[pve-devel] [PATCH docs] pveproxy: improve LISTEN_IP doc

Oguz Bektas o.bektas at proxmox.com
Wed Apr 28 13:42:21 CEST 2021 

hi,

thanks for checking.

On Wed, Apr 28, 2021 at 01:35:40PM +0200, Thomas Lamprecht wrote:
> On 28.04.21 13:16, Oguz Bektas wrote:
> > * fix small typo
> > * add details for link-local addresses
> > * mention that pveproxy needs to be restarted
> > 
> > Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
> > ---
> >  pveproxy.adoc | 10 +++++++++-
> >  1 file changed, 9 insertions(+), 1 deletion(-)
> > 
> > diff --git a/pveproxy.adoc b/pveproxy.adoc
> > index 08c5f63..b9f8ade 100644
> > --- a/pveproxy.adoc
> > +++ b/pveproxy.adoc
> > @@ -71,10 +71,18 @@ exposure to the public internet:
> >  
> >   LISTEN_IP="192.0.2.1"
> >  
> > -Similarly you can also set a n IPv6 address:
> > +Similarly you can also set an IPv6 address:
> >  
> >   LISTEN_IP="2001:db8:85a3::1"
> >  
> > +And for a link-local IPv6 address on vmbr0 (interface name is necessary in this case):
> 
> Does not reads like an actual sentence... I'd write something a long the lines of:
> 
> "Note, if you want to specify a link-local IPv6 address, you need to provide the interface name itself:"

okay

> 
> > +
> > + LISTEN_IP="fe80::d8ee:34ff:fe37:4579%vmbr0"
> > +
> > +After the change you have to restart `pveproxy` for it to take effect:
> 
> I'd specifically state that a reload is not enough and then add a small warning that
> a restart can stop some existing workers (not all, but e.g., shell connection is stopped
> and reconnected which may loose info on CTs without a screen/tmux instance running).
> Also, there's a short time window where no new connections are accepted IIRC (albeit
> I was the one fixing that for reload it's been to long since then, so not sure anymore)

i think the phrasing "you have to restart" already emphasizes this,
adding too many warnings or notes would just confuse users in my
opinion.

though i don't see any harm in making the **restart** bold in that
sentence and adding that small warning about possible connection drop.

> 
> > +
> > + systemctl restart pveproxy
> 
> and spiceproxy?
ah yes forgot that, also adding to v2
> 
> > +
> >  WARNING: The nodes in a cluster need access to `pveproxy` for communication,
> >  possibly on different sub-nets. It is **not recommended** to set `LISTEN_IP` on
> >  clustered systems.
> >

More information about the pve-devel mailing list