Proxmox Datacenter Manager 1.0 (stable)

[Johannes S]

Ok so this is a volume based licensed product now. Anyone can run it in free mode, but the enterprise repo access is keyed to how many of your connected nodes are enterprise enabled. This is pretty amazing IMHO.

And one can still use the no-subscription repository to get updates: https://pdm.proxmox.com/docs/installation.html#proxmox-datacenter-manager-no-subscription-repository
I wouldn't do this in a corporate envionment though

 

[_--James--_]

And one can still use the no-subscription repository to get updates: https://pdm.proxmox.com/docs/installation.html#proxmox-datacenter-manager-no-subscription-repository
I wouldn't do this in a corporate envionment though

Yup, but my inferred point was - this will make it easier for SI's and Deployment teams to get clusters enterprise licensed

 

[Johannes S]

I think that's definitively an important topic. The PDM is certainly a "lucrative" target due to being a single point of entry to one's whole Proxmox infrastructure, that's actually a big reason for it's a pull based design, i.e., the PDM can be hosted on a secure private location because it will connect to the PVE and PBS hosts, not vice versa. Some how-tos for better practice make sense to have in the midterm, for now I'd recommend blocking all incoming traffic to the PDM that isn't really necessary, using client-side encrypted backups of the PDM host to avoid that access to backups gives access to anything else and potentially also think about using a secure VPN to access remotes through a insecure network (e.g., WireGuard). Making that all a bit more convenient to set up is one of the goals for the midterm though.

Great to hear that you already put some (imho quite good) thought in this. Imho the problem with the current version is that although doing something like limiting access via vpn to some limited management clients (wireguard is great for it since you can implement a complete point-to-point connection) you still have the issues with the limitations of the current permission system. I might have missed something but if I understand everything correct it's an "all or nothing" situation, so users of PDC always have complete control over the nodes and vms. At work I'm part of a team which manages the VMs (hosted on an vmware cluster) which together build the backend of my place of works document-managment-system (think paperless but for government (we are a social security insurance provider) aka e-akte ). We are not allowed to create new vms or change the resources (vcpus/RAM, storage) of our existing ones. But we have access to vsphere in case we need to debug a vm with an network issue or do a hard reboot without bothering our coworkers who actually run the virtualization infrastructure. We still need to contact them If we need a new vm or change the parameters of the existing ones.

I would expect that a lot of potential corporate or governmant customers might have similiar needs in terms of privilege seperation.

Don't get me wrong: The datacenter manager is amazing as it is. I think it's especially impressive, that (according to the release notes faq) it's tested to support up to 5000 remotes/10000 guests. This mitigates the current limitations of how many hosts you can have in one cluster: Just have multiple smaller clusters, add them to the PDC and call it a day. Needing to use wireguard and a firewall to limit access is fine in mybook But still I fear that the current limitations in terms of permissions might make it non-sufficient for certain environments. Biggest problem at my place of work still will be to convince people with a "Never change a running system"-mentality and that the snapshot support on lvm support is still in technology preview (we have a large SAN and I don't see any migration to Ceph or vSAN anytime soon). Given that I might be wrong what reasons actually are the roadblocker for more migrations to the Proxmox ecosystem

 

[Gilberto Ferreira]

Thank you for the gift.

Should Proxmox Virtual Environment, Proxmox Mail Gateway and Proxmox Backup Server has the same looks and feel tht Proxmox Datacenter Manager?
I love this WEB UI.

 

[t.lamprecht]

you still have the issues with the limitations of the current permission system. I might have missed something but if I understand everything correct it's an "all or nothing" situation, so users of PDC always have complete control over the nodes and vms. At work I'm part of a team which manages the VMs (hosted on an vmware cluster) which together build the backend of my place of works document-managment-system (think paperless but for government (we are a social security insurance provider) aka e-akte ). We are not allowed to create new vms or change the resources (vcpus/RAM, storage) of our existing ones. But we have access to vsphere in case we need to debug a vm with an network issue or do a hard reboot without bothering our coworkers who actually run the virtualization infrastructure. We still need to contact them If we need a new vm or change the parameters of the existing ones.

The permission of the PDM itself is rather simple, in general it will probably stay on the simpler side, but we're naturally open to working in feedback of real use case here that might hold you back on using it. That said, the permission system of PDM itself is only one part of the story, the other part is the permissions that the PDM has on the remote itself. While the wizard defaults to Administrator privs when creating a token, this is still diffed by the chosen users permissions (API tokens can never have more permissions than the user they belong too), and you also can provide a pre-created token with a specific set of permissions to allow PDM itself only audit rights (might need some polishing though to more nicely integrate). So your use case should be in general possible to implement, it might still have some rough edges (feel encouraged to open bug/enhancement requests for them) and if this is more frequently requested we could think about providing a base-permission selector for the remote-add wizard to use when creating an API token automatically.

I hope that was clear enough

 

[t.lamprecht]

Should Proxmox Virtual Environment, Proxmox Mail Gateway and Proxmox Backup Server has the same looks and feel tht Proxmox Datacenter Manager?

Yes, someday they will use the same web framework written in rust as PDM (and the new PVE mobile view!) now does. But especially the Proxmox VE GUI is rather complex, so we really cannot give out any timeline for when that happens.

 

[Gilberto Ferreira]

Yes, someday they will use the same web framework written in rust as PDM (and the new PVE mobile view!) now does. But especially the Proxmox VE GUI is rather complex, so we really cannot give out any timeline for when that happens.

Suffice to know that one day it will be possible.
It'll good to keep the consistency throughout the available Proxmox platform.

 

[skinnee]

Great news, thank you. Congrats on the public major release!

 

[David_ATN]

I would like to request a community subscription license option so small businesses can support the development.

 

[Sebi-S]

What concerns me:
What are the requirements for installing PDM? What is recommended for installations with up to 100 nodes (storage/RAM/vCores)?

Edit:
The datasheet says 2+ Cores, 2+ GB RAM, 8+ GB free Space.

 

[RocketSam]

The DCM has been released, and now it requires a subscription to get updates from the Enterprise repository. I didn't find a price for the subscription. It appears that you need an active PVE subscription for DCM to be active. And any experimental nodes without the subscription are forbidden, right? So we are forced to have two DC Manager instances: one for paid PVE nodes and for the Community nodes, right?
> No valid subscription
> At least one remote does not have a valid subscription.

 

[t.lamprecht]

What concerns me:
What are the requirements for installing PDM? What is recommended for installations with up to 100 nodes (storage/RAM/vCores)?

Edit:
The datasheet says 2+ Cores, 2+ GB RAM, 8+ GB free Space.

See https://pdm.proxmox.com/docs/installation.html#system-requirements

It depends also a bit on how many virtual guests (CTs and VMs) are on those 100 nodes, we'll look into adding some more sizing hints for that in the docs.

 

[t.lamprecht]

The DCM has been released, and now it requires a subscription to get updates from the Enterprise repository. I didn't find a price for the subscription. It appears that you need an active PVE subscription for DCM to be active. And any experimental nodes without the subscription are forbidden, right? So we are forced to have two DC Manager instances: one for paid PVE nodes and for the Community nodes, right?

See

The license as with most of our products is AGPL so you can use PDM by yourself free of cost as you see fit. If you want to have proper enterprise subscription support and access to the Proxmox Datacenter Manager enterprise repository, at least 80% of all connected remotes need to have an enterprise subscription [1].

[1]: https://pdm.proxmox.com/docs/faq.ht...xmox-datacenter-manager-enterprise-repository

 

[fseesink]

Been trying to upgrade our ALPHA install to 1.0 using the instructions here: https://pve.proxmox.com/wiki/Proxmox_Datacenter_Manager_Upgrade_from_Alpha_to_1

All the early steps went fine. Made sure we were on 0.1.12, etc. Went through each step.

But hit on an issue after

Add the Proxmox Datacenter Manager 1 Package Repository​

when I tried doing [B]apt update[/B]. Here is the output I get (underling mine):
root@proxmoxmanager:~# apt update
Hit:1 http://ftp.us.debian.org/debian trixie InRelease
Hit:2 http://ftp.us.debian.org/debian trixie-updates InRelease
Hit:3 http://security.debian.org trixie-security InRelease
Err:4 https://enterprise.proxmox.com/debian/pdm trixie InRelease
401 Unauthorized [IP: 2607:5300:400:7d00::80 443]
Reading package lists... Done
E: Failed to fetch https://enterprise.proxmox.com/debian/pdm/dists/trixie/InRelease 401 Unauthorized [IP: 2607:5300:400:7d00::80 443]
E: The repository 'https://enterprise.proxmox.com/debian/pdm trixie InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.


Not sure what to do here.

If I run apt policy , while it only shows Trixie repositories, I do not see the Proxmox Datacenter Manager repository showing up correctly. Clearly the issue is the unauthorized errors above, so I'm not getting what I should be. But not sure what to do here.

For completeness, here is the output of

root@proxmoxmanager:~# apt policy
Package files:
100 /var/lib/dpkg/status
release a=now
500 http://security.debian.org trixie-security/main amd64 Packages
release v=13,o=Debian,a=stable-security,n=trixie-security,l=Debian-Security,c=main,b=amd64
origin security.debian.org
500 http://ftp.us.debian.org/debian trixie-updates/main amd64 Packages
release v=13-updates,o=Debian,a=stable-updates,n=trixie-updates,l=Debian,c=main,b=amd64
origin ftp.us.debian.org
500 http://ftp.us.debian.org/debian trixie/contrib amd64 Packages
release v=13.2,o=Debian,a=stable,n=trixie,l=Debian,c=contrib,b=amd64
origin ftp.us.debian.org
500 http://ftp.us.debian.org/debian trixie/main amd64 Packages
release v=13.2,o=Debian,a=stable,n=trixie,l=Debian,c=main,b=amd64
origin ftp.us.debian.org
Pinned packages:


If anyone has any suggestions or help, I am all ears. Thanks in advance to anyone who took the time to read this, let alone any feedback.

 

[Gilberto Ferreira]

Not sure what to do here.

You need to use this repo
http://download.proxmox.com/debian/pdm/dists/trixie/

Like this
/etc/apt/sources.list.d/pdm.list

Types: deb
URIs: http://download.proxmox.com/debian/pdm
Suites: trixie
Components: pdm-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg

 

[fseesink]

Been trying to upgrade our ALPHA install to 1.0 using the instructions here: https://pve.proxmox.com/wiki/Proxmox_Datacenter_Manager_Upgrade_from_Alpha_to_1

All the early steps went fine. Made sure we were on 0.1.12, etc. Went through each step.

But hit on an issue after

Add the Proxmox Datacenter Manager 1 Package Repository​

when I tried doing [B]apt update[/B]. Here is the output I get (underling mine):
root@proxmoxmanager:~# apt update
Hit:1 http://ftp.us.debian.org/debian trixie InRelease
Hit:2 http://ftp.us.debian.org/debian trixie-updates InRelease
Hit:3 http://security.debian.org trixie-security InRelease
Err:4 https://enterprise.proxmox.com/debian/pdm trixie InRelease
401 Unauthorized [IP: 2607:5300:400:7d00::80 443]
Reading package lists... Done
E: Failed to fetch https://enterprise.proxmox.com/debian/pdm/dists/trixie/InRelease 401 Unauthorized [IP: 2607:5300:400:7d00::80 443]
E: The repository 'https://enterprise.proxmox.com/debian/pdm trixie InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.


Not sure what to do here.

If I run apt policy , while it only shows Trixie repositories, I do not see the Proxmox Datacenter Manager repository showing up correctly. Clearly the issue is the unauthorized errors above, so I'm not getting what I should be. But not sure what to do here.

For completeness, here is the output of

root@proxmoxmanager:~# apt policy
Package files:
100 /var/lib/dpkg/status
release a=now
500 http://security.debian.org trixie-security/main amd64 Packages
release v=13,o=Debian,a=stable-security,n=trixie-security,l=Debian-Security,c=main,b=amd64
origin security.debian.org
500 http://ftp.us.debian.org/debian trixie-updates/main amd64 Packages
release v=13-updates,o=Debian,a=stable-updates,n=trixie-updates,l=Debian,c=main,b=amd64
origin ftp.us.debian.org
500 http://ftp.us.debian.org/debian trixie/contrib amd64 Packages
release v=13.2,o=Debian,a=stable,n=trixie,l=Debian,c=contrib,b=amd64
origin ftp.us.debian.org
500 http://ftp.us.debian.org/debian trixie/main amd64 Packages
release v=13.2,o=Debian,a=stable,n=trixie,l=Debian,c=main,b=amd64
origin ftp.us.debian.org
Pinned packages:


If anyone has any suggestions or help, I am all ears. Thanks in advance to anyone who took the time to read this, let alone any feedback.

Ok, never mind. I'm an idiot.

I have just been playing with this. I didn't realize the instructions were really only intended for those using the "enterprise" version (i.e., subscription-based).

For anyone like me who is just tinkering, note that in the instructions on this page:

https://pve.proxmox.com/wiki/Proxmox_Datacenter_Manager_Upgrade_from_Alpha_to_1

where they say

Add the Proxmox Datacenter Manager 1 Package Repository​

You should be able to add the pdm-enterprise repository with this command:


cat > /etc/apt/sources.list.d/pdm-test.sources << EOF
Types: deb
URIs: https://enterprise.proxmox.com/debian/pdm
Suites: trixie
Components: pdm-enterprise
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
EOF

replace that with

Add the Proxmox Datacenter Manager 1 Package Repository​

You should be able to add the pdm-enterprise repository with this command:


cat > /etc/apt/sources.list.d/pdm-test.sources << EOF
Types: deb
URIs: http://download.proxmox.com/debian/pdm
Suites: trixie
Components: pdm-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
EOF

and then continue with the rest of the instructions.

Took me awhile but finally found this page which helped me out: https://pdm.proxmox.com/docs/installation.html#proxmox-datacenter-manager-no-subscription-repository

 

[ltctech]

The DCM has been released, and now it requires a subscription to get updates from the Enterprise repository. I didn't find a price for the subscription. It appears that you need an active PVE subscription for DCM to be active. And any experimental nodes without the subscription are forbidden, right? So we are forced to have two DC Manager instances: one for paid PVE nodes and for the Community nodes, right?
> No valid subscription
> At least one remote does not have a valid subscription.

Community is still a paid license with enterprise repo access. However, that does not allow us to use PDM's enterprise repo unless 80% of the nodes managed by PDM are Basic, Standard, or Premium.

 

[heavenlyknightzz]

Is there any possibility to change the Validation for the DNS plugin to over 48seconds? I am currently still using an older DNS Server and i have a validation delay of 15mins on my other servers (PVE and PBS) and it works fine there. But i cannot validate it with just 48seconds

 

[zrav]

Good update!

Some observations:
- As noted above the upgrade instructions are missing an apt source file example for the no-subscription repository.
- The notes mention kernel 6.17, however I'm only getting the normal 6.12.
- The FAQ mentions that no extra license is required for PDM, if you already have a paid subscription for another Proxmox product. However it doesn't seem to be so simple. We have our production 4 node cluster (with subscription) as well as a 3 node test cluster (without subscription) added to PDM, and now it is complaning "invalid: Too many remote nodes without active basic or higher subscription!" and "Subscription Ratio (Basic or Higher): 57% (< 80%)". You might want to clarify this, or ideally, drop the requirement for >80% remotes with paid subscription.