From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>,
"pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>,
"aderumier@odiso.com" <aderumier@odiso.com>
Subject: Re: [pve-devel] applied: Re: [PATCH v4 qemu-server 1/1] api2: add check_bridge_access for create/update/clone/restore vm
Date: Fri, 9 Jun 2023 09:26:45 +0200 [thread overview]
Message-ID: <9c947548-faeb-3c0b-39b7-3419132dc3e4@proxmox.com> (raw)
In-Reply-To: <2d733aef667e35882030791a8ce6681eadb3c818.camel@groupe-cyllene.com>
On 09/06/2023 09:00, DERUMIER, Alexandre wrote:
> Le jeudi 08 juin 2023 à 18:02 +0200, Thomas Lamprecht a écrit :
>> On 07/06/2023 14:03, Alexandre Derumier wrote:
>>> Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
>>> ---
>>> PVE/API2/Qemu.pm | 33 +++++++++++++++++++++++++++++----
>>> 1 file changed, 29 insertions(+), 4 deletions(-)
>>>
>>>
>>
>> applied, with Fabians R-b, thanks.
>>
>> Made a follow-up moving the checker method to QemuServer and
>> replacing getting
>> the config fromthe archive twice by checking after the config from
>> the backup
>> and the override pa<rameters passed on restore got merged into the
>> actual target
>> config, so this wasn't only a inefficiency thing IIUC, but actually
>> wrong, i.e.,
>> if one passed a override for a netX property the one from the backup
>> got checked,
>> not the effective one.
>>
> Thanks Thomas.
>
> Just wonder, could it be done before disk restore ? (That's what I was
> trying to do)>
> it seem to be inefficiency too to check it after disk restore (if for
> example, user restore a big backup, taking hours)
yes, sure, but as mentioned in the commit message, if it's checked
to late other things happen to early, as doing stuff before having
the merged config seems odd.
And I did not wanted to re-work that part in a hurry, we can improve
that still in the next week(s).
>
> I have done a test from the gui
> "
> ...
> progress 98% (read 21045379072 bytes, duration 14 sec)
> progress 99% (read 21260140544 bytes, duration 14 sec)
> progress 100% (read 21474836480 bytes, duration 14 sec)
> total bytes read 21474836480, sparse bytes 18656022528 (86.9%)
> space reduction due to 4K zero blocks 4.54%
> no lock found trying to remove 'create' lock
> error before or during data restore, some or all disks were not
> completely restored. VM 249 state is NOT cleaned up.
> TASK ERROR: 403 Permission check failed
> (/sdn/zones/localnetwork/vmbr0/96, SDN.Use)
>
> "
>
> The vm config file is created, mostly empty:
> /etc/pve/qemu-server/<vmid>.conf
> memory:128
>
> and the restored disk are not removed too
>
>
Yes, that's not ideal, but the check is now actually correct; the existing
order of restore and config merging needs the fixing.
next prev parent reply other threads:[~2023-06-09 7:27 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-07 12:03 [pve-devel] [PATCH-SERIE pve-access-control/pve-manager/pve-guest-common/qemu-server/pve-network] check permissions on local bridge Alexandre Derumier
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-access-control 1/3] access control: add /sdn/zones/<zone>/<vnet>/<vlan> path Alexandre Derumier
2023-06-07 14:41 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v4 qemu-server 1/1] api2: add check_bridge_access for create/update/clone/restore vm Alexandre Derumier
2023-06-07 14:52 ` Fabian Grünbichler
2023-06-07 16:46 ` DERUMIER, Alexandre
2023-06-08 16:02 ` [pve-devel] applied: " Thomas Lamprecht
2023-06-09 7:00 ` DERUMIER, Alexandre
2023-06-09 7:14 ` DERUMIER, Alexandre
2023-06-09 7:29 ` Thomas Lamprecht
2023-06-09 8:28 ` DERUMIER, Alexandre
2023-06-09 7:26 ` Thomas Lamprecht [this message]
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 1/4] api2: network: check permissions for local bridges Alexandre Derumier
2023-06-07 14:45 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH pve-network 1/1] get_local_vnets: fix permission path && perm Alexandre Derumier
2023-06-07 14:56 ` Fabian Grünbichler
2023-06-07 16:27 ` DERUMIER, Alexandre
2023-06-08 1:34 ` DERUMIER, Alexandre
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-guest-common 1/1] helpers : add check_vnet_access Alexandre Derumier
2023-06-07 14:48 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 2/4] api2: cluster: ressources: add "localnetwork" zone Alexandre Derumier
2023-06-07 14:44 ` Fabian Grünbichler
2023-06-07 17:18 ` DERUMIER, Alexandre
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-access-control 2/3] rpcenvironnment: add check_sdn_bridge Alexandre Derumier
2023-06-07 14:41 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v2 pve-access-control 3/3] add new SDN.use privilege in PVESDNUser role Alexandre Derumier
2023-06-07 14:42 ` [pve-devel] applied: " Fabian Grünbichler
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 3/4] ui: add vnet permissions panel Alexandre Derumier
2023-06-07 12:03 ` [pve-devel] [PATCH v3 pve-manager 4/4] ui: add permissions management for "localnetwork" zone Alexandre Derumier
2023-06-12 14:39 ` [pve-devel] applied-series: [PATCH-SERIE pve-access-control/pve-manager/pve-guest-common/qemu-server/pve-network] check permissions on local bridge Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9c947548-faeb-3c0b-39b7-3419132dc3e4@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=aderumier@odiso.com \
--cc=alexandre.derumier@groupe-cyllene.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox