public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Pavel Tide via pve-devel <pve-devel@lists.proxmox.com>
To: Fiona Ebner <f.ebner@proxmox.com>,
	Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Cc: Pavel Tide <Pavel.TIde@veeam.com>
Subject: Re: [pve-devel] Bug 2582 roadmap
Date: Thu, 24 Oct 2024 14:27:43 +0000	[thread overview]
Message-ID: <mailman.535.1729780520.332.pve-devel@lists.proxmox.com> (raw)
In-Reply-To: <IA0PR14MB676740F40B90FBABA72410E3936C2@IA0PR14MB6767.namprd14.prod.outlook.com>

[-- Attachment #1: Type: message/rfc822, Size: 15811 bytes --]

From: Pavel Tide <Pavel.TIde@veeam.com>
To: Fiona Ebner <f.ebner@proxmox.com>, Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: RE: [pve-devel] Bug 2582 roadmap
Date: Thu, 24 Oct 2024 14:27:43 +0000
Message-ID: <IA0PR14MB6767381D629BAF3327BFD123934E2@IA0PR14MB6767.namprd14.prod.outlook.com>

Hi Fiona et al,

Just wanted to follow up on the subject.

I think I need some guidance from you and your team members on how we at Veeam could facilitate development of this and some other features in Proxmox VE.
Is there any standard protocol for that established, or we should simply submit a request/proposal in the mailing list and wait for someone to see it and respond?

Thanks!

-----Original Message-----
From: Pavel Tide <Pavel.TIde@veeam.com>
Sent: Friday, September 20, 2024 14:32
To: Fiona Ebner; Proxmox VE development discussion
Subject: RE: [pve-devel] Bug 2582 roadmap

Hi Fiona,

Thank you for helping me out and sorry for my late response.

The issue is that right now to work with PVE we have to do the following:

1) Connect via SSH to the PVE node and deploy a helper virtual machine (so that users don't have to do it manually)
2) Access the Proxmox VE API to perform other backup-related tasks (those that cannot be done via SSH)

In item #1 - the new VM deployment involved usage of root/sudo.

In item #2 - certain tasks that are performed via API also require root/sudo. We have managed to move those to the SSH part of the workflow, so now users can use one non-root account to perform all necessary operations (instead of using root or having to use two separate accounts).

We think that in future there might be a situation where we might need a superuser level of privileges while accessing the API, and there will be no workaround to move the operation to the SSH part of the workflow. This will result in forcing our joint users to use 'root' account again, which they hate to do and also deem as an not secure practice.

I hope that helps. If there is anything else what we could do from out side please let me know.

Thanks!

-----Original Message-----
From: Fiona Ebner <mailto:f.ebner@proxmox.com>
Sent: Friday, September 13, 2024 09:59
To: Proxmox VE development discussion
Cc: Pavel Tide
Subject: Re: [pve-devel] Bug 2582 roadmap

Hi Pavel,

Am 10.09.24 um 12:18 schrieb Pavel Tide via pve-devel:
> Hi Proxmox team,
>
> Would you provide any delivery estimates on this item?
> https://bugz/
> illa.proxmox.com%2Fshow_bug.cgi%3Fid%3D2582&data=05%7C02%7CPavel.TIde%
> 40veeam.com%7C9fbe3a27cdb746e4522e08dcd3c9f802%7Cba07baab431b49edadd7c
> bc3542f5140%7C1%7C0%7C638618111644860239%7CUnknown%7CTWFpbGZsb3d8eyJWI
> joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7
> C%7C&sdata=rnV7UTTM7GUpysGbgpLRfGDOA7xtwoACZXoq7N9anNg%3D&reserved=0
>
> As far as I understand it's been implemented already, but currently stays in the development branch - our lab is up to date and yet we don't see how we can create a separate non-root account to work with PVE cluster.
>

a patch series had been proposed, but the implementation was not finished AFAIK, see Fabian's review[0]. Since Oguz left the company, nobody else has picked up work on the series yet. Maybe you can describe what exactly your use case is, which privileges you'd need in particular. Of course, proposing patches for what you need (or a rebased version of Oguz's full series) is welcome too :)

[0]:
https://lore.proxmox.com/pve-devel/1658908014.zeyifvlr1o.astroid@nora.none/

Best Regards,
Fiona



[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

  parent reply	other threads:[~2024-10-24 14:35 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-10 10:18 Pavel Tide via pve-devel
2024-09-13  7:59 ` Fiona Ebner
2024-09-20 12:32   ` Pavel Tide via pve-devel
     [not found]   ` <IA0PR14MB676740F40B90FBABA72410E3936C2@IA0PR14MB6767.namprd14.prod.outlook.com>
2024-10-24 14:27     ` Pavel Tide via pve-devel [this message]
2024-10-25  6:21     ` Thomas Lamprecht
     [not found] <IA0PR14MB6767A0575DBA79C4F53006E7939A2@IA0PR14MB6767.namprd14.prod.outlook.com>
2024-09-12  9:59 ` Pavel Tide via pve-devel
  -- strict thread matches above, loose matches on Subject: below --
2024-09-06 11:17 Pavel Tide via pve-devel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=mailman.535.1729780520.332.pve-devel@lists.proxmox.com \
    --to=pve-devel@lists.proxmox.com \
    --cc=Pavel.TIde@veeam.com \
    --cc=f.ebner@proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal