]> git.proxmox.com Git - pve-cluster.git/blob - data/PVE/CLI/pvecm.pm
projects / pve-cluster.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
move cluster create to API
[pve-cluster.git] / data / PVE / CLI / pvecm.pm
1 package PVE::CLI::pvecm;
2
3 use strict;
4 use warnings;
5
6 use File::Path;
7 use File::Basename;
8 use PVE::Tools qw(run_command);
9 use PVE::Cluster;
10 use PVE::INotify;
11 use PVE::JSONSchema;
12 use PVE::RPCEnvironment;
13 use PVE::CLIHandler;
14 use PVE::PTY;
15 use PVE::API2::ClusterConfig;
16 use PVE::Corosync;
17
18 use base qw(PVE::CLIHandler);
19
20 $ENV{HOME} = '/root'; # for ssh-copy-id
21
22 my $basedir = "/etc/pve";
23 my $clusterconf = "$basedir/corosync.conf";
24 my $libdir = "/var/lib/pve-cluster";
25 my $authfile = "/etc/corosync/authkey";
26
27
28 sub setup_environment {
29 PVE::RPCEnvironment->setup_default_cli_env();
30 }
31
32 __PACKAGE__->register_method ({
33 name => 'keygen',
34 path => 'keygen',
35 method => 'PUT',
36 description => "Generate new cryptographic key for corosync.",
37 parameters => {
38 additionalProperties => 0,
39 properties => {
40 filename => {
41 type => 'string',
42 description => "Output file name"
43 }
44 },
45 },
46 returns => { type => 'null' },
47
48 code => sub {
49 my ($param) = @_;
50
51 my $filename = $param->{filename};
52
53 # test EUID
54 $> == 0 || die "Error: Authorization key must be generated as root user.\n";
55 my $dirname = dirname($filename);
56
57 die "key file '$filename' already exists\n" if -e $filename;
58
59 File::Path::make_path($dirname) if $dirname;
60
61 run_command(['corosync-keygen', '-l', '-k', $filename]);
62
63 return undef;
64 }});
65
66 __PACKAGE__->register_method ({
67 name => 'add',
68 path => 'add',
69 method => 'PUT',
70 description => "Adds the current node to an existing cluster.",
71 parameters => {
72 additionalProperties => 0,
73 properties => {
74 hostname => {
75 type => 'string',
76 description => "Hostname (or IP) of an existing cluster member."
77 },
78 nodeid => {
79 type => 'integer',
80 description => "Node id for this node.",
81 minimum => 1,
82 optional => 1,
83 },
84 votes => {
85 type => 'integer',
86 description => "Number of votes for this node",
87 minimum => 0,
88 optional => 1,
89 },
90 force => {
91 type => 'boolean',
92 description => "Do not throw error if node already exists.",
93 optional => 1,
94 },
95 ring0_addr => {
96 type => 'string', format => 'address',
97 description => "Hostname (or IP) of the corosync ring0 address of this node.".
98 " Defaults to nodes hostname.",
99 optional => 1,
100 },
101 ring1_addr => {
102 type => 'string', format => 'address',
103 description => "Hostname (or IP) of the corosync ring1 address, this".
104 " needs an valid configured ring 1 interface in the cluster.",
105 optional => 1,
106 },
107 fingerprint => PVE::JSONSchema::get_standard_option('fingerprint-sha256', {
108 optional => 1,
109 }),
110 'use_ssh' => {
111 type => 'boolean',
112 description => "Always use SSH to join, even if peer may do it over API.",
113 optional => 1,
114 },
115 },
116 },
117 returns => { type => 'null' },
118
119 code => sub {
120 my ($param) = @_;
121
122 my $nodename = PVE::INotify::nodename();
123
124 my $host = $param->{hostname};
125
126 PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
127
128 if (!$param->{use_ssh}) {
129 print "Please enter superuser (root) password for '$host':\n";
130 my $password = PVE::PTY::read_password("Password for root\@$host: ");
131
132 delete $param->{use_ssh};
133 $param->{password} = $password;
134
135 eval { PVE::Cluster::join($param) };
136
137 if (my $err = $@) {
138 if (ref($err) eq 'PVE::APIClient::Exception' && $err->{code} == 501) {
139 $err = "Remote side is not able to use API for Cluster join!\n" .
140 "Pass the 'use_ssh' switch or update the remote side.\n";
141 }
142 die $err;
143 }
144 return; # all OK, the API join endpoint successfully set us up
145 }
146
147 # allow fallback to old ssh only join if wished or needed
148
149 PVE::Cluster::setup_sshd_config();
150 PVE::Cluster::setup_rootsshconfig();
151 PVE::Cluster::setup_ssh_keys();
152
153 # make sure known_hosts is on local filesystem
154 PVE::Cluster::ssh_unmerge_known_hosts();
155
156 my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"];
157 run_command($cmd, 'outfunc' => sub {}, 'errfunc' => sub {},
158 'errmsg' => "unable to copy ssh ID");
159
160 $cmd = ['ssh', $host, '-o', 'BatchMode=yes',
161 'pvecm', 'addnode', $nodename, '--force', 1];
162
163 push @$cmd, '--nodeid', $param->{nodeid} if $param->{nodeid};
164 push @$cmd, '--votes', $param->{votes} if defined($param->{votes});
165 push @$cmd, '--ring0_addr', $param->{ring0_addr} if defined($param->{ring0_addr});
166 push @$cmd, '--ring1_addr', $param->{ring1_addr} if defined($param->{ring1_addr});
167
168 if (system (@$cmd) != 0) {
169 my $cmdtxt = join (' ', @$cmd);
170 die "unable to add node: command failed ($cmdtxt)\n";
171 }
172
173 my $tmpdir = "$libdir/.pvecm_add.tmp.$$";
174 mkdir $tmpdir;
175
176 eval {
177 print "copy corosync auth key\n";
178 $cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq',
179 "[$host]:$authfile $clusterconf", $tmpdir];
180
181 system(@$cmd) == 0 || die "can't rsync data from host '$host'\n";
182
183 my $corosync_conf = PVE::Tools::file_get_contents("$tmpdir/corosync.conf");
184 my $corosync_authkey = PVE::Tools::file_get_contents("$tmpdir/authkey");
185
186 PVE::Cluster::finish_join($host, $corosync_conf, $corosync_authkey);
187 };
188 my $err = $@;
189
190 rmtree $tmpdir;
191
192 die $err if $err;
193
194 return undef;
195 }});
196
197 __PACKAGE__->register_method ({
198 name => 'status',
199 path => 'status',
200 method => 'GET',
201 description => "Displays the local view of the cluster status.",
202 parameters => {
203 additionalProperties => 0,
204 properties => {},
205 },
206 returns => { type => 'null' },
207
208 code => sub {
209 my ($param) = @_;
210
211 PVE::Corosync::check_conf_exists();
212
213 my $cmd = ['corosync-quorumtool', '-siH'];
214
215 exec (@$cmd);
216
217 exit (-1); # should not be reached
218 }});
219
220 __PACKAGE__->register_method ({
221 name => 'nodes',
222 path => 'nodes',
223 method => 'GET',
224 description => "Displays the local view of the cluster nodes.",
225 parameters => {
226 additionalProperties => 0,
227 properties => {},
228 },
229 returns => { type => 'null' },
230
231 code => sub {
232 my ($param) = @_;
233
234 PVE::Corosync::check_conf_exists();
235
236 my $cmd = ['corosync-quorumtool', '-l'];
237
238 exec (@$cmd);
239
240 exit (-1); # should not be reached
241 }});
242
243 __PACKAGE__->register_method ({
244 name => 'expected',
245 path => 'expected',
246 method => 'PUT',
247 description => "Tells corosync a new value of expected votes.",
248 parameters => {
249 additionalProperties => 0,
250 properties => {
251 expected => {
252 type => 'integer',
253 description => "Expected votes",
254 minimum => 1,
255 },
256 },
257 },
258 returns => { type => 'null' },
259
260 code => sub {
261 my ($param) = @_;
262
263 PVE::Corosync::check_conf_exists();
264
265 my $cmd = ['corosync-quorumtool', '-e', $param->{expected}];
266
267 exec (@$cmd);
268
269 exit (-1); # should not be reached
270
271 }});
272
273 __PACKAGE__->register_method ({
274 name => 'updatecerts',
275 path => 'updatecerts',
276 method => 'PUT',
277 description => "Update node certificates (and generate all needed files/directories).",
278 parameters => {
279 additionalProperties => 0,
280 properties => {
281 force => {
282 description => "Force generation of new SSL certifate.",
283 type => 'boolean',
284 optional => 1,
285 },
286 silent => {
287 description => "Ignore errors (i.e. when cluster has no quorum).",
288 type => 'boolean',
289 optional => 1,
290 },
291 },
292 },
293 returns => { type => 'null' },
294 code => sub {
295 my ($param) = @_;
296
297 PVE::Cluster::setup_rootsshconfig();
298
299 PVE::Cluster::gen_pve_vzdump_symlink();
300
301 if (!PVE::Cluster::check_cfs_quorum(1)) {
302 return undef if $param->{silent};
303 die "no quorum - unable to update files\n";
304 }
305
306 PVE::Cluster::setup_ssh_keys();
307
308 my $nodename = PVE::INotify::nodename();
309
310 my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);
311
312 PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $param->{force});
313 PVE::Cluster::ssh_merge_keys();
314 PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address);
315 PVE::Cluster::gen_pve_vzdump_files();
316
317 return undef;
318 }});
319
320 __PACKAGE__->register_method ({
321 name => 'mtunnel',
322 path => 'mtunnel',
323 method => 'POST',
324 description => "Used by VM/CT migration - do not use manually.",
325 parameters => {
326 additionalProperties => 0,
327 properties => {
328 get_migration_ip => {
329 type => 'boolean',
330 default => 0,
331 description => 'return the migration IP, if configured',
332 optional => 1,
333 },
334 migration_network => {
335 type => 'string',
336 format => 'CIDR',
337 description => 'the migration network used to detect the local migration IP',
338 optional => 1,
339 },
340 'run-command' => {
341 type => 'boolean',
342 description => 'Run a command with a tcp socket as standard input.'
343 .' The IP address and port are printed via this'
344 ." command's stdandard output first, each on a separate line.",
345 optional => 1,
346 },
347 'extra-args' => PVE::JSONSchema::get_standard_option('extra-args'),
348 },
349 },
350 returns => { type => 'null'},
351 code => sub {
352 my ($param) = @_;
353
354 if (!PVE::Cluster::check_cfs_quorum(1)) {
355 print "no quorum\n";
356 return undef;
357 }
358
359 my $network = $param->{migration_network};
360 if ($param->{get_migration_ip}) {
361 die "cannot use --run-command with --get_migration_ip\n"
362 if $param->{'run-command'};
363 if (my $ip = PVE::Cluster::get_local_migration_ip($network)) {
364 print "ip: '$ip'\n";
365 } else {
366 print "no ip\n";
367 }
368 # do not keep tunnel open when asked for migration ip
369 return undef;
370 }
371
372 if ($param->{'run-command'}) {
373 my $cmd = $param->{'extra-args'};
374 die "missing command\n"
375 if !$cmd || !scalar(@$cmd);
376
377 # Get an ip address to listen on, and find a free migration port
378 my ($ip, $family);
379 if (defined($network)) {
380 $ip = PVE::Cluster::get_local_migration_ip($network)
381 or die "failed to get migration IP address to listen on\n";
382 $family = PVE::Tools::get_host_address_family($ip);
383 } else {
384 my $nodename = PVE::INotify::nodename();
385 ($ip, $family) = PVE::Network::get_ip_from_hostname($nodename, 0);
386 }
387 my $port = PVE::Tools::next_migrate_port($family, $ip);
388
389 PVE::Tools::pipe_socket_to_command($cmd, $ip, $port);
390 return undef;
391 }
392
393 print "tunnel online\n";
394 *STDOUT->flush();
395
396 while (my $line = <STDIN>) {
397 chomp $line;
398 last if $line =~ m/^quit$/;
399 }
400
401 return undef;
402 }});
403
404
405 our $cmddef = {
406 keygen => [ __PACKAGE__, 'keygen', ['filename']],
407 create => [ 'PVE::API2::ClusterConfig', 'create', ['clustername']],
408 add => [ __PACKAGE__, 'add', ['hostname']],
409 addnode => [ 'PVE::API2::ClusterConfig', 'addnode', ['node']],
410 delnode => [ 'PVE::API2::ClusterConfig', 'delnode', ['node']],
411 status => [ __PACKAGE__, 'status' ],
412 nodes => [ __PACKAGE__, 'nodes' ],
413 expected => [ __PACKAGE__, 'expected', ['expected']],
414 updatecerts => [ __PACKAGE__, 'updatecerts', []],
415 mtunnel => [ __PACKAGE__, 'mtunnel', ['extra-args']],
416 };
417
418 1;
Cluster FS and Tools