"type" : "boolean",
"typetext" : "<boolean>"
},
+ "exitnodes-primary" : {
+ "description" : "Force traffic to this exitnode first.",
+ "format" : "pve-node",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"ipam" : {
"description" : "use a specific ipam",
"optional" : 1,
"type" : "string",
"typetext" : "<string>"
},
+ "rt-import" : {
+ "description" : "Route-Target import",
+ "format" : "pve-sdn-bgp-rt-list",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"tag" : {
"description" : "Service-VLAN Tag",
"minimum" : 0,
"type" : "boolean",
"typetext" : "<boolean>"
},
+ "exitnodes-primary" : {
+ "description" : "Force traffic to this exitnode first.",
+ "format" : "pve-node",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"ipam" : {
"description" : "use a specific ipam",
"optional" : 1,
"type" : "string",
"typetext" : "<string>"
},
+ "rt-import" : {
+ "description" : "Route-Target import",
+ "format" : "pve-sdn-bgp-rt-list",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"tag" : {
"description" : "Service-VLAN Tag",
"minimum" : 0,
"properties" : {
"asn" : {
"description" : "autonomous system number",
+ "maximum" : 4294967296,
+ "minimum" : 0,
"optional" : 1,
"type" : "integer",
- "typetext" : "<integer>"
+ "typetext" : "<integer> (0 - 4294967296)"
+ },
+ "bgp-multipath-as-path-relax" : {
+ "optional" : 1,
+ "type" : "boolean",
+ "typetext" : "<boolean>"
},
"controller" : {
"description" : "The SDN controller object identifier.",
"properties" : {
"asn" : {
"description" : "autonomous system number",
+ "maximum" : 4294967296,
+ "minimum" : 0,
"optional" : 1,
"type" : "integer",
- "typetext" : "<integer>"
+ "typetext" : "<integer> (0 - 4294967296)"
+ },
+ "bgp-multipath-as-path-relax" : {
+ "optional" : 1,
+ "type" : "boolean",
+ "typetext" : "<boolean>"
},
"controller" : {
"description" : "The SDN controller object identifier.",
"info" : {
"GET" : {
"allowtoken" : 1,
- "description" : "Get next free VMID. If you pass an VMID it will raise an error if the ID is already used.",
+ "description" : "Get next free VMID. Pass a VMID to assert that its free (at time of check).",
"method" : "GET",
"name" : "nextid",
"parameters" : {
"description" : "Extra mount options for rootfs/mps.",
"format_description" : "opt[;opt...]",
"optional" : 1,
- "pattern" : "(?^:(?^:(noatime|nodev|nosuid|noexec))(;(?^:(noatime|nodev|nosuid|noexec)))*)",
+ "pattern" : "(?^:(?^:(noatime|lazytime|nodev|nosuid|noexec))(;(?^:(noatime|lazytime|nodev|nosuid|noexec)))*)",
"type" : "string"
},
"mp" : {
"description" : "Extra mount options for rootfs/mps.",
"format_description" : "opt[;opt...]",
"optional" : 1,
- "pattern" : "(?^:(?^:(noatime|nodev|nosuid|noexec))(;(?^:(noatime|nodev|nosuid|noexec)))*)",
+ "pattern" : "(?^:(?^:(noatime|lazytime|nodev|nosuid|noexec))(;(?^:(noatime|lazytime|nodev|nosuid|noexec)))*)",
"type" : "string"
},
"quota" : {
"description" : "Extra mount options for rootfs/mps.",
"format_description" : "opt[;opt...]",
"optional" : 1,
- "pattern" : "(?^:(?^:(noatime|nodev|nosuid|noexec))(;(?^:(noatime|nodev|nosuid|noexec)))*)",
+ "pattern" : "(?^:(?^:(noatime|lazytime|nodev|nosuid|noexec))(;(?^:(noatime|lazytime|nodev|nosuid|noexec)))*)",
"type" : "string"
},
"mp" : {
"description" : "Extra mount options for rootfs/mps.",
"format_description" : "opt[;opt...]",
"optional" : 1,
- "pattern" : "(?^:(?^:(noatime|nodev|nosuid|noexec))(;(?^:(noatime|nodev|nosuid|noexec)))*)",
+ "pattern" : "(?^:(?^:(noatime|lazytime|nodev|nosuid|noexec))(;(?^:(noatime|lazytime|nodev|nosuid|noexec)))*)",
"type" : "string"
},
"quota" : {
"type" : "string",
"typetext" : "<string>"
},
+ "target-storage" : {
+ "description" : "Mapping from source to target storages. Providing only a single storage ID maps all source storages to that storage. Providing the special value '1' will map each source storage to itself.",
+ "format" : "storage-pair-list",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"timeout" : {
"default" : 180,
"description" : "Timeout in seconds for shutdown for restart migration",
"description" : "Extra mount options for rootfs/mps.",
"format_description" : "opt[;opt...]",
"optional" : 1,
- "pattern" : "(?^:(?^:(noatime|nodev|nosuid|noexec))(;(?^:(noatime|nodev|nosuid|noexec)))*)",
+ "pattern" : "(?^:(?^:(noatime|lazytime|nodev|nosuid|noexec))(;(?^:(noatime|lazytime|nodev|nosuid|noexec)))*)",
"type" : "string"
},
"mp" : {
"description" : "Extra mount options for rootfs/mps.",
"format_description" : "opt[;opt...]",
"optional" : 1,
- "pattern" : "(?^:(?^:(noatime|nodev|nosuid|noexec))(;(?^:(noatime|nodev|nosuid|noexec)))*)",
+ "pattern" : "(?^:(?^:(noatime|lazytime|nodev|nosuid|noexec))(;(?^:(noatime|lazytime|nodev|nosuid|noexec)))*)",
"type" : "string"
},
"quota" : {
},
"proxyto" : "node",
"returns" : {
+ "properties" : {
+ "acme" : {
+ "description" : "Node specific ACME settings.",
+ "format" : {
+ "account" : {
+ "default" : "default",
+ "description" : "ACME account config file name.",
+ "format" : "pve-configid",
+ "format_description" : "name",
+ "optional" : 1,
+ "type" : "string"
+ },
+ "domains" : {
+ "description" : "List of domains for this node's ACME certificate",
+ "format" : "pve-acme-domain-list",
+ "format_description" : "domain[;domain;...]",
+ "optional" : 1,
+ "type" : "string"
+ }
+ },
+ "optional" : 1,
+ "type" : "string"
+ },
+ "acmedomain[n]" : {
+ "description" : "ACME domain and validation plugin",
+ "format" : {
+ "alias" : {
+ "description" : "Alias for the Domain to verify ACME Challenge over DNS",
+ "format" : "pve-acme-alias",
+ "format_description" : "domain",
+ "optional" : 1,
+ "type" : "string"
+ },
+ "domain" : {
+ "default_key" : 1,
+ "description" : "domain for this node's ACME certificate",
+ "format" : "pve-acme-domain",
+ "format_description" : "domain",
+ "type" : "string"
+ },
+ "plugin" : {
+ "default" : "standalone",
+ "description" : "The ACME plugin ID",
+ "format" : "pve-configid",
+ "format_description" : "name of the plugin configuration",
+ "optional" : 1,
+ "type" : "string"
+ }
+ },
+ "optional" : 1,
+ "type" : "string"
+ },
+ "description" : {
+ "description" : "Description for the Node. Shown in the web-interface node notes panel. This is saved as comment inside the configuration file.",
+ "maxLength" : 65536,
+ "optional" : 1,
+ "type" : "string"
+ },
+ "digest" : {
+ "description" : "Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.",
+ "maxLength" : 40,
+ "optional" : 1,
+ "type" : "string"
+ },
+ "startall-onboot-delay" : {
+ "default" : 0,
+ "description" : "Initial delay in seconds, before starting all the Virtual Guests with on-boot enabled.",
+ "maximum" : 300,
+ "minimum" : 0,
+ "optional" : 1,
+ "type" : "integer"
+ },
+ "wakeonlan" : {
+ "description" : "MAC address for wake on LAN",
+ "format" : "mac-addr",
+ "optional" : 1,
+ "type" : "string"
+ }
+ },
"type" : "object"
}
},
"default" : "login",
"description" : "Run specific command or default to login.",
"enum" : [
- "ceph_install",
"upgrade",
+ "ceph_install",
"login"
],
"optional" : 1,
"default" : "login",
"description" : "Run specific command or default to login.",
"enum" : [
- "ceph_install",
"upgrade",
+ "ceph_install",
"login"
],
"optional" : 1,
"default" : "login",
"description" : "Run specific command or default to login.",
"enum" : [
- "ceph_install",
"upgrade",
+ "ceph_install",
"login"
],
"optional" : 1,
"type" : "string",
"typetext" : "<string>"
},
+ "data-pool" : {
+ "description" : "Data Pool (for erasure coding only)",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"delete" : {
"description" : "A list of settings you want to delete.",
"format" : "pve-configid-list",
"type" : "string",
"typetext" : "<string>"
},
+ "data-pool" : {
+ "description" : "Data Pool (for erasure coding only)",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"datastore" : {
"description" : "Proxmox Backup Server datastore name.",
"optional" : 1,
"type" : "string"
},
"tokens" : {
+ "additionalProperties" : {
+ "properties" : {
+ "comment" : {
+ "optional" : 1,
+ "type" : "string"
+ },
+ "expire" : {
+ "default" : "same as user",
+ "description" : "API token expiration date (seconds since epoch). '0' means no expiration date.",
+ "minimum" : 0,
+ "optional" : 1,
+ "type" : "integer"
+ },
+ "privsep" : {
+ "default" : 1,
+ "description" : "Restrict API token privileges with separate ACLs (default), or give full privileges of corresponding user.",
+ "optional" : 1,
+ "type" : "boolean"
+ }
+ },
+ "type" : "object"
+ },
"optional" : 1,
"type" : "object"
}
"User.Modify"
],
"groups_param",
- 1
+ "update"
]
},
"protected" : 1,
"User.Modify"
],
"groups_param",
- 1
+ "create"
]
],
"description" : "You need 'Realm.AllocateUser' on '/access/realm/<realm>' on the realm of user <userid>, and 'User.Modify' permissions to '/access/groups/<group>' for any group specified (or 'User.Modify' on '/access/groups' if you pass no groups."
"check" : [
"and",
[
- "userid-param",
- "Realm.AllocateUser"
+ "perm",
+ "/access/realm/{realm}",
+ [
+ "Realm.AllocateUser"
+ ]
],
[
- "userid-group",
+ "perm",
+ "/access/groups",
[
"User.Modify"
]
"parameters" : {
"additionalProperties" : 0,
"properties" : {
+ "acr-values" : {
+ "description" : "Specifies the Authentication Context Class Reference values that theAuthorization Server is being requested to use for the Auth Request.",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"autocreate" : {
"default" : 0,
"description" : "Automatically create users if they do not exist.",
"type" : "integer",
"typetext" : "<integer> (1 - 65535)"
},
+ "prompt" : {
+ "description" : "Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.",
+ "optional" : 1,
+ "pattern" : "(?:none|login|consent|select_account|\\S+)",
+ "type" : "string"
+ },
"realm" : {
"description" : "Authentication domain ID",
"format" : "pve-realm",
"type" : "string",
"typetext" : "<string>"
},
+ "scopes" : {
+ "default" : "email profile",
+ "description" : "Specifies the scopes (user details) that should be authorized and returned, for example 'email' or 'profile'.",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"secure" : {
"description" : "Use secure LDAPS protocol. DEPRECATED: use 'mode' instead.",
"optional" : 1,
"parameters" : {
"additionalProperties" : 0,
"properties" : {
+ "acr-values" : {
+ "description" : "Specifies the Authentication Context Class Reference values that theAuthorization Server is being requested to use for the Auth Request.",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"autocreate" : {
"default" : 0,
"description" : "Automatically create users if they do not exist.",
"type" : "integer",
"typetext" : "<integer> (1 - 65535)"
},
+ "prompt" : {
+ "description" : "Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.",
+ "optional" : 1,
+ "pattern" : "(?:none|login|consent|select_account|\\S+)",
+ "type" : "string"
+ },
"realm" : {
"description" : "Authentication domain ID",
"format" : "pve-realm",
"type" : "string",
"typetext" : "<string>"
},
+ "scopes" : {
+ "default" : "email profile",
+ "description" : "Specifies the scopes (user details) that should be authorized and returned, for example 'email' or 'profile'.",
+ "optional" : 1,
+ "type" : "string",
+ "typetext" : "<string>"
+ },
"secure" : {
"description" : "Use secure LDAPS protocol. DEPRECATED: use 'mode' instead.",
"optional" : 1,
},
"username-claim" : {
"description" : "OpenID claim used to generate the unique username.",
- "enum" : [
- "subject",
- "username",
- "email"
- ],
"optional" : 1,
- "type" : "string"
+ "type" : "string",
+ "typetext" : "<string>"
},
"verify" : {
"default" : 0,
"format" : "pve-poolid",
"type" : "string",
"typetext" : "<string>"
+ },
+ "type" : {
+ "enum" : [
+ "qemu",
+ "lxc",
+ "storage"
+ ],
+ "optional" : 1,
+ "type" : "string"
}
}
},
`--dest` `<string>` ::
-Restrict packet destination address. This can refer to a single IP address, an
-IP set ('+ipsetname') or an IP alias definition. You can also specify an
-address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and
-networks (entries are separated by comma). Please do not mix IPv4 and IPv6
-addresses inside such lists.
+Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
`--dport` `<string>` ::
-Restrict TCP/UDP destination port. You can use service names or simple numbers
-(0-65535), as defined in '/etc/services'. Port ranges can be specified with
-'\d+:\d+', for example '80:85', and you can use comma separated list to match
-several ports or ranges.
+Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\d+:\d+', for example '80:85', and you can use comma separated list to match several ports or ranges.
`--icmp-type` `<string>` ::
-Restrict ICMP packets to specific types. You can either use the names as
-ip[6]tables ('ip[6]tables -p icmp[v6] -h') provides them, or use the
-Type[/Code] value, for example 'network-unreachable' which corresponds to
-'3/0'.
+Specify icmp-type. Only valid if proto equals 'icmp'.
`--iface` `<string>` ::
-Network interface name. You have to use network configuration key names for VMs
-and containers ('net\d+'). Host related rules can use arbitrary strings.
+Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
`--log` `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
`--proto` `<string>` ::
-IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as
-defined in '/etc/protocols'.
+IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as defined in '/etc/protocols'.
`--source` `<string>` ::
-Restrict packet source address. This can refer to a single IP address, an IP
-set ('+ipsetname') or an IP alias definition. You can also specify an address
-range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks
-(entries are separated by comma). Please do not mix IPv4 and IPv6 addresses
-inside such lists.
+Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
`--sport` `<string>` ::
-Restrict TCP/UDP source port. You can use service names or simple numbers
-(0-65535), as defined in '/etc/services'. Port ranges can be specified with
-'\d+:\d+', for example '80:85', and you can use comma separated list to match
-several ports or ranges.
+Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\d+:\d+', for example '80:85', and you can use comma separated list to match several ports or ranges.