-Proxmox Cluster file system (pmxcfs)
+ifdef::manvolnum[]
+PVE({manvolnum})
+================
+include::attributes.txt[]
+
+NAME
+----
+
+pmxcfs - Proxmox Cluster File System
+
+SYNOPSYS
+--------
+
+include::pmxcfs.8-cli.adoc[]
+
+DESCRIPTION
+-----------
+endif::manvolnum[]
+
+ifndef::manvolnum[]
+Proxmox Cluster File System (pmxcfs)
====================================
+include::attributes.txt[]
+endif::manvolnum[]
The Proxmox Cluster file system (pmxcfs) is a database-driven file
system for storing configuration files, replicated in real time to all
on the maximal size, which is currently 30MB. This is still enough to
store the configuration of several thousand virtual machines.
-Advantages
-----------
+This system provides the following advantages:
* seamless replication of all configuration to all nodes in real time
* provides strong consistency checks to avoid duplicate VM IDs
-* read-only when a node looses quorum
+* read-only when a node loses quorum
* automatic updates of the corosync cluster configuration to all nodes
* includes a distributed locking mechanism
POSIX Compatibility
-~~~~~~~~~~~~~~~~~~~
+-------------------
The file system is based on FUSE, so the behavior is POSIX like. But
some feature are simply not implemented, because we do not need them:
File access rights
-~~~~~~~~~~~~~~~~~~
+------------------
All files and directories are owned by user 'root' and have group
'www-data'. Only root has write permissions, but group 'www-data' can
are only accessible by root.
+
Technology
----------
|user.cfg |{pve} access control configuration (users/groups/...)
|domains.cfg |{pve} Authentication domains
|authkey.pub | public key used by ticket system
+|pve-root-ca.pem | public certificate of cluster CA
|priv/shadow.cfg | shadow password file
|priv/authkey.key | private key used by ticket system
-|nodes/<NAME>/pve-ssl.pem | public ssl key for web server
-|nodes/<NAME>/priv/pve-ssl.key | private ssl key
+|priv/pve-root-ca.key | private key of cluster CA
+|nodes/<NAME>/pve-ssl.pem | public ssl certificate for web server (signed by cluster CA)
+|nodes/<NAME>/pve-ssl.key | private ssl key for pve-ssl.pem
+|nodes/<NAME>/pveproxy-ssl.pem | public ssl certificate (chain) for web server (optional override for pve-ssl.pem)
+|nodes/<NAME>/pveproxy-ssl.key | private ssl key for pveproxy-ssl.pem (optional)
|nodes/<NAME>/qemu-server/<VMID>.conf | VM configuration data for KVM VMs
|nodes/<NAME>/lxc/<VMID>.conf | VM configuration data for LXC containers
|firewall/cluster.fw | Firewall config applied to all nodes
* stop the cluster file system again
- # service pve-cluster stop
+ # systemctl stop pve-cluster
* restart pve services (or reboot)
- # service pve-cluster start
- # service pvedaemon restart
- # service pveproxy restart
- # service pvestatd restart
+ # systemctl start pve-cluster
+ # systemctl restart pvedaemon
+ # systemctl restart pveproxy
+ # systemctl restart pvestatd
+
+ifdef::manvolnum[]
+include::pve-copyright.adoc[]
+endif::manvolnum[]
projects / pve-docs.git / blobdiff