Allows to configure a custom broadcast address to use when sending a
wake on lan packet to wake a remote node.
Default behaviour remains to fallback to 255.255.255.255.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Allows to optionally configure a local interface name to which to
bind to when sending a wake on lan packet to wake a remote node.
Default behaviour remains to send the packet via the interface for
the default gateway.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Moves the wakeonlan property to be a property string, with current mac
address as default key. This allows to later add further optional
properties such as bind-interface and broadcast-address.
Adds the `get_wakeonlan_config` helper function to parse the string
when read from the node config.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
This was restricted to Sys.Modify + Sys.Audit on the whole cluster to
ensure that only trusted users get access to a method that can scan
the (local) network from the POV of the Proxmox VE node, even if only
through HTTP HEAD requests.
Nowadays there's enough user interest [0] to warrant a separate access
privilege to cover such an use case, and while most of the requests
are for the download-url storage API endpoint, this method here is not
only a bit less powerful than the storage one, it's rather tied to the
latter anyway (e.g. for querying the metadata of a URL in the web UI
for name and size before downloading it to a storage).
For backwards compatibility keep the old check and add the new
privilege as alternative to fulfill the permission requirements of
that API endpoint.
[0]: https://bugzilla.proxmox.com/show_bug.cgi?id=5254
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Hannes Duerr <h.duerr@proxmox.com>
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
I recently added the same info to PMG and added them to the return
schema, so copying them over here comes for free, and while far from
complete but better than nothing.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
it's not that expensive but we call the endpoint that returns the boot
mode info very frequently, and EFI vars are provided by the firmware,
and there are lots of known cases where firmware was just a plain
mess.
So, don't risk that overly frequent reads will cause some weird side
effect and rather just cache the whole info, it cannot change without
a reboot anyway.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
report if the node is booted in EFI or Legacy BIOS mode, for the
former also pass along the secure boot state.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
That way it shows up in the task-log that something was requested that
cannot work currently.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
and not just upgrade.
note that the only other non-login command (ceph_install) is restricted to
root@pam in the web UI anyway, and that the termproxy endpoint is lacking this
check and thus always falls back to a login prompt for non-login commands
requested by non-root users.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
A simple string regex match on data that the API returns anyway can be
the job of a frontend/client..
Safe to do as we never released this API change in a bumped manager
version and switched the UI to extract this info client-side.
This reverts commit d61728e289.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
extend the query_url_metadata endpoint with the option to detect and return
used compression algorithms, if supported by PVE. this will be used to support
decompression as part of the download flow for certain file types (ISO files
for now).
Signed-off-by: Philipp Hufnagl <p.hufnagl@proxmox.com>
Slightly reworded commit title/message
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Dominik Csapak <d.csapak@proxmox.com>
This is weird and buggy and breaches the unpriv./priv. separation of
our api daemons, so root-only for now and possibly removal soon.
note that this had several limitations already anyway, like running
in sync context and thus failing after 30s.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The 'hardware' entry was missing there. While interfacing with it
works, it will not show up during CLI auto completion and in the HTML
debug view (/api2/html/) if not listed here in the API directory
index.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
So that one can really decide if this is a shutdown or an actual
stop.
partially related to #4194
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Note that this changes the lower timeout of 60s for CTs also to 180s
like VM always used; besides that there's not much gained making that
distinction there was never a really good argument for this.
partially related to #4194
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
by extracting the JSON-encoded-string schema and dumping it into the
verbose description it at least shows up in the API viewer.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
since this was missing a proper return type definition the api viewer
couldn't display the endpoint (`retinfs.items` was undefined). also
the `pvesh` command would complain that it cannot properly format the
return type because the variable `$item_type` in `CLIFormatter.pm` was
not defined.
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
To avoid being blacklisted because of the default, quite popular,
libwww-perl user-agent like reported in community forum [0].
[0]: https://forum.proxmox.com/threads/104081/
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Tested-by: Matthias Heiserer <m.heiserer@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
instead of accumulating the whole output of 'mini-journalreader' in
the api call (this can be quite big), use the download mechanic of the
http-server to stream the output to the client.
we lose some error handling possibilities, but we do not have
to allocate anything here, and since perl does not free memory after
allocating[0] this is our desired behaviour.
to keep api compatiblitiy, we need to give the journalreader the '-j'
flag to let it output json.
also tell the http server that the encoding is gzip and pipe
the output through it.
0: https://perldoc.perl.org/perlfaq3#How-can-I-free-an-array-or-hash-so-my-program-shrinks?
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
metadata is gained using a HEAD request.
Due to the ability of this api endpoint to request files on internal
networks (which would not be visible/accessible from outside) it is
restricted to users with permissions `Sys.Audit` and `Sys.Modify` on
`/`. Users with these permissions are able to alter node (network)
config anyway, so this should not create any further security risk.
Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
a common function to download arbitrary files from urls has been
defined as PVE::Tools::download_file_from_url and is now used.
Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com>
The change not to pass the 'upgrade' parameter in the frontend was made in
953f6e9bb3 (the commit doesn't talk about it, it's
likely an accidental squash of two changes)
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
The switch to 'cmd' was made by commit af39a6f09651e15d1c83536e25493a2212efd7d3
in the pve-xtermjs repo and is included in 4.7.0
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
