Added a proxmoxKVComboBox for selecting a vIOMMU implementation for a VM.
If i440fx is selected, another ComboBox will be enabled/visible that does not
have the Intel option, as Intel-vIOMMU is not compatible with i440fx.
Uses the new machine property-string from the qemu-server's "config: define
machine schema as property-string" commit and the viommu option added in the
qemu-server's "fix #3784: config: Parameter for guest vIOMMU + test-cases"
commit.
Signed-off-by: Markus Frank <m.frank@proxmox.com>
For SPICE and VNC, a different message is displayed.
The backend code for the clipboard option can be found in the
'config: enable vnc clipboard parameter in vga_fmt'-commit in qemu-server.
Signed-off-by: Markus Frank <m.frank@proxmox.com>
When none of the meta fields is set by the directory, the whole
dictionary is missing from the response, leading to an exception
when testing for fields inside it.
Reported-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
This partially reverts commit a32a5c4a6 ("ui: backup job: rework hint
about fallback config and make it less flashy"), i.e., the part about
the fallback values, as those was barely visible now.
Add the schema default to the end of the description and expand the
hint at the bottom to also mention that this is used as second level
fallback, if the vzdump.conf does not has the option set.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Merges the column1/2/B into just single items so that the vertical
alignment is still correct even if a description wraps over multiple
lines.
Use the new pveTwoColumnContainer to achieve this without extra
boilerplate code and use a 1/3 of the width for the field and the 2/3
rest for the description.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: adapt to changes in prev. commit, reword message, fix eslint ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The new pveTwoColumnContainer can show a widget on the start (left)
column and another one on the end (right) one, with a (default) flex
ratio of 1:2
This is helpful when wanting fields to align vertically in an input
panel that have different height, e.g., because of text wrapping.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: s/Widget/Column/;s/ratio/flex/ and expose starFlex ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The indentation level was rather deep here so move the preparation of
the API response for getting set to the UI form into a separate
function.
No semantic change intended.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
To ensure that the lifting of the bridge name == vmbr\d+ restriction
works correctly and that the new notes view double-click editing
setting can work.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
- Switch order of 'mailto' and 'mailnotification' field
- When mode is 'auto', disable 'mailtnotification' field
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
Tested-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
[ TL: drop the hint, not really explaining much as is so mostly
visible noise ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The UI state about running tasks can be out of sync, especially for
situations where one quickly follows up with a stop, e.g. after
triggering a shutdown by mistake.
So, show the checkbox always for users that got Sys.Modify on (some)
node, but pre-check it still only if there where task detected on
component creation (we could watch the state though and show a hint,
but that's a bit over the top IMO).
Show it also when HA is enabled but explicitly disable it there,
hopefully this increases the chance that the users can understand that
this is done by design, and isn't a bug – ideally we would also show
an extra hint.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Implement a new "guest stop" confirmation message box which first
checks if there is an active shutdown task for the same guest that is
visible to the logged-in user. If there is at least one, the dialog
displays an additional default-on checkbox for overruling active
shutdown tasks. If the user confirms and the checkbox is checked, the
UI sends a guest stop API request with the `overrule-shutdown`
parameter set to 1. If there are no active shutdown tasks, or the
checkbox is unchecked, the UI sends a guest stop API request without
`overrule-shutdown`.
To avoid an additional API request for querying active shutdown tasks,
check the UI's current view of cluster tasks instead, which is fetched
from the `pve-cluster-tasks` store.
As the UI might hold an outdated task list, there are some
opportunities for races, e.g., the UI may miss a new shutdown task or
consider a shutdown task active even though it has already terminated.
These races either result in a surviving shutdown task that the user
still needs to abort manually, or a superfluous `override-shutdown=1`
parameter that does not actually abort any tasks. Since "stop
overrules shutdown" is merely a convenience feature, both outcomes
seem bearable.
The confirmation message box is now always marked as dangerous (with a
warning sign icon), whereas previously it was only marked dangerous if
the stop issued from the guest panel, but not when issued from the
resource tree command menu.
Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: squash in some slightly opinionated code/style clean-ups ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
There's a new firewall implementation available as `proxmox-firewall`
package, in contrast to the existing `pve-firewall` package it is
using nftables directly, not the legacy iptables, and can thus
leverage a modern stack with atomic updates, avoiding the need for
different tools (e.g., ebtables), and not requiring intermediate
firewall bridges to handle VM flow correctly. Additionally it's
written in rust, making it more efficient and safer to change.
The new implementation is using the same configuration file as source
and should be mostly the same in semantic behavior, it basically is a
drop-in replacement besides one known issue:
There is currently one major issue that we still need to solve:
REJECTing packets from the guest firewalls is currently not possible
for incoming traffic (it will instead be dropped).
This is due to the fact that we are using the postrouting hook of
nftables in a table with type bridge for incoming traffic. In the
bridge table in the postrouting hook we cannot tell whether the packet
has also been sent to other ports in the bridge (e.g. when a MAC has
not yet been learned and the packet then gets flooded to all bridge
ports). If we would then REJECT a packet in the postrouting hook this
can lead to a bug where the firewall rules for one guest REJECT a
packet and send a response (RST for TCP, ICMP port/host-unreachable
otherwise).
While this is being addressed, and the whole stack is better tested in
general, the new FW will be only enabled if the admin enables a
boolean configuration which this patch exposes on the UI.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
to make the backup fleecing feature available. The bump for
qemu-server is also required for moving unused disks of VMs.
The bump for libpve-common-perl is required because of pve-common
commit c302a28 ("json schema: add format description for
pve-storage-id standard option"), which is required for API
verification.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Similar to how Datastore.AllocateSpace is required for the backup
storage, it should also be required for the fleecing storage.
Removing a fleecing storage from a job does not require more
permissions than for modifying the job.
Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Previously, the result would only be returned implicitly and if not
already parsed. While callers do not strictly need the return value,
future callers might mistakenly rely on it and even work by chance in
some scenarios, because of the implicit return. Make the code more
future proof by explicitly returning the result in all cases.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
with their details as well as pinned packages. Omit the "origin"
lines, as their value is already visible in the URLs.
# apt-cache policy ...
Package files:
100 /var/lib/dpkg/status
release a=now
500 https://enterprise.proxmox.com/debian/pve bookworm/pve-enterprise amd64 Packages
release o=Proxmox,a=stable,n=bookworm,l=Proxmox VE Enterprise Debian Repository,c=pve-enterprise,b=amd64
...
Pinned packages:
intel-microcode -> 3.20231114.1~deb12u1 with priority 1234
Signed-off-by: Alexander Zeidler <a.zeidler@proxmox.com>
to recognize temporal correlations with network/load/backup/etc issues
Suggested-by: Friedrich Weber <f.weber@proxmox.com>
Signed-off-by: Alexander Zeidler <a.zeidler@proxmox.com>
to get a first clue for debugging passthrough and similar issues, when
no dmesg output has been provided yet.
Signed-off-by: Alexander Zeidler <a.zeidler@proxmox.com>
Makes it consistent with the user selector and token selector.
Requested in the community forum:
https://forum.proxmox.com/threads/144978/
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
This reverts commit 3a259c22e6.
There was an oversight with recent replication fixes that led to
attempting to remove snapshots that do not exist (in more scenarios).
While not an issue with real consequences, it's confusing to users.
This has since been fixed by pve-guest-common commit "replication:
snapshot cleanup: only attempt to remove snapshots that exist".
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Adds fields for eab credentials. By default eab is optional, but if the
directory should report that eab is required, the eab credential fields
are marked as mandatory and prevent the form from being submittable
until credentials are provided.
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This patch allows the user to set a custom ACME directory by providing
a 'Custom' option in the directory dropdown. This in turn reveals an
input for the url. When using a custom directory the directory has to
be manually queried via button press to prevent from spamming the
directory on every input.
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
else this can break an upgrade for unrelated reasons (regular debhelper also
constructs the restart invocations like this, it even redirects output to
/dev/null)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
it looks a bit tall and cramped nowadays, so go for 720, like the
wizard class uses by default.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
that could make some users (not reading the explanation on the right
closely) belief that this controls the amount of parallel VMs to be
backed up or the like.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
