]> git.proxmox.com Git - pve-cluster.git/blame - data/PVE/Cluster.pm
projects / pve-cluster.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 4.0-13
[pve-cluster.git] / data / PVE / Cluster.pm
CommitLineData
fe000966
DM		 1package PVE::Cluster;
2
3use strict;
7181f622 4use warnings;
62613060 5use POSIX qw(EEXIST);
fe000966
DM		 6use File::stat qw();
7use Socket;
8use Storable qw(dclone);
9use IO::File;
10use MIME::Base64;
ec48ec22 11use XML::Parser;
440121dc 12use Digest::SHA;
fe000966
DM		 13use Digest::HMAC_SHA1;
14use PVE::Tools;
15use PVE::INotify;
16use PVE::IPCC;
17use PVE::SafeSyslog;
d0ad18e8 18use PVE::JSONSchema;
fe000966
DM		 19use JSON;
20use RRDs;
21use Encode;
22use base 'Exporter';
23
24our @EXPORT_OK = qw(
25cfs_read_file
26cfs_write_file
27cfs_register_file
28cfs_lock_file);
29
30use Data::Dumper; # fixme: remove
31
32# x509 certificate utils
33
34my $basedir = "/etc/pve";
35my $authdir = "$basedir/priv";
36my $lockdir = "/etc/pve/priv/lock";
37
38my $authprivkeyfn = "$authdir/authkey.key";
39my $authpubkeyfn = "$basedir/authkey.pub";
40my $pveca_key_fn = "$authdir/pve-root-ca.key";
41my $pveca_srl_fn = "$authdir/pve-root-ca.srl";
42my $pveca_cert_fn = "$basedir/pve-root-ca.pem";
43# this is just a secret accessable by the web browser
44# and is used for CSRF prevention
45my $pvewww_key_fn = "$basedir/pve-www.key";
46
47# ssh related files
48my $ssh_rsa_id_priv = "/root/.ssh/id_rsa";
49my $ssh_rsa_id = "/root/.ssh/id_rsa.pub";
50my $ssh_host_rsa_id = "/etc/ssh/ssh_host_rsa_key.pub";
51my $sshglobalknownhosts = "/etc/ssh/ssh_known_hosts";
52my $sshknownhosts = "/etc/pve/priv/known_hosts";
53my $sshauthkeys = "/etc/pve/priv/authorized_keys";
ac50b36d 54my $sshd_config_fn = "/etc/ssh/sshd_config";
fe000966 55my $rootsshauthkeys = "/root/.ssh/authorized_keys";
6056578e 56my $rootsshauthkeysbackup = "${rootsshauthkeys}.org";
f666cdde 57my $rootsshconfig = "/root/.ssh/config";
fe000966
DM		 58
59my $observed = {
e1735a61 60 'vzdump.cron' => 1,
fe000966
DM		 61 'storage.cfg' => 1,
62 'datacenter.cfg' => 1,
cafc7309
DM		 63 'corosync.conf' => 1,
64 'corosync.conf.new' => 1,
fe000966
DM		 65 'user.cfg' => 1,
66 'domains.cfg' => 1,
67 'priv/shadow.cfg' => 1,
68 '/qemu-server/' => 1,
f71eee41 69 '/openvz/' => 1,
7f66b436 70 '/lxc/' => 1,
5a5417e6
DM		 71 'ha/crm_commands' => 1,
72 'ha/manager_status' => 1,
73 'ha/resources.cfg' => 1,
74 'ha/groups.cfg' => 1,
fe000966
DM		 75};
76
77# only write output if something fails
78sub run_silent_cmd {
79 my ($cmd) = @_;
80
81 my $outbuf = '';
82
83 my $record_output = sub {
84 $outbuf .= shift;
85 $outbuf .= "\n";
86 };
87
88 eval {
89 PVE::Tools::run_command($cmd, outfunc => $record_output,
90 errfunc => $record_output);
91 };
92
93 my $err = $@;
94
95 if ($err) {
96 print STDERR $outbuf;
97 die $err;
98 }
99}
100
101sub check_cfs_quorum {
01dddfb9
DM		 102 my ($noerr) = @_;
103
fe000966
DM		 104 # note: -w filename always return 1 for root, so wee need
105 # to use File::lstat here
106 my $st = File::stat::lstat("$basedir/local");
01dddfb9
DM		 107 my $quorate = ($st && (($st->mode & 0200) != 0));
108
109 die "cluster not ready - no quorum?\n" if !$quorate && !$noerr;
110
111 return $quorate;
fe000966
DM		 112}
113
114sub check_cfs_is_mounted {
115 my ($noerr) = @_;
116
117 my $res = -l "$basedir/local";
118
119 die "pve configuration filesystem not mounted\n"
120 if !$res && !$noerr;
121
122 return $res;
123}
124
125sub gen_local_dirs {
126 my ($nodename) = @_;
127
128 check_cfs_is_mounted();
129
130 my @required_dirs = (
131 "$basedir/priv",
132 "$basedir/nodes",
133 "$basedir/nodes/$nodename",
7f66b436 134 "$basedir/nodes/$nodename/lxc",
a1c08cfa
DM		 135 "$basedir/nodes/$nodename/qemu-server",
136 "$basedir/nodes/$nodename/openvz",
fe000966
DM		 137 "$basedir/nodes/$nodename/priv");
138
139 foreach my $dir (@required_dirs) {
140 if (! -d $dir) {
62613060 141 mkdir($dir) || $! == EEXIST || die "unable to create directory '$dir' - $!\n";
fe000966
DM		 142 }
143 }
144}
145
146sub gen_auth_key {
147
148 return if -f "$authprivkeyfn";
149
150 check_cfs_is_mounted();
151
62613060 152 mkdir $authdir || $! == EEXIST || die "unable to create dir '$authdir' - $!\n";
fe000966
DM		 153
154 my $cmd = "openssl genrsa -out '$authprivkeyfn' 2048";
155 run_silent_cmd($cmd);
156
157 $cmd = "openssl rsa -in '$authprivkeyfn' -pubout -out '$authpubkeyfn'";
158 run_silent_cmd($cmd)
159}
160
161sub gen_pveca_key {
162
163 return if -f $pveca_key_fn;
164
165 eval {
166 run_silent_cmd(['openssl', 'genrsa', '-out', $pveca_key_fn, '2048']);
167 };
168
169 die "unable to generate pve ca key:\n$@" if $@;
170}
171
172sub gen_pveca_cert {
173
174 if (-f $pveca_key_fn && -f $pveca_cert_fn) {
175 return 0;
176 }
177
178 gen_pveca_key();
179
180 # we try to generate an unique 'subject' to avoid browser problems
181 # (reused serial numbers, ..)
182 my $nid = (split (/\s/, `md5sum '$pveca_key_fn'`))[0] || time();
183
184 eval {
185 run_silent_cmd(['openssl', 'req', '-batch', '-days', '3650', '-new',
186 '-x509', '-nodes', '-key',
187 $pveca_key_fn, '-out', $pveca_cert_fn, '-subj',
188 "/CN=Proxmox Virtual Environment/OU=$nid/O=PVE Cluster Manager CA/"]);
189 };
190
191 die "generating pve root certificate failed:\n$@" if $@;
192
193 return 1;
194}
195
196sub gen_pve_ssl_key {
197 my ($nodename) = @_;
198
199 die "no node name specified" if !$nodename;
200
201 my $pvessl_key_fn = "$basedir/nodes/$nodename/pve-ssl.key";
202
203 return if -f $pvessl_key_fn;
204
205 eval {
206 run_silent_cmd(['openssl', 'genrsa', '-out', $pvessl_key_fn, '2048']);
207 };
208
209 die "unable to generate pve ssl key for node '$nodename':\n$@" if $@;
210}
211
212sub gen_pve_www_key {
213
214 return if -f $pvewww_key_fn;
215
216 eval {
217 run_silent_cmd(['openssl', 'genrsa', '-out', $pvewww_key_fn, '2048']);
218 };
219
220 die "unable to generate pve www key:\n$@" if $@;
221}
222
223sub update_serial {
224 my ($serial) = @_;
225
226 PVE::Tools::file_set_contents($pveca_srl_fn, $serial);
227}
228
229sub gen_pve_ssl_cert {
230 my ($force, $nodename, $ip) = @_;
231
232 die "no node name specified" if !$nodename;
233 die "no IP specified" if !$ip;
234
235 my $pvessl_cert_fn = "$basedir/nodes/$nodename/pve-ssl.pem";
236
237 return if !$force && -f $pvessl_cert_fn;
238
8acde170 239 my $names = "IP:127.0.0.1,IP:::1,DNS:localhost";
fe000966
DM		 240
241 my $rc = PVE::INotify::read_file('resolvconf');
242
243 $names .= ",IP:$ip";
244
245 my $fqdn = $nodename;
246
247 $names .= ",DNS:$nodename";
248
249 if ($rc && $rc->{search}) {
250 $fqdn = $nodename . "." . $rc->{search};
251 $names .= ",DNS:$fqdn";
252 }
253
254 my $sslconf = <<__EOD;
255RANDFILE = /root/.rnd
256extensions = v3_req
257
258[ req ]
259default_bits = 2048
260distinguished_name = req_distinguished_name
261req_extensions = v3_req
262prompt = no
263string_mask = nombstr
264
265[ req_distinguished_name ]
266organizationalUnitName = PVE Cluster Node
267organizationName = Proxmox Virtual Environment
268commonName = $fqdn
269
270[ v3_req ]
271basicConstraints = CA:FALSE
272nsCertType = server
273keyUsage = nonRepudiation, digitalSignature, keyEncipherment
274subjectAltName = $names
275__EOD
276
277 my $cfgfn = "/tmp/pvesslconf-$$.tmp";
278 my $fh = IO::File->new ($cfgfn, "w");
279 print $fh $sslconf;
280 close ($fh);
281
282 my $reqfn = "/tmp/pvecertreq-$$.tmp";
283 unlink $reqfn;
284
285 my $pvessl_key_fn = "$basedir/nodes/$nodename/pve-ssl.key";
286 eval {
287 run_silent_cmd(['openssl', 'req', '-batch', '-new', '-config', $cfgfn,
288 '-key', $pvessl_key_fn, '-out', $reqfn]);
289 };
290
291 if (my $err = $@) {
292 unlink $reqfn;
293 unlink $cfgfn;
294 die "unable to generate pve certificate request:\n$err";
295 }
296
297 update_serial("0000000000000000") if ! -f $pveca_srl_fn;
298
299 eval {
300 run_silent_cmd(['openssl', 'x509', '-req', '-in', $reqfn, '-days', '3650',
301 '-out', $pvessl_cert_fn, '-CAkey', $pveca_key_fn,
302 '-CA', $pveca_cert_fn, '-CAserial', $pveca_srl_fn,
303 '-extfile', $cfgfn]);
304 };
305
306 if (my $err = $@) {
307 unlink $reqfn;
308 unlink $cfgfn;
309 die "unable to generate pve ssl certificate:\n$err";
310 }
311
312 unlink $cfgfn;
313 unlink $reqfn;
314}
315
316sub gen_pve_node_files {
317 my ($nodename, $ip, $opt_force) = @_;
318
319 gen_local_dirs($nodename);
320
321 gen_auth_key();
322
323 # make sure we have a (cluster wide) secret
324 # for CSRFR prevention
325 gen_pve_www_key();
326
327 # make sure we have a (per node) private key
328 gen_pve_ssl_key($nodename);
329
330 # make sure we have a CA
331 my $force = gen_pveca_cert();
332
333 $force = 1 if $opt_force;
334
335 gen_pve_ssl_cert($force, $nodename, $ip);
336}
337
bd0ae7ff
DM		 338my $vzdump_cron_dummy = <<__EOD;
339# cluster wide vzdump cron schedule
340# Atomatically generated file - do not edit
341
342PATH="/usr/sbin:/usr/bin:/sbin:/bin"
343
344__EOD
345
346sub gen_pve_vzdump_symlink {
347
e1735a61 348 my $filename = "/etc/pve/vzdump.cron";
bd0ae7ff
DM		 349
350 my $link_fn = "/etc/cron.d/vzdump";
351
352 if ((-f $filename) && (! -l $link_fn)) {
353 rename($link_fn, "/root/etc_cron_vzdump.org"); # make backup if file exists
354 symlink($filename, $link_fn);
355 }
356}
357
358sub gen_pve_vzdump_files {
359
e1735a61 360 my $filename = "/etc/pve/vzdump.cron";
bd0ae7ff
DM		 361
362 PVE::Tools::file_set_contents($filename, $vzdump_cron_dummy)
363 if ! -f $filename;
364
365 gen_pve_vzdump_symlink();
366};
367
fe000966
DM		 368my $versions = {};
369my $vmlist = {};
370my $clinfo = {};
371
372my $ipcc_send_rec = sub {
373 my ($msgid, $data) = @_;
374
375 my $res = PVE::IPCC::ipcc_send_rec($msgid, $data);
376
377 die "ipcc_send_rec failed: $!\n" if !defined($res) && ($! != 0);
378
379 return $res;
380};
381
382my $ipcc_send_rec_json = sub {
383 my ($msgid, $data) = @_;
384
385 my $res = PVE::IPCC::ipcc_send_rec($msgid, $data);
386
387 die "ipcc_send_rec failed: $!\n" if !defined($res) && ($! != 0);
388
389 return decode_json($res);
390};
391
392my $ipcc_get_config = sub {
393 my ($path) = @_;
394
395 my $bindata = pack "Z*", $path;
2db32d95
DM		 396 my $res = PVE::IPCC::ipcc_send_rec(6, $bindata);
397 if (!defined($res)) {
398 return undef if ($! != 0);
399 return '';
400 }
401
402 return $res;
fe000966
DM		 403};
404
405my $ipcc_get_status = sub {
406 my ($name, $nodename) = @_;
407
408 my $bindata = pack "Z[256]Z[256]", $name, ($nodename || "");
409 return PVE::IPCC::ipcc_send_rec(5, $bindata);
410};
411
412my $ipcc_update_status = sub {
413 my ($name, $data) = @_;
414
415 my $raw = ref($data) ? encode_json($data) : $data;
416 # update status
417 my $bindata = pack "Z[256]Z*", $name, $raw;
418
419 return &$ipcc_send_rec(4, $bindata);
420};
421
422my $ipcc_log = sub {
423 my ($priority, $ident, $tag, $msg) = @_;
424
425 my $bindata = pack "CCCZ*Z*Z*", $priority, bytes::length($ident) + 1,
426 bytes::length($tag) + 1, $ident, $tag, $msg;
427
428 return &$ipcc_send_rec(7, $bindata);
429};
430
431my $ipcc_get_cluster_log = sub {
432 my ($user, $max) = @_;
433
434 $max = 0 if !defined($max);
435
436 my $bindata = pack "VVVVZ*", $max, 0, 0, 0, ($user || "");
437 return &$ipcc_send_rec(8, $bindata);
438};
439
440my $ccache = {};
441
442sub cfs_update {
443 eval {
444 my $res = &$ipcc_send_rec_json(1);
445 #warn "GOT1: " . Dumper($res);
446 die "no starttime\n" if !$res->{starttime};
447
448 if (!$res->{starttime} || !$versions->{starttime} ||
449 $res->{starttime} != $versions->{starttime}) {
450 #print "detected changed starttime\n";
451 $vmlist = {};
452 $clinfo = {};
453 $ccache = {};
454 }
455
456 $versions = $res;
457 };
458 my $err = $@;
459 if ($err) {
460 $versions = {};
461 $vmlist = {};
462 $clinfo = {};
463 $ccache = {};
464 warn $err;
465 }
466
467 eval {
468 if (!$clinfo->{version} || $clinfo->{version} != $versions->{clinfo}) {
469 #warn "detected new clinfo\n";
470 $clinfo = &$ipcc_send_rec_json(2);
471 }
472 };
473 $err = $@;
474 if ($err) {
475 $clinfo = {};
476 warn $err;
477 }
478
479 eval {
480 if (!$vmlist->{version} || $vmlist->{version} != $versions->{vmlist}) {
481 #warn "detected new vmlist1\n";
482 $vmlist = &$ipcc_send_rec_json(3);
483 }
484 };
485 $err = $@;
486 if ($err) {
487 $vmlist = {};
488 warn $err;
489 }
490}
491
492sub get_vmlist {
493 return $vmlist;
494}
495
496sub get_clinfo {
497 return $clinfo;
498}
499
9ddd4ae9
DM		 500sub get_members {
501 return $clinfo->{nodelist};
502}
503
fe000966
DM		 504sub get_nodelist {
505
506 my $nodelist = $clinfo->{nodelist};
507
508 my $result = [];
509
510 my $nodename = PVE::INotify::nodename();
511
512 if (!$nodelist || !$nodelist->{$nodename}) {
513 return [ $nodename ];
514 }
515
516 return [ keys %$nodelist ];
517}
518
519sub broadcast_tasklist {
520 my ($data) = @_;
521
522 eval {
523 &$ipcc_update_status("tasklist", $data);
524 };
525
526 warn $@ if $@;
527}
528
529my $tasklistcache = {};
530
531sub get_tasklist {
532 my ($nodename) = @_;
533
534 my $kvstore = $versions->{kvstore} || {};
535
536 my $nodelist = get_nodelist();
537
538 my $res = [];
539 foreach my $node (@$nodelist) {
540 next if $nodename && ($nodename ne $node);
541 eval {
542 my $ver = $kvstore->{$node}->{tasklist} if $kvstore->{$node};
543 my $cd = $tasklistcache->{$node};
cebe16ec
DM		 544 if (!$cd || !$ver || !$cd->{version} ||
545 ($cd->{version} != $ver)) {
fe000966
DM		 546 my $raw = &$ipcc_get_status("tasklist", $node) || '[]';
547 my $data = decode_json($raw);
548 push @$res, @$data;
549 $cd = $tasklistcache->{$node} = {
550 data => $data,
551 version => $ver,
552 };
553 } elsif ($cd && $cd->{data}) {
554 push @$res, @{$cd->{data}};
555 }
556 };
557 my $err = $@;
558 syslog('err', $err) if $err;
559 }
560
561 return $res;
562}
563
564sub broadcast_rrd {
565 my ($rrdid, $data) = @_;
566
567 eval {
568 &$ipcc_update_status("rrd/$rrdid", $data);
569 };
570 my $err = $@;
571
572 warn $err if $err;
573}
574
575my $last_rrd_dump = 0;
576my $last_rrd_data = "";
577
578sub rrd_dump {
579
580 my $ctime = time();
581
582 my $diff = $ctime - $last_rrd_dump;
583 if ($diff < 2) {
584 return $last_rrd_data;
585 }
586
587 my $raw;
588 eval {
589 $raw = &$ipcc_send_rec(10);
590 };
591 my $err = $@;
592
593 if ($err) {
594 warn $err;
595 return {};
596 }
597
598 my $res = {};
599
c3fabca7
DM		 600 if ($raw) {
601 while ($raw =~ s/^(.*)\n//) {
602 my ($key, @ela) = split(/:/, $1);
603 next if !$key;
604 next if !(scalar(@ela) > 1);
605 $res->{$key} = \@ela;
606 }
fe000966
DM		 607 }
608
609 $last_rrd_dump = $ctime;
610 $last_rrd_data = $res;
611
612 return $res;
613}
614
615sub create_rrd_data {
616 my ($rrdname, $timeframe, $cf) = @_;
617
618 my $rrddir = "/var/lib/rrdcached/db";
619
620 my $rrd = "$rrddir/$rrdname";
621
622 my $setup = {
623 hour => [ 60, 70 ],
624 day => [ 60*30, 70 ],
625 week => [ 60*180, 70 ],
626 month => [ 60*720, 70 ],
627 year => [ 60*10080, 70 ],
628 };
629
630 my ($reso, $count) = @{$setup->{$timeframe}};
631 my $ctime = $reso*int(time()/$reso);
632 my $req_start = $ctime - $reso*$count;
633
634 $cf = "AVERAGE" if !$cf;
635
636 my @args = (
637 "-s" => $req_start,
638 "-e" => $ctime - 1,
639 "-r" => $reso,
640 );
641
642 my $socket = "/var/run/rrdcached.sock";
643 push @args, "--daemon" => "unix:$socket" if -S $socket;
644
645 my ($start, $step, $names, $data) = RRDs::fetch($rrd, $cf, @args);
646
647 my $err = RRDs::error;
648 die "RRD error: $err\n" if $err;
649
650 die "got wrong time resolution ($step != $reso)\n"
651 if $step != $reso;
652
653 my $res = [];
654 my $fields = scalar(@$names);
655 for my $line (@$data) {
656 my $entry = { 'time' => $start };
657 $start += $step;
658 my $found_undefs;
659 for (my $i = 0; $i < $fields; $i++) {
660 my $name = $names->[$i];
661 if (defined(my $val = $line->[$i])) {
662 $entry->{$name} = $val;
663 } else {
664 # we only add entryies with all data defined
665 # extjs chart has problems with undefined values
666 $found_undefs = 1;
667 }
668 }
669 push @$res, $entry if !$found_undefs;
670 }
671
672 return $res;
673}
674
675sub create_rrd_graph {
676 my ($rrdname, $timeframe, $ds, $cf) = @_;
677
678 # Using RRD graph is clumsy - maybe it
679 # is better to simply fetch the data, and do all display
680 # related things with javascript (new extjs html5 graph library).
681
682 my $rrddir = "/var/lib/rrdcached/db";
683
684 my $rrd = "$rrddir/$rrdname";
685
31938ad4
DM		 686 my @ids = PVE::Tools::split_list($ds);
687
688 my $ds_txt = join('_', @ids);
689
690 my $filename = "${rrd}_${ds_txt}.png";
fe000966
DM		 691
692 my $setup = {
693 hour => [ 60, 60 ],
694 day => [ 60*30, 70 ],
695 week => [ 60*180, 70 ],
696 month => [ 60*720, 70 ],
697 year => [ 60*10080, 70 ],
698 };
699
700 my ($reso, $count) = @{$setup->{$timeframe}};
701
702 my @args = (
703 "--imgformat" => "PNG",
704 "--border" => 0,
705 "--height" => 200,
706 "--width" => 800,
707 "--start" => - $reso*$count,
708 "--end" => 'now' ,
709 );
710
711 my $socket = "/var/run/rrdcached.sock";
712 push @args, "--daemon" => "unix:$socket" if -S $socket;
713
fe000966
DM		 714 my @coldef = ('#00ddff', '#ff0000');
715
716 $cf = "AVERAGE" if !$cf;
717
718 my $i = 0;
719 foreach my $id (@ids) {
720 my $col = $coldef[$i++] || die "fixme: no color definition";
721 push @args, "DEF:${id}=$rrd:${id}:$cf";
722 my $dataid = $id;
723 if ($id eq 'cpu' || $id eq 'iowait') {
724 push @args, "CDEF:${id}_per=${id},100,*";
725 $dataid = "${id}_per";
726 }
727 push @args, "LINE2:${dataid}${col}:${id}";
728 }
729
a665376e
DM		 730 push @args, '--full-size-mode';
731
31938ad4 732 # we do not really store data into the file
b871db9c 733 my $res = RRDs::graphv('', @args);
fe000966
DM		 734
735 my $err = RRDs::error;
736 die "RRD error: $err\n" if $err;
737
31938ad4 738 return { filename => $filename, image => $res->{image} };
fe000966
DM		 739}
740
741# a fast way to read files (avoid fuse overhead)
742sub get_config {
743 my ($path) = @_;
744
d3a92ba7 745 return &$ipcc_get_config($path);
fe000966
DM		 746}
747
748sub get_cluster_log {
749 my ($user, $max) = @_;
750
751 return &$ipcc_get_cluster_log($user, $max);
752}
753
754my $file_info = {};
755
756sub cfs_register_file {
757 my ($filename, $parser, $writer) = @_;
758
759 $observed->{$filename} || die "unknown file '$filename'";
760
761 die "file '$filename' already registered" if $file_info->{$filename};
762
763 $file_info->{$filename} = {
764 parser => $parser,
765 writer => $writer,
766 };
767}
768
769my $ccache_read = sub {
770 my ($filename, $parser, $version) = @_;
771
772 $ccache->{$filename} = {} if !$ccache->{$filename};
773
774 my $ci = $ccache->{$filename};
775
d3a92ba7
DM		 776 if (!$ci->{version} || !$version || $ci->{version} != $version) {
777 # we always call the parser, even when the file does not exists
778 # (in that case $data is undef)
fe000966 779 my $data = get_config($filename);
fe000966
DM		 780 $ci->{data} = &$parser("/etc/pve/$filename", $data);
781 $ci->{version} = $version;
782 }
783
784 my $res = ref($ci->{data}) ? dclone($ci->{data}) : $ci->{data};
785
786 return $res;
787};
788
789sub cfs_file_version {
790 my ($filename) = @_;
791
792 my $version;
793 my $infotag;
f71eee41
DM		 794 if ($filename =~ m!^nodes/[^/]+/(openvz|qemu-server)/(\d+)\.conf$!) {
795 my ($type, $vmid) = ($1, $2);
fe000966
DM		 796 if ($vmlist && $vmlist->{ids} && $vmlist->{ids}->{$vmid}) {
797 $version = $vmlist->{ids}->{$vmid}->{version};
798 }
f71eee41 799 $infotag = "/$type/";
7f66b436
DM		 800 } elsif ($filename =~ m!^nodes/[^/]+/lxc/(\d+)/config$!) {
801 my $vmid = $1;
802 if ($vmlist && $vmlist->{ids} && $vmlist->{ids}->{$vmid}) {
803 $version = $vmlist->{ids}->{$vmid}->{version};
804 }
805 $infotag = "/lxc/";
fe000966
DM		 806 } else {
807 $infotag = $filename;
808 $version = $versions->{$filename};
809 }
810
811 my $info = $file_info->{$infotag} ||
812 die "unknown file type '$filename'\n";
813
814 return wantarray ? ($version, $info) : $version;
815}
816
817sub cfs_read_file {
818 my ($filename) = @_;
819
820 my ($version, $info) = cfs_file_version($filename);
821 my $parser = $info->{parser};
822
823 return &$ccache_read($filename, $parser, $version);
824}
825
826sub cfs_write_file {
827 my ($filename, $data) = @_;
828
adb84d35 829 my ($version, $info) = cfs_file_version($filename);
fe000966
DM		 830
831 my $writer = $info->{writer} || die "no writer defined";
832
833 my $fsname = "/etc/pve/$filename";
834
835 my $raw = &$writer($fsname, $data);
836
837 if (my $ci = $ccache->{$filename}) {
838 $ci->{version} = undef;
839 }
840
841 PVE::Tools::file_set_contents($fsname, $raw);
842}
843
844my $cfs_lock = sub {
845 my ($lockid, $timeout, $code, @param) = @_;
846
847 my $res;
848
849 # this timeout is for aquire the lock
850 $timeout = 10 if !$timeout;
851
852 my $filename = "$lockdir/$lockid";
853
854 my $msg = "can't aquire cfs lock '$lockid'";
855
856 eval {
857
858 mkdir $lockdir;
859
860 if (! -d $lockdir) {
861 die "$msg: pve cluster filesystem not online.\n";
862 }
863
864 local $SIG{ALRM} = sub { die "got lock request timeout\n"; };
865
866 alarm ($timeout);
867
868 if (!(mkdir $filename)) {
869 print STDERR "trying to aquire cfs lock '$lockid' ...";
870 while (1) {
871 if (!(mkdir $filename)) {
872 (utime 0, 0, $filename); # cfs unlock request
873 } else {
874 print STDERR " OK\n";
875 last;
876 }
877 sleep(1);
878 }
879 }
880
881 # fixed command timeout: cfs locks have a timeout of 120
882 # using 60 gives us another 60 seconds to abort the task
883 alarm(60);
884 local $SIG{ALRM} = sub { die "got lock timeout - aborting command\n"; };
885
9c206b2b
DM		 886 cfs_update(); # make sure we read latest versions inside code()
887
fe000966
DM		 888 $res = &$code(@param);
889
890 alarm(0);
891 };
892
893 my $err = $@;
894
895 alarm(0);
896
897 if ($err && ($err eq "got lock request timeout\n") &&
898 !check_cfs_quorum()){
899 $err = "$msg: no quorum!\n";
900 }
901
902 if (!$err || $err !~ /^got lock timeout -/) {
903 rmdir $filename; # cfs unlock
904 }
905
906 if ($err) {
907 $@ = $err;
908 return undef;
909 }
910
911 $@ = undef;
912
913 return $res;
914};
915
916sub cfs_lock_file {
917 my ($filename, $timeout, $code, @param) = @_;
918
919 my $info = $observed->{$filename} || die "unknown file '$filename'";
920
921 my $lockid = "file-$filename";
922 $lockid =~ s/[.\/]/_/g;
923
924 &$cfs_lock($lockid, $timeout, $code, @param);
925}
926
927sub cfs_lock_storage {
928 my ($storeid, $timeout, $code, @param) = @_;
929
930 my $lockid = "storage-$storeid";
931
932 &$cfs_lock($lockid, $timeout, $code, @param);
933}
934
935my $log_levels = {
936 "emerg" => 0,
937 "alert" => 1,
938 "crit" => 2,
939 "critical" => 2,
940 "err" => 3,
941 "error" => 3,
942 "warn" => 4,
943 "warning" => 4,
944 "notice" => 5,
945 "info" => 6,
946 "debug" => 7,
947};
948
949sub log_msg {
950 my ($priority, $ident, $msg) = @_;
951
952 if (my $tmp = $log_levels->{$priority}) {
953 $priority = $tmp;
954 }
955
956 die "need numeric log priority" if $priority !~ /^\d+$/;
957
958 my $tag = PVE::SafeSyslog::tag();
959
960 $msg = "empty message" if !$msg;
961
962 $ident = "" if !$ident;
963 $ident = encode("ascii", decode_utf8($ident),
964 sub { sprintf "\\u%04x", shift });
965
966 my $utf8 = decode_utf8($msg);
967
968 my $ascii = encode("ascii", $utf8, sub { sprintf "\\u%04x", shift });
969
970 if ($ident) {
971 syslog($priority, "<%s> %s", $ident, $ascii);
972 } else {
973 syslog($priority, "%s", $ascii);
974 }
975
976 eval { &$ipcc_log($priority, $ident, $tag, $ascii); };
977
978 syslog("err", "writing cluster log failed: $@") if $@;
979}
980
9d76a1bb
DM		 981sub check_vmid_unused {
982 my ($vmid, $noerr) = @_;
983
984 my $vmlist = get_vmlist();
985
986 my $d = $vmlist->{ids}->{$vmid};
987 return 1 if !defined($d);
988
989 return undef if $noerr;
990
991 die "VM $vmid already exists\n" if $d->{type} eq 'qemu';
992
993 die "CT $vmid already exists\n";
994}
995
65ff467f
DM		 996sub check_node_exists {
997 my ($nodename, $noerr) = @_;
998
999 my $nodelist = $clinfo->{nodelist};
1000 return 1 if $nodelist && $nodelist->{$nodename};
1001
1002 return undef if $noerr;
1003
1004 die "no such cluster node '$nodename'\n";
1005}
1006
fe000966
DM		 1007# this is also used to get the IP of the local node
1008sub remote_node_ip {
1009 my ($nodename, $noerr) = @_;
1010
1011 my $nodelist = $clinfo->{nodelist};
1012 if ($nodelist && $nodelist->{$nodename}) {
1013 if (my $ip = $nodelist->{$nodename}->{ip}) {
fc31f517
WB		 1014 return $ip if !wantarray;
1015 my $family = $nodelist->{$nodename}->{address_family};
1016 if (!$family) {
1017 $nodelist->{$nodename}->{address_family} =
1018 $family =
1019 PVE::Tools::get_host_address_family($ip);
1020 }
1021 return ($ip, $family);
fe000966
DM		 1022 }
1023 }
1024
1025 # fallback: try to get IP by other means
5720a852 1026 my ($family, $packed_ip);
fe000966 1027
5720a852
WB		 1028 eval {
1029 my @res = PVE::Tools::getaddrinfo_all($nodename);
1030 $family = $res[0]->{family};
1031 $packed_ip = (PVE::Tools::unpack_sockaddr_in46($res[0]->{addr}))[2];
1032 };
fe000966 1033
5720a852
WB		 1034 if ($@) {
1035 die "hostname lookup failed:\n$@" if !$noerr;
1036 return undef;
fe000966
DM		 1037 }
1038
5720a852
WB		 1039 my $ip = Socket::inet_ntop($family, $packed_ip);
1040 if ($ip =~ m/^127\.|^::1$/) {
1041 die "hostname lookup failed - got local IP address ($nodename = $ip)\n" if !$noerr;
1042 return undef;
1043 }
fe000966 1044
5720a852 1045 return wantarray ? ($ip, $family) : $ip;
fe000966
DM		 1046}
1047
1048# ssh related utility functions
1049
1050sub ssh_merge_keys {
1051 # remove duplicate keys in $sshauthkeys
1052 # ssh-copy-id simply add keys, so the file can grow to large
1053
1054 my $data = '';
1055 if (-f $sshauthkeys) {
1056 $data = PVE::Tools::file_get_contents($sshauthkeys, 128*1024);
1057 chomp($data);
1058 }
1059
6056578e
DM		 1060 my $found_backup;
1061 if (-f $rootsshauthkeysbackup) {
404343d7 1062 $data .= "\n";
6056578e
DM		 1063 $data .= PVE::Tools::file_get_contents($rootsshauthkeysbackup, 128*1024);
1064 chomp($data);
1065 $found_backup = 1;
1066 }
1067
fe000966
DM		 1068 # always add ourself
1069 if (-f $ssh_rsa_id) {
1070 my $pub = PVE::Tools::file_get_contents($ssh_rsa_id);
1071 chomp($pub);
1072 $data .= "\n$pub\n";
1073 }
1074
1075 my $newdata = "";
1076 my $vhash = {};
2055b0a9
DM		 1077 my @lines = split(/\n/, $data);
1078 foreach my $line (@lines) {
7eb37d8d
SP		 1079 if ($line !~ /^#/ && $line =~ m/(^|\s)ssh-(rsa|dsa)\s+(\S+)\s+\S+$/) {
1080 next if $vhash->{$3}++;
fe000966 1081 }
2055b0a9 1082 $newdata .= "$line\n";
fe000966 1083 }
fe000966
DM		 1084
1085 PVE::Tools::file_set_contents($sshauthkeys, $newdata, 0600);
6056578e
DM		 1086
1087 if ($found_backup && -l $rootsshauthkeys) {
1088 # everything went well, so we can remove the backup
1089 unlink $rootsshauthkeysbackup;
1090 }
fe000966
DM		 1091}
1092
ac50b36d
DM		 1093sub setup_sshd_config {
1094
1095 my $conf = PVE::Tools::file_get_contents($sshd_config_fn);
1096
1097 return if $conf =~ m/^PermitRootLogin\s+yes\s*$/m;
1098
1099 if ($conf !~ s/^#?PermitRootLogin.*$/PermitRootLogin yes/m) {
1100 chomp $conf;
1101 $conf .= "\nPermitRootLogin yes\n";
1102 }
1103
1104 PVE::Tools::file_set_contents($sshd_config_fn, $conf);
1105
1106 PVE::Tools::run_command(['systemctl', 'reload-or-restart', 'sshd']);
1107}
1108
f666cdde
SP		 1109sub setup_rootsshconfig {
1110
39df71df
DM		 1111 # create ssh key if it does not exist
1112 if (! -f $ssh_rsa_id) {
1113 mkdir '/root/.ssh/';
1114 system ("echo|ssh-keygen -t rsa -N '' -b 2048 -f ${ssh_rsa_id_priv}");
1115 }
1116
f666cdde
SP		 1117 # create ssh config if it does not exist
1118 if (! -f $rootsshconfig) {
9aabc24b
DM		 1119 mkdir '/root/.ssh';
1120 if (my $fh = IO::File->new($rootsshconfig, O_CREAT|O_WRONLY|O_EXCL, 0640)) {
f666cdde 1121 # this is the default ciphers list from debian openssl0.9.8 except blowfish is added as prefered
9aabc24b 1122 print $fh "Ciphers blowfish-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc\n";
f666cdde
SP		 1123 close($fh);
1124 }
1125 }
1126}
1127
fe000966
DM		 1128sub setup_ssh_keys {
1129
fe000966
DM		 1130 mkdir $authdir;
1131
6056578e
DM		 1132 my $import_ok;
1133
fe000966 1134 if (! -f $sshauthkeys) {
6056578e
DM		 1135 my $old;
1136 if (-f $rootsshauthkeys) {
1137 $old = PVE::Tools::file_get_contents($rootsshauthkeys, 128*1024);
1138 }
fe000966 1139 if (my $fh = IO::File->new ($sshauthkeys, O_CREAT|O_WRONLY|O_EXCL, 0400)) {
6056578e 1140 PVE::Tools::safe_print($sshauthkeys, $fh, $old) if $old;
fe000966 1141 close($fh);
6056578e 1142 $import_ok = 1;
fe000966
DM		 1143 }
1144 }
1145
1146 warn "can't create shared ssh key database '$sshauthkeys'\n"
1147 if ! -f $sshauthkeys;
1148
404343d7 1149 if (-f $rootsshauthkeys && ! -l $rootsshauthkeys) {
6056578e
DM		 1150 if (!rename($rootsshauthkeys , $rootsshauthkeysbackup)) {
1151 warn "rename $rootsshauthkeys failed - $!\n";
1152 }
fe000966
DM		 1153 }
1154
1155 if (! -l $rootsshauthkeys) {
1156 symlink $sshauthkeys, $rootsshauthkeys;
1157 }
fe000966 1158
6056578e
DM		 1159 if (! -l $rootsshauthkeys) {
1160 warn "can't create symlink for ssh keys '$rootsshauthkeys' -> '$sshauthkeys'\n";
1161 } else {
1162 unlink $rootsshauthkeysbackup if $import_ok;
1163 }
fe000966
DM		 1164}
1165
1166sub ssh_unmerge_known_hosts {
1167 return if ! -l $sshglobalknownhosts;
1168
1169 my $old = '';
1170 $old = PVE::Tools::file_get_contents($sshknownhosts, 128*1024)
1171 if -f $sshknownhosts;
1172
1173 PVE::Tools::file_set_contents($sshglobalknownhosts, $old);
1174}
1175
1176sub ssh_merge_known_hosts {
1177 my ($nodename, $ip_address, $createLink) = @_;
1178
1179 die "no node name specified" if !$nodename;
1180 die "no ip address specified" if !$ip_address;
1181
1182 mkdir $authdir;
1183
1184 if (! -f $sshknownhosts) {
1185 if (my $fh = IO::File->new($sshknownhosts, O_CREAT|O_WRONLY|O_EXCL, 0600)) {
1186 close($fh);
1187 }
1188 }
1189
1190 my $old = PVE::Tools::file_get_contents($sshknownhosts, 128*1024);
1191
1192 my $new = '';
1193
1194 if ((! -l $sshglobalknownhosts) && (-f $sshglobalknownhosts)) {
1195 $new = PVE::Tools::file_get_contents($sshglobalknownhosts, 128*1024);
1196 }
1197
1198 my $hostkey = PVE::Tools::file_get_contents($ssh_host_rsa_id);
1d182ad3
DM		 1199 # Note: file sometimes containe emty lines at start, so we use multiline match
1200 die "can't parse $ssh_host_rsa_id" if $hostkey !~ m/^(ssh-rsa\s\S+)(\s.*)?$/m;
fe000966
DM		 1201 $hostkey = $1;
1202
1203 my $data = '';
1204 my $vhash = {};
1205
1206 my $found_nodename;
1207 my $found_local_ip;
1208
1209 my $merge_line = sub {
1210 my ($line, $all) = @_;
1211
1212 if ($line =~ m/^(\S+)\s(ssh-rsa\s\S+)(\s.*)?$/) {
1213 my $key = $1;
1214 my $rsakey = $2;
1215 if (!$vhash->{$key}) {
1216 $vhash->{$key} = 1;
1217 if ($key =~ m/\|1\|([^\|\s]+)\|([^\|\s]+)$/) {
1218 my $salt = decode_base64($1);
1219 my $digest = $2;
1220 my $hmac = Digest::HMAC_SHA1->new($salt);
1221 $hmac->add($nodename);
1222 my $hd = $hmac->b64digest . '=';
1223 if ($digest eq $hd) {
1224 if ($rsakey eq $hostkey) {
1225 $found_nodename = 1;
1226 $data .= $line;
1227 }
1228 return;
1229 }
1230 $hmac = Digest::HMAC_SHA1->new($salt);
1231 $hmac->add($ip_address);
1232 $hd = $hmac->b64digest . '=';
1233 if ($digest eq $hd) {
1234 if ($rsakey eq $hostkey) {
1235 $found_local_ip = 1;
1236 $data .= $line;
1237 }
1238 return;
1239 }
1240 }
1241 $data .= $line;
1242 }
1243 } elsif ($all) {
1244 $data .= $line;
1245 }
1246 };
1247
1248 while ($old && $old =~ s/^((.*?)(\n|$))//) {
1249 my $line = "$2\n";
1250 next if $line =~ m/^\s*$/; # skip empty lines
1251 next if $line =~ m/^#/; # skip comments
1252 &$merge_line($line, 1);
1253 }
1254
1255 while ($new && $new =~ s/^((.*?)(\n|$))//) {
1256 my $line = "$2\n";
1257 next if $line =~ m/^\s*$/; # skip empty lines
1258 next if $line =~ m/^#/; # skip comments
1259 &$merge_line($line);
1260 }
1261
1262 my $addIndex = $$;
1263 my $add_known_hosts_entry = sub {
1264 my ($name, $hostkey) = @_;
1265 $addIndex++;
1266 my $hmac = Digest::HMAC_SHA1->new("$addIndex" . time());
1267 my $b64salt = $hmac->b64digest . '=';
1268 $hmac = Digest::HMAC_SHA1->new(decode_base64($b64salt));
1269 $hmac->add($name);
1270 my $digest = $hmac->b64digest . '=';
1271 $data .= "|1|$b64salt|$digest $hostkey\n";
1272 };
1273
1274 if (!$found_nodename || !$found_local_ip) {
1275 &$add_known_hosts_entry($nodename, $hostkey) if !$found_nodename;
1276 &$add_known_hosts_entry($ip_address, $hostkey) if !$found_local_ip;
1277 }
1278
1279 PVE::Tools::file_set_contents($sshknownhosts, $data);
1280
1281 return if !$createLink;
1282
1283 unlink $sshglobalknownhosts;
1284 symlink $sshknownhosts, $sshglobalknownhosts;
1285
1286 warn "can't create symlink for ssh known hosts '$sshglobalknownhosts' -> '$sshknownhosts'\n"
1287 if ! -l $sshglobalknownhosts;
1288
1289}
1290
fe000966
DM		 1291my $datacenter_schema = {
1292 type => "object",
1293 additionalProperties => 0,
1294 properties => {
1295 keyboard => {
1296 optional => 1,
1297 type => 'string',
1298 description => "Default keybord layout for vnc server.",
c59334cb 1299 enum => PVE::Tools::kvmkeymaplist(),
fe000966
DM		 1300 },
1301 language => {
1302 optional => 1,
1303 type => 'string',
1304 description => "Default GUI language.",
1305 enum => [ 'en', 'de' ],
1306 },
1307 http_proxy => {
1308 optional => 1,
1309 type => 'string',
1310 description => "Specify external http proxy which is used for downloads (example: 'http://username:password\@host:port/')",
1311 pattern => "http://.*",
1312 },
a9323ef0
SP		 1313 migration_unsecure => {
1314 optional => 1,
1315 type => 'boolean',
1316 description => "Migration is secure using SSH tunnel by default. For secure private networks you can disable it to speed up migration.",
1317 },
dce47328
DM		 1318 console => {
1319 optional => 1,
1320 type => 'string',
66a15f27
DM		 1321 description => "Select the default Console viewer. You can either use the builtin java applet (VNC), an external virt-viewer comtatible application (SPICE), or an HTML5 based viewer (noVNC).",
1322 enum => ['applet', 'vv', 'html5'],
dce47328 1323 },
8548bd87
SGE		 1324 email_from => {
1325 optional => 1,
1326 type => 'string',
a05baf53 1327 format => 'email-opt',
8548bd87
SGE		 1328 description => "Specify email address to send notification from (default is root@\$hostname)",
1329 },
fe000966
DM		 1330 },
1331};
1332
1333# make schema accessible from outside (for documentation)
1334sub get_datacenter_schema { return $datacenter_schema };
1335
1336sub parse_datacenter_config {
1337 my ($filename, $raw) = @_;
1338
1339 return PVE::JSONSchema::parse_config($datacenter_schema, $filename, $raw);
1340}
1341
1342sub write_datacenter_config {
1343 my ($filename, $cfg) = @_;
1344
1345 return PVE::JSONSchema::dump_config($datacenter_schema, $filename, $cfg);
1346}
1347
1348cfs_register_file('datacenter.cfg',
1349 \&parse_datacenter_config,
1350 \&write_datacenter_config);
ec48ec22 1351
cafc7309
DM		 1352# a very simply parser ...
1353sub parse_corosync_conf {
ec48ec22
DM		 1354 my ($filename, $raw) = @_;
1355
cafc7309 1356 return {} if !$raw;
ec48ec22 1357
440121dc 1358 my $digest = Digest::SHA::sha1_hex(defined($raw) ? $raw : '');
ec48ec22 1359
cafc7309
DM		 1360 $raw =~ s/#.*$//mg;
1361 $raw =~ s/\r?\n/ /g;
1362 $raw =~ s/\s+/ /g;
1363 $raw =~ s/^\s+//;
1364 $raw =~ s/\s*$//;
1365
cafc7309
DM		 1366 my @tokens = split(/\s/, $raw);
1367
1368 my $conf = { section => 'main', children => [] };
1d01c3f6 1369
cafc7309
DM		 1370 my $stack = [];
1371 my $section = $conf;
1372
1373 while (defined(my $token = shift @tokens)) {
1374 my $nexttok = $tokens[0];
1375
1376 if ($nexttok && ($nexttok eq '{')) {
1377 shift @tokens; # skip '{'
1378 my $new_section = {
1379 section => $token,
1380 children => [],
1381 };
1382 push @{$section->{children}}, $new_section;
1383 push @$stack, $section;
1384 $section = $new_section;
1385 next;
1d01c3f6 1386 }
1d01c3f6 1387
cafc7309
DM		 1388 if ($token eq '}') {
1389 $section = pop @$stack;
1390 die "parse error - uncexpected '}'\n" if !$section;
1391 next;
1392 }
1d01c3f6 1393
cafc7309
DM		 1394 my $key = $token;
1395 die "missing ':' after key '$key'\n" if ! ($key =~ s/:$//);
1396
1397 die "parse error - no value for '$key'\n" if !defined($nexttok);
1398 my $value = shift @tokens;
1d01c3f6 1399
cafc7309
DM		 1400 push @{$section->{children}}, { key => $key, value => $value };
1401 }
1d01c3f6 1402
cafc7309 1403 $conf->{digest} = $digest;
1d01c3f6 1404
cafc7309 1405 return $conf;
1d01c3f6
DM		 1406}
1407
cafc7309
DM		 1408my $dump_corosync_section;
1409$dump_corosync_section = sub {
1410 my ($section, $prefix) = @_;
1d01c3f6 1411
cafc7309
DM		 1412 my $raw = $prefix . $section->{section} . " {\n";
1413
1414 my @list = grep { defined($_->{key}) } @{$section->{children}};
1415 foreach my $child (sort {$a->{key} cmp $b->{key}} @list) {
1416 $raw .= $prefix . " $child->{key}: $child->{value}\n";
1d01c3f6 1417 }
cafc7309
DM		 1418
1419 @list = grep { defined($_->{section}) } @{$section->{children}};
1420 foreach my $child (sort {$a->{section} cmp $b->{section}} @list) {
1421 $raw .= &$dump_corosync_section($child, "$prefix ");
1d01c3f6
DM		 1422 }
1423
cafc7309
DM		 1424 $raw .= $prefix . "}\n\n";
1425
1426 return $raw;
1427
1428};
1d01c3f6 1429
cafc7309
DM		 1430sub write_corosync_conf {
1431 my ($filename, $conf) = @_;
ec48ec22 1432
cafc7309 1433 my $raw = '';
ec48ec22 1434
cafc7309
DM		 1435 my $prefix = '';
1436
1437 die "no main section" if $conf->{section} ne 'main';
ec48ec22 1438
cafc7309
DM		 1439 my @list = grep { defined($_->{key}) } @{$conf->{children}};
1440 foreach my $child (sort {$a->{key} cmp $b->{key}} @list) {
1441 $raw .= "$child->{key}: $child->{value}\n";
1d01c3f6
DM		 1442 }
1443
cafc7309
DM		 1444 @list = grep { defined($_->{section}) } @{$conf->{children}};
1445 foreach my $child (sort {$a->{section} cmp $b->{section}} @list) {
1446 $raw .= &$dump_corosync_section($child, $prefix);
1447 }
ec48ec22 1448
cafc7309 1449 return $raw;
ec48ec22
DM		 1450}
1451
cafc7309
DM		 1452sub corosync_conf_version {
1453 my ($conf, $noerr, $new_value) = @_;
1454
1455 foreach my $child (@{$conf->{children}}) {
1456 next if !defined($child->{section});
1457 if ($child->{section} eq 'totem') {
1458 foreach my $e (@{$child->{children}}) {
1459 next if !defined($e->{key});
1460 if ($e->{key} eq 'config_version') {
1461 if ($new_value) {
1462 $e->{value} = $new_value;
1463 return $new_value;
1464 } elsif (my $version = int($e->{value})) {
1465 return $version;
1466 }
1467 last;
1468 }
1469 }
ec48ec22 1470 }
ec48ec22 1471 }
cafc7309
DM		 1472
1473 return undef if $noerr;
ec48ec22 1474
cafc7309 1475 die "invalid corosync config - unable to read version\n";
ec48ec22
DM		 1476}
1477
cafc7309
DM		 1478# read only - use "rename corosync.conf.new corosync.conf" to write
1479PVE::Cluster::cfs_register_file('corosync.conf', \&parse_corosync_conf);
ec48ec22 1480# this is read/write
cafc7309
DM		 1481PVE::Cluster::cfs_register_file('corosync.conf.new', \&parse_corosync_conf,
1482 \&write_corosync_conf);
2c66fb58 1483
ac68281b 14841;
Cluster FS and Tools