[pve-cluster.git] / data / PVE / CLI / pvecm.pm

package PVE::CLI::pvecm;

use strict;
use warnings;

use File::Path;
use File::Basename;
use PVE::Tools qw(run_command);
use PVE::Cluster;
use PVE::INotify;
use PVE::JSONSchema qw(get_standard_option);
use PVE::RPCEnvironment;
use PVE::CLIHandler;
use PVE::PTY;
use PVE::API2::ClusterConfig;
use PVE::Corosync;

use base qw(PVE::CLIHandler);

$ENV{HOME} = '/root'; # for ssh-copy-id

my $basedir = "/etc/pve";
my $clusterconf = "$basedir/corosync.conf";
my $libdir = "/var/lib/pve-cluster";
my $authfile = "/etc/corosync/authkey";


sub setup_environment {
    PVE::RPCEnvironment->setup_default_cli_env();
}

__PACKAGE__->register_method ({
    name => 'keygen',
    path => 'keygen',
    method => 'PUT',
    description => "Generate new cryptographic key for corosync.",
    parameters => {
    	additionalProperties => 0,
	properties => {
	    filename => {
		type => 'string',
		description => "Output file name"
	    }
	},
    },
    returns => { type => 'null' },

    code => sub {
	my ($param) = @_;

	my $filename = $param->{filename};

	# test EUID
	$> == 0 || die "Error: Authorization key must be generated as root user.\n";
	my $dirname = dirname($filename);

	die "key file '$filename' already exists\n" if -e $filename;

	File::Path::make_path($dirname) if $dirname;

	run_command(['corosync-keygen', '-l', '-k', $filename]);

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'add',
    path => 'add',
    method => 'PUT',
    description => "Adds the current node to an existing cluster.",
    parameters => {
    	additionalProperties => 0,
	properties => {
	    hostname => {
		type => 'string',
		description => "Hostname (or IP) of an existing cluster member."
	    },
	    nodeid => get_standard_option('corosync-nodeid'),
	    votes => {
		type => 'integer',
		description => "Number of votes for this node",
		minimum => 0,
		optional => 1,
	    },
	    force => {
		type => 'boolean',
		description => "Do not throw error if node already exists.",
		optional => 1,
	    },
	    ring0_addr => get_standard_option('corosync-ring0-addr'),
	    ring1_addr => get_standard_option('corosync-ring1-addr'),
	    fingerprint => get_standard_option('fingerprint-sha256', {
		optional => 1,
	    }),
	    'use_ssh' => {
		type => 'boolean',
		description => "Always use SSH to join, even if peer may do it over API.",
		optional => 1,
	    },
	},
    },
    returns => { type => 'null' },

    code => sub {
	my ($param) = @_;

	my $nodename = PVE::INotify::nodename();

	my $host = $param->{hostname};

	PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});

	my $worker = sub {

	    if (!$param->{use_ssh}) {
		print "Please enter superuser (root) password for '$host':\n";
		my $password = PVE::PTY::read_password("Password for root\@$host: ");

		delete $param->{use_ssh};
		$param->{password} = $password;

		my $local_cluster_lock = "/var/lock/pvecm.lock";
		PVE::Tools::lock_file($local_cluster_lock, 10, \&PVE::Cluster::join, $param);

		if (my $err = $@) {
		    if (ref($err) eq 'PVE::APIClient::Exception' && defined($err->{code}) && $err->{code} == 501) {
			$err = "Remote side is not able to use API for Cluster join!\n" .
			       "Pass the 'use_ssh' switch or update the remote side.\n";
		    }
		    die $err;
		}
		return; # all OK, the API join endpoint successfully set us up
	    }

	    # allow fallback to old ssh only join if wished or needed

	    PVE::Cluster::setup_sshd_config();
	    PVE::Cluster::setup_rootsshconfig();
	    PVE::Cluster::setup_ssh_keys();

	    # make sure known_hosts is on local filesystem
	    PVE::Cluster::ssh_unmerge_known_hosts();

	    my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"];
	    run_command($cmd, 'outfunc' => sub {}, 'errfunc' => sub {},
				    'errmsg' => "unable to copy ssh ID");

	    $cmd = ['ssh', $host, '-o', 'BatchMode=yes',
		    'pvecm', 'addnode', $nodename, '--force', 1];

	    push @$cmd, '--nodeid', $param->{nodeid} if $param->{nodeid};
	    push @$cmd, '--votes', $param->{votes} if defined($param->{votes});
	    push @$cmd, '--ring0_addr', $param->{ring0_addr} if defined($param->{ring0_addr});
	    push @$cmd, '--ring1_addr', $param->{ring1_addr} if defined($param->{ring1_addr});

	    if (system (@$cmd) != 0) {
		my $cmdtxt = join (' ', @$cmd);
		die "unable to add node: command failed ($cmdtxt)\n";
	    }

	    my $tmpdir = "$libdir/.pvecm_add.tmp.$$";
	    mkdir $tmpdir;

	    eval {
		print "copy corosync auth key\n";
		$cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq',
			"[$host]:$authfile $clusterconf", $tmpdir];

		system(@$cmd) == 0 || die "can't rsync data from host '$host'\n";

		my $corosync_conf = PVE::Tools::file_get_contents("$tmpdir/corosync.conf");
		my $corosync_authkey = PVE::Tools::file_get_contents("$tmpdir/authkey");

		PVE::Cluster::finish_join($host, $corosync_conf, $corosync_authkey);
	    };
	    my $err = $@;

	    rmtree $tmpdir;

	    die $err if $err;
	};

	# use a synced worker so we get a nice task log when joining through CLI
	my $rpcenv = PVE::RPCEnvironment::get();
	my $authuser = $rpcenv->get_user();

	$rpcenv->fork_worker('clusterjoin', '',  $authuser, $worker);

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'status',
    path => 'status',
    method => 'GET',
    description => "Displays the local view of the cluster status.",
    parameters => {
    	additionalProperties => 0,
	properties => {},
    },
    returns => { type => 'null' },

    code => sub {
	my ($param) = @_;

	PVE::Corosync::check_conf_exists();

	my $cmd = ['corosync-quorumtool', '-siH'];

	exec (@$cmd);

	exit (-1); # should not be reached
    }});

__PACKAGE__->register_method ({
    name => 'nodes',
    path => 'nodes',
    method => 'GET',
    description => "Displays the local view of the cluster nodes.",
    parameters => {
    	additionalProperties => 0,
	properties => {},
    },
    returns => { type => 'null' },

    code => sub {
	my ($param) = @_;

	PVE::Corosync::check_conf_exists();

	my $cmd = ['corosync-quorumtool', '-l'];

	exec (@$cmd);

	exit (-1); # should not be reached
    }});

__PACKAGE__->register_method ({
    name => 'expected',
    path => 'expected',
    method => 'PUT',
    description => "Tells corosync a new value of expected votes.",
    parameters => {
    	additionalProperties => 0,
	properties => {
	    expected => {
		type => 'integer',
		description => "Expected votes",
		minimum => 1,
	    },
	},
    },
    returns => { type => 'null' },

    code => sub {
	my ($param) = @_;

	PVE::Corosync::check_conf_exists();

	my $cmd = ['corosync-quorumtool', '-e', $param->{expected}];

	exec (@$cmd);

	exit (-1); # should not be reached

    }});

__PACKAGE__->register_method ({
    name => 'updatecerts',
    path => 'updatecerts',
    method => 'PUT',
    description => "Update node certificates (and generate all needed files/directories).",
    parameters => {
    	additionalProperties => 0,
	properties => {
	    force => {
		description => "Force generation of new SSL certifate.",
		type => 'boolean',
		optional => 1,
	    },
	    silent => {
		description => "Ignore errors (i.e. when cluster has no quorum).",
		type => 'boolean',
		optional => 1,
	    },
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	PVE::Cluster::setup_rootsshconfig();

	PVE::Cluster::gen_pve_vzdump_symlink();

	if (!PVE::Cluster::check_cfs_quorum(1)) {
	    return undef if $param->{silent};
	    die "no quorum - unable to update files\n";
	}

	PVE::Cluster::setup_ssh_keys();

	my $nodename = PVE::INotify::nodename();

	my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);

	PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $param->{force});
	PVE::Cluster::ssh_merge_keys();
	PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address);
	PVE::Cluster::gen_pve_vzdump_files();

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'mtunnel',
    path => 'mtunnel',
    method => 'POST',
    description => "Used by VM/CT migration - do not use manually.",
    parameters => {
	additionalProperties => 0,
	properties => {
	    get_migration_ip => {
		type => 'boolean',
		default => 0,
		description => 'return the migration IP, if configured',
		optional => 1,
	    },
	    migration_network => {
		type => 'string',
		format => 'CIDR',
		description => 'the migration network used to detect the local migration IP',
		optional => 1,
	    },
	    'run-command' => {
		type => 'boolean',
		description => 'Run a command with a tcp socket as standard input.'
		              .' The IP address and port are printed via this'
			      ." command's stdandard output first, each on a separate line.",
		optional => 1,
	    },
	    'extra-args' => PVE::JSONSchema::get_standard_option('extra-args'),
	},
    },
    returns => { type => 'null'},
    code => sub {
	my ($param) = @_;

	if (!PVE::Cluster::check_cfs_quorum(1)) {
	    print "no quorum\n";
	    return undef;
	}

	my $network = $param->{migration_network};
	if ($param->{get_migration_ip}) {
	    die "cannot use --run-command with --get_migration_ip\n"
		if $param->{'run-command'};
	    if (my $ip = PVE::Cluster::get_local_migration_ip($network)) {
		print "ip: '$ip'\n";
	    } else {
		print "no ip\n";
	    }
	    # do not keep tunnel open when asked for migration ip
	    return undef;
	}

	if ($param->{'run-command'}) {
	    my $cmd = $param->{'extra-args'};
	    die "missing command\n"
		if !$cmd || !scalar(@$cmd);

	    # Get an ip address to listen on, and find a free migration port
	    my ($ip, $family);
	    if (defined($network)) {
		$ip = PVE::Cluster::get_local_migration_ip($network)
		    or die "failed to get migration IP address to listen on\n";
		$family = PVE::Tools::get_host_address_family($ip);
	    } else {
		my $nodename = PVE::INotify::nodename();
		($ip, $family) = PVE::Network::get_ip_from_hostname($nodename, 0);
	    }
	    my $port = PVE::Tools::next_migrate_port($family, $ip);

	    PVE::Tools::pipe_socket_to_command($cmd, $ip, $port);
	    return undef;
	}

	print "tunnel online\n";
	*STDOUT->flush();

	while (my $line = <STDIN>) {
	    chomp $line;
	    last if $line =~ m/^quit$/;
	}

	return undef;
    }});


our $cmddef = {
    keygen => [ __PACKAGE__, 'keygen', ['filename']],
    create => [ 'PVE::API2::ClusterConfig', 'create', ['clustername']],
    add => [ __PACKAGE__, 'add', ['hostname']],
    addnode => [ 'PVE::API2::ClusterConfig', 'addnode', ['node']],
    delnode => [ 'PVE::API2::ClusterConfig', 'delnode', ['node']],
    status => [ __PACKAGE__, 'status' ],
    nodes => [ __PACKAGE__, 'nodes' ],
    expected => [ __PACKAGE__, 'expected', ['expected']],
    updatecerts => [ __PACKAGE__, 'updatecerts', []],
    mtunnel => [ __PACKAGE__, 'mtunnel', ['extra-args']],
};

1;
Commit	Line	Data
13d44dc5 DM	1	package PVE::CLI::pvecm;
	2
	3	use strict;
	4	use warnings;
95e7bcac	5
13d44dc5 DM	6	use File::Path;
13d44dc5 DM	7	use File::Basename;
294f76c4	8	use PVE::Tools qw(run_command);
13d44dc5 DM	9	use PVE::Cluster;
13d44dc5 DM	10	use PVE::INotify;
10c6810e	11	use PVE::JSONSchema qw(get_standard_option);
03b23bd0	12	use PVE::RPCEnvironment;
13d44dc5	13	use PVE::CLIHandler;
03b23bd0	14	use PVE::PTY;
1d26c202	15	use PVE::API2::ClusterConfig;
b6973a89	16	use PVE::Corosync;
13d44dc5 DM	17
	18	use base qw(PVE::CLIHandler);
	19
	20	$ENV{HOME} = '/root'; # for ssh-copy-id
	21
	22	my $basedir = "/etc/pve";
	23	my $clusterconf = "$basedir/corosync.conf";
	24	my $libdir = "/var/lib/pve-cluster";
13d44dc5 DM	25	my $authfile = "/etc/corosync/authkey";
13d44dc5 DM	26
9db3f0c0	27
03b23bd0 TL	28	sub setup_environment {
	29	PVE::RPCEnvironment->setup_default_cli_env();
	30	}
	31
13d44dc5	32	__PACKAGE__->register_method ({
c53b111f	33	name => 'keygen',
13d44dc5 DM	34	path => 'keygen',
	35	method => 'PUT',
	36	description => "Generate new cryptographic key for corosync.",
	37	parameters => {
	38	additionalProperties => 0,
	39	properties => {
	40	filename => {
	41	type => 'string',
	42	description => "Output file name"
	43	}
	44	},
	45	},
	46	returns => { type => 'null' },
c53b111f	47
13d44dc5 DM	48	code => sub {
	49	my ($param) = @_;
	50
	51	my $filename = $param->{filename};
	52
	53	# test EUID
	54	$> == 0 \|\| die "Error: Authorization key must be generated as root user.\n";
	55	my $dirname = dirname($filename);
13d44dc5 DM	56
	57	die "key file '$filename' already exists\n" if -e $filename;
	58
	59	File::Path::make_path($dirname) if $dirname;
	60
294f76c4	61	run_command(['corosync-keygen', '-l', '-k', $filename]);
13d44dc5 DM	62
	63	return undef;
	64	}});
	65
13d44dc5	66	__PACKAGE__->register_method ({
c53b111f	67	name => 'add',
13d44dc5 DM	68	path => 'add',
	69	method => 'PUT',
	70	description => "Adds the current node to an existing cluster.",
	71	parameters => {
	72	additionalProperties => 0,
	73	properties => {
	74	hostname => {
	75	type => 'string',
	76	description => "Hostname (or IP) of an existing cluster member."
	77	},
10c6810e	78	nodeid => get_standard_option('corosync-nodeid'),
13d44dc5 DM	79	votes => {
	80	type => 'integer',
	81	description => "Number of votes for this node",
	82	minimum => 0,
	83	optional => 1,
	84	},
	85	force => {
	86	type => 'boolean',
	87	description => "Do not throw error if node already exists.",
	88	optional => 1,
	89	},
10c6810e TL	90	ring0_addr => get_standard_option('corosync-ring0-addr'),
	91	ring1_addr => get_standard_option('corosync-ring1-addr'),
	92	fingerprint => get_standard_option('fingerprint-sha256', {
03b23bd0 TL	93	optional => 1,
	94	}),
	95	'use_ssh' => {
	96	type => 'boolean',
	97	description => "Always use SSH to join, even if peer may do it over API.",
	98	optional => 1,
	99	},
13d44dc5 DM	100	},
	101	},
	102	returns => { type => 'null' },
c53b111f	103
13d44dc5 DM	104	code => sub {
	105	my ($param) = @_;
	106
	107	my $nodename = PVE::INotify::nodename();
	108
03b23bd0	109	my $host = $param->{hostname};
13d44dc5	110
68491de3	111	PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
f566b424	112
83e5e7b7	113	my $worker = sub {
03b23bd0	114
83e5e7b7 TL	115	if (!$param->{use_ssh}) {
	116	print "Please enter superuser (root) password for '$host':\n";
	117	my $password = PVE::PTY::read_password("Password for root\@$host: ");
03b23bd0	118
83e5e7b7 TL	119	delete $param->{use_ssh};
83e5e7b7 TL	120	$param->{password} = $password;
03b23bd0	121
83e5e7b7 TL	122	my $local_cluster_lock = "/var/lock/pvecm.lock";
	123	PVE::Tools::lock_file($local_cluster_lock, 10, \&PVE::Cluster::join, $param);
	124
	125	if (my $err = $@) {
efe59a84	126	if (ref($err) eq 'PVE::APIClient::Exception' && defined($err->{code}) && $err->{code} == 501) {
83e5e7b7 TL	127	$err = "Remote side is not able to use API for Cluster join!\n" .
	128	"Pass the 'use_ssh' switch or update the remote side.\n";
	129	}
	130	die $err;
03b23bd0	131	}
83e5e7b7	132	return; # all OK, the API join endpoint successfully set us up
03b23bd0	133	}
03b23bd0	134
83e5e7b7 TL	135	# allow fallback to old ssh only join if wished or needed
	136
	137	PVE::Cluster::setup_sshd_config();
	138	PVE::Cluster::setup_rootsshconfig();
	139	PVE::Cluster::setup_ssh_keys();
03b23bd0	140
83e5e7b7 TL	141	# make sure known_hosts is on local filesystem
83e5e7b7 TL	142	PVE::Cluster::ssh_unmerge_known_hosts();
5a630d8f	143
83e5e7b7 TL	144	my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"];
	145	run_command($cmd, 'outfunc' => sub {}, 'errfunc' => sub {},
	146	'errmsg' => "unable to copy ssh ID");
13d44dc5	147
83e5e7b7 TL	148	$cmd = ['ssh', $host, '-o', 'BatchMode=yes',
83e5e7b7 TL	149	'pvecm', 'addnode', $nodename, '--force', 1];
13d44dc5	150
83e5e7b7 TL	151	push @$cmd, '--nodeid', $param->{nodeid} if $param->{nodeid};
	152	push @$cmd, '--votes', $param->{votes} if defined($param->{votes});
	153	push @$cmd, '--ring0_addr', $param->{ring0_addr} if defined($param->{ring0_addr});
	154	push @$cmd, '--ring1_addr', $param->{ring1_addr} if defined($param->{ring1_addr});
	155
	156	if (system (@$cmd) != 0) {
	157	my $cmdtxt = join (' ', @$cmd);
	158	die "unable to add node: command failed ($cmdtxt)\n";
	159	}
13d44dc5	160
83e5e7b7 TL	161	my $tmpdir = "$libdir/.pvecm_add.tmp.$$";
83e5e7b7 TL	162	mkdir $tmpdir;
14d0000a	163
83e5e7b7 TL	164	eval {
	165	print "copy corosync auth key\n";
	166	$cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq',
	167	"[$host]:$authfile $clusterconf", $tmpdir];
13d44dc5	168
83e5e7b7	169	system(@$cmd) == 0 \|\| die "can't rsync data from host '$host'\n";
13d44dc5	170
83e5e7b7 TL	171	my $corosync_conf = PVE::Tools::file_get_contents("$tmpdir/corosync.conf");
83e5e7b7 TL	172	my $corosync_authkey = PVE::Tools::file_get_contents("$tmpdir/authkey");
13d44dc5	173
83e5e7b7 TL	174	PVE::Cluster::finish_join($host, $corosync_conf, $corosync_authkey);
	175	};
	176	my $err = $@;
13d44dc5	177
83e5e7b7	178	rmtree $tmpdir;
13d44dc5	179
83e5e7b7	180	die $err if $err;
13d44dc5	181	};
13d44dc5	182
83e5e7b7 TL	183	# use a synced worker so we get a nice task log when joining through CLI
	184	my $rpcenv = PVE::RPCEnvironment::get();
	185	my $authuser = $rpcenv->get_user();
13d44dc5	186
83e5e7b7	187	$rpcenv->fork_worker('clusterjoin', '', $authuser, $worker);
13d44dc5 DM	188
	189	return undef;
	190	}});
	191
	192	__PACKAGE__->register_method ({
c53b111f	193	name => 'status',
13d44dc5 DM	194	path => 'status',
	195	method => 'GET',
	196	description => "Displays the local view of the cluster status.",
	197	parameters => {
	198	additionalProperties => 0,
	199	properties => {},
	200	},
	201	returns => { type => 'null' },
c53b111f	202
13d44dc5 DM	203	code => sub {
	204	my ($param) = @_;
	205
b6973a89	206	PVE::Corosync::check_conf_exists();
eb51b829	207
13d44dc5 DM	208	my $cmd = ['corosync-quorumtool', '-siH'];
	209
	210	exec (@$cmd);
	211
	212	exit (-1); # should not be reached
	213	}});
	214
	215	__PACKAGE__->register_method ({
c53b111f	216	name => 'nodes',
13d44dc5 DM	217	path => 'nodes',
	218	method => 'GET',
	219	description => "Displays the local view of the cluster nodes.",
	220	parameters => {
	221	additionalProperties => 0,
	222	properties => {},
	223	},
	224	returns => { type => 'null' },
c53b111f	225
13d44dc5 DM	226	code => sub {
	227	my ($param) = @_;
	228
b6973a89	229	PVE::Corosync::check_conf_exists();
eb51b829	230
13d44dc5 DM	231	my $cmd = ['corosync-quorumtool', '-l'];
	232
	233	exec (@$cmd);
	234
	235	exit (-1); # should not be reached
	236	}});
	237
	238	__PACKAGE__->register_method ({
c53b111f	239	name => 'expected',
13d44dc5 DM	240	path => 'expected',
	241	method => 'PUT',
	242	description => "Tells corosync a new value of expected votes.",
	243	parameters => {
	244	additionalProperties => 0,
	245	properties => {
	246	expected => {
	247	type => 'integer',
	248	description => "Expected votes",
	249	minimum => 1,
	250	},
	251	},
	252	},
	253	returns => { type => 'null' },
c53b111f	254
13d44dc5 DM	255	code => sub {
	256	my ($param) = @_;
	257
b6973a89	258	PVE::Corosync::check_conf_exists();
eb51b829	259
13d44dc5 DM	260	my $cmd = ['corosync-quorumtool', '-e', $param->{expected}];
	261
	262	exec (@$cmd);
	263
	264	exit (-1); # should not be reached
	265
	266	}});
	267
13d44dc5	268	__PACKAGE__->register_method ({
c53b111f	269	name => 'updatecerts',
13d44dc5 DM	270	path => 'updatecerts',
	271	method => 'PUT',
	272	description => "Update node certificates (and generate all needed files/directories).",
	273	parameters => {
	274	additionalProperties => 0,
	275	properties => {
	276	force => {
	277	description => "Force generation of new SSL certifate.",
	278	type => 'boolean',
	279	optional => 1,
	280	},
	281	silent => {
	282	description => "Ignore errors (i.e. when cluster has no quorum).",
	283	type => 'boolean',
	284	optional => 1,
	285	},
	286	},
	287	},
	288	returns => { type => 'null' },
	289	code => sub {
	290	my ($param) = @_;
	291
	292	PVE::Cluster::setup_rootsshconfig();
	293
	294	PVE::Cluster::gen_pve_vzdump_symlink();
	295
	296	if (!PVE::Cluster::check_cfs_quorum(1)) {
	297	return undef if $param->{silent};
	298	die "no quorum - unable to update files\n";
	299	}
	300
	301	PVE::Cluster::setup_ssh_keys();
	302
	303	my $nodename = PVE::INotify::nodename();
	304
	305	my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);
	306
	307	PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $param->{force});
	308	PVE::Cluster::ssh_merge_keys();
	309	PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address);
	310	PVE::Cluster::gen_pve_vzdump_files();
	311
	312	return undef;
	313	}});
	314
3a966e22 TL	315	__PACKAGE__->register_method ({
	316	name => 'mtunnel',
	317	path => 'mtunnel',
	318	method => 'POST',
	319	description => "Used by VM/CT migration - do not use manually.",
	320	parameters => {
	321	additionalProperties => 0,
f83d8153 TL	322	properties => {
	323	get_migration_ip => {
	324	type => 'boolean',
	325	default => 0,
	326	description => 'return the migration IP, if configured',
	327	optional => 1,
	328	},
	329	migration_network => {
	330	type => 'string',
	331	format => 'CIDR',
	332	description => 'the migration network used to detect the local migration IP',
	333	optional => 1,
	334	},
d56a1ff3 WB	335	'run-command' => {
	336	type => 'boolean',
	337	description => 'Run a command with a tcp socket as standard input.'
	338	.' The IP address and port are printed via this'
	339	." command's stdandard output first, each on a separate line.",
	340	optional => 1,
	341	},
	342	'extra-args' => PVE::JSONSchema::get_standard_option('extra-args'),
f83d8153	343	},
3a966e22 TL	344	},
	345	returns => { type => 'null'},
	346	code => sub {
	347	my ($param) = @_;
	348
	349	if (!PVE::Cluster::check_cfs_quorum(1)) {
	350	print "no quorum\n";
	351	return undef;
	352	}
	353
d56a1ff3	354	my $network = $param->{migration_network};
f83d8153	355	if ($param->{get_migration_ip}) {
d56a1ff3 WB	356	die "cannot use --run-command with --get_migration_ip\n"
d56a1ff3 WB	357	if $param->{'run-command'};
43f4c5f6	358	if (my $ip = PVE::Cluster::get_local_migration_ip($network)) {
f83d8153 TL	359	print "ip: '$ip'\n";
f83d8153 TL	360	} else {
43f4c5f6	361	print "no ip\n";
f83d8153 TL	362	}
	363	# do not keep tunnel open when asked for migration ip
	364	return undef;
	365	}
	366
d56a1ff3 WB	367	if ($param->{'run-command'}) {
	368	my $cmd = $param->{'extra-args'};
	369	die "missing command\n"
	370	if !$cmd \|\| !scalar(@$cmd);
	371
	372	# Get an ip address to listen on, and find a free migration port
	373	my ($ip, $family);
	374	if (defined($network)) {
	375	$ip = PVE::Cluster::get_local_migration_ip($network)
	376	or die "failed to get migration IP address to listen on\n";
b69a6e70	377	$family = PVE::Tools::get_host_address_family($ip);
d56a1ff3 WB	378	} else {
	379	my $nodename = PVE::INotify::nodename();
	380	($ip, $family) = PVE::Network::get_ip_from_hostname($nodename, 0);
	381	}
	382	my $port = PVE::Tools::next_migrate_port($family, $ip);
	383
48178573	384	PVE::Tools::pipe_socket_to_command($cmd, $ip, $port);
d56a1ff3 WB	385	return undef;
	386	}
	387
3a966e22 TL	388	print "tunnel online\n";
	389	*STDOUT->flush();
	390
3bec79e5	391	while (my $line = <STDIN>) {
3a966e22 TL	392	chomp $line;
	393	last if $line =~ m/^quit$/;
	394	}
	395
	396	return undef;
	397	}});
	398
13d44dc5 DM	399
	400	our $cmddef = {
	401	keygen => [ __PACKAGE__, 'keygen', ['filename']],
74e09a93	402	create => [ 'PVE::API2::ClusterConfig', 'create', ['clustername']],
13d44dc5	403	add => [ __PACKAGE__, 'add', ['hostname']],
1d26c202 TL	404	addnode => [ 'PVE::API2::ClusterConfig', 'addnode', ['node']],
1d26c202 TL	405	delnode => [ 'PVE::API2::ClusterConfig', 'delnode', ['node']],
13d44dc5 DM	406	status => [ __PACKAGE__, 'status' ],
	407	nodes => [ __PACKAGE__, 'nodes' ],
	408	expected => [ __PACKAGE__, 'expected', ['expected']],
	409	updatecerts => [ __PACKAGE__, 'updatecerts', []],
d56a1ff3	410	mtunnel => [ __PACKAGE__, 'mtunnel', ['extra-args']],
13d44dc5 DM	411	};
	412
	413	1;