public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH container 0/1] close #1543: allow low-level lxc update
@ 2025-01-23 22:29 Simon LEONARD
  2025-01-23 22:29 ` [pve-devel] [PATCH container 1/1] " Simon LEONARD
  0 siblings, 1 reply; 3+ messages in thread
From: Simon LEONARD @ 2025-01-23 22:29 UTC (permalink / raw)
  To: pve-devel; +Cc: Simon LEONARD

Hello,

I'm trying to fully automate my homelab with Proxmox and infra as code 
with Pulumi.

A missing feature is to allow the modification of low-level lxc settings 
via the API, as spotted in #1543. Today, the GET config endpoint returns 
the current low-level configuration but don't allow to edit it (PUT).

I've tried to implement this feature, and it works on my instance.
However I'm really new to Proxmox, Perl and git send-email so input 
would be appreciated/necessary.

Originally (wrongly) posted in https://forum.proxmox.com/threads/161059/

Simon LEONARD (1):
  close #1543: allow low-level lxc config update

 src/PVE/API2/LXC/Config.pm | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

-- 
2.48.1


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [pve-devel] [PATCH container 1/1] close #1543: allow low-level lxc update
  2025-01-23 22:29 [pve-devel] [PATCH container 0/1] close #1543: allow low-level lxc update Simon LEONARD
@ 2025-01-23 22:29 ` Simon LEONARD
  2025-01-27 11:05   ` Fabian Grünbichler
  0 siblings, 1 reply; 3+ messages in thread
From: Simon LEONARD @ 2025-01-23 22:29 UTC (permalink / raw)
  To: pve-devel; +Cc: Simon LEONARD

Signed-off-by: Simon LEONARD <git-1001af4@sinux.sh>
---
 src/PVE/API2/LXC/Config.pm | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/PVE/API2/LXC/Config.pm b/src/PVE/API2/LXC/Config.pm
index 5cbc014..0697043 100644
--- a/src/PVE/API2/LXC/Config.pm
+++ b/src/PVE/API2/LXC/Config.pm
@@ -123,7 +123,13 @@ __PACKAGE__->register_method({
 		    description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
 		    maxLength => 40,
 		    optional => 1,
-		}
+		},
+		lxc => {
+		    description => "Array of lxc low-level configurations ([[key1, value1], [key2, value2] ...]).",
+		    type => 'array',
+		    items => { type => 'array', items => { type => 'string' }},
+		    optional => 1,
+		},
 	    }),
     },
     returns => { type => 'null'},
@@ -208,6 +214,10 @@ __PACKAGE__->register_method({
 
 	    my $running = PVE::LXC::check_running($vmid);
 
+	    if (defined($param->{lxc})) {
+		$conf->{lxc} = $param->{lxc};
+	    }
+
 	    my $errors = PVE::LXC::Config->update_pct_config($vmid, $conf, $running, $param, \@delete, \@revert);
 	    # don't write to config if we get any errors – this can result in a broken config
 	    raise_param_exc($errors) if scalar(keys %$errors);
-- 
2.48.1


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [pve-devel] [PATCH container 1/1] close #1543: allow low-level lxc update
  2025-01-23 22:29 ` [pve-devel] [PATCH container 1/1] " Simon LEONARD
@ 2025-01-27 11:05   ` Fabian Grünbichler
  0 siblings, 0 replies; 3+ messages in thread
From: Fabian Grünbichler @ 2025-01-27 11:05 UTC (permalink / raw)
  To: Proxmox VE development discussion; +Cc: Simon LEONARD

On January 23, 2025 11:29 pm, Simon LEONARD wrote:
> Signed-off-by: Simon LEONARD <git-1001af4@sinux.sh>
> ---
>  src/PVE/API2/LXC/Config.pm | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/src/PVE/API2/LXC/Config.pm b/src/PVE/API2/LXC/Config.pm
> index 5cbc014..0697043 100644
> --- a/src/PVE/API2/LXC/Config.pm
> +++ b/src/PVE/API2/LXC/Config.pm
> @@ -123,7 +123,13 @@ __PACKAGE__->register_method({
>  		    description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
>  		    maxLength => 40,
>  		    optional => 1,
> -		}
> +		},
> +		lxc => {
> +		    description => "Array of lxc low-level configurations ([[key1, value1], [key2, value2] ...]).",
> +		    type => 'array',
> +		    items => { type => 'array', items => { type => 'string' }},
> +		    optional => 1,
> +		},
>  	    }),
>      },
>      returns => { type => 'null'},
> @@ -208,6 +214,10 @@ __PACKAGE__->register_method({
>  
>  	    my $running = PVE::LXC::check_running($vmid);
>  
> +	    if (defined($param->{lxc})) {
> +		$conf->{lxc} = $param->{lxc};

this would need to at least check that the provided values are valid
(PVE::LXC::Config::is_valid_lxc_conf_key)..

but it would also need to be limited to root@pam only (in
PVE::LXC::check_ct_modify_config_perm), since it allows overriding
fundamental settings also related to the security of the container..

what options are you frequently setting that would require this? we try
to move those to PVE-provided options with proper ACLs to avoid the need
for such root-only calls..

> +	    }
> +
>  	    my $errors = PVE::LXC::Config->update_pct_config($vmid, $conf, $running, $param, \@delete, \@revert);
>  	    # don't write to config if we get any errors – this can result in a broken config
>  	    raise_param_exc($errors) if scalar(keys %$errors);
> -- 
> 2.48.1
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-01-27 11:06 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-23 22:29 [pve-devel] [PATCH container 0/1] close #1543: allow low-level lxc update Simon LEONARD
2025-01-23 22:29 ` [pve-devel] [PATCH container 1/1] " Simon LEONARD
2025-01-27 11:05   ` Fabian Grünbichler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal