]>
Commit | Line | Data |
---|---|---|
13d44dc5 DM |
1 | package PVE::CLI::pvecm; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
95e7bcac | 5 | |
13d44dc5 DM |
6 | use File::Path; |
7 | use File::Basename; | |
294f76c4 | 8 | use PVE::Tools qw(run_command); |
13d44dc5 DM |
9 | use PVE::Cluster; |
10 | use PVE::INotify; | |
10c6810e | 11 | use PVE::JSONSchema qw(get_standard_option); |
03b23bd0 | 12 | use PVE::RPCEnvironment; |
13d44dc5 | 13 | use PVE::CLIHandler; |
03b23bd0 | 14 | use PVE::PTY; |
1d26c202 | 15 | use PVE::API2::ClusterConfig; |
b6973a89 | 16 | use PVE::Corosync; |
c5204e14 | 17 | use PVE::Cluster::Setup; |
13d44dc5 DM |
18 | |
19 | use base qw(PVE::CLIHandler); | |
20 | ||
21 | $ENV{HOME} = '/root'; # for ssh-copy-id | |
22 | ||
23 | my $basedir = "/etc/pve"; | |
24 | my $clusterconf = "$basedir/corosync.conf"; | |
25 | my $libdir = "/var/lib/pve-cluster"; | |
13d44dc5 DM |
26 | my $authfile = "/etc/corosync/authkey"; |
27 | ||
9db3f0c0 | 28 | |
03b23bd0 TL |
29 | sub setup_environment { |
30 | PVE::RPCEnvironment->setup_default_cli_env(); | |
31 | } | |
32 | ||
13d44dc5 | 33 | __PACKAGE__->register_method ({ |
c53b111f | 34 | name => 'keygen', |
13d44dc5 DM |
35 | path => 'keygen', |
36 | method => 'PUT', | |
37 | description => "Generate new cryptographic key for corosync.", | |
38 | parameters => { | |
39 | additionalProperties => 0, | |
40 | properties => { | |
41 | filename => { | |
42 | type => 'string', | |
43 | description => "Output file name" | |
44 | } | |
45 | }, | |
46 | }, | |
47 | returns => { type => 'null' }, | |
c53b111f | 48 | |
13d44dc5 DM |
49 | code => sub { |
50 | my ($param) = @_; | |
51 | ||
52 | my $filename = $param->{filename}; | |
53 | ||
54 | # test EUID | |
55 | $> == 0 || die "Error: Authorization key must be generated as root user.\n"; | |
56 | my $dirname = dirname($filename); | |
13d44dc5 DM |
57 | |
58 | die "key file '$filename' already exists\n" if -e $filename; | |
59 | ||
60 | File::Path::make_path($dirname) if $dirname; | |
61 | ||
294f76c4 | 62 | run_command(['corosync-keygen', '-l', '-k', $filename]); |
13d44dc5 DM |
63 | |
64 | return undef; | |
65 | }}); | |
66 | ||
63afd01d OB |
67 | my $foreach_member = sub { |
68 | my ($code, $noerr) = @_; | |
69 | ||
70 | my $members = PVE::Cluster::get_members(); | |
71 | foreach my $node (sort keys %$members) { | |
72 | if (my $ip = $members->{$node}->{ip}) { | |
73 | $code->($node, $ip); | |
74 | } else { | |
75 | die "cannot get the cluster IP for node '$node'.\n" if !$noerr; | |
76 | warn "cannot get the cluster IP for node '$node'.\n"; | |
77 | return undef; | |
78 | } | |
79 | } | |
80 | }; | |
81 | ||
82 | __PACKAGE__->register_method ({ | |
83 | name => 'setup_qdevice', | |
84 | path => 'setup_qdevice', | |
85 | method => 'PUT', | |
86 | description => "Setup the use of a QDevice", | |
87 | parameters => { | |
88 | additionalProperties => 0, | |
89 | properties => { | |
90 | address => { | |
91 | type => 'string', format => 'ip', | |
92 | description => "Specifies the network address of an external corosync QDevice" , | |
93 | }, | |
94 | network => { | |
95 | type => 'string', | |
96 | format => 'CIDR', | |
97 | description => 'The network which should be used to connect to the external qdevice', | |
98 | optional => 1, | |
99 | }, | |
100 | force => { | |
101 | type => 'boolean', | |
102 | description => "Do not throw error on possible dangerous operations.", | |
103 | optional => 1, | |
104 | }, | |
105 | }, | |
106 | }, | |
107 | returns => { type => 'null' }, | |
108 | ||
109 | code => sub { | |
110 | my ($param) = @_; | |
111 | ||
75a3d341 | 112 | PVE::Corosync::check_conf_exists(); |
63afd01d OB |
113 | |
114 | my $members = PVE::Cluster::get_members(); | |
115 | foreach my $node (sort keys %$members) { | |
116 | die "All nodes must be online! Node $node is offline, aborting.\n" | |
117 | if !$members->{$node}->{online}; | |
118 | } | |
119 | ||
120 | my $conf = PVE::Cluster::cfs_read_file("corosync.conf"); | |
121 | ||
122 | die "QDevice already configured!\n" | |
123 | if defined($conf->{main}->{quorum}->{device}) && !$param->{force}; | |
124 | ||
125 | my $network = $param->{network}; | |
126 | ||
127 | my $model = "net"; | |
128 | my $algorithm = 'ffsplit'; | |
129 | if (scalar($members) & 1) { | |
130 | if ($param->{force}) { | |
131 | $algorithm = 'lms'; | |
132 | } else { | |
133 | die "Clusters with an odd node count are not officially supported!\n"; | |
134 | } | |
135 | } | |
136 | ||
137 | my $qnetd_addr = $param->{address}; | |
138 | my $base_dir = "/etc/corosync/qdevice/net"; | |
139 | my $db_dir_qnetd = "/etc/corosync/qnetd/nssdb"; | |
140 | my $db_dir_node = "$base_dir/nssdb"; | |
141 | my $ca_export_base = "qnetd-cacert.crt"; | |
142 | my $ca_export_file = "$db_dir_qnetd/$ca_export_base"; | |
143 | my $crq_file_base = "qdevice-net-node.crq"; | |
144 | my $p12_file_base = "qdevice-net-node.p12"; | |
145 | my $qdevice_certutil = "corosync-qdevice-net-certutil"; | |
146 | my $qnetd_certutil= "corosync-qnetd-certutil"; | |
147 | my $clustername = $conf->{main}->{totem}->{cluster_name}; | |
148 | ||
149 | run_command(['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$qnetd_addr"]); | |
150 | ||
151 | if (-d $db_dir_node) { | |
152 | # FIXME: check on all nodes?! | |
153 | if ($param->{force}) { | |
154 | rmtree $db_dir_node; | |
155 | } else { | |
156 | die "QDevice certificate store already initialised, set force to delete!\n"; | |
157 | } | |
158 | } | |
159 | ||
160 | my $ssh_cmd = ['ssh', '-o', 'BatchMode=yes', '-lroot']; | |
161 | my $scp_cmd = ['scp', '-o', 'BatchMode=yes']; | |
162 | ||
163 | print "\nINFO: initializing qnetd server\n"; | |
164 | run_command( | |
165 | [@$ssh_cmd, $qnetd_addr, $qnetd_certutil, "-i"], | |
166 | noerr => 1 | |
167 | ); | |
168 | ||
169 | print "\nINFO: copying CA cert and initializing on all nodes\n"; | |
170 | run_command([@$scp_cmd, "root\@\[$qnetd_addr\]:$ca_export_file", "/etc/pve/$ca_export_base"]); | |
171 | $foreach_member->(sub { | |
172 | my ($node, $ip) = @_; | |
173 | my $outsub = sub { print "\nnode '$node': " . shift }; | |
174 | run_command( | |
175 | [@$ssh_cmd, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"], | |
176 | noerr => 1, outfunc => \&$outsub | |
177 | ); | |
178 | }); | |
179 | unlink "/etc/pve/$ca_export_base"; | |
180 | ||
181 | print "\nINFO: generating cert request\n"; | |
182 | run_command([$qdevice_certutil, "-r", "-n", $clustername]); | |
183 | ||
184 | print "\nINFO: copying exported cert request to qnetd server\n"; | |
185 | run_command([@$scp_cmd, "$db_dir_node/$crq_file_base", "root\@\[$qnetd_addr\]:/tmp"]); | |
186 | ||
187 | print "\nINFO: sign and export cluster cert\n"; | |
188 | run_command([ | |
189 | @$ssh_cmd, $qnetd_addr, $qnetd_certutil, "-s", "-c", | |
190 | "/tmp/$crq_file_base", "-n", "$clustername" | |
191 | ]); | |
192 | ||
193 | print "\nINFO: copy exported CRT\n"; | |
194 | run_command([ | |
195 | @$scp_cmd, "root\@\[$qnetd_addr\]:$db_dir_qnetd/cluster-$clustername.crt", | |
196 | "$db_dir_node" | |
197 | ]); | |
198 | ||
199 | print "\nINFO: import certificate\n"; | |
200 | run_command(["$qdevice_certutil", "-M", "-c", "$db_dir_node/cluster-$clustername.crt"]); | |
201 | ||
202 | print "\nINFO: copy and import pk12 cert to all nodes\n"; | |
203 | run_command([@$scp_cmd, "$db_dir_node/$p12_file_base", "/etc/pve/"]); | |
204 | $foreach_member->(sub { | |
205 | my ($node, $ip) = @_; | |
206 | my $outsub = sub { print "\nnode '$node': " . shift }; | |
207 | run_command([ | |
208 | @$ssh_cmd, $ip, "$qdevice_certutil", "-m", "-c", | |
209 | "/etc/pve/$p12_file_base"], outfunc => \&$outsub | |
210 | ); | |
211 | }); | |
212 | unlink "/etc/pve/$p12_file_base"; | |
213 | ||
214 | ||
215 | my $code = sub { | |
216 | my $conf = PVE::Cluster::cfs_read_file("corosync.conf"); | |
217 | my $quorum_section = $conf->{main}->{quorum}; | |
218 | ||
219 | die "Qdevice already configured, must be removed before setting up new one!\n" | |
220 | if defined($quorum_section->{device}); # must not be forced! | |
221 | ||
222 | my $qdev_section = { | |
223 | model => $model, | |
224 | "$model" => { | |
225 | tls => 'on', | |
226 | host => $qnetd_addr, | |
227 | algorithm => $algorithm, | |
228 | } | |
229 | }; | |
230 | $qdev_section->{votes} = 1 if $algorithm eq 'ffsplit'; | |
231 | ||
232 | $quorum_section->{device} = $qdev_section; | |
233 | ||
234 | PVE::Corosync::atomic_write_conf($conf); | |
235 | }; | |
236 | ||
237 | print "\nINFO: add QDevice to cluster configuration\n"; | |
238 | PVE::Cluster::cfs_lock_file('corosync.conf', 10, $code); | |
239 | die $@ if $@; | |
240 | ||
241 | $foreach_member->(sub { | |
242 | my ($node, $ip) = @_; | |
243 | my $outsub = sub { print "\nnode '$node': " . shift }; | |
244 | print "\nINFO: start and enable corosync qdevice daemon on node '$node'...\n"; | |
245 | run_command([@$ssh_cmd, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub); | |
246 | run_command([@$ssh_cmd, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub); | |
247 | }); | |
248 | ||
249 | run_command(['corosync-cfgtool', '-R']); # do cluster wide config reload | |
250 | ||
251 | return undef; | |
252 | }}); | |
253 | ||
254 | __PACKAGE__->register_method ({ | |
255 | name => 'remove_qdevice', | |
256 | path => 'remove_qdevice', | |
257 | method => 'DELETE', | |
258 | description => "Remove a configured QDevice", | |
259 | parameters => { | |
260 | additionalProperties => 0, | |
261 | properties => {}, | |
262 | }, | |
263 | returns => { type => 'null' }, | |
264 | ||
265 | code => sub { | |
266 | my ($param) = @_; | |
267 | ||
75a3d341 | 268 | PVE::Corosync::check_conf_exists(); |
63afd01d OB |
269 | |
270 | my $members = PVE::Cluster::get_members(); | |
271 | foreach my $node (sort keys %$members) { | |
272 | die "All nodes must be online! Node $node is offline, aborting.\n" | |
273 | if !$members->{$node}->{online}; | |
274 | } | |
275 | ||
276 | my $ssh_cmd = ['ssh', '-o', 'BatchMode=yes', '-lroot']; | |
277 | ||
278 | my $code = sub { | |
279 | my $conf = PVE::Cluster::cfs_read_file("corosync.conf"); | |
280 | my $quorum_section = $conf->{main}->{quorum}; | |
281 | ||
282 | die "No QDevice configured!\n" if !defined($quorum_section->{device}); | |
283 | ||
284 | delete $quorum_section->{device}; | |
285 | ||
286 | PVE::Corosync::atomic_write_conf($conf); | |
287 | ||
288 | # cleanup qdev state (cert storage) | |
289 | my $qdev_state_dir = "/etc/corosync/qdevice"; | |
290 | $foreach_member->(sub { | |
291 | my (undef, $ip) = @_; | |
292 | run_command([@$ssh_cmd, $ip, '--', 'rm', '-rf', $qdev_state_dir]); | |
293 | }); | |
294 | }; | |
295 | ||
296 | PVE::Cluster::cfs_lock_file('corosync.conf', 10, $code); | |
297 | die $@ if $@; | |
298 | ||
299 | $foreach_member->(sub { | |
300 | my (undef, $ip) = @_; | |
301 | run_command([@$ssh_cmd, $ip, 'systemctl', 'stop', 'corosync-qdevice']); | |
302 | run_command([@$ssh_cmd, $ip, 'systemctl', 'disable', 'corosync-qdevice']); | |
303 | }); | |
304 | ||
305 | run_command(['corosync-cfgtool', '-R']); | |
306 | ||
307 | print "\nRemoved Qdevice.\n"; | |
308 | ||
309 | return undef; | |
310 | }}); | |
311 | ||
13d44dc5 | 312 | __PACKAGE__->register_method ({ |
c53b111f | 313 | name => 'add', |
13d44dc5 DM |
314 | path => 'add', |
315 | method => 'PUT', | |
316 | description => "Adds the current node to an existing cluster.", | |
317 | parameters => { | |
318 | additionalProperties => 0, | |
8ef581e4 | 319 | properties => PVE::Corosync::add_corosync_link_properties({ |
13d44dc5 DM |
320 | hostname => { |
321 | type => 'string', | |
322 | description => "Hostname (or IP) of an existing cluster member." | |
323 | }, | |
10c6810e | 324 | nodeid => get_standard_option('corosync-nodeid'), |
13d44dc5 DM |
325 | votes => { |
326 | type => 'integer', | |
327 | description => "Number of votes for this node", | |
328 | minimum => 0, | |
329 | optional => 1, | |
330 | }, | |
331 | force => { | |
332 | type => 'boolean', | |
333 | description => "Do not throw error if node already exists.", | |
334 | optional => 1, | |
335 | }, | |
10c6810e | 336 | fingerprint => get_standard_option('fingerprint-sha256', { |
03b23bd0 TL |
337 | optional => 1, |
338 | }), | |
339 | 'use_ssh' => { | |
340 | type => 'boolean', | |
341 | description => "Always use SSH to join, even if peer may do it over API.", | |
342 | optional => 1, | |
343 | }, | |
8ef581e4 | 344 | }), |
13d44dc5 DM |
345 | }, |
346 | returns => { type => 'null' }, | |
c53b111f | 347 | |
13d44dc5 DM |
348 | code => sub { |
349 | my ($param) = @_; | |
350 | ||
351 | my $nodename = PVE::INotify::nodename(); | |
03b23bd0 | 352 | my $host = $param->{hostname}; |
f566b424 | 353 | |
83e5e7b7 | 354 | my $worker = sub { |
03b23bd0 | 355 | |
83e5e7b7 | 356 | if (!$param->{use_ssh}) { |
f55fe6b3 | 357 | my $password = PVE::PTY::read_password("Please enter superuser (root) password for '$host': "); |
03b23bd0 | 358 | |
83e5e7b7 TL |
359 | delete $param->{use_ssh}; |
360 | $param->{password} = $password; | |
03b23bd0 | 361 | |
83e5e7b7 | 362 | my $local_cluster_lock = "/var/lock/pvecm.lock"; |
c5204e14 | 363 | PVE::Tools::lock_file($local_cluster_lock, 10, \&PVE::Cluster::Setup::join, $param); |
83e5e7b7 TL |
364 | |
365 | if (my $err = $@) { | |
efe59a84 | 366 | if (ref($err) eq 'PVE::APIClient::Exception' && defined($err->{code}) && $err->{code} == 501) { |
83e5e7b7 TL |
367 | $err = "Remote side is not able to use API for Cluster join!\n" . |
368 | "Pass the 'use_ssh' switch or update the remote side.\n"; | |
369 | } | |
370 | die $err; | |
03b23bd0 | 371 | } |
83e5e7b7 | 372 | return; # all OK, the API join endpoint successfully set us up |
03b23bd0 | 373 | } |
03b23bd0 | 374 | |
83e5e7b7 TL |
375 | # allow fallback to old ssh only join if wished or needed |
376 | ||
1e3e951c | 377 | my $local_ip_address = PVE::Cluster::remote_node_ip($nodename); |
8ef581e4 | 378 | my $links = PVE::Corosync::extract_corosync_link_args($param); |
1e3e951c | 379 | |
8ef581e4 | 380 | PVE::Cluster::Setup::assert_joinable($local_ip_address, $links, $param->{force}); |
1e3e951c | 381 | |
c5204e14 FG |
382 | PVE::Cluster::Setup::setup_sshd_config(); |
383 | PVE::Cluster::Setup::setup_rootsshconfig(); | |
384 | PVE::Cluster::Setup::setup_ssh_keys(); | |
03b23bd0 | 385 | |
83e5e7b7 | 386 | # make sure known_hosts is on local filesystem |
c5204e14 | 387 | PVE::Cluster::Setup::ssh_unmerge_known_hosts(); |
5a630d8f | 388 | |
83e5e7b7 TL |
389 | my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"]; |
390 | run_command($cmd, 'outfunc' => sub {}, 'errfunc' => sub {}, | |
391 | 'errmsg' => "unable to copy ssh ID"); | |
13d44dc5 | 392 | |
83e5e7b7 TL |
393 | $cmd = ['ssh', $host, '-o', 'BatchMode=yes', |
394 | 'pvecm', 'addnode', $nodename, '--force', 1]; | |
13d44dc5 | 395 | |
83e5e7b7 TL |
396 | push @$cmd, '--nodeid', $param->{nodeid} if $param->{nodeid}; |
397 | push @$cmd, '--votes', $param->{votes} if defined($param->{votes}); | |
8ef581e4 SR |
398 | |
399 | foreach my $link (keys %$links) { | |
400 | push @$cmd, "--link$link", PVE::JSONSchema::print_property_string( | |
401 | $links->{$link}, get_standard_option('corosync-link')); | |
402 | } | |
83e5e7b7 | 403 | |
88b4cb13 SR |
404 | # this will be used as fallback if no links are specified |
405 | if (!%$links) { | |
406 | push @$cmd, '--link0', $local_ip_address; | |
407 | print "No cluster network links passed explicitly, fallback to local node" | |
408 | . " IP '$local_ip_address'\n"; | |
409 | } | |
410 | ||
83e5e7b7 TL |
411 | if (system (@$cmd) != 0) { |
412 | my $cmdtxt = join (' ', @$cmd); | |
413 | die "unable to add node: command failed ($cmdtxt)\n"; | |
414 | } | |
13d44dc5 | 415 | |
83e5e7b7 TL |
416 | my $tmpdir = "$libdir/.pvecm_add.tmp.$$"; |
417 | mkdir $tmpdir; | |
14d0000a | 418 | |
83e5e7b7 TL |
419 | eval { |
420 | print "copy corosync auth key\n"; | |
421 | $cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq', | |
422 | "[$host]:$authfile $clusterconf", $tmpdir]; | |
13d44dc5 | 423 | |
83e5e7b7 | 424 | system(@$cmd) == 0 || die "can't rsync data from host '$host'\n"; |
13d44dc5 | 425 | |
83e5e7b7 TL |
426 | my $corosync_conf = PVE::Tools::file_get_contents("$tmpdir/corosync.conf"); |
427 | my $corosync_authkey = PVE::Tools::file_get_contents("$tmpdir/authkey"); | |
13d44dc5 | 428 | |
c5204e14 | 429 | PVE::Cluster::Setup::finish_join($host, $corosync_conf, $corosync_authkey); |
83e5e7b7 TL |
430 | }; |
431 | my $err = $@; | |
13d44dc5 | 432 | |
83e5e7b7 | 433 | rmtree $tmpdir; |
13d44dc5 | 434 | |
83e5e7b7 | 435 | die $err if $err; |
13d44dc5 | 436 | }; |
13d44dc5 | 437 | |
83e5e7b7 TL |
438 | # use a synced worker so we get a nice task log when joining through CLI |
439 | my $rpcenv = PVE::RPCEnvironment::get(); | |
440 | my $authuser = $rpcenv->get_user(); | |
13d44dc5 | 441 | |
83e5e7b7 | 442 | $rpcenv->fork_worker('clusterjoin', '', $authuser, $worker); |
13d44dc5 DM |
443 | |
444 | return undef; | |
445 | }}); | |
446 | ||
447 | __PACKAGE__->register_method ({ | |
c53b111f | 448 | name => 'status', |
13d44dc5 DM |
449 | path => 'status', |
450 | method => 'GET', | |
451 | description => "Displays the local view of the cluster status.", | |
452 | parameters => { | |
453 | additionalProperties => 0, | |
454 | properties => {}, | |
455 | }, | |
456 | returns => { type => 'null' }, | |
c53b111f | 457 | |
13d44dc5 DM |
458 | code => sub { |
459 | my ($param) = @_; | |
460 | ||
b6973a89 | 461 | PVE::Corosync::check_conf_exists(); |
3df092f9 TL |
462 | my $conf = eval { PVE::Cluster::cfs_read_file("corosync.conf") } // {}; |
463 | warn "$@" if $@; | |
464 | my $totem = PVE::Corosync::totem_config($conf); | |
465 | ||
466 | if (scalar(%$totem)) { | |
467 | my $print_info = sub { | |
468 | my ($label, $key, $default) = @_; | |
469 | my $val = $totem->{$key} // $default; | |
470 | printf "%-17s %s\n", "$label:", "$val"; | |
471 | }; | |
472 | ||
473 | printf "Cluster information\n"; | |
474 | printf "-------------------\n"; | |
475 | $print_info->('Name', 'cluster_name', 'UNKOWN?'); | |
476 | $print_info->('Config Version', 'config_version', -1); | |
477 | $print_info->('Transport', 'transport', 'knet'); | |
478 | $print_info->('Secure auth', 'secauth', 'off'); | |
479 | printf "\n"; | |
480 | } | |
eb51b829 | 481 | |
13d44dc5 DM |
482 | my $cmd = ['corosync-quorumtool', '-siH']; |
483 | ||
484 | exec (@$cmd); | |
485 | ||
486 | exit (-1); # should not be reached | |
487 | }}); | |
488 | ||
489 | __PACKAGE__->register_method ({ | |
c53b111f | 490 | name => 'nodes', |
13d44dc5 DM |
491 | path => 'nodes', |
492 | method => 'GET', | |
493 | description => "Displays the local view of the cluster nodes.", | |
494 | parameters => { | |
495 | additionalProperties => 0, | |
496 | properties => {}, | |
497 | }, | |
498 | returns => { type => 'null' }, | |
c53b111f | 499 | |
13d44dc5 DM |
500 | code => sub { |
501 | my ($param) = @_; | |
502 | ||
b6973a89 | 503 | PVE::Corosync::check_conf_exists(); |
eb51b829 | 504 | |
13d44dc5 DM |
505 | my $cmd = ['corosync-quorumtool', '-l']; |
506 | ||
507 | exec (@$cmd); | |
508 | ||
509 | exit (-1); # should not be reached | |
510 | }}); | |
511 | ||
512 | __PACKAGE__->register_method ({ | |
c53b111f | 513 | name => 'expected', |
13d44dc5 DM |
514 | path => 'expected', |
515 | method => 'PUT', | |
516 | description => "Tells corosync a new value of expected votes.", | |
517 | parameters => { | |
518 | additionalProperties => 0, | |
519 | properties => { | |
520 | expected => { | |
521 | type => 'integer', | |
522 | description => "Expected votes", | |
523 | minimum => 1, | |
524 | }, | |
525 | }, | |
526 | }, | |
527 | returns => { type => 'null' }, | |
c53b111f | 528 | |
13d44dc5 DM |
529 | code => sub { |
530 | my ($param) = @_; | |
531 | ||
b6973a89 | 532 | PVE::Corosync::check_conf_exists(); |
eb51b829 | 533 | |
13d44dc5 DM |
534 | my $cmd = ['corosync-quorumtool', '-e', $param->{expected}]; |
535 | ||
536 | exec (@$cmd); | |
537 | ||
538 | exit (-1); # should not be reached | |
539 | ||
540 | }}); | |
541 | ||
13d44dc5 | 542 | __PACKAGE__->register_method ({ |
c53b111f | 543 | name => 'updatecerts', |
13d44dc5 DM |
544 | path => 'updatecerts', |
545 | method => 'PUT', | |
546 | description => "Update node certificates (and generate all needed files/directories).", | |
547 | parameters => { | |
548 | additionalProperties => 0, | |
549 | properties => { | |
550 | force => { | |
551 | description => "Force generation of new SSL certifate.", | |
552 | type => 'boolean', | |
553 | optional => 1, | |
554 | }, | |
555 | silent => { | |
556 | description => "Ignore errors (i.e. when cluster has no quorum).", | |
557 | type => 'boolean', | |
558 | optional => 1, | |
559 | }, | |
560 | }, | |
561 | }, | |
562 | returns => { type => 'null' }, | |
563 | code => sub { | |
564 | my ($param) = @_; | |
565 | ||
4e8cc352 TL |
566 | # we get called by the pve-cluster.service ExecStartPost and as we do |
567 | # IO (on /etc/pve) which can hang (uninterruptedly D state). That'd be | |
568 | # no-good for ExecStartPost as it fails the whole service in this case | |
569 | PVE::Tools::run_fork_with_timeout(30, sub { | |
c5204e14 | 570 | PVE::Cluster::Setup::updatecerts_and_ssh($param->@{qw(force silent)}); |
50f74e31 | 571 | }); |
13d44dc5 DM |
572 | |
573 | return undef; | |
574 | }}); | |
575 | ||
ac7a8cf1 TL |
576 | __PACKAGE__->register_method ({ |
577 | name => 'mtunnel', | |
578 | path => 'mtunnel', | |
579 | method => 'POST', | |
580 | description => "Used by VM/CT migration - do not use manually.", | |
581 | parameters => { | |
582 | additionalProperties => 0, | |
583 | properties => { | |
584 | get_migration_ip => { | |
585 | type => 'boolean', | |
586 | default => 0, | |
587 | description => 'return the migration IP, if configured', | |
588 | optional => 1, | |
589 | }, | |
590 | migration_network => { | |
591 | type => 'string', | |
592 | format => 'CIDR', | |
593 | description => 'the migration network used to detect the local migration IP', | |
594 | optional => 1, | |
595 | }, | |
596 | 'run-command' => { | |
597 | type => 'boolean', | |
598 | description => 'Run a command with a tcp socket as standard input.' | |
599 | .' The IP address and port are printed via this' | |
600 | ." command's stdandard output first, each on a separate line.", | |
601 | optional => 1, | |
602 | }, | |
603 | 'extra-args' => PVE::JSONSchema::get_standard_option('extra-args'), | |
604 | }, | |
605 | }, | |
606 | returns => { type => 'null'}, | |
607 | code => sub { | |
608 | my ($param) = @_; | |
609 | ||
610 | if (!PVE::Cluster::check_cfs_quorum(1)) { | |
611 | print "no quorum\n"; | |
612 | return undef; | |
613 | } | |
614 | ||
ab966729 FG |
615 | my $get_local_migration_ip = sub { |
616 | my ($cidr) = @_; | |
617 | ||
618 | if (!defined($cidr)) { | |
619 | my $dc_conf = cfs_read_file('datacenter.cfg'); | |
620 | $cidr = $dc_conf->{migration}->{network} | |
621 | if defined($dc_conf->{migration}->{network}); | |
622 | } | |
623 | ||
624 | if (defined($cidr)) { | |
625 | my $ips = PVE::Network::get_local_ip_from_cidr($cidr); | |
626 | ||
627 | die "could not get migration ip: no IP address configured on local " . | |
628 | "node for network '$cidr'\n" if scalar(@$ips) == 0; | |
629 | ||
26604116 TL |
630 | die "could not get migration ip: multiple, different, IP address configured for " . |
631 | "network '$cidr'\n" if scalar(@$ips) > 1 && grep { @$ips[0] ne $_ } @$ips; | |
ab966729 FG |
632 | |
633 | return @$ips[0]; | |
634 | } | |
635 | ||
636 | return undef; | |
637 | }; | |
638 | ||
ac7a8cf1 TL |
639 | my $network = $param->{migration_network}; |
640 | if ($param->{get_migration_ip}) { | |
641 | die "cannot use --run-command with --get_migration_ip\n" | |
642 | if $param->{'run-command'}; | |
ab966729 FG |
643 | |
644 | if (my $ip = $get_local_migration_ip->($network)) { | |
ac7a8cf1 TL |
645 | print "ip: '$ip'\n"; |
646 | } else { | |
647 | print "no ip\n"; | |
648 | } | |
649 | # do not keep tunnel open when asked for migration ip | |
650 | return undef; | |
651 | } | |
652 | ||
653 | if ($param->{'run-command'}) { | |
654 | my $cmd = $param->{'extra-args'}; | |
655 | die "missing command\n" | |
656 | if !$cmd || !scalar(@$cmd); | |
657 | ||
658 | # Get an ip address to listen on, and find a free migration port | |
659 | my ($ip, $family); | |
660 | if (defined($network)) { | |
ab966729 | 661 | $ip = $get_local_migration_ip->($network) |
ac7a8cf1 TL |
662 | or die "failed to get migration IP address to listen on\n"; |
663 | $family = PVE::Tools::get_host_address_family($ip); | |
664 | } else { | |
665 | my $nodename = PVE::INotify::nodename(); | |
666 | ($ip, $family) = PVE::Network::get_ip_from_hostname($nodename, 0); | |
667 | } | |
668 | my $port = PVE::Tools::next_migrate_port($family, $ip); | |
669 | ||
670 | PVE::Tools::pipe_socket_to_command($cmd, $ip, $port); | |
671 | return undef; | |
672 | } | |
673 | ||
674 | print "tunnel online\n"; | |
675 | *STDOUT->flush(); | |
676 | ||
677 | while (my $line = <STDIN>) { | |
678 | chomp $line; | |
679 | last if $line =~ m/^quit$/; | |
680 | } | |
681 | ||
682 | return undef; | |
683 | }}); | |
684 | ||
685 | ||
13d44dc5 DM |
686 | our $cmddef = { |
687 | keygen => [ __PACKAGE__, 'keygen', ['filename']], | |
74e09a93 | 688 | create => [ 'PVE::API2::ClusterConfig', 'create', ['clustername']], |
13d44dc5 | 689 | add => [ __PACKAGE__, 'add', ['hostname']], |
1d26c202 TL |
690 | addnode => [ 'PVE::API2::ClusterConfig', 'addnode', ['node']], |
691 | delnode => [ 'PVE::API2::ClusterConfig', 'delnode', ['node']], | |
13d44dc5 DM |
692 | status => [ __PACKAGE__, 'status' ], |
693 | nodes => [ __PACKAGE__, 'nodes' ], | |
694 | expected => [ __PACKAGE__, 'expected', ['expected']], | |
695 | updatecerts => [ __PACKAGE__, 'updatecerts', []], | |
ac7a8cf1 | 696 | mtunnel => [ __PACKAGE__, 'mtunnel', ['extra-args']], |
63afd01d OB |
697 | qdevice => { |
698 | setup => [ __PACKAGE__, 'setup_qdevice', ['address']], | |
699 | remove => [ __PACKAGE__, 'remove_qdevice', []], | |
700 | } | |
13d44dc5 DM |
701 | }; |
702 | ||
703 | 1; |