[SOLVED] Unexpected changes in /etc/pve/datacenter.cfg

[Gchmurka]

Hi all,

I'm experiencing an issue where something keeps modifying my /etc/pve/datacenter.cfg file, specifically deleting the migration: entry I add.
I add this line:

migration: type=insecure,network=127.67.0.0/27

The configuration works for a while, but after some time, the entry disappears (no migration: present), causing my replication and migrations to use the default interface instead of the one I want.

I set up audit logging on the file and found the following entries:

type=SYSCALL msg=audit(1732690591.733:456): arch=c000003e syscall=89 success=no exit=-22 a0=7ffd0244da40 a1=7ffd0244e260 a2=3ff a3=55550083 items=1 ppid=1325 pid=2636763 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chef-client" exe="/opt/chef/embedded/bin/ruby" subj=unconfined key="datacenter_cfg_change"ARCH=x86_64 SYSCALL=readlink AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"

It appears that chef-client is making these changes. The process runs as root and seems to overwrite the file multiple times.

Why would chef-client modify /etc/pve/datacenter.cfg?
How can I prevent such changes and ensure the configuration remains as intended?
Any advice or insights would be appreciated!

 

[dcsapak]

hi,

Why would chef-client modify /etc/pve/datacenter.cfg?

since chef is not part of a standard pve install, only the person installing and configuring that package can answer why this is changed.

How can I prevent such changes and ensure the configuration remains as intended?

check if you use chef as general config management and what is configured there for the pve host

 

[Gchmurka]

Thank you for your help.
as you can see, the perspective of a third person always helps, because over time a person stops seeing obvious things.

I forgot about one node in the cluster on which Chef was installed and which was causing me these problems.