I'd like to install molly-guard on my pve nodes to prevent accidental reboots. Can I do it and being sure it doesn't break anything?
Thank you!
Thank you!
Can I install molly-guard on a pve node?
- Thread starter nrodriguez
- Start date
Never used it, but it is in the Debian repository. Which means that if it does break anything it should be easy to remove.
Define "accidental reboots".
User Via ssh? Install it.
User via gui? Don't know.
User Via ssh? Install it.
User via gui? Don't know.
At least once in your life, you’ll reboot the wrong system or run rm -rf /. It’s a rite of passage.
Usually, you won’t make that mistake again. Since only root can reboot the system, this package won’t prevent malicious reboots - root can always override or remove the barrier.
The package also has a high likelihood of interfering with normal PVE operations, such as generating an unexpected interactive prompt when the cluster needs to fence a node or when someone tries to reboot from the UI. Since this integration hasn’t been officially tested, you won’t get a “go ahead and install it” response.
Try it at your own risk.
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
Usually, you won’t make that mistake again. Since only root can reboot the system, this package won’t prevent malicious reboots - root can always override or remove the barrier.
The package also has a high likelihood of interfering with normal PVE operations, such as generating an unexpected interactive prompt when the cluster needs to fence a node or when someone tries to reboot from the UI. Since this integration hasn’t been officially tested, you won’t get a “go ahead and install it” response.
Try it at your own risk.
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
I do install molly-guard on all of my systems, since 15 to 20 years I guess. (Edit: actually I do not know how old that tool is...) This includes all of my PVE and PBS.
Nevertheless: ymmv...
Last edited:
Ah do you test cluster fencing ?
Personally too and without any problem.
But molly-guard is only efficient and enabled in SSH interactive mode.
Thus it shouldn't interfere with internal Proxmox mechanisms (non interactive mode).
BUT : molly-guard is NO enabled when using WEB shell... too sad :-(
Yes. That's what it is meant to do
Correct. I do not use that method often, so it is not relevant to me
You cat set:
Code:
root@pve:~# grep ALWAYS /etc/molly-guard/rc
# ALWAYS_QUERY_HOSTNAME
ALWAYS_QUERY_HOSTNAME=trueThen it will ask for the hostname also in the Web shell!
It does not affect the "Reboot" button in the Gui though, but there is the "Confirm - Yes / No" dialog.
Nice to know ! But I would fear to break things in Promxox (cluster fencing for exemple).You cat set:
Code:root@pve:~# grep ALWAYS /etc/molly-guard/rc # ALWAYS_QUERY_HOSTNAME ALWAYS_QUERY_HOSTNAME=true
Then it will ask for the hostname also in the Web shell!
A node running HA-relevant resources fences itself, if Quorum ist lost. The reboot is "hard", triggered locally. Not by an ssh-command from another node ;-)