From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 3ECE01FF15E for ; Fri, 20 Sep 2024 14:32:55 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3826535E0D; Fri, 20 Sep 2024 14:33:03 +0200 (CEST) To: Fiona Ebner , Proxmox VE development discussion Date: Fri, 20 Sep 2024 12:32:13 +0000 References: In-Reply-To: MIME-Version: 1.0 Message-ID: List-Id: Proxmox VE development discussion List-Post: From: Pavel Tide via pve-devel Precedence: list Cc: Pavel Tide X-Mailman-Version: 2.1.29 X-BeenThere: pve-devel@lists.proxmox.com List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Proxmox VE development discussion List-Help: Subject: Re: [pve-devel] Bug 2582 roadmap Content-Type: multipart/mixed; boundary="===============4002271453850884623==" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" --===============4002271453850884623== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: pve-devel@lists.proxmox.com Delivered-To: pve-devel@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 867C5C0829 for ; Fri, 20 Sep 2024 14:33:01 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6421535CE0 for ; Fri, 20 Sep 2024 14:32:31 +0200 (CEST) Received: from mx2.veeam.com (mx2.veeam.com [38.133.70.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 20 Sep 2024 14:32:29 +0200 (CEST) Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2176.outbound.protection.outlook.com [104.47.57.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.veeam.com (Postfix) with ESMTPS id 09FBC801A0; Fri, 20 Sep 2024 08:32:17 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=veeam.com; s=mx24; t=1726835538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=H0SRk8W601S/y2nwhcjL5Vu0Fz7e5l5MmuUvlyDrOVA=; b=WrV9uleur6P6NMd8WsZ6Pqr2FznCTPXaNNBkYmNu0r/CE5u5OrZJJtL15tjLwaHBr2HhKd R6O2OSgg3O4YEfri2EJZ6VCU/Fg89+QxuGU+fUmCI0jb2hs+OJguHbSe1/hRWLauUXithX U9eoV1dRWlDYMstcqKb6hgvyR9EJD6O0LzDp4GezIzBdeeX4My3wd7lFGYCrCmDXyRmbVv HitvHjFHUaHFlkPAbvDyB3IG0/aCKAmF0qUmoiaqJNsuiAOQF+7AvtnR/ciCnVSmLLFLbP R0/Z/DRGUBBl+CuleTwbm3B2ojkzAOwXMmWB4M966ZfKqGQbgVFL/LTXzI2esg== ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jc8FESY26+lYDii9CVHlVJ0ZxoMSxLXgn7M5YZuqlu7PMVIKEVns6WU7FHtk75iPeaA7AsGrJt1goFQekus1qJ3IfmF4NMEbwlxP2oTG/ibKBK7QSl+YNi/a4t4K9Sqt1nsStPCBpW3UvfBStU1faVaAIVqu8Whm6OO0VX2ku5NLz2Kmst+IR0GqcN5wvLwGflaV+uRycmBzeqbXlxPzmcucTCVAB0k2TWxT7Qn7EHavA0eO4AySz4mTBCF3+KIDEGthhsdossyA1M8M9EGaS+lmRGtylVW4pyUbFnAOfdRvbRs7GgiDHiv5Gv2nIhn7zvBtapqXdgbdeyehFKJq9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H0SRk8W601S/y2nwhcjL5Vu0Fz7e5l5MmuUvlyDrOVA=; b=kOFOV5Acyv9E0RlYOYvis+lvPAQD2QVZBOXIIKO7IH59SAwmzd3NP41I7sacNgxnn9zv92BDCXejDIB9kW36AVY3BvveKx4oUYigTzYgfLIGEEoMSZSpEr2kOeQPwg4I+HBQvIu0nY/k3FtRoPw560Wovx6rmWlOJyK/AqNvmlH0sR4FNYElpoFLeF1OE0aPmzrcH13VnNxr6p8RIy77SWEgH8h6yaaaOswIVSLkSd6sCOAvIs/4BfMdfjdhLAjkg0RMa6hed1joQLADR5MkhRIuaKwv770Pq7kRKZamSIy7WTUGYfW5aCn4fN91fKmVcpfIiAwDCxM53/CznN+I9Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=veeam.com; dmarc=pass action=none header.from=veeam.com; dkim=pass header.d=veeam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=veeam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H0SRk8W601S/y2nwhcjL5Vu0Fz7e5l5MmuUvlyDrOVA=; b=Ouxf7VdDzBjLQgaKoUSwwumYilbPujoa4kJi6vxQswUi6yDrm1zBbGpOiBwdmm4VRBRz97zM8ULx17kBgAUdQEg6559QOPKfULPNGIKFEF9trTDzMSYj/MGE496OxunaIHLnK9C4wbq5rX6FTx0z1/ZxwanruV2TkPbVuVgWLF0eHv/NohtY2aHdmnInHjtje3aY/DcfB2IAtaPfqRslcDU+Kq0sdXkwP8PK1EtTus+sio+SwDu/shqt+oIISIDUztiPCIZxZf3090AVeEy5H2msvDQcjMv+TneSx/dgKREpCBdAfUULdYLP7KIeScqA1g//DuXkJN3uXeReFnwJnw== Received: from IA0PR14MB6767.namprd14.prod.outlook.com (2603:10b6:208:401::16) by BN8PR14MB3412.namprd14.prod.outlook.com (2603:10b6:408:d7::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7982.23; Fri, 20 Sep 2024 12:32:14 +0000 Received: from IA0PR14MB6767.namprd14.prod.outlook.com ([fe80::31ce:2281:ab9d:d718]) by IA0PR14MB6767.namprd14.prod.outlook.com ([fe80::31ce:2281:ab9d:d718%6]) with mapi id 15.20.7982.016; Fri, 20 Sep 2024 12:32:13 +0000 From: Pavel Tide To: Fiona Ebner , Proxmox VE development discussion Subject: RE: [pve-devel] Bug 2582 roadmap Thread-Topic: [pve-devel] Bug 2582 roadmap Thread-Index: AQHbA2rVjmqMSqATy0+DXAvUlefA/rJVXsyAgAtKFqA= Date: Fri, 20 Sep 2024 12:32:13 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=veeam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA0PR14MB6767:EE_|BN8PR14MB3412:EE_ x-ms-office365-filtering-correlation-id: dd4302b8-b255-42fe-e336-08dcd9704188 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700018; x-microsoft-antispam-message-info: =?us-ascii?Q?Hu+q7trfGk7xKdryGaN65dIwF4yd91RZ4xCSiUlZSeu7Rl7pjrbXfMm8QHms?= =?us-ascii?Q?u/7rf1CT0vgqRipKxJtjq/gpbEfq2RDLBbndPmoaUP8D1cINCZkYbBtDCKbs?= =?us-ascii?Q?7OwlUW8LoqFW9Au1lcRrxXTZHaduDNczyXvHvv+lwL7dpTBpsCRhRUNQWW7N?= =?us-ascii?Q?qPqr4NeU0PKYrYqjM3rjDKsOc1RRW8n7c4/sKOdyHMvPLv1NyUmqRtxyU81j?= =?us-ascii?Q?9GYlbWwxTjvq+pD4xV6eNq/CBy+A7tDhllKmFZyurH+/ZZok5wKGigo+oaaH?= =?us-ascii?Q?mEfJ7VB9Twd28FmlM6OckFPFZ4uIOKyanRTnx4udgKQdXkcH4MWdf5koy0/E?= =?us-ascii?Q?TO4tbVZ0oXHETGNa3DnWMnUecy2SZiHwU4MJUccJbTm/Q26xIInbQi+Sx7OG?= =?us-ascii?Q?yjFEnUIH0krn7DrInsReL3fqdAsLocZNKO/o6/f4INIPwwxCgcvI6tGpV0gF?= =?us-ascii?Q?Ervagyq6b+EEcyw2CfpEbtIP3ZMjC1k8s/kzKIsC9NlOYwtIdD7cRCMUWCew?= =?us-ascii?Q?N0dS/qEVyMu3kS53HdoIv07VYK/r72pBPujWYrVZa/huXcdhQMzMYxTAqvMz?= =?us-ascii?Q?w/6ZDD4+ggNbQBUtLYpbUvm+NPZN2xu8bDl2/DX0VbNbublKexN4pdfMgtaW?= =?us-ascii?Q?6MWxi/xj6KQ2p1C0T0ql7dUP8xsMGZonuJZa50TiHTAfLa1U8GqkUiSwHT6K?= =?us-ascii?Q?itVpwb5ED0pYCHzXySrA6aUob9MCKKsfEuwCy0Cg3yhDI3V9O/CRMCUFD2yM?= =?us-ascii?Q?+nO3FrARnLHUE6bnnrxTIgDUbUfTxsQtOQ4oLG9UD5JbNVlrTgPhRLIu8ZEI?= =?us-ascii?Q?VB4y/OuyK+5CmAkFL2hWuyjN2OZfMfBoZc/qlmQKQq7L8qh1MELrFBSTvDhp?= =?us-ascii?Q?eL34KyyQxC2WKpdzRtI2tl4hRmMcXjLjz7+Dza3D7djQ/LawpR8KnB17S5da?= =?us-ascii?Q?Oy3duJUnFefYuQjR3YC3gWbUjmU7RRsiAgV7Z2wQzERBduD/LE6xEDIVbPtO?= =?us-ascii?Q?YB5ZGlsMrK2RsQgAB/kY1DavYMXU+qkr4taBnofafJzdr05lcQuONq+42hnp?= =?us-ascii?Q?/qB0ccBo+/DCz6wEt0L9lTwAUvG0nxoOmv1cyj84nDNL7TylsQbJXBziic5R?= =?us-ascii?Q?4CC6MgV+ntO6xiVNElwFA1ZlTnQrjGBDhsBAcoH5j+kFR515YM3RrLHd38ks?= =?us-ascii?Q?aU+TQNpvChBAvpCrLZZ79UHnS8Uz6XmZm0IoP8gBmaoII4HoWt9452GbeBBQ?= =?us-ascii?Q?zEyNORMTyrhZiQYplUkhSDjdiSK4GwJwrFpXMZNmkoWDjHHFekwvAybAwcuI?= =?us-ascii?Q?CgE=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA0PR14MB6767.namprd14.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?GPpLJE8b3Q/MpsaCJ8awxAAvQa06QT4RLeyTl6f/QKFhymNuRp/BzcSj527f?= =?us-ascii?Q?jRgCfyYVYA1VIy8WerRTi5Ri6Pqq5AUg4vAUmCIjRpmrdCBvR/RFQWCWpz0W?= =?us-ascii?Q?zwuwylR/FCJiGfMKTQoLahLXoZdG14d7riS3rEhOvMal9WqnFAGk5fHigpLc?= =?us-ascii?Q?mTbsQgBlaCH/NaOJ1riDl4cDg+w4iey4TskDvh4IcJjDErmc9wvScmqSCHaw?= =?us-ascii?Q?ZsxvTpiAu+IzhsxdOSjwLZx8kA0Y70V1c8ibSjvX3qGkEe9Tj/c6xYBbWEYS?= =?us-ascii?Q?HEf6J5JcxW8NwkTCZuVwSkgHJTqI6RG3/glyMCMsQ+hy5MGfK3c9tDNrJ5zY?= =?us-ascii?Q?2UKF92f8DR5p2CXPhngdAYoTorWrzDA4OJT0U82iwN9JORiFjbHx7Dhp6Sd7?= =?us-ascii?Q?R5LXJPLUSCALiGyG2fP0So87TwHfeu/4n2zC5vIT9yo6ofSJBRrzK9peL8s1?= =?us-ascii?Q?XZIP3xfnuu0iTCfg9HT38JYxlpifGPz3fjoX+9Wlscle2w4d3rq3BdmrKSSc?= =?us-ascii?Q?2PEiqi/f4N/aGRDd+K+e0yDTvf09uBdh6zbV3iZtce5ZPjkONjy7eNMQiSIc?= =?us-ascii?Q?6K6TDH/eW6HsD8vQO8BDq2+BW5f2UFxZC3zKeISH9tFyl30OMmatXfNzTql8?= =?us-ascii?Q?W20oDmHNW7io/BGnmU+jAl2WLRzfoQi2NAwwxY3GVFqALsrPZaSM7BhFvbzj?= =?us-ascii?Q?eDeOJDbM9QScxVK7DFh2e8irbmGSm461F1hO5WN/zDRUYnIrIwQNoLgnWnSe?= =?us-ascii?Q?GmQfwL1xrReNo0XTVLlTrqdsuUiz+jbd3OK92htrI89H2eMShHNJpVXrrkU3?= =?us-ascii?Q?+xADnr8NhC8N6+V0BOPIGKIhxGpHNTPHYgOmmbP4g6iyMG95yMb8GUld9Fh3?= =?us-ascii?Q?TiwGsm//S03EAv/JSnrhlGV/8nuonokOdFXbN++TSFUSkVtQ535DW2FffuWH?= =?us-ascii?Q?+dMSZ2APPb0sK69zzPjQCaBZA1f/x7PtGRD6BW1hXz28/VloUKD+AmYM4S50?= =?us-ascii?Q?mk8Aw52yXEIWl+D/uW5QF7zq7Ek4dGlx4oUm1vI1GdhQlVCh+7UzOMoqjMCq?= =?us-ascii?Q?LN+7aXOKppwgHW1BJYqEmcMZR6bPloWgvFHjHWQU7Og8aWXkLNk/044ALxTU?= =?us-ascii?Q?OUzLDgUrem7f+20thGevFPMoxD2Y7cz6Ax4wdXz5ldqyYhVGOmO/hVwQ7wiE?= =?us-ascii?Q?jffzQFjid8kcXo+F+NgGr9zewB7X8UPVwNtX+TmmhZ/rbTNA9Gv+9BAH1dBA?= =?us-ascii?Q?F4s9iEtRXuUYpwOD1tI66Fdmxd2RS2x1GyPsHomnWzspgllL/emrmoP/jx/K?= =?us-ascii?Q?HxbJNNEKNeonvzQthP+LCZ0V+Kn2d1vTO2P5YgnliHSf60f0sox0vmOFG6NQ?= =?us-ascii?Q?uqRS5GvwNRh5DspBwtZeLeVLeQ7Dch2norcjqgjbuWBNFgWyFEmw4E1LjHHN?= =?us-ascii?Q?oH0nyw+6EeprNLXsfdRcx6xTYUzz9AA1KjgqRyVcpdc8kyNIPojeCXPQlWkz?= =?us-ascii?Q?fy+I6wGe5lv5wk2nC6nDlTfwF2kFls8fy1rPNjCqHYC5CjYajYtEozyEm0K6?= =?us-ascii?Q?YHfvgNdtm75Dv3otQLE=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: veeam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA0PR14MB6767.namprd14.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: dd4302b8-b255-42fe-e336-08dcd9704188 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2024 12:32:13.8314 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ba07baab-431b-49ed-add7-cbc3542f5140 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: I0BnynO7/+A1rpUlM9jvifKVpMy2XtgUs6P6Zlc26pJdxwAQ2OofJea0MFzDdLVo X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR14MB3412 X-SPAM-LEVEL: Spam detection results: 0 ARC_SIGNED 0.001 Message has a ARC signature ARC_VALID 0.001 Message has a valid ARC signature AWL -0.071 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIMWL_WL_HIGH -0.001 DKIMwl.org - High trust sender DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [veeam.com,proxmox.com] Hi Fiona, Thank you for helping me out and sorry for my late response. The issue is that right now to work with PVE we have to do the following: 1) Connect via SSH to the PVE node and deploy a helper virtual machine (so = that users don't have to do it manually) 2) Access the Proxmox VE API to perform other backup-related tasks (those t= hat cannot be done via SSH) In item #1 - the new VM deployment involved usage of root/sudo. In item #2 - certain tasks that are performed via API also require root/sud= o. We have managed to move those to the SSH part of the workflow, so now us= ers can use one non-root account to perform all necessary operations (inste= ad of using root or having to use two separate accounts). We think that in future there might be a situation where we might need a su= peruser level of privileges while accessing the API, and there will be no w= orkaround to move the operation to the SSH part of the workflow. This will = result in forcing our joint users to use 'root' account again, which they h= ate to do and also deem as an not secure practice. I hope that helps. If there is anything else what we could do from out side= please let me know. Thanks! -----Original Message----- From: Fiona Ebner Sent: Friday, September 13, 2024 09:59 To: Proxmox VE development discussion Cc: Pavel Tide Subject: Re: [pve-devel] Bug 2582 roadmap Hi Pavel, Am 10.09.24 um 12:18 schrieb Pavel Tide via pve-devel: > Hi Proxmox team, > > Would you provide any delivery estimates on this item? > https://bugz/ > illa.proxmox.com%2Fshow_bug.cgi%3Fid%3D2582&data=3D05%7C02%7CPavel.TIde% > 40veeam.com%7C9fbe3a27cdb746e4522e08dcd3c9f802%7Cba07baab431b49edadd7c > bc3542f5140%7C1%7C0%7C638618111644860239%7CUnknown%7CTWFpbGZsb3d8eyJWI > joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7 > C%7C&sdata=3DrnV7UTTM7GUpysGbgpLRfGDOA7xtwoACZXoq7N9anNg%3D&reserved=3D0 > > As far as I understand it's been implemented already, but currently stays= in the development branch - our lab is up to date and yet we don't see how= we can create a separate non-root account to work with PVE cluster. > a patch series had been proposed, but the implementation was not finished A= FAIK, see Fabian's review[0]. Since Oguz left the company, nobody else has = picked up work on the series yet. Maybe you can describe what exactly your = use case is, which privileges you'd need in particular. Of course, proposin= g patches for what you need (or a rebased version of Oguz's full series) is= welcome too :) [0]: https://lore.proxmox.com/pve-devel/1658908014.zeyifvlr1o.astroid@nora.none/ Best Regards, Fiona --===============4002271453850884623== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel --===============4002271453850884623==--