Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Improve the documentation. #70

Merged
merged 1 commit into from
Aug 31, 2024
Merged

docs: Improve the documentation. #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .changelogs/1.0.3/docs_fix_default_config_add_dedicated_user_howto.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
fixed:
- Fix bug in the `proxlb.conf` in the vm_balancing section.
added:
- Add doc how to add dedicated user for authentication. (by @Dulux-Oz)
13 changes: 13 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,19 @@ daemon: 1
config_version: 3
```

#### Notes
* If running ProxLB on more than one Proxmox node you can set `api_host` to a comma-separated list of each node's IP address or hostname. (Example: `api_host: node01.gyptazy.ch,node02.gyptazy.ch,node03.gyptazy.ch`)
* The `verify_ssl` parameter can switch between the mode to verificate trusted remote certificates. Keep in mind, that even local ones are **not** trusted by default and need to be imported to the truststore.
* Even when using only the `vm_balancing` mode, ensure to have the other sections listed in your config:
```
[storage_balancing]
enable: 0
[update_service]
enable: 0
[api]
enable: 0
```

### Parameters
The following options and parameters are currently supported:

Expand Down
11 changes: 11 additions & 0 deletions docs/02_Configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,17 @@ Afterwards, restart the service (if running in daemon mode) to activate this reb
### Authentication
ProxLB also supports different accounts in ProxLB. Therefore, you can simply create a new user and group and add the required roles permissions.

### Creating Dedicated User for Balanciung
It is recommended to not use the `root@pam` user for balancing. Therefore, creating a new user might be suitable and is very easy to create.
A new user can be created by the gui, api and cli. The required roles are stated in the next chapter, but you can also use the following lines
to create a user on the cli with the required roles to balance VMs & CTs.

```
pveum role add ProxLBAdmin --privs Datastore.Audit,Sys.Audit,VM.Audit,VM.Migrate
pveum user add proxlb_admin@pve --password <password>
pveum acl modify / --roles ProxLBAdmin --users proxlb_admin@pve
```

### Required Roles
When using ProxLB with a dedicated account, you might also keep the assigned roles low. Therefore, you need to ensure that the newly created user is at least assigned to the following roles:
* Datastore.Audit (Required for storage evaluation)
Expand Down
2 changes: 1 addition & 1 deletion proxlb.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ api_host: hypervisor01.gyptazy.ch
api_user: root@pam
api_pass: FooBar
verify_ssl: 1
[balancing]
[vm_balancing]
enable: 1
method: memory
mode: used
Expand Down
Loading