves to a configured IP.
Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
this warns the user that he cannot live migrate VMs with svm/vmx to PVE6 when
the nested parameter of the kvm module is on
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
