From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 7ED069F699 for ; Fri, 9 Jun 2023 09:27:18 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 56C952A271 for ; Fri, 9 Jun 2023 09:26:48 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 9 Jun 2023 09:26:47 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id C0447428D6; Fri, 9 Jun 2023 09:26:46 +0200 (CEST) Message-ID: <9c947548-faeb-3c0b-39b7-3419132dc3e4@proxmox.com> Date: Fri, 9 Jun 2023 09:26:45 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-GB To: "DERUMIER, Alexandre" , "pve-devel@lists.proxmox.com" , "aderumier@odiso.com" References: <20230607120357.4177891-1-aderumier@odiso.com> <20230607120357.4177891-3-aderumier@odiso.com> <9f4def0e-9a3e-04f0-d08d-97b2317a8438@proxmox.com> <2d733aef667e35882030791a8ce6681eadb3c818.camel@groupe-cyllene.com> From: Thomas Lamprecht In-Reply-To: <2d733aef667e35882030791a8ce6681eadb3c818.camel@groupe-cyllene.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.082 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [qemu.pm] Subject: Re: [pve-devel] applied: Re: [PATCH v4 qemu-server 1/1] api2: add check_bridge_access for create/update/clone/restore vm X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jun 2023 07:27:18 -0000 On 09/06/2023 09:00, DERUMIER, Alexandre wrote: > Le jeudi 08 juin 2023 à 18:02 +0200, Thomas Lamprecht a écrit : >> On 07/06/2023 14:03, Alexandre Derumier wrote: >>> Signed-off-by: Alexandre Derumier >>> --- >>>  PVE/API2/Qemu.pm | 33 +++++++++++++++++++++++++++++---- >>>  1 file changed, 29 insertions(+), 4 deletions(-) >>> >>> >> >> applied, with Fabians R-b, thanks. >> >> Made a follow-up moving the checker method to QemuServer and >> replacing getting >> the config fromthe archive twice by checking after the config from >> the backup >> and the override pa> actual target >> config, so this wasn't only a inefficiency thing IIUC, but actually >> wrong, i.e., >> if one passed a override for a netX property the one from the backup >> got checked, >> not the effective one. >> > Thanks Thomas. > > Just wonder, could it be done before disk restore ? (That's what I was > trying to do)> > it seem to be inefficiency too to check it after disk restore (if for > example, user restore a big backup, taking hours) yes, sure, but as mentioned in the commit message, if it's checked to late other things happen to early, as doing stuff before having the merged config seems odd. And I did not wanted to re-work that part in a hurry, we can improve that still in the next week(s). > > I have done a test from the gui > " > ... > progress 98% (read 21045379072 bytes, duration 14 sec) > progress 99% (read 21260140544 bytes, duration 14 sec) > progress 100% (read 21474836480 bytes, duration 14 sec) > total bytes read 21474836480, sparse bytes 18656022528 (86.9%) > space reduction due to 4K zero blocks 4.54% > no lock found trying to remove 'create' lock > error before or during data restore, some or all disks were not > completely restored. VM 249 state is NOT cleaned up. > TASK ERROR: 403 Permission check failed > (/sdn/zones/localnetwork/vmbr0/96, SDN.Use) > > " > > The vm config file is created, mostly empty: > /etc/pve/qemu-server/.conf > memory:128 > > and the restored disk are not removed too > > Yes, that's not ideal, but the check is now actually correct; the existing order of restore and config merging needs the fixing.