]>
git.proxmox.com Git - pve-cluster.git/blob - data/PVE/CLI/pvecm.pm
1 package PVE
::CLI
::pvecm
;
8 use PVE
::Tools
qw(run_command);
11 use PVE
::JSONSchema
qw(get_standard_option);
12 use PVE
::RPCEnvironment
;
15 use PVE
::API2
::ClusterConfig
;
18 use base
qw(PVE::CLIHandler);
20 $ENV{HOME
} = '/root'; # for ssh-copy-id
22 my $basedir = "/etc/pve";
23 my $clusterconf = "$basedir/corosync.conf";
24 my $libdir = "/var/lib/pve-cluster";
25 my $authfile = "/etc/corosync/authkey";
28 sub setup_environment
{
29 PVE
::RPCEnvironment-
>setup_default_cli_env();
32 __PACKAGE__-
>register_method ({
36 description
=> "Generate new cryptographic key for corosync.",
38 additionalProperties
=> 0,
42 description
=> "Output file name"
46 returns
=> { type
=> 'null' },
51 my $filename = $param->{filename
};
54 $> == 0 || die "Error: Authorization key must be generated as root user.\n";
55 my $dirname = dirname
($filename);
57 die "key file '$filename' already exists\n" if -e
$filename;
59 File
::Path
::make_path
($dirname) if $dirname;
61 run_command
(['corosync-keygen', '-l', '-k', $filename]);
66 __PACKAGE__-
>register_method ({
70 description
=> "Adds the current node to an existing cluster.",
72 additionalProperties
=> 0,
76 description
=> "Hostname (or IP) of an existing cluster member."
78 nodeid
=> get_standard_option
('corosync-nodeid'),
81 description
=> "Number of votes for this node",
87 description
=> "Do not throw error if node already exists.",
90 ring0_addr
=> get_standard_option
('corosync-ring0-addr'),
91 ring1_addr
=> get_standard_option
('corosync-ring1-addr'),
92 fingerprint
=> get_standard_option
('fingerprint-sha256', {
97 description
=> "Always use SSH to join, even if peer may do it over API.",
102 returns
=> { type
=> 'null' },
107 my $nodename = PVE
::INotify
::nodename
();
109 my $host = $param->{hostname
};
111 PVE
::Cluster
::assert_joinable
($param->{ring0_addr
}, $param->{ring1_addr
}, $param->{force
});
113 if (!$param->{use_ssh
}) {
114 print "Please enter superuser (root) password for '$host':\n";
115 my $password = PVE
::PTY
::read_password
("Password for root\@$host: ");
117 delete $param->{use_ssh
};
118 $param->{password
} = $password;
120 my $local_cluster_lock = "/var/lock/pvecm.lock";
121 PVE
::Tools
::lock_file
($local_cluster_lock, 10, \
&PVE
::Cluster
::join, $param);
124 if (ref($err) eq 'PVE::APIClient::Exception' && $err->{code
} == 501) {
125 $err = "Remote side is not able to use API for Cluster join!\n" .
126 "Pass the 'use_ssh' switch or update the remote side.\n";
130 return; # all OK, the API join endpoint successfully set us up
133 # allow fallback to old ssh only join if wished or needed
135 PVE
::Cluster
::setup_sshd_config
();
136 PVE
::Cluster
::setup_rootsshconfig
();
137 PVE
::Cluster
::setup_ssh_keys
();
139 # make sure known_hosts is on local filesystem
140 PVE
::Cluster
::ssh_unmerge_known_hosts
();
142 my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"];
143 run_command
($cmd, 'outfunc' => sub {}, 'errfunc' => sub {},
144 'errmsg' => "unable to copy ssh ID");
146 $cmd = ['ssh', $host, '-o', 'BatchMode=yes',
147 'pvecm', 'addnode', $nodename, '--force', 1];
149 push @$cmd, '--nodeid', $param->{nodeid
} if $param->{nodeid
};
150 push @$cmd, '--votes', $param->{votes
} if defined($param->{votes
});
151 push @$cmd, '--ring0_addr', $param->{ring0_addr
} if defined($param->{ring0_addr
});
152 push @$cmd, '--ring1_addr', $param->{ring1_addr
} if defined($param->{ring1_addr
});
154 if (system (@$cmd) != 0) {
155 my $cmdtxt = join (' ', @$cmd);
156 die "unable to add node: command failed ($cmdtxt)\n";
159 my $tmpdir = "$libdir/.pvecm_add.tmp.$$";
163 print "copy corosync auth key\n";
164 $cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq',
165 "[$host]:$authfile $clusterconf", $tmpdir];
167 system(@$cmd) == 0 || die "can't rsync data from host '$host'\n";
169 my $corosync_conf = PVE
::Tools
::file_get_contents
("$tmpdir/corosync.conf");
170 my $corosync_authkey = PVE
::Tools
::file_get_contents
("$tmpdir/authkey");
172 PVE
::Cluster
::finish_join
($host, $corosync_conf, $corosync_authkey);
183 __PACKAGE__-
>register_method ({
187 description
=> "Displays the local view of the cluster status.",
189 additionalProperties
=> 0,
192 returns
=> { type
=> 'null' },
197 PVE
::Corosync
::check_conf_exists
();
199 my $cmd = ['corosync-quorumtool', '-siH'];
203 exit (-1); # should not be reached
206 __PACKAGE__-
>register_method ({
210 description
=> "Displays the local view of the cluster nodes.",
212 additionalProperties
=> 0,
215 returns
=> { type
=> 'null' },
220 PVE
::Corosync
::check_conf_exists
();
222 my $cmd = ['corosync-quorumtool', '-l'];
226 exit (-1); # should not be reached
229 __PACKAGE__-
>register_method ({
233 description
=> "Tells corosync a new value of expected votes.",
235 additionalProperties
=> 0,
239 description
=> "Expected votes",
244 returns
=> { type
=> 'null' },
249 PVE
::Corosync
::check_conf_exists
();
251 my $cmd = ['corosync-quorumtool', '-e', $param->{expected
}];
255 exit (-1); # should not be reached
259 __PACKAGE__-
>register_method ({
260 name
=> 'updatecerts',
261 path
=> 'updatecerts',
263 description
=> "Update node certificates (and generate all needed files/directories).",
265 additionalProperties
=> 0,
268 description
=> "Force generation of new SSL certifate.",
273 description
=> "Ignore errors (i.e. when cluster has no quorum).",
279 returns
=> { type
=> 'null' },
283 PVE
::Cluster
::setup_rootsshconfig
();
285 PVE
::Cluster
::gen_pve_vzdump_symlink
();
287 if (!PVE
::Cluster
::check_cfs_quorum
(1)) {
288 return undef if $param->{silent
};
289 die "no quorum - unable to update files\n";
292 PVE
::Cluster
::setup_ssh_keys
();
294 my $nodename = PVE
::INotify
::nodename
();
296 my $local_ip_address = PVE
::Cluster
::remote_node_ip
($nodename);
298 PVE
::Cluster
::gen_pve_node_files
($nodename, $local_ip_address, $param->{force
});
299 PVE
::Cluster
::ssh_merge_keys
();
300 PVE
::Cluster
::ssh_merge_known_hosts
($nodename, $local_ip_address);
301 PVE
::Cluster
::gen_pve_vzdump_files
();
306 __PACKAGE__-
>register_method ({
310 description
=> "Used by VM/CT migration - do not use manually.",
312 additionalProperties
=> 0,
314 get_migration_ip
=> {
317 description
=> 'return the migration IP, if configured',
320 migration_network
=> {
323 description
=> 'the migration network used to detect the local migration IP',
328 description
=> 'Run a command with a tcp socket as standard input.'
329 .' The IP address and port are printed via this'
330 ." command's stdandard output first, each on a separate line.",
333 'extra-args' => PVE
::JSONSchema
::get_standard_option
('extra-args'),
336 returns
=> { type
=> 'null'},
340 if (!PVE
::Cluster
::check_cfs_quorum
(1)) {
345 my $network = $param->{migration_network
};
346 if ($param->{get_migration_ip
}) {
347 die "cannot use --run-command with --get_migration_ip\n"
348 if $param->{'run-command'};
349 if (my $ip = PVE
::Cluster
::get_local_migration_ip
($network)) {
354 # do not keep tunnel open when asked for migration ip
358 if ($param->{'run-command'}) {
359 my $cmd = $param->{'extra-args'};
360 die "missing command\n"
361 if !$cmd || !scalar(@$cmd);
363 # Get an ip address to listen on, and find a free migration port
365 if (defined($network)) {
366 $ip = PVE
::Cluster
::get_local_migration_ip
($network)
367 or die "failed to get migration IP address to listen on\n";
368 $family = PVE
::Tools
::get_host_address_family
($ip);
370 my $nodename = PVE
::INotify
::nodename
();
371 ($ip, $family) = PVE
::Network
::get_ip_from_hostname
($nodename, 0);
373 my $port = PVE
::Tools
::next_migrate_port
($family, $ip);
375 PVE
::Tools
::pipe_socket_to_command
($cmd, $ip, $port);
379 print "tunnel online\n";
382 while (my $line = <STDIN
>) {
384 last if $line =~ m/^quit$/;
392 keygen
=> [ __PACKAGE__
, 'keygen', ['filename']],
393 create
=> [ 'PVE::API2::ClusterConfig', 'create', ['clustername']],
394 add
=> [ __PACKAGE__
, 'add', ['hostname']],
395 addnode
=> [ 'PVE::API2::ClusterConfig', 'addnode', ['node']],
396 delnode
=> [ 'PVE::API2::ClusterConfig', 'delnode', ['node']],
397 status
=> [ __PACKAGE__
, 'status' ],
398 nodes
=> [ __PACKAGE__
, 'nodes' ],
399 expected
=> [ __PACKAGE__
, 'expected', ['expected']],
400 updatecerts
=> [ __PACKAGE__
, 'updatecerts', []],
401 mtunnel
=> [ __PACKAGE__
, 'mtunnel', ['extra-args']],