On 16/04/2024 14:20, Fabian Grünbichler wrote: > and handle them when parsing/writing user.cfg > > Signed-off-by: Fabian Grünbichler > --- > > Notes: > - make limit schema public for pve-guest-common usage > > src/PVE/AccessControl.pm | 42 +++++++++++++++++++++++++++++++++++++-- > src/test/parser_writer.pl | 14 ++++++------- > 2 files changed, 47 insertions(+), 9 deletions(-) > > diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm > index 21f93ff..f1863c8 100644 > --- a/src/PVE/AccessControl.pm > +++ b/src/PVE/AccessControl.pm > @@ -72,6 +72,36 @@ sub pve_verify_realm { > PVE::Auth::Plugin::pve_verify_realm(@_); > } > > +our $pool_limits_desc = { > + "mem-config" => { > + type => 'integer', > + description => "Sum of memory (in MB) guests in this pools can be configured with.", I think this should be in MiB. Also, I think it's a little bit more readable if we'd rephase it to use either "maximum amount of" or "upper limit for", e.g.: "The maximum amount of memory (in MiB), which can be configured for all guests in this pool." > + optional => 1, > + }, > + "mem-run" => { > + type => 'integer', > + description => "Sum of memory (in MB) guests in this pools can be started with.", I think this should be in MiB. Similar changes as to 'mem-config', e.g.: "The maximum amount of memory (in MiB), which can be configured for running guests in this pool at the same time." And maybe append something like: "This amount must be lower than 'mem-config'." I thought about using "allocated to" instead of "configured for", but this would likely cause readers to believe that it's the actual allocated amount of memory. > + optional => 1, > + }, > + "cpu-config" => { > + type => 'integer', > + description => "Sum of (virtual) cores guests in this pools can be configured with.", Similar to 'mem-config': "The maximum amount of virtual CPU cores, which can be configured for all guests in this pool." > + optional => 1, > + }, > + "cpu-run" => { > + type => 'integer', > + description => "Sum of (virtual) cores guests in this pools can be started with.", Similar to 'mem-run': "The maximum amount of virtual CPU cores, which can be configured for running guests in this pool at the same time. This amount must be lower than 'cpu-config'." > + optional => 1, > + }, > +}; > + > +PVE::JSONSchema::register_format('pve-pool-limits', $pool_limits_desc); > +PVE::JSONSchema::register_standard_option('pve-pool-limits', { > + type => 'string', > + format => $pool_limits_desc, > + optional => 1, > +}); > + > # Locking both config files together is only ever allowed in one order: > # 1) tfa config > # 2) user config > @@ -1524,7 +1554,7 @@ sub parse_user_config { > warn "user config - ignore invalid path in acl '$pathtxt'\n"; > } > } elsif ($et eq 'pool') { > - my ($pool, $comment, $vmlist, $storelist) = @data; > + my ($pool, $comment, $vmlist, $storelist, $limits) = @data; > > if (!verify_poolname($pool, 1)) { > warn "user config - ignore pool '$pool' - invalid characters in pool name\n"; > @@ -1575,6 +1605,13 @@ sub parse_user_config { > } > $cfg->{pools}->{$pool}->{storage}->{$storeid} = 1; > } > + > + if ($limits) { > + my $parsed_limits = eval { PVE::JSONSchema::parse_property_string($pool_limits_desc, $limits) }; > + warn "Failed to parse pool limits for '$pool' - $@\n" if $@; > + > + $cfg->{pools}->{$pool}->{limits} = $parsed_limits; > + } > } elsif ($et eq 'token') { > my ($tokenid, $expire, $privsep, $comment) = @data; > > @@ -1656,7 +1693,8 @@ sub write_user_config { > my $vmlist = join (',', sort keys %{$d->{vms}}); > my $storelist = join (',', sort keys %{$d->{storage}}); > my $comment = $d->{comment} ? PVE::Tools::encode_text($d->{comment}) : ''; > - $data .= "pool:$pool:$comment:$vmlist:$storelist:\n"; > + my $limits = $d->{limits} ? PVE::JSONSchema::print_property_string($d->{limits}, $pool_limits_desc) : ''; > + $data .= "pool:$pool:$comment:$vmlist:$storelist:$limits:\n"; > } > > $data .= "\n"; > diff --git a/src/test/parser_writer.pl b/src/test/parser_writer.pl > index 80c346b..2e6eb61 100755 > --- a/src/test/parser_writer.pl > +++ b/src/test/parser_writer.pl > @@ -431,12 +431,12 @@ my $default_raw = { > 'test_role_privs_invalid' => 'role:testrole:VM.Invalid,Datastore.Audit,VM.Allocate:', > }, > pools => { > - 'test_pool_empty' => 'pool:testpool::::', > - 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d:', > - 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs:', > - 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234::', > - 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms::::', > - 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs:', > + 'test_pool_empty' => 'pool:testpool:::::', > + 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d::', > + 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs::', > + 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234:::', > + 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms:::::', > + 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs::', > }, > acl => { > 'acl_simple_user' => 'acl:1:/:test@pam:PVEVMAdmin:', > @@ -1018,7 +1018,7 @@ my $tests = [ > 'user:test@pam:0:0::::::'."\n". > 'token:test@pam!test:0:0::'."\n\n". > 'group:testgroup:::'."\n\n". > - 'pool:testpool::::'."\n\n". > + 'pool:testpool:::::'."\n\n". > 'role:testrole::'."\n\n", > }, > ]; > -- > 2.39.2