Re: [pve-devel] applied: Re: [PATCH v4 qemu-server 1/1] api2: add check_bridge_access for create/update/clone/restore vm

["DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>]

Le vendredi 09 juin 2023 à 07:00 +0000, DERUMIER, Alexandre a écrit :
> Le jeudi 08 juin 2023 à 18:02 +0200, Thomas Lamprecht a écrit :
> > On 07/06/2023 14:03, Alexandre Derumier wrote:
> > > Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
> > > ---
> > >  PVE/API2/Qemu.pm | 33 +++++++++++++++++++++++++++++----
> > >  1 file changed, 29 insertions(+), 4 deletions(-)
> > > 
> > > 
> > 
> > applied, with Fabians R-b, thanks.
> > 
> > Made a follow-up moving the checker method to QemuServer and
> > replacing getting
> > the config fromthe archive twice by checking after the config from
> > the backup
> > and the override pa<rameters passed on restore got merged into the
> > actual target
> > config, so this wasn't only a inefficiency thing IIUC, but actually
> > wrong, i.e.,
> > if one passed a override for a netX property the one from the
> > backup
> > got checked,
> > not the effective one.
> > 
> Thanks Thomas.
> 
> Just wonder, could it be done before disk restore ?  (That's what I
> was
> trying to do)
> 
> 
> it seem to be inefficiency too to check it after disk restore (if for
> example, user restore a big backup, taking hours)
> 
> I have done a test from the gui
> "
> ...
> progress 98% (read 21045379072 bytes, duration 14 sec)
> progress 99% (read 21260140544 bytes, duration 14 sec)
> progress 100% (read 21474836480 bytes, duration 14 sec)
> total bytes read 21474836480, sparse bytes 18656022528 (86.9%)
> space reduction due to 4K zero blocks 4.54%
> no lock found trying to remove 'create'  lock
> error before or during data restore, some or all disks were not
> completely restored. VM 249 state is NOT cleaned up.
> TASK ERROR: 403 Permission check failed
> (/sdn/zones/localnetwork/vmbr0/96, SDN.Use)
> 
> "
> 
> The vm config file is created, mostly empty:
> /etc/pve/qemu-server/<vmid>.conf
> memory:128
> 
> and the restored disk are not removed too
> 
> 

Or Maybe, we should simply warn && remove the netX from the restore
config ?
(I'm thinking about old backup with older non existing bridge anymore
or coming from another cluster, where user couldn't have any
permissions)