Ask the pvecm mtunnel command (was earlier in qm) if the remote side
has an IP configured in a given migration_network denoted by a CIDR.
If such a IP is available reset the nodeip and rem_ssh variables
and check if we can connect to the other side with ssh public key
authentication.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
While our code currently passes the format hashes directly,
some code gets them via the format property of a
configuration description which verifies successfully via
check_format() for named property string formats, so this
should be allowed.
The get_local_ip_from_cidr method can be used to determine addresses
configured on interfaces from the callers node which are located
in the subnet. The subnet can be passed in CIDR notation.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Because when only writing the ones which are true we're
breaking the ones which default to true (like the mkdir
option on directory storages, where we need a false value
to be written out explicitly).
Many interfaces used to get an ipv6 link-local address which
was usually unusable and therefore pointless.
In order to ensure consistency this is called in various
places:
* $bridge_add_interface() and $ovs_bridge_add_port() because
it's generally a good choice for bridge ports.
* tap_create() and veth_create() because the activate the
interfaces and we want to avoid the link local address to
exist temporarily between bringing the interface up and
adding it to a bridge.
* create_firewall_bridge_*() because firewall bridges aren't
meant to have addresses either.
* activate_bridge_vlan() - if vlan_filtering is disabled we
create vlan-bridges and neither them nor their physical
ports should have link local addresses.
The 'pattern' property has type string and format regex, so
it makes sense to allow Regexp objects to be used for it.
While check_type() doesn't know the format, Regexp objects
can be treated like strings anyway, including compared via
'eq' or matched via '=~', so we allow strings to generally
come from a Regexp object.
Commit de9a267 introduced vec() to optimize the generation
by using binary operations instead of converting back and
forth between hex and strings, but forgot to switch over to
the binary sha1 method. This resulted in only the first 6
hex digits of the output string making up the address.
It's possible for two simultaneous VM starts to try to
create vlan bridges on non-vlan-aware bridges
simultaneously, which causes one of them to fail with the
error "can't add bridge ...".
This essentially performas the task of systemd-run while
also waiting for the job to finish.
With the systemd-run version in jessie we run into a race
condition where the executed process can start forking child
processes before the systemd daemon is done setting up the
scope's cgroups, causing the children to NOT be included in
the cgroups. This means the child processes (in our case
qemu) will not adhere to the limits we want to apply to it
via cgroups.
enter_systemd_scope() performs the setup task of systemd-run
and waits for the job to finish, after this we can spawn the
qemu process without systemd-run.
This avoids a circular dependency between PVE::INotify and
PVE::Network.
Also renamed to get_active_network_interfaces since the
package name now doesn't hint at this anymore.
Since we already allow this for container IP addresses it is
reasonable to assume the host might be using such a setup as
well. (You can use an additional route to reach the gateway
and then simply have no "LAN".) Some people seem to want
this...
