From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 1A81569AAB for ; Tue, 14 Sep 2021 18:15:16 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 11331FE63 for ; Tue, 14 Sep 2021 18:14:46 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 3787EFE56 for ; Tue, 14 Sep 2021 18:14:45 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 1029F44850 for ; Tue, 14 Sep 2021 18:14:45 +0200 (CEST) From: Dylan Whyte To: pve-devel@lists.proxmox.com Date: Tue, 14 Sep 2021 18:14:34 +0200 Message-Id: <20210914161434.176937-2-d.whyte@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210914161434.176937-1-d.whyte@proxmox.com> References: <20210914161434.176937-1-d.whyte@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.485 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [key.com, authkey.pub] Subject: [pve-devel] [PATCH v2 pve-docs 2/2] pmxcfs: add more config files and discuss symlinks X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2021 16:15:16 -0000 - adds an entry for some config files found in /etc/pve, which were missing. - alphabetize the lists, for better readability and add some minor fixes - also adds an introduction section to the symbolic links section, to clarify that they're specific to each host Signed-off-by: Dylan Whyte --- Thanks for the feedback @lorenz! changes v2: - alphabetize symlink list (forget this in v1) - as suggested by @lorenz, made mention of the openvz symlink/dir @thomas, while i also left the openvz dir out in the original patch due to the fact that it's pretty ancient, i guess it makes sense to mention it, as long as the directory exists. worst case scenario, it helps a curious user :) pmxcfs.adoc | 56 +++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 17 deletions(-) diff --git a/pmxcfs.adoc b/pmxcfs.adoc index 1fdf9cb..ea15559 100644 --- a/pmxcfs.adoc +++ b/pmxcfs.adoc @@ -93,37 +93,59 @@ Files [width="100%",cols="m,d"] |======= -|`corosync.conf` | Corosync cluster configuration file (previous to {pve} 4.x this file was called cluster.conf) -|`storage.cfg` | {pve} storage configuration -|`datacenter.cfg` | {pve} datacenter wide configuration (keyboard layout, proxy, ...) -|`user.cfg` | {pve} access control configuration (users/groups/...) +|`authkey.pub` | Public key used by the ticket system +|`ceph.conf` | Ceph configuration file (note: /etc/ceph/ceph.conf is a symbolic link to this) +|`corosync.conf` | Corosync cluster configuration file (prior to {pve} 4.x, this file was called cluster.conf) +|`datacenter.cfg` | {pve} data center-wide configuration (keyboard layout, proxy, ...) |`domains.cfg` | {pve} authentication domains -|`status.cfg` | {pve} external metrics server configuration -|`authkey.pub` | Public key used by ticket system -|`pve-root-ca.pem` | Public certificate of cluster CA -|`priv/shadow.cfg` | Shadow password file -|`priv/authkey.key` | Private key used by ticket system -|`priv/pve-root-ca.key` | Private key of cluster CA -|`nodes//pve-ssl.pem` | Public SSL certificate for web server (signed by cluster CA) +|`firewall/cluster.fw` | Firewall configuration applied to all nodes +|`firewall/.fw` | Firewall configuration for individual nodes +|`firewall/.fw` | Firewall configuration for VMs and containers +|`ha/crm_commands` | Displays HA operations that are currently being carried out by the CRM +|`ha/manager_status` | JSON-formatted information regarding HA services on the cluster +|`ha/resources.cfg` | Resources managed by high availability, and their current state +|`nodes//config` | Node-specific configuration +|`nodes//lxc/.conf` | VM configuration data for LXC containers +|`nodes//openvz/` | Prior to PVE 4.0, used for container configuration data (deprecated, removed soon) |`nodes//pve-ssl.key` | Private SSL key for `pve-ssl.pem` -|`nodes//pveproxy-ssl.pem` | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`) +|`nodes//pve-ssl.pem` | Public SSL certificate for web server (signed by cluster CA) |`nodes//pveproxy-ssl.key` | Private SSL key for `pveproxy-ssl.pem` (optional) +|`nodes//pveproxy-ssl.pem` | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`) |`nodes//qemu-server/.conf` | VM configuration data for KVM VMs -|`nodes//lxc/.conf` | VM configuration data for LXC containers -|`firewall/cluster.fw` | Firewall configuration applied to all nodes -|`firewall/.fw` | Firewall configuration for individual nodes -|`firewall/.fw` | Firewall configuration for VMs and Containers +|`priv/authkey.key` | Private key used by ticket system +|`priv/authorized_keys` | SSH keys of cluster members for authentication +|`priv/ceph*` | Ceph authentication keys and associated capabilities +|`priv/known_hosts` | SSH keys of the cluster members for verification +|`priv/lock/*` | Lock files used by various services to ensure safe cluster-wide operations +|`priv/pve-root-ca.key` | Private key of cluster CA +|`priv/shadow.cfg` | Shadow password file for PVE Realm users +|`priv/storage/.pw` | Contains the password of a storage in plain text +|`priv/tfa.cfg` | Base64-encoded two-factor authentication configuration +|`priv/token.cfg` | API token secrets of all tokens +|`pve-root-ca.pem` | Public certificate of cluster CA +|`pve-www.key` | Private key used for generating CSRF tokens +|`sdn/*` | Shared configuration files for Software Defined Networking (SDN) +|`status.cfg` | {pve} external metrics server configuration +|`storage.cfg` | {pve} storage configuration +|`user.cfg` | {pve} access control configuration (users/groups/...) +|`virtual-guest/cpu-models.conf` | For storing custom CPU models +|`vzdump.cron` | Cluster-wide vzdump backup-job schedule |======= Symbolic links ~~~~~~~~~~~~~~ +Certain directories within the cluster file system use symbolic links, in order +to point to a node's own configuration files. Thus, the files pointed to in the +table below refer to different files on each node of the cluster. + [width="100%",cols="m,m"] |======= |`local` | `nodes/` -|`qemu-server` | `nodes//qemu-server/` |`lxc` | `nodes//lxc/` +|`openvz` | `nodes//openvz/` (deprecated, removed soon) +|`qemu-server` | `nodes//qemu-server/` |======= -- 2.30.2