`bwlimit`: `[clone=<LIMIT>] [,default=<LIMIT>] [,migration=<LIMIT>] [,move=<LIMIT>] [,restore=<LIMIT>]` ::
-Set bandwidth/io limits various operations.
+Set I/O bandwidth limit for various operations (in KiB/s).
`clone`=`<LIMIT>` ;;
Select the default Console viewer. You can either use the builtin java applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC.
+`crs`: `[ha=<basic|static>] [,ha-rebalance-on-start=<1|0>]` ::
+
+Cluster resource scheduling settings.
+
+`ha`=`<basic | static>` ('default =' `basic`);;
+
+Configures how the HA manager should select nodes to start or recover services. With 'basic', only the number of services is used, with 'static', static CPU and memory configuration of services is considered.
+
+`ha-rebalance-on-start`=`<boolean>` ('default =' `0`);;
+
+Set to use CRS for selecting a suited node when a HA services request-state changes from stop to start.
+
`description`: `<string>` ::
Datacenter description. Shown in the web-interface datacenter notes panel. This is saved as comment inside the configuration file.
Default keybord layout for vnc server.
-`language`: `<ca | da | de | en | es | eu | fa | fr | he | it | ja | nb | nn | pl | pt_BR | ru | sl | sv | tr | zh_CN | zh_TW>` ::
+`language`: `<ar | ca | da | de | en | es | eu | fa | fr | he | hr | it | ja | ka | kr | nb | nl | nn | pl | pt_BR | ru | sl | sv | tr | ukr | zh_CN | zh_TW>` ::
Default GUI language.
-`mac_prefix`: `<string>` ::
+`mac_prefix`: `<string>` ('default =' `BC:24:11`)::
-Prefix for autogenerated MAC addresses.
+Prefix for the auto-generated MAC addresses of virtual guests. The default `BC:24:11` is the Organizationally Unique Identifier (OUI) assigned by the IEEE to Proxmox Server Solutions GmbH for a MAC Address Block Large (MA-L). You're allowed to use this in local networks, i.e., those not directly reachable by the public (e.g., in a LAN or NAT/Masquerading).
+
+Note that when you run multiple cluster that (partially) share the networks of their virtual guests, it's highly recommended that you extend the default MAC prefix, or generate a custom (valid) one, to reduce the chance of MAC collisions. For example, add a separate extra hexadecimal to the Proxmox OUI for each cluster, like `BC:24:11:0` for the first, `BC:24:11:1` for the second, and so on.
+ Alternatively, you can also separate the networks of the guests logically, e.g., by using VLANs.
++
+For publicly accessible guests it's recommended that you get your own https://standards.ieee.org/products-programs/regauth/[OUI from the IEEE] registered or coordinate with your, or your hosting providers, network admins.
`max_workers`: `<integer> (1 - N)` ::
Upper, exclusive boundary for free next-id API range.
+`notify`: `[fencing=<always|never>] [,package-updates=<auto|always|never>] [,replication=<always|never>] [,target-fencing=<TARGET>] [,target-package-updates=<TARGET>] [,target-replication=<TARGET>]` ::
+
+Cluster-wide notification settings.
+
+`fencing`=`<always | never>` ('default =' `always`);;
+
+Control if notifications about node fencing should be sent.
+* 'always' always send out notifications
+* 'never' never send out notifications.
+For production systems, turning off node fencing notifications is notrecommended!
+
+`package-updates`=`<always | auto | never>` ('default =' `auto`);;
+
+Control how often the daily update job should send out notifications:
+* 'auto' daily for systems with a valid subscription, as those are assumed to be production-ready and thus should know about pending updates.
+* 'always' every update, if there are new pending updates.
+* 'never' never send a notification for new pending updates.
+
+`replication`=`<always | never>` ('default =' `always`);;
+
+Control if notifications for replication failures should be sent.
+* 'always' always send out notifications
+* 'never' never send out notifications.
+For production systems, turning off replication notifications is notrecommended!
+
+`target-fencing`=`<TARGET>` ;;
+
+Control where notifications about fenced cluster nodes should be sent to. Has to be the name of a notification target (endpoint or notification group). If the 'target-fencing' parameter is not set, the system will send mails to root via a 'sendmail' notification endpoint.
+
+`target-package-updates`=`<TARGET>` ;;
+
+Control where notifications about available updates should be sent to. Has to be the name of a notification target (endpoint or notification group). If the 'target-package-updates' parameter is not set, the system will send mails to root via a 'sendmail' notification endpoint.
+
+`target-replication`=`<TARGET>` ;;
+
+Control where notifications for failed storage replication jobs should be sent to. Has to be the name of a notification target (endpoint or notification group). If the 'target-replication' parameter is not set, the system will send mails to root via a 'sendmail' notification endpoint.
+
+`registered-tags`: `<tag>[;<tag>...]` ::
+
+A list of tags that require a `Sys.Modify` on '/' to set and delete. Tags set here that are also in 'user-tag-access' also require `Sys.Modify`.
+
+`tag-style`: `[case-sensitive=<1|0>] [,color-map=<tag>:<hex-color>[:<hex-color-for-text>][;<tag>=...]] [,ordering=<config|alphabetical>] [,shape=<enum>]` ::
+
+Tag style options.
+
+`case-sensitive`=`<boolean>` ('default =' `0`);;
+
+Controls if filtering for unique tags on update should check case-sensitive.
+
+`color-map`=`<tag>:<hex-color>[:<hex-color-for-text>][;<tag>=...]` ;;
+
+Manual color mapping for tags (semicolon separated).
+
+`ordering`=`<alphabetical | config>` ('default =' `alphabetical`);;
+
+Controls the sorting of the tags in the web-interface and the API update.
+
+`shape`=`<circle | dense | full | none>` ('default =' `circle`);;
+
+Tag shape for the web ui tree. 'full' draws the full tag. 'circle' draws only a circle with the background color. 'dense' only draws a small rectancle (useful when many tags are assigned to each guest).'none' disables showing the tags.
+
`u2f`: `[appid=<APPID>] [,origin=<URL>]` ::
u2f
U2F Origin override. Mostly useful for single nodes with a single URL.
-`webauthn`: `[id=<DOMAINNAME>] [,origin=<URL>] [,rp=<RELYING_PARTY>]` ::
+`user-tag-access`: `[user-allow=<enum>] [,user-allow-list=<tag>[;<tag>...]]` ::
+
+Privilege options for user-settable tags
+
+`user-allow`=`<existing | free | list | none>` ('default =' `free`);;
+
+Controls which tags can be set or deleted on resources a user controls (such as guests). Users with the `Sys.Modify` privilege on `/` are alwaysunrestricted.
+* 'none' no tags are usable.
+* 'list' tags from 'user-allow-list' are usable.
+* 'existing' like list, but already existing tags of resources are also usable.
+* 'free' no tag restrictions.
+
+`user-allow-list`=`<tag>[;<tag>...]` ;;
+
+List of tags users are allowed to set and delete (semicolon separated) for 'user-allow' values 'list' and 'existing'.
+
+`webauthn`: `[allow-subdomains=<1|0>] [,id=<DOMAINNAME>] [,origin=<URL>] [,rp=<RELYING_PARTY>]` ::
webauthn configuration
+`allow-subdomains`=`<boolean>` ('default =' `1`);;
+
+Whether to allow the origin to be a subdomain, rather than the exact URL.
+
`id`=`<DOMAINNAME>` ;;
-Relying part ID. Must be the domain name without protocol, port or location. Changing this *will* break existing credentials.
+Relying party ID. Must be the domain name without protocol, port or location. Changing this *will* break existing credentials.
`origin`=`<URL>` ;;
projects / pve-docs.git / blobdiff