but only if the cert is issued by the ca in /etc/pve/pve-root-ca.pem
(by checking the issuer and openssl verify)
this way we can reduce the lifetime of the certs without having
to worry that they ran out
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Just because OVS is installed it doesn't mean that OVS interface
(changes) are configured - so check for that.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
the code returns undef in case there is no 'tos', and the code
calling this api call handles a non-existing tos already, but
fails in that case becasue of the failing return value verification
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Commit 0dd73a7fec (statd: refactor update_node_status) changed $target
in pvestatd's auto_balloning sub into a variable:
my $target = int($res->{$vmid});
but then uses it in a string as a parameter to the $log function:
$log->("BALLOON $vmid to $target (%d)\n", $target - $current);
This surprisingly causes the variable to be incorrectly converted into a
JSON string by perl's to_json (called in QMPClient after mon_cmd):
{"value":"1234"}
instead of
{"value":1234}
which causes QEMU to report the parameter as invalid:
"Invalid parameter type for 'value', expected: integer"
This behaviour is made even trickier, since $target internally is still
considered more of an 'int' (although that's a weak claim in perl
anyway), showing up without quotes in Dumper et. al. - but the perldoc
for to_json scheds some light:
simple scalars
Simple Perl scalars (any scalar that is not a reference) are the
most difficult objects to encode: this module will encode undefined
scalars as JSON "null" values, scalars that have last been used in a
string context before encoding as JSON strings, and anything else as
number value
So coerce to_json to treat $target as an integer by using it as one and
everything is fine again.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
It's a bit hard to figure out the exact constellation required for
this to happen, but we saw it in live systems when one node was dead
in a three node cluster.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
as else we'd show "Unknown" if one set the type explicitly to
"virtio", either over API/CLI or editing the configuration directly
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This adds an extra field to the AgentFeatureSelector that reflects the
change in qemu-server.
Changes since previous version:
* Use map rather than if/else if/else for type display string.
* Use Proxmox.Utils.unknownText for unknown type (should not occur with
regular use).
* Keep existing fields as boxLabel rather than fieldLabel, as they
look crammed with fieldLabel.
* Use __default__ for default option, to save space and replicate
behaviour in other places.
* Store option in advancedItems as it is a special case.
Even though the map only contains one item, it will be easily added to
in the future. There is only one item as there is no need to have a
string for "virtio" as it is not displayed because of __default__.
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
move stopBtn into shutdownBtn as a menu item.
we can remove the setDisabled() call for stopBtn near the end, since when
shutdownBtn is disabled, so is stopBtn.
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Add a simple ExecStartPre command which reads the local node config,
and if a delay is set the helper sleeps that long then exists.
The systemd-unit approach was chosen as this ensures that we really
only delay when doing the startall on node boot. The pve-guests
service does not allows manual stops, starts or restarts, it can only
be pulled in by the multi-user.target
Mark this command with "-" to tell systemd that errors of it should
not cause an abort, it's a best-effort approach.
The journal from a 2 second delay would look like:
> Nov 19 13:13:48 dev6 systemd[1]: Starting PVE guests...
> Nov 19 13:13:48 dev6 pve-startall-delay[2318]: Delaying on-boot 'startall' command for 2 second(s).
> ...
> Nov 19 13:13:50 dev6 pve-guests[2339]: <root@pam> starting task UPID:dev6:00000924:00000529:5DD3DC7E:startall::root@pam:
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
but remove the default domain '0000' before sending to the backend,
and add it if no domain is given in the config
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
When creating a backup the log part can make the mail too big to be
transferred. To ensure delivery, two measures are taken:
1. Always omit the status lines
2. Omit the whole log part if a mail becomes (too) big
Additionally, add a check for missing log files.
Co-developed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>
The data passed to this closure was never free'd, depending on the
count of VM/CTs one could get >1 MB of RSS (!) memory leaked per
statd status cycle update run...
We could also use Scalar::Util's weaken, to weak a copy of this
variable, but as a simple undef works lets do that with a comment..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
it seems that we have a reference leak or the like somewhere in the
(graphite?) status plugin, while the recent transaction based update
mechanism made it slightly better, it's still bad with a lot of VMs..
Until we can track that down, or abandon perl for good, avoid to
frequent restarts by allowing statd to grow 15 MB of memory usage
after initial calibration (it's memory usage at the 10th cycle)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
For now it only handles the plugin registration and the two recently
integrated helpers.
But, this is a prepartation to move the external metrics server
update mechanic from a stateless always-newly-connect-send-disconnect
to a statefull transaction based mechanis; see later patches
keep the PVE::Status::Plugin use in pvestatd, as we read the cfs
hosted status.cfg there, and the parser is defined by the common
status plugin base module.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
include the version as string and as parts, as we do the split
already. Also include the build commit, so if we re-release a ceph
version, we can differ here too.
Use node as key, to make the new entry a bit more general, could be
easily expanded with other infos, if required.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
add and change the return signature for the wantarray case, which can
safely done as this is only used once (statd), and there only the
first elemen, the full version string, is used - so no breakage
potential there
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
