where is the log file?

[lgzcoollg]

Hello, thanks this project first! help me a lot.

4 request;

• 1, where is the log file save?
• 2, its the GUI could be install? (from apt) #44
• 3, I installed in a pve node, it could not start when I set verify_ssl: 1
• 4, pls update the conf option in the README, something different with code example upload. its cause service start fail. like the vm_balancing option.

anyway, thanks @gyptazy

[gyptazy]

Hey @lgzcoollg,

you‘re welcome! Hope it helps :)

1. Logging utilizes systemd, so when running as a service, simply run systemd status proxlb or journalcntrl. When running from cli, it will print the log to cli. As we handle it in the UNIX philosophy, it doesn’t print anything if it exits gracefully (0). You can set the log_verbosity in the config file to INFO to get detailed output. This applies for the cli and also systemd logging.
2. I currently do not provide the GUI package anymore because it might break things. I need to create a dynamic patcher for this (as wirrten in the referenced issue) before making this available again. But thats is currently a low prio to me.
3. SSL verify should always and wherever possible be used. However, when using self signed certificates and not having them in the local trust store, this will fail. Therefore, this option can switch it.
4. The provided configuration is an example that should directly work out of the box on the most common setups. What is not working in detail, so I can check it.

Thanks,
gyptazy

[lgzcoollg]

Hey @lgzcoollg,

you‘re welcome! Hope it helps :)

1. Logging utilizes systemd, so when running as a service, simply run systemd status proxlb or journalcntrl. When running from cli, it will print the log to cli. As we handle it in the UNIX philosophy, it doesn’t print anything if it exits gracefully (0). You can set the log_verbosity in the config file to INFO to get detailed output. This applies for the cli and also systemd logging.
2. I currently do not provide the GUI package anymore because it might break things. I need to create a dynamic patcher for this (as wirrten in the referenced issue) before making this available again. But thats is currently a low prio to me.
3. SSL verify should always and wherever possible be used. However, when using self signed certificates and not having them in the local trust store, this will fail. Therefore, this option can switch it.
4. The provided configuration is an example that should directly work out of the box on the most common setups. What is not working in detail, so I can check it.

Thanks, gyptazy

for the 1.
could it consider output a log file?

for the 3.
I install proxlb and run in the host which same as the setting of conf. it should have local trust store, right?

for the 4.
if use [vm_balancing] option like README, it will feedback:
proxlb[357962]: ProxLB: Error: [config]: Could not find the required options in config file.

it should use [balancing]

thanks

[gyptazy]

Log File Implementation [1]

A log file implementation is currently not planned from my site. However, you can create a feature request for that. I think we should rely on systemd logging. You could also redirect the cli outputs to a log file or use something like journalctl | grep proxlb > /var/log/proxlb.log or similar. But I must admit, that's hacky and dirty. But yeah, I think this can optionally be integrated.

SSL Verify (SSL Truststore) [3]

Nope, updating the local ca trust store must be done manually. The certificates don't get imported automatically by Proxmox. You can also validate this by simply using curl on your node's CLI (make sure to match the hostname or fqdn):

dev-cluster01-node01.int.gyptazy.ch:~# curl -v https://dev-cluster01-node01.int.gyptazy.ch:8006
*   Trying 10.10.10.211:8006...
* Connected to dev-cluster01-node01.int.gyptazy.ch (10.10.10.211) port 8006 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Replacing -v (verbose) with -k (insecure) will immediately work.

To revalidate this against the used certificate, simply run:

dev-cluster01-node01.int.gyptazy.ch~# openssl s_client -connect localhost:8006
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 OU = PVE Cluster Node, O = Proxmox Virtual Environment, CN = dev-cluster01-node01.int.gyptazy.ch
verify error:num=20:unable to get local issuer certificate

So, you have three possibilities to solve this:

• Import the node's certificate to the local CA store (this needs to be done for all nodes that should be managed)
• Disable certificate verification
• Use proper certificates (see also: https://pve.proxmox.com/wiki/Certificate_Management)

Config Example

It does state balancing. I assume, that you used the config from the current main branch which is the main branch for development. But did you also use the proxlb file from there or one from the repository or provided packaged files (like .deb or .rpm)? If you use the repository or prepackaged versions, they're shipped as stable versions. The last stable version is 1.0.2, therefore you should use the configs related to that version. Each release is represented by a git tag which you can find here https://github.com/gyptazy/ProxLB/tree/v1.0.2. The section balancing is written there in the config.

Hope it helps.

[lgzcoollg]

Log File Implementation [1]

日志文件的实施目前没有计划从我的网站。但是，您可以为此创建功能请求。我认为我们应该依靠systemd日志记录。您还可以将BPEL输出重定向到日志文件或使用类似journalctl的工具|grep lib >/var/log/lib. log或类似文件。但我必须承认，这是hacky和肮脏。但是，是的，我认为这可以选择性地整合。

SSL Verify (SSL Truststore) [3]

Nope, updating the local ca trust store must be done manually. The certificates don't get imported automatically by Proxmox. You can also validate this by simply using curl on your node's CLI (make sure to match the hostname or fqdn):

dev-cluster01-node01.int.gyptazy.ch:~# curl -v https://dev-cluster01-node01.int.gyptazy.ch:8006
*   Trying 10.10.10.211:8006...
* Connected to dev-cluster01-node01.int.gyptazy.ch (10.10.10.211) port 8006 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

将-v（verbose）替换为-k（insecure）将立即生效。

To revalidate this against the used certificate, simply run:

dev-cluster01-node01.int.gyptazy.ch~# openssl s_client -connect localhost:8006
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 OU = PVE Cluster Node, O = Proxmox Virtual Environment, CN = dev-cluster01-node01.int.gyptazy.ch
verify error:num=20:unable to get local issuer certificate

So, you have three possibilities to solve this:

• Import the node's certificate to the local CA store (this needs to be done for all nodes that should be managed)
• Disable certificate verification
• Use proper certificates (see also: https://pve.proxmox.com/wiki/Certificate_Management)

Config Example

It does state balancing. I assume, that you used the config from the current main branch which is the main branch for development. But did you also use the proxlb file from there or one from the repository or provided packaged files (like .deb or .rpm)? If you use the repository or prepackaged versions, they're shipped as stable versions. The last stable version is 1.0.2, therefore you should use the configs related to that version. Each release is represented by a git tag which you can find here https://github.com/gyptazy/ProxLB/tree/v1.0.2. The section balancing is written there in the config.

Hope it helps.

yes, its 1.0.2. its my mistake that do no notice about the branch.

thanks @gyptazy