[pve-devel] [PATCH pve-docs 2/2] pmxcfs: add more config files and discuss symlinks

Lorenz Stechauner l.stechauner at proxmox.com
Tue Sep 14 09:50:51 CEST 2021


also looks good, one comment inline

On 13.09.21 18:00, Dylan Whyte wrote:
> adds an entry for some config files found in /etc/pve, which were
> missing.
> alphabetize the list, for better readability and add some minor fixes
> also adds an introduction section to the symbolic links section, to
> clarify that they're specific to each host
>
> Signed-off-by: Dylan Whyte <d.whyte at proxmox.com>
> ---
>   pmxcfs.adoc | 52 ++++++++++++++++++++++++++++++++++++----------------
>   1 file changed, 36 insertions(+), 16 deletions(-)
>
> diff --git a/pmxcfs.adoc b/pmxcfs.adoc
> index c0327a2..1dc1c0d 100644
> --- a/pmxcfs.adoc
> +++ b/pmxcfs.adoc
> @@ -93,32 +93,52 @@ Files
>   
>   [width="100%",cols="m,d"]
>   |=======
> -|`corosync.conf`                        | Corosync cluster configuration file (previous to {pve} 4.x this file was called cluster.conf)
> -|`storage.cfg`                          | {pve} storage configuration
> -|`datacenter.cfg`                       | {pve} datacenter wide configuration (keyboard layout, proxy, ...)
> -|`user.cfg`                             | {pve} access control configuration (users/groups/...)
> +|`authkey.pub`                          | Public key used by the ticket system
> +|`ceph.conf`                            | Ceph configuration file (note: /etc/ceph/ceph.conf is a symbolic link to this)
> +|`corosync.conf`                        | Corosync cluster configuration file (prior to {pve} 4.x, this file was called cluster.conf)
> +|`datacenter.cfg`                       | {pve} data center-wide configuration (keyboard layout, proxy, ...)
>   |`domains.cfg`                          | {pve} authentication domains
> -|`status.cfg`                           | {pve} external metrics server configuration
> -|`authkey.pub`                          | Public key used by ticket system
> -|`pve-root-ca.pem`                      | Public certificate of cluster CA
> -|`priv/shadow.cfg`                      | Shadow password file
> -|`priv/authkey.key`                     | Private key used by ticket system
> -|`priv/pve-root-ca.key`                 | Private key of cluster CA
> -|`nodes/<NAME>/pve-ssl.pem`             | Public SSL certificate for web server (signed by cluster CA)
> +|`firewall/cluster.fw`                  | Firewall configuration applied to all nodes
> +|`firewall/<NAME>.fw`                   | Firewall configuration for individual nodes
> +|`firewall/<VMID>.fw`                   | Firewall configuration for VMs and containers
> +|`ha/crm_commands`                      | Displays HA operations that are currently being carried out by the CRM
> +|`ha/manager_status`                    | JSON-formatted information regarding HA services on the cluster
> +|`ha/resources.cfg`                     | Resources managed by high availability, and their current state
> +|`nodes/<NAME>/config`                  | Node-specific configuration
> +|`nodes/<NAME>/lxc/<VMID>.conf`         | VM configuration data for LXC containers
>   |`nodes/<NAME>/pve-ssl.key`             | Private SSL key for `pve-ssl.pem`
> -|`nodes/<NAME>/pveproxy-ssl.pem`        | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`)
> +|`nodes/<NAME>/pve-ssl.pem`             | Public SSL certificate for web server (signed by cluster CA)
>   |`nodes/<NAME>/pveproxy-ssl.key`        | Private SSL key for `pveproxy-ssl.pem` (optional)
> +|`nodes/<NAME>/pveproxy-ssl.pem`        | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`)
>   |`nodes/<NAME>/qemu-server/<VMID>.conf` | VM configuration data for KVM VMs
> -|`nodes/<NAME>/lxc/<VMID>.conf`         | VM configuration data for LXC containers
> -|`firewall/cluster.fw`                  | Firewall configuration applied to all nodes
> -|`firewall/<NAME>.fw`                   | Firewall configuration for individual nodes
> -|`firewall/<VMID>.fw`                   | Firewall configuration for VMs and Containers
> +|`priv/authkey.key`                     | Private key used by ticket system
> +|`priv/authorized_keys`                 | SSH keys of cluster members for authentication
> +|`priv/ceph*`                           | Ceph authentication keys and associated capabilities
> +|`priv/known_hosts`                     | SSH keys of the cluster members for verification
> +|`priv/lock/*`                          | Lock files used by various services to ensure safe cluster-wide operations
> +|`priv/pve-root-ca.key`                 | Private key of cluster CA
> +|`priv/shadow.cfg`                      | Shadow password file for PVE Realm users
> +|`priv/storage/<STORAGE-ID>.pw`         | Contains the password of a storage in plain text
> +|`priv/tfa.cfg`                         | Base64-encoded two-factor authentication configuration
> +|`priv/token.cfg`                       | API token secrets of all tokens
> +|`pve-root-ca.pem`                      | Public certificate of cluster CA
> +|`pve-www.key`                          | Private key used for generating CSRF tokens
> +|`sdn/*`                                | Shared configuration files for Software Defined Networking (SDN)
> +|`status.cfg`                           | {pve} external metrics server configuration
> +|`storage.cfg`                          | {pve} storage configuration
> +|`user.cfg`                             | {pve} access control configuration (users/groups/...)
> +|`virtual-guest/cpu-models.conf`        | For storing custom CPU models
> +|`vzdump.cron`                          | Cluster-wide vzdump backup-job schedule
>   |=======
>   
>   
>   Symbolic links
>   ~~~~~~~~~~~~~~
>   
> +Certain directories within the cluster file system use symbolic links, in order
> +to point to a node's own configuration files. Thus, the files pointed to in the
> +table below refer to different files on each node of the cluster.
> +
>   [width="100%",cols="m,m"]
>   |=======
>   |`local`         | `nodes/<LOCAL_HOST_NAME>`
maybe the /etc/pve/openvz symlink should be added to this list as well?




More information about the pve-devel mailing list