1) Add a macro for a PVE-Cluster allowing internal traffic between nodes (corosync...)
2) Add a macro for PVE management (allow access to port 8006 ...)
3) Make the macro list editable / external from the PVE::firewall scripting.
4) create a pve-nodes ipset and add alias for each of the nodes, also add those aliasses to the pve-nodes ipset.
5) create a ceph-nodes ipset containing on cluster cept-nodes, with aliasses, like in 4
6) allow for an external list of ceph nodes in case they are there.
a) clients
b) external servers referenced from proxmox or nodes there.
2) Add a macro for PVE management (allow access to port 8006 ...)
3) Make the macro list editable / external from the PVE::firewall scripting.
4) create a pve-nodes ipset and add alias for each of the nodes, also add those aliasses to the pve-nodes ipset.
5) create a ceph-nodes ipset containing on cluster cept-nodes, with aliasses, like in 4
6) allow for an external list of ceph nodes in case they are there.
a) clients
b) external servers referenced from proxmox or nodes there.
Last edited: