]>
Commit | Line | Data |
---|---|---|
963c06bb DM |
1 | package PVE::API2::ClusterConfig; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
b6973a89 | 5 | |
963c06bb DM |
6 | use PVE::Tools; |
7 | use PVE::SafeSyslog; | |
8 | use PVE::RESTHandler; | |
9 | use PVE::RPCEnvironment; | |
10 | use PVE::JSONSchema qw(get_standard_option); | |
11 | use PVE::Cluster; | |
6ed49eb1 | 12 | use PVE::APIClient::LWP; |
b6973a89 | 13 | use PVE::Corosync; |
963c06bb DM |
14 | |
15 | use base qw(PVE::RESTHandler); | |
16 | ||
74e09a93 TL |
17 | my $clusterconf = "/etc/pve/corosync.conf"; |
18 | my $authfile = "/etc/corosync/authkey"; | |
b184a69d | 19 | my $local_cluster_lock = "/var/lock/pvecm.lock"; |
74e09a93 | 20 | |
10c6810e TL |
21 | my $ring0_desc = { |
22 | type => 'string', format => 'address', | |
23 | description => "Hostname (or IP) of the corosync ring0 address of this node.", | |
24 | default => "Hostname of the node", | |
25 | optional => 1, | |
26 | }; | |
27 | PVE::JSONSchema::register_standard_option("corosync-ring0-addr", $ring0_desc); | |
28 | ||
29 | my $ring1_desc = { | |
30 | type => 'string', format => 'address', | |
31 | description => "Hostname (or IP) of the corosync ring1 address of this node.". | |
32 | " Requires a valid configured ring 1 (bindnet1_addr) in the cluster.", | |
33 | optional => 1, | |
34 | }; | |
35 | PVE::JSONSchema::register_standard_option("corosync-ring1-addr", $ring1_desc); | |
36 | ||
37 | my $nodeid_desc = { | |
38 | type => 'integer', | |
39 | description => "Node id for this node.", | |
40 | minimum => 1, | |
41 | optional => 1, | |
42 | }; | |
43 | PVE::JSONSchema::register_standard_option("corosync-nodeid", $nodeid_desc); | |
44 | ||
963c06bb DM |
45 | __PACKAGE__->register_method({ |
46 | name => 'index', | |
47 | path => '', | |
48 | method => 'GET', | |
49 | description => "Directory index.", | |
fb7c665a EK |
50 | permissions => { |
51 | check => ['perm', '/', [ 'Sys.Audit' ]], | |
52 | }, | |
963c06bb DM |
53 | parameters => { |
54 | additionalProperties => 0, | |
55 | properties => {}, | |
56 | }, | |
57 | returns => { | |
58 | type => 'array', | |
59 | items => { | |
60 | type => "object", | |
61 | properties => {}, | |
62 | }, | |
63 | links => [ { rel => 'child', href => "{name}" } ], | |
64 | }, | |
65 | code => sub { | |
66 | my ($param) = @_; | |
67 | ||
68 | my $result = [ | |
69 | { name => 'nodes' }, | |
70 | { name => 'totem' }, | |
6ed49eb1 TL |
71 | { name => 'join' }, |
72 | ]; | |
963c06bb DM |
73 | |
74 | return $result; | |
75 | }}); | |
76 | ||
74e09a93 TL |
77 | __PACKAGE__->register_method ({ |
78 | name => 'create', | |
79 | path => '', | |
80 | method => 'POST', | |
81 | protected => 1, | |
82 | description => "Generate new cluster configuration.", | |
83 | parameters => { | |
84 | additionalProperties => 0, | |
85 | properties => { | |
86 | clustername => { | |
87 | description => "The name of the cluster.", | |
88 | type => 'string', format => 'pve-node', | |
89 | maxLength => 15, | |
90 | }, | |
10c6810e | 91 | nodeid => get_standard_option('corosync-nodeid'), |
74e09a93 TL |
92 | votes => { |
93 | type => 'integer', | |
94 | description => "Number of votes for this node.", | |
95 | minimum => 1, | |
96 | optional => 1, | |
97 | }, | |
98 | bindnet0_addr => { | |
99 | type => 'string', format => 'ip', | |
100 | description => "This specifies the network address the corosync ring 0". | |
101 | " executive should bind to and defaults to the local IP address of the node.", | |
102 | optional => 1, | |
103 | }, | |
10c6810e | 104 | ring0_addr => get_standard_option('corosync-ring0-addr'), |
74e09a93 TL |
105 | bindnet1_addr => { |
106 | type => 'string', format => 'ip', | |
107 | description => "This specifies the network address the corosync ring 1". | |
108 | " executive should bind to and is optional.", | |
109 | optional => 1, | |
110 | }, | |
10c6810e | 111 | ring1_addr => get_standard_option('corosync-ring1-addr'), |
74e09a93 TL |
112 | }, |
113 | }, | |
333a9bc8 | 114 | returns => { type => 'string' }, |
74e09a93 TL |
115 | code => sub { |
116 | my ($param) = @_; | |
117 | ||
118 | -f $clusterconf && die "cluster config '$clusterconf' already exists\n"; | |
119 | ||
333a9bc8 TL |
120 | my $rpcenv = PVE::RPCEnvironment::get(); |
121 | my $authuser = $rpcenv->get_user(); | |
122 | ||
b184a69d | 123 | my $code = sub { |
17a4445f | 124 | STDOUT->autoflush(); |
333a9bc8 TL |
125 | PVE::Cluster::setup_sshd_config(1); |
126 | PVE::Cluster::setup_rootsshconfig(); | |
127 | PVE::Cluster::setup_ssh_keys(); | |
74e09a93 | 128 | |
333a9bc8 TL |
129 | PVE::Tools::run_command(['/usr/sbin/corosync-keygen', '-lk', $authfile]) |
130 | if !-f $authfile; | |
131 | die "no authentication key available\n" if -f !$authfile; | |
74e09a93 | 132 | |
333a9bc8 | 133 | my $nodename = PVE::INotify::nodename(); |
74e09a93 | 134 | |
333a9bc8 TL |
135 | # get the corosync basis config for the new cluster |
136 | my $config = PVE::Corosync::create_conf($nodename, %$param); | |
74e09a93 | 137 | |
333a9bc8 TL |
138 | print "Writing corosync config to /etc/pve/corosync.conf\n"; |
139 | PVE::Corosync::atomic_write_conf($config); | |
74e09a93 | 140 | |
333a9bc8 TL |
141 | my $local_ip_address = PVE::Cluster::remote_node_ip($nodename); |
142 | PVE::Cluster::ssh_merge_keys(); | |
143 | PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address); | |
144 | PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address, 1); | |
74e09a93 | 145 | |
333a9bc8 TL |
146 | print "Restart corosync and cluster filesystem\n"; |
147 | PVE::Tools::run_command('systemctl restart corosync pve-cluster'); | |
148 | }; | |
74e09a93 | 149 | |
b184a69d TL |
150 | my $worker = sub { |
151 | PVE::Tools::lock_file($local_cluster_lock, 10, $code); | |
152 | die $@ if $@; | |
153 | }; | |
154 | ||
65ee8001 | 155 | return $rpcenv->fork_worker('clustercreate', $param->{clustername}, $authuser, $worker); |
74e09a93 TL |
156 | }}); |
157 | ||
963c06bb DM |
158 | __PACKAGE__->register_method({ |
159 | name => 'nodes', | |
160 | path => 'nodes', | |
161 | method => 'GET', | |
162 | description => "Corosync node list.", | |
fb7c665a EK |
163 | permissions => { |
164 | check => ['perm', '/', [ 'Sys.Audit' ]], | |
165 | }, | |
963c06bb DM |
166 | parameters => { |
167 | additionalProperties => 0, | |
168 | properties => {}, | |
169 | }, | |
170 | returns => { | |
171 | type => 'array', | |
172 | items => { | |
173 | type => "object", | |
174 | properties => { | |
175 | node => { type => 'string' }, | |
176 | }, | |
177 | }, | |
178 | links => [ { rel => 'child', href => "{node}" } ], | |
179 | }, | |
180 | code => sub { | |
181 | my ($param) = @_; | |
182 | ||
183 | ||
184 | my $conf = PVE::Cluster::cfs_read_file('corosync.conf'); | |
b6973a89 | 185 | my $nodelist = PVE::Corosync::nodelist($conf); |
963c06bb DM |
186 | |
187 | return PVE::RESTHandler::hash_to_array($nodelist, 'node'); | |
188 | }}); | |
189 | ||
1d26c202 TL |
190 | # lock method to ensure local and cluster wide atomicity |
191 | # if we're a single node cluster just lock locally, we have no other cluster | |
192 | # node which we could contend with, else also acquire a cluster wide lock | |
193 | my $config_change_lock = sub { | |
194 | my ($code) = @_; | |
195 | ||
b184a69d | 196 | PVE::Tools::lock_file($local_cluster_lock, 10, sub { |
1d26c202 TL |
197 | PVE::Cluster::cfs_update(1); |
198 | my $members = PVE::Cluster::get_members(); | |
199 | if (scalar(keys %$members) > 1) { | |
0f147e2a FG |
200 | my $res = PVE::Cluster::cfs_lock_file('corosync.conf', 10, $code); |
201 | # cfs_lock_file only sets $@ | |
202 | # lock_file does not propagate $@ unless we die here | |
203 | die $@ if defined($@); | |
204 | return $res; | |
1d26c202 TL |
205 | } else { |
206 | return $code->(); | |
207 | } | |
208 | }); | |
209 | }; | |
210 | ||
1d26c202 TL |
211 | __PACKAGE__->register_method ({ |
212 | name => 'addnode', | |
213 | path => 'nodes/{node}', | |
214 | method => 'POST', | |
215 | protected => 1, | |
79cf5a70 | 216 | description => "Adds a node to the cluster configuration. This call is for internal use.", |
1d26c202 TL |
217 | parameters => { |
218 | additionalProperties => 0, | |
219 | properties => { | |
220 | node => get_standard_option('pve-node'), | |
10c6810e | 221 | nodeid => get_standard_option('corosync-nodeid'), |
1d26c202 TL |
222 | votes => { |
223 | type => 'integer', | |
224 | description => "Number of votes for this node", | |
225 | minimum => 0, | |
226 | optional => 1, | |
227 | }, | |
228 | force => { | |
229 | type => 'boolean', | |
230 | description => "Do not throw error if node already exists.", | |
231 | optional => 1, | |
232 | }, | |
10c6810e TL |
233 | ring0_addr => get_standard_option('corosync-ring0-addr'), |
234 | ring1_addr => get_standard_option('corosync-ring1-addr'), | |
1d26c202 TL |
235 | }, |
236 | }, | |
331d957b TL |
237 | returns => { |
238 | type => "object", | |
239 | properties => { | |
240 | corosync_authkey => { | |
241 | type => 'string', | |
242 | }, | |
243 | corosync_conf => { | |
244 | type => 'string', | |
245 | } | |
246 | }, | |
247 | }, | |
1d26c202 TL |
248 | code => sub { |
249 | my ($param) = @_; | |
250 | ||
251 | PVE::Cluster::check_cfs_quorum(); | |
252 | ||
253 | my $code = sub { | |
254 | my $conf = PVE::Cluster::cfs_read_file("corosync.conf"); | |
255 | my $nodelist = PVE::Corosync::nodelist($conf); | |
256 | my $totem_cfg = PVE::Corosync::totem_config($conf); | |
257 | ||
258 | my $name = $param->{node}; | |
259 | ||
260 | # ensure we do not reuse an address, that can crash the whole cluster! | |
261 | my $check_duplicate_addr = sub { | |
262 | my $addr = shift; | |
263 | return if !defined($addr); | |
264 | ||
265 | while (my ($k, $v) = each %$nodelist) { | |
266 | next if $k eq $name; # allows re-adding a node if force is set | |
dd92cac5 TL |
267 | if ($v->{ring0_addr} eq $addr || ($v->{ring1_addr} && $v->{ring1_addr} eq $addr)) { |
268 | die "corosync: address '$addr' already defined by node '$k'\n"; | |
269 | } | |
1d26c202 TL |
270 | } |
271 | }; | |
272 | ||
273 | &$check_duplicate_addr($param->{ring0_addr}); | |
274 | &$check_duplicate_addr($param->{ring1_addr}); | |
275 | ||
276 | $param->{ring0_addr} = $name if !$param->{ring0_addr}; | |
277 | ||
278 | die "corosync: using 'ring1_addr' parameter needs a configured ring 1 interface!\n" | |
279 | if $param->{ring1_addr} && !defined($totem_cfg->{interface}->{1}); | |
280 | ||
281 | die "corosync: ring 1 interface configured but 'ring1_addr' parameter not defined!\n" | |
282 | if defined($totem_cfg->{interface}->{1}) && !defined($param->{ring1_addr}); | |
283 | ||
284 | if (defined(my $res = $nodelist->{$name})) { | |
285 | $param->{nodeid} = $res->{nodeid} if !$param->{nodeid}; | |
286 | $param->{votes} = $res->{quorum_votes} if !defined($param->{votes}); | |
287 | ||
288 | if ($res->{quorum_votes} == $param->{votes} && | |
289 | $res->{nodeid} == $param->{nodeid} && $param->{force}) { | |
290 | print "forcing overwrite of configured node '$name'\n"; | |
291 | } else { | |
292 | die "can't add existing node '$name'\n"; | |
293 | } | |
294 | } elsif (!$param->{nodeid}) { | |
295 | my $nodeid = 1; | |
296 | ||
297 | while(1) { | |
298 | my $found = 0; | |
299 | foreach my $v (values %$nodelist) { | |
300 | if ($v->{nodeid} eq $nodeid) { | |
301 | $found = 1; | |
302 | $nodeid++; | |
303 | last; | |
304 | } | |
305 | } | |
306 | last if !$found; | |
307 | }; | |
308 | ||
309 | $param->{nodeid} = $nodeid; | |
310 | } | |
311 | ||
312 | $param->{votes} = 1 if !defined($param->{votes}); | |
313 | ||
314 | PVE::Cluster::gen_local_dirs($name); | |
315 | ||
316 | eval { PVE::Cluster::ssh_merge_keys(); }; | |
317 | warn $@ if $@; | |
318 | ||
319 | $nodelist->{$name} = { | |
320 | ring0_addr => $param->{ring0_addr}, | |
321 | nodeid => $param->{nodeid}, | |
322 | name => $name, | |
323 | }; | |
324 | $nodelist->{$name}->{ring1_addr} = $param->{ring1_addr} if $param->{ring1_addr}; | |
325 | $nodelist->{$name}->{quorum_votes} = $param->{votes} if $param->{votes}; | |
326 | ||
855671ec TL |
327 | PVE::Cluster::log_msg('notice', 'root@pam', "adding node $name to cluster"); |
328 | ||
1d26c202 TL |
329 | PVE::Corosync::update_nodelist($conf, $nodelist); |
330 | }; | |
331 | ||
332 | $config_change_lock->($code); | |
333 | die $@ if $@; | |
334 | ||
331d957b TL |
335 | my $res = { |
336 | corosync_authkey => PVE::Tools::file_get_contents($authfile), | |
337 | corosync_conf => PVE::Tools::file_get_contents($clusterconf), | |
338 | }; | |
339 | ||
340 | return $res; | |
1d26c202 TL |
341 | }}); |
342 | ||
343 | ||
344 | __PACKAGE__->register_method ({ | |
345 | name => 'delnode', | |
346 | path => 'nodes/{node}', | |
347 | method => 'DELETE', | |
348 | protected => 1, | |
349 | description => "Removes a node from the cluster configuration.", | |
350 | parameters => { | |
351 | additionalProperties => 0, | |
352 | properties => { | |
353 | node => get_standard_option('pve-node'), | |
354 | }, | |
355 | }, | |
356 | returns => { type => 'null' }, | |
357 | code => sub { | |
358 | my ($param) = @_; | |
359 | ||
360 | my $local_node = PVE::INotify::nodename(); | |
361 | die "Cannot delete myself from cluster!\n" if $param->{node} eq $local_node; | |
362 | ||
363 | PVE::Cluster::check_cfs_quorum(); | |
364 | ||
365 | my $code = sub { | |
366 | my $conf = PVE::Cluster::cfs_read_file("corosync.conf"); | |
367 | my $nodelist = PVE::Corosync::nodelist($conf); | |
368 | ||
369 | my $node; | |
370 | my $nodeid; | |
371 | ||
372 | foreach my $tmp_node (keys %$nodelist) { | |
373 | my $d = $nodelist->{$tmp_node}; | |
374 | my $ring0_addr = $d->{ring0_addr}; | |
375 | my $ring1_addr = $d->{ring1_addr}; | |
376 | if (($tmp_node eq $param->{node}) || | |
377 | (defined($ring0_addr) && ($ring0_addr eq $param->{node})) || | |
378 | (defined($ring1_addr) && ($ring1_addr eq $param->{node}))) { | |
379 | $node = $tmp_node; | |
380 | $nodeid = $d->{nodeid}; | |
381 | last; | |
382 | } | |
383 | } | |
384 | ||
385 | die "Node/IP: $param->{node} is not a known host of the cluster.\n" | |
386 | if !defined($node); | |
387 | ||
855671ec TL |
388 | PVE::Cluster::log_msg('notice', 'root@pam', "deleting node $node from cluster"); |
389 | ||
1d26c202 TL |
390 | delete $nodelist->{$node}; |
391 | ||
392 | PVE::Corosync::update_nodelist($conf, $nodelist); | |
393 | ||
394 | PVE::Tools::run_command(['corosync-cfgtool','-k', $nodeid]) if defined($nodeid); | |
395 | }; | |
396 | ||
397 | $config_change_lock->($code); | |
398 | die $@ if $@; | |
399 | ||
400 | return undef; | |
401 | }}); | |
402 | ||
fca7797d TL |
403 | __PACKAGE__->register_method ({ |
404 | name => 'join_info', | |
405 | path => 'join', | |
be85d00b TL |
406 | permissions => { |
407 | check => ['perm', '/', [ 'Sys.Audit' ]], | |
408 | }, | |
fca7797d TL |
409 | method => 'GET', |
410 | description => "Get information needed to join this cluster over the connected node.", | |
411 | parameters => { | |
412 | additionalProperties => 0, | |
413 | properties => { | |
414 | node => get_standard_option('pve-node', { | |
415 | description => "The node for which the joinee gets the nodeinfo. ", | |
416 | default => "current connected node", | |
417 | optional => 1, | |
418 | }), | |
419 | }, | |
420 | }, | |
421 | returns => { | |
422 | type => 'object', | |
423 | additionalProperties => 0, | |
424 | properties => { | |
425 | nodelist => { | |
426 | type => 'array', | |
427 | items => { | |
428 | type => "object", | |
429 | additionalProperties => 1, | |
430 | properties => { | |
431 | name => get_standard_option('pve-node'), | |
432 | nodeid => get_standard_option('corosync-nodeid'), | |
433 | ring0_addr => get_standard_option('corosync-ring0-addr'), | |
434 | quorum_votes => { type => 'integer', minimum => 0 }, | |
435 | pve_addr => { type => 'string', format => 'ip' }, | |
436 | pve_fp => get_standard_option('fingerprint-sha256'), | |
437 | }, | |
438 | }, | |
439 | }, | |
440 | preferred_node => get_standard_option('pve-node'), | |
441 | totem => { type => 'object' }, | |
442 | config_digest => { type => 'string' }, | |
443 | }, | |
444 | }, | |
445 | code => sub { | |
446 | my ($param) = @_; | |
447 | ||
448 | my $nodename = $param->{node} // PVE::INotify::nodename(); | |
449 | ||
450 | PVE::Cluster::cfs_update(1); | |
451 | my $conf = PVE::Cluster::cfs_read_file('corosync.conf'); | |
452 | ||
453 | die "node is not in a cluster, no join info available!\n" | |
454 | if !($conf && $conf->{main}); | |
455 | ||
456 | my $totem_cfg = $conf->{main}->{totem} // {}; | |
457 | my $nodelist = $conf->{main}->{nodelist}->{node} // {}; | |
458 | my $corosync_config_digest = $conf->{digest}; | |
459 | ||
460 | die "unknown node '$nodename'\n" if ! $nodelist->{$nodename}; | |
461 | ||
462 | foreach my $name (keys %$nodelist) { | |
463 | my $node = $nodelist->{$name}; | |
464 | $node->{pve_fp} = PVE::Cluster::get_node_fingerprint($name); | |
465 | $node->{pve_addr} = scalar(PVE::Cluster::remote_node_ip($name)); | |
466 | } | |
467 | ||
468 | my $res = { | |
469 | nodelist => [ values %$nodelist ], | |
470 | preferred_node => $nodename, | |
471 | totem => $totem_cfg, | |
472 | config_digest => $corosync_config_digest, | |
473 | }; | |
474 | ||
475 | return $res; | |
476 | }}); | |
477 | ||
6ed49eb1 TL |
478 | __PACKAGE__->register_method ({ |
479 | name => 'join', | |
480 | path => 'join', | |
481 | method => 'POST', | |
482 | protected => 1, | |
483 | description => "Joins this node into an existing cluster.", | |
484 | parameters => { | |
485 | additionalProperties => 0, | |
486 | properties => { | |
487 | hostname => { | |
488 | type => 'string', | |
489 | description => "Hostname (or IP) of an existing cluster member." | |
490 | }, | |
10c6810e | 491 | nodeid => get_standard_option('corosync-nodeid'), |
6ed49eb1 TL |
492 | votes => { |
493 | type => 'integer', | |
494 | description => "Number of votes for this node", | |
495 | minimum => 0, | |
496 | optional => 1, | |
497 | }, | |
498 | force => { | |
499 | type => 'boolean', | |
500 | description => "Do not throw error if node already exists.", | |
501 | optional => 1, | |
502 | }, | |
10c6810e | 503 | ring0_addr => get_standard_option('corosync-ring0-addr', { |
072ba2e0 | 504 | default => "IP resolved by node's hostname", |
10c6810e TL |
505 | }), |
506 | ring1_addr => get_standard_option('corosync-ring1-addr'), | |
6ed49eb1 TL |
507 | fingerprint => get_standard_option('fingerprint-sha256'), |
508 | password => { | |
509 | description => "Superuser (root) password of peer node.", | |
510 | type => 'string', | |
511 | maxLength => 128, | |
512 | }, | |
513 | }, | |
514 | }, | |
515 | returns => { type => 'string' }, | |
516 | code => sub { | |
517 | my ($param) = @_; | |
518 | ||
519 | my $rpcenv = PVE::RPCEnvironment::get(); | |
520 | my $authuser = $rpcenv->get_user(); | |
521 | ||
522 | my $worker = sub { | |
17a4445f | 523 | STDOUT->autoflush(); |
b184a69d TL |
524 | PVE::Tools::lock_file($local_cluster_lock, 10, \&PVE::Cluster::join, $param); |
525 | die $@ if $@; | |
6ed49eb1 TL |
526 | }; |
527 | ||
8c4e30d3 | 528 | return $rpcenv->fork_worker('clusterjoin', undef, $authuser, $worker); |
6ed49eb1 TL |
529 | }}); |
530 | ||
531 | ||
963c06bb DM |
532 | __PACKAGE__->register_method({ |
533 | name => 'totem', | |
534 | path => 'totem', | |
535 | method => 'GET', | |
536 | description => "Get corosync totem protocol settings.", | |
fb7c665a EK |
537 | permissions => { |
538 | check => ['perm', '/', [ 'Sys.Audit' ]], | |
539 | }, | |
963c06bb DM |
540 | parameters => { |
541 | additionalProperties => 0, | |
542 | properties => {}, | |
543 | }, | |
544 | returns => { | |
545 | type => "object", | |
546 | properties => {}, | |
547 | }, | |
548 | code => sub { | |
549 | my ($param) = @_; | |
550 | ||
551 | ||
552 | my $conf = PVE::Cluster::cfs_read_file('corosync.conf'); | |
553 | ||
496de919 TL |
554 | my $totem_cfg = $conf->{main}->{totem}; |
555 | ||
556 | return $totem_cfg; | |
963c06bb DM |
557 | }}); |
558 | ||
559 | 1; |