cluster: add helper to get remote cert fingerprint

via ssh executing 'openssl x509'

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PMG/Cluster.pm b/src/PMG/Cluster.pm
index daaa43970bdb8092a628e20b2a92952573f38835..49ba7d9674e1fba53e5784aba53003f5384a9fdc 100644 (file)
--- a/src/PMG/Cluster.pm
+++ b/src/PMG/Cluster.pm
@@ -289,6 +289,27 @@ my $ssh_command = sub {
     return $cmd;
 };
 
+sub get_remote_cert_fingerprint {
+    my ($ni) = @_;
+
+    my $ssh_cmd = $ssh_command->(
+       $ni->{name}, $ni->{ip},
+       'openssl x509 -noout -fingerprint -sha256 -in /etc/pmg/pmg-api.pem');
+    my $fp;
+    eval {
+       PVE::Tools::run_command($ssh_cmd, outfunc => sub {
+           my ($line) = @_;
+           if ($line =~ m/SHA256 Fingerprint=((?:[A-Fa-f0-9]{2}:){31}[A-Fa-f0-9]{2})/) {
+               $fp = $1;
+           }
+       });
+       die "parsing failed\n" if !$fp;
+    };
+    die "unable to get remote node fingerprint from '$ni->{name}': $@\n" if $@;
+
+    return $fp;
+}
+
 my $rsync_command = sub {
     my ($host_key_alias, @args) = @_;