meta: a pve-docs patch adding the new parameter(s) and appropriate warnings would be nice.
bin/pvebanner also does not honor these settings.. On Wed, Nov 15, 2017 at 02:10:36PM +0100, Wolfgang Bumiller wrote: > That way one can explicitly set the listen address. > Useful for single nodes to limit the GUI to 127.0.0.1, or in > clusters to limit it to a private cluster network. > > (Note that proxied cluster requests use the hostname so it > should usually contain either nothing, the hostname, or the > first IP the hostname resolves to, otherwise proxied > requests will either hang a little, or simply not work.) > > Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> > --- > Also note that this is NOT a good way to choose between IPv4 and IPv6. > The default logic was chosen to make it hard to break cluster > communication. If the hostname resolves to IPv6 first and you > specifically listen on IPv4, other cluster nodes will first try > IPv6 and fail. > So personally I recommend using the actual $hostname, or some fixed > ip for single nodes, and nothing else. > > PVE/API2Tools.pm | 9 +++++++++ > PVE/Service/pveproxy.pm | 7 +++++-- > 2 files changed, 14 insertions(+), 2 deletions(-) > > diff --git a/PVE/API2Tools.pm b/PVE/API2Tools.pm > index f1df2384..47cce416 100644 > --- a/PVE/API2Tools.pm > +++ b/PVE/API2Tools.pm > @@ -230,6 +230,7 @@ sub read_proxy_config { > $shcmd .= 'echo \"POLICY:\$POLICY\";'; > $shcmd .= 'echo \"CIPHERS:\$CIPHERS\";'; > $shcmd .= 'echo \"DHPARAMS:\$DHPARAMS\";'; > + $shcmd .= 'echo \"LISTEN:\$LISTEN\";'; > > my $data = -f $conffile ? `bash -c "$shcmd"` : ''; > > @@ -252,6 +253,14 @@ sub read_proxy_config { > $res->{$key} = $value; > } elsif ($key eq 'DHPARAMS') { > $res->{$key} = $value; > + } elsif ($key eq 'LISTEN') { > + die "invalid listen address: '$value'\n" > + if $value !~ /^([^:]+)(?::(\d+))?$/; breaks IPv6 ;) I wonder if we really need the port though? it's only useful in the current state for single-node-clusters, because for all others proxying requests would break when switching ports.. > + my ($host, $port) = ($1, int($2)); > + die "invalid port: '$port'\n" > + if $port > 0xFFFF; > + $res->{LISTEN_HOST} = $host; > + $res->{LISTEN_PORT} = $port; > } else { > # silently skip everythin else? > } > diff --git a/PVE/Service/pveproxy.pm b/PVE/Service/pveproxy.pm > index 7d39900a..15783daa 100755 > --- a/PVE/Service/pveproxy.pm > +++ b/PVE/Service/pveproxy.pm > @@ -64,8 +64,11 @@ sub init { > my $lockfh = IO::File->new(">>${accept_lock_fn}") || > die "unable to open lock file '${accept_lock_fn}' - $!\n"; > > - my $family = PVE::Tools::get_host_address_family($self->{nodename}); > - my $socket = $self->create_reusable_socket(8006, undef, $family); > + my $host = $proxyconf->{LISTEN_HOST} || $self->{nodename}; > + my $port = $proxyconf->{LISTEN_PORT} || 8006; > + my $family = PVE::Tools::get_host_address_family($host); > + > + my $socket = $self->create_reusable_socket($port, $host, $family); > > my $dirs = {}; > > -- > 2.11.0 > > > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel