From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 4E628696C1 for ; Mon, 13 Sep 2021 18:01:00 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4C6592C770 for ; Mon, 13 Sep 2021 18:01:00 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 8D3B42C767 for ; Mon, 13 Sep 2021 18:00:59 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 65B9B44669 for ; Mon, 13 Sep 2021 18:00:59 +0200 (CEST) From: Dylan Whyte To: pve-devel@lists.proxmox.com Date: Mon, 13 Sep 2021 18:00:36 +0200 Message-Id: <20210913160036.148321-2-d.whyte@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210913160036.148321-1-d.whyte@proxmox.com> References: <20210913160036.148321-1-d.whyte@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.499 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH pve-docs 2/2] pmxcfs: add more config files and discuss symlinks X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2021 16:01:00 -0000 adds an entry for some config files found in /etc/pve, which were missing. alphabetize the list, for better readability and add some minor fixes also adds an introduction section to the symbolic links section, to clarify that they're specific to each host Signed-off-by: Dylan Whyte --- pmxcfs.adoc | 52 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 16 deletions(-) diff --git a/pmxcfs.adoc b/pmxcfs.adoc index c0327a2..1dc1c0d 100644 --- a/pmxcfs.adoc +++ b/pmxcfs.adoc @@ -93,32 +93,52 @@ Files [width="100%",cols="m,d"] |======= -|`corosync.conf` | Corosync cluster configuration file (previous to {pve} 4.x this file was called cluster.conf) -|`storage.cfg` | {pve} storage configuration -|`datacenter.cfg` | {pve} datacenter wide configuration (keyboard layout, proxy, ...) -|`user.cfg` | {pve} access control configuration (users/groups/...) +|`authkey.pub` | Public key used by the ticket system +|`ceph.conf` | Ceph configuration file (note: /etc/ceph/ceph.conf is a symbolic link to this) +|`corosync.conf` | Corosync cluster configuration file (prior to {pve} 4.x, this file was called cluster.conf) +|`datacenter.cfg` | {pve} data center-wide configuration (keyboard layout, proxy, ...) |`domains.cfg` | {pve} authentication domains -|`status.cfg` | {pve} external metrics server configuration -|`authkey.pub` | Public key used by ticket system -|`pve-root-ca.pem` | Public certificate of cluster CA -|`priv/shadow.cfg` | Shadow password file -|`priv/authkey.key` | Private key used by ticket system -|`priv/pve-root-ca.key` | Private key of cluster CA -|`nodes//pve-ssl.pem` | Public SSL certificate for web server (signed by cluster CA) +|`firewall/cluster.fw` | Firewall configuration applied to all nodes +|`firewall/.fw` | Firewall configuration for individual nodes +|`firewall/.fw` | Firewall configuration for VMs and containers +|`ha/crm_commands` | Displays HA operations that are currently being carried out by the CRM +|`ha/manager_status` | JSON-formatted information regarding HA services on the cluster +|`ha/resources.cfg` | Resources managed by high availability, and their current state +|`nodes//config` | Node-specific configuration +|`nodes//lxc/.conf` | VM configuration data for LXC containers |`nodes//pve-ssl.key` | Private SSL key for `pve-ssl.pem` -|`nodes//pveproxy-ssl.pem` | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`) +|`nodes//pve-ssl.pem` | Public SSL certificate for web server (signed by cluster CA) |`nodes//pveproxy-ssl.key` | Private SSL key for `pveproxy-ssl.pem` (optional) +|`nodes//pveproxy-ssl.pem` | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`) |`nodes//qemu-server/.conf` | VM configuration data for KVM VMs -|`nodes//lxc/.conf` | VM configuration data for LXC containers -|`firewall/cluster.fw` | Firewall configuration applied to all nodes -|`firewall/.fw` | Firewall configuration for individual nodes -|`firewall/.fw` | Firewall configuration for VMs and Containers +|`priv/authkey.key` | Private key used by ticket system +|`priv/authorized_keys` | SSH keys of cluster members for authentication +|`priv/ceph*` | Ceph authentication keys and associated capabilities +|`priv/known_hosts` | SSH keys of the cluster members for verification +|`priv/lock/*` | Lock files used by various services to ensure safe cluster-wide operations +|`priv/pve-root-ca.key` | Private key of cluster CA +|`priv/shadow.cfg` | Shadow password file for PVE Realm users +|`priv/storage/.pw` | Contains the password of a storage in plain text +|`priv/tfa.cfg` | Base64-encoded two-factor authentication configuration +|`priv/token.cfg` | API token secrets of all tokens +|`pve-root-ca.pem` | Public certificate of cluster CA +|`pve-www.key` | Private key used for generating CSRF tokens +|`sdn/*` | Shared configuration files for Software Defined Networking (SDN) +|`status.cfg` | {pve} external metrics server configuration +|`storage.cfg` | {pve} storage configuration +|`user.cfg` | {pve} access control configuration (users/groups/...) +|`virtual-guest/cpu-models.conf` | For storing custom CPU models +|`vzdump.cron` | Cluster-wide vzdump backup-job schedule |======= Symbolic links ~~~~~~~~~~~~~~ +Certain directories within the cluster file system use symbolic links, in order +to point to a node's own configuration files. Thus, the files pointed to in the +table below refer to different files on each node of the cluster. + [width="100%",cols="m,m"] |======= |`local` | `nodes/` -- 2.30.2