]> git.proxmox.com Git - pve-cluster.git/blob - data/PVE/CLI/pvecm.pm
projects / pve-cluster.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
lock locally on cluster create and join
[pve-cluster.git] / data / PVE / CLI / pvecm.pm
1 package PVE::CLI::pvecm;
2
3 use strict;
4 use warnings;
5
6 use File::Path;
7 use File::Basename;
8 use PVE::Tools qw(run_command);
9 use PVE::Cluster;
10 use PVE::INotify;
11 use PVE::JSONSchema qw(get_standard_option);
12 use PVE::RPCEnvironment;
13 use PVE::CLIHandler;
14 use PVE::PTY;
15 use PVE::API2::ClusterConfig;
16 use PVE::Corosync;
17
18 use base qw(PVE::CLIHandler);
19
20 $ENV{HOME} = '/root'; # for ssh-copy-id
21
22 my $basedir = "/etc/pve";
23 my $clusterconf = "$basedir/corosync.conf";
24 my $libdir = "/var/lib/pve-cluster";
25 my $authfile = "/etc/corosync/authkey";
26
27
28 sub setup_environment {
29 PVE::RPCEnvironment->setup_default_cli_env();
30 }
31
32 __PACKAGE__->register_method ({
33 name => 'keygen',
34 path => 'keygen',
35 method => 'PUT',
36 description => "Generate new cryptographic key for corosync.",
37 parameters => {
38 additionalProperties => 0,
39 properties => {
40 filename => {
41 type => 'string',
42 description => "Output file name"
43 }
44 },
45 },
46 returns => { type => 'null' },
47
48 code => sub {
49 my ($param) = @_;
50
51 my $filename = $param->{filename};
52
53 # test EUID
54 $> == 0 || die "Error: Authorization key must be generated as root user.\n";
55 my $dirname = dirname($filename);
56
57 die "key file '$filename' already exists\n" if -e $filename;
58
59 File::Path::make_path($dirname) if $dirname;
60
61 run_command(['corosync-keygen', '-l', '-k', $filename]);
62
63 return undef;
64 }});
65
66 __PACKAGE__->register_method ({
67 name => 'add',
68 path => 'add',
69 method => 'PUT',
70 description => "Adds the current node to an existing cluster.",
71 parameters => {
72 additionalProperties => 0,
73 properties => {
74 hostname => {
75 type => 'string',
76 description => "Hostname (or IP) of an existing cluster member."
77 },
78 nodeid => get_standard_option('corosync-nodeid'),
79 votes => {
80 type => 'integer',
81 description => "Number of votes for this node",
82 minimum => 0,
83 optional => 1,
84 },
85 force => {
86 type => 'boolean',
87 description => "Do not throw error if node already exists.",
88 optional => 1,
89 },
90 ring0_addr => get_standard_option('corosync-ring0-addr'),
91 ring1_addr => get_standard_option('corosync-ring1-addr'),
92 fingerprint => get_standard_option('fingerprint-sha256', {
93 optional => 1,
94 }),
95 'use_ssh' => {
96 type => 'boolean',
97 description => "Always use SSH to join, even if peer may do it over API.",
98 optional => 1,
99 },
100 },
101 },
102 returns => { type => 'null' },
103
104 code => sub {
105 my ($param) = @_;
106
107 my $nodename = PVE::INotify::nodename();
108
109 my $host = $param->{hostname};
110
111 PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
112
113 if (!$param->{use_ssh}) {
114 print "Please enter superuser (root) password for '$host':\n";
115 my $password = PVE::PTY::read_password("Password for root\@$host: ");
116
117 delete $param->{use_ssh};
118 $param->{password} = $password;
119
120 my $local_cluster_lock = "/var/lock/pvecm.lock";
121 PVE::Tools::lock_file($local_cluster_lock, 10, \&PVE::Cluster::join, $param);
122
123 if (my $err = $@) {
124 if (ref($err) eq 'PVE::APIClient::Exception' && $err->{code} == 501) {
125 $err = "Remote side is not able to use API for Cluster join!\n" .
126 "Pass the 'use_ssh' switch or update the remote side.\n";
127 }
128 die $err;
129 }
130 return; # all OK, the API join endpoint successfully set us up
131 }
132
133 # allow fallback to old ssh only join if wished or needed
134
135 PVE::Cluster::setup_sshd_config();
136 PVE::Cluster::setup_rootsshconfig();
137 PVE::Cluster::setup_ssh_keys();
138
139 # make sure known_hosts is on local filesystem
140 PVE::Cluster::ssh_unmerge_known_hosts();
141
142 my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"];
143 run_command($cmd, 'outfunc' => sub {}, 'errfunc' => sub {},
144 'errmsg' => "unable to copy ssh ID");
145
146 $cmd = ['ssh', $host, '-o', 'BatchMode=yes',
147 'pvecm', 'addnode', $nodename, '--force', 1];
148
149 push @$cmd, '--nodeid', $param->{nodeid} if $param->{nodeid};
150 push @$cmd, '--votes', $param->{votes} if defined($param->{votes});
151 push @$cmd, '--ring0_addr', $param->{ring0_addr} if defined($param->{ring0_addr});
152 push @$cmd, '--ring1_addr', $param->{ring1_addr} if defined($param->{ring1_addr});
153
154 if (system (@$cmd) != 0) {
155 my $cmdtxt = join (' ', @$cmd);
156 die "unable to add node: command failed ($cmdtxt)\n";
157 }
158
159 my $tmpdir = "$libdir/.pvecm_add.tmp.$$";
160 mkdir $tmpdir;
161
162 eval {
163 print "copy corosync auth key\n";
164 $cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq',
165 "[$host]:$authfile $clusterconf", $tmpdir];
166
167 system(@$cmd) == 0 || die "can't rsync data from host '$host'\n";
168
169 my $corosync_conf = PVE::Tools::file_get_contents("$tmpdir/corosync.conf");
170 my $corosync_authkey = PVE::Tools::file_get_contents("$tmpdir/authkey");
171
172 PVE::Cluster::finish_join($host, $corosync_conf, $corosync_authkey);
173 };
174 my $err = $@;
175
176 rmtree $tmpdir;
177
178 die $err if $err;
179
180 return undef;
181 }});
182
183 __PACKAGE__->register_method ({
184 name => 'status',
185 path => 'status',
186 method => 'GET',
187 description => "Displays the local view of the cluster status.",
188 parameters => {
189 additionalProperties => 0,
190 properties => {},
191 },
192 returns => { type => 'null' },
193
194 code => sub {
195 my ($param) = @_;
196
197 PVE::Corosync::check_conf_exists();
198
199 my $cmd = ['corosync-quorumtool', '-siH'];
200
201 exec (@$cmd);
202
203 exit (-1); # should not be reached
204 }});
205
206 __PACKAGE__->register_method ({
207 name => 'nodes',
208 path => 'nodes',
209 method => 'GET',
210 description => "Displays the local view of the cluster nodes.",
211 parameters => {
212 additionalProperties => 0,
213 properties => {},
214 },
215 returns => { type => 'null' },
216
217 code => sub {
218 my ($param) = @_;
219
220 PVE::Corosync::check_conf_exists();
221
222 my $cmd = ['corosync-quorumtool', '-l'];
223
224 exec (@$cmd);
225
226 exit (-1); # should not be reached
227 }});
228
229 __PACKAGE__->register_method ({
230 name => 'expected',
231 path => 'expected',
232 method => 'PUT',
233 description => "Tells corosync a new value of expected votes.",
234 parameters => {
235 additionalProperties => 0,
236 properties => {
237 expected => {
238 type => 'integer',
239 description => "Expected votes",
240 minimum => 1,
241 },
242 },
243 },
244 returns => { type => 'null' },
245
246 code => sub {
247 my ($param) = @_;
248
249 PVE::Corosync::check_conf_exists();
250
251 my $cmd = ['corosync-quorumtool', '-e', $param->{expected}];
252
253 exec (@$cmd);
254
255 exit (-1); # should not be reached
256
257 }});
258
259 __PACKAGE__->register_method ({
260 name => 'updatecerts',
261 path => 'updatecerts',
262 method => 'PUT',
263 description => "Update node certificates (and generate all needed files/directories).",
264 parameters => {
265 additionalProperties => 0,
266 properties => {
267 force => {
268 description => "Force generation of new SSL certifate.",
269 type => 'boolean',
270 optional => 1,
271 },
272 silent => {
273 description => "Ignore errors (i.e. when cluster has no quorum).",
274 type => 'boolean',
275 optional => 1,
276 },
277 },
278 },
279 returns => { type => 'null' },
280 code => sub {
281 my ($param) = @_;
282
283 PVE::Cluster::setup_rootsshconfig();
284
285 PVE::Cluster::gen_pve_vzdump_symlink();
286
287 if (!PVE::Cluster::check_cfs_quorum(1)) {
288 return undef if $param->{silent};
289 die "no quorum - unable to update files\n";
290 }
291
292 PVE::Cluster::setup_ssh_keys();
293
294 my $nodename = PVE::INotify::nodename();
295
296 my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);
297
298 PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $param->{force});
299 PVE::Cluster::ssh_merge_keys();
300 PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address);
301 PVE::Cluster::gen_pve_vzdump_files();
302
303 return undef;
304 }});
305
306 __PACKAGE__->register_method ({
307 name => 'mtunnel',
308 path => 'mtunnel',
309 method => 'POST',
310 description => "Used by VM/CT migration - do not use manually.",
311 parameters => {
312 additionalProperties => 0,
313 properties => {
314 get_migration_ip => {
315 type => 'boolean',
316 default => 0,
317 description => 'return the migration IP, if configured',
318 optional => 1,
319 },
320 migration_network => {
321 type => 'string',
322 format => 'CIDR',
323 description => 'the migration network used to detect the local migration IP',
324 optional => 1,
325 },
326 'run-command' => {
327 type => 'boolean',
328 description => 'Run a command with a tcp socket as standard input.'
329 .' The IP address and port are printed via this'
330 ." command's stdandard output first, each on a separate line.",
331 optional => 1,
332 },
333 'extra-args' => PVE::JSONSchema::get_standard_option('extra-args'),
334 },
335 },
336 returns => { type => 'null'},
337 code => sub {
338 my ($param) = @_;
339
340 if (!PVE::Cluster::check_cfs_quorum(1)) {
341 print "no quorum\n";
342 return undef;
343 }
344
345 my $network = $param->{migration_network};
346 if ($param->{get_migration_ip}) {
347 die "cannot use --run-command with --get_migration_ip\n"
348 if $param->{'run-command'};
349 if (my $ip = PVE::Cluster::get_local_migration_ip($network)) {
350 print "ip: '$ip'\n";
351 } else {
352 print "no ip\n";
353 }
354 # do not keep tunnel open when asked for migration ip
355 return undef;
356 }
357
358 if ($param->{'run-command'}) {
359 my $cmd = $param->{'extra-args'};
360 die "missing command\n"
361 if !$cmd || !scalar(@$cmd);
362
363 # Get an ip address to listen on, and find a free migration port
364 my ($ip, $family);
365 if (defined($network)) {
366 $ip = PVE::Cluster::get_local_migration_ip($network)
367 or die "failed to get migration IP address to listen on\n";
368 $family = PVE::Tools::get_host_address_family($ip);
369 } else {
370 my $nodename = PVE::INotify::nodename();
371 ($ip, $family) = PVE::Network::get_ip_from_hostname($nodename, 0);
372 }
373 my $port = PVE::Tools::next_migrate_port($family, $ip);
374
375 PVE::Tools::pipe_socket_to_command($cmd, $ip, $port);
376 return undef;
377 }
378
379 print "tunnel online\n";
380 *STDOUT->flush();
381
382 while (my $line = <STDIN>) {
383 chomp $line;
384 last if $line =~ m/^quit$/;
385 }
386
387 return undef;
388 }});
389
390
391 our $cmddef = {
392 keygen => [ __PACKAGE__, 'keygen', ['filename']],
393 create => [ 'PVE::API2::ClusterConfig', 'create', ['clustername']],
394 add => [ __PACKAGE__, 'add', ['hostname']],
395 addnode => [ 'PVE::API2::ClusterConfig', 'addnode', ['node']],
396 delnode => [ 'PVE::API2::ClusterConfig', 'delnode', ['node']],
397 status => [ __PACKAGE__, 'status' ],
398 nodes => [ __PACKAGE__, 'nodes' ],
399 expected => [ __PACKAGE__, 'expected', ['expected']],
400 updatecerts => [ __PACKAGE__, 'updatecerts', []],
401 mtunnel => [ __PACKAGE__, 'mtunnel', ['extra-args']],
402 };
403
404 1;
Cluster FS and Tools