]>
Commit | Line | Data |
---|---|---|
13d44dc5 DM |
1 | package PVE::CLI::pvecm; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
95e7bcac | 5 | |
13d44dc5 DM |
6 | use File::Path; |
7 | use File::Basename; | |
294f76c4 | 8 | use PVE::Tools qw(run_command); |
13d44dc5 DM |
9 | use PVE::Cluster; |
10 | use PVE::INotify; | |
10c6810e | 11 | use PVE::JSONSchema qw(get_standard_option); |
03b23bd0 | 12 | use PVE::RPCEnvironment; |
13d44dc5 | 13 | use PVE::CLIHandler; |
03b23bd0 | 14 | use PVE::PTY; |
1d26c202 | 15 | use PVE::API2::ClusterConfig; |
b6973a89 | 16 | use PVE::Corosync; |
13d44dc5 DM |
17 | |
18 | use base qw(PVE::CLIHandler); | |
19 | ||
20 | $ENV{HOME} = '/root'; # for ssh-copy-id | |
21 | ||
22 | my $basedir = "/etc/pve"; | |
23 | my $clusterconf = "$basedir/corosync.conf"; | |
24 | my $libdir = "/var/lib/pve-cluster"; | |
13d44dc5 DM |
25 | my $authfile = "/etc/corosync/authkey"; |
26 | ||
9db3f0c0 | 27 | |
03b23bd0 TL |
28 | sub setup_environment { |
29 | PVE::RPCEnvironment->setup_default_cli_env(); | |
30 | } | |
31 | ||
13d44dc5 | 32 | __PACKAGE__->register_method ({ |
c53b111f | 33 | name => 'keygen', |
13d44dc5 DM |
34 | path => 'keygen', |
35 | method => 'PUT', | |
36 | description => "Generate new cryptographic key for corosync.", | |
37 | parameters => { | |
38 | additionalProperties => 0, | |
39 | properties => { | |
40 | filename => { | |
41 | type => 'string', | |
42 | description => "Output file name" | |
43 | } | |
44 | }, | |
45 | }, | |
46 | returns => { type => 'null' }, | |
c53b111f | 47 | |
13d44dc5 DM |
48 | code => sub { |
49 | my ($param) = @_; | |
50 | ||
51 | my $filename = $param->{filename}; | |
52 | ||
53 | # test EUID | |
54 | $> == 0 || die "Error: Authorization key must be generated as root user.\n"; | |
55 | my $dirname = dirname($filename); | |
13d44dc5 DM |
56 | |
57 | die "key file '$filename' already exists\n" if -e $filename; | |
58 | ||
59 | File::Path::make_path($dirname) if $dirname; | |
60 | ||
294f76c4 | 61 | run_command(['corosync-keygen', '-l', '-k', $filename]); |
13d44dc5 DM |
62 | |
63 | return undef; | |
64 | }}); | |
65 | ||
13d44dc5 | 66 | __PACKAGE__->register_method ({ |
c53b111f | 67 | name => 'add', |
13d44dc5 DM |
68 | path => 'add', |
69 | method => 'PUT', | |
70 | description => "Adds the current node to an existing cluster.", | |
71 | parameters => { | |
72 | additionalProperties => 0, | |
73 | properties => { | |
74 | hostname => { | |
75 | type => 'string', | |
76 | description => "Hostname (or IP) of an existing cluster member." | |
77 | }, | |
10c6810e | 78 | nodeid => get_standard_option('corosync-nodeid'), |
13d44dc5 DM |
79 | votes => { |
80 | type => 'integer', | |
81 | description => "Number of votes for this node", | |
82 | minimum => 0, | |
83 | optional => 1, | |
84 | }, | |
85 | force => { | |
86 | type => 'boolean', | |
87 | description => "Do not throw error if node already exists.", | |
88 | optional => 1, | |
89 | }, | |
10c6810e TL |
90 | ring0_addr => get_standard_option('corosync-ring0-addr'), |
91 | ring1_addr => get_standard_option('corosync-ring1-addr'), | |
92 | fingerprint => get_standard_option('fingerprint-sha256', { | |
03b23bd0 TL |
93 | optional => 1, |
94 | }), | |
95 | 'use_ssh' => { | |
96 | type => 'boolean', | |
97 | description => "Always use SSH to join, even if peer may do it over API.", | |
98 | optional => 1, | |
99 | }, | |
13d44dc5 DM |
100 | }, |
101 | }, | |
102 | returns => { type => 'null' }, | |
c53b111f | 103 | |
13d44dc5 DM |
104 | code => sub { |
105 | my ($param) = @_; | |
106 | ||
107 | my $nodename = PVE::INotify::nodename(); | |
108 | ||
03b23bd0 | 109 | my $host = $param->{hostname}; |
13d44dc5 | 110 | |
68491de3 | 111 | PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force}); |
f566b424 | 112 | |
83e5e7b7 | 113 | my $worker = sub { |
03b23bd0 | 114 | |
83e5e7b7 TL |
115 | if (!$param->{use_ssh}) { |
116 | print "Please enter superuser (root) password for '$host':\n"; | |
117 | my $password = PVE::PTY::read_password("Password for root\@$host: "); | |
03b23bd0 | 118 | |
83e5e7b7 TL |
119 | delete $param->{use_ssh}; |
120 | $param->{password} = $password; | |
03b23bd0 | 121 | |
83e5e7b7 TL |
122 | my $local_cluster_lock = "/var/lock/pvecm.lock"; |
123 | PVE::Tools::lock_file($local_cluster_lock, 10, \&PVE::Cluster::join, $param); | |
124 | ||
125 | if (my $err = $@) { | |
efe59a84 | 126 | if (ref($err) eq 'PVE::APIClient::Exception' && defined($err->{code}) && $err->{code} == 501) { |
83e5e7b7 TL |
127 | $err = "Remote side is not able to use API for Cluster join!\n" . |
128 | "Pass the 'use_ssh' switch or update the remote side.\n"; | |
129 | } | |
130 | die $err; | |
03b23bd0 | 131 | } |
83e5e7b7 | 132 | return; # all OK, the API join endpoint successfully set us up |
03b23bd0 | 133 | } |
03b23bd0 | 134 | |
83e5e7b7 TL |
135 | # allow fallback to old ssh only join if wished or needed |
136 | ||
137 | PVE::Cluster::setup_sshd_config(); | |
138 | PVE::Cluster::setup_rootsshconfig(); | |
139 | PVE::Cluster::setup_ssh_keys(); | |
03b23bd0 | 140 | |
83e5e7b7 TL |
141 | # make sure known_hosts is on local filesystem |
142 | PVE::Cluster::ssh_unmerge_known_hosts(); | |
5a630d8f | 143 | |
83e5e7b7 TL |
144 | my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"]; |
145 | run_command($cmd, 'outfunc' => sub {}, 'errfunc' => sub {}, | |
146 | 'errmsg' => "unable to copy ssh ID"); | |
13d44dc5 | 147 | |
83e5e7b7 TL |
148 | $cmd = ['ssh', $host, '-o', 'BatchMode=yes', |
149 | 'pvecm', 'addnode', $nodename, '--force', 1]; | |
13d44dc5 | 150 | |
83e5e7b7 TL |
151 | push @$cmd, '--nodeid', $param->{nodeid} if $param->{nodeid}; |
152 | push @$cmd, '--votes', $param->{votes} if defined($param->{votes}); | |
153 | push @$cmd, '--ring0_addr', $param->{ring0_addr} if defined($param->{ring0_addr}); | |
154 | push @$cmd, '--ring1_addr', $param->{ring1_addr} if defined($param->{ring1_addr}); | |
155 | ||
156 | if (system (@$cmd) != 0) { | |
157 | my $cmdtxt = join (' ', @$cmd); | |
158 | die "unable to add node: command failed ($cmdtxt)\n"; | |
159 | } | |
13d44dc5 | 160 | |
83e5e7b7 TL |
161 | my $tmpdir = "$libdir/.pvecm_add.tmp.$$"; |
162 | mkdir $tmpdir; | |
14d0000a | 163 | |
83e5e7b7 TL |
164 | eval { |
165 | print "copy corosync auth key\n"; | |
166 | $cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq', | |
167 | "[$host]:$authfile $clusterconf", $tmpdir]; | |
13d44dc5 | 168 | |
83e5e7b7 | 169 | system(@$cmd) == 0 || die "can't rsync data from host '$host'\n"; |
13d44dc5 | 170 | |
83e5e7b7 TL |
171 | my $corosync_conf = PVE::Tools::file_get_contents("$tmpdir/corosync.conf"); |
172 | my $corosync_authkey = PVE::Tools::file_get_contents("$tmpdir/authkey"); | |
13d44dc5 | 173 | |
83e5e7b7 TL |
174 | PVE::Cluster::finish_join($host, $corosync_conf, $corosync_authkey); |
175 | }; | |
176 | my $err = $@; | |
13d44dc5 | 177 | |
83e5e7b7 | 178 | rmtree $tmpdir; |
13d44dc5 | 179 | |
83e5e7b7 | 180 | die $err if $err; |
13d44dc5 | 181 | }; |
13d44dc5 | 182 | |
83e5e7b7 TL |
183 | # use a synced worker so we get a nice task log when joining through CLI |
184 | my $rpcenv = PVE::RPCEnvironment::get(); | |
185 | my $authuser = $rpcenv->get_user(); | |
13d44dc5 | 186 | |
83e5e7b7 | 187 | $rpcenv->fork_worker('clusterjoin', '', $authuser, $worker); |
13d44dc5 DM |
188 | |
189 | return undef; | |
190 | }}); | |
191 | ||
192 | __PACKAGE__->register_method ({ | |
c53b111f | 193 | name => 'status', |
13d44dc5 DM |
194 | path => 'status', |
195 | method => 'GET', | |
196 | description => "Displays the local view of the cluster status.", | |
197 | parameters => { | |
198 | additionalProperties => 0, | |
199 | properties => {}, | |
200 | }, | |
201 | returns => { type => 'null' }, | |
c53b111f | 202 | |
13d44dc5 DM |
203 | code => sub { |
204 | my ($param) = @_; | |
205 | ||
b6973a89 | 206 | PVE::Corosync::check_conf_exists(); |
eb51b829 | 207 | |
13d44dc5 DM |
208 | my $cmd = ['corosync-quorumtool', '-siH']; |
209 | ||
210 | exec (@$cmd); | |
211 | ||
212 | exit (-1); # should not be reached | |
213 | }}); | |
214 | ||
215 | __PACKAGE__->register_method ({ | |
c53b111f | 216 | name => 'nodes', |
13d44dc5 DM |
217 | path => 'nodes', |
218 | method => 'GET', | |
219 | description => "Displays the local view of the cluster nodes.", | |
220 | parameters => { | |
221 | additionalProperties => 0, | |
222 | properties => {}, | |
223 | }, | |
224 | returns => { type => 'null' }, | |
c53b111f | 225 | |
13d44dc5 DM |
226 | code => sub { |
227 | my ($param) = @_; | |
228 | ||
b6973a89 | 229 | PVE::Corosync::check_conf_exists(); |
eb51b829 | 230 | |
13d44dc5 DM |
231 | my $cmd = ['corosync-quorumtool', '-l']; |
232 | ||
233 | exec (@$cmd); | |
234 | ||
235 | exit (-1); # should not be reached | |
236 | }}); | |
237 | ||
238 | __PACKAGE__->register_method ({ | |
c53b111f | 239 | name => 'expected', |
13d44dc5 DM |
240 | path => 'expected', |
241 | method => 'PUT', | |
242 | description => "Tells corosync a new value of expected votes.", | |
243 | parameters => { | |
244 | additionalProperties => 0, | |
245 | properties => { | |
246 | expected => { | |
247 | type => 'integer', | |
248 | description => "Expected votes", | |
249 | minimum => 1, | |
250 | }, | |
251 | }, | |
252 | }, | |
253 | returns => { type => 'null' }, | |
c53b111f | 254 | |
13d44dc5 DM |
255 | code => sub { |
256 | my ($param) = @_; | |
257 | ||
b6973a89 | 258 | PVE::Corosync::check_conf_exists(); |
eb51b829 | 259 | |
13d44dc5 DM |
260 | my $cmd = ['corosync-quorumtool', '-e', $param->{expected}]; |
261 | ||
262 | exec (@$cmd); | |
263 | ||
264 | exit (-1); # should not be reached | |
265 | ||
266 | }}); | |
267 | ||
13d44dc5 | 268 | __PACKAGE__->register_method ({ |
c53b111f | 269 | name => 'updatecerts', |
13d44dc5 DM |
270 | path => 'updatecerts', |
271 | method => 'PUT', | |
272 | description => "Update node certificates (and generate all needed files/directories).", | |
273 | parameters => { | |
274 | additionalProperties => 0, | |
275 | properties => { | |
276 | force => { | |
277 | description => "Force generation of new SSL certifate.", | |
278 | type => 'boolean', | |
279 | optional => 1, | |
280 | }, | |
281 | silent => { | |
282 | description => "Ignore errors (i.e. when cluster has no quorum).", | |
283 | type => 'boolean', | |
284 | optional => 1, | |
285 | }, | |
286 | }, | |
287 | }, | |
288 | returns => { type => 'null' }, | |
289 | code => sub { | |
290 | my ($param) = @_; | |
291 | ||
292 | PVE::Cluster::setup_rootsshconfig(); | |
293 | ||
294 | PVE::Cluster::gen_pve_vzdump_symlink(); | |
295 | ||
296 | if (!PVE::Cluster::check_cfs_quorum(1)) { | |
297 | return undef if $param->{silent}; | |
298 | die "no quorum - unable to update files\n"; | |
299 | } | |
300 | ||
301 | PVE::Cluster::setup_ssh_keys(); | |
302 | ||
303 | my $nodename = PVE::INotify::nodename(); | |
304 | ||
305 | my $local_ip_address = PVE::Cluster::remote_node_ip($nodename); | |
306 | ||
307 | PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $param->{force}); | |
308 | PVE::Cluster::ssh_merge_keys(); | |
309 | PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address); | |
310 | PVE::Cluster::gen_pve_vzdump_files(); | |
311 | ||
312 | return undef; | |
313 | }}); | |
314 | ||
3a966e22 TL |
315 | __PACKAGE__->register_method ({ |
316 | name => 'mtunnel', | |
317 | path => 'mtunnel', | |
318 | method => 'POST', | |
319 | description => "Used by VM/CT migration - do not use manually.", | |
320 | parameters => { | |
321 | additionalProperties => 0, | |
f83d8153 TL |
322 | properties => { |
323 | get_migration_ip => { | |
324 | type => 'boolean', | |
325 | default => 0, | |
326 | description => 'return the migration IP, if configured', | |
327 | optional => 1, | |
328 | }, | |
329 | migration_network => { | |
330 | type => 'string', | |
331 | format => 'CIDR', | |
332 | description => 'the migration network used to detect the local migration IP', | |
333 | optional => 1, | |
334 | }, | |
d56a1ff3 WB |
335 | 'run-command' => { |
336 | type => 'boolean', | |
337 | description => 'Run a command with a tcp socket as standard input.' | |
338 | .' The IP address and port are printed via this' | |
339 | ." command's stdandard output first, each on a separate line.", | |
340 | optional => 1, | |
341 | }, | |
342 | 'extra-args' => PVE::JSONSchema::get_standard_option('extra-args'), | |
f83d8153 | 343 | }, |
3a966e22 TL |
344 | }, |
345 | returns => { type => 'null'}, | |
346 | code => sub { | |
347 | my ($param) = @_; | |
348 | ||
349 | if (!PVE::Cluster::check_cfs_quorum(1)) { | |
350 | print "no quorum\n"; | |
351 | return undef; | |
352 | } | |
353 | ||
d56a1ff3 | 354 | my $network = $param->{migration_network}; |
f83d8153 | 355 | if ($param->{get_migration_ip}) { |
d56a1ff3 WB |
356 | die "cannot use --run-command with --get_migration_ip\n" |
357 | if $param->{'run-command'}; | |
43f4c5f6 | 358 | if (my $ip = PVE::Cluster::get_local_migration_ip($network)) { |
f83d8153 TL |
359 | print "ip: '$ip'\n"; |
360 | } else { | |
43f4c5f6 | 361 | print "no ip\n"; |
f83d8153 TL |
362 | } |
363 | # do not keep tunnel open when asked for migration ip | |
364 | return undef; | |
365 | } | |
366 | ||
d56a1ff3 WB |
367 | if ($param->{'run-command'}) { |
368 | my $cmd = $param->{'extra-args'}; | |
369 | die "missing command\n" | |
370 | if !$cmd || !scalar(@$cmd); | |
371 | ||
372 | # Get an ip address to listen on, and find a free migration port | |
373 | my ($ip, $family); | |
374 | if (defined($network)) { | |
375 | $ip = PVE::Cluster::get_local_migration_ip($network) | |
376 | or die "failed to get migration IP address to listen on\n"; | |
b69a6e70 | 377 | $family = PVE::Tools::get_host_address_family($ip); |
d56a1ff3 WB |
378 | } else { |
379 | my $nodename = PVE::INotify::nodename(); | |
380 | ($ip, $family) = PVE::Network::get_ip_from_hostname($nodename, 0); | |
381 | } | |
382 | my $port = PVE::Tools::next_migrate_port($family, $ip); | |
383 | ||
48178573 | 384 | PVE::Tools::pipe_socket_to_command($cmd, $ip, $port); |
d56a1ff3 WB |
385 | return undef; |
386 | } | |
387 | ||
3a966e22 TL |
388 | print "tunnel online\n"; |
389 | *STDOUT->flush(); | |
390 | ||
3bec79e5 | 391 | while (my $line = <STDIN>) { |
3a966e22 TL |
392 | chomp $line; |
393 | last if $line =~ m/^quit$/; | |
394 | } | |
395 | ||
396 | return undef; | |
397 | }}); | |
398 | ||
13d44dc5 DM |
399 | |
400 | our $cmddef = { | |
401 | keygen => [ __PACKAGE__, 'keygen', ['filename']], | |
74e09a93 | 402 | create => [ 'PVE::API2::ClusterConfig', 'create', ['clustername']], |
13d44dc5 | 403 | add => [ __PACKAGE__, 'add', ['hostname']], |
1d26c202 TL |
404 | addnode => [ 'PVE::API2::ClusterConfig', 'addnode', ['node']], |
405 | delnode => [ 'PVE::API2::ClusterConfig', 'delnode', ['node']], | |
13d44dc5 DM |
406 | status => [ __PACKAGE__, 'status' ], |
407 | nodes => [ __PACKAGE__, 'nodes' ], | |
408 | expected => [ __PACKAGE__, 'expected', ['expected']], | |
409 | updatecerts => [ __PACKAGE__, 'updatecerts', []], | |
d56a1ff3 | 410 | mtunnel => [ __PACKAGE__, 'mtunnel', ['extra-args']], |
13d44dc5 DM |
411 | }; |
412 | ||
413 | 1; |