From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 543671FF14C for ; Fri, 15 May 2026 09:47:14 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2F596E8AE; Fri, 15 May 2026 09:47:14 +0200 (CEST) From: Thomas Lamprecht To: pdm-devel@lists.proxmox.com Subject: [PATCH datacenter-manager v3 07/12] docs: add subscription registry chapter Date: Fri, 15 May 2026 09:43:17 +0200 Message-ID: <20260515074623.766766-8-t.lamprecht@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260515074623.766766-1-t.lamprecht@proxmox.com> References: <20260515074623.766766-1-t.lamprecht@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1778831192671 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.003 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: VKJBNVRIM4TZGKWLUXOL63NAS2SBYWGI X-Message-ID-Hash: VKJBNVRIM4TZGKWLUXOL63NAS2SBYWGI X-MailFrom: t.lamprecht@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Cover the Subscription Registry view and the actions it exposes, together with the permission model the registry enforces. Signed-off-by: Thomas Lamprecht --- Changes v2 -> 3: * Picks up the renamed Discard Pending button (was Clear Pending in v2). * Action paragraphs for Clear Key, Adopt Key / Adopt All, and Check Subscription are added incrementally in their respective per-feature commits, not here. docs/index.rst | 1 + docs/subscription-registry.rst | 55 ++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 docs/subscription-registry.rst diff --git a/docs/index.rst b/docs/index.rst index 2fc8a5dc..2aaf86ea 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -27,6 +27,7 @@ in the section entitled "GNU Free Documentation License". remotes.rst automated-installations.rst views.rst + subscription-registry.rst access-control.rst sysadmin.rst faq.rst diff --git a/docs/subscription-registry.rst b/docs/subscription-registry.rst new file mode 100644 index 00000000..f1e6fd5b --- /dev/null +++ b/docs/subscription-registry.rst @@ -0,0 +1,55 @@ +Subscription Registry +===================== + +The subscription registry maintains a central pool of Proxmox VE and Proxmox Backup Server +subscription keys and lets an administrator assign them to remote nodes from a single place, without +having to select and configure a key for all remote nodes individually. + +Key Pool +-------- + +The pool accepts Proxmox VE and Proxmox Backup Server keys; other key prefixes are rejected so that +a new product type is noticed instead of silently parking unusable entries. Each entry records its +origin and the optional remote node it has been assigned to. + +Keys can be added in bulk from the web interface or with the ``proxmox-datacenter-client +subscriptions add-keys`` command. The Add dialog takes multiple keys, separated by newlines or +commas, and validates the whole batch atomically. + +Node Subscription Status +------------------------ + +The Node Subscription Status panel shows the live subscription state of every node behind a +configured remote alongside any pending plan from the pool. Nodes that already hold a key the +registry assigned appear with the live level; nodes with a pending pool assignment show a clock +icon until the change is pushed to the remote. + +From this view an operator can clear a pending assignment or remove the key from the pool entirely, +which is convenient when a node is known to be wrong without first having to find the matching entry +on the key list. + +Assignment +---------- + +A key can be pinned to a single node manually. + +The Auto-Assign action proposes a plan that fills unsubscribed nodes from free pool keys. For +Proxmox VE, the smallest covering key by socket count is chosen, so a 4-socket key is not used on a +2-socket host while a larger host stays unsubscribed. + +The proposed plan can be inspected before it is applied. Apply Pending pushes the queued keys to +their target nodes; if a push fails the remaining queue is kept intact for retry. Discard Pending +drops the plan without touching any remote. + +Permissions +----------- + +Listing the pool and the node status view follows the regular audit privileges on each affected +remote. Pool entries pinned to a remote the operator has no audit privilege on are hidden from +the listing; unbound entries stay visible to anyone with the system-scope audit privilege. + +Any mutating action on a pool entry or its remote binding requires the matching resource +privilege on the target remote in addition to the system-scope MODIFY privilege, so an +operator with global system access alone cannot drive changes against remotes they have no +other authority on. Auto-Assign skips remotes the caller cannot modify, so a previewed plan +never silently commits an assignment on a remote the operator only had audit on. -- 2.47.3