docs(README): Define the new location of ProxLB at credativ

Updated README to reflect the new location of the ProxLB project and removed outdated sections.

.changelogs/1.1.0/114_refactor_code_base.yml

@@ -0,0 +1,11 @@
+fixed:
+  - Refactored code base for ProxLB [#114]
+  - Switched to `pycodestyle` for linting [#114]
+  - Package building will be done within GitHub actions pipeline [#114]
+  - ProxLB now only returns a warning when no guests for further balancing are not present (instead of quitting) [132#]
+  - All nodes (according to the free resources) will be used now [#130]
+  - Fixed logging outputs where highest/lowest were mixed-up [#129]
+  - Stop balancing when movement would get worste (new force param to enfoce for affinity rules) [#128]
+  - Added requested documentation regarding Proxmox HA groups [#127]
+  - Rewrite of the whole affinity/anti-affinity rules evaluation and placement [#123]
+  - Fixed the `ignore` parameter for nodes where the node and guests on the node will be untouched [#102]

.changelogs/1.1.0/125-add-proxmox-api-authentication-support.yml

@@ -0,0 +1,2 @@
+feature:
+  - Add Proxmox API authentication support. [#125]

.changelogs/1.1.0/137_fix_systemd_unit_file.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix the systemd unit file to start ProxLB after pveproxy (by @robertdahlem). [#137]

.changelogs/1.1.0/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-04-01

.changelogs/1.1.1/163_fix_ignore_vm_tag.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix tag evluation for VMs for being ignored for further balancing [#163]

.changelogs/1.1.1/165_improve_logging_servity.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Improve logging verbosity of messages that had a wrong servity [#165]

.changelogs/1.1.1/168_add_more_flexible_schedules.yml

@@ -0,0 +1,2 @@
+feature:
+  - Add a more flexible way to define schedules in minutes or hours (by @gyptazy) [#168]

.changelogs/1.1.1/171_set_correct_python_path_docker_image.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix Python path for Docker entrypoint (by @crandler) [#170]

.changelogs/1.1.1/174_honor_balancing_activation_value.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Honor the value when balancing should not be performed and stop balancing [#174]

.changelogs/1.1.1/176_change_turn_daemon_mode_on_default.yml

@@ -0,0 +1,2 @@
+changed:
+  - Change the default behaviour of the daemon mode to active [#176]

.changelogs/1.1.1/180_change_default_balancing_to_used_instead_assigned.yml

@@ -0,0 +1,2 @@
+changed:
+  - Change the default banalcing mode to used instead of assigned [#180]

.changelogs/1.1.1/184_validate_for_sufficient_user_permissions.yml

@@ -0,0 +1,2 @@
+feature:
+  - Add validation for the minimum required permissions of a user in Proxmox [#184]

.changelogs/1.1.1/185-logging-handler-for-no-systemd-integration.yml

@@ -0,0 +1,2 @@
+fix:
+  - add handler to log messages with severity less than info to the screen when there is no systemd integration, for instance, inside a docker container (by @glitchvern) [#185]

.changelogs/1.1.1/187_allow_use_of_minutes_instead_of_hours.yml

@@ -0,0 +1,2 @@
+fixed:
+  - allow the use of minutes instead of hours and only accept hours or minutes in the format (by @glitchvern) [#187]

.changelogs/1.1.1/195_set_cpu_used_to_cpu_usage_times_core_count.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Set cpu_used to the cpu usage, which is a percent, times the total number of cores to get a number where guest cpu_used can be added to nodes cpu_used and be meaningful (by @glitchvern) [#195]

.changelogs/1.1.1/197_remove_hard_coded_memory_usage_from_lowest_usage_node.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Remove hard coded memory usage from lowest usage node and use method and mode specified in configuration instead (by @glitchvern) [#197]

.changelogs/1.1.1/200_requery_zero_guest_cpu_used.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Requery a guest if that running guest reports 0 cpu usage (by @glitchvern) [#200]

.changelogs/1.1.1/204_fix_migration_log_relationship_of_guest_type.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix the guest type relationship in the logs when a migration job failed (by @gyptazy) [#204]

.changelogs/1.1.1/205_add_api_upstream_error_message_on_migration_failure.yml

@@ -0,0 +1,2 @@
+added:
+  - Providing the API upstream error message when migration fails in debug mode (by @gyptazy) [#205]

.changelogs/1.1.1/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-04-20

.changelogs/1.1.10/335-prevalidate-affinity-matrix.yml

@@ -0,0 +1,2 @@
+added:
+  - Prevent redundant rebalancing by validating existing affinity enforcement before taking actions (@gyptazy). [#335]

.changelogs/1.1.10/359-add-pve8-user-protections-for-conntrack-aware-migrations.yml

@@ -0,0 +1,2 @@
+added:
+  - Add safety-guard for PVE 8 users when activating conntrack-aware migrations mistakenly (@gyptazy). [#359]

.changelogs/1.1.10/361_fix_proxmox_api_connection_validation.yml

@@ -0,0 +1,3 @@
+fixed:
+  - Fixed the Proxmox API connection validation which returned a false-positive logging message of timeouts (@gyptazy). [#361]
+  - Refactored Proxmox API connection functions

.changelogs/1.1.10/368_fix_crash_enumerating_pools_with_storage_members.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed a crash during PVE resource pool enumeration by skipping members not having a 'name' property (@stefanoettl). [#368]

.changelogs/1.1.10/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-11-25

.changelogs/1.1.11/275_add_overprovisioning_safety_guard.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed missing overprovisioning safety guard to avoid node overprovisioning (@gyptazy). [#275]

.changelogs/1.1.11/335_fix_affinity_matrix_prevalidation.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed affinity matrix pre-validation by inverting validations (@Thalagyrt). [#335]

.changelogs/1.1.11/373_add_node_resource_reservation_support.yml

@@ -0,0 +1,2 @@
+added:
+  - Add resource reservation support for PVE nodes (@Chipmonk2). [#373]

.changelogs/1.1.11/378_change_and_improve_balancing_decisions.yml

@@ -0,0 +1,3 @@
+changed:
+  - Changed balancing and sorting behaviour (@gyptazy). [#378]
+  - Balancing objects will be ordered by: count of objects in affinity-rules, followed by memory size 

.changelogs/1.1.11/387_select_balancing_workloads_by_size.yml

@@ -0,0 +1,2 @@
+added:
+  - Add possibility to sort and select balancing workloads by smaller/larger guest objects (@gyptazy). [#387]

.changelogs/1.1.11/391_add_native_proxmox_ha_rules_support.yml

@@ -0,0 +1,3 @@
+added:
+  - Add support for Proxmox's native HA (affinity/anti-affinity) rules (@gyptazy). [#391]
+  - Add support for Proxmox's native HA (node-affinity) rules for pinning guests to nodes (@gyptazy). [#391]

.changelogs/1.1.11/395_fix_pool_based_node_pinning.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed pool based node pinning (@gyptazy). [#395]

.changelogs/1.1.11/402_add_ha_job_validation.yml

@@ -0,0 +1,2 @@
+added:
+  - Add HA job validation for migration jobs (@gytazy). [#402]

.changelogs/1.1.11/406_add_stricness_for_node_pinning_of_pools.yml

@@ -0,0 +1,2 @@
+added:
+  - Add support for configuring node-pinning strictness (default: true) within pools (@gyptazy). [#406]

.changelogs/1.1.11/408_fix_moving_ignored_guests.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed that ignored VMs/CTs got moved to another node when being ignored (@gyptazy). [#408]

.changelogs/1.1.11/414_add_pinning_enforcement.yml

@@ -0,0 +1,2 @@
+added:
+  - Add new option to enforce node/guest pinning even when cluster is balanced from a resource perspective (@gyptazy). [#414]

.changelogs/1.1.11/release_meta.yml

@@ -0,0 +1 @@
+date: 2026-01-12

.changelogs/1.1.12/420_fix_psi_based_balancing_key_error.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix PSI based balancing which resulted in a Python KeyError (@gyptazy). [#420]

.changelogs/1.1.12/release_meta.yml

@@ -0,0 +1 @@
+date: TBD

.changelogs/1.1.2/137_fix_systemd_unit_file.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix systemd unit file to run after network on non PVE nodes (by @robertdahlem) [#137]

.changelogs/1.1.2/157_add_proxmox_api_retry_mechanism.yml

@@ -0,0 +1,2 @@
+added:
+  - Add a configurable retry mechanism when connecting to the Proxmox API (by @gyptazy) [#157]

.changelogs/1.1.2/218_add_1_to_one_relationship_guest_node_pinning.yml

@@ -0,0 +1,2 @@
+added:
+  - Add 1-to-1 relationships between guest and hypervisor node to ping a guest on a node (by @gyptazy) [#218]

.changelogs/1.1.2/222_fix_force_type_cast_cpu_metrics_to_int.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Force type cast cpu count of guests to int for some corner cases where a str got returned (by @gyptazy). [#222]

.changelogs/1.1.2/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-05-13

.changelogs/1.1.3/189_add_reload_function.yml

@@ -0,0 +1,2 @@
+added:
+  - Add relaod (SIGHUP) function to ProxLB to reload the configuration (by @gyptazy). [#189]

.changelogs/1.1.3/232_align_maintenance_mode_proxmox_ha.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Align maintenance mode with Proxmox HA maintenance mode (by @gyptazy). [#232]

.changelogs/1.1.3/239_add_optional_delay_time_until_service_starts.yml

@@ -0,0 +1,2 @@
+added:
+  - Add optional wait time parameter to delay execution until the service takes action (by @gyptazy). #239

.changelogs/1.1.3/241_make_amount_of_parallel_migrations_configurable.yml

@@ -0,0 +1,2 @@
+added:
+  - Make the amount of parallel migrations configurable (by @gyptazy). [#241]

.changelogs/1.1.3/94_cpu_balancing_use_avg_instead_current_consumption.yml

@@ -0,0 +1,2 @@
+changed:
+  - Use the average CPU consumption of a guest within the last 60 minutes instead of the current CPU usage (by @philslab-ninja & @gyptazy). [#94]

.changelogs/1.1.3/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-06-19

.changelogs/1.1.4/245_add_guest_pinning_to_groups_of_nodes.yml

@@ -0,0 +1,2 @@
+added:
+  - Allow pinning of guests to a group of nodes (@gyptazy). [#245]

.changelogs/1.1.4/248_fix_dry_run_combination_balancing_disabled.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fixed an issue where balancing was performed in combination of deactivated balancing and dry-run mode (@gyptazy). [#248]

.changelogs/1.1.4/255_fix_loglevels.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Modified log levels to make output lighter at INFO level (@pmarasse) [#255]

.changelogs/1.1.4/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-06-27

.changelogs/1.1.5/260_allow_custom_api_ports.yml

@@ -0,0 +1,2 @@
+added:
+  - Allow custom API ports instead of fixed tcp/8006 (@gyptazy). [#260]

.changelogs/1.1.5/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-07-14

.changelogs/1.1.6/268_fix_balancing_type_eval.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix balancing evaluation of guest types (e.g., VM or CT) (@gyptazy). [#268]

.changelogs/1.1.6/290_validate_user_token_syntax.yml

@@ -0,0 +1,2 @@
+added:
+  - Add validation for provided API user token id to avoid confusions (@gyptazy). [#291]

.changelogs/1.1.6/291_fix_stack_trace_no_user_permissions_testing.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix stacktrace output when validating permissions on non existing users in Proxmox (@gyptazy). [#291]

.changelogs/1.1.6/295_fix_overprovisioning_first_node_if_anti_affinity_group_has_only_one-member.yml

@@ -0,0 +1,3 @@
+fixed:
+  - Fix Overprovisioning first node if anti_affinity_group has only one member (@MiBUl-eu). [#295]
+  

.changelogs/1.1.6/296_fix_validate_node_presence_when_pinning_guests.yml

@@ -0,0 +1,3 @@
+fixed:
+  - Validate for node presence when pinning guests to avoid crashing (@gyptazy). [#296]
+  

.changelogs/1.1.6/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-09-04

.changelogs/1.1.7/304_add_graceful_shutdown_sigint.yml

@@ -0,0 +1,2 @@
+added:
+  - Add graceful shutdown for SIGINT (e.g., CTRL + C abort). (@gyptazy). [#304]

.changelogs/1.1.7/305_add_conntrack_support_for_migrations.yml

@@ -0,0 +1,2 @@
+added:
+  - Add conntrack state aware migrations of VMs (@gyptazy). [#305]

.changelogs/1.1.7/308_fix_only_validate_valid_jobids.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix crash when validating absent migration job ids. (@gyptazy). [#308]

.changelogs/1.1.7/310_guest-object-names-not-being-evaluated-in-log.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix guest object names are not being evaluated in debug log. (@gyptazy). [#310]

.changelogs/1.1.7/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-09-19

.changelogs/1.1.8/317_container_image_non_root.yml

@@ -0,0 +1,3 @@
+changed:
+  - Container image does not run as root anymore (@mikaelkrantz945). [#317]
+  - Container image uses venv for running ProxLB (@mikaelkrantz945). [#317]

.changelogs/1.1.8/318_fix_conntrack_aware_migrations_api_pve8.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Fix API errors when using conntrack aware migration with older PVE versions (@gyptazy). [#318]

.changelogs/1.1.8/329_add_log_prefix.yml

@@ -0,0 +1,2 @@
+fixed:
+  - Add a static ProxLB prefix to the log output when used by journal handler (@gyptazy). [#329]

.changelogs/1.1.8/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-10-09

.changelogs/1.1.9/337_add_pressure_based_balancing.yml

@@ -0,0 +1,5 @@
+added:
+  - Add pressure (PSI) based balancing for memory, cpu, disk (req. PVE9 or greater) (@gyptazy). [#337]
+  - Pressure (PSI) based balancing for nodes
+  - Pressure (PSI) based balancing for guests
+  - Add PVE version evaluation

.changelogs/1.1.9/342_add_memory_balancing_threshold.yml

@@ -0,0 +1,2 @@
+added:
+  - Add an optional memory balancing threshold (@gyptazy). [#342]

.changelogs/1.1.9/343_add_affinity_rules_support_by_pools.yml

@@ -0,0 +1,2 @@
+added:
+  - Add affinity/anti-affinity support by pools (@gyptazy). [#343]

.changelogs/1.1.9/release_meta.yml

@@ -0,0 +1 @@
+date: 2025-10-30

.github/workflows/10-code-liniting.yml

@@ -0,0 +1,21 @@
+name: Code linting
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.8"]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup dependencies for code linting
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install additional dependencies for code linting
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install python3-pycodestyle pycodestyle
+      - name: Run code linting on ProxLB Python code
+        run: |
+          pycodestyle proxlb/*

.github/workflows/20-pipeline-build-deb-package.yml

@@ -0,0 +1,100 @@
+name: "Build package: .deb"
+on: [push]
+jobs:
+  lint-code-proxlb:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.8"]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup dependencies for code linting
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install additional dependencies for code linting
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install python3-pycodestyle pycodestyle
+      - name: Run code linting on ProxLB Python code
+        run: |
+          pycodestyle proxlb/* && \
+          echo "OK: Code linting successfully performed on ProxLB code."
+
+  build-package-debian:
+    needs: lint-code-proxlb
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Set up Docker with Debian image
+        run: |
+          docker pull debian:latest
+
+      - name: Build DEB package in Docker container
+        run: |
+          docker run --rm -v $(pwd):/workspace -w /workspace debian:latest bash -c "
+            # Install dependencies
+            apt-get update && \
+            apt-get install -y python3 python3-setuptools debhelper dh-python python3-pip python3-stdeb python3-proxmoxer python3-requests python3-urllib3 devscripts python3-all && \
+
+            # Get base version from source code
+            BASE_VERSION=\$(grep __version__ proxlb/utils/version.py | awk '{print \$3}' | tr -d '\"')
+            echo \"Base version: \$BASE_VERSION\"
+
+            # Build full version with timestamp
+            FULL_VERSION=\"\${BASE_VERSION}+$(date +%Y%m%d%H%M)\"
+            echo \"Full version: \$FULL_VERSION\"
+
+            # Update debian/changelog with new version
+            dch --force-bad-version -v \"\$FULL_VERSION\" \
+                \"Automated GitHub Actions build on $(date -u +'%Y-%m-%d %H:%M UTC').\" && \
+
+            # Build package using stdeb / setuptools
+            # python3 setup.py --command-packages=stdeb.command bdist_deb && \
+            # Build native package
+            dpkg-buildpackage -us -uc && \
+            mkdir package && \
+            mv ../*.deb package/ && \
+            echo 'OK: Debian package successfully created.'
+          "
+
+      - name: Upload Debian package python3-proxlb as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: debian-package
+          path: package/*.deb
+
+  integration-test-debian:
+    needs: build-package-debian
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        debian_version: [bookworm, trixie]
+    name: Integration Test on Debian ${{ matrix.debian_version }}
+    steps:
+      - name: Download Debian package artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: debian-package
+          path: package/
+
+      - name: Set up Docker with Debian image
+        run: docker pull debian:${{ matrix.debian_version }}
+
+      - name: Install and test Debian package in Docker container
+        run: |
+          docker run --rm \
+            -v "$(pwd)/package:/package" \
+            -w /package \
+            debian:${{ matrix.debian_version }} \
+            bash -c "
+              set -e
+              apt-get update
+              apt-get install -y python3 systemd
+              apt-get install -y ./proxlb*.deb
+              python3 -c 'import proxlb; print(\"OK: Debian package successfully installed on ${{ matrix.debian_version }}.\")'
+            "

.github/workflows/20-pipeline-build-rpm-package.yml

@@ -0,0 +1,96 @@
+name: "Build package: .rpm"
+on: [push]
+jobs:
+  lint-code-proxlb:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.8"]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup dependencies for code linting
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install additional dependencies for code linting
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install python3-pycodestyle pycodestyle
+      - name: Run code linting on ProxLB Python code
+        run: |
+          pycodestyle proxlb/* && \
+          echo "OK: Code linting successfully performed on ProxLB code."
+
+  build-package-rpm:
+    needs: lint-code-proxlb
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v3
+        with:
+          ref: 'development'
+
+      - name: Set up Docker with Debian image
+        run: |
+          docker pull debian:latest
+
+      - name: Build DEB package in Docker container
+        run: |
+          docker run --rm -v $(pwd):/workspace -w /workspace debian:latest bash -c "
+            # Install dependencies
+            apt-get update && \
+            apt-get install -y python3 python3-setuptools rpm debhelper dh-python python3-pip python3-stdeb python3-proxmoxer python3-requests python3-urllib3 && \
+            # Build package
+            python3 setup.py --command-packages=stdeb.command bdist_rpm && \
+            echo 'OK: RPM package successfully created.'
+          "
+
+      - name: Upload RPM package python3-proxlb as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: rpm-package
+          path: dist/*.rpm
+
+  # integration-test-rpm-rockylinux-9:
+  #   needs: build-package-rpm
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Download RPM package artifact
+  #       uses: actions/download-artifact@v4
+  #       with:
+  #         name: rpm-package
+  #         path: dist/
+
+  #     - name: Set up Docker with RockyLinux 9 image
+  #       run: docker pull rockylinux:9
+
+  #     - name: Install and test RPM package in Rocky Linux Docker container
+  #       run: |
+  #         docker run --rm -v $(pwd)/dist:/dist -w /dist rockylinux:9 bash -c "
+  #           # DNF does not handle wildcards well
+  #           rpm_file=\$(ls proxlb*.noarch.rpm) && \
+  #           dnf install -y \$rpm_file && \
+  #           python3 -c 'import proxlb; print(\"OK: RPM package successfully installed.\")'
+  #         "
+
+  # integration-test-rpm-rockylinux-8:
+  #   needs: build-package-rpm
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Download RPM package artifact
+  #       uses: actions/download-artifact@v4
+  #       with:
+  #         name: rpm-package
+  #         path: dist/
+
+  #     - name: Set up Docker with RockyLinux 8 image
+  #       run: docker pull rockylinux:8
+
+  #     - name: Install and test RPM package in Rocky Linux Docker container
+  #       run: |
+  #         docker run --rm -v $(pwd)/dist:/dist -w /dist rockylinux:8 bash -c "
+  #           # DNF does not handle wildcards well
+  #           rpm_file=\$(ls proxlb*.noarch.rpm) && \
+  #           dnf install -y \$rpm_file && \
+  #           python3 -c 'import proxlb; print(\"OK: RPM package successfully installed.\")'
+  #         "

.github/workflows/30-pipeline-build-container-amd64.yml

@@ -0,0 +1,26 @@
+name: "Build Container Image: AMD64"
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Build amd64 image and save as tar
+      run: |
+        docker buildx build \
+          --platform linux/amd64 \
+          --load \
+          -t proxlb-image:amd64 \
+          .
+
+        docker save proxlb-image:amd64 -o proxlb_image_amd64.tar
+    - name: Upload Docker image artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: proxlb-image-amd64
+        path: proxlb_image_amd64.tar

.github/workflows/30-pipeline-build-container-arm64.yml

@@ -0,0 +1,26 @@
+name: "Build Container Image: ARM64"
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Build arm64 image and save as tar
+      run: |
+        docker buildx build \
+          --platform linux/arm64 \
+          --load \
+          -t proxlb-image:arm64 \
+          .
+
+        docker save proxlb-image:arm64 -o proxlb_image_arm64.tar
+    - name: Upload Docker image artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: proxlb-image-arm64
+        path: proxlb_image_arm64.tar

.github/workflows/30-pipeline-build-container-multi-arch.yml

@@ -0,0 +1,23 @@
+name: "Build Container Image: Multiarch"
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Build multi-arch image and save as tar
+      run: |
+        docker buildx build \
+          --platform linux/amd64,linux/arm64 \
+          --output type=tar,dest=proxlb_image_multiarch.tar \
+          .
+    - name: Upload Docker image artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: proxlb-image-multiarch
+        path: proxlb_image_multiarch.tar

.gitignore

@@ -1,2 +1,7 @@
 __pycache__
+*.pyc
+.DS_Store
+build/
+dist/
+*.egg-info/
 proxlb_dev.yaml

CHANGELOG.md

@@ -0,0 +1,308 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.1.11] - 2026-01-12
+
+### Added
+
+- Add support for Proxmoxs native HA (affinity/anti-affinity) rules [beta] (@gyptazy). [#391]
+- Add support for Proxmox native HA (node-affinity) rules for pinning guests to nodes [beta] (@gyptazy). [#391]
+- Add resource reservation support for PVE nodes (@Chipmonk2). [#373]
+- Add possibility to sort and select balancing workloads by smaller/larger guest objects (@gyptazy). [#387]
+- Add HA job validation for migration jobs to fetch child jobs (@gytazy). [#402]
+- Add support for configuring node-pinning strictness (default: true) within pools to allow strict/prefer modes (@gyptazy). [#406]
+- Add new option to enforce node/guest pinning even when cluster is balanced from a resource perspective (@gyptazy). [#414]
+
+### Fixed
+
+- Fix missing overprovisioning safety guard to avoid node overprovisioning (@gyptazy). [#275]
+- Fix affinity matrix pre-validation by inverting validations (@Thalagyrt). [#335]
+- Fix pool based node pinning which expects a list (@gyptazy). [#395]
+- Fix that ignored VMs/CTs got moved to another node when being ignored (@gyptazy). [#408]
+
+### Changed
+
+- Change balancing and sorting behaviour (@gyptazy). [#378]
+- Balancing objects will be ordered by count of objects in affinity-rules, followed by memory size (@gyptazy). [#378]
+
+## [1.1.10] - 2025-11-25
+
+### Added
+
+- Prevent redundant rebalancing by validating existing affinity enforcement before taking actions (@gyptazy). [#335]
+- Add safety-guard for PVE 8 users when activating conntrack-aware migrations mistakenly (@gyptazy). [#359]
+
+### Fixed
+
+- Fix the Proxmox API connection validation which returned a false-positive logging message of timeouts (@gyptazy). [#361]
+- Refactored Proxmox API connection functions (@gyptazy). [#361]
+- Fix a crash during PVE resource pool enumeration by skipping members not having a 'name' property (@stefanoettl). [#368]
+
+## [1.1.9.1] - 2025-10-30
+
+### Fixed
+
+- Fix quoting in f-strings which may cause issues on PVE 8 / Debian Bookworm systems (@gyptazy). [#352]
+
+## [1.1.9] - 2025-10-30
+
+### Added
+
+- Add an optional memory balancing threshold (@gyptazy). [#342]
+- Add affinity/anti-affinity support by pools (@gyptazy). [#343]
+- Add pressure (PSI) based balancing for memory, cpu, disk (req. PVE9 or greater) (@gyptazy). [#337]
+    - Pressure (PSI) based balancing for nodes
+    - Pressure (PSI) based balancing for guests
+- Add PVE version evaluation
+
+## [1.1.8] - 2025-10-09
+
+### Fixed
+
+- Fix API errors when using conntrack aware migration with older PVE versions (@gyptazy). [#318]
+- Add a static ProxLB prefix to the log output when used by journal handler (@gyptazy). [#329]
+
+### Changed
+- Container image does not run as root anymore (@mikaelkrantz945). [#317]
+- Container image uses venv for running ProxLB (@mikaelkrantz945). [#317]
+
+## [1.1.7] - 2025-09-19
+
+### Added
+
+- Add conntrack state aware migrations of VMs (@gyptazy). [#305]
+- Add graceful shutdown for SIGINT (e.g., CTRL + C abort). (@gyptazy). [#304]
+
+### Fixed
+
+- Fix crash when validating absent migration job ids. (@gyptazy). [#308]
+- Fix guest object names are not being evaluated in debug log. (@gyptazy). [#310]
+
+## [1.1.6.1] - 2025-09-04
+
+### Fixed
+
+- Validate for node presence when pinning VMs to avoid crashing (@gyptazy). [#296]
+
+## [1.1.6] - 2025-09-04
+
+### Added
+
+- Add validation for provided API user token id to avoid confusions (@gyptazy). [#291]
+
+### Fixed
+
+- Fix stacktrace output when validating permissions on non existing users in Proxmox (@gyptazy). [#291]
+- Fix Overprovisioning first node if anti_affinity_group has only one member (@MiBUl-eu). [#295]
+- Validate for node presence when pinning guests to avoid crashing (@gyptazy). [#296]
+- Fix balancing evaluation of guest types (e.g., VM or CT) (@gyptazy). [#268]
+
+## [1.1.5] - 2025-07-14
+
+### Added
+
+- Allow custom API ports instead of fixed tcp/8006 (@gyptazy). [#260]
+
+
+## [1.1.4] - 2025-06-27
+
+### Added
+
+- Allow pinning of guests to a group of nodes (@gyptazy). [#245]
+
+### Fixed
+
+- Modified log levels to make output lighter at INFO level (@pmarasse) [#255]
+- Fixed an issue where balancing was performed in combination of deactivated balancing and dry-run mode (@gyptazy). [#248]
+
+
+## [1.1.3] - 2025-06-19
+
+### Added
+
+- Add relaod (SIGHUP) function to ProxLB to reload the configuration (by @gyptazy). [#189]
+- Add optional wait time parameter to delay execution until the service takes action (by @gyptazy). [#239]
+- Make the amount of parallel migrations configurable (by @gyptazy). [#241]
+
+### Changed
+
+- Use the average CPU consumption of a guest within the last 60 minutes instead of the current CPU usage (by @philslab-ninja & @gyptazy). [#94]
+
+### Fixed
+
+- Align maintenance mode with Proxmox HA maintenance mode (by @gyptazy). [#232]
+
+
+## [1.1.2] - 2025-05-13
+
+### Added
+
+- Add a configurable retry mechanism when connecting to the Proxmox API (by @gyptazy) [#157]
+- Add 1-to-1 relationships between guest and hypervisor node to ping a guest on a node (by @gyptazy) [#218]
+
+### Fixed
+
+- Force type cast cpu count of guests to int for some corner cases where a str got returned (by @gyptazy). [#222]
+- Fix systemd unit file to run after network on non PVE nodes (by @robertdahlem) [#137]
+
+
+## [1.1.1] - 2025-04-20
+
+### Added
+
+- Providing the API upstream error message when migration fails in debug mode (by @gyptazy) [#205]
+
+### Changed
+
+- Change the default behaviour of the daemon mode to active [#176]
+- Change the default banalcing mode to used instead of assigned [#180]
+
+### Fixed
+
+- Set cpu_used to the cpu usage, which is a percent, times the total number of cores to get a number where guest cpu_used can be added to nodes cpu_used and be meaningful (by @glitchvern) [#195]
+- Fix tag evluation for VMs for being ignored for further balancing [#163]
+- Honor the value when balancing should not be performed and stop balancing [#174]
+- allow the use of minutes instead of hours and only accept hours or minutes in the format (by @glitchvern) [#187]
+- Remove hard coded memory usage from lowest usage node and use method and mode specified in configuration instead (by @glitchvern) [#197]
+- Fix the guest type relationship in the logs when a migration job failed (by @gyptazy) [#204]
+- Requery a guest if that running guest reports 0 cpu usage (by @glitchvern) [#200]
+- Fix Python path for Docker entrypoint (by @crandler) [#170]
+- Improve logging verbosity of messages that had a wrong servity [#165]
+
+
+## [1.1.0] - 2025-04-01
+
+### Fixed
+
+- Refactored code base for ProxLB [#114]
+- Switched to `pycodestyle` for linting [#114]
+- Package building will be done within GitHub actions pipeline [#114]
+- ProxLB now only returns a warning when no guests for further balancing are not present (instead of quitting) [132#]
+- All nodes (according to the free resources) will be used now [#130]
+- Fixed logging outputs where highest/lowest were mixed-up [#129]
+- Stop balancing when movement would get worste (new force param to enfoce for affinity rules) [#128]
+- Added requested documentation regarding Proxmox HA groups [#127]
+- Rewrite of the whole affinity/anti-affinity rules evaluation and placement [#123]
+- Fixed the `ignore` parameter for nodes where the node and guests on the node will be untouched [#102]
+
+
+## [1.0.6] - 2024-12-24
+
+### Fixed
+
+- Fix maintenance mode when using cli arg and config mode by using the merged list (by @CartCaved). [#119]
+- Fix that a scheduler time definition of 1 (int) gets wrongly interpreted as a bool (by @gyptazy). [#115]
+
+
+## [1.0.5] - 2024-10-30
+
+### Changed
+
+- Change docs to make bool usage in configs more clear (by @gyptazy). [#104]
+
+### Fixed
+
+- Fix node (and its objects) evaluation when not reachable, e.g., maintenance (by @gyptazy). [#107]
+- Fix migration from local disks (by @greenlogles). [#113]
+- Fix evaluation of maintenance mode where comparing list & string resulted in a crash (by @glitchvern). [#106]
+- Fix allowed values (add DEBUG, WARNING) for log verbosity (by @gyptazy). [#98]
+
+
+## [1.0.4] - 2024-10-11
+
+### Added
+
+- Add maintenance mode to evacuate a node and move workloads for other nodes in the cluster. [#58]
+- Add feature to make API timeout configureable. [#91]
+- Add version output cli arg. [#89]
+
+### Changed
+
+- Run storage balancing only on supported shared storages. [#79]
+- Run storage balancing only when needed to save time. [#79]
+
+### Fixed
+
+- Fix CPU balancing where calculations are done in float instead of int. (by @glitchvern) [#75]
+- Fix documentation for the underlying infrastructure. [#81]
+
+
+## [1.0.3] - 2024-09-12
+
+### Added
+
+- Add cli arg `-b` to return the next best node for next VM/CT placement. [#8]
+- Add a convert function to cast all bool alike options from configparser to bools. [#53]
+- Add a config parser options for future features. [#53]
+- Add a config versio schema that must be supported by ProxLB. [#53]
+- Add feature to allow the API hosts being provided as a comma separated list. [#60]
+- Add doc how to add dedicated user for authentication. (by @Dulux-Oz)
+- Add storage balancing function. [#51]
+
+### Changed
+
+- Provide a more reasonable output when HA services are not active in a Proxmox cluster. [#68]
+- Improve the underlying code base for future implementations. [#53]
+
+### Fixed
+
+- Fix anti-affinity rules not evaluating a new and different node. [#67]
+- Fixed `master_only` function by inverting the condition.
+- Fix documentation for the master_only parameter placed in the wrong config section. [#74]
+- Fix bug in the `proxlb.conf` in the vm_balancing section.
+- Fix handling of unset `ignore_nodes` and `ignore_vms` resulted in an attribute error. [#71]
+- Improved the overall validation and error handling. [#64]
+
+
+## [1.0.2] - 2024-08-13
+
+### Added
+
+- Add option to run ProxLB only on the Proxmox's master node in the cluster (reg. HA feature). [#40]
+- Add option to run migrations in parallel or sequentially. [#41]
+
+### Changed
+
+- Fix daemon timer to use hours instead of minutes. [#45]
+
+### Fixed
+
+- Fix CMake packaging for Debian package to avoid overwriting the config file. [#49]
+
+
+## [1.0.0] - 2024-08-01
+
+### Added
+
+- Add feature to prevent VMs from being relocated by defining the 'plb_ignore_vm' tag. [#7]
+- Add feature to prevent VMs from being relocated by defining a wildcard pattern. [#7]
+- Add Docker/Podman support. [#10 by @daanbosch]
+- Add option to rebalance by assigned VM resources to avoid overprovisioning. [#16]
+- Add feature to make log verbosity configurable [#17].
+- Add dry-run support to see what kind of rebalancing would be done. [#6]
+- Add LXC/Container integration. [#27]
+- Add exclude grouping feature to rebalance VMs from being located together to new nodes. [#4]
+- Add include grouping feature to rebalance VMs bundled to new nodes. [#3]
+- Add option_mode to rebalance by node's free resources in percent (instead of bytes). [#29]
+
+### Changed
+
+- Adjusted general logging and log more details.
+
+
+## [0.9.9] - 2024-07-06
+
+### Added
+
+- Initial public development release of ProxLB.
+
+
+## [0.9.0] - 2024-02-01
+
+### Added
+
+- Development release of ProxLB.

CONTRIBUTING.md

@@ -0,0 +1,121 @@
+# Contributing to ProxLB (PLB)
+
+Thank you for considering contributing to ProxLB! We appreciate your help in improving the efficiency and performance of Proxmox clusters. Below are guidelines for contributing to the project.
+
+## Table of Contents
+
+- [Contributing to ProxLB (PLB)](#contributing-to-proxlb-plb)
+  - [Table of Contents](#table-of-contents)
+  - [Creating an Issue](#creating-an-issue)
+  - [Running Linting](#running-linting)
+  - [Running Tests](#running-tests)
+  - [Add Changelogs](#add-changelogs)
+  - [Submitting a Pull Request](#submitting-a-pull-request)
+  - [Code of Conduct](#code-of-conduct)
+  - [Getting Help](#getting-help)
+
+## Creating an Issue
+
+If you encounter a bug, have a feature request, or have any suggestions, please create an issue in our GitHub repository. To create an issue:
+
+1. **Go to the [Issues](https://github.com/gyptazy/proxlb/issues) section of the repository.**
+2. **Click on the "New issue" button.**
+3. **Select the appropriate issue template (Bug Report, Feature Request, or Custom Issue).**
+4. **Provide a clear and descriptive title.**
+5. **Fill out the necessary details in the issue template.** Provide as much detail as possible to help us understand and reproduce the issue or evaluate the feature request.
+
+## Running Linting
+Before submitting a pull request, ensure that your changes sucessfully perform the lintin. ProxLB uses [flake8] for running tests. Follow these steps to run tests locally:
+
+1. **Install pytest if you haven't already:**
+   ```sh
+   pip install flake8
+   ```
+
+2. **Run the lintin:**
+   ```sh
+   python3 -m flake8 proxlb
+   ```
+
+Linting will also be performed for each PR. Therefore, it might make sense to test this before pushing locally.
+
+## Running Tests
+
+Before submitting a pull request, ensure that your changes do not break existing functionality. ProxLB uses [pytest](https://docs.pytest.org/en/stable/) for running tests. Follow these steps to run tests locally:
+
+1. **Install pytest if you haven't already:**
+   ```sh
+   pip install pytest
+   ```
+
+2. **Run the tests:**
+   ```sh
+   pytest
+   ```
+
+Ensure all tests pass before submitting your changes.
+
+## Add Changelogs
+ProxLB uses the [Changelog Fragments Creator](https://github.com/gyptazy/changelog-fragments-creator) for creating the overall `CHANGELOG.md` file. This changelog file is being generated from the files placed in the https://github.com/gyptazy/ProxLB/tree/main/.changelogs/ directory. Each release is represented by its version number where additional yaml files are being placed and parsed by the CFC tool. Such files look like:
+
+```
+added:
+  - Add option to rebalance by assigned VM resources to avoid overprovisioning. [#16]
+```
+
+Every PR should contain such a file describing the change to ensure this is also stated in the changelog file.
+
+## Submitting a Pull Request
+
+We welcome your contributions! Follow these steps to submit a pull request:
+
+1. **Fork the repository to your GitHub account.**
+2. **Clone your forked repository to your local machine:**
+   ```sh
+   git clone https://github.com/gyptazy/proxlb.git
+   cd proxlb
+   ```
+
+Please prefix your PR regarding its type. It might be:
+* doc
+* feature
+* fix
+
+It should also provide the issue id to which it is related.
+
+1. **Create a new branch for your changes:**
+   ```sh
+   git checkout -b feature/10-add-new-cool-stuff
+   ```
+
+2. **Make your changes and commit them with a descriptive commit message:**
+   ```sh
+   git add .
+   git commit -m "feature: Adding new cool stuff"
+   ```
+
+3. **Push your changes to your forked repository:**
+   ```sh
+   git push origin feature/10-add-new-cool-stuff
+   ```
+
+4. **Create a pull request from your forked repository:**
+   - Go to the original repository on GitHub.
+   - Click on the "New pull request" button.
+   - Select the branch you pushed your changes to and create the pull request.
+
+Please ensure that your pull request:
+
+- Follows the project's coding style and guidelines.
+- Includes tests for any new functionality.
+- Updates the documentation as necessary.
+
+## Code of Conduct
+
+By participating in this project, you agree to abide by our [Code of Conduct](CODE_OF_CONDUCT.md). Please read it to understand the expected behavior and responsibilities when interacting with the community.
+
+## Getting Help
+
+If you need help or have any questions, feel free to reach out by creating an issue or by joining our [discussion forum](https://github.com/gyptazy/proxlb/discussions). You can also refer to our [documentation](https://github.com/gyptazy/ProxLB/tree/main/docs) for more information about the project or join our [chat room](https://matrix.to/#/#proxlb:gyptazy.com) in Matrix.
+
+Thank you for contributing to ProxLB! Together, we can enhance the efficiency and performance of Proxmox clusters.

Dockerfile

@@ -0,0 +1,41 @@
+# Use the latest Alpine image
+FROM alpine:latest
+
+# Labels
+LABEL maintainer="gyptazy@gyptazy.com"
+LABEL org.label-schema.name="ProxLB"
+LABEL org.label-schema.description="ProxLB - An advanced load balancer for Proxmox clusters."
+LABEL org.label-schema.vendor="gyptazy"
+LABEL org.label-schema.url="https://proxlb.de"
+LABEL org.label-schema.vcs-url="https://github.com/gyptazy/ProxLB"
+
+# --- Step 1 (root): system deps, user, dirs ---
+RUN apk add --no-cache python3 py3-pip \
+  && addgroup -S plb \
+  && adduser -S -G plb -h /home/plb plb \
+  && mkdir -p /app/conf /opt/venv \
+  && chown -R plb:plb /app /home/plb /opt/venv
+
+WORKDIR /app
+
+# Copy only requirements first for better layer caching
+COPY --chown=plb:plb requirements.txt /app/requirements.txt
+
+# --- Step 2 (appuser): venv + deps + code ---
+USER plb
+
+# Create venv owned by appuser and put it on PATH
+RUN python3 -m venv /opt/venv
+ENV PATH="/opt/venv/bin:${PATH}"
+
+# Install Python dependencies into the venv (no PEP 668 issues)
+RUN pip install --no-cache-dir -r /app/requirements.txt
+
+# Copy application code (owned by appuser)
+COPY --chown=plb:plb proxlb /app/proxlb
+
+# Optional: placeholder config so a bind-mount can override cleanly
+RUN touch /app/conf/proxlb.yaml
+
+# Run as non-root using venv Python
+ENTRYPOINT ["/opt/venv/bin/python", "/app/proxlb/main.py"]

LICENSE

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

README.md

@@ -1,52 +1,7 @@
-# ProxLB - (Re)Balance VM Workloads in Proxmox Clusters
-<img align="left" src="https://cdn.gyptazy.com/images/Prox-LB-logo.jpg"/>
-<br>
+# ProxLB Moved
 
-<p float="center"><img src="https://img.shields.io/github/license/gyptazy/ProxLB"/><img src="https://img.shields.io/github/contributors/gyptazy/ProxLB"/><img src="https://img.shields.io/github/last-commit/gyptazy/ProxLB/main"/><img src="https://img.shields.io/github/issues-raw/gyptazy/ProxLB"/><img src="https://img.shields.io/github/issues-pr/gyptazy/ProxLB"/></p>
+You can find the new location of the `ProxLB` project at:
+[github.com/credativ/ProxLB](https://github.com/credativ/ProxLB)
 
-
-## Table of Contents
-
-
-
-## Introduction
-ProxLB is an advanced load balancing solution specifically designed for Proxmox clusters, addressing the absence of a Dynamic Resource Scheduler (DRS) that is familiar to VMware users. As a third-party solution, ProxLB enhances the management and efficiency of Proxmox clusters by intelligently distributing workloads across available nodes. Workloads can be balanced by different times like the guest's memory, CPU or disk usage or their assignment to avoid overprovisioning and ensuring resources.
-
-One of the key advantages of ProxLB is that it is fully open-source and free, making it accessible for anyone to use, modify, and contribute to. This ensures transparency and fosters community-driven improvements. ProxLB supports filtering and ignoring specific nodes and guests through configuration files and API calls, providing administrators with the flexibility to tailor the load balancing behavior to their specific needs.
-
-A standout feature of ProxLB is its maintenance mode. When enabled, all guest workloads are automatically moved to other nodes within the cluster, ensuring that a node can be safely updated, rebooted, or undergo hardware maintenance without disrupting the overall cluster operation. Additionally, ProxLB supports both affinity and anti-affinity rules, allowing operators to group multiple guests to run together on the same node or ensure that certain guests do not run on the same node, depending on the cluster's node count. This feature is crucial for optimizing performance and maintaining high availability.
-
-ProxLB can also return the best next node for guest placement, which can be integrated into CI/CD pipelines using tools like Ansible or Terraform. This capability streamlines the deployment process and ensures efficient resource utilization. Furthermore, ProxLB leverages the Proxmox API, including the entire ACL (Access Control List) system, for secure and efficient operation. Unlike some solutions, it does not require SSH access, enhancing security and simplifying configuration.
-
-Overall, ProxLB significantly enhances resource management by intelligently distributing workloads, reducing downtime through its maintenance mode, and providing improved flexibility with affinity and anti-affinity rules. Its seamless integration with CI/CD tools and reliance on the Proxmox API make it a robust and secure solution for optimizing Proxmox cluster performance.
-
-### Video of Migration
-<img src="https://cdn.gyptazy.com/images/proxlb-rebalancing-demo.gif"/>
-
-## Features
-* Rebalance VMs/CTs in the cluster by:
-  * Memory
-  * Disk (only local storage)
-  * CPU
-* Get best nodes for further automation
-* Supported Guest Types
-  * VMs
-  * CTs
-  * Both
-* Maintenance Mode
-  * Set node(s) into maintenance
-  * Move all workloads to different nodes
-* Filter
-  * Exclude nodes
-  * Exclude virtual machines
-* Affinity / Anti-Affinity Rules
-* Dry-run support
-  * Human readable output in CLI
-  * JSON output for further parsing
-* Fully based on Proxmox API
-  * Fully integrated into the Proxmox ACL
-  * No SSH required
-* Usage
-  * One-Time
-  * Daemon
-  * Proxmox Web GUI Integration
+## Reasons
+You can find more details about this in [my blog post](https://gyptazy.com/blog/proxlb-project-handover-to-credativ/).

config/proxlb.yaml

@@ -1,27 +0,0 @@
-proxmox_api:
-  hosts: ['virt01.example.com', '10.10.10.10', 'fe01::bad:code::cafe']
-  user: root@pam
-  pass: crazyPassw0rd!
-  ssl_verification: False
-  timeout: 10
-
-proxmox_cluster:
-  maintenance_nodes: ['virt66.example.com']
-  ignore_nodes: []
-  overprovisioning: True
-
-balancing:
-  enable: True
-  force: False
-  parallel: False
-  live: True
-  with_local_disks: True
-  balance_types: ['vm', 'ct']
-  max_job_validation: 1800
-  balanciness: 5
-  method: memory
-  mode: assigned
-
-service:
-  daemon: False
-  log_level: DEBUG

config/proxlb_example.yaml

@@ -0,0 +1,89 @@
+proxmox_api:
+  hosts: ['virt01.example.com', '10.10.10.10', 'fe01:bad:code::cafe']
+  user: root@pam
+  pass: crazyPassw0rd!
+  # API Token method
+  # token_id: proxlb
+  # token_secret: 430e308f-1337-1337-beef-1337beefcafe
+  ssl_verification: True
+  timeout: 10
+  # API Connection retries
+  # retries: 1
+  # wait_time: 1
+
+proxmox_cluster:
+  maintenance_nodes: ['virt66.example.com']
+  ignore_nodes: []
+  overprovisioning: True
+
+balancing:
+  enable: True
+  enforce_affinity: False
+  enforce_pinning: False
+  parallel: False
+  # If running parallel job, you can define
+  # the amount of prallel jobs (default: 5)
+  parallel_jobs: 1
+  live: True
+  with_local_disks: True
+  with_conntrack_state: True
+  balance_types: ['vm', 'ct']         # 'vm' | 'ct'
+  max_job_validation: 1800            # Maximum time (in seconds) a job validation may take
+  memory_threshold: 75                # Optional: Maximum threshold (in percent) to trigger balancing actions
+  balanciness: 5                      # Maximum delta of resource usage between highest and lowest usage node
+  method: memory                      # 'memory' | 'cpu' | 'disk'
+  mode: used                          # 'assigned' | 'used' | 'psi'
+  balance_larger_guests_first: False  # Option to prioritize balancing of larger or smaller guests first
+  node_resource_reserve:              # Optional: Define resource reservations for nodes (in GB)
+    defaults:                         # Default reservation values applying to all nodes (unless explicitly overridden)
+      memory: 4                       # Default: 4 GB memory reserved per node
+    node01:                           # Specific node reservation override for node 'node01'
+      memory: 6                       # Specific: 6 GB memory reserved for node 'node01'
+  # # PSI thresholds only apply when using mode 'psi'
+  # psi:
+  #   nodes:
+  #     memory:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  #     cpu:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  #     disk:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  #   guests:
+  #     memory:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  #     cpu:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  #     disk:
+  #       pressure_full: 0.20
+  #       pressure_some: 0.20
+  #       pressure_spikes: 1.00
+  pools:                              # Optional: Define affinity/anti-affinity rules per pool
+    dev:                              # Pool name: dev
+      type: affinity                  # Type: affinity (keeping VMs together)
+    de-nbg01-db:                      # Pool name: de-nbg01-db
+      type: anti-affinity             # Type: anti-affinity (spreading VMs apart)
+      pin:                            # Define a pinning og guests to specific node(s)
+        - virt66
+        - virt77
+      strict: False                   # Disable strict mode of node pinning for this pool
+
+service:
+  daemon: True
+  schedule:
+    interval: 12
+    format: hours
+  delay:
+    enable: False
+    time: 1
+    format: hours
+  log_level: INFO

debian/changelog

@@ -0,0 +1,127 @@
+proxlb (1.1.11) stable; urgency=medium
+
+  * Add support for native Proxmox HA/Affinity rules. (Closes: #391)
+  * Add safety guard to avoid node overprovisioning. (Closes: #275)
+  * Fix affinity rules pre-validation (avoid rebalancing if already ensured). (Closes: #335)
+  * Add resource reservation support for PVE nodes. (Closes: #373)
+  * Change/Adjust balancing and sorting behaviour. (Closes: #378)
+  * Add control over balancing workloads by prefering smaller/larger guest objects. (Closes: #387)
+  * Fix pinning of guest and node relations when using pool based pinning. (Closes: #395)
+  * Add validation of HA jobs by fetching the related child jobs. (Closes: #402)
+  * Add support for configuring node-pinning strictness (mode: strict/prefer). (Closes: #406)
+  * Fix that tag based ignored guests got still moved. (Closes: #408)
+  * Add parameter to enforce guest node relationships when pinned even when the cluster is balanced. (Closes: #414)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Mon, 12 Jan 2026 11:11:04 +0001
+
+proxlb (1.1.10) stable; urgency=medium
+
+  * Prevent redundant rebalancing by validating existing affinity enforcement before taking actions. (Closes: #335)
+  * Add safety-guard for PVE 8 users when activating conntrack-aware migrations mistakenly. (Closes: #359)
+  * Fix the Proxmox API connection validation which returned a false-positive logging message of timeouts. (Closes: #361)
+  * Refactored the whole Proxmox API connection function. (Closes: #361)
+  * Fix a crash during PVE resource pool enumeration by skipping members not having a 'name' property. (Closes: #368)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Tue, 25 Nov 2025 09:12:04 +0001
+
+proxlb (1.1.9.1) stable; urgency=medium
+
+  * Fix quoting in f-strings which may cause issues on PVE 8 / Debian Bookworm systems. (Closes: #352)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 30 Oct 2025 17:41:02 +0001
+
+proxlb (1.1.9) stable; urgency=medium
+
+  * Add pressure (PSI) based balancing for memory, cpu, disk (req. PVE9 or greater). (Closes: #339)
+  * Add (memory) threshold for nodes before running balancing. (Closes: #342)
+  * Add affinity/anti-affinity support by pools. (Closes: #343)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 30 Oct 2025 06:58:43 +0001
+
+proxlb (1.1.8) stable; urgency=medium
+
+  * Fix API errors when using conntrack aware migration with older PVE version. (Closes: #318)
+  * Add a static ProxLB prefix to the log output when used by journal handler. (Closes: #329)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 09 Oct 2025 09:04:13 +0002
+
+proxlb (1.1.7) stable; urgency=medium
+
+  * Add conntrack state aware migrations of VMs. (Closes: #305)
+  * Add graceful shutdown for SIGINT command. (Closes: #304)
+  * Fix crash when validating absent migration job ids. (Closes: #308)
+  * Fix guest object names are not being evaluated in debug log. (Closes: #310)
+  * Note: Have a great Dutch Proxmox Day 2025!
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 04 Sep 2025 19:23:51 +0000
+
+proxlb (1.1.6.1) stable; urgency=medium
+
+  * Validate for node presence when pinning VMs to avoid crashing. (Closes: #296)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 04 Sep 2025 19:23:51 +0000
+
+proxlb (1.1.6) stable; urgency=medium
+
+  * Add validation for provided API user token id to avoid confusions. (Closes: #291)
+  * Fix stacktrace output when validating permissions on non existing users in Proxmox. (Closes: #291)
+  * Fix Overprovisioning first node if anti_affinity_group has only one member. (Closes: #295)
+  * Validate for node presence when pinning guests to avoid crashing. (Closes: #296)
+  * Fix balancing evaluation of guest types (e.g., VM or CT). (Closes: #268)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 04 Sep 2025 05:12:19 +0000
+
+proxlb (1.1.5) stable; urgency=medium
+
+  * Allow custom API ports instead of fixed tcp/8006. (Closes: #260)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Mon, 14 Jul 2025 11:07:34 +0000
+
+proxlb (1.1.4) stable; urgency=medium
+
+  * Allow pinning of guests to a group of nodes. (Closes: #245)
+  * Modified log levels to make output lighter at INFO level. (Closes: #255)
+  * ixed an issue where balancing was performed in combination of deactivated balancing and dry-run mode. (Closes: #248)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Fri, 27 Jun 2025 16:22:58 +0000
+
+proxlb (1.1.3) stable; urgency=medium
+
+  * Add relaod (SIGHUP) function to ProxLB to reload the configuration. (Closes: #189)
+  * Add optional wait time parameter to delay execution until the service takes action. (Closes: #239)
+  * Make the amount of parallel migrations configurable. (Closes: #241)
+  * Use the average CPU consumption of a guest within the last 60 minutes instead of the current CPU usage. (Closes: #94)
+  * Align maintenance mode with Proxmox HA maintenance mode. (Closes: #232)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Thu, 19 Jun 2025 09:10:43 +0000
+
+proxlb (1.1.2) stable; urgency=medium
+
+  * Add a configurable retry mechanism when connecting to the Proxmox API. (Closed: #157)
+  * Add 1-to-1 relationships between guest and hypervisor node to ping a guest on a node. (Closes #218)
+  * Force type cast cpu count of guests to int for some corner cases where a str got returned. (Closed #222)
+  * Fix systemd unit file to run after network on non PVE nodes. (Closes #137)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Mon, 13 May 2025 18:12:04 +0000
+
+proxlb (1.1.1) stable; urgency=medium
+
+  * Fix tag evluation for VMs for being ignored for further balancing. (Closes: #163)
+  * Improve logging verbosity of messages that had a wrong servity. (Closes: #165)
+  * Providing the API upstream error message when migration fails in debug mode (Closes: #205)
+  * Change the default behaviour of the daemon mode to active. (Closes: #176)
+  * Change the default banalcing mode to used instead of assigned. (Closes: #180)
+  * Set cpu_used to the cpu usage, which is a percent, times the total number of cores to get a number where guest cpu_used can be added to nodes cpu_used and be meaningful. (Closes: #195)
+  * Honor the value when balancing should not be performed and stop balancing. (Closes: #174)
+  * Allow the use of minutes instead of hours and only accept hours or minutes in the format. (Closes: #187)
+  * Remove hard coded memory usage from lowest usage node and use method and mode specified in configuration instead. (Closes: #197)
+  * Fix the guest type relationship in the logs when a migration job failed. (Closes: #204)
+  * Requery a guest if that running guest reports 0 cpu usage. (Closes: #200)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Sat, 20 Apr 2025 20:55:02 +0000
+
+proxlb (1.1.0) stable; urgency=medium
+
+  * Refactored code base of ProxLB. (Closes: #114)
+
+ -- Florian Paul Azim Hoberg <gyptazy@gyptazy.com>  Mon, 17 Mar 2025 18:55:02 +0000

debian/control

@@ -0,0 +1,12 @@
+Source: proxlb
+Maintainer: Florian Paul Azim Hoberg <gyptazy@gyptazy.com>
+Section: admin
+Priority: optional
+Standards-Version: 4.5.0
+Build-Depends: debhelper-compat (= 13), dh-python, python3-all, python3-setuptools
+
+Package: proxlb
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends}, python3-requests, python3-urllib3, python3-packaging, python3-proxmoxer, python3-yaml
+Description: An advanced resource scheduler and load balancer for Proxmox clusters
+ An advanced resource scheduler and load balancer for Proxmox clusters that also supports maintenance mode and affinity/anti-affinity rules.

debian/install

@@ -0,0 +1,2 @@
+proxlb /usr/lib/python3/dist-packages/
+service/proxlb.service /lib/systemd/system/

debian/postinst

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+#DEBHELPER#
+if [ "$1" = "configure" ]; then
+    systemctl enable proxlb.service
+    systemctl restart proxlb.service || true
+
+    # Create the 'plb' user if it does not exist
+    if ! id "plb" &>/dev/null; then
+        useradd --system --home /var/lib/proxlb --create-home --shell /usr/sbin/nologin --group nogroup plb
+        echo "User 'plb' created."
+    else
+        echo "User 'plb' already exists, skipping creation."
+    fi
+fi

debian/prerm

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+#DEBHELPER#
+if [ "$1" = "remove" ]; then
+    systemctl stop proxlb.service || true
+    systemctl disable proxlb.service || true
+
+    # Remove the 'plb' user if it exists
+    if id "plb" &>/dev/null; then
+        userdel --remove plb
+        echo "User 'plb' removed."
+    else
+        echo "User 'plb' does not exist, skipping removal."
+    fi
+fi

debian/rules

@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+%:
+	dh $@ --with python3 --buildsystem=pybuild
+

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

docs/01_requirements.md

@@ -0,0 +1,65 @@
+# Table of Contents
+
+- [Requirements](#requirements)
+- [Where To Run?](#where-to-run)
+
+## Requirements
+ProxLB is a sophisticated load balancer designed to enhance the management and distribution of workloads within a Proxmox cluster. By fully utilizing the Proxmox API, ProxLB eliminates the need for additional SSH access, streamlining cluster management while maintaining robust security. This chapter outlines the general requirements necessary to deploy and operate ProxLB effectively.
+
+### Proxmox Cluster Requirements
+To use ProxLB, you must have an existing Proxmox cluster consisting of at least two nodes. While traditional load balancers often struggle to manage minimal node configurations, ProxLB is optimized to provide efficient load distribution even in a two-node environment. The more nodes present in the cluster, the better ProxLB can optimize resource usage and manage workloads.
+
+### ProxLB Package Requirements
+Next to the previously mentioned requirements, ProxLB also requires you to fit the following ones:
+* Python3.x
+* proxmoxer
+* requests
+* urllib3
+* pyyaml
+
+### Seamless API Integration
+ProxLB relies exclusively on the Proxmox API for all management tasks. This eliminates the need for direct SSH access, ensuring a cleaner and more secure interaction with the cluster. The API integration allows ProxLB to:
+
+- Monitor cluster health and node resource utilization
+- Migrate virtual machines (VMs) and containers as needed
+- Manage storage utilization and distribution
+- Implement load balancing policies
+
+### Authentication and Security Standards
+ProxLB fully supports Proxmox’s integrated user management system, providing robust authentication and access control. Key features include:
+
+- **Multi-Factor Authentication (MFA):** Enhances security by requiring multiple verification methods.
+- **API Key Support:** ProxLB can utilize API keys for authentication instead of traditional username/password combinations, minimizing exposure to credentials.
+- **Role-Based Access Control (RBAC):** Ensures administrators have fine-grained control over user permissions.
+
+### Flexible Storage Support
+ProxLB offers versatile storage management options, supporting both local and shared storage types. It efficiently balances storage workloads across the cluster using the following storage systems:
+
+- **Local Storage:** Direct-attached storage on each node.
+- **Shared Storage:** Includes options like iSCSI, NVMeOF, and NFS for centralized storage solutions.
+- **Ceph:** Integrated support for Ceph distributed storage, providing high availability and fault tolerance.
+
+### Network Infrastructure Requirements
+For optimal performance, ProxLB requires a reliable and high-speed network connection between the nodes in the cluster. Ensure that the network infrastructure meets the following criteria:
+
+- **Low Latency:** Essential for real-time load balancing and VM migration.
+- **Sufficient Bandwidth:** Adequate to handle storage access, data replication, and migration traffic.
+- **Redundant Network Paths:** Recommended for increased fault tolerance and uptime.
+
+### System Resource Allocation
+ProxLB itself requires minimal system resources to operate. However, for managing larger clusters or high workloads, ensure the node running ProxLB has adequate resources available:
+
+- **CPU:** A modern multi-core processor.
+- **Memory:** At least 2 GB of RAM.
+- **Storage:** Minimal disk space for configuration files and logs.
+
+
+## Where To Run?
+ProxLB is lightweight and flexible where it runs on nearly any environment and only needs access to your Proxmox host’s API endpoint (commonly TCP port 8006).
+
+Therefore, you can simply run ProxLB on:
+* Bare-metal Systems
+* VMs (even inside the Proxmox cluster)
+* Docker/Podman Container
+* LXC Container
+* On a Proxmox node

docs/02_installation.md

@@ -0,0 +1,186 @@
+# Table of Contents
+
+- [Installation](#installation)
+  - [Requirements / Dependencies](#requirements--dependencies)
+  - [Debian Package](#debian-package)
+    - [Quick-Start](#quick-start)
+    - [Details](#details)
+    - [Debian Packages (.deb files)](#debian-packages-deb-files)
+    - [Repo Mirror and Proxmox Offline Mirror Support](#repo-mirror-and-proxmox-offline-mirror-support)
+  - [RedHat Package](#redhat-package)
+  - [Container Images / Docker](#container-images--docker)
+    - [Overview of Images](#overview-of-images)
+  - [Source](#source)
+    - [Traditional System](#traditional-system)
+    - [Container Image](#container-image)
+- [Upgrading](#upgrading)
+  - [Upgrading from < 1.1.0](#upgrading-from--110)
+  - [Upgrading from >= 1.1.0](#upgrading-from--110)
+
+
+## Installation
+### Requirements / Dependencies
+* Python3.x
+* proxmoxer
+* requests
+* urllib3
+* pyyaml
+
+The dependencies can simply be installed with `pip` by running the following command:
+```
+pip install -r requirements.txt
+```
+
+*Note: Distribution packages, such like the provided `.deb` package will automatically resolve and install all required dependencies by using already packaged version from the distribution's repository. By using the Docker (container) image or Debian packages, you do not need to take any care of the requirements listed here.*
+
+### Debian Package
+ProxLB is a powerful and flexible load balancer designed to work across various architectures, including `amd64`, `arm64`, `rv64` and many other ones that support Python. It runs independently of the underlying hardware, making it a versatile choice for different environments. This chapter covers the step-by-step process to install ProxLB on Debian-based systems, including Debian clones like Ubuntu.
+
+#### Quick-Start
+You can simply use this snippet to install the repository and to install ProxLB on your system.
+
+```bash
+echo "deb https://repo.gyptazy.com/stable /" > /etc/apt/sources.list.d/proxlb.list
+wget -O /etc/apt/trusted.gpg.d/proxlb.asc https://repo.gyptazy.com/repository.gpg
+apt-get update && apt-get -y install proxlb
+cp /etc/proxlb/proxlb_example.yaml /etc/proxlb/proxlb.yaml
+# Adjust the config to your needs
+vi /etc/proxlb/proxlb.yaml
+systemctl start proxlb
+```
+
+Afterwards, ProxLB is running in the background and balances your cluster by your defined balancing method (default: memory).
+
+#### Details
+ProxLB provides two different repositories:
+* https://repo.gyptazy.com/stable (only stable release)
+* https://repo.gyptazy.com/testing (bleeding edge - not recommended)
+
+The repository is signed and the GPG key can be found at:
+* https://repo.gyptazy.com/repository.gpg
+
+You can also simply import it by running:
+
+```
+# KeyID:  17169F23F9F71A14AD49EDADDB51D3EB01824F4C
+# UID:    gyptazy Solutions Repository <contact@gyptazy.com>
+# SHA256: 52c267e6f4ec799d40cdbdb29fa518533ac7942dab557fa4c217a76f90d6b0f3  repository.gpg
+
+wget -O /etc/apt/trusted.gpg.d/proxlb.asc https://repo.gyptazy.com/repository.gpg
+```
+
+*Note: The defined repositories `repo.gyptazy.com` and `repo.proxlb.de` are the same!*
+
+#### Debian Packages (.deb files)
+If you do not want to use the repository you can also find the debian packages as a .deb file on gyptazy's CDN at:
+* https://cdn.gyptazy.com/files/os/debian/proxlb/
+
+Afterwards, you can simply install the package by running:
+```bash
+dpkg -i proxlb_*.deb
+cp /etc/proxlb/proxlb_example.yaml /etc/proxlb/proxlb.yaml
+# Adjust the config to your needs
+vi /etc/proxlb/proxlb.yaml
+systemctl start proxlb
+```
+
+#### Repo Mirror and Proxmox Offline Mirror Support
+ProxLB uses the supported flat mirror style for the Debian repository. Unfortunately, not all offline-mirror applications support it. One of the known ones is the official *proxmox-offline-mirror* which is unable to handle flat repositories (see also: [#385](https://github.com/gyptazy/ProxLB/issues/385)).
+
+Therefore, we currently operate and support both ways to avoid everyone force switching to the new repository. As a result, you can simply use this repository:
+```
+deb https://repo.gyptazy.com/proxlb stable main
+```
+
+**Example Config for proxmox-offline-mirror:**
+
+An example config for the proxmox-offline-mirror would look like:
+```
+mirror: proxlb
+    architectures amd64
+    base-dir /var/lib/proxmox-offline-mirror/mirrors/
+    key-path /etc/apt/trusted.gpg.d/proxlb.asc
+    repository deb https://repo.gyptazy.com/proxlb stable main
+    sync true
+    verify true
+```
+
+### RedHat Package
+There's currently no official support for RedHat based systems. However, there's a dummy .rpm package for such systems in the pipeline which can be found here:
+* https://github.com/gyptazy/ProxLB/actions/workflows/20-pipeline-build-rpm-package.yml
+
+
+### Container Images / Docker
+Using the ProxLB container images is straight forward and only requires you to mount the config file.
+
+```bash
+# Pull the image
+docker pull cr.gyptazy.com/proxlb/proxlb:latest
+# Download the config
+wget -O proxlb.yaml https://raw.githubusercontent.com/gyptazy/ProxLB/refs/heads/main/config/proxlb_example.yaml
+# Adjust the config to your needs
+vi proxlb.yaml
+# Start the ProxLB container image with the ProxLB config
+docker run -it --rm -v $(pwd)/proxlb.yaml:/etc/proxlb/proxlb.yaml proxlb
+```
+
+*Note: ProxLB container images are officially only available at cr.proxlb.de and cr.gyptazy.com.* 
+
+#### Overview of Images
+| Version | Image |
+|------|:------:|
+| latest | cr.gyptazy.com/proxlb/proxlb:latest |
+| v1.1.0 | cr.gyptazy.com/proxlb/proxlb:v1.1.0 |
+| v1.0.6 | cr.gyptazy.com/proxlb/proxlb:v1.0.6 |
+| v1.0.5 | cr.gyptazy.com/proxlb/proxlb:v1.0.5 |
+| v1.0.4 | cr.gyptazy.com/proxlb/proxlb:v1.0.4 |
+| v1.0.3 | cr.gyptazy.com/proxlb/proxlb:v1.0.3 |
+| v1.0.2 | cr.gyptazy.com/proxlb/proxlb:v1.0.2 |
+| v1.0.0 | cr.gyptazy.com/proxlb/proxlb:v1.0.0 |
+| v0.9.9 | cr.gyptazy.com/proxlb/proxlb:v0.9.9 |
+
+### Source
+ProxLB can also easily be used from the provided sources - for traditional systems but also as a Docker/Podman container image.
+
+#### Traditional System
+Setting up and running ProxLB from the sources is simple and requires just a few commands. Ensure Python 3 and the Python dependencies are installed on your system, then run ProxLB using the following command:
+```bash
+git clone https://github.com/gyptazy/ProxLB.git
+cd ProxLB
+```
+
+Afterwards simply adjust the config file to your needs:
+```bash
+vi config/proxlb.yaml
+```
+
+Start ProxLB by Python3 on the system:
+```bash
+python3 proxlb/main.py -c config/proxlb.yaml
+```
+
+#### Container Image
+Creating a container image of ProxLB is straightforward using the provided Dockerfile. The Dockerfile simplifies the process by automating the setup and configuration required to get ProxLB running in an Alpine container. Simply follow the steps in the Dockerfile to build the image, ensuring all dependencies and configurations are correctly applied. For those looking for an even quicker setup, a ready-to-use ProxLB container image is also available, eliminating the need for manual building and allowing for immediate deployment.
+
+```bash
+git clone https://github.com/gyptazy/ProxLB.git
+cd ProxLB
+docker build -t proxlb .
+```
+
+Afterwards simply adjust the config file to your needs:
+```bash
+vi config/proxlb.yaml
+```
+
+Finally, start the created container.
+```bash
+docker run -it --rm -v $(pwd)/proxlb.yaml:/etc/proxlb/proxlb.yaml proxlb
+```
+
+## Upgrading
+### Upgrading from < 1.1.0
+Upgrading ProxLB is not supported due to a fundamental redesign introduced in version 1.1.x. With this update, ProxLB transitioned from a monolithic application to a pure Python-style project, embracing a more modular and flexible architecture. This shift aimed to improve maintainability and extensibility while keeping up with modern development practices. Additionally, ProxLB moved away from traditional ini-style configuration files and adopted YAML for configuration management. This change simplifies configuration handling, reduces the need for extensive validation, and ensures better type casting, ultimately providing a more streamlined and user-friendly experience.
+
+### Upgrading from >= 1.1.0
+Uprading within the current stable versions, starting from 1.1.0, will be possible in all supported ways.

docs/03_configuration.md

@@ -0,0 +1,377 @@
+# Table of Contents
+
+1. [Authentication / User Accounts / Permissions](#authentication--user-accounts--permissions)
+    1. [Authentication](#authentication)
+    2. [Creating a Dedicated User](#creating-a-dedicated-user)
+    3. [Creating an API Token for a User](#creating-an-api-token-for-a-user)
+    4. [Required Permissions for a User](#required-permissions-for-a-user)
+2. [Configuration](#configuration)
+    1. [Affinity & Anti-Affinity Rules](#affinity--anti-affinity-rules)
+        1. [Affinity Rules](#affinity-rules)
+        2. [Anti-Affinity Rules](#anti-affinity-rules)
+        3. [Affinity / Anti-Affinity Enforcing](#affinity--anti-affinity-enforcing)
+        4. [Ignore VMs](#ignore-vms)
+        5. [Pin VMs to Hypervisor Nodes](#pin-vms-to-hypervisor-nodes)
+    2. [API Loadbalancing](#api-loadbalancing)
+    3. [Ignore Host-Nodes or Guests](#ignore-host-nodes-or-guests)
+    4. [IPv6 Support](#ipv6-support)
+    5. [Logging / Log-Level](#logging--log-level)
+    6. [Parallel Migrations](#parallel-migrations)
+    7. [Run as a Systemd-Service](#run-as-a-systemd-service)
+    8. [SSL Self-Signed Certificates](#ssl-self-signed-certificates)
+    9. [Node Maintenances](#node-maintenances)
+    10. [Balancing Methods](#balancing-methods)
+        1. [Used Resources](#used-resources)
+        2. [Assigned Resources](#assigned-resources)
+        3. [Pressure (PSI) based Resources](#pressure-psi-based-resources)
+
+## Authentication / User Accounts / Permissions
+### Authentication
+ProxLB supports the traditional username and password authentication method, which is familiar to many users. This method requires users to provide their credentials (username and password) to gain access to the Proxmox system. While this method is straightforward and easy to implement, it has several security limitations. Username and password combinations can be vulnerable to brute force attacks, where an attacker systematically attempts various combinations until the correct one is found. If a user's credentials are compromised through phishing, malware, or other means, the attacker can gain unauthorized access to the system. Additionally, traditional authentication does not provide granular control over permissions and access levels, potentially exposing sensitive operations to unauthorized users.
+
+To enhance security, ProxLB supports API token authentication. API tokens are unique identifiers that are used to authenticate API requests. They offer several advantages over traditional username and password authentication. API tokens are more secure as they are typically long, random strings that are difficult to guess. They can be revoked and regenerated as needed, reducing the risk of unauthorized access. API tokens can be associated with specific user accounts that have only the required permissions, ensuring that users only have access to the resources and operations they need. Furthermore, API tokens can be used for automated scripts and applications, facilitating seamless integration with other systems and services.
+
+When Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) is enabled in the Proxmox cluster, the system enforces the use of API tokens for authentication. This is because traditional username and password authentication is not considered secure enough in conjunction with MFA/2FA. To ensure the highest level of security when using API tokens, follow these best practices: Use dedicated user accounts for API tokens, each with only the necessary permissions. This limits the potential impact of a compromised token. Ensure that API tokens are long, random, and unique. Avoid using easily guessable patterns or sequences. Periodically regenerate and replace API tokens to minimize the risk of long-term exposure. Store API tokens securely, using environment variables or secure vaults. Avoid hardcoding tokens in source code or configuration files. Regularly monitor and audit the usage of API tokens to detect any suspicious activity or unauthorized access.
+
+### Creating a Dedicated User
+It is advisable to avoid using the default root@pam user for balancing tasks in ProxLB. Instead, creating a dedicated user account is recommended and can be done easily. You can create a new user through the GUI, API, or CLI. While the detailed roles required for balancing are outlined in the next chapter, you can also use the following CLI commands to create a user with the necessary roles to manage Virtual Machines (VMs) and Containers (CTs):
+
+```
+pveum role add proxlb --privs Datastore.Audit,Sys.Audit,VM.Audit,VM.Migrate
+pveum user add proxlb@pve --password <password>
+pveum acl modify / --roles proxlb --users proxlb@pve
+```
+
+*Note: The user management can also be done on the WebUI without invoking the CLI.*
+
+### Creating an API Token for a User
+Create an API token for user proxlb@pve with token ID proxlb and deactivated privilege separation:
+```
+pveum user token add proxlb@pve proxlb --privsep 0
+```
+
+Afterwards, you get the token secret returned. You can now add those entries to your ProxLB config. Make sure, that you also keep the `user` parameter, next to the new token parameters.
+
+> [!IMPORTANT]  
+> The parameter `pass` then needs to be **absent**! You should also take care about the privilege and authentication mechanism behind Proxmox. You might want or even might not want to use privilege separation and this is up to your personal needs and use case.
+
+| Proxmox API  | ProxLB Config  | Example  |
+|---|---|---|
+| User  | [user](https://github.com/gyptazy/ProxLB/blob/main/config/proxlb_example.yaml#L3) | proxlb@pve  |
+| Token ID  | [token_id](https://github.com/gyptazy/ProxLB/blob/main/config/proxlb_example.yaml#L6) | proxlb  |
+| Token Secret  | [token_secret](https://github.com/gyptazy/ProxLB/blob/main/config/proxlb_example.yaml#L7)  |  430e308f-1337-1337-beef-1337beefcafe |
+
+*Note: The API token configuration can also be done on the WebUI without invoking the CLI.*
+
+### Required Permissions for a User
+To ensure that ProxLB operates effectively and securely, it is essential to assign the appropriate permissions to the user accounts responsible for managing the load balancing tasks. The following permissions are the minimum required for a user to perform essential ProxLB operations:
+
+* `Datastore.Audit`: Grants the ability to audit and view datastore information.
+* `Sys.Audit`: Allows the user to audit and view system information.
+* `VM.Audit`: Enables the user to audit and view virtual machine details.
+* `VM.Migrate`: Provides the permission to migrate virtual machines.
+
+Assigning these permissions ensures that the user can access necessary information and perform critical operations related to load balancing without granting excessive privileges. This practice helps maintain a secure and efficient ProxLB environment.
+
+## Configuration
+
+### Affinity & Anti-Affinity Rules
+ProxLB provides an advanced mechanism to define affinity and anti-affinity rules, enabling precise control over virtual machine (VM) placement. These rules help manage resource distribution, improve high availability configurations, and optimize performance within a Proxmox Virtual Environment (PVE) cluster. By leveraging Proxmox’s integrated access management, ProxLB ensures that users can only define and manage rules for guests they have permission to access.
+
+ProxLB implements affinity and anti-affinity rules through a tag-based system within the Proxmox web interface. Each guest (virtual machine or container) can be assigned specific tags, which then dictate its placement behavior. This method maintains a streamlined and secure approach to managing VM relationships while preserving Proxmox’s inherent permission model.
+
+#### Affinity Rules by Tags
+<img align="left" src="https://cdn.gyptazy.com/img/proxlb-affinity-rules.jpg"/> Affinity rules are used to group certain VMs together, ensuring that they run on the same host whenever possible. This can be beneficial for workloads requiring low-latency communication, such as clustered databases or application servers that frequently exchange data.
+
+To define an affinity rule which keeps all guests assigned to this tag together on a node, users assign a tag with the prefix `plb_affinity_$TAG`:
+
+##### Example for Screenshot
+```
+plb_affinity_talos
+```
+
+As a result, ProxLB will attempt to place all VMs with the `plb_affinity_web` tag on the same host (see also the attached screenshot with the same node).
+
+#### Affinity Rules by Pools
+Antoher approach is by using pools in Proxmox. This way, it can easily also combined with other resources like backup jobs. However, in this approach you need to modify the ProxLB config file to your needs. Within the `balancing` section you can create a dict of pools, including the pool name and the affinity type. Please see the example for further details:
+
+**Example Config**
+```
+balancing:
+  [...]
+  pools:                              # Optional: Define affinity/anti-affinity rules per pool
+    dev:                              # Pool name: dev
+      type: affinity                  # Type: affinity (keeping VMs together)
+```
+
+#### Anti-Affinity Rules by Tags
+<img align="left" src="https://cdn.gyptazy.com/img/proxlb-anti-affinity-rules.jpg"/> Conversely, anti-affinity rules ensure that designated VMs do not run on the same physical host. This is particularly useful for high-availability setups, where redundancy is crucial. Ensuring that critical services are distributed across multiple hosts reduces the risk of a single point of failure.
+
+To define an anti-affinity rule that ensures to not move systems within this group to the same node, users assign a tag with the prefix:
+
+##### Example for Screenshot
+```
+plb_anti_affinity_ntp
+```
+
+As a result, ProxLB will try to place the VMs with the `plb_anti_affinity_ntp` tag on different hosts (see also the attached screenshot with the different nodes).
+
+**Note:** While this ensures that ProxLB tries distribute these VMs across different physical hosts within the Proxmox cluster this may not always work. If you have more guests attached to the group than nodes in the cluster, we still need to run them anywhere. If this case occurs, the next one with the most free resources will be selected.
+
+#### Anti-Affinity Rules by Pools
+Antoher approach is by using pools in Proxmox. This way, it can easily also combined with other resources like backup jobs. However, in this approach you need to modify the ProxLB config file to your needs. Within the `balancing` section you can create a dict of pools, including the pool name and the affinity type. Please see the example for further details:
+
+**Example Config**
+```
+balancing:
+  [...]
+  pools:                              # Optional: Define affinity/anti-affinity rules per pool
+    de-nbg01-db:                      # Pool name: de-nbg01-db
+      type: anti-affinity                  # Type: anti-affinity (spreading VMs apart)
+````
+
+### Affinity / Anti-Affinity Enforcing
+When a cluster is already balanced and does not require further adjustments, enabling the enforce_affinity parameter ensures that affinity and anti-affinity rules are still respected. This parameter prioritizes the placement of guest objects according to these rules, even if it leads to slight resource imbalances or increased migration overhead. Regularly reviewing and updating these rules, along with monitoring cluster performance, helps maintain optimal performance and reliability. By carefully managing these aspects, you can create a cluster environment that meets your specific needs and maintains a good balance of resources.
+
+```
+balancing:
+  enforce_affinity: True
+```
+
+*Note: This may have impacts to the cluster. Depending on the created group matrix, the result may also be an unbalanced cluster.*
+
+### Ignore VMs / CTs
+<img align="left" src="https://cdn.gyptazy.com/img/proxlb-ignore-vm-movement.jpg"/> Guests, such as VMs or CTs, can also be completely ignored. This means, they won't be affected by any migration (even when (anti-)affinity rules are enforced). To ensure a proper resource evaluation, these guests are still collected and evaluated but simply skipped for balancing actions. Another thing is the implementation. While ProxLB might have a very restricted configuration file including the file permissions, this file is only read- and writeable by the Proxmox administrators. However, we might have user and groups who want to define on their own that their systems shouldn't be moved. Therefore, these users can simpy set a specific tag to the guest object - just like the (anti)affinity rules.
+
+To define a guest to be ignored from the balancing, users assign a tag with the prefix `plb_ignore_$TAG`:
+
+#### Example for Screenshot
+```
+plb_ignore_dev
+```
+
+As a result, ProxLB will not migrate this guest with the `plb_ignore_dev` tag to any other node.
+
+**Note:** Ignored guests are really ignored. Even by enforcing affinity rules this guest will be ignored.
+
+### Pin VMs to Specific Hypervisor Nodes
+<img align="left" src="https://cdn.gyptazy.com/images/proxlb-tag-node-pinning.jpg"/> Guests, such as VMs or CTs, can also be pinned to specific nodes in the cluster. This might be usefull when running applications with some special licensing requirements that are only fulfilled on certain nodes. It might also be interesting, when some physical hardware is attached to a node, that is not available in general within the cluster.
+
+To pin a guest to a specific cluster node, users assign a tag with the prefix `plb_pin_$nodename` to the desired guest:
+
+#### Example for Screenshot
+```
+plb_pin_node03
+```
+
+As a result, ProxLB will pin the guest `dev-vm01` to the node `virt03`.
+
+You can also repeat this step multiple times for different node names to create a potential group of allowed hosts where a the guest may be served on. In this case, ProxLB takes the node with the lowest used resources according to the defined balancing values from this group.
+
+**Note:** The given node names from the tag are validated. This means, ProxLB validated if the given node name is really part of the cluster. In case of a wrongly defined or unavailable node name it continous to use the regular processes to make sure the guest keeps running.
+
+### API Loadbalancing
+ProxLB supports API loadbalancing, where one or more host objects can be defined as a list. This ensures, that you can even operator ProxLB without further changes when one or more nodes are offline or in a maintenance. When defining multiple hosts, the first reachable one will be picked. You can speficy custom ports in the list. There are 4 ways of defining hosts with ports:
+1. Hostname of IPv4 without port (in this case the default 8006 will be used)
+2. Hostname or IPv4 with port
+3. IPv6 in brackets with optional port
+4. IPv6 without brackets, in this case the port is assumed after last colon
+
+```
+proxmox_api:
+  hosts: ['virt01.example.com', '10.10.10.10', 'fe01::bad:code::cafe', 'virt01.example.com:443', '[fc00::1]', '[fc00::1]:443', 'fc00::1:8006']
+```
+
+### Ignore Host-Nodes or Guests
+In managing a Proxmox environment, it's often necessary to exclude certain host nodes and guests from various operations. For host nodes, this exclusion can be achieved by specifying them in the ignore_nodes parameter within the proxmox_api chapter, effectively preventing any automated processes from interacting with these nodes. Guests, on the other hand, can be ignored by assigning them a specific tag that starts with or is equal to plb_ignore, ensuring they are omitted from any automated tasks or monitoring. By implementing these configurations, administrators can fine-tune their Proxmox management to focus only on relevant nodes and guests, optimizing operational efficiency and resource allocation.
+
+```
+proxmox_cluster:
+  ignore_nodes: ['node01', 'node02']
+```
+
+### IPv6 Support
+Yes, ProxLB fully supports IPv6.
+
+### Logging / Log-Level
+ProxLB supports systemd for seamless service management on Linux distributions. To enable this, create a proxLB.service file in /etc/systemd/system/ from `service/proxlb.service` within this repository.
+
+On systems without systemd, such as FreeBSD and macOS, ProxLB runs with similar configurations but logs to stdout and stderr. The logging level and verbosity can be set in the `service` section of the configuration file:
+
+```
+service:
+  log_level: DEBUG
+```
+
+ProxLB only support the following log levels:
+* INFO
+* WARNING
+* CRITICAL
+* DEBUG
+
+### Parallel Migrations
+By default, parallel migrations are deactivated. This means, that a guest object gets migrated and the migration job is being watched until the VM or CT got moved to a new node. However, this may take a lot of time and many environments are fast enough to handle the IO load for multiple guest objects. However, there are always corner cases and this depends on your setup. Parallel migrations can be enabled by setting `parallel` to `True` within the `balancing` chapter:
+
+```
+balancing:
+  parallel: False
+```
+
+### Run as a Systemd-Service
+The proxlb systemd unit orchestrates the ProxLB application. ProxLB can be used either as a one-shot solution or run periodically, depending on the configuration specified in the daemon chapter of its configuration file.
+
+```
+service:
+  daemon: False
+    schedule:
+      interval: 12
+      format: hours
+```
+
+In this configuration:
+* `daemon`: False indicates that the ProxLB application is not running as a daemon and will execute as a one-shot solution.
+* `schedule`: 12 defines the interval for the schedule, specifying how often rebalancing should be done if running as a daemon.
+* `format`: Defines the given format of schedule where you can choose between `hours` or `minutes`.
+
+### SSL Self-Signed Certificates
+If you are using SSL self-signed certificates or non-valid certificated in general and do not want to deal with additional trust levels, you may also disable the SSL validation. This may mostly be helpful for dev- & test labs.
+
+SSL certificate validation can be disabled in the `proxmox_api` section in the config file by setting:
+```
+proxmox_api:
+    ssl_verification: False
+```
+
+*Note: Disabling SSL certificate validation is not recommended.*
+
+### Node Maintenances
+To exclude specific nodes from receiving any new workloads during the balancing process, the `maintenance_nodes` configuration option can be used. This option allows administrators to define a list of nodes that are currently undergoing maintenance or should otherwise not be used for running virtual machines or containers.
+
+```yaml
+maintenance_nodes:
+  - virt66.example.com
+```
+
+which can also be written as:
+
+```yaml
+maintenance_nodes: ['virt66.example.com']
+```
+
+The maintenance_nodes key must be defined as a list, even if it only includes a single node. Each entry in the list must exactly match the node name as it is known within the Proxmox VE cluster. Do not use IP addresses, alternative DNS names, or aliases—only the actual cluster node names are valid. Once a node is marked as being in maintenance mode:
+
+* No new workloads will be balanced or migrated onto it.
+* Any existing workloads currently running on the node will be migrated away in accordance with the configured balancing strategies, assuming resources on other nodes allow. 
+
+This feature is particularly useful during planned maintenance, upgrades, or troubleshooting, ensuring that services continue to run with minimal disruption while the specified node is being worked on.
+
+## 10. Balancing Methods
+ProxLB provides multiple balancing modes that define *how* resources are evaluated and compared during cluster balancing.
+Each mode reflects a different strategy for determining load and distributing guests (VMs or containers) between nodes.
+
+Depending on your environment, provisioning strategy, and performance goals, you can choose between:
+
+| Mode | Description | Typical Use Case |
+|------|--------------|------------------|
+| `used` | Uses the *actual runtime resource usage* (e.g. CPU, memory, disk). | Dynamic or lab environments with frequent workload changes and tolerance for overprovisioning. |
+| `assigned` | Uses the *statically defined resource allocations* from guest configurations. | Production or SLA-driven clusters that require guaranteed resources and predictable performance. |
+| `psi` | Uses Linux *Pressure Stall Information (PSI)* metrics to evaluate real system contention and pressure. | Advanced clusters that require pressure-aware decisions for proactive rebalancing. |
+
+### 10.1 Used Resources
+When **mode: `used`** is configured, ProxLB evaluates the *real usage metrics* of guest objects (VMs and CTs).
+It collects the current CPU, memory, and disk usage directly from the Proxmox API to determine the *actual consumption* of each guest and node.
+
+This mode is ideal for **dynamic environments** where workloads frequently change and **overprovisioning is acceptable**. It provides the most reactive balancing behavior, since decisions are based on live usage instead of static assignment.
+
+Typical scenarios include:
+- Production environments to distribute workloads across the nodes.
+- Test or development clusters with frequent VM changes.
+- Clusters where resource spikes are short-lived.
+- Environments where slight resource contention is tolerable.
+
+#### Example Configuration
+```yaml
+balancing:
+  mode: used
+```
+
+### 10.2 Assigned Resources
+When **mode: `assigned`** is configured, ProxLB evaluates the *provisioned or allocated resources* of each guest (VM or CT) instead of their runtime usage.
+It uses data such as **CPU cores**, **memory limits**, and **disk allocations** defined in Proxmox to calculate how much of each node’s capacity is reserved.
+
+This mode is ideal for **production clusters** where:
+- Overcommitment is *not allowed or only minimally tolerated*.
+- Each node’s workload is planned based on the assigned capacities.
+- Administrators want predictable resource distribution aligned with provisioning policies.
+
+Unlike the `used` mode, `assigned` focuses purely on the *declared configuration* of guests and remains stable even if actual usage varies temporarily.
+
+Typical scenarios include:
+- Enterprise environments with SLA or QoS requirements.
+- Clusters where workloads are sized deterministically.
+- Situations where consistent node utilization and capacity awareness are crucial.
+
+#### Example Configuration
+```yaml
+balancing:
+  mode: assigned
+```
+
+### 10.3 Pressure (PSI) based Resources
+> [!IMPORTANT]
+> PSI based balancing is still in beta! If you find any bugs, please raise an issue including metrics of all nodes and affected guests. You can provide metrics directly from PVE or Grafana (via node_exporter or pve_exporter).
+
+When **mode: `psi`** is configured, ProxLB uses the **Linux Pressure Stall Information (PSI)** interface to measure the *real-time pressure* on system resources such as **CPU**, **memory**, and **disk I/O**.
+Unlike the `used` or `assigned` modes, which rely on static or average metrics, PSI provides *direct insight into how often and how long tasks are stalled* because of insufficient resources.
+
+This enables ProxLB to make **proactive balancing decisions** — moving workloads *before* performance degradation becomes visible to the user.
+
+**IMPORTANT**: Predicting distributing workloads is dangerous and might not result into the expected state. Therefore, ProxLB migrates only a single instance each 60 minutes to obtain new real-metrics and to validate if further changes are required. Keep in mind, that migrations are also costly and should be avoided as much as possible.
+
+PSI metrics are available for both **nodes** and **guest objects**, allowing fine-grained balancing decisions:
+- **Node-level PSI:** Detects cluster nodes under systemic load or contention.
+- **Guest-level PSI:** Identifies individual guests suffering from memory, CPU, or I/O stalls.
+
+### PSI Metrics Explained
+Each monitored resource defines three pressure thresholds:
+| Key | Description |
+|-----|--------------|
+| `pressure_some` | Indicates partial stall conditions where some tasks are waiting for a resource. |
+| `pressure_full` | Represents complete stall conditions where *all* tasks are blocked waiting for a resource. |
+| `pressure_spikes` | Defines short-term burst conditions that may signal saturation spikes. |
+
+These thresholds are expressed in **percentages** and represent how much time the kernel reports stalls over specific averaging windows (e.g. 5s, 10s, 60s).
+
+### Example Configuration
+
+```yaml
+balancing:
+  mode: psi
+  psi:
+    nodes:
+      memory:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+      cpu:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+      disk:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+    guests:
+      memory:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+      cpu:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+      disk:
+        pressure_full: 0.20
+        pressure_some: 0.20
+        pressure_spikes: 1.00
+```

docs/99-faq.md

@@ -0,0 +1,24 @@
+## Table of Contents
+
+1. [GUI Integration](#gui-integration)
+    - [How to install pve-proxmoxlb-service-ui package](https://github.com/gyptazy/ProxLB/issues/44)
+2. [Proxmox HA Integration](#proxmox-ha-integration)
+    - [Host groups: Honour HA groups](https://github.com/gyptazy/ProxLB/issues/65)
+
+### GUI Integration
+<img align="left" src="https://cdn.gyptazy.com/images/proxlb-GUI-integration.jpg"/> ProxLB can also be accessed through the Proxmox Web UI by installing the optional `pve-proxmoxlb-service-ui` package, which depends on the proxlb package. For full Web UI integration, this package must be installed on all nodes within the cluster. Once installed, a new menu item - `Rebalancing`, appears in the cluster level under the HA section. Once installed, it offers two key functionalities:
+* Rebalancing VM workloads
+* Migrate VM workloads away from a defined node (e.g. maintenance preparation)
+
+**Note:** This package is currently discontinued and will be readded at a later time. See also: [#44: How to install pve-proxmoxlb-service-ui package](https://github.com/gyptazy/ProxLB/issues/44).
+
+### Proxmox HA Integration
+Proxmox HA (High Availability) groups are designed to ensure that virtual machines (VMs) remain running within a Proxmox cluster. HA groups define specific rules for where VMs should be started or migrated in case of node failures, ensuring minimal downtime and automatic recovery.
+
+However, when used in conjunction with ProxLB, the built-in load balancer for Proxmox, conflicts can arise. ProxLB operates with its own logic for workload distribution, taking into account affinity and anti-affinity rules. While it effectively balances guest workloads, it may re-shift and redistribute VMs in a way that does not align with HA group constraints, potentially leading to unsuitable placements.
+
+Due to these conflicts, it is currently not recommended to use both HA groups and ProxLB simultaneously. The interaction between the two mechanisms can lead to unexpected behavior, where VMs might not adhere to HA group rules after being moved by ProxLB.
+
+A solution to improve compatibility between HA groups and ProxLB is under evaluation, aiming to ensure that both features can work together without disrupting VM placement strategies.
+
+See also: [#65: Host groups: Honour HA groups](https://github.com/gyptazy/ProxLB/issues/65).