diff --git a/.changelogs/1.0.3/docs_fix_default_config_add_dedicated_user_howto.yml b/.changelogs/1.0.3/docs_fix_default_config_add_dedicated_user_howto.yml new file mode 100644 index 0000000..26e632b --- /dev/null +++ b/.changelogs/1.0.3/docs_fix_default_config_add_dedicated_user_howto.yml @@ -0,0 +1,4 @@ +fixed: + - Fix bug in the `proxlb.conf` in the vm_balancing section. +added: + - Add doc how to add dedicated user for authentication. (by @Dulux-Oz) diff --git a/README.md b/README.md index b95e33c..59cff95 100644 --- a/README.md +++ b/README.md @@ -169,6 +169,19 @@ daemon: 1 config_version: 3 ``` +#### Notes +* If running ProxLB on more than one Proxmox node you can set `api_host` to a comma-separated list of each node's IP address or hostname. (Example: `api_host: node01.gyptazy.ch,node02.gyptazy.ch,node03.gyptazy.ch`) +* The `verify_ssl` parameter can switch between the mode to verificate trusted remote certificates. Keep in mind, that even local ones are **not** trusted by default and need to be imported to the truststore. +* Even when using only the `vm_balancing` mode, ensure to have the other sections listed in your config: +``` +[storage_balancing] +enable: 0 +[update_service] +enable: 0 +[api] +enable: 0 +``` + ### Parameters The following options and parameters are currently supported: diff --git a/docs/02_Configuration.md b/docs/02_Configuration.md index 9b1de9d..66645a9 100644 --- a/docs/02_Configuration.md +++ b/docs/02_Configuration.md @@ -29,6 +29,17 @@ Afterwards, restart the service (if running in daemon mode) to activate this reb ### Authentication ProxLB also supports different accounts in ProxLB. Therefore, you can simply create a new user and group and add the required roles permissions. +### Creating Dedicated User for Balanciung +It is recommended to not use the `root@pam` user for balancing. Therefore, creating a new user might be suitable and is very easy to create. +A new user can be created by the gui, api and cli. The required roles are stated in the next chapter, but you can also use the following lines +to create a user on the cli with the required roles to balance VMs & CTs. + +``` +pveum role add ProxLBAdmin --privs Datastore.Audit,Sys.Audit,VM.Audit,VM.Migrate +pveum user add proxlb_admin@pve --password +pveum acl modify / --roles ProxLBAdmin --users proxlb_admin@pve +``` + ### Required Roles When using ProxLB with a dedicated account, you might also keep the assigned roles low. Therefore, you need to ensure that the newly created user is at least assigned to the following roles: * Datastore.Audit (Required for storage evaluation) diff --git a/proxlb.conf b/proxlb.conf index 2a77d9d..d0e6f16 100644 --- a/proxlb.conf +++ b/proxlb.conf @@ -3,7 +3,7 @@ api_host: hypervisor01.gyptazy.ch api_user: root@pam api_pass: FooBar verify_ssl: 1 -[balancing] +[vm_balancing] enable: 1 method: memory mode: used