v0.9.14 — StarWind shared storage, ProxLB-tag placement, and a batch of features, fixes & performance work
✨ Features
- StarWind VSAN LVM (
starlvm) storage — PegaProx now recognises, creates, edits and rescans StarWind'sstarlvmtype as first-class shared block storage, with thin-provisioned snapshots on a shared LUN. A one-click installer deploys the StarWind SAN plugin across your cluster nodes over SSH (signed apt source, admin-gated). → Docs - ProxLB VM tags drive placement (#426) — an opt-in, per-cluster option that derives affinity / anti-affinity / ignore / pin rules from ProxLB-style VM tags (
plb_affinity_*,plb_anti_affinity_*,plb_ignore,plb_pin_<node>), feeding the existing balancer. - Extra CPU Flags editor (#410) — a tri-state (+enabled / −disabled / default) toggle panel in the VM Hardware tab for the standard Proxmox CPU flag set.
- Site Recovery — Test Failover NIC isolation (#413) — test-failover clones can be brought up with every NIC disconnected so a DR test can't collide with production IPs; planned / failback now fails fast with clear guidance when the target VMID is already replication-seeded.
- Client Portal self-service containers (#556) — portal users can create LXC containers within their tenant quota, from an admin-curated template / target set.
- Ceph metrics in the Prometheus exporter (#540) —
pegaprox_ceph_health_status,pegaprox_ceph_osd_up,pegaprox_ceph_osd_in. - French compliance frameworks — Diffusion Restreinte (II 901) and RGS, both mapped to the ANSSI-BP-028 control set.
- ESXi migration wizard — a non-root ESXi SSH user (#602) and a VLAN tag on the target NIC (#598).
- LXC OS type + IP are now shown in the VM detail views (#560).
🐛 Fixes
- Single-node maintenance no longer hangs ~5 minutes when there is no other node to evacuate to.
- The datastore browser no longer shows 0 bytes for a disk whose VM lives on another node (shared/SAN storage).
- The task bar attributes a VNC console session to the PegaProx user who opened it; blank Windows console previews get an RFB frame-grab fallback.
- Cross-cluster Site-Recovery failover maps source→target storage correctly (it previously fell back to the default target storage on every run).
- Offline / air-gapped browsers auto-latch and no longer route cluster API calls through an ambient proxy; the update check no longer spins.
🔒 Security & hardening
- The VMs-backup-status endpoint is now scoped to the caller (cluster access + per-VM ACL) — closes a read BOLA.
- The Site-Recovery pre-flight sanitises the plan VM name before it reaches any log line (CWE-117 log-injection). A pre-release Aikido security scan came back clean.
⚡ Performance
- Real-time SSE broadcasts are de-duplicated, the heavy poll aggregates gained short-TTL caches,
datacenter/statusis parallelised, and the unused 3 MB@babel/standalonebundle was dropped from production — the WebUI is noticeably snappier at scale.
Full documentation: https://docs.pegaprox.com
❤️ Sponsors
PegaProx lives entirely from sponsorships and donations. Huge thanks to our sponsors — and especially our 💎 Platinum partners:
Want to support PegaProx? Become a sponsor. Every euro keeps the lights on. 💛