add migration format to datacenter config

This adds a new format for configuring cluster wide migration
settings.
Those settings include the migration transfer method, secure
(currently ssh) or insecure (tcp), this deprecates the
migration_unsecure parameter which we only keep for backward
compatibility and map it to the new property.
The mapping of the setting should be unproblematic for the user as
exactly the same semantics happen.
Only the case where both, new and old are set at the same time is
problematic, here warn the user and ignore the old setting.

Further the migration network can be set, this denotes the network
used for sending the migration traffic.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index d9eced78a87a43d8344a3cf7ebc4ff01bd4380f6..f8a3729381bc77f6ffc6367b76795a80d6ed0093 100644 (file)
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1318,6 +1318,25 @@ sub ssh_merge_known_hosts {
 
 }
 
+my $migration_format = {
+    type => {
+       default_key => 1,
+       type => 'string',
+       enum => ['secure', 'insecure'],
+       description => "Migration traffic is encrypted using an SSH tunnel by " .
+         "default. On secure, completely private networks this can be " .
+         "disabled to increase performance.",
+       default => 'secure',
+       format_description => 'migration type',
+    },
+    network => {
+       optional => 1,
+       type => 'string', format => 'CIDR',
+       format_description => 'CIDR',
+       description => "CIDR of the (sub) network that is used for migration."
+    },
+};
+
 my $datacenter_schema = {
     type => "object",
     additionalProperties => 0,
@@ -1343,7 +1362,14 @@ my $datacenter_schema = {
        migration_unsecure => {
            optional => 1,
            type => 'boolean',
-           description => "Migration is secure using SSH tunnel by default. For secure private networks you can disable it to speed up migration.",
+           description => "Migration is secure using SSH tunnel by default. " .
+             "For secure private networks you can disable it to speed up " .
+             "migration. Deprecated, use the 'migration' property instead!",
+       },
+       migration => {
+           optional => 1,
+           type => 'string', format => $migration_format,
+           description => "For cluster wide migration settings.",
        },
        console => {
            optional => 1,
@@ -1389,12 +1415,34 @@ sub get_datacenter_schema { return $datacenter_schema };
 sub parse_datacenter_config {
     my ($filename, $raw) = @_;
 
-    return PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw // '');
+    my $res = PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw // '');
+
+    if (my $migration = $res->{migration}) {
+       $res->{migration} = PVE::JSONSchema::parse_property_string($migration_format, $migration);
+    }
+
+    # for backwards compatibility only, new migration property has precedence
+    if (defined($res->{migration_unsecure})) {
+       if (defined($res->{migration}->{type})) {
+           warn "deprecated setting 'migration_unsecure' and new 'migration: type' " .
+             "set at same time! Ignore 'migration_unsecure'\n";
+       } else {
+           $res->{migration}->{type} = ($res->{migration_unsecure}) ? 'insecure' : 'secure';
+       }
+    }
+
+    return $res;
 }
 
 sub write_datacenter_config {
     my ($filename, $cfg) = @_;
-    
+
+    # map deprecated setting to new one
+    if (defined($cfg->{migration_unsecure})) {
+       my $migration_unsecure = delete $cfg->{migration_unsecure};
+       $cfg->{migration}->{type} = ($migration_unsecure) ? 'insecure' : 'secure';
+    }
+
     return PVE::JSONSchema::dump_config($datacenter_schema, $filename, $cfg);
 }