Search results

Sometimes (for example after hardware update) I want to boot up PVE node without actually starting all containers/vm's. (Then I'd do some tests, necessary config updates etc., and finally reboot.) What is the "correct way" to do it? Usually I manually add "init=/bin/bash" in grub boot menu, but...

I am not able to get Tracking Center to work with shared logs on PMG 8. :-( On master I added /etc/rsyslog.d/imtcp.conf: # Provides TCP syslog reception $ModLoad imtcp.so $InputTCPServerRun 514 $AllowedSender TCP, ip.ip.ip.ip On slave I added /etc/rsyslog.d/pmg-master.conf: mail.*...

I tried to achieve this in current PMG 8. This looks strange to me: Original log line on slave: 2023-07-10T20:22:09.310604+00:00 zack postfix/pickup[211940]: 4BAA1299E: uid=0 from=<root> The same log line after transfer to master: 2023-07-10T20:22:09.310604+00:00 zack postfix[211940]...

Then the remote site would become a single point of failure. In my setup both nodes can work independent and provide full in-and-out services even when the other one is down. It does not have to detect anything special. Firewall blocks smtp via secondary line, so pmg simply gets "normal"...

Because the node1 is physically in our office, and node2 is in remote site. We have 2 internet lines, but only one has static ip, and the other one is behind nat. In case of main line failure we still have connectivity to node2 via vpn, but are unable to deliver mails directly, because they...

I want to designate one node to take care of sending mails in case of temporary problems. So I added this to main.cf template: [% IF dns.fqdn == 'my.other.node.com' -%] smtp_fallback_relay = [node.responsible.for.sending.of.deferred.mails.com]:26 [%- END %] The goal is: The 1st node tries to...

I have just wrote a script that helps with backups of LVM volumes - automatically creates snapshot, uploads to PBS and removes snapshot: https://github.com/michabbs/lvm2pbs Have fun! :)

How can I set up such mail filter rule? Action: BCC To: NOT one of a given list

I have 2 stand-alone pve nodes. On each of them I created Ubuntu 22.04 container from tremplate. One shows this: # ulimit -a real-time non-blocking time (microseconds, -R) unlimited core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling...

My PMG delivers mails to my another host via smtp, where Postfix forwards them to Dovecot via LMTP. Actually that Postfix seems to be not necessary - PMG should be able to transport directly to Dovecot via LMTP. (Right?) But - as far as I understand - mails will be transported in cleartext. Is...

It works now. I chnaged ethernet card and it helped. :-)

I am trying to convert from traditional vlan config to the new "vlan aware" one. What is wrong here? iface enp5s0 inet manual auto vmbr1 iface vmbr1 inet static address 10.13.145.13/24 gateway 10.13.145.1 bridge-ports enp5s0 bridge-stp off bridge-fd 0 bridge-vlan-aware...

Anyone has idea how to join fail2ban with nginx quarantine proxy (as described here)? In my opinion this proxy is essential if you expose web interface to the real world. But then all connections come from localhost (from pmg point of view), so... fail2ban becomes useless. In theory the...

By the way: Is there planned an automatic configuration backup feature? Just like it's for PMG: https://pmg.proxmox.com/pmg-docs/pmgbackup.1.html

In order to have self-consistent backups I always use snapshots feature of zfs/lvm. I made a backup of the whole rootfs of pve node this way: - created snapshot of / (which in my case is on lvm, but could as well be on zfs) - archived the whole filesystem from snapshot - removed the snapshot I...

It was obvious! I simply used the same domain name and made sure it resolved differently on each node. :-) Important: As I use LDAPS - it was essential to use correct ssl certificates (covering the same dns name on each ldap server clone).

All nodes in cluster share the same LDAP configuration - effectively they use the same ldap server(s). I have 3 ldap servers, they are synchronized, so it does not matter which one is used by which pmg node, but... of course I would like every node use the "closest" ldap server. Is it possible...

Success! Use this on your router/DMZ web server/redirector/proxy: <VirtualHost *:80> ServerName pve.node.dns.name ErrorLog ${APACHE_LOG_DIR}/certbot_proxy-error.log CustomLog ${APACHE_LOG_DIR}/certbot_proxy-access.log vhost_combined SetEnv proxy-nokeepalive 1 ProxyPass...

Yes, but the point is to use http. :) I am really curious why it works perfect with PBS, and not at all with PVE?

Yes, and it is what I do now, but... this leaves door open for attack. The dns access key allows to ANY change in dns configuration. So compromised PVE node could lead to total disaster of everything in the domain. On the other hand acme http authorization leaves dns safe! :-)