[pve-devel] [PATCH cluster v2] add migration format to datacenter config
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Oct 31 09:42:30 CET 2016
This adds a new format for configuring cluster wide migration
settings.
Those settings include the migration transfer method, secure
(currently ssh) or insecure (tcp), this deprecates the
migration_unsecure parameter which we only keep for backward
compatibility and map it to the new property.
The mapping of the setting should be unproblematic for the user as
exactly the same semantics happen.
Only the case where both, new and old are set at the same time is
problematic, here warn the user and ignore the old setting.
Further the migration network can be set, this denotes the network
used for sending the migration traffic.
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
Changes since v1:
* use 'secure' instead of 'ssh' for migration type property (so we
can easier swap to TLS if available)
* warn when old 'unsecure_migration' property and new migration type
property is set at the same time, this has a low probability to
happen. Just use the new one, it was later set and the user
probably just forgot to delete the old one.
* If existing, silently swap the old property to the new one when
writing the config file.
data/PVE/Cluster.pm | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 51 insertions(+), 3 deletions(-)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index d9eced7..d88f71e 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1318,6 +1318,25 @@ sub ssh_merge_known_hosts {
}
+my $migration_format = {
+ type => {
+ default_key => 1,
+ type => 'string',
+ enum => ['secure', 'insecure'],
+ description => "Migration traffic is encrypted using an SSH tunnel by " .
+ "default. On secure, completely private networks this can be " .
+ "disabled to increase performance.",
+ default => 'secure',
+ format_description => 'migration type',
+ },
+ network => {
+ optional => 1,
+ type => 'string', format => 'CIDR',
+ format_description => 'CIDR',
+ description => "CIDR of the (sub) network that is used for migration."
+ },
+};
+
my $datacenter_schema = {
type => "object",
additionalProperties => 0,
@@ -1343,7 +1362,14 @@ my $datacenter_schema = {
migration_unsecure => {
optional => 1,
type => 'boolean',
- description => "Migration is secure using SSH tunnel by default. For secure private networks you can disable it to speed up migration.",
+ description => "Migration is secure using SSH tunnel by default. " .
+ "For secure private networks you can disable it to speed up " .
+ "migration. Deprecated, use the 'migration' property instead!",
+ },
+ migration => {
+ optional => 1,
+ type => 'string', format => $migration_format,
+ description => "For cluster wide migration settings.",
},
console => {
optional => 1,
@@ -1389,12 +1415,34 @@ sub get_datacenter_schema { return $datacenter_schema };
sub parse_datacenter_config {
my ($filename, $raw) = @_;
- return PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw // '');
+ my $res = PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw // '');
+
+ if (my $migration = $res->{migration}) {
+ $res->{migration} = PVE::JSONSchema::parse_property_string($migration_format, $migration);
+ }
+
+ # for backwards compatibility only, new migration property has precedence
+ if (defined($res->{migration_unsecure})) {
+ if (defined($res->{migration}->{type})) {
+ warn "deprecated setting 'migration_unsecure' and new 'migration: type' " .
+ "set at same time! Ignore 'migration_unsecure'\n";
+ } else {
+ $res->{migration}->{type} = ($res->{migration_unsecure}) ? 'insecure' : 'secure';
+ }
+ }
+
+ return $res;
}
sub write_datacenter_config {
my ($filename, $cfg) = @_;
-
+
+ # map deprecated setting to new one
+ if (defined($cfg->{migration_unsecure})) {
+ my $migration_unsecure = delete $cfg->{migration_unsecure};
+ $cfg->{migration}->{type} = ($migration_unsecure) ? 'insecure' : 'secure';
+ }
+
return PVE::JSONSchema::dump_config($datacenter_schema, $filename, $cfg);
}
--
2.1.4
More information about the pve-devel
mailing list