I've got multiple clusters and want to be able to migrate guests between them. This is already possible for some time via "qm remote-migrate" or via backup+restore but after migrating the guest, it's firewall rules won't work any longer unless you make sure each clusters aliases + IP sets + security groups are identical. Bad if a migrated VMs config is referencing aliases or security groups that aren't defined on the target cluster.
It's very annoying to manually keep those firewall configs in sync, as you will have to do the same thing over and over again for each cluster and sooner or later I always forget something and wonder why a guest isn't accessible any longer. I also thought about writing a script to sync the datacenter.fw between the different clusters but these don't only contain the IP sets/aliases/security groups but also the cluster firewall rules and I don't want to overwrite the latter one.
So it would be great if PDM could do either:
A.) have some feature to sync configs between clusters
B.) offer bulk editing for firewall management so editing/creating aliases, IP sets and security groups could be applied to all clusters
Not sure if this is already covered by the roadmaps "Bulk actions like start/stop/(remote-)migrations of virtual guests" or "Management of some core configurations...Firewall". If not please consider it.
It's very annoying to manually keep those firewall configs in sync, as you will have to do the same thing over and over again for each cluster and sooner or later I always forget something and wonder why a guest isn't accessible any longer. I also thought about writing a script to sync the datacenter.fw between the different clusters but these don't only contain the IP sets/aliases/security groups but also the cluster firewall rules and I don't want to overwrite the latter one.
So it would be great if PDM could do either:
A.) have some feature to sync configs between clusters
B.) offer bulk editing for firewall management so editing/creating aliases, IP sets and security groups could be applied to all clusters
Not sure if this is already covered by the roadmaps "Bulk actions like start/stop/(remote-)migrations of virtual guests" or "Management of some core configurations...Firewall". If not please consider it.
