ZFS over iSCSI fetches information about the disk-images via ssh, thus
the obtainted data is tainted (perlsec (1)).
Since pvedaemon runs with '-T' enabled trying to start a VM via GUI/API failed,
while it still worked via `qm` or `pvesh`.
The issue surfaced after commit cb9db10c1a9855cf40ff13e81f9dd97d6a9b2698 in
pve-common ('run_command: improve performance for logging and long lines'),
and results from concatenating the original (tainted) buffer to a variable,
instead of a captured subgroup.
Untainting the value in ZFSPlugin should not cause any regressiosn, since the
other 3 target providers already have a match on '\d+' for retrieving the
lun number.
reported via pve-user [0].
reproduced and tested by setting up a LIO-target (on top of a virtual PVE),
adding it as storage and trying to start a guest (with a disk on the
ZFS over iSCSI storage) with `perl -T /usr/sbin/qm start $vmid`
[0] https://lists.proxmox.com/pipermail/pve-user/2020-October/172055.html
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
We can use 'list_images' to get the desired volume IDs in
'find_free_diskname' for most plugins. For the two LVM plugins, 'list_images'
potentially skips untagged volumes, so we keep the custom version. For the
RBD plugin, 'list_images' is much more costly than the custom version, so we
keep the custom version.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
The common ZFSPlugin was missing volume name parsing
in a few places. This was not a problem for standard
volumes, but broke functionnalities (like resize,
snapshot, rollback) with linked clones as the name of
the zvol must be extracted from the entry in the config
(remove base-X-disk-Y prefix)
Signed-off-by: Daniel Berteaud <daniel@firewall-services.com>
Introducing LIO/targetcli support allowing to use recent linux
distributions as iSCSI targets for ZFS volumes.
In order for this to work, two preconditions have to be met:
1. the portal has to be set up correctly using targetcli
2. the initiator has to be authorized to connect to the target
based on the initiator's InitiatorName
When adding a LIO iSCSI target, a new "LIO target portal group" field needs
to be correctly populated in the "Add: ZFS over iSCSI" popup, containing the
fitting "LIO target portal group" name (typically something like 'tpg1').
Signed-Off-By: Udo Rader <udo.rader@bestsolution.at>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Takes an operation, an optional requested bandwidth
limit override, and a list of storages involved in the
operation and lowers the requested bandwidth against global
and storage-specific limits unless the user has permissions
to change those.
This means:
* Global limits apply to all users without Sys.Modify on /
(as they can change datacenter.cfg options via the API).
* Storage specific limits apply to users without
Datastore.Allocate access on /storage/X for any involved
storage X.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
I converted several zfs_request($class, ...) calls to $class->zfs_request(...) calls in ZFSPoolPlugin.pm and removed a superfluous $class parameter in ZFSPlugin.pm.
Fixes#816
Signed-off-by: Phillip Schichtel <phillip.public@schich.tel>
add method volume_rollback_is_possible and redactor
Improve error handling
If snapshot is not reversible catch it before vm will lock and shutdown.
This is the case if zfs has an younger snapshot.
Signed-off-by: Wolfgang Link <w.link@proxmox.com>
Turned out it makes no sense to duplicated DirPlugin features. So I
also changed the name to make it less confusing. So we can only
create zvols inside a zfs pool with this plugin.
Currently vmstate snapshot with rbd have wrong name,
because rbd alloc_image don't care if $name is provided
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
