[pve-cluster.git] / data / PVE / Corosync.pm

package PVE::Corosync;

use strict;
use warnings;

use Clone 'clone';
use Digest::SHA;
use Net::IP qw(ip_is_ipv6);
use Scalar::Util qw(weaken);
use Socket qw(AF_INET AF_INET6 inet_ntop);

use PVE::Cluster;
use PVE::JSONSchema;
use PVE::Tools;
use PVE::Tools qw($IPV4RE $IPV6RE);

my $basedir = "/etc/pve";

my $conf_array_sections = {
    node => 1,
    interface => 1,
};

my $corosync_link_format = {
    address => {
	default_key => 1,
	type => 'string', format => 'address',
	format_description => 'IP',
	description => "Hostname (or IP) of this corosync link address.",
    },
    priority => {
	optional => 1,
	type => 'integer',
	minimum => 0,
	maximum => 255,
	default => 0,
	description => "The priority for the link when knet is used in 'passive' mode. Lower value means higher priority.",
    },
};
my $corosync_link_desc = {
    type => 'string', format => $corosync_link_format,
    description => "Address and priority information of a single corosync link.",
    optional => 1,
};
PVE::JSONSchema::register_standard_option("corosync-link", $corosync_link_desc);

sub parse_corosync_link {
    my ($value) = @_;

    return undef if !defined($value);

    return PVE::JSONSchema::parse_property_string($corosync_link_format, $value);
}

# a very simply parser ...
sub parse_conf {
    my ($filename, $raw) = @_;

    return {} if !$raw;

    my $digest = Digest::SHA::sha1_hex(defined($raw) ? $raw : '');

    $raw =~ s/#.*$//mg;
    $raw =~ s/\r?\n/ /g;
    $raw =~ s/\s+/ /g;
    $raw =~ s/^\s+//;
    $raw =~ s/\s*$//;

    my @tokens = split(/\s/, $raw);

    my $conf = { 'main' => {} };

    my $stack = [];
    my $section = $conf->{main};

    while (defined(my $token = shift @tokens)) {
	my $nexttok = $tokens[0];

	if ($nexttok && ($nexttok eq '{')) {
	    shift @tokens; # skip '{'
	    my $new_section = {};
	    if ($conf_array_sections->{$token}) {
		$section->{$token} = [] if !defined($section->{$token});
		push @{$section->{$token}}, $new_section;
	    } elsif (!defined($section->{$token})) {
		$section->{$token} = $new_section;
	    } else {
		die "section '$token' already exists and not marked as array!\n";
	    }
	    push @$stack, $section;
	    $section = $new_section;
	    next;
	}

	if ($token eq '}') {
	    $section = pop @$stack;
	    die "parse error - uncexpected '}'\n" if !$section;
	    next;
	}

	my $key = $token;
	die "missing ':' after key '$key'\n" if ! ($key =~ s/:$//);

	die "parse error - no value for '$key'\n" if !defined($nexttok);
	my $value = shift @tokens;

	$section->{$key} = $value;
    }

    # make working with the config way easier
    my ($totem, $nodelist) = $conf->{main}->@{"totem", "nodelist"};

    $nodelist->{node} = {
	map {
	    $_->{name} // $_->{ring0_addr} => $_
	} @{$nodelist->{node}}
    };
    $totem->{interface} = {
	map {
	    $_->{linknumber} // $_->{ringnumber} => $_
	} @{$totem->{interface}}
    };

    $conf->{digest} = $digest;

    return $conf;
}

sub write_conf {
    my ($filename, $conf) = @_;

    my $c = clone($conf->{main}) // die "no main section";

    # retransform back for easier dumping
    my $hash_to_array = sub {
	my ($hash) = @_;
	return [ $hash->@{sort keys %$hash} ];
    };

    $c->{nodelist}->{node} = &$hash_to_array($c->{nodelist}->{node});
    $c->{totem}->{interface} = &$hash_to_array($c->{totem}->{interface});

    my $dump_section_weak;
    $dump_section_weak = sub {
	my ($section, $prefix) = @_;

	my $raw = '';

	foreach my $k (sort keys %$section) {
	    my $v = $section->{$k};
	    if (ref($v) eq 'HASH') {
		$raw .= $prefix . "$k {\n";
		$raw .= $dump_section_weak->($v, "$prefix  ");
		$raw .=  $prefix . "}\n";
		$raw .= "\n" if !$prefix; # add extra newline at 1st level only
	    } elsif (ref($v) eq 'ARRAY') {
		foreach my $child (@$v) {
		    $raw .= $prefix . "$k {\n";
		    $raw .= $dump_section_weak->($child, "$prefix  ");
		    $raw .=  $prefix . "}\n";
		}
	    } elsif (!ref($v)) {
		die "got undefined value for key '$k'!\n" if !defined($v);
		$raw .= $prefix . "$k: $v\n";
	    } else {
		die "unexpected reference in config hash: $k => ". ref($v) ."\n";
	    }
	}

	return $raw;
    };
    my $dump_section = $dump_section_weak;
    weaken($dump_section_weak);

    my $raw = $dump_section->($c, '');

    return $raw;
}

# read only - use atomic_write_conf method to write
PVE::Cluster::cfs_register_file('corosync.conf', \&parse_conf);
# this is read/write
PVE::Cluster::cfs_register_file('corosync.conf.new', \&parse_conf,
				\&write_conf);

sub check_conf_exists {
    my ($silent) = @_;

    $silent = $silent // 0;

    my $exists = -f "$basedir/corosync.conf";

    warn "Corosync config '$basedir/corosync.conf' does not exist - is this node part of a cluster?\n"
	if !$silent && !$exists;

    return $exists;
}

sub update_nodelist {
    my ($conf, $nodelist) = @_;

    $conf->{main}->{nodelist}->{node} = $nodelist;

    atomic_write_conf($conf);
}

sub nodelist {
    my ($conf) = @_;
    return clone($conf->{main}->{nodelist}->{node});
}

sub totem_config {
    my ($conf) = @_;
    return clone($conf->{main}->{totem});
}

# caller must hold corosync.conf cfs lock if used in read-modify-write cycle
sub atomic_write_conf {
    my ($conf, $no_increase_version) = @_;

    if (!$no_increase_version) {
	die "invalid corosync config: unable to read config version\n"
	    if !defined($conf->{main}->{totem}->{config_version});
	$conf->{main}->{totem}->{config_version}++;
    }

    PVE::Cluster::cfs_write_file("corosync.conf.new", $conf);

    rename("/etc/pve/corosync.conf.new", "/etc/pve/corosync.conf")
	|| die "activating corosync.conf.new failed - $!\n";
}

# for creating a new cluster with the current node
# params are those from the API/CLI cluster create call
sub create_conf {
    my ($nodename, %param) = @_;

    my $clustername = $param{clustername};
    my $nodeid = $param{nodeid} || 1;
    my $votes = $param{votes} || 1;

    my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);

    my $link0 = PVE::Cluster::parse_corosync_link($param{link0});
    $link0->{address} //= $local_ip_address;

    my $conf = {
	totem => {
	    version => 2, # protocol version
	    secauth => 'on',
	    cluster_name => $clustername,
	    config_version => 0,
	    ip_version => 'ipv4-6',
	    interface => {
		0 => {
		    linknumber => 0,
		},
	    },
	},
	nodelist => {
	    node => {
		$nodename => {
		    name => $nodename,
		    nodeid => $nodeid,
		    quorum_votes => $votes,
		    ring0_addr => $link0->{address},
		},
	    },
	},
	quorum => {
	    provider => 'corosync_votequorum',
	},
	logging => {
	    to_syslog => 'yes',
	    debug => 'off',
	},
    };
    my $totem = $conf->{totem};

    $totem->{interface}->{0}->{knet_link_priority} = $link0->{priority}
	if defined($link0->{priority});

    my $link1 = PVE::Cluster::parse_corosync_link($param{link1});
    if ($link1->{address}) {
	$conf->{totem}->{interface}->{1} = {
	    linknumber => 1,
	};
	$totem->{link_mode} = 'passive';
	$totem->{interface}->{1}->{knet_link_priority} = $link1->{priority}
	    if defined($link1->{priority});
	$conf->{nodelist}->{node}->{$nodename}->{ring1_addr} = $link1->{address};
    }

    return { main => $conf };
}

sub for_all_corosync_addresses {
    my ($corosync_conf, $ip_version, $func) = @_;

    my $nodelist = nodelist($corosync_conf);
    return if !defined($nodelist);

    # iterate sorted to make rules deterministic (for change detection)
    foreach my $node_name (sort keys %$nodelist) {
	my $node_config = $nodelist->{$node_name};
	foreach my $node_key (sort keys %$node_config) {
	    if ($node_key =~ /^(ring|link)\d+_addr$/) {
		my $node_address = $node_config->{$node_key};

		my($ip, $version) = resolve_hostname_like_corosync($node_address, $corosync_conf);
		next if !defined($ip);
		next if defined($version) && defined($ip_version) && $version != $ip_version;

		$func->($node_name, $ip, $version, $node_key);
	    }
	}
    }
}

# NOTE: Corosync actually only resolves on startup or config change, but we
# currently do not have an easy way to synchronize our behaviour to that.
sub resolve_hostname_like_corosync {
    my ($hostname, $corosync_conf) = @_;

    my $corosync_strategy = $corosync_conf->{main}->{totem}->{ip_version};
    $corosync_strategy = lc ($corosync_strategy // "ipv6-4");

    my $match_ip_and_version = sub {
	my ($addr) = @_;

	return undef if !defined($addr);

	if ($addr =~ m/^$IPV4RE$/) {
	    return ($addr, 4);
	} elsif ($addr =~ m/^$IPV6RE$/) {
	    return ($addr, 6);
	}

	return undef;
    };

    my ($resolved_ip, $ip_version) = $match_ip_and_version->($hostname);

    return ($resolved_ip, $ip_version) if defined($resolved_ip);

    my $resolved_ip4;
    my $resolved_ip6;

    my @resolved_raw;
    eval { @resolved_raw = PVE::Tools::getaddrinfo_all($hostname); };

    return undef if ($@ || !@resolved_raw);

    foreach my $socket_info (@resolved_raw) {
	next if !$socket_info->{addr};

	my ($family, undef, $host) = PVE::Tools::unpack_sockaddr_in46($socket_info->{addr});

	if ($family == AF_INET && !defined($resolved_ip4)) {
	    $resolved_ip4 = inet_ntop(AF_INET, $host);
	} elsif ($family == AF_INET6 && !defined($resolved_ip6)) {
	    $resolved_ip6 = inet_ntop(AF_INET6, $host);
	}

	last if defined($resolved_ip4) && defined($resolved_ip6);
    }

    # corosync_strategy specifies the order in which IP addresses are resolved
    # by corosync. We need to match that order, to ensure we create firewall
    # rules for the correct address family.
    if ($corosync_strategy eq "ipv4") {
	$resolved_ip = $resolved_ip4;
    } elsif ($corosync_strategy eq "ipv6") {
	$resolved_ip = $resolved_ip6;
    } elsif ($corosync_strategy eq "ipv6-4") {
	$resolved_ip = $resolved_ip6 // $resolved_ip4;
    } elsif ($corosync_strategy eq "ipv4-6") {
	$resolved_ip = $resolved_ip4 // $resolved_ip6;
    }

    return $match_ip_and_version->($resolved_ip);
}

1;
Commit	Line	Data
b6973a89 TL	1	package PVE::Corosync;
	2
	3	use strict;
	4	use warnings;
	5
496de919	6	use Clone 'clone';
0e578bb7	7	use Digest::SHA;
b01bc84d	8	use Net::IP qw(ip_is_ipv6);
0e578bb7 TL	9	use Scalar::Util qw(weaken);
0e578bb7 TL	10	use Socket qw(AF_INET AF_INET6 inet_ntop);
b6973a89 TL	11
b6973a89 TL	12	use PVE::Cluster;
cde60d30	13	use PVE::JSONSchema;
5c82c8c8 SR	14	use PVE::Tools;
5c82c8c8 SR	15	use PVE::Tools qw($IPV4RE $IPV6RE);
b6973a89 TL	16
	17	my $basedir = "/etc/pve";
	18
496de919 TL	19	my $conf_array_sections = {
	20	node => 1,
	21	interface => 1,
	22	};
	23
cde60d30 FG	24	my $corosync_link_format = {
	25	address => {
	26	default_key => 1,
	27	type => 'string', format => 'address',
	28	format_description => 'IP',
	29	description => "Hostname (or IP) of this corosync link address.",
	30	},
	31	priority => {
	32	optional => 1,
	33	type => 'integer',
	34	minimum => 0,
	35	maximum => 255,
	36	default => 0,
	37	description => "The priority for the link when knet is used in 'passive' mode. Lower value means higher priority.",
	38	},
	39	};
	40	my $corosync_link_desc = {
	41	type => 'string', format => $corosync_link_format,
	42	description => "Address and priority information of a single corosync link.",
	43	optional => 1,
	44	};
	45	PVE::JSONSchema::register_standard_option("corosync-link", $corosync_link_desc);
	46
	47	sub parse_corosync_link {
	48	my ($value) = @_;
	49
	50	return undef if !defined($value);
	51
	52	return PVE::JSONSchema::parse_property_string($corosync_link_format, $value);
	53	}
	54
b6973a89 TL	55	# a very simply parser ...
	56	sub parse_conf {
	57	my ($filename, $raw) = @_;
	58
	59	return {} if !$raw;
	60
	61	my $digest = Digest::SHA::sha1_hex(defined($raw) ? $raw : '');
	62
	63	$raw =~ s/#.*$//mg;
	64	$raw =~ s/\r?\n/ /g;
	65	$raw =~ s/\s+/ /g;
	66	$raw =~ s/^\s+//;
	67	$raw =~ s/\s*$//;
	68
	69	my @tokens = split(/\s/, $raw);
	70
496de919	71	my $conf = { 'main' => {} };
b6973a89 TL	72
b6973a89 TL	73	my $stack = [];
496de919	74	my $section = $conf->{main};
b6973a89 TL	75
	76	while (defined(my $token = shift @tokens)) {
	77	my $nexttok = $tokens[0];
	78
	79	if ($nexttok && ($nexttok eq '{')) {
	80	shift @tokens; # skip '{'
496de919 TL	81	my $new_section = {};
	82	if ($conf_array_sections->{$token}) {
	83	$section->{$token} = [] if !defined($section->{$token});
	84	push @{$section->{$token}}, $new_section;
	85	} elsif (!defined($section->{$token})) {
	86	$section->{$token} = $new_section;
	87	} else {
	88	die "section '$token' already exists and not marked as array!\n";
	89	}
b6973a89 TL	90	push @$stack, $section;
	91	$section = $new_section;
	92	next;
	93	}
	94
	95	if ($token eq '}') {
	96	$section = pop @$stack;
	97	die "parse error - uncexpected '}'\n" if !$section;
	98	next;
	99	}
	100
	101	my $key = $token;
	102	die "missing ':' after key '$key'\n" if ! ($key =~ s/:$//);
	103
	104	die "parse error - no value for '$key'\n" if !defined($nexttok);
	105	my $value = shift @tokens;
	106
496de919	107	$section->{$key} = $value;
b6973a89 TL	108	}
b6973a89 TL	109
e7ecad20 TL	110	# make working with the config way easier
e7ecad20 TL	111	my ($totem, $nodelist) = $conf->{main}->@{"totem", "nodelist"};
018bbcab TL	112
	113	$nodelist->{node} = {
	114	map {
	115	$_->{name} // $_->{ring0_addr} => $_
	116	} @{$nodelist->{node}}
	117	};
	118	$totem->{interface} = {
	119	map {
	120	$_->{linknumber} // $_->{ringnumber} => $_
	121	} @{$totem->{interface}}
	122	};
e7ecad20	123
b6973a89 TL	124	$conf->{digest} = $digest;
	125
	126	return $conf;
	127	}
	128
b6973a89 TL	129	sub write_conf {
	130	my ($filename, $conf) = @_;
	131
e7ecad20 TL	132	my $c = clone($conf->{main}) // die "no main section";
	133
	134	# retransform back for easier dumping
	135	my $hash_to_array = sub {
	136	my ($hash) = @_;
	137	return [ $hash->@{sort keys %$hash} ];
	138	};
b6973a89	139
e7ecad20 TL	140	$c->{nodelist}->{node} = &$hash_to_array($c->{nodelist}->{node});
	141	$c->{totem}->{interface} = &$hash_to_array($c->{totem}->{interface});
	142
0e578bb7 TL	143	my $dump_section_weak;
	144	$dump_section_weak = sub {
	145	my ($section, $prefix) = @_;
	146
	147	my $raw = '';
	148
	149	foreach my $k (sort keys %$section) {
	150	my $v = $section->{$k};
	151	if (ref($v) eq 'HASH') {
	152	$raw .= $prefix . "$k {\n";
	153	$raw .= $dump_section_weak->($v, "$prefix ");
	154	$raw .= $prefix . "}\n";
	155	$raw .= "\n" if !$prefix; # add extra newline at 1st level only
	156	} elsif (ref($v) eq 'ARRAY') {
	157	foreach my $child (@$v) {
	158	$raw .= $prefix . "$k {\n";
	159	$raw .= $dump_section_weak->($child, "$prefix ");
	160	$raw .= $prefix . "}\n";
	161	}
	162	} elsif (!ref($v)) {
	163	die "got undefined value for key '$k'!\n" if !defined($v);
	164	$raw .= $prefix . "$k: $v\n";
	165	} else {
	166	die "unexpected reference in config hash: $k => ". ref($v) ."\n";
	167	}
	168	}
	169
	170	return $raw;
	171	};
	172	my $dump_section = $dump_section_weak;
	173	weaken($dump_section_weak);
	174
	175	my $raw = $dump_section->($c, '');
b6973a89 TL	176
	177	return $raw;
	178	}
	179
2b28b160	180	# read only - use atomic_write_conf method to write
b6973a89 TL	181	PVE::Cluster::cfs_register_file('corosync.conf', \&parse_conf);
	182	# this is read/write
	183	PVE::Cluster::cfs_register_file('corosync.conf.new', \&parse_conf,
	184	\&write_conf);
	185
	186	sub check_conf_exists {
	187	my ($silent) = @_;
	188
	189	$silent = $silent // 0;
	190
	191	my $exists = -f "$basedir/corosync.conf";
	192
	193	warn "Corosync config '$basedir/corosync.conf' does not exist - is this node part of a cluster?\n"
	194	if !$silent && !$exists;
	195
	196	return $exists;
	197	}
	198
	199	sub update_nodelist {
	200	my ($conf, $nodelist) = @_;
	201
e7ecad20	202	$conf->{main}->{nodelist}->{node} = $nodelist;
b6973a89	203
2b28b160	204	atomic_write_conf($conf);
b6973a89 TL	205	}
	206
	207	sub nodelist {
	208	my ($conf) = @_;
e7ecad20	209	return clone($conf->{main}->{nodelist}->{node});
b6973a89 TL	210	}
b6973a89 TL	211
b6973a89 TL	212	sub totem_config {
b6973a89 TL	213	my ($conf) = @_;
e7ecad20	214	return clone($conf->{main}->{totem});
b6973a89 TL	215	}
b6973a89 TL	216
2b28b160 TL	217	# caller must hold corosync.conf cfs lock if used in read-modify-write cycle
	218	sub atomic_write_conf {
	219	my ($conf, $no_increase_version) = @_;
	220
	221	if (!$no_increase_version) {
	222	die "invalid corosync config: unable to read config version\n"
	223	if !defined($conf->{main}->{totem}->{config_version});
	224	$conf->{main}->{totem}->{config_version}++;
	225	}
	226
	227	PVE::Cluster::cfs_write_file("corosync.conf.new", $conf);
	228
	229	rename("/etc/pve/corosync.conf.new", "/etc/pve/corosync.conf")
	230	\|\| die "activating corosync.conf.new failed - $!\n";
	231	}
	232
b01bc84d TL	233	# for creating a new cluster with the current node
	234	# params are those from the API/CLI cluster create call
	235	sub create_conf {
	236	my ($nodename, %param) = @_;
	237
	238	my $clustername = $param{clustername};
	239	my $nodeid = $param{nodeid} \|\| 1;
	240	my $votes = $param{votes} \|\| 1;
	241
	242	my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);
b01bc84d	243
046173ce TL	244	my $link0 = PVE::Cluster::parse_corosync_link($param{link0});
046173ce TL	245	$link0->{address} //= $local_ip_address;
b01bc84d TL	246
	247	my $conf = {
	248	totem => {
	249	version => 2, # protocol version
	250	secauth => 'on',
	251	cluster_name => $clustername,
	252	config_version => 0,
046173ce	253	ip_version => 'ipv4-6',
b01bc84d TL	254	interface => {
b01bc84d TL	255	0 => {
018bbcab	256	linknumber => 0,
b01bc84d TL	257	},
	258	},
	259	},
	260	nodelist => {
	261	node => {
	262	$nodename => {
	263	name => $nodename,
	264	nodeid => $nodeid,
	265	quorum_votes => $votes,
046173ce	266	ring0_addr => $link0->{address},
b01bc84d TL	267	},
	268	},
	269	},
	270	quorum => {
	271	provider => 'corosync_votequorum',
	272	},
	273	logging => {
	274	to_syslog => 'yes',
	275	debug => 'off',
	276	},
	277	};
e7f9c8cc	278	my $totem = $conf->{totem};
b01bc84d	279
e7f9c8cc TL	280	$totem->{interface}->{0}->{knet_link_priority} = $link0->{priority}
e7f9c8cc TL	281	if defined($link0->{priority});
b01bc84d	282
e7f9c8cc	283	my $link1 = PVE::Cluster::parse_corosync_link($param{link1});
046173ce	284	if ($link1->{address}) {
b01bc84d	285	$conf->{totem}->{interface}->{1} = {
018bbcab	286	linknumber => 1,
b01bc84d	287	};
e7f9c8cc TL	288	$totem->{link_mode} = 'passive';
	289	$totem->{interface}->{1}->{knet_link_priority} = $link1->{priority}
	290	if defined($link1->{priority});
046173ce	291	$conf->{nodelist}->{node}->{$nodename}->{ring1_addr} = $link1->{address};
b01bc84d TL	292	}
	293
	294	return { main => $conf };
	295	}
	296
5c82c8c8 SR	297	sub for_all_corosync_addresses {
	298	my ($corosync_conf, $ip_version, $func) = @_;
	299
	300	my $nodelist = nodelist($corosync_conf);
	301	return if !defined($nodelist);
	302
	303	# iterate sorted to make rules deterministic (for change detection)
	304	foreach my $node_name (sort keys %$nodelist) {
	305	my $node_config = $nodelist->{$node_name};
	306	foreach my $node_key (sort keys %$node_config) {
	307	if ($node_key =~ /^(ring\|link)\d+_addr$/) {
	308	my $node_address = $node_config->{$node_key};
	309
	310	my($ip, $version) = resolve_hostname_like_corosync($node_address, $corosync_conf);
53d5168d	311	next if !defined($ip);
5c82c8c8 SR	312	next if defined($version) && defined($ip_version) && $version != $ip_version;
5c82c8c8 SR	313
53d5168d	314	$func->($node_name, $ip, $version, $node_key);
5c82c8c8 SR	315	}
	316	}
	317	}
	318	}
	319
	320	# NOTE: Corosync actually only resolves on startup or config change, but we
	321	# currently do not have an easy way to synchronize our behaviour to that.
	322	sub resolve_hostname_like_corosync {
	323	my ($hostname, $corosync_conf) = @_;
	324
	325	my $corosync_strategy = $corosync_conf->{main}->{totem}->{ip_version};
53d5168d	326	$corosync_strategy = lc ($corosync_strategy // "ipv6-4");
5c82c8c8	327
3e067ee3 FG	328	my $match_ip_and_version = sub {
	329	my ($addr) = @_;
	330
	331	return undef if !defined($addr);
	332
	333	if ($addr =~ m/^$IPV4RE$/) {
	334	return ($addr, 4);
	335	} elsif ($addr =~ m/^$IPV6RE$/) {
	336	return ($addr, 6);
	337	}
	338
	339	return undef;
	340	};
	341
	342	my ($resolved_ip, $ip_version) = $match_ip_and_version->($hostname);
	343
	344	return ($resolved_ip, $ip_version) if defined($resolved_ip);
	345
5c82c8c8 SR	346	my $resolved_ip4;
	347	my $resolved_ip6;
	348
	349	my @resolved_raw;
	350	eval { @resolved_raw = PVE::Tools::getaddrinfo_all($hostname); };
	351
3e067ee3	352	return undef if ($@ \|\| !@resolved_raw);
5c82c8c8 SR	353
	354	foreach my $socket_info (@resolved_raw) {
	355	next if !$socket_info->{addr};
	356
	357	my ($family, undef, $host) = PVE::Tools::unpack_sockaddr_in46($socket_info->{addr});
	358
	359	if ($family == AF_INET && !defined($resolved_ip4)) {
	360	$resolved_ip4 = inet_ntop(AF_INET, $host);
	361	} elsif ($family == AF_INET6 && !defined($resolved_ip6)) {
	362	$resolved_ip6 = inet_ntop(AF_INET6, $host);
	363	}
	364
	365	last if defined($resolved_ip4) && defined($resolved_ip6);
	366	}
	367
	368	# corosync_strategy specifies the order in which IP addresses are resolved
	369	# by corosync. We need to match that order, to ensure we create firewall
	370	# rules for the correct address family.
5c82c8c8 SR	371	if ($corosync_strategy eq "ipv4") {
	372	$resolved_ip = $resolved_ip4;
	373	} elsif ($corosync_strategy eq "ipv6") {
	374	$resolved_ip = $resolved_ip6;
	375	} elsif ($corosync_strategy eq "ipv6-4") {
	376	$resolved_ip = $resolved_ip6 // $resolved_ip4;
	377	} elsif ($corosync_strategy eq "ipv4-6") {
	378	$resolved_ip = $resolved_ip4 // $resolved_ip6;
	379	}
	380
3e067ee3	381	return $match_ip_and_version->($resolved_ip);
5c82c8c8 SR	382	}
5c82c8c8 SR	383
b6973a89	384	1;