From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <f.ebner@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 9F65670B8F
 for <pve-devel@lists.proxmox.com>; Fri, 25 Jun 2021 10:30:15 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 9076715831
 for <pve-devel@lists.proxmox.com>; Fri, 25 Jun 2021 10:29:45 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id D284015827
 for <pve-devel@lists.proxmox.com>; Fri, 25 Jun 2021 10:29:44 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A9C4D4678D
 for <pve-devel@lists.proxmox.com>; Fri, 25 Jun 2021 10:29:44 +0200 (CEST)
From: Fabian Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Fri, 25 Jun 2021 10:29:40 +0200
Message-Id: <20210625082940.25449-2-f.ebner@proxmox.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20210625082940.25449-1-f.ebner@proxmox.com>
References: <20210625082940.25449-1-f.ebner@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.650 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [pve6to7.pm]
Subject: [pve-devel] [PATCH manager 2/2] pve6to7: more fine-grained
 detection of misconfigured guest volumes
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2021 08:30:15 -0000

If neither 'rootdir' nor 'images' are configured on a storage, but there are
guest images, just log the number of volumes found, instead of listing all and
warning. They might well be false positive (e.g. same backing storage configured
with different content types).

Also detect content type mismatch for all volumes referenced by guests, which
also covers the case of a VM image on a storage with only 'rootdir' and vice
versa.

Change the message from 'will not work' to 'might not work'. If a volume only
referenced by a snapshot is misconfigured, it doesn't mean that the guest
doesn't work at all. Or it might be an ISO on a misconfigured storage.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
 PVE/CLI/pve6to7.pm | 101 +++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 94 insertions(+), 7 deletions(-)

diff --git a/PVE/CLI/pve6to7.pm b/PVE/CLI/pve6to7.pm
index 3d5b780b..70600c89 100644
--- a/PVE/CLI/pve6to7.pm
+++ b/PVE/CLI/pve6to7.pm
@@ -734,21 +734,108 @@ sub check_storage_content {
 	next if $scfg->{type} ne 'dir' && $scfg->{content}->{none};
 
 	my $res = PVE::Storage::vdisk_list($storage_cfg, $storeid);
-	my $disk_list = $res->{$storeid};
+	my @volids = map { $_->{volid} } $res->{$storeid}->@*;
 
-	my @volumes = map { $_->{volid} } $disk_list->@*;
+	if ((my $number = scalar(@volids)) > 0) {
+	    log_info("storage '$storeid' - neither content type 'images' nor 'rootdir' configured"
+		.", but found '$number' guest volume(s)");
+	}
+    }
+
+    # now check referenced volids
+
+    my $check_volid = sub {
+	my ($volid, $vmid, $vmtype, $reference) = @_;
+
+	my $guesttext = $vmtype eq 'qemu' ? 'VM' : 'CT';
+	my $prefix = "$guesttext $vmid - volume '$volid' (in $reference)";
+
+	my ($storeid) = PVE::Storage::parse_volume_id($volid, 1);
+	return if !defined($storeid);
+
+	my $scfg = $storage_cfg->{ids}->{$storeid};
+	if (!$scfg) {
+	    $pass = 0;
+	    log_warn("$prefix - storage does not exist!");
+	    return;
+	}
 
-	if (scalar(@volumes) > 0) {
+	# cannot use parse_volname for containers, as it can return 'images'
+	# but containers cannot have ISO images attached, so assume 'rootdir'
+	my $vtype = 'rootdir';
+	if ($vmtype eq 'qemu') {
+	    ($vtype) = PVE::Storage::parse_volname($storage_cfg, $volid);
+	}
+
+	if (!$scfg->{content}->{$vtype}) {
 	    $found = 1;
 	    $pass = 0;
-	    log_warn("storage '$storeid' - neither content type 'images' nor 'rootdir' configured"
-		.", but found guest volume(s):\n    " . join("\n    ", @volumes));
+	    log_warn("$prefix - storage does not have content type '$vtype' configured.");
+	}
+    };
+
+    my $cts = PVE::LXC::config_list();
+    for my $vmid (sort { $a <=> $b } keys %$cts) {
+	my $conf = PVE::LXC::Config->load_config($vmid);
+
+	my $volhash = {};
+
+	my $check = sub {
+	    my ($ms, $mountpoint, $reference) = @_;
+
+	    my $volid = $mountpoint->{volume};
+	    return if !$volid || $mountpoint->{type} ne 'volume';
+
+	    return if $volhash->{$volid}; # volume might be referenced multiple times
+
+	    $volhash->{$volid} = 1;
+
+	    $check_volid->($volid, $vmid, 'lxc', $reference);
+	};
+
+	my $opts = { include_unused => 1 };
+	PVE::LXC::Config->foreach_volume_full($conf, $opts, $check, 'config');
+	for my $snapname (keys $conf->{snapshots}->%*) {
+	    my $snap = $conf->{snapshots}->{$snapname};
+	    PVE::LXC::Config->foreach_volume_full($snap, $opts, $check, "snapshot '$snapname'");
+	}
+    }
+
+    my $vms = PVE::QemuServer::config_list();
+    for my $vmid (sort { $a <=> $b } keys %$vms) {
+	my $conf = PVE::QemuConfig->load_config($vmid);
+
+	my $volhash = {};
+
+	my $check = sub {
+	    my ($key, $drive, $reference) = @_;
+
+	    my $volid = $drive->{file};
+	    return if $volid =~ m|^/|;
+
+	    return if $volhash->{$volid}; # volume might be referenced multiple times
+
+	    $volhash->{$volid} = 1;
+
+	    $check_volid->($volid, $vmid, 'qemu', $reference);
+	};
+
+	my $opts = {
+	    extra_keys => ['vmstate'],
+	    include_unused => 1,
+	};
+	# startup from a suspended state works even without 'images' content type on the
+	# state storage, so do not check 'vmstate' for $conf
+	PVE::QemuConfig->foreach_volume_full($conf, { include_unused => 1 }, $check, 'config');
+	for my $snapname (keys $conf->{snapshots}->%*) {
+	    my $snap = $conf->{snapshots}->{$snapname};
+	    PVE::QemuConfig->foreach_volume_full($snap, $opts, $check, "snapshot '$snapname'");
 	}
     }
 
     if ($found) {
-	log_warn("PVE 7.0 enforces stricter content type checks. Guests referencing the above " .
-	    "volumes will not work until the storage configuration is fixed.");
+	log_warn("PVE 7.0 enforces stricter content type checks. The guests above " .
+	    "might not work until the storage configuration is fixed.");
     }
 
     if ($pass) {
-- 
2.20.1