From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D684D69977 for ; Tue, 14 Sep 2021 09:50:53 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CE450A6D2 for ; Tue, 14 Sep 2021 09:50:53 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 0E6A3A6C4 for ; Tue, 14 Sep 2021 09:50:53 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id DA26944837 for ; Tue, 14 Sep 2021 09:50:52 +0200 (CEST) To: Proxmox VE development discussion , Dylan Whyte References: <20210913160036.148321-1-d.whyte@proxmox.com> <20210913160036.148321-2-d.whyte@proxmox.com> From: Lorenz Stechauner Message-ID: <7ed50f2c-79bd-c041-c996-66219550c3ea@proxmox.com> Date: Tue, 14 Sep 2021 09:50:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: <20210913160036.148321-2-d.whyte@proxmox.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-SPAM-LEVEL: Spam detection results: 0 AWL 1.411 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -1.969 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [authkey.pub, key.com] Subject: Re: [pve-devel] [PATCH pve-docs 2/2] pmxcfs: add more config files and discuss symlinks X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2021 07:50:53 -0000 also looks good, one comment inline On 13.09.21 18:00, Dylan Whyte wrote: > adds an entry for some config files found in /etc/pve, which were > missing. > alphabetize the list, for better readability and add some minor fixes > also adds an introduction section to the symbolic links section, to > clarify that they're specific to each host > > Signed-off-by: Dylan Whyte > --- > pmxcfs.adoc | 52 ++++++++++++++++++++++++++++++++++++---------------- > 1 file changed, 36 insertions(+), 16 deletions(-) > > diff --git a/pmxcfs.adoc b/pmxcfs.adoc > index c0327a2..1dc1c0d 100644 > --- a/pmxcfs.adoc > +++ b/pmxcfs.adoc > @@ -93,32 +93,52 @@ Files > > [width="100%",cols="m,d"] > |======= > -|`corosync.conf` | Corosync cluster configuration file (previous to {pve} 4.x this file was called cluster.conf) > -|`storage.cfg` | {pve} storage configuration > -|`datacenter.cfg` | {pve} datacenter wide configuration (keyboard layout, proxy, ...) > -|`user.cfg` | {pve} access control configuration (users/groups/...) > +|`authkey.pub` | Public key used by the ticket system > +|`ceph.conf` | Ceph configuration file (note: /etc/ceph/ceph.conf is a symbolic link to this) > +|`corosync.conf` | Corosync cluster configuration file (prior to {pve} 4.x, this file was called cluster.conf) > +|`datacenter.cfg` | {pve} data center-wide configuration (keyboard layout, proxy, ...) > |`domains.cfg` | {pve} authentication domains > -|`status.cfg` | {pve} external metrics server configuration > -|`authkey.pub` | Public key used by ticket system > -|`pve-root-ca.pem` | Public certificate of cluster CA > -|`priv/shadow.cfg` | Shadow password file > -|`priv/authkey.key` | Private key used by ticket system > -|`priv/pve-root-ca.key` | Private key of cluster CA > -|`nodes//pve-ssl.pem` | Public SSL certificate for web server (signed by cluster CA) > +|`firewall/cluster.fw` | Firewall configuration applied to all nodes > +|`firewall/.fw` | Firewall configuration for individual nodes > +|`firewall/.fw` | Firewall configuration for VMs and containers > +|`ha/crm_commands` | Displays HA operations that are currently being carried out by the CRM > +|`ha/manager_status` | JSON-formatted information regarding HA services on the cluster > +|`ha/resources.cfg` | Resources managed by high availability, and their current state > +|`nodes//config` | Node-specific configuration > +|`nodes//lxc/.conf` | VM configuration data for LXC containers > |`nodes//pve-ssl.key` | Private SSL key for `pve-ssl.pem` > -|`nodes//pveproxy-ssl.pem` | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`) > +|`nodes//pve-ssl.pem` | Public SSL certificate for web server (signed by cluster CA) > |`nodes//pveproxy-ssl.key` | Private SSL key for `pveproxy-ssl.pem` (optional) > +|`nodes//pveproxy-ssl.pem` | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`) > |`nodes//qemu-server/.conf` | VM configuration data for KVM VMs > -|`nodes//lxc/.conf` | VM configuration data for LXC containers > -|`firewall/cluster.fw` | Firewall configuration applied to all nodes > -|`firewall/.fw` | Firewall configuration for individual nodes > -|`firewall/.fw` | Firewall configuration for VMs and Containers > +|`priv/authkey.key` | Private key used by ticket system > +|`priv/authorized_keys` | SSH keys of cluster members for authentication > +|`priv/ceph*` | Ceph authentication keys and associated capabilities > +|`priv/known_hosts` | SSH keys of the cluster members for verification > +|`priv/lock/*` | Lock files used by various services to ensure safe cluster-wide operations > +|`priv/pve-root-ca.key` | Private key of cluster CA > +|`priv/shadow.cfg` | Shadow password file for PVE Realm users > +|`priv/storage/.pw` | Contains the password of a storage in plain text > +|`priv/tfa.cfg` | Base64-encoded two-factor authentication configuration > +|`priv/token.cfg` | API token secrets of all tokens > +|`pve-root-ca.pem` | Public certificate of cluster CA > +|`pve-www.key` | Private key used for generating CSRF tokens > +|`sdn/*` | Shared configuration files for Software Defined Networking (SDN) > +|`status.cfg` | {pve} external metrics server configuration > +|`storage.cfg` | {pve} storage configuration > +|`user.cfg` | {pve} access control configuration (users/groups/...) > +|`virtual-guest/cpu-models.conf` | For storing custom CPU models > +|`vzdump.cron` | Cluster-wide vzdump backup-job schedule > |======= > > > Symbolic links > ~~~~~~~~~~~~~~ > > +Certain directories within the cluster file system use symbolic links, in order > +to point to a node's own configuration files. Thus, the files pointed to in the > +table below refer to different files on each node of the cluster. > + > [width="100%",cols="m,m"] > |======= > |`local` | `nodes/` maybe the /etc/pve/openvz symlink should be added to this list as well?