🛠️ SSH Reachability Overhaul
- Corosync-on-separate-VLAN fix —
_get_node_ip()no longer hands out the corosync ring IP for SSH operations when the cluster network is on a dedicated VLAN. Reachability is now probed on the actual SSH port (not 8006, which Proxmox listens on everywhere), and cluster/status quick path is filtered against the primary management network so corosync IPs can't leak through (#324). - Single-node cluster-creds — the WebSocket SSH shell now requests only the node it needs via
?node=<name>instead of resolving the entire cluster. Resolution capped at 3 probes to stay under the WS 10s timeout. - Safer host fallback —
_get_node_ip()only falls back to the connected host when the requested node actually matches it, so multi-node clusters can't accidentally SSH into the wrong box. - All node-SSH endpoints (SMBIOS, custom scripts,
get_node_ip_api) now use the consolidated resolver and surface a clean error instead of silently acting onmgr.hostwhen resolution fails.
Thanks to @remipcomaite for the original investigation and PR (#324).
🛡️ Node Hardening Reports
- PDF / PNG export — the Harden PVE Node page now has PDF and PNG buttons next to "Apply Selected". The PDF includes a stats block (controls active / not applied / selected), one table per source (CIS / Lynis / STIG / PegaProx) with ref + title + status + PVE impact, and — when verbose audit mode was on during the scan — a full audit evidence table with check commands and actual state.
- Verbose audit output is now fully translated (
Show audit details/Hide audit details/Check command/Actual state) across DE / EN / FR / ES / PT / KO.
🔄 Rolling Updates
- Reboot / Online Timeout now exposed in the UI (#328) — next to the existing Evacuation Timeout. Defaults to 10 min, presets up to 2h. Extend it for Ceph OSD hosts or nodes with many disks that take longer to come back. When exceeded, the rolling update pauses with a clear
reboot_timeoutreason so you can inspect manually and continue.
📊 CVE Scanner
- No more misleading green 0s — when every node fails the scan (e.g. SSH unreachable), the summary now shows a grey dash
—with a red "X failed" count instead of pretending everything is clean. - Breathing room in Corporate layout — stat cards are taller, gap is wider, number-to-label spacing increased. The section no longer looks cramped against the dense corporate grid.
🎨 Corporate Layout & UI
- Standalone-node badge (#326) — single-node clusters no longer show the red "Quorum verloren" badge in the dashboard services bar. Instead a neutral blue Standalone badge, matching the Datacenter status tile.
- KSM Sharing visible in Node Summary — always shown now, matches native PVE UI.
0 Bin grey when inactive, actual size in purple when KSM is deduplicating under memory pressure.
🐛 Bug Fixes
- Disk Create modal (#323) — native
<select>dropdowns in fixed-position modals no longer dismiss the modal when you click an option. Switched backdrop toonMouseDown+ currentTarget check.
💎 Sponsors
Massive thanks to our Platinum Sponsor 🏆 netwolk GmbH — your support keeps this project going and directly funds ongoing PegaProx development.
Interested in sponsoring? → pegaprox.com/#sponsor | sponsor@pegaprox.com | opencollective.com/pegaprox
💬 Community
Join the Discord: https://discord.gg/AJPf3H62QW
Full Changelog: v0.9.6.1...v0.9.7