Skip to content

Commit

Permalink
Merge pull request #70 from gyptazy/docs/adjust-docs-section-user-adding
Browse files Browse the repository at this point in the history
docs: Improve the documentation.
  • Loading branch information
gyptazy authored Aug 31, 2024
2 parents 7ddb7ca + 5c96fc4 commit 3157283
Show file tree
Hide file tree
Showing 4 changed files with 29 additions and 1 deletion.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
fixed:
- Fix bug in the `proxlb.conf` in the vm_balancing section.
added:
- Add doc how to add dedicated user for authentication. (by @Dulux-Oz)
13 changes: 13 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,19 @@ daemon: 1
config_version: 3
```

#### Notes
* If running ProxLB on more than one Proxmox node you can set `api_host` to a comma-separated list of each node's IP address or hostname. (Example: `api_host: node01.gyptazy.ch,node02.gyptazy.ch,node03.gyptazy.ch`)
* The `verify_ssl` parameter can switch between the mode to verificate trusted remote certificates. Keep in mind, that even local ones are **not** trusted by default and need to be imported to the truststore.
* Even when using only the `vm_balancing` mode, ensure to have the other sections listed in your config:
```
[storage_balancing]
enable: 0
[update_service]
enable: 0
[api]
enable: 0
```

### Parameters
The following options and parameters are currently supported:

Expand Down
11 changes: 11 additions & 0 deletions docs/02_Configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,17 @@ Afterwards, restart the service (if running in daemon mode) to activate this reb
### Authentication
ProxLB also supports different accounts in ProxLB. Therefore, you can simply create a new user and group and add the required roles permissions.

### Creating Dedicated User for Balanciung
It is recommended to not use the `root@pam` user for balancing. Therefore, creating a new user might be suitable and is very easy to create.
A new user can be created by the gui, api and cli. The required roles are stated in the next chapter, but you can also use the following lines
to create a user on the cli with the required roles to balance VMs & CTs.

```
pveum role add ProxLBAdmin --privs Datastore.Audit,Sys.Audit,VM.Audit,VM.Migrate
pveum user add proxlb_admin@pve --password <password>
pveum acl modify / --roles ProxLBAdmin --users proxlb_admin@pve
```

### Required Roles
When using ProxLB with a dedicated account, you might also keep the assigned roles low. Therefore, you need to ensure that the newly created user is at least assigned to the following roles:
* Datastore.Audit (Required for storage evaluation)
Expand Down
2 changes: 1 addition & 1 deletion proxlb.conf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ api_host: hypervisor01.gyptazy.ch
api_user: root@pam
api_pass: FooBar
verify_ssl: 1
[balancing]
[vm_balancing]
enable: 1
method: memory
mode: used
Expand Down

0 comments on commit 3157283

Please sign in to comment.