since letsencrypt updates their implementation to the ACMEv2 spec [1],
we should correctly parse the order status
1: https://community.letsencrypt.org/t/acmev2-order-ready-status/62866
note that we (for now) try to be compatbile to both versions,
with and without ready state, this can be changed when all letsencrypt
apis have changed
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
we inherited the import from PVE::RESTHandler but may want to get rid
of it there. So explicitly import it here.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
else all non-root users get an empty dropdown box for the directories
and get no feedback why that is
with this, they can select it, but ultimately get an api error if the
permissions are not sufficient
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
We defined 'default' as fallback default value for the optional
pve-acme-account-name standard option but did not honored that.
Thus we got a perl error ($account_name not defined) if we did not
passed a name. Fix that by actually falling back to 'default' in this
case.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
to allow retrieval of certificate information, and uploading or removing
of custom certificate files.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
for creating/ordering a new certificate and renewing respectively
revoking an existing one.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
for registering, updating, refreshing and deactiving a PVE-managed ACME
account, as well as for retrieving the (optional, but required if
available) terms of service of the ACME API provider / CA.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
this currently only contains a description and the node-specific ACME
configuration, but I am sure we can find other goodies to put there.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
instead of lexically by package name
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
so that we can filter the journal by service
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
use the pveupgrade command directly without bash inbetween,
the incorrect quoting led to '--shell' not being passed to
pveupgrade and closing the connection
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
A email notification will be send for each job when the job fails.
This message will only send when an error occurs and the fail count is on 1.
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Allow users which have Sys.Audit on a specific node to get the
subscription status and those with Sys.Modify to set and check
(update) it.
This mirrors the required permissions from other node specific
actions, e.g., APT (package management).
We always showed the Subscription Panel and all its elements in the
WebUI, so no need for change there.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
If a CIDR gets passed to Net::IP it is expected to not be from the
middle of an subnet, i.e., 192.168.1.12/24 is *not* OK but
192.168.1.0/24 would be OK.
As the Network/interfaces files also accepts CIDR notation for the
'address' param (now also for IPv4) this let to problems in our node
monitor IP detection code, which used the interface file and Net::IP to
find any address from the ceph public network.
So change to our newer helper PVE::Network::get_local_ip_from_cidr to
get all configured and ready (=up) IPs from this network.
Also handle the case where multiple networks where returned, add a
parameter to allow specifying one of those and ask the user to do so.
If no public network is configured and no mon-address parameter was
passed, we fall back to the remote node IP of the node, as was done
previously. We expect that the user only overwrites the mon-address
if he knows what he do and omit checks here.
With ignored or still queued services we have no hastate for a
service in the manager status available.
As we use hastate in the web UI to determine if a service is
configured for HA this could lead to confusion there.
For example, the VM/CT 'Manage HA' window thinks tries to add the
service again if its in the 'ignored' state, and then the backend
errors out because it is already configured.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
with this we also have to send '0' to from the frontend, when the
bluestore checkbox is not checked
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
while OSDs units should only be runtime enable and disappear on reboots,
this serves as an additional safeguard to ensure no leftover units can
exist.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
vdisk_list can potentially take very long, and we don't want
the API request to time out.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
introduce new API parameter 'add_storages'. if set, one
storage each is configured using the created pool:
- for containers using KRBD
- for VMs using librbd
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
add version check to ceph init to require luminous or higher and
fix#1481: check existence of ceph binaries before use
Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
in the gui this is already the default, so make it also the default
in the backend (also 2/1 is really bad as a default)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this adds information about bluestore (which devices and if
bluestore/filestore) to show in the gui
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
we get the names in the backend, and give them as an additional field
in the api call, and use it in the grid
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this patch does a few things
1. we introduce a new api call /nodes/nodename/ceph/rules
which gets us a list of crush rules
2. we introduce a new CephRuleSelector which is a simple combobox
with the data from the api call ceph/rules
3. we use this in the create pool window
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
since ceph 12.1.1 the (deprecated) parameter 'crush_ruleset' is removed
and replaced with 'crush_rule' while changing this, change from
integer to string so that we can later use the names of the rules
instead of the id
(for now there seems to be a bug that you can only use the name and
not the id)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
