]> git.proxmox.com Git - pmg-api.git/blob - src/PMG/ClusterConfig.pm
projects / pmg-api.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
cluster: refactor ssh pubkey verification
[pmg-api.git] / src / PMG / ClusterConfig.pm
1 package PMG::ClusterConfig::Base;
2
3 use strict;
4 use warnings;
5 use Data::Dumper;
6
7 use PVE::Tools;
8 use PVE::JSONSchema qw(get_standard_option);
9 use PVE::Network;
10 use PVE::SectionConfig;
11
12 use base qw(PVE::SectionConfig);
13
14 my $defaultData = {
15 propertyList => {
16 type => { description => "Cluster node type." },
17 cid => {
18 description => "Cluster Node ID.",
19 type => 'integer',
20 minimum => 1,
21 },
22 },
23 };
24
25 sub private {
26 return $defaultData;
27 }
28
29 sub parse_section_header {
30 my ($class, $line) = @_;
31
32 if ($line =~ m/^(node|master):\s*(\d+)\s*$/) {
33 my ($type, $sectionId) = ($1, $2);
34 my $errmsg = undef; # set if you want to skip whole section
35 my $config = {}; # to return additional attributes
36 return ($type, $sectionId, $errmsg, $config);
37 }
38 return undef;
39 }
40
41 package PMG::ClusterConfig::Node;
42
43 use strict;
44 use warnings;
45
46 use base qw(PMG::ClusterConfig::Base);
47
48 sub valid_ssh_pubkey {
49 return'^[A-Za-z0-9\.\/\+]{200,}$';
50 }
51
52 sub type {
53 return 'node';
54 }
55 sub properties {
56 return {
57 ip => {
58 description => "IP address.",
59 type => 'string', format => 'ip',
60 },
61 name => {
62 description => "Node name.",
63 type => 'string', format =>'pve-node',
64 },
65 hostrsapubkey => {
66 description => "Public SSH RSA key for the host.",
67 type => 'string',
68 pattern => valid_ssh_pubkey(),
69 },
70 rootrsapubkey => {
71 description => "Public SSH RSA key for the root user.",
72 type => 'string',
73 pattern => valid_ssh_pubkey(),
74 },
75 fingerprint => {
76 description => "SSL certificate fingerprint.",
77 type => 'string',
78 pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
79 },
80 };
81 }
82
83 sub options {
84 return {
85 ip => { fixed => 1 },
86 name => { fixed => 1 },
87 hostrsapubkey => {},
88 rootrsapubkey => {},
89 fingerprint => {},
90 };
91 }
92
93 package PMG::ClusterConfig::Master;
94
95 use strict;
96 use warnings;
97
98 use base qw(PMG::ClusterConfig::Base);
99
100 sub type {
101 return 'master';
102 }
103
104 sub properties {
105 return {
106 maxcid => {
107 description => "Maximum used cluster node ID (used internally, do not modify).",
108 type => 'integer',
109 minimum => 1,
110 },
111 };
112 }
113
114 sub options {
115 return {
116 maxcid => { fixed => 1 },
117 ip => { fixed => 1 },
118 name => { fixed => 1 },
119 hostrsapubkey => {},
120 rootrsapubkey => {},
121 fingerprint => {},
122 };
123 }
124
125 package PMG::ClusterConfig;
126
127 use strict;
128 use warnings;
129 use Data::Dumper;
130
131 use PVE::SafeSyslog;
132 use PVE::Tools;
133 use PVE::INotify;
134
135 use PMG::Utils;
136
137 PMG::ClusterConfig::Node->register;
138 PMG::ClusterConfig::Master->register;
139 PMG::ClusterConfig::Base->init();
140
141
142 sub new {
143 my ($type) = @_;
144
145 my $class = ref($type) || $type;
146
147 my $cfg = PVE::INotify::read_file("cluster.conf");
148
149 return bless $cfg, $class;
150 }
151
152 sub write {
153 my ($self) = @_;
154
155 PVE::INotify::write_file("cluster.conf", $self);
156 }
157
158 my $lockfile = "/var/lock/pmgcluster.lck";
159
160 sub lock_config {
161 my ($code, $errmsg) = @_;
162
163 my $res = PVE::Tools::lock_file($lockfile, undef, $code);
164 if (my $err = $@) {
165 $errmsg ? die "$errmsg: $err" : die $err;
166 }
167 return $res;
168 }
169
170 sub read_cluster_conf {
171 my ($filename, $fh) = @_;
172
173 local $/ = undef; # slurp mode
174
175 my $raw = defined($fh) ? <$fh> : undef;
176
177 my $cinfo = PMG::ClusterConfig::Base->parse_config($filename, $raw);
178
179 my $localname = PVE::INotify::nodename();
180 my $localip = PVE::Network::get_ip_from_hostname($localname);
181
182 $cinfo->{remnodes} = [];
183
184 $cinfo->{local} = {
185 cid => 0,
186 ip => $localip,
187 name => $localname,
188 };
189
190 my $maxcid = 0;
191 my $names_hash = {};
192
193 my $errprefix = "unable to parse $filename";
194
195 foreach my $cid (keys %{$cinfo->{ids}}) {
196 my $d = $cinfo->{ids}->{$cid};
197
198 die "$errprefix: duplicate use of name '$d->{name}'\n" if $names_hash->{$d->{name}};
199 $names_hash->{$d->{name}} = 1;
200
201 $d->{cid} = $cid;
202 $maxcid = $cid > $maxcid ? $cid : $maxcid;
203 $maxcid = $d->{maxcid} if defined($d->{maxcid}) && $d->{maxcid} > $maxcid;
204 $cinfo->{master} = $d if $d->{type} eq 'master';
205 $cinfo->{'local'} = $d if $d->{name} eq $localname;
206 }
207
208 if ($maxcid) {
209 die "$errprefix: cluster without master node\n"
210 if !defined($cinfo->{master});
211 $cinfo->{master}->{maxcid} = $maxcid;
212 }
213
214 my $local_cid = $cinfo->{local}->{cid};
215 foreach my $cid (sort keys %{$cinfo->{ids}}) {
216 if ($local_cid != $cid) {
217 push @{$cinfo->{remnodes}}, $cid;
218 }
219 }
220
221 return $cinfo;
222 }
223
224 sub write_cluster_conf {
225 my ($filename, $fh, $cfg) = @_;
226
227 my $raw = PMG::ClusterConfig::Base->write_config($filename, $cfg);
228
229 PVE::Tools::safe_print($filename, $fh, $raw);
230 }
231
232 PVE::INotify::register_file('cluster.conf', "/etc/pmg/cluster.conf",
233 \&read_cluster_conf,
234 \&write_cluster_conf,
235 undef,
236 always_call_parser => 1);
237
238 1;
PMG API