From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 8CF8F1FF13E
	for <inbox@lore.proxmox.com>; Fri, 20 Feb 2026 14:39:23 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 1BF249A4F;
	Fri, 20 Feb 2026 14:39:54 +0100 (CET)
From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH qemu-server 6/6] migration: intra-cluster: check config can be
 parsed on target node
Date: Fri, 20 Feb 2026 14:36:14 +0100
Message-ID: <20260220133911.135593-7-f.ebner@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260220133911.135593-1-f.ebner@proxmox.com>
References: <20260220133911.135593-1-f.ebner@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1771594745555
X-SPAM-LEVEL: Spam detection results:  0
	AWL                    -0.015 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: AKEQF5MI426OSCD2J46FPO3SMV4422PM
X-Message-ID-Hash: AKEQF5MI426OSCD2J46FPO3SMV4422PM
X-MailFrom: f.ebner@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

For remote migration, we already check that the config can be parsed
on the target. Do the same for intra-cluster migration, to avoid
issues like [0] for future new settings, with lines being unexpectedly
and relatively silently dropped (there are warnings in the target's
system logs).

Unfortunately, before commit "qm: mtunnel: reply when a command is
unknown", which is part of the same patch series, when a command is
unknown, mtunnel did not reply at all. Therefore, this delays
backwards migrations to qemu-server versions less than the next bumped
version (at the time of this writing expected to be 9.1.5) by 3
seconds.

[0]: https://bugzilla.proxmox.com/show_bug.cgi?id=7341

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---

For easier testing:

# commented out so 'git am' does not apply it O;)
# diff --git a/src/PVE/QemuServer.pm b/src/PVE/QemuServer.pm
# index 545758dc..b914314e 100644
# --- a/src/PVE/QemuServer.pm
# +++ b/src/PVE/QemuServer.pm
# @@ -236,6 +236,13 @@ my $spice_enhancements_fmt = {
# };
# 
# my $confdesc = {
#+    'shiny-new' => {
#+        type => 'string',
#+        enum => ['shiny', 'new'],
#+        default => 'shiny',
#+        optional => 1,
#+        description => "you know you want it",
#+    },
#     onboot => {
#         optional => 1,
#         type => 'boolean',

 src/PVE/API2/Qemu.pm                      |  4 +++-
 src/PVE/QemuMigrate.pm                    | 23 +++++++++++++++++++++++
 src/test/MigrationTest/QemuMigrateMock.pm | 11 ++++++++++-
 3 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/Qemu.pm b/src/PVE/API2/Qemu.pm
index c2e185a6..6828b1fc 100644
--- a/src/PVE/API2/Qemu.pm
+++ b/src/PVE/API2/Qemu.pm
@@ -5393,7 +5393,9 @@ __PACKAGE__->register_method({
             force => {
                 type => 'boolean',
                 description =>
-                    "Allow to migrate VMs which use local devices. Only root may use this option.",
+                    "Allow to migrate VMs which use local devices and for intra-cluster migration,"
+                    . " configuration options not understood by the target. Only root may use this"
+                    . " option.",
                 optional => 1,
             },
             migration_type => {
diff --git a/src/PVE/QemuMigrate.pm b/src/PVE/QemuMigrate.pm
index f7ec3227..0ea6385a 100644
--- a/src/PVE/QemuMigrate.pm
+++ b/src/PVE/QemuMigrate.pm
@@ -355,6 +355,29 @@ sub prepare {
         my $cmd = [@{ $self->{rem_ssh} }, '/bin/true'];
         eval { $self->cmd_quiet($cmd); };
         die "Can't connect to destination address using public key\n" if $@;
+
+        if (!$self->{opts}->{force}) {
+            # Fork a short-lived tunnel for checking the config. Later, the proper tunnel with SSH
+            # forwaring info is forked.
+            my $tunnel = $self->fork_tunnel();
+            # Compared to remote migration, which also does volume activation, this only strictly
+            # parses the config, so no large timeout is needed. Unfortunately, mtunnel did not
+            # indicate that a command is unknown, but not reply at all, so the timeout must be very
+            # low right now.
+            # FIXME PVE 10 - bump timeout, the trade-off between delaying backwards migration and
+            # giving config check more time should now be in favor of config checking
+            eval {
+                my $nodename = PVE::INotify::nodename();
+                PVE::Tunnel::write_tunnel($tunnel, 3, "config $vmid $nodename");
+            };
+            if (my $err = $@) {
+                chomp($err);
+                # if there is no reply, assume target did not know the command yet
+                die "$err - use --force to migrate regardless\n" if $err !~ m/^no reply to command/;
+            }
+            eval { PVE::Tunnel::finish_tunnel($tunnel); };
+            $self->log('warn', "failed to finish tunnel in prepare() - $@") if $@;
+        }
     }
 
     return $running;
diff --git a/src/test/MigrationTest/QemuMigrateMock.pm b/src/test/MigrationTest/QemuMigrateMock.pm
index df8b575a..170634de 100644
--- a/src/test/MigrationTest/QemuMigrateMock.pm
+++ b/src/test/MigrationTest/QemuMigrateMock.pm
@@ -65,6 +65,10 @@ $tunnel_module->mock(
             my $vmid = $1;
             die "resuming wrong VM '$vmid'\n" if $vmid ne $test_vmid;
             return;
+        } elsif ($command =~ m/^config (\d+) (\S+)$/) {
+            my ($vmid, $node) = ($1, $2);
+            die "check config for wrong VM '$vmid'\n" if $vmid ne $test_vmid;
+            return;
         }
         die "write_tunnel (mocked) - implement me: $command\n";
     },
@@ -73,7 +77,12 @@ $tunnel_module->mock(
 my $qemu_migrate_module = Test::MockModule->new("PVE::QemuMigrate");
 $qemu_migrate_module->mock(
     fork_tunnel => sub {
-        die "fork_tunnel (mocked) - implement me\n"; # currently no call should lead here
+        return {
+            writer => "mocked",
+            reader => "mocked",
+            pid => 123456,
+            version => 1,
+        };
     },
     start_remote_tunnel => sub {
         my ($self, $raddr, $rport, $ruri, $unix_socket_info) = @_;
-- 
2.47.3