Mirrors/ProxMenux
1
0
Fork 0
mirror of https://github.com/MacRimi/ProxMenux.git synced 2026-04-25 00:46:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update scripts

Browse Source
This commit is contained in:
MacRimi
2026-04-12 20:32:34 +02:00
parent 4fa4bbb08b
commit 4843fae0eb
47 changed files with 8313 additions and 3014 deletions
Download Patch File Download Diff File Expand all files Collapse all files

385
scripts/global/disk_ops_helpers.sh Normal file
View File

@@ -0,0 +1,385 @@
#!/usr/bin/env bash
# ==========================================================
# ProxMenux - Disk Operations Helpers
# ==========================================================
# Author : MacRimi
# Copyright : (c) 2024 MacRimi
# License : MIT
# Version : 1.0
# Last Updated: 11/04/2026
# ==========================================================
# Shared low-level disk operations: wipe, partition, format.
# Consumed by format-disk.sh, disk_host.sh and future scripts.
#
# Output variables (set by helpers, read by callers):
# DOH_CREATED_PARTITION — partition path set by doh_create_partition()
# DOH_PARTITION_ERROR_DETAIL — error detail set by doh_create_partition()
# ==========================================================
if [[ -n "${__PROXMENUX_DISK_OPS_HELPERS__}" ]]; then
return 0
fi
__PROXMENUX_DISK_OPS_HELPERS__=1
# shellcheck disable=SC2034 # these are output variables read by callers (format-disk.sh, disk_host.sh)
DOH_CREATED_PARTITION=""
DOH_PARTITION_ERROR_DETAIL=""
DOH_FORMAT_ERROR_DETAIL=""
DOH_WIPE_ERROR_DETAIL=""
# Internal: print progress lines only when explicitly enabled by caller.
# Enabled with: export DOH_SHOW_PROGRESS=1
_doh_progress() {
[[ "${DOH_SHOW_PROGRESS:-0}" == "1" ]] || return 0
echo -e "${TAB}${YW}${HOLD}$*${CL}"
}
# Internal: collect command stdout with timeout protection (best-effort).
# Usage: _doh_collect_cmd <seconds> <cmd> [args...]
_doh_collect_cmd() {
local seconds="$1"
shift
if command -v timeout >/dev/null 2>&1; then
timeout --kill-after=2 "${seconds}s" "$@" 2>/dev/null || true
else
"$@" 2>/dev/null || true
fi
}
# Internal: run a command with a timeout, suppressing all output including
# the bash "Killed" job notification that leaks when --kill-after re-raises
# SIGKILL. Plain SIGTERM is not enough for processes stuck in kernel D-state
# (uninterruptible I/O wait on a busy ZFS/LVM disk), so --kill-after=2 is
# needed. The notification is suppressed by temporarily redirecting the
# current shell's stderr with exec before the call and restoring it after.
# Usage: _doh_run_quick_cmd <seconds> <cmd> [args...]
_doh_run_quick_cmd() {
local seconds="$1"
shift
if command -v timeout >/dev/null 2>&1; then
local _saved_stderr
exec {_saved_stderr}>&2 2>/dev/null
timeout --kill-after=2 "${seconds}s" "$@" >/dev/null 2>&1
local rc=$?
exec 2>&"${_saved_stderr}" {_saved_stderr}>&-
return $rc
fi
"$@" >/dev/null 2>&1
}
# Internal: unmount all ZFS datasets then export (or destroy) any ZFS pools
# whose vdevs live on <disk>. Called at the very start of doh_wipe_disk so
# ZFS fully releases the device before wipefs/sgdisk/partprobe touch it.
# If the pool is still held after export, processes on it will be in D-state
# and --kill-after in _doh_run_quick_cmd handles the force-kill.
_doh_release_zfs_pools() {
local disk="$1"
command -v zpool >/dev/null 2>&1 || return 0
local pool_name dev resolved base parent
while read -r pool_name; do
[[ -z "$pool_name" ]] && continue
local found=false
while read -r dev; do
[[ -z "$dev" ]] && continue
if [[ "$dev" == /dev/* ]]; then
resolved=$(readlink -f "$dev" 2>/dev/null)
elif [[ -e "/dev/disk/by-id/$dev" ]]; then
resolved=$(readlink -f "/dev/disk/by-id/$dev" 2>/dev/null)
elif [[ -e "/dev/$dev" ]]; then
resolved=$(readlink -f "/dev/$dev" 2>/dev/null)
else
continue
fi
[[ -z "$resolved" ]] && continue
base=$(lsblk -no PKNAME "$resolved" 2>/dev/null)
parent="${base:+/dev/$base}"
[[ -z "$parent" ]] && parent="$resolved"
if [[ "$parent" == "$disk" || "$resolved" == "$disk" ]]; then
found=true; break
fi
done < <(_doh_collect_cmd 12 zpool list -v -H "$pool_name" | awk '{print $1}' | \
grep -v '^-' | grep -v '^mirror' | grep -v '^raidz' | \
grep -v "^${pool_name}$")
if $found; then
_doh_progress "- Releasing active ZFS pool: $pool_name"
# Unmount all datasets (reverse order: deepest first)
if command -v zfs >/dev/null 2>&1; then
while read -r ds; do
[[ -z "$ds" ]] && continue
timeout 10s zfs unmount -f "$ds" >/dev/null 2>&1 || true
done < <(_doh_collect_cmd 10 zfs list -H -o name -r "$pool_name" | sort -r)
fi
# Export the pool so the kernel releases the block device
timeout 30s zpool export -f "$pool_name" >/dev/null 2>&1 || true
# Wait for udev to finish processing the device release
udevadm settle --timeout=5 >/dev/null 2>&1 || true
sleep 1
fi
done < <(_doh_collect_cmd 8 zpool list -H -o name)
}
# Internal: run a partitioning command with timeout, appending combined output to a file.
# Usage: _doh_part_cmd <seconds> <outfile> <cmd> [args...]
_doh_part_cmd() {
local secs="$1" outfile="$2"
shift 2
if command -v timeout >/dev/null 2>&1; then
timeout --kill-after=3 "${secs}s" "$@" >>"$outfile" 2>&1
else
"$@" >>"$outfile" 2>&1
fi
}
# doh_wipe_disk <disk>
# Unmounts all partitions, deactivates swap, wipes all filesystem metadata
# and partition tables (wipefs + sgdisk + dd first/last 16 MiB).
# Never fails — all sub-commands run with "|| true".
doh_wipe_disk() {
local disk="$1"
local node mountpoint total_sectors seek_sectors discard_max base
DOH_WIPE_ERROR_DETAIL=""
_doh_progress "[1/8] Preparing disk $disk"
# Optional heavy release flow (disabled by default to avoid hangs in busy hosts).
if [[ "${DOH_ENABLE_STACK_RELEASE:-0}" == "1" ]]; then
# Release any ZFS pools using this disk so the kernel lets go of it
_doh_release_zfs_pools "$disk"
# Deactivate any LVM VGs backed by this disk
if command -v vgchange >/dev/null 2>&1; then
local pv rp vg
while read -r pv; do
rp=$(readlink -f "$pv" 2>/dev/null)
base=$(lsblk -no PKNAME "${rp:-$pv}" 2>/dev/null)
if [[ "/dev/${base}" == "$disk" || "$rp" == "$disk" ]]; then
vg=$(_doh_collect_cmd 8 pvs --noheadings -o vg_name "${rp:-$pv}" | xargs)
[[ -n "$vg" ]] && _doh_run_quick_cmd 8 vgchange -an "$vg" || true
fi
done < <(_doh_collect_cmd 8 pvs --noheadings -o pv_name | xargs -r -n1)
fi
fi
# Unmount all partitions
_doh_progress "[2/8] Unmounting partitions"
while read -r node mountpoint; do
[[ -z "$node" || -z "$mountpoint" ]] && continue
_doh_run_quick_cmd 8 umount -f "$node" || true
done < <(lsblk -lnpo NAME,MOUNTPOINT "$disk" 2>/dev/null | awk 'NR>1 && $2!="" {print $1" "$2}')
# Deactivate swap
_doh_progress "[3/8] Disabling swap signatures"
while read -r node; do
[[ -z "$node" ]] && continue
_doh_run_quick_cmd 8 swapoff "$node" || true
done < <(lsblk -lnpo NAME "$disk" 2>/dev/null | awk 'NR>1 {print $1}')
# Wipe filesystem signatures and RAID superblocks on every node
_doh_progress "[4/8] Removing filesystem/RAID signatures"
while read -r node; do
[[ -z "$node" ]] && continue
_doh_run_quick_cmd 10 wipefs -a -f "$node" || true
if command -v mdadm >/dev/null 2>&1; then
_doh_run_quick_cmd 8 mdadm --zero-superblock --force "$node" || true
fi
done < <(lsblk -lnpo NAME "$disk" 2>/dev/null)
# Zap partition table
_doh_progress "[5/8] Resetting partition table"
_doh_run_quick_cmd 12 sgdisk --zap-all "$disk" || true
# TRIM/discard if device supports it
_doh_progress "[6/8] Attempting discard/TRIM when supported"
discard_max=$(lsblk -dn -o DISC-MAX "$disk" 2>/dev/null | xargs)
if [[ -n "$discard_max" && "$discard_max" != "0B" && "$discard_max" != "0" ]]; then
_doh_run_quick_cmd 15 blkdiscard -f "$disk" || true
fi
# Zero first 16 MiB (destroys partition table / filesystem headers)
_doh_progress "[7/8] Zeroing first metadata region"
_doh_run_quick_cmd 20 dd if=/dev/zero of="$disk" bs=1M count=16 conv=fsync status=none || true
# Zero last 16 MiB (destroys backup GPT header)
_doh_progress "[8/8] Zeroing backup GPT region"
total_sectors=$(blockdev --getsz "$disk" 2>/dev/null || echo 0)
if [[ "$total_sectors" =~ ^[0-9]+$ ]] && (( total_sectors > 32768 )); then
seek_sectors=$(( total_sectors - 32768 ))
_doh_run_quick_cmd 20 dd if=/dev/zero of="$disk" bs=512 seek="$seek_sectors" count=32768 conv=fsync status=none || true
fi
udevadm settle --timeout=10 >/dev/null 2>&1 || true
_doh_run_quick_cmd 8 partprobe "$disk" || true
sleep 1
}
# doh_create_partition <disk>
# Creates a single GPT partition spanning the whole disk.
# Tries parted → sgdisk → sfdisk in order; stops at first success.
#
# On success: sets DOH_CREATED_PARTITION to the new partition path, returns 0.
# On failure: sets DOH_PARTITION_ERROR_DETAIL with tool diagnostics, returns 1.
doh_create_partition() {
local disk="$1"
local created=false tmp_out err_snippet
DOH_CREATED_PARTITION=""
DOH_PARTITION_ERROR_DETAIL=""
_doh_run_quick_cmd 5 blockdev --setrw "$disk" || true
# --- attempt 1: parted ---
if command -v parted >/dev/null 2>&1; then
tmp_out=$(mktemp)
if _doh_part_cmd 15 "$tmp_out" parted -s -f "$disk" mklabel gpt; then
if _doh_part_cmd 20 "$tmp_out" parted -s -f "$disk" mkpart primary 1MiB 100%; then
created=true
else
err_snippet=$(tr '\n' ' ' <"$tmp_out" | sed -E 's/[[:space:]]+/ /g; s/^ //; s/ $//')
DOH_PARTITION_ERROR_DETAIL+="parted mkpart: ${err_snippet:-no details}"$'\n'
fi
else
err_snippet=$(tr '\n' ' ' <"$tmp_out" | sed -E 's/[[:space:]]+/ /g; s/^ //; s/ $//')
DOH_PARTITION_ERROR_DETAIL+="parted mklabel: ${err_snippet:-no details}"$'\n'
fi
rm -f "$tmp_out"
else
DOH_PARTITION_ERROR_DETAIL+="parted command not found"$'\n'
fi
# --- attempt 2: sgdisk ---
if [[ "$created" != "true" ]] && command -v sgdisk >/dev/null 2>&1; then
tmp_out=$(mktemp)
_doh_run_quick_cmd 10 sgdisk --zap-all "$disk" || true
# sgdisk does not accept "1MiB" notation — use sector 2048 (= 1 MiB at 512 B/sector)
if _doh_part_cmd 20 "$tmp_out" sgdisk -o -n 1:2048:0 -t 1:8300 "$disk"; then
created=true
else
err_snippet=$(tr '\n' ' ' <"$tmp_out" | sed -E 's/[[:space:]]+/ /g; s/^ //; s/ $//')
DOH_PARTITION_ERROR_DETAIL+="sgdisk create: ${err_snippet:-no details}"$'\n'
fi
rm -f "$tmp_out"
elif [[ "$created" != "true" ]]; then
DOH_PARTITION_ERROR_DETAIL+="sgdisk command not found"$'\n'
fi
# --- attempt 3: sfdisk ---
if [[ "$created" != "true" ]] && command -v sfdisk >/dev/null 2>&1; then
tmp_out=$(mktemp)
local sfdisk_ok=1
if command -v timeout >/dev/null 2>&1; then
printf 'label: gpt\n,;\n' | timeout --kill-after=3 20s sfdisk --wipe always "$disk" >>"$tmp_out" 2>&1
sfdisk_ok=$?
else
printf 'label: gpt\n,;\n' | sfdisk --wipe always "$disk" >>"$tmp_out" 2>&1
sfdisk_ok=$?
fi
if [[ $sfdisk_ok -eq 0 ]]; then
created=true
else
err_snippet=$(tr '\n' ' ' <"$tmp_out" | sed -E 's/[[:space:]]+/ /g; s/^ //; s/ $//')
DOH_PARTITION_ERROR_DETAIL+="sfdisk create: ${err_snippet:-no details}"$'\n'
fi
rm -f "$tmp_out"
elif [[ "$created" != "true" ]]; then
DOH_PARTITION_ERROR_DETAIL+="sfdisk command not found"$'\n'
fi
[[ "$created" == "true" ]] || return 1
# Wait for the kernel to expose the new partition node
udevadm settle --timeout=10 >/dev/null 2>&1 || true
_doh_run_quick_cmd 8 partprobe "$disk" || true
local part
for _ in {1..15}; do
sleep 0.3
part=$(lsblk -lnpo NAME "$disk" 2>/dev/null | awk 'NR==2{print; exit}')
if [[ -n "$part" && -b "$part" ]]; then
DOH_CREATED_PARTITION="$part"
return 0
fi
done
# Fallback: derive partition name from disk path (handles NVMe p-suffix)
local fallback
if [[ "$disk" =~ [0-9]$ ]]; then
fallback="${disk}p1"
else
fallback="${disk}1"
fi
if [[ -b "$fallback" ]]; then
DOH_CREATED_PARTITION="$fallback"
return 0
fi
DOH_PARTITION_ERROR_DETAIL+="partition node not detected after table refresh"$'\n'
return 1
}
# doh_format_partition <partition> <filesystem> [label] [zfs_pool_name] [zfs_mountpoint]
#
# Formats <partition> with <filesystem>.
# label : optional FS label for ext4/xfs/btrfs (ignored for ZFS)
# zfs_pool_name : required when filesystem=zfs; defaults to label if empty
# zfs_mountpoint : ZFS pool mountpoint (default: "none" — no automatic mount)
#
# On failure: sets DOH_FORMAT_ERROR_DETAIL with tool diagnostics.
# Returns 0 on success, 1 on failure.
doh_format_partition() {
local partition="$1"
local filesystem="$2"
local label="${3:-}"
local zfs_pool="${4:-}"
local zfs_mountpoint="${5:-none}"
local tmp_out rc=1
DOH_FORMAT_ERROR_DETAIL=""
tmp_out=$(mktemp)
case "$filesystem" in
ext4)
if [[ -n "$label" ]]; then
mkfs.ext4 -F -L "$label" "$partition" >"$tmp_out" 2>&1; rc=$?
else
mkfs.ext4 -F "$partition" >"$tmp_out" 2>&1; rc=$?
fi
;;
xfs)
if [[ -n "$label" ]]; then
mkfs.xfs -f -L "$label" "$partition" >"$tmp_out" 2>&1; rc=$?
else
mkfs.xfs -f "$partition" >"$tmp_out" 2>&1; rc=$?
fi
;;
exfat)
mkfs.exfat "$partition" >"$tmp_out" 2>&1; rc=$?
;;
btrfs)
if [[ -n "$label" ]]; then
mkfs.btrfs -f -L "$label" "$partition" >"$tmp_out" 2>&1; rc=$?
else
mkfs.btrfs -f "$partition" >"$tmp_out" 2>&1; rc=$?
fi
;;
zfs)
[[ -z "$zfs_pool" ]] && zfs_pool="${label:-pool}"
zpool labelclear -f "$partition" >/dev/null 2>&1 || true
zpool create -f -o ashift=12 \
-O compression=lz4 -O atime=off -O xattr=sa -O acltype=posixacl \
-m "$zfs_mountpoint" "$zfs_pool" "$partition" >"$tmp_out" 2>&1
rc=$?
;;
*)
echo "Unknown filesystem: $filesystem" >"$tmp_out"
rc=1
;;
esac
if [[ $rc -ne 0 ]]; then
DOH_FORMAT_ERROR_DETAIL=$(tr '\n' ' ' <"$tmp_out" | sed -E 's/[[:space:]]+/ /g; s/^ //; s/ $//')
fi
rm -f "$tmp_out"
return $rc
}

8
scripts/global/gpu_hook_guard_helpers.sh
View File

@@ -222,9 +222,9 @@ attach_proxmenux_gpu_guard_to_vm() {
fi
if qm set "$vmid" --hookscript "$PROXMENUX_GPU_HOOK_STORAGE_REF" >/dev/null 2>&1; then
_gpu_guard_msg_ok "GPU guard hook attached to VM ${vmid}"
_gpu_guard_msg_ok "PCIe passthrough guard attached to VM ${vmid}"
else
_gpu_guard_msg_warn "Could not attach GPU guard hook to VM ${vmid}. Ensure 'local' storage supports snippets."
_gpu_guard_msg_warn "Could not attach PCIe passthrough guard to VM ${vmid}. Ensure 'local' storage supports snippets."
fi
}
@@ -239,9 +239,9 @@ attach_proxmenux_gpu_guard_to_lxc() {
fi
if pct set "$ctid" -hookscript "$PROXMENUX_GPU_HOOK_STORAGE_REF" >/dev/null 2>&1; then
_gpu_guard_msg_ok "GPU guard hook attached to LXC ${ctid}"
_gpu_guard_msg_ok "PCIe passthrough guard attached to LXC ${ctid}"
else
_gpu_guard_msg_warn "Could not attach GPU guard hook to LXC ${ctid}. Ensure 'local' storage supports snippets."
_gpu_guard_msg_warn "Could not attach PCIe passthrough guard to LXC ${ctid}. Ensure 'local' storage supports snippets."
fi
}

361
scripts/global/vm_storage_helpers.sh
View File

@@ -15,6 +15,66 @@ function _array_contains() {
return 1
}
function _vm_boot_order_add_unique() {
local arr_name="$1"
shift
local -n arr_ref="$arr_name"
local entry
for entry in "$@"; do
[[ -z "$entry" ]] && continue
_array_contains "$entry" "${arr_ref[@]}" || arr_ref+=("$entry")
done
}
function _vm_boot_order_join() {
local -a unique_entries=()
local entry
for entry in "$@"; do
[[ -z "$entry" ]] && continue
_array_contains "$entry" "${unique_entries[@]}" || unique_entries+=("$entry")
done
[[ ${#unique_entries[@]} -gt 0 ]] || return 0
local joined
joined=$(IFS=';'; echo "${unique_entries[*]}")
echo "$joined"
}
function _vm_boot_order_hostpci_entries_for_pcis() {
local vmid="$1"
shift
local cfg
cfg=$(qm config "$vmid" 2>/dev/null || true)
[[ -n "$cfg" ]] || return 0
local -a hostpci_entries=()
local pci bdf bdf_re slot_base slot_re line entry
for pci in "$@"; do
[[ -n "$pci" ]] || continue
bdf="${pci#0000:}"
bdf_re="${bdf//./\\.}"
line=$(grep -E "^hostpci[0-9]+:.*(0000:)?${bdf_re}([,[:space:]]|$)" <<< "$cfg" | head -n1)
if [[ -z "$line" ]]; then
slot_base="${bdf%.*}"
slot_re="${slot_base//./\\.}"
line=$(grep -E "^hostpci[0-9]+:.*(0000:)?${slot_re}(\\.[0-7])?([,[:space:]]|$)" <<< "$cfg" | head -n1)
fi
[[ -n "$line" ]] || continue
entry="${line%%:*}"
_array_contains "$entry" "${hostpci_entries[@]}" || hostpci_entries+=("$entry")
done
printf '%s\n' "${hostpci_entries[@]}"
}
function _vmids_scope_key() {
[[ "$#" -eq 0 ]] && { echo ""; return 0; }
printf '%s\n' "$@" | awk 'NF' | sort -u | paste -sd',' -
}
function _refresh_host_storage_cache() {
MOUNTED_DISKS=$(lsblk -ln -o NAME,MOUNTPOINT | awk '$2!="" {print "/dev/" $1}')
SWAP_DISKS=$(swapon --noheadings --raw --show=NAME 2>/dev/null)
@@ -23,17 +83,24 @@ function _refresh_host_storage_cache() {
ZFS_DISKS=""
local zfs_raw entry path base_disk
zfs_raw=$(zpool list -v -H 2>/dev/null | awk '{print $1}' | grep -v '^NAME$' | grep -v '^-' | grep -v '^mirror')
zfs_raw=$(zpool list -v -H 2>/dev/null | awk '{print $1}' | grep -v '^NAME$' | grep -v '^-' | grep -v '^mirror' | grep -v '^raidz')
for entry in $zfs_raw; do
path=""
if [[ "$entry" == wwn-* || "$entry" == ata-* ]]; then
[[ -e "/dev/disk/by-id/$entry" ]] && path=$(readlink -f "/dev/disk/by-id/$entry")
elif [[ "$entry" == /dev/* ]]; then
path="$entry"
if [[ "$entry" == /dev/* ]]; then
path=$(readlink -f "$entry" 2>/dev/null)
elif [[ -e "/dev/disk/by-id/$entry" ]]; then
path=$(readlink -f "/dev/disk/by-id/$entry" 2>/dev/null)
elif [[ -e "/dev/$entry" ]]; then
path=$(readlink -f "/dev/$entry" 2>/dev/null)
fi
if [[ -n "$path" ]]; then
base_disk=$(lsblk -no PKNAME "$path" 2>/dev/null)
[[ -n "$base_disk" ]] && ZFS_DISKS+="/dev/$base_disk"$'\n'
if [[ -n "$base_disk" ]]; then
ZFS_DISKS+="/dev/$base_disk"$'\n'
else
# Whole-disk vdev — path is already the resolved disk itself
ZFS_DISKS+="$path"$'\n'
fi
fi
done
ZFS_DISKS=$(echo "$ZFS_DISKS" | sort -u)
@@ -77,7 +144,7 @@ function _disk_is_host_system_used() {
DISK_USAGE_REASON="$(translate "Disk is part of host LVM")"
return 0
fi
if [[ -n "$ZFS_DISKS" && "$ZFS_DISKS" == *"$disk"* ]]; then
if [[ -n "$ZFS_DISKS" ]] && grep -qFx "$disk" <<< "$ZFS_DISKS"; then
DISK_USAGE_REASON="$(translate "Disk is part of a host ZFS pool")"
return 0
fi
@@ -86,23 +153,181 @@ function _disk_is_host_system_used() {
function _disk_used_in_guest_configs() {
local disk="$1"
local real_path
local real_path escaped
real_path=$(readlink -f "$disk" 2>/dev/null)
if [[ -n "$real_path" ]] && grep -Fq "$real_path" <<< "$CONFIG_DATA"; then
return 0
# Use boundary matching: path must be followed by comma, whitespace, or EOL
# This prevents /dev/sdb from falsely matching /dev/sdb1 or /dev/sdb2
if [[ -n "$real_path" ]]; then
escaped="${real_path//./\\.}"
if grep -qE "${escaped}(,|[[:space:]]|$)" <<< "$CONFIG_DATA"; then
return 0
fi
fi
local symlink
local symlink symlink_escaped
for symlink in /dev/disk/by-id/*; do
[[ -e "$symlink" ]] || continue
if [[ "$(readlink -f "$symlink")" == "$real_path" ]] && grep -Fq "$symlink" <<< "$CONFIG_DATA"; then
[[ "$(readlink -f "$symlink")" == "$real_path" ]] || continue
symlink_escaped="${symlink//./\\.}"
if grep -qE "${symlink_escaped}(,|[[:space:]]|$)" <<< "$CONFIG_DATA"; then
return 0
fi
done
return 1
}
# Returns 0 if the disk is referenced in a RUNNING VM or CT config.
# Mirrors _disk_used_in_guest_configs but checks guest status per-file.
function _disk_used_in_running_guest() {
local disk="$1"
local real_path
real_path=$(readlink -f "$disk" 2>/dev/null)
local -a aliases=()
[[ -n "$disk" ]] && aliases+=("$disk")
[[ -n "$real_path" && "$real_path" != "$disk" ]] && aliases+=("$real_path")
local symlink
for symlink in /dev/disk/by-id/*; do
[[ -e "$symlink" ]] || continue
[[ "$(readlink -f "$symlink" 2>/dev/null)" == "$real_path" ]] && aliases+=("$symlink")
done
local conf vmid alias escaped
for conf in /etc/pve/qemu-server/*.conf; do
[[ -f "$conf" ]] || continue
vmid=$(basename "$conf" .conf)
for alias in "${aliases[@]}"; do
escaped="${alias//./\\.}"
if grep -qE "${escaped}(,|[[:space:]]|$)" "$conf" 2>/dev/null; then
if qm status "$vmid" 2>/dev/null | grep -q "status: running"; then
return 0
fi
fi
done
done
local ctid
for conf in /etc/pve/lxc/*.conf; do
[[ -f "$conf" ]] || continue
ctid=$(basename "$conf" .conf)
for alias in "${aliases[@]}"; do
escaped="${alias//./\\.}"
if grep -qE "${escaped}(,|[[:space:]]|$)" "$conf" 2>/dev/null; then
if pct status "$ctid" 2>/dev/null | grep -q "status: running"; then
return 0
fi
fi
done
done
return 1
}
# Prints "VM:VMID" or "CT:CTID" for each stopped guest that references the disk.
function _disk_guest_ids() {
local disk="$1"
local real_path
real_path=$(readlink -f "$disk" 2>/dev/null)
local -a aliases=()
[[ -n "$disk" ]] && aliases+=("$disk")
[[ -n "$real_path" && "$real_path" != "$disk" ]] && aliases+=("$real_path")
local symlink
for symlink in /dev/disk/by-id/*; do
[[ -e "$symlink" ]] || continue
[[ "$(readlink -f "$symlink" 2>/dev/null)" == "$real_path" ]] && aliases+=("$symlink")
done
local conf vmid alias escaped
for conf in /etc/pve/qemu-server/*.conf; do
[[ -f "$conf" ]] || continue
vmid=$(basename "$conf" .conf)
for alias in "${aliases[@]}"; do
escaped="${alias//./\\.}"
if grep -qE "${escaped}(,|[[:space:]]|$)" "$conf" 2>/dev/null; then
echo "VM:$vmid"
break
fi
done
done
local ctid
for conf in /etc/pve/lxc/*.conf; do
[[ -f "$conf" ]] || continue
ctid=$(basename "$conf" .conf)
for alias in "${aliases[@]}"; do
escaped="${alias//./\\.}"
if grep -qE "${escaped}(,|[[:space:]]|$)" "$conf" 2>/dev/null; then
echo "CT:$ctid"
break
fi
done
done
}
# Print the slot names (e.g. sata0, scsi1) in a VM config that reference the disk.
function _find_disk_slots_in_vm() {
local vmid="$1"
local disk="$2"
local real_path conf
real_path=$(readlink -f "$disk" 2>/dev/null)
conf="/etc/pve/qemu-server/${vmid}.conf"
[[ -f "$conf" ]] || return
local -a aliases=("$disk")
[[ -n "$real_path" && "$real_path" != "$disk" ]] && aliases+=("$real_path")
local symlink
for symlink in /dev/disk/by-id/*; do
[[ -e "$symlink" ]] || continue
[[ "$(readlink -f "$symlink" 2>/dev/null)" == "$real_path" ]] && aliases+=("$symlink")
done
local key rest alias escaped
while IFS=: read -r key rest; do
key=$(echo "$key" | xargs)
[[ "$key" =~ ^(scsi|sata|ide|virtio)[0-9]+$ ]] || continue
for alias in "${aliases[@]}"; do
escaped="${alias//./\\.}"
if echo "$rest" | grep -qE "${escaped}(,|[[:space:]]|$)"; then
echo "$key"
break
fi
done
done < "$conf"
}
# Print the mp names (e.g. mp0, mp1) in a CT config that reference the disk.
function _find_disk_slots_in_ct() {
local ctid="$1"
local disk="$2"
local real_path conf
real_path=$(readlink -f "$disk" 2>/dev/null)
conf="/etc/pve/lxc/${ctid}.conf"
[[ -f "$conf" ]] || return
local -a aliases=("$disk")
[[ -n "$real_path" && "$real_path" != "$disk" ]] && aliases+=("$real_path")
local symlink
for symlink in /dev/disk/by-id/*; do
[[ -e "$symlink" ]] || continue
[[ "$(readlink -f "$symlink" 2>/dev/null)" == "$real_path" ]] && aliases+=("$symlink")
done
local key rest alias escaped
while IFS=: read -r key rest; do
key=$(echo "$key" | xargs)
[[ "$key" =~ ^mp[0-9]+$ ]] || continue
for alias in "${aliases[@]}"; do
escaped="${alias//./\\.}"
if echo "$rest" | grep -qE "${escaped}(,|[[:space:]]|$)"; then
echo "$key"
break
fi
done
done < "$conf"
}
function _controller_block_devices() {
local pci_full="$1"
local pci_root="/sys/bus/pci/devices/$pci_full"
@@ -137,6 +362,14 @@ function _vm_is_q35() {
[[ "$machine_line" == *q35* ]]
}
function _vm_storage_register_vfio_iommu_tool() {
local tools_json="${BASE_DIR:-/usr/local/share/proxmenux}/installed_tools.json"
command -v jq >/dev/null 2>&1 || return 0
[[ -f "$tools_json" ]] || echo "{}" > "$tools_json"
jq '.vfio_iommu=true' "$tools_json" > "$tools_json.tmp" \
&& mv "$tools_json.tmp" "$tools_json" || true
}
function _vm_storage_enable_iommu_cmdline() {
local cpu_vendor iommu_param
cpu_vendor=$(grep -m1 "vendor_id" /proc/cpuinfo 2>/dev/null | awk '{print $3}')
@@ -175,18 +408,28 @@ function _vm_storage_ensure_iommu_or_offer() {
local reboot_policy="${VM_STORAGE_IOMMU_REBOOT_POLICY:-ask_now}"
if declare -F _pci_is_iommu_active >/dev/null 2>&1 && _pci_is_iommu_active; then
_vm_storage_register_vfio_iommu_tool
return 0
fi
if grep -qE 'intel_iommu=on|amd_iommu=on' /proc/cmdline 2>/dev/null && \
[[ -d /sys/kernel/iommu_groups ]] && \
[[ -n "$(ls /sys/kernel/iommu_groups/ 2>/dev/null)" ]]; then
_vm_storage_register_vfio_iommu_tool
return 0
fi
# Wizard flow: if IOMMU was already configured in this run and reboot is pending,
# allow the user to continue planning storage selections without re-prompting.
if [[ "$reboot_policy" == "defer" && "${VM_STORAGE_IOMMU_PENDING_REBOOT:-0}" == "1" ]]; then
# Dedup: if IOMMU was already configured/announced in this wizard run, skip prompt
if [[ "${VM_STORAGE_IOMMU_PENDING_REBOOT:-0}" == "1" ]]; then
return 0
fi
# Detect if another script already wrote IOMMU params (e.g. GPU script ran first)
if grep -qE 'intel_iommu=on|amd_iommu=on' /etc/kernel/cmdline 2>/dev/null || \
grep -qE 'intel_iommu=on|amd_iommu=on' /etc/default/grub 2>/dev/null; then
_vm_storage_register_vfio_iommu_tool
VM_STORAGE_IOMMU_PENDING_REBOOT=1
export VM_STORAGE_IOMMU_PENDING_REBOOT
return 0
fi
@@ -206,6 +449,8 @@ function _vm_storage_ensure_iommu_or_offer() {
return 1
fi
_vm_storage_register_vfio_iommu_tool
if [[ "$reboot_policy" == "defer" ]]; then
VM_STORAGE_IOMMU_PENDING_REBOOT=1
export VM_STORAGE_IOMMU_PENDING_REBOOT
@@ -230,47 +475,71 @@ function _vm_storage_confirm_controller_passthrough_risk() {
local vmid="${1:-}"
local vm_name="${2:-}"
local title="${3:-Controller + NVMe}"
local ui_mode="${4:-auto}" # wizard | standalone | auto
local vm_label=""
if [[ -n "$vmid" ]]; then
vm_label="$vmid"
[[ -n "$vm_name" ]] && vm_label="${vm_label} (${vm_name})"
fi
local msg
msg="$(translate "Important compatibility notice")\n\n"
msg+="$(translate "Not all motherboards support physical Controller/NVMe passthrough to VMs reliably, especially systems with old platforms or limited BIOS/UEFI firmware.")\n\n"
msg+="$(translate "On some systems, the VM may fail to start or the host may freeze when the VM boots.")\n\n"
local reinforce_limited_firmware="no"
local bios_date bios_year current_year cpu_model
local bios_date bios_year current_year bios_age cpu_model risk_detail=""
bios_date=$(cat /sys/class/dmi/id/bios_date 2>/dev/null)
bios_year=$(echo "$bios_date" | grep -oE '[0-9]{4}' | tail -n1)
current_year=$(date +%Y 2>/dev/null)
if [[ -n "$bios_year" && -n "$current_year" ]]; then
if (( current_year - bios_year >= 7 )); then
bios_age=$(( current_year - bios_year ))
if (( bios_age >= 7 )); then
reinforce_limited_firmware="yes"
risk_detail="$(translate "BIOS from") ${bios_year} (${bios_age} $(translate "years old")) — $(translate "older firmware may increase passthrough instability")"
fi
fi
cpu_model=$(grep -m1 'model name' /proc/cpuinfo 2>/dev/null | cut -d: -f2- | xargs)
if echo "$cpu_model" | grep -qiE 'J4[0-9]{3}|J3[0-9]{3}|N4[0-9]{3}|N3[0-9]{3}|Apollo Lake'; then
reinforce_limited_firmware="yes"
[[ -z "$risk_detail" ]] && risk_detail="$(translate "Low-power CPU platform"): ${cpu_model}"
fi
if [[ "$reinforce_limited_firmware" == "yes" ]]; then
msg+="$(translate "Detected risk factor: this host may use an older or limited firmware platform, which increases passthrough instability risk.")\n\n"
if [[ "$ui_mode" == "auto" ]]; then
if [[ "${PROXMENUX_UI_MODE:-}" == "wizard" || "${WIZARD_CALL:-false}" == "true" ]]; then
ui_mode="wizard"
else
ui_mode="standalone"
fi
fi
if [[ -n "$vm_label" ]]; then
msg+="$(translate "Target VM"): ${vm_label}\n\n"
fi
msg+="$(translate "If this happens after assignment"):\n"
msg+=" - $(translate "Power cycle the host if it is frozen.")\n"
msg+=" - $(translate "Remove the hostpci controller/NVMe entries from the VM config file.")\n"
msg+=" /etc/pve/qemu-server/${vmid:-<VMID>}.conf\n"
msg+=" - $(translate "Start the VM again without that passthrough device.")\n\n"
msg+="$(translate "Do you want to continue with this assignment?")"
local height=20
[[ "$reinforce_limited_firmware" == "yes" ]] && height=23
whiptail --title "$title" --yesno "$msg" 21 96
if [[ "$ui_mode" == "wizard" ]]; then
# whiptail: plain text (no color codes)
local msg
[[ -n "$vm_label" ]] && msg+="$(translate "Target VM"): ${vm_label}\n\n"
msg+="$(translate "Controller/NVMe passthrough — compatibility notice")\n\n"
msg+="$(translate "Not all platforms support Controller/NVMe passthrough reliably.")\n"
msg+="$(translate "On some systems, when starting the VM the host may slow down for several minutes until it stabilizes, or freeze completely.")\n"
if [[ "$reinforce_limited_firmware" == "yes" && -n "$risk_detail" ]]; then
msg+="\n$(translate "Detected risk factor"): ${risk_detail}\n"
fi
msg+="\n$(translate "If the host freezes, remove hostpci entries from") /etc/pve/qemu-server/${vmid:-<VMID>}.conf\n"
msg+="\n$(translate "Do you want to continue?")"
whiptail --title "$title" --yesno "$msg" $height 96
else
# dialog: colored format matching add_controller_nvme_vm.sh
local msg
[[ -n "$vm_label" ]] && msg+="\n\Zb$(translate "Target VM"): ${vm_label}\Zn\n"
msg+="\n\Zb\Z4⚠ $(translate "Controller/NVMe passthrough — compatibility notice")\Zn\n\n"
msg+="$(translate "Not all platforms support Controller/NVMe passthrough reliably.")\n"
msg+="$(translate "On some systems, when starting the VM the host may slow down for several minutes until it stabilizes, or freeze completely.")\n"
if [[ "$reinforce_limited_firmware" == "yes" && -n "$risk_detail" ]]; then
msg+="\n\Z1$(translate "Detected risk factor"): ${risk_detail}\Zn\n"
fi
msg+="\n$(translate "If the host freezes, remove hostpci entries from") /etc/pve/qemu-server/${vmid:-<VMID>}.conf\n"
msg+="\n\Zb$(translate "Do you want to continue?")\Zn"
dialog --backtitle "ProxMenux" --colors \
--title "$title" \
--yesno "$msg" $height 96
fi
}
function _shorten_text() {
@@ -284,6 +553,30 @@ function _shorten_text() {
fi
}
function _pci_storage_display_name() {
local pci_full="$1"
local raw_line name_part
raw_line=$(lspci -nn -s "${pci_full#0000:}" 2>/dev/null | sed 's/^[^ ]* //')
if [[ -z "$raw_line" ]]; then
translate "Unknown storage controller"
return 0
fi
# Prefer the right side after class prefix (e.g. "...: Vendor Model ...").
name_part="${raw_line#*: }"
[[ "$name_part" == "$raw_line" ]] && name_part="$raw_line"
# Remove noisy suffixes while keeping the meaningful model name.
name_part="${name_part%% (rev *}"
name_part=$(echo "$name_part" | sed -E 's/\[[0-9a-fA-F]{4}:[0-9a-fA-F]{4}\]//g')
name_part=$(echo "$name_part" | sed -E 's/ Technology Inc\.?//g; s/ Corporation//g; s/ Co\., Ltd\.?//g')
name_part=$(echo "$name_part" | sed -E 's/[[:space:]]+/ /g; s/^ +| +$//g')
[[ -z "$name_part" ]] && name_part="$raw_line"
echo "$name_part"
}
function _pci_slot_base() {
local pci_full="$1"
local slot