X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=data%2FPVE%2FCluster.pm;h=70ce250a0095dd2f40151d446e42c11fc80ff958;hb=7bac9ca573ad13f527663d27f1a9177279d69b76;hp=c845298492b3f2e23abad4e8ec2412af4783f92b;hpb=1b36b6b1c6566408ef274c057d267813c60a74e6;p=pve-cluster.git

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index c845298..70ce250 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -2,7 +2,7 @@ package PVE::Cluster;
 
 use strict;
 use warnings;
-use POSIX qw(EEXIST);
+use POSIX qw(EEXIST ENOENT);
 use File::stat qw();
 use Socket;
 use Storable qw(dclone);
@@ -402,7 +402,10 @@ my $ipcc_get_config = sub {
     my $bindata = pack "Z*", $path;
     my $res = PVE::IPCC::ipcc_send_rec(6, $bindata);
     if (!defined($res)) {
-	return undef if ($! != 0);
+	if ($! != 0) {
+	    return undef if $! == ENOENT;
+	    die "$!\n";
+	}
 	return '';
     }
 
@@ -447,6 +450,7 @@ my $ipcc_get_cluster_log = sub {
 my $ccache = {};
 
 sub cfs_update {
+    my ($fail) = @_;
     eval {
 	my $res = &$ipcc_send_rec_json(1);
 	#warn "GOT1: " . Dumper($res);
@@ -468,6 +472,7 @@ sub cfs_update {
 	$vmlist = {};
 	$clinfo = {};
 	$ccache = {};
+	die $err if $fail;
 	warn $err;
     }
 
@@ -480,6 +485,7 @@ sub cfs_update {
     $err = $@;
     if ($err) {
 	$clinfo = {};
+	die $err if $fail;
 	warn $err;
     }
 
@@ -492,6 +498,7 @@ sub cfs_update {
     $err = $@;
     if ($err) {
 	$vmlist = {};
+	die $err if $fail;
 	warn $err;
     }
 }
@@ -1141,8 +1148,9 @@ sub setup_rootsshconfig {
     if (! -f $rootsshconfig) {
         mkdir '/root/.ssh';
         if (my $fh = IO::File->new($rootsshconfig, O_CREAT|O_WRONLY|O_EXCL, 0640)) {
-            # this is the default ciphers list from debian openssl0.9.8 except blowfish is added as prefered
-            print $fh "Ciphers blowfish-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc\n";
+            # this is the default ciphers list from Debian's OpenSSH package (OpenSSH_7.4p1 Debian-10, OpenSSL 1.0.2k  26 Jan 2017)
+	    # changed order to put AES before Chacha20 (most hardware has AESNI)
+            print $fh "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm\@openssh.com,aes256-gcm\@openssh.com,chacha20-poly1305\@openssh.com\n";
             close($fh);
         }
     }