Manual: datacenter.cfg: Difference between revisions
No edit summary |
No edit summary |
||
(9 intermediate revisions by the same user not shown) | |||
Line 19: | Line 19: | ||
Options | Options | ||
bwlimit: [clone=<LIMIT>] [,default=<LIMIT>] [,migration=<LIMIT>] [,move=<LIMIT>] [,restore=<LIMIT>] | bwlimit: [clone=<LIMIT>] [,default=<LIMIT>] [,migration=<LIMIT>] [,move=<LIMIT>] [,restore=<LIMIT>] | ||
Set bandwidth | Set I/O bandwidth limit for various operations (in KiB/s). | ||
clone=<LIMIT> | clone=<LIMIT> | ||
bandwidth limit in KiB/s for cloning disks | bandwidth limit in KiB/s for cloning disks | ||
Line 32: | Line 32: | ||
console: <applet | html5 | vv | xtermjs> | console: <applet | html5 | vv | xtermjs> | ||
Select the default Console viewer. You can either use the builtin java applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC. | Select the default Console viewer. You can either use the builtin java applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC. | ||
crs: [ha=<basic|static>] [,ha-rebalance-on-start=<1|0>] | |||
Cluster resource scheduling settings. | |||
ha=<basic | static> (default = basic) | |||
Configures how the HA manager should select nodes to start or recover services. With basic, only the number of services is used, with static, static CPU and memory configuration of services is considered. | |||
ha-rebalance-on-start=<boolean> (default = 0) | |||
Set to use CRS for selecting a suited node when a HA services request-state changes from stop to start. | |||
description: <string> | |||
Datacenter description. Shown in the web-interface datacenter notes panel. This is saved as comment inside the configuration file. | |||
email_from: <string> | email_from: <string> | ||
Specify email address to send notification from (default is root@$hostname) | Specify email address to send notification from (default is root@$hostname) | ||
Line 37: | Line 45: | ||
Set the fencing mode of the HA cluster. Hardware mode needs a valid configuration of fence devices in /etc/pve/ha/fence.cfg. With both all two modes are used. | Set the fencing mode of the HA cluster. Hardware mode needs a valid configuration of fence devices in /etc/pve/ha/fence.cfg. With both all two modes are used. | ||
hardware and both are EXPERIMENTAL & WIP | hardware and both are EXPERIMENTAL & WIP | ||
ha: shutdown_policy=< | ha: shutdown_policy=<enum> | ||
Cluster wide HA settings. | Cluster wide HA settings. | ||
shutdown_policy=<conditional | failover | freeze> (default = conditional) | shutdown_policy=<conditional | failover | freeze | migrate> (default = conditional) | ||
Describes the policy for handling HA services on poweroff or reboot of a node. Freeze will always freeze services which are still located on the node on shutdown, those services won’t be recovered by the HA manager. Failover will not mark the services as frozen and thus the services will get recovered to other nodes, if the shutdown node does not come up again quickly (< 1min). conditional chooses automatically depending on the type of shutdown, i.e., on a reboot the service will be frozen but on a poweroff the service will stay as is, and thus get recovered after about 2 minutes. | Describes the policy for handling HA services on poweroff or reboot of a node. Freeze will always freeze services which are still located on the node on shutdown, those services won’t be recovered by the HA manager. Failover will not mark the services as frozen and thus the services will get recovered to other nodes, if the shutdown node does not come up again quickly (< 1min). conditional chooses automatically depending on the type of shutdown, i.e., on a reboot the service will be frozen but on a poweroff the service will stay as is, and thus get recovered after about 2 minutes. Migrate will try to move all running services to another node when a reboot or shutdown was triggered. The poweroff process will only continue once no running services are located on the node anymore. If the node comes up again, the service will be moved back to the previously powered-off node, at least if no other migration, reloaction or recovery took place. | ||
http_proxy: http://.* | http_proxy: http://.* | ||
Specify external http proxy which is used for downloads (example: http://username:password@host:port/) | Specify external http proxy which is used for downloads (example: http://username:password@host:port/) | ||
keyboard: <da | de | de-ch | en-gb | en-us | es | fi | fr | fr-be | fr-ca | fr-ch | hu | is | it | ja | lt | mk | nl | no | pl | pt | pt-br | sl | sv | tr> | keyboard: <da | de | de-ch | en-gb | en-us | es | fi | fr | fr-be | fr-ca | fr-ch | hu | is | it | ja | lt | mk | nl | no | pl | pt | pt-br | sl | sv | tr> | ||
Default keybord layout for vnc server. | Default keybord layout for vnc server. | ||
language: <ca | de | en | es | eu | fa | fr | it | ja | nb | nn | pl | pt_BR | ru | sl | sv | tr | zh_CN | zh_TW> | language: <ar | ca | da | de | en | es | eu | fa | fr | he | hr | it | ja | ka | kr | nb | nl | nn | pl | pt_BR | ru | sl | sv | tr | ukr | zh_CN | zh_TW> | ||
Default GUI language. | Default GUI language. | ||
mac_prefix: <string> | mac_prefix: <string> (default = BC:24:11) | ||
Prefix for | Prefix for the auto-generated MAC addresses of virtual guests. The default BC:24:11 is the Organizationally Unique Identifier (OUI) assigned by the IEEE to Proxmox Server Solutions GmbH for a MAC Address Block Large (MA-L). You’re allowed to use this in local networks, i.e., those not directly reachable by the public (e.g., in a LAN or NAT/Masquerading). | ||
Note that when you run multiple cluster that (partially) share the networks of their virtual guests, it’s highly recommended that you extend the default MAC prefix, or generate a custom (valid) one, to reduce the chance of MAC collisions. For example, add a separate extra hexadecimal to the Proxmox OUI for each cluster, like BC:24:11:0 for the first, BC:24:11:1 for the second, and so on. | |||
Alternatively, you can also separate the networks of the guests logically, e.g., by using VLANs. | |||
+ | |||
For publicly accessible guests it’s recommended that you get your own OUI from the IEEE registered or coordinate with your, or your hosting providers, network admins. | |||
max_workers: <integer> (1 - N) | max_workers: <integer> (1 - N) | ||
Defines how many workers (per node) are maximal started on actions like stopall VMs or task from the ha-manager. | Defines how many workers (per node) are maximal started on actions like stopall VMs or task from the ha-manager. | ||
Line 59: | Line 71: | ||
migration_unsecure: <boolean> | migration_unsecure: <boolean> | ||
Migration is secure using SSH tunnel by default. For secure private networks you can disable it to speed up migration. Deprecated, use the migration property instead! | Migration is secure using SSH tunnel by default. For secure private networks you can disable it to speed up migration. Deprecated, use the migration property instead! | ||
next-id: [lower=<integer>] [,upper=<integer>] | |||
Control the range for the free VMID auto-selection pool. | |||
lower=<integer> (default = 100) | |||
Lower, inclusive boundary for free next-id API range. | |||
upper=<integer> (default = 1000000) | |||
Upper, exclusive boundary for free next-id API range. | |||
notify: [fencing=<always|never>] [,package-updates=<auto|always|never>] [,replication=<always|never>] [,target-fencing=<TARGET>] [,target-package-updates=<TARGET>] [,target-replication=<TARGET>] | |||
Cluster-wide notification settings. | |||
fencing=<always | never> | |||
UNUSED - Use datacenter notification settings instead. | |||
package-updates=<always | auto | never> (default = auto) | |||
DEPRECATED: Use datacenter notification settings instead. | |||
Control how often the daily update job should send out notifications: | |||
auto daily for systems with a valid subscription, as those are assumed to be production-ready and thus should know about pending updates. | |||
always every update, if there are new pending updates. | |||
never never send a notification for new pending updates. | |||
replication=<always | never> | |||
UNUSED - Use datacenter notification settings instead. | |||
target-fencing=<TARGET> | |||
UNUSED - Use datacenter notification settings instead. | |||
target-package-updates=<TARGET> | |||
UNUSED - Use datacenter notification settings instead. | |||
target-replication=<TARGET> | |||
UNUSED - Use datacenter notification settings instead. | |||
registered-tags: <tag>[;<tag>...] | |||
A list of tags that require a Sys.Modify on / to set and delete. Tags set here that are also in user-tag-access also require Sys.Modify. | |||
tag-style: [case-sensitive=<1|0>] [,color-map=<tag>:<hex-color>[:<hex-color-for-text>][;<tag>=...]] [,ordering=<config|alphabetical>] [,shape=<enum>] | |||
Tag style options. | |||
case-sensitive=<boolean> (default = 0) | |||
Controls if filtering for unique tags on update should check case-sensitive. | |||
color-map=<tag>:<hex-color>[:<hex-color-for-text>][;<tag>=...] | |||
Manual color mapping for tags (semicolon separated). | |||
ordering=<alphabetical | config> (default = alphabetical) | |||
Controls the sorting of the tags in the web-interface and the API update. | |||
shape=<circle | dense | full | none> (default = circle) | |||
Tag shape for the web ui tree. full draws the full tag. circle draws only a circle with the background color. dense only draws a small rectancle (useful when many tags are assigned to each guest).none disables showing the tags. | |||
u2f: [appid=<APPID>] [,origin=<URL>] | u2f: [appid=<APPID>] [,origin=<URL>] | ||
u2f | u2f | ||
Line 65: | Line 113: | ||
origin=<URL> | origin=<URL> | ||
U2F Origin override. Mostly useful for single nodes with a single URL. | U2F Origin override. Mostly useful for single nodes with a single URL. | ||
user-tag-access: [user-allow=<enum>] [,user-allow-list=<tag>[;<tag>...]] | |||
Privilege options for user-settable tags | |||
user-allow=<existing | free | list | none> (default = free) | |||
Controls which tags can be set or deleted on resources a user controls (such as guests). Users with the Sys.Modify privilege on / are alwaysunrestricted. | |||
none no tags are usable. | |||
list tags from user-allow-list are usable. | |||
existing like list, but already existing tags of resources are also usable. | |||
free no tag restrictions. | |||
user-allow-list=<tag>[;<tag>...] | |||
List of tags users are allowed to set and delete (semicolon separated) for user-allow values list and existing. | |||
webauthn: [allow-subdomains=<1|0>] [,id=<DOMAINNAME>] [,origin=<URL>] [,rp=<RELYING_PARTY>] | |||
webauthn configuration | |||
allow-subdomains=<boolean> (default = 1) | |||
Whether to allow the origin to be a subdomain, rather than the exact URL. | |||
id=<DOMAINNAME> | |||
Relying party ID. Must be the domain name without protocol, port or location. Changing this will break existing credentials. | |||
origin=<URL> | |||
Site origin. Must be a https:// URL (or http://localhost). Should contain the address users type in their browsers to access the web interface. Changing this may break existing credentials. | |||
rp=<RELYING_PARTY> | |||
Relying party name. Any text identifier. Changing this may break existing credentials. | |||
Copyright and Disclaimer | Copyright and Disclaimer | ||
Copyright © 2007- | Copyright © 2007-2022 Proxmox Server Solutions GmbH | ||
This program is free software: you can redistribute it and/or modify | This program is free software: you can redistribute it and/or modify | ||
it under the terms of the GNU Affero General Public License as | it under the terms of the GNU Affero General Public License as | ||
Line 77: | Line 145: | ||
You should have received a copy of the GNU Affero General Public | You should have received a copy of the GNU Affero General Public | ||
License along with this program. If not, see | License along with this program. If not, see | ||
https://www.gnu.org/licenses/ | |||
</pvehide> | </pvehide> | ||
<!--PVE_IMPORT_END_MARKER--> | <!--PVE_IMPORT_END_MARKER--> |
Latest revision as of 12:09, 28 November 2024
NAME
datacenter.cfg - Proxmox VE Datacenter Configuration
SYNOPSIS
/etc/pve/datacenter.cfg
DESCRIPTION
The file /etc/pve/datacenter.cfg is a configuration file for Proxmox VE. It contains cluster wide default values used by all nodes.
File Format
The file uses a simple colon separated key/value format. Each line has the following format:
OPTION: value
Blank lines in the file are ignored, and lines starting with a # character are treated as comments and are also ignored.
Options
- bwlimit: [clone=<LIMIT>] [,default=<LIMIT>] [,migration=<LIMIT>] [,move=<LIMIT>] [,restore=<LIMIT>]
-
Set I/O bandwidth limit for various operations (in KiB/s).
- clone=<LIMIT>
-
bandwidth limit in KiB/s for cloning disks
- default=<LIMIT>
-
default bandwidth limit in KiB/s
- migration=<LIMIT>
-
bandwidth limit in KiB/s for migrating guests (including moving local disks)
- move=<LIMIT>
-
bandwidth limit in KiB/s for moving disks
- restore=<LIMIT>
-
bandwidth limit in KiB/s for restoring guests from backups
- console: <applet | html5 | vv | xtermjs>
-
Select the default Console viewer. You can either use the builtin java applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC.
- crs: [ha=<basic|static>] [,ha-rebalance-on-start=<1|0>]
-
Cluster resource scheduling settings.
- ha=<basic | static> (default = basic)
-
Configures how the HA manager should select nodes to start or recover services. With basic, only the number of services is used, with static, static CPU and memory configuration of services is considered.
- ha-rebalance-on-start=<boolean> (default = 0)
-
Set to use CRS for selecting a suited node when a HA services request-state changes from stop to start.
- description: <string>
-
Datacenter description. Shown in the web-interface datacenter notes panel. This is saved as comment inside the configuration file.
- email_from: <string>
-
Specify email address to send notification from (default is root@$hostname)
- fencing: <both | hardware | watchdog> (default = watchdog)
-
Set the fencing mode of the HA cluster. Hardware mode needs a valid configuration of fence devices in /etc/pve/ha/fence.cfg. With both all two modes are used.
hardware and both are EXPERIMENTAL & WIP - ha: shutdown_policy=<enum>
-
Cluster wide HA settings.
- shutdown_policy=<conditional | failover | freeze | migrate> (default = conditional)
-
Describes the policy for handling HA services on poweroff or reboot of a node. Freeze will always freeze services which are still located on the node on shutdown, those services won’t be recovered by the HA manager. Failover will not mark the services as frozen and thus the services will get recovered to other nodes, if the shutdown node does not come up again quickly (< 1min). conditional chooses automatically depending on the type of shutdown, i.e., on a reboot the service will be frozen but on a poweroff the service will stay as is, and thus get recovered after about 2 minutes. Migrate will try to move all running services to another node when a reboot or shutdown was triggered. The poweroff process will only continue once no running services are located on the node anymore. If the node comes up again, the service will be moved back to the previously powered-off node, at least if no other migration, reloaction or recovery took place.
- http_proxy: http://.*
-
Specify external http proxy which is used for downloads (example: http://username:password@host:port/)
- keyboard: <da | de | de-ch | en-gb | en-us | es | fi | fr | fr-be | fr-ca | fr-ch | hu | is | it | ja | lt | mk | nl | no | pl | pt | pt-br | sl | sv | tr>
-
Default keybord layout for vnc server.
- language: <ar | ca | da | de | en | es | eu | fa | fr | he | hr | it | ja | ka | kr | nb | nl | nn | pl | pt_BR | ru | sl | sv | tr | ukr | zh_CN | zh_TW>
-
Default GUI language.
- mac_prefix: <string> (default = BC:24:11)
-
Prefix for the auto-generated MAC addresses of virtual guests. The default BC:24:11 is the Organizationally Unique Identifier (OUI) assigned by the IEEE to Proxmox Server Solutions GmbH for a MAC Address Block Large (MA-L). You’re allowed to use this in local networks, i.e., those not directly reachable by the public (e.g., in a LAN or NAT/Masquerading).
Note that when you run multiple cluster that (partially) share the networks of their virtual guests, it’s highly recommended that you extend the default MAC prefix, or generate a custom (valid) one, to reduce the chance of MAC collisions. For example, add a separate extra hexadecimal to the Proxmox OUI for each cluster, like BC:24:11:0 for the first, BC:24:11:1 for the second, and so on. Alternatively, you can also separate the networks of the guests logically, e.g., by using VLANs.
+ For publicly accessible guests it’s recommended that you get your own OUI from the IEEE registered or coordinate with your, or your hosting providers, network admins.
- max_workers: <integer> (1 - N)
-
Defines how many workers (per node) are maximal started on actions like stopall VMs or task from the ha-manager.
- migration: [type=]<secure|insecure> [,network=<CIDR>]
-
For cluster wide migration settings.
- network=<CIDR>
-
CIDR of the (sub) network that is used for migration.
- type=<insecure | secure> (default = secure)
-
Migration traffic is encrypted using an SSH tunnel by default. On secure, completely private networks this can be disabled to increase performance.
- migration_unsecure: <boolean>
-
Migration is secure using SSH tunnel by default. For secure private networks you can disable it to speed up migration. Deprecated, use the migration property instead!
- next-id: [lower=<integer>] [,upper=<integer>]
-
Control the range for the free VMID auto-selection pool.
- lower=<integer> (default = 100)
-
Lower, inclusive boundary for free next-id API range.
- upper=<integer> (default = 1000000)
-
Upper, exclusive boundary for free next-id API range.
- notify: [fencing=<always|never>] [,package-updates=<auto|always|never>] [,replication=<always|never>] [,target-fencing=<TARGET>] [,target-package-updates=<TARGET>] [,target-replication=<TARGET>]
-
Cluster-wide notification settings.
- fencing=<always | never>
-
UNUSED - Use datacenter notification settings instead.
- package-updates=<always | auto | never> (default = auto)
-
DEPRECATED: Use datacenter notification settings instead. Control how often the daily update job should send out notifications:
-
auto daily for systems with a valid subscription, as those are assumed to be production-ready and thus should know about pending updates.
-
always every update, if there are new pending updates.
-
never never send a notification for new pending updates.
-
- replication=<always | never>
-
UNUSED - Use datacenter notification settings instead.
- target-fencing=<TARGET>
-
UNUSED - Use datacenter notification settings instead.
- target-package-updates=<TARGET>
-
UNUSED - Use datacenter notification settings instead.
- target-replication=<TARGET>
-
UNUSED - Use datacenter notification settings instead.
- registered-tags: <tag>[;<tag>...]
-
A list of tags that require a Sys.Modify on / to set and delete. Tags set here that are also in user-tag-access also require Sys.Modify.
- tag-style: [case-sensitive=<1|0>] [,color-map=<tag>:<hex-color>[:<hex-color-for-text>][;<tag>=...]] [,ordering=<config|alphabetical>] [,shape=<enum>]
-
Tag style options.
- case-sensitive=<boolean> (default = 0)
-
Controls if filtering for unique tags on update should check case-sensitive.
- color-map=<tag>:<hex-color>[:<hex-color-for-text>][;<tag>=...]
-
Manual color mapping for tags (semicolon separated).
- ordering=<alphabetical | config> (default = alphabetical)
-
Controls the sorting of the tags in the web-interface and the API update.
- shape=<circle | dense | full | none> (default = circle)
-
Tag shape for the web ui tree. full draws the full tag. circle draws only a circle with the background color. dense only draws a small rectancle (useful when many tags are assigned to each guest).none disables showing the tags.
- u2f: [appid=<APPID>] [,origin=<URL>]
-
u2f
- appid=<APPID>
-
U2F AppId URL override. Defaults to the origin.
- origin=<URL>
-
U2F Origin override. Mostly useful for single nodes with a single URL.
- user-tag-access: [user-allow=<enum>] [,user-allow-list=<tag>[;<tag>...]]
-
Privilege options for user-settable tags
- user-allow=<existing | free | list | none> (default = free)
-
Controls which tags can be set or deleted on resources a user controls (such as guests). Users with the Sys.Modify privilege on / are alwaysunrestricted.
-
none no tags are usable.
-
list tags from user-allow-list are usable.
-
existing like list, but already existing tags of resources are also usable.
-
free no tag restrictions.
-
- user-allow-list=<tag>[;<tag>...]
-
List of tags users are allowed to set and delete (semicolon separated) for user-allow values list and existing.
- webauthn: [allow-subdomains=<1|0>] [,id=<DOMAINNAME>] [,origin=<URL>] [,rp=<RELYING_PARTY>]
-
webauthn configuration
- allow-subdomains=<boolean> (default = 1)
-
Whether to allow the origin to be a subdomain, rather than the exact URL.
- id=<DOMAINNAME>
-
Relying party ID. Must be the domain name without protocol, port or location. Changing this will break existing credentials.
- origin=<URL>
-
Site origin. Must be a https:// URL (or http://localhost). Should contain the address users type in their browsers to access the web interface. Changing this may break existing credentials.
- rp=<RELYING_PARTY>
-
Relying party name. Any text identifier. Changing this may break existing credentials.
Copyright and Disclaimer
Copyright © 2007-2022 Proxmox Server Solutions GmbH
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/