Commit Graph

5864 Commits

Author SHA1 Message Date
Stefan Reiter d9822cd3cb fix #3515: file-restore-daemon: allow LVs/PVs with dash in name
LVM replaces any dashes '-' in an LV or PV name with two '--' for the
created device node in /dev/mapper/ to distinguish the seperating
character between the PV and LV name.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2021-07-13 12:07:51 +02:00
Stefan Reiter 66501529a2 file-restore: increase lock timeout on QEMU map
This lock is held during VM startup, so that multiple calls will not
start VMs twice. But this means that the timeout needs to incorporate
the time it might take a VM to boot, so increase it quite a bit.

This could previously lead to "interrupted system call" errors when
accessing backups with many disks.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2021-07-13 12:07:23 +02:00
Dominik Csapak 2072dede4a api2: tape: restore: add warning for list restore
if an error occurs, the snapshot dirs will already be created, and we
do not clean them up (some might already be finished).

Warn the user that they are not cleaned up.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-13 12:02:01 +02:00
Dominik Csapak 31c94d1645 chunk_store/insert_chunk: add more information to file errors
otherwise this context is missing in some tasks (e.g. tape restore)
and it is unclear where it came from

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-13 11:55:33 +02:00
Dietmar Maurer 9ee4c23833 tape: changer: sg_pt: always retry until timeout 2021-07-13 10:39:28 +02:00
Dominik Csapak a14a1c7b90 ui: tape/BackupOverview: increase timeout for media-set content
a single catalog can be over 100MiB, and a media-set can have multiple
catalogs to read (no technical upper limit). On slow disks, this can
take much longer than 30 seconds (the default timeout).

The real solution would be to have some kind of index only for the gui
relevant part, e.g. a table in the beginning of the catalog, or
alternatively a seperate file with that info. Until we have such a
solution increase the timeout as a stopgap.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-13 09:44:17 +02:00
Thomas Lamprecht 9ef88578af bump version to 2.0.4-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 18:51:41 +02:00
Stefan Reiter c4c4b5a3ef auth: 'crypt' is not thread safe
According to crypt(3):
"crypt places its result in a static storage area, which will be
overwritten by subsequent calls to crypt. It is not safe to call crypt
from multiple threads simultaneously."

This means that multiple login calls as a PBS-realm user can collide and
produce intermittent authentication failures. A visible case is for
file-restore, where VMs with many disks lead to just as many auth-calls
at the same time, as the GUI tries to expand each tree element on load.

Instead, use the thread-safe variant 'crypt_r', which places the result
into a pre-allocated buffer of type 'crypt_data'. The C struct is laid
out according to 'lib/crypt.h.in' and the man page mentioned above.

Use the opportunity and make both arguments to the rust 'crypt' function
take a &[u8].

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2021-07-12 18:38:48 +02:00
Dominik Csapak 0ed40b19c7 tape: changer: sg_pt: query element types separately
Some changers do not like the DVCID bit when querying non-drives,
this includes when querying 'all' elements.

To circumvent this, we query each type by itself (like mtx does it),
and only add the DVCID bit for drives (Data Transfer Elements).

Reported by a user in the forum:
https://forum.proxmox.com/threads/ibm-3584-ts3500-support.92291/

and limit to 1000 elements per request.
(Because some changers limit that request with the options we set)

instead of checking if the data len was equal to the allocation_len
for getting more data, we count the returned elements and compare
that with the number we requested

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2021-07-12 18:19:26 +02:00
Dietmar Maurer a0cd0f9cec change tape drive lock path
New kernel has stricter checks on tmpfs with stick-bit on directories, so some
commands (i.e. proxmox-tape changer status) fails when executed as root, because
permission checks fails when locking the drive.

This patch move the drive locks to /run/proxmox-backup/drive-lock.

Note: This is incompatible to old locking mechmanism, so users may not
run tape backups during update (or running backup can fail).
2021-07-12 17:26:49 +02:00
Thomas Lamprecht 49e47c491b d/postinst: drop some legacy update handling
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 16:14:28 +02:00
Thomas Lamprecht 424d2d68d3 buildsys: try to avoid duplicate build due to "phony" docs dependency
Make docs target depend directly on the some docs-only required
binaries and add a new intermediate ".do-cargo-build" target that is
explicitly not a PHONY target.

That avoids one extra set of full builds.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 13:19:20 +02:00
Thomas Lamprecht 415690a0e7 bump version to 2.0.3-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 09:53:07 +02:00
Dominik Csapak 2c0abe9234 Revert "api: access: domains: add ExtraRealmInfo and RealmInfo structs"
This reverts commit da7ec1d2af.

not necessary, since we have the api in config/access/openid

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 09:53:07 +02:00
Dominik Csapak 2649c89358 Revert "api: access: domains: add get/create/update/delete domain call"
This reverts commit 5117cf4f17.

we already have that in api2/config/access

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 09:53:07 +02:00
Dominik Csapak bbd34d70d5 api: config: access: openid: use better Privilige Realm.Allocate
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 09:53:07 +02:00
Dominik Csapak 9779ad0b00 api: config: access: openid: use correct parameter for matching
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 09:53:07 +02:00
Dominik Csapak 70fd0652a1 ui: panel/AccessControl: define baseUrland useTypeInUrl for AuthView
both are not the default

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 09:53:07 +02:00
Thomas Lamprecht 6b85671dd2 buildsys: fixup clean target
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 09:35:05 +02:00
Wolfgang Bumiller 82bdf6b5e7 api: tfa: module path cleanup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-07-12 08:43:14 +02:00
Thomas Lamprecht ba2679c9d7 ui: datastore content: style edit notes pencil like action-col icon
as those have a hover effect and use dark-grey vs. the quite "harsh"
looking plain black. We need to override the margin though, as else
the floated layout adds another line.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 07:57:40 +02:00
Thomas Lamprecht 8866cbccc8 ui: update group notes: fix obj access and rewrite to async
eslint is configured to not allow using quoted object keys if they
could be just passed in dot notation, e.g.,
wrong: `group["comment"]`
good:  `group.comment`

It's not a big problem but eslint fails the build with the wrong one,
so this needs to be fixed anyway..

Also, rewrite to async, shorter and less indentation

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 07:55:02 +02:00
Thomas Lamprecht b3477d286f d/control: bump versioned dependency to widget-toolkit
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 07:20:45 +02:00
Stefan Reiter 68e2ea99ba ui: add support for notes on backup groups
Currently done a little bit hacky in a seperate API call following the
initial list_snapshots, as we previously didn't call list_groups at all
and instead calculated the groups from the snapshots.

This calls it async and updates the view with group comments when data
arrives. The editor is simply reused with the 'group-notes' API call,
since the semantics are the same.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2021-07-12 07:13:44 +02:00
Stefan Reiter d6688884f6 api: add support for notes on backup groups
Stored in atomically-updated 'notes' file in backup group directory.
Available via dedicated GET/PUT API calls, as well as the first line
being included in list_groups (similar to list_snapshots).

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 07:13:28 +02:00
Thomas Lamprecht 7d3482f5bf ui: node status: fix font-awesome icon size
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 06:56:09 +02:00
Thomas Lamprecht 7a39b41c20 ui: node status: reduce padding like in PVE
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 06:55:30 +02:00
Fabian Ebner 4672273fe6 ui: dashboard: show node's repository/subscription status
Mostly copied from PVE, slightly adapted to be consistent with other
things in the dashboard, e.g. use a store for the repository info.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
2021-07-12 06:29:24 +02:00
Dominik Csapak 01284de0b2 ui: window/Settings: add summarycolumns settings
like in pve

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 06:29:21 +02:00
Dominik Csapak b20368ee1b ui: panel/NodeInfo: make it like in pve
this changes the node info panel to a similar layout as in pve,
with the ksm sharing and version field removed

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 06:29:18 +02:00
Dominik Csapak e584593cb5 ui: factor out NodeInfoPanel
so that Dashboard.js will be less cluttered when we add more information
there.

No functional change, but reworked the fingerprint button disabling to
use a property of the view instead of a viewmodel

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 06:29:14 +02:00
Dominik Csapak 069a6e28a7 ui: tapeRestore: make window non-resizable
While it would be nice to be able to resize that window for more
snapshots/datastores in view, this would need quite some reworking on the
input panel side. So for now, disable resizing of that window, otherwise
the grids look weird as they only scale horizontally but not vertically.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 06:24:01 +02:00
Dominik Csapak 8fab19da73 fix #3447: ui: Dashboard: disallow selection of datastore statistics row
since we cannot do anything with a selected row anyway, simply
disallow it

this avoids having the row in the same color as the progressbar, without
being able to deselect the row again

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 06:18:45 +02:00
Thomas Lamprecht 991be99c37 buildsys: workaround linkage issues from openid/curl build server stuff separate
this blows up build times, but we do not plan for using it longer
than required (i.e., the server is finally split into its own binary
crate providing only those binaries).

Note, using `cargo b --release` to build is naturally unaffected by
this change, so for dev builds just continue to use that.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-12 06:16:32 +02:00
Thomas Lamprecht 1900d7810c buildsys: mark clean targets phony and split out deb pkg-clean
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-11 13:25:39 +02:00
Thomas Lamprecht 6b5013edb3 rest: log response: avoid unnecessary mut on variable
a match expresses the fallback slightly nicer and needs no mut,
which is always nice to avoid.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-11 13:05:19 +02:00
Thomas Lamprecht f313494d48 d/rules: drop dh_dwz override, handled now better
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933541#17

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-11 13:00:12 +02:00
Thomas Lamprecht 353dcf1d13 ui: access: revert icon swap, use realm over auth.
Moving icons around is not to ideal for people accustomed to the old
ones, at least if they are used for a new component on the same view.

Rather use the address-book icon, which is also used for adding a new
realm in PVE, we can rather switch over PVE to that and the text
"Realms", as that is also the label one sees when logging in, so a
better fit to keep that consistent.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-11 12:53:45 +02:00
Thomas Lamprecht 3006d70ebe ui: use Async tools from widget toolkit
The api2 one passes the whole response (for more flexibility) on
reject, so we need to adapt to that.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-09 16:53:12 +02:00
Thomas Lamprecht 681e096448 ui: adapt to widget toolkit changes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-09 16:52:25 +02:00
Dominik Csapak ac9a9e8002 ui: add /access/domains to PermissionPathsStore
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-09 15:36:54 +02:00
Dominik Csapak ecbc385b7b ui: add Authentication tab to Access Control
so that user can add/edit/delete realms

changes the icon of tfa to 'id-badge' so that we can keep the same icon
for authentication as pve and not have duplicate icons

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-09 15:36:54 +02:00
Dominik Csapak 5117cf4f17 api: access: domains: add get/create/update/delete domain call
modeled like our other section config api calls
two drawbacks of doing it this way:
* we have to copy some api properties again for the update call,
  since not all of them are updateable (username-claim)
* we only handle openid for now, which we would have to change
  when we add ldap/ad

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-09 15:36:54 +02:00
Dominik Csapak da7ec1d2af api: access: domains: add ExtraRealmInfo and RealmInfo structs
these will be used as parameters/return types for the read/create/etc.
calls for realms

for now we copy the necessary attributes (only from openid) since
our api macros/tools are not good enought to generate the necessary
api definitions for section configs

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-09 15:36:54 +02:00
Dominik Csapak 934de1d691 config: acl: add PRIV_REALM_ALLOCATE
will be used for realm creation/update/deletion

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-09 15:36:54 +02:00
Dominik Csapak 0c27d880b0 api: access: domains: add BasicRealmInfo struct and use it
to have better type safety and as preparation for adding more types

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-09 15:36:54 +02:00
Wolfgang Bumiller be3a0295b6 client: import updates
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-07-09 15:32:12 +02:00
Wolfgang Bumiller aa2838c27a move client::pull to server::pull
it's not used by the client and not part of the client, it
just makes use *of* the client, but is used on the
datastore/server...

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-07-09 15:17:53 +02:00
Wolfgang Bumiller ea584a7510 move more api types for the client
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-07-09 15:17:53 +02:00
Wolfgang Bumiller ba0ccc5991 move some tools used by the client
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-07-09 15:17:52 +02:00