From: Thomas Lamprecht Date: Tue, 24 Nov 2020 10:52:04 +0000 (+0100) Subject: cluster: restructure ssh role section X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=commitdiff_plain;h=9d999d1bf6a0202a9ab0ea2010a7f960fa5e6647 cluster: restructure ssh role section Move the example into the bulletin points, makes it clearer that they are connected and avoids interrupting the flow when reading. Make the whole "important" part a admontion, as such notes should be self-contained (not split between note and non-note), it also gives it more visibility. Signed-off-by: Thomas Lamprecht --- diff --git a/pvecm.adoc b/pvecm.adoc index fc21e55..cbbcf60 100644 --- a/pvecm.adoc +++ b/pvecm.adoc @@ -869,28 +869,31 @@ pvecm status If you see a healthy cluster state, it means that your new link is being used. -Role of SSH in {PVE} Clustering -------------------------------- +Role of SSH in {PVE} Clusters +----------------------------- -{PVE} utilizes SSH tunnels for various operations: +{PVE} utilizes SSH tunnels for various operations. -* Proxying terminal sessions on the GUI - -* VM/CT Migrations (if not configured 'insecure' mode) - -* Storage replications - -For example when you connect another nodes shell through the interface, a +* Proxying terminal sessions of node and containers between nodes ++ +When you connect another nodes shell through the web interface, for example, a non-interactive SSH tunnel is started in order to forward the necessary ports for the VNC connection. -Similarly during a VM migration an SSH tunnel is established between the target -and source nodes. This way the local `qemu` socket can be used for the migration. +* VM and CT memory and local-storage migration, if the cluster wide migration + settings are not configured 'insecure' mode. During a VM migration an SSH + tunnel is established between the target and source nodes. + +* Storage replication -IMPORTANT: In case you have a custom `.bashrc` or similar file that gets -executed on login, `ssh` will automatically run it once the session is -established. This can cause some unexpected behavior (as commands may be -executed as a side-effect). +.Pitfalls due to automatic execution of `.bashrc` and siblings +[IMPORTANT] +==== +In case you have a custom `.bashrc`, or similar files that get executed on +login by the configured shell, `ssh` will automatically run it once the session +is established successfully. This can cause some unexpected behavior, as those +commands may be executed with root permissions on any above described +operation. That can cause possible problematic side-effects! In order to avoid such complications, it's recommended to add a check in `/root/.bashrc` to make sure the session is interactive, and only then run @@ -899,12 +902,13 @@ In order to avoid such complications, it's recommended to add a check in You can add this snippet at the beginning of your `.bashrc` file: ---- -# If not running interactively, don't do anything +# Early exit if not running interactively to avoid side-effects! case $- in *i*) ;; *) return;; esac ---- +==== Corosync External Vote Support