use PVE::Tools;
use PVE::Cluster;
+# MA-L (large) assigned by IEEE
+my $PROXMOX_OUI = 'BC:24:11';
+
my $crs_format = {
ha => {
type => 'string',
'package-updates' => {
type => 'string',
enum => ['auto', 'always', 'never'],
- description => "Control when the daily update job should send out notification mails.",
- verbose_description => "Control how often the daily update job should send out notification mails:\n"
+ description => "Control when the daily update job should send out notifications.",
+ verbose_description => "Control how often the daily update job should send out notifications:\n"
."* 'auto' daily for systems with a valid subscription, as those are assumed to be "
." production-ready and thus should know about pending updates.\n"
."* 'always' every update, if there are new pending updates.\n"
."* 'never' never send a notification for new pending updates.\n",
default => 'auto',
+ optional => 1,
+ },
+ 'target-package-updates' => {
+ type => 'string',
+ format_description => 'TARGET',
+ description => "Control where notifications about available updates should be sent to.",
+ verbose_description => "Control where notifications about available"
+ . " updates should be sent to."
+ . " Has to be the name of a notification target (endpoint or notification group)."
+ . " If the 'target-package-updates' parameter is not set, the system will send mails"
+ . " to root via a 'sendmail' notification endpoint.",
+ optional => 1,
+ },
+ 'fencing' => {
+ type => 'string',
+ enum => ['always', 'never'],
+ description => "Control if notifications about node fencing should be sent.",
+ verbose_description => "Control if notifications about node fencing should be sent.\n"
+ . "* 'always' always send out notifications\n"
+ . "* 'never' never send out notifications.\n"
+ . "For production systems, turning off node fencing notifications is not"
+ . "recommended!\n",
+ default => 'always',
+ optional => 1,
+ },
+ 'target-fencing' => {
+ type => 'string',
+ format_description => 'TARGET',
+ description => "Control where notifications about fenced cluster nodes should be sent to.",
+ verbose_description => "Control where notifications about fenced cluster nodes"
+ . " should be sent to."
+ . " Has to be the name of a notification target (endpoint or notification group)."
+ . " If the 'target-fencing' parameter is not set, the system will send mails"
+ . " to root via a 'sendmail' notification endpoint.",
+ optional => 1,
+ },
+ 'replication' => {
+ type => 'string',
+ enum => ['always', 'never'],
+ description => "Control if notifications for replication failures should be sent.",
+ verbose_description => "Control if notifications for replication failures should be sent.\n"
+ . "* 'always' always send out notifications\n"
+ . "* 'never' never send out notifications.\n"
+ . "For production systems, turning off replication notifications is not"
+ . "recommended!\n",
+ default => 'always',
+ optional => 1,
+ },
+ 'target-replication' => {
+ type => 'string',
+ format_description => 'TARGET',
+ description => "Control where notifications for failed storage replication jobs should"
+ . " be sent to.",
+ verbose_description => "Control where notifications for failed storage replication jobs"
+ . " should be sent to."
+ . " Has to be the name of a notification target (endpoint or notification group)."
+ . " If the 'target-replication' parameter is not set, the system will send mails"
+ . " to root via a 'sendmail' notification endpoint.",
+ optional => 1,
},
};
type => 'string',
enum => ['none', 'list', 'existing', 'free'],
default => 'free',
- description => "Controls tag usage for users without `Sys.Modify` on `/` by either "
- ."allowing `none`, a `list`, already `existing` or anything (`free`).",
- verbose_description => "Controls which tags can be set or deleted on resources a user "
- ."controls (such as guests). Users with the `Sys.Modify` privilege on `/` are always "
- ." unrestricted. "
- ."* 'none' no tags are usable. "
- ."* 'list' tags from 'user-allow-list' are usable. "
- ."* 'existing' like list, but already existing tags of resources are also usable."
- ."* 'free' no tag restrictions.",
+ description => "Controls tag usage for users without `Sys.Modify` on `/` by either"
+ ." allowing `none`, a `list`, already `existing` or anything (`free`).",
+ verbose_description => "Controls which tags can be set or deleted on resources a user"
+ ." controls (such as guests). Users with the `Sys.Modify` privilege on `/` are always"
+ ."unrestricted.\n"
+ ."* 'none' no tags are usable.\n"
+ ."* 'list' tags from 'user-allow-list' are usable.\n"
+ ."* 'existing' like list, but already existing tags of resources are also usable.\n"
+ ."* 'free' no tag restrictions.\n",
},
'user-allow-list' => {
optional => 1,
type => 'string',
description => "Default GUI language.",
enum => [
- 'ca',
- 'da',
- 'de',
- 'en',
- 'es',
- 'eu',
- 'fa',
- 'fr',
- 'he',
- 'it',
- 'ja',
- 'nb',
- 'nn',
- 'pl',
- 'pt_BR',
- 'ru',
- 'sl',
- 'sv',
- 'tr',
- 'zh_CN',
- 'zh_TW',
+ 'ar', # Arabic
+ 'ca', # Catalan
+ 'da', # Danish
+ 'de', # German
+ 'en', # English
+ 'es', # Spanish
+ 'eu', # Euskera (Basque)
+ 'fa', # Persian (Farsi)
+ 'fr', # French
+ 'hr', # Croatian
+ 'he', # Hebrew
+ 'it', # Italian
+ 'ja', # Japanese
+ 'ka', # Georgian
+ 'kr', # Korean
+ 'nb', # Norwegian (Bokmal)
+ 'nl', # Dutch
+ 'nn', # Norwegian (Nynorsk)
+ 'pl', # Polish
+ 'pt_BR', # Portuguese (Brazil)
+ 'ru', # Russian
+ 'sl', # Slovenian
+ 'sv', # Swedish
+ 'tr', # Turkish
+ 'ukr', # Ukrainian
+ 'zh_CN', # Chinese (Simplified)
+ 'zh_TW', # Chinese (Traditional)
],
},
http_proxy => {
type => 'string',
description => "Select the default Console viewer. You can either use the builtin java"
." applet (VNC; deprecated and maps to html5), an external virt-viewer comtatible application (SPICE), an HTML5 based vnc viewer (noVNC), or an HTML5 based console client (xtermjs). If the selected viewer is not available (e.g. SPICE not activated for the VM), the fallback is noVNC.",
- # FIXME: remove 'applet' with 8.0 (add pve7to8 check!)
+ # FIXME: remove 'applet' with 9.0 (add pve8to9 check!)
enum => ['applet', 'vv', 'html5', 'xtermjs'],
},
email_from => {
optional => 1,
type => 'string',
format => 'mac-prefix',
- description => 'Prefix for autogenerated MAC addresses.',
+ default => $PROXMOX_OUI,
+ description => "Prefix for the auto-generated MAC addresses of virtual guests. The"
+ ." default '$PROXMOX_OUI' is the OUI assigned by the IEEE to Proxmox Server Solutions"
+ ." GmbH for a 24-bit large MAC block. You're allowed to use this in local networks,"
+ ." i.e., those not directly reachable by the public (e.g., in a LAN or behind NAT)."
+ ,
+ verbose_description => "Prefix for the auto-generated MAC addresses of virtual guests."
+ ." The default `BC:24:11` is the Organizationally Unique Identifier (OUI) assigned"
+ ." by the IEEE to Proxmox Server Solutions GmbH for a MAC Address Block Large (MA-L)."
+ ." You're allowed to use this in local networks, i.e., those not directly reachable"
+ ." by the public (e.g., in a LAN or NAT/Masquerading).\n"
+ ." \nNote that when you run multiple cluster that (partially) share the networks of"
+ ." their virtual guests, it's highly recommended that you extend the default MAC"
+ ." prefix, or generate a custom (valid) one, to reduce the chance of MAC collisions."
+ ." For example, add a separate extra hexadecimal to the Proxmox OUI for each cluster,"
+ ." like `$PROXMOX_OUI:0` for the first, `$PROXMOX_OUI:1` for the second, and so on.\n"
+ ." Alternatively, you can also separate the networks of the guests logically, e.g.,"
+ ." by using VLANs.\n\nFor publicly accessible guests it's recommended that you get"
+ ." your own https://standards.ieee.org/products-programs/regauth/[OUI from the IEEE]"
+ ." registered or coordinate with your, or your hosting providers, network admins."
+ ,
},
notify => {
optional => 1,
$res->{description} = $comment;
+ # it could be better to track that this is the default, and not explicitly set, but having
+ # no MAC prefix is really not ideal, and overriding that here centrally catches all call sites
+ $res->{mac_prefix} = $PROXMOX_OUI if !defined($res->{mac_prefix});
+
if (my $crs = $res->{crs}) {
$res->{crs} = parse_property_string($crs_format, $crs);
}
$cfg->{console} = 'html5';
}
+ if (defined($cfg->{mac_prefix}) && uc($cfg->{mac_prefix}) eq $PROXMOX_OUI) {
+ delete $cfg->{mac_prefix}; # avoid writing out default prefix
+ }
+
if (ref(my $crs = $cfg->{crs})) {
$cfg->{crs} = PVE::JSONSchema::print_property_string($crs, $crs_format);
}
projects / pve-cluster.git / blobdiff