Local Mirror of PVE Enterprise Repository

[patrick.reinboth]

Good day lads,

I am currently evaluating PVE as an alternative to our exisiting virtualization solution. So far I am really happy with PVE but there is a small catch. Since we want to use PVE in our prod environment, we are strongly inclined to use the enterprise repository.

The problem is, that we aren't able to connect to the external enterprise repository directly from our PVE cluster out of compliance reasons. We would need to mirror it to our local repository server.

I didn't find any questions regarding this so my question is: Is there a way to mirror the pve enterprise repository on our local repository server?


Cheers,
Patrick

 

[itNGO]

I don't think so, cloning the Enterprise-Repository like that would make it possible to install Enterprise-Updates on all PVE-Servers, regardless of a valid subscription.

 

[tom]

I didn't find any questions regarding this so my question is: Is there a way to mirror the pve enterprise repository on our local repository server?

We will provide a mirror tool quite soon (this summer), including offline key activation.

 

[patrick.reinboth]

We will provide a mirror tool quite soon (this summer), including offline key activation.

Sounds great! Thank you for the information.

 

[t.lamprecht]

See https://forum.proxmox.com/threads/proxmox-offline-mirror-released.115219/

 

[technotic]

I don't think so, cloning the Enterprise-Repository like that would make it possible to install Enterprise-Updates on all PVE-Servers, regardless of a valid subscription.

despite what the agreement may say for proxmox, it still must adhere to the license its released under. at the very least, the source code of the enterprise updates needs to be made available to all users on a publicly accessible network server without restriction. they can gatekeep support and that's understandable, but gatekeeping or witholding updates is a violation of the license they use. as per the license, any notice of additional restriction beyond what the license permits is invalid and should be discarded.

i don't write the licenses, but i certainly do read them, and i'm certainly going to have a review of the license with some classmates and instructor in my Contracts law class, and possibly get an opinion from the EFF. I'm new here but I've seen numerous posts citing problems and conflicts with licensing and practices that violate the spirit of the license the software is released under. For example, the specific wording of several messages within PVE that inform the user to visit a website due to the lack of a subscription. On that subscription model page, there is no information to indicate that the product may be used without purchasing a subscription. Also, when enabling the no-subscription repository, there is a big warning and alert stating that the system is not for production use.

To the best of my knowledge, PVE is release and made available as a production-ready product. In other words, if a user is required to pay a subscription fee in order for the software to be considered production-capable, but the user cannot use the software as production-capable without subscription to gain access to these software updates that are integral to the system, that's a violation of the license. the availability of the product and all code updates need to be accessible whether the user accepts the license or not and whether they pay or not.

certainly this has been a hot topic before. as i said, i need to more thoroughly examine the license with some peer and expert review to be sure 100% before making fully assertive statements. i have no doubt that the PVE team puts a lot of hard time and work into this software and I believe in credit where credit is due, but a home prosumer or IT professional's home lab shouldn't require a subscription to obtain anything beyond support or optional, non-integrated features that are addons and not part of functionality or integrated within the code in a sense as to rely on it. and that environment should be considered the same level of production quality as the subscription version, minus the support. support is a commodity worth the cost, and i'm sure there are enterprise-level features that make nice additions. your standard home user, for example, wouldn't need clustering, so features relating to clustering would not alter its functionality or capability of being production quality.

i know i'm poking a bear here, but like i said, i'll review it a bit more in-depth with some additional opinions before i assert any ground beyond what i have.

 

[t.lamprecht]

the source code of the enterprise updates needs to be made available to all users on a publicly accessible network server without restriction

See https://git.proxmox.com/ All packages in enterprise are already available in the respective no-subscription and test repos, as is all of their source code, nothing gets withheld...

To the best of my knowledge, PVE is release and made available as a production-ready product. In other words, if a user is required to pay a subscription fee in order for the software to be considered production-capable, but the user cannot use the software as production-capable without subscription to gain access to these software updates that are integral to the system, that's a violation of the license. the availability of the product and all code updates need to be accessible whether the user accepts the license or not and whether they pay or not.

Proxmox VE is released under the AGPLv3, as an avid license reader you surely know the part that states:

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
-- https://www.gnu.org/licenses/agpl-3.0.en.html

Hope that helps.

And fwiw, you're free to write to the EFF or whatever, but I think they got better things to do and fight for than a bogus complaint about AGPLv3 software and production readiness, as all the code of the binary packages we provide is released 100%, we even don't have some reduced open core or similar limitation, which is made possible through the enterprise support subscriptions.

Besides that, if we hypothetically would have some super-duper secret special packages for the enterprise repository, and we do not, you would only be eligible to the source code if you actually have a subscription for the enterprise repository to be able to access them

and i'm sure there are enterprise-level features that make nice additions. your standard home user, for example, wouldn't need clustering, so features relating to clustering would not alter its functionality or capability of being production quality.

Yeah no. First, lots of our no-subscription users use clustering, even most home lab users got a smaller cluster.
Second, we find open-core models unnecessarily restrictive and bringing almost only disadvantages for both, the users and the developer. And finally, how do you think such a model would work if not with a much more closed set of repos with a totally different set of software than actually in the open git repos? Effectively, your proposal would make us go from 100% open source, which we're now, to a mixed semi-proprietary mess, and it wouldn't affect the "stableness/production readiness" of the open repos one bit, would be a good recipe for a lot of extra work with no benefit for either party though iow.:
Not gonna happen.