From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 2E2DE6295C for ; Tue, 24 Nov 2020 11:34:47 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 249A2A4DD for ; Tue, 24 Nov 2020 11:34:47 +0100 (CET) Received: from gaia.proxmox.com (212-186-127-178.static.upcbusiness.at [212.186.127.178]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id A2D1EA4D5 for ; Tue, 24 Nov 2020 11:34:46 +0100 (CET) Received: from gaia.proxmox.com (localhost.localdomain [127.0.0.1]) by gaia.proxmox.com (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTP id 0AOAYMhr184330; Tue, 24 Nov 2020 11:34:22 +0100 Received: (from oguz@localhost) by gaia.proxmox.com (8.15.2/8.15.2/Submit) id 0AOAYMbh184329; Tue, 24 Nov 2020 11:34:22 +0100 From: Oguz Bektas To: pve-devel@lists.proxmox.com Date: Tue, 24 Nov 2020 11:34:19 +0100 Message-Id: <20201124103419.184150-1-o.bektas@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 1 AWL -0.562 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods KHOP_HELO_FCRDNS 0.399 Relay HELO differs from its IP's reverse DNS NO_DNS_FOR_FROM 0.379 Envelope sender has no MX or A DNS records SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH v2 docs] pvecm: explain role of ssh in PVE stack X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2020 10:34:47 -0000 (for #2829) add a section describing how SSH tunnels are used in conjunction with PVE. Signed-off-by: Oguz Bektas --- v1->v2: * fix heading * fix list thank you thomas for noticing pvecm.adoc | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/pvecm.adoc b/pvecm.adoc index 3820c17..fc21e55 100644 --- a/pvecm.adoc +++ b/pvecm.adoc @@ -869,6 +869,44 @@ pvecm status If you see a healthy cluster state, it means that your new link is being used. +Role of SSH in {PVE} Clustering +------------------------------- + +{PVE} utilizes SSH tunnels for various operations: + +* Proxying terminal sessions on the GUI + +* VM/CT Migrations (if not configured 'insecure' mode) + +* Storage replications + +For example when you connect another nodes shell through the interface, a +non-interactive SSH tunnel is started in order to forward the necessary ports +for the VNC connection. + +Similarly during a VM migration an SSH tunnel is established between the target +and source nodes. This way the local `qemu` socket can be used for the migration. + +IMPORTANT: In case you have a custom `.bashrc` or similar file that gets +executed on login, `ssh` will automatically run it once the session is +established. This can cause some unexpected behavior (as commands may be +executed as a side-effect). + +In order to avoid such complications, it's recommended to add a check in +`/root/.bashrc` to make sure the session is interactive, and only then run +`.bashrc` commands. + +You can add this snippet at the beginning of your `.bashrc` file: + +---- +# If not running interactively, don't do anything +case $- in + *i*) ;; + *) return;; +esac +---- + + Corosync External Vote Support ------------------------------ -- 2.20.1