Many interfaces used to get an ipv6 link-local address which
was usually unusable and therefore pointless.
In order to ensure consistency this is called in various
places:
* $bridge_add_interface() and $ovs_bridge_add_port() because
it's generally a good choice for bridge ports.
* tap_create() and veth_create() because the activate the
interfaces and we want to avoid the link local address to
exist temporarily between bringing the interface up and
adding it to a bridge.
* create_firewall_bridge_*() because firewall bridges aren't
meant to have addresses either.
* activate_bridge_vlan() - if vlan_filtering is disabled we
create vlan-bridges and neither them nor their physical
ports should have link local addresses.
The 'pattern' property has type string and format regex, so
it makes sense to allow Regexp objects to be used for it.
While check_type() doesn't know the format, Regexp objects
can be treated like strings anyway, including compared via
'eq' or matched via '=~', so we allow strings to generally
come from a Regexp object.
Commit de9a267 introduced vec() to optimize the generation
by using binary operations instead of converting back and
forth between hex and strings, but forgot to switch over to
the binary sha1 method. This resulted in only the first 6
hex digits of the output string making up the address.
It's possible for two simultaneous VM starts to try to
create vlan bridges on non-vlan-aware bridges
simultaneously, which causes one of them to fail with the
error "can't add bridge ...".
This essentially performas the task of systemd-run while
also waiting for the job to finish.
With the systemd-run version in jessie we run into a race
condition where the executed process can start forking child
processes before the systemd daemon is done setting up the
scope's cgroups, causing the children to NOT be included in
the cgroups. This means the child processes (in our case
qemu) will not adhere to the limits we want to apply to it
via cgroups.
enter_systemd_scope() performs the setup task of systemd-run
and waits for the job to finish, after this we can spawn the
qemu process without systemd-run.
This avoids a circular dependency between PVE::INotify and
PVE::Network.
Also renamed to get_active_network_interfaces since the
package name now doesn't hint at this anymore.
Since we already allow this for container IP addresses it is
reasonable to assume the host might be using such a setup as
well. (You can use an additional route to reach the gateway
and then simply have no "LAN".) Some people seem to want
this...
This can be used if a CLIHandler child class does not needs or wants
RPCEnv. E.g. this is the case with pve-cluster, as it's a dependency
of the package where RPCEnv resides (access-control), so this can be
set to avoid a implicit circular build dependency.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This fixes the problem that debug options for daemons were ignored and sets
the following behaviour for the daemons when -debug 1 is given
* start on foreground with debug ouput on the console
* do not start a sytemd unit
Starting the systemd unit in debug mode makes less sense because:
* systemd will put the daemon in the background
* systemd ignores environment variables so the only way to start
the daemon with options would be through reading a config file
tested with pveproxy, pve-ha-lrm, pve-ha-crm
