gyptazy / ProxLB

ProxLB - (Re)Balance VM Workloads Across Nodes in Proxmox Clusters. A Load Balancer for Proxmox - and more!
https://proxlb.de
GNU General Public License v3.0
201 stars 9 forks source link

password with plaintext? #59

Closed lgzcoollg closed 2 months ago

lgzcoollg commented 2 months ago

hello,

password in conf file is plaintext

its there someway to change? after start service then save as cipher? maybe not needs password if installed in the PVE clusters' node?

gyptazy commented 2 months ago

Hey @lgzcoollg,

even when installed on a PVE node (that’s the reason for the master_only option when being installed on all nodes), ProxLB utilizes the Proxmox API. Even connecting from localhost requires you to authenticate.

The provided packages will create the system user plb and set the config file to chmod 600 and u/g plb. It’s recommended to have a dedicated limited user account instead of root.

Would it be useful for you, to source this instead from environment variables?

Cheers, gyptazy

lgzcoollg commented 2 months ago

Hey @lgzcoollg,

even when installed on a PVE node (that’s the reason for the master_only option when being installed on all nodes), ProxLB utilizes the Proxmox API. Even connecting from localhost requires you to authenticate.

The provided packages will create the system user plb and set the config file to chmod 600 and u/g plb. It’s recommended to have a dedicated limited user account instead of root.

Would it be useful for you, to source this instead from environment variables?

Cheers, gyptazy

I installed in one of node now, Im planing install into all nodes at the cluster.

It seem OK to create another user.

and it the conf file path could define to /etc/pve/ ? so it will transfer between all nodes like Ceph's conf. (maybe needs add all host into conf and change the master option from 0/1 to node's name)

gyptazy commented 2 months ago

Make sure when installing to activate the master_only option (which requires you to have Proxmox HA function activated). If not enabling master_only option, it will start to rebalance the cluster from all nodes which can lead into never finalizing and ongoing rebalances.

In theory, that should work - don’t forget to update the systemd unit to the new config path in that case. I would first give it a try on a single node, then on two nodes how it works and afterwards ramp it up.

Cheers, gyptazy