Dumb question: should the docs specify that editing /etc/pve content is supported?

K

koalillo

Active Member
Nov 1, 2018
36
0
26
45
I've been editing /etc/pve/lxc/vmid.conf files manually so far, because as far as I know, you cannot set lxc.idmap entries automatedly (is that right?).

That seems to work as I expect, requires restarting the container to apply, etc.

Now I'm automating more of my config, and I was thinking of using a template to generate /etc/pve/domains.cfg. I assume this is safe to do, although... it's really not documented anywhere? (the structure of the directory is well-documented, but it doesn't say explicitly... "you can edit files there instead of using the API or pve* commands").

Should caveats editing those files be documented too? I've seen the files be reformatted- this hints to me that when you read a file, Proxmox generates on the fly; when you write a file, it's loaded into some internal thing...

Another interesting thing would be to document if changes there require any further action to apply (I assume container setting changes work like in the UI- some apply immediately, some require a restart. But what about, for example, authentication changes?).
 
What you are doing is not officially supported. Does it work if you are doing it that way? Sure, for now.

Putting this into official documentation would mean an endorsement and support of such methods. That means they need to be tested, both for successful cases and unsuccessful ones. I.e. what happens when there is a concurrent edit from VI and GUI? This would increase test coverage exponentially.
It would also mean that any, currently internal, format change would need to be documented and communicated. Multiple warnings need to be put out. Having to support old formats for many subsequent releases.

I suspect that your use case is not very widespread. Sure you can file an enhancement in https://bugzilla.proxmox.com/ , but I would temper expectations of it being addressed to your satisfaction.

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
I agree with bbgeek17. I think it should be like with /etc/network/interfaces:
# Please do NOT modify this file directly, unless you know what
# you're doing.
Click to expand...
Editing config files works fine but you should really know what you are doing and know the risks and quirks that comes with it.
 
bbgeek17 said:
What you are doing is not officially supported. Does it work if you are doing it that way? Sure, for now.
Click to expand...
Sure? Because in places like https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pct_configuration :
The configuration files are simple text files. You can edit them using a normal text editor, for example, vi or nano. This is sometimes useful to do small corrections, but keep in mind that you need to restart the container to apply such changes.

For that reason, it is usually better to use the pct command to generate and modify those files
Click to expand...
Also, the web console is multiuser- you're probably going to have the same concurrency issues whether someone is editing the files or not.

ctrl+f for domains.cfg on that page also finds some information about adding new files in /etc/pve to add LDAP passwords.

(The reason I want to do this is that tools such as Puppet/Ansible make it easy to template a file; for instance, replacing the name of my LDAP servers from a variable and trigger a command to restart something *only* when the file changes. Doing the same with pveum is doable too, but the Proxmox CLI tools are apparently not designed for the idempotency that configuration management tools like Puppet and Ansible tend to encourage.)

(I love Proxmox, esp. because of the ZFS support, but the area that *for me* could use more improvement is around automation. I have my own Ansible playbooks to deal with it, and there are *many* other public projects that do it. But it'd be nice if there was an officially-endorsed solution for automation. The command-line tools help you build such a thing, but are only a part of a solution.)
 
koalillo said:
Sure? Because in places like
Click to expand...
If time and money was not a barrier, I imagine PVE developers would rather provide an ability to modify any and all configuration variables via API/CLI/GUI, rather than endorse direct editing.
koalillo said:
Also, the web console is multiuser- you're probably going to have the same concurrency issues whether someone is editing the files or not.
Click to expand...
PVE uses locks where necessary.
koalillo said:
tools such as Puppet/Ansible
Click to expand...
These are great and often built by community, based on their needs and available interfaces which are not always uniform. In a perfect world it would all be driven by API.
Often, when the product developers also provide automation tools they would add missing pieces to API/CLI interface, rather than creating a hard to untangle mix that includes direct file editing.
In any case, this wont be solved in the forum. Bugzilla is appropriate interface to request code changes and product enhancements.

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom