From: Lorenz Stechauner <l.stechauner@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Dylan Whyte <d.whyte@proxmox.com>
Subject: Re: [pve-devel] [PATCH pve-docs 2/2] pmxcfs: add more config files and discuss symlinks
Date: Tue, 14 Sep 2021 09:50:51 +0200 [thread overview]
Message-ID: <7ed50f2c-79bd-c041-c996-66219550c3ea@proxmox.com> (raw)
In-Reply-To: <20210913160036.148321-2-d.whyte@proxmox.com>
also looks good, one comment inline
On 13.09.21 18:00, Dylan Whyte wrote:
> adds an entry for some config files found in /etc/pve, which were
> missing.
> alphabetize the list, for better readability and add some minor fixes
> also adds an introduction section to the symbolic links section, to
> clarify that they're specific to each host
>
> Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
> ---
> pmxcfs.adoc | 52 ++++++++++++++++++++++++++++++++++++----------------
> 1 file changed, 36 insertions(+), 16 deletions(-)
>
> diff --git a/pmxcfs.adoc b/pmxcfs.adoc
> index c0327a2..1dc1c0d 100644
> --- a/pmxcfs.adoc
> +++ b/pmxcfs.adoc
> @@ -93,32 +93,52 @@ Files
>
> [width="100%",cols="m,d"]
> |=======
> -|`corosync.conf` | Corosync cluster configuration file (previous to {pve} 4.x this file was called cluster.conf)
> -|`storage.cfg` | {pve} storage configuration
> -|`datacenter.cfg` | {pve} datacenter wide configuration (keyboard layout, proxy, ...)
> -|`user.cfg` | {pve} access control configuration (users/groups/...)
> +|`authkey.pub` | Public key used by the ticket system
> +|`ceph.conf` | Ceph configuration file (note: /etc/ceph/ceph.conf is a symbolic link to this)
> +|`corosync.conf` | Corosync cluster configuration file (prior to {pve} 4.x, this file was called cluster.conf)
> +|`datacenter.cfg` | {pve} data center-wide configuration (keyboard layout, proxy, ...)
> |`domains.cfg` | {pve} authentication domains
> -|`status.cfg` | {pve} external metrics server configuration
> -|`authkey.pub` | Public key used by ticket system
> -|`pve-root-ca.pem` | Public certificate of cluster CA
> -|`priv/shadow.cfg` | Shadow password file
> -|`priv/authkey.key` | Private key used by ticket system
> -|`priv/pve-root-ca.key` | Private key of cluster CA
> -|`nodes/<NAME>/pve-ssl.pem` | Public SSL certificate for web server (signed by cluster CA)
> +|`firewall/cluster.fw` | Firewall configuration applied to all nodes
> +|`firewall/<NAME>.fw` | Firewall configuration for individual nodes
> +|`firewall/<VMID>.fw` | Firewall configuration for VMs and containers
> +|`ha/crm_commands` | Displays HA operations that are currently being carried out by the CRM
> +|`ha/manager_status` | JSON-formatted information regarding HA services on the cluster
> +|`ha/resources.cfg` | Resources managed by high availability, and their current state
> +|`nodes/<NAME>/config` | Node-specific configuration
> +|`nodes/<NAME>/lxc/<VMID>.conf` | VM configuration data for LXC containers
> |`nodes/<NAME>/pve-ssl.key` | Private SSL key for `pve-ssl.pem`
> -|`nodes/<NAME>/pveproxy-ssl.pem` | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`)
> +|`nodes/<NAME>/pve-ssl.pem` | Public SSL certificate for web server (signed by cluster CA)
> |`nodes/<NAME>/pveproxy-ssl.key` | Private SSL key for `pveproxy-ssl.pem` (optional)
> +|`nodes/<NAME>/pveproxy-ssl.pem` | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`)
> |`nodes/<NAME>/qemu-server/<VMID>.conf` | VM configuration data for KVM VMs
> -|`nodes/<NAME>/lxc/<VMID>.conf` | VM configuration data for LXC containers
> -|`firewall/cluster.fw` | Firewall configuration applied to all nodes
> -|`firewall/<NAME>.fw` | Firewall configuration for individual nodes
> -|`firewall/<VMID>.fw` | Firewall configuration for VMs and Containers
> +|`priv/authkey.key` | Private key used by ticket system
> +|`priv/authorized_keys` | SSH keys of cluster members for authentication
> +|`priv/ceph*` | Ceph authentication keys and associated capabilities
> +|`priv/known_hosts` | SSH keys of the cluster members for verification
> +|`priv/lock/*` | Lock files used by various services to ensure safe cluster-wide operations
> +|`priv/pve-root-ca.key` | Private key of cluster CA
> +|`priv/shadow.cfg` | Shadow password file for PVE Realm users
> +|`priv/storage/<STORAGE-ID>.pw` | Contains the password of a storage in plain text
> +|`priv/tfa.cfg` | Base64-encoded two-factor authentication configuration
> +|`priv/token.cfg` | API token secrets of all tokens
> +|`pve-root-ca.pem` | Public certificate of cluster CA
> +|`pve-www.key` | Private key used for generating CSRF tokens
> +|`sdn/*` | Shared configuration files for Software Defined Networking (SDN)
> +|`status.cfg` | {pve} external metrics server configuration
> +|`storage.cfg` | {pve} storage configuration
> +|`user.cfg` | {pve} access control configuration (users/groups/...)
> +|`virtual-guest/cpu-models.conf` | For storing custom CPU models
> +|`vzdump.cron` | Cluster-wide vzdump backup-job schedule
> |=======
>
>
> Symbolic links
> ~~~~~~~~~~~~~~
>
> +Certain directories within the cluster file system use symbolic links, in order
> +to point to a node's own configuration files. Thus, the files pointed to in the
> +table below refer to different files on each node of the cluster.
> +
> [width="100%",cols="m,m"]
> |=======
> |`local` | `nodes/<LOCAL_HOST_NAME>`
maybe the /etc/pve/openvz symlink should be added to this list as well?
next prev parent reply other threads:[~2021-09-14 7:50 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-13 16:00 [pve-devel] [PATCH pve-docs 1/2] pmxcfs: language and style fixup Dylan Whyte
2021-09-13 16:00 ` [pve-devel] [PATCH pve-docs 2/2] pmxcfs: add more config files and discuss symlinks Dylan Whyte
2021-09-14 7:50 ` Lorenz Stechauner [this message]
2021-09-14 9:48 ` Thomas Lamprecht
2021-09-14 7:48 ` [pve-devel] [PATCH pve-docs 1/2] pmxcfs: language and style fixup Lorenz Stechauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7ed50f2c-79bd-c041-c996-66219550c3ea@proxmox.com \
--to=l.stechauner@proxmox.com \
--cc=d.whyte@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox