From 39aa8892b4cac8f88e03527e611194b3e03e74b2 Mon Sep 17 00:00:00 2001 From: Oguz Bektas Date: Tue, 24 Nov 2020 11:34:19 +0100 Subject: [PATCH] pvecm: explain role of ssh in PVE stack (for #2829) add a section describing how SSH tunnels are used in conjunction with PVE. Signed-off-by: Oguz Bektas --- pvecm.adoc | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/pvecm.adoc b/pvecm.adoc index 3820c17..fc21e55 100644 --- a/pvecm.adoc +++ b/pvecm.adoc @@ -869,6 +869,44 @@ pvecm status If you see a healthy cluster state, it means that your new link is being used. +Role of SSH in {PVE} Clustering +------------------------------- + +{PVE} utilizes SSH tunnels for various operations: + +* Proxying terminal sessions on the GUI + +* VM/CT Migrations (if not configured 'insecure' mode) + +* Storage replications + +For example when you connect another nodes shell through the interface, a +non-interactive SSH tunnel is started in order to forward the necessary ports +for the VNC connection. + +Similarly during a VM migration an SSH tunnel is established between the target +and source nodes. This way the local `qemu` socket can be used for the migration. + +IMPORTANT: In case you have a custom `.bashrc` or similar file that gets +executed on login, `ssh` will automatically run it once the session is +established. This can cause some unexpected behavior (as commands may be +executed as a side-effect). + +In order to avoid such complications, it's recommended to add a check in +`/root/.bashrc` to make sure the session is interactive, and only then run +`.bashrc` commands. + +You can add this snippet at the beginning of your `.bashrc` file: + +---- +# If not running interactively, don't do anything +case $- in + *i*) ;; + *) return;; +esac +---- + + Corosync External Vote Support ------------------------------