Resolve private network interface
Summary:
Currently, node.resolve_network() gives the "most public" IP address
available on a node.
For tasks like T1826 or T1829, we need to know the "most private" IP address
to allow servers like SSH or Alkane to listen there, restricting those services
for internal use.
For example, this allows to pass the following Jinja template expression
to any configuration needing a private IP address to listen to:
{{ network["private_ipv4_address"] | default("localhost") }}
By heuristics, the method will recommend through is_private_network_stable
if the private network is stable, i.e. suitable to listen to critical
services like SSH. A network is currently unstable if it needs a GRE tunnel
to connect to the private network. The goal is to avoid to be locked
outside a machine if the tunnel is broken: a SSH connection is useful
to debug it. In the future, we can declare stable the nodes with a KVM,
and documented procedure to relink quickly to the private network.
Ref T1829
Test Plan: salt '*' node.resolve_network
Reviewers: dereckson
Reviewed By: dereckson
Maniphest Tasks: T1829
Differential Revision: https://devcentral.nasqueron.org/D3004