]>
Commit | Line | Data |
---|---|---|
1 | package PVE::CLI::pvecm; | |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use File::Path; | |
7 | use File::Basename; | |
8 | use PVE::Tools qw(run_command); | |
9 | use PVE::Cluster; | |
10 | use PVE::INotify; | |
11 | use PVE::JSONSchema qw(get_standard_option); | |
12 | use PVE::RPCEnvironment; | |
13 | use PVE::CLIHandler; | |
14 | use PVE::PTY; | |
15 | use PVE::API2::ClusterConfig; | |
16 | use PVE::Corosync; | |
17 | ||
18 | use base qw(PVE::CLIHandler); | |
19 | ||
20 | $ENV{HOME} = '/root'; # for ssh-copy-id | |
21 | ||
22 | my $basedir = "/etc/pve"; | |
23 | my $clusterconf = "$basedir/corosync.conf"; | |
24 | my $libdir = "/var/lib/pve-cluster"; | |
25 | my $authfile = "/etc/corosync/authkey"; | |
26 | ||
27 | ||
28 | sub setup_environment { | |
29 | PVE::RPCEnvironment->setup_default_cli_env(); | |
30 | } | |
31 | ||
32 | __PACKAGE__->register_method ({ | |
33 | name => 'keygen', | |
34 | path => 'keygen', | |
35 | method => 'PUT', | |
36 | description => "Generate new cryptographic key for corosync.", | |
37 | parameters => { | |
38 | additionalProperties => 0, | |
39 | properties => { | |
40 | filename => { | |
41 | type => 'string', | |
42 | description => "Output file name" | |
43 | } | |
44 | }, | |
45 | }, | |
46 | returns => { type => 'null' }, | |
47 | ||
48 | code => sub { | |
49 | my ($param) = @_; | |
50 | ||
51 | my $filename = $param->{filename}; | |
52 | ||
53 | # test EUID | |
54 | $> == 0 || die "Error: Authorization key must be generated as root user.\n"; | |
55 | my $dirname = dirname($filename); | |
56 | ||
57 | die "key file '$filename' already exists\n" if -e $filename; | |
58 | ||
59 | File::Path::make_path($dirname) if $dirname; | |
60 | ||
61 | run_command(['corosync-keygen', '-l', '-k', $filename]); | |
62 | ||
63 | return undef; | |
64 | }}); | |
65 | ||
66 | my $foreach_member = sub { | |
67 | my ($code, $noerr) = @_; | |
68 | ||
69 | my $members = PVE::Cluster::get_members(); | |
70 | foreach my $node (sort keys %$members) { | |
71 | if (my $ip = $members->{$node}->{ip}) { | |
72 | $code->($node, $ip); | |
73 | } else { | |
74 | die "cannot get the cluster IP for node '$node'.\n" if !$noerr; | |
75 | warn "cannot get the cluster IP for node '$node'.\n"; | |
76 | return undef; | |
77 | } | |
78 | } | |
79 | }; | |
80 | ||
81 | __PACKAGE__->register_method ({ | |
82 | name => 'setup_qdevice', | |
83 | path => 'setup_qdevice', | |
84 | method => 'PUT', | |
85 | description => "Setup the use of a QDevice", | |
86 | parameters => { | |
87 | additionalProperties => 0, | |
88 | properties => { | |
89 | address => { | |
90 | type => 'string', format => 'ip', | |
91 | description => "Specifies the network address of an external corosync QDevice" , | |
92 | }, | |
93 | network => { | |
94 | type => 'string', | |
95 | format => 'CIDR', | |
96 | description => 'The network which should be used to connect to the external qdevice', | |
97 | optional => 1, | |
98 | }, | |
99 | force => { | |
100 | type => 'boolean', | |
101 | description => "Do not throw error on possible dangerous operations.", | |
102 | optional => 1, | |
103 | }, | |
104 | }, | |
105 | }, | |
106 | returns => { type => 'null' }, | |
107 | ||
108 | code => sub { | |
109 | my ($param) = @_; | |
110 | ||
111 | die "Node not in a cluster. Aborting.\n" | |
112 | if !PVE::Corosync::check_conf_exists(1); | |
113 | ||
114 | my $members = PVE::Cluster::get_members(); | |
115 | foreach my $node (sort keys %$members) { | |
116 | die "All nodes must be online! Node $node is offline, aborting.\n" | |
117 | if !$members->{$node}->{online}; | |
118 | } | |
119 | ||
120 | my $conf = PVE::Cluster::cfs_read_file("corosync.conf"); | |
121 | ||
122 | die "QDevice already configured!\n" | |
123 | if defined($conf->{main}->{quorum}->{device}) && !$param->{force}; | |
124 | ||
125 | my $network = $param->{network}; | |
126 | ||
127 | my $model = "net"; | |
128 | my $algorithm = 'ffsplit'; | |
129 | if (scalar($members) & 1) { | |
130 | if ($param->{force}) { | |
131 | $algorithm = 'lms'; | |
132 | } else { | |
133 | die "Clusters with an odd node count are not officially supported!\n"; | |
134 | } | |
135 | } | |
136 | ||
137 | my $qnetd_addr = $param->{address}; | |
138 | my $base_dir = "/etc/corosync/qdevice/net"; | |
139 | my $db_dir_qnetd = "/etc/corosync/qnetd/nssdb"; | |
140 | my $db_dir_node = "$base_dir/nssdb"; | |
141 | my $ca_export_base = "qnetd-cacert.crt"; | |
142 | my $ca_export_file = "$db_dir_qnetd/$ca_export_base"; | |
143 | my $crq_file_base = "qdevice-net-node.crq"; | |
144 | my $p12_file_base = "qdevice-net-node.p12"; | |
145 | my $qdevice_certutil = "corosync-qdevice-net-certutil"; | |
146 | my $qnetd_certutil= "corosync-qnetd-certutil"; | |
147 | my $clustername = $conf->{main}->{totem}->{cluster_name}; | |
148 | ||
149 | run_command(['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$qnetd_addr"]); | |
150 | ||
151 | if (-d $db_dir_node) { | |
152 | # FIXME: check on all nodes?! | |
153 | if ($param->{force}) { | |
154 | rmtree $db_dir_node; | |
155 | } else { | |
156 | die "QDevice certificate store already initialised, set force to delete!\n"; | |
157 | } | |
158 | } | |
159 | ||
160 | my $ssh_cmd = ['ssh', '-o', 'BatchMode=yes', '-lroot']; | |
161 | my $scp_cmd = ['scp', '-o', 'BatchMode=yes']; | |
162 | ||
163 | print "\nINFO: initializing qnetd server\n"; | |
164 | run_command( | |
165 | [@$ssh_cmd, $qnetd_addr, $qnetd_certutil, "-i"], | |
166 | noerr => 1 | |
167 | ); | |
168 | ||
169 | print "\nINFO: copying CA cert and initializing on all nodes\n"; | |
170 | run_command([@$scp_cmd, "root\@\[$qnetd_addr\]:$ca_export_file", "/etc/pve/$ca_export_base"]); | |
171 | $foreach_member->(sub { | |
172 | my ($node, $ip) = @_; | |
173 | my $outsub = sub { print "\nnode '$node': " . shift }; | |
174 | run_command( | |
175 | [@$ssh_cmd, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"], | |
176 | noerr => 1, outfunc => \&$outsub | |
177 | ); | |
178 | }); | |
179 | unlink "/etc/pve/$ca_export_base"; | |
180 | ||
181 | print "\nINFO: generating cert request\n"; | |
182 | run_command([$qdevice_certutil, "-r", "-n", $clustername]); | |
183 | ||
184 | print "\nINFO: copying exported cert request to qnetd server\n"; | |
185 | run_command([@$scp_cmd, "$db_dir_node/$crq_file_base", "root\@\[$qnetd_addr\]:/tmp"]); | |
186 | ||
187 | print "\nINFO: sign and export cluster cert\n"; | |
188 | run_command([ | |
189 | @$ssh_cmd, $qnetd_addr, $qnetd_certutil, "-s", "-c", | |
190 | "/tmp/$crq_file_base", "-n", "$clustername" | |
191 | ]); | |
192 | ||
193 | print "\nINFO: copy exported CRT\n"; | |
194 | run_command([ | |
195 | @$scp_cmd, "root\@\[$qnetd_addr\]:$db_dir_qnetd/cluster-$clustername.crt", | |
196 | "$db_dir_node" | |
197 | ]); | |
198 | ||
199 | print "\nINFO: import certificate\n"; | |
200 | run_command(["$qdevice_certutil", "-M", "-c", "$db_dir_node/cluster-$clustername.crt"]); | |
201 | ||
202 | print "\nINFO: copy and import pk12 cert to all nodes\n"; | |
203 | run_command([@$scp_cmd, "$db_dir_node/$p12_file_base", "/etc/pve/"]); | |
204 | $foreach_member->(sub { | |
205 | my ($node, $ip) = @_; | |
206 | my $outsub = sub { print "\nnode '$node': " . shift }; | |
207 | run_command([ | |
208 | @$ssh_cmd, $ip, "$qdevice_certutil", "-m", "-c", | |
209 | "/etc/pve/$p12_file_base"], outfunc => \&$outsub | |
210 | ); | |
211 | }); | |
212 | unlink "/etc/pve/$p12_file_base"; | |
213 | ||
214 | ||
215 | my $code = sub { | |
216 | my $conf = PVE::Cluster::cfs_read_file("corosync.conf"); | |
217 | my $quorum_section = $conf->{main}->{quorum}; | |
218 | ||
219 | die "Qdevice already configured, must be removed before setting up new one!\n" | |
220 | if defined($quorum_section->{device}); # must not be forced! | |
221 | ||
222 | my $qdev_section = { | |
223 | model => $model, | |
224 | "$model" => { | |
225 | tls => 'on', | |
226 | host => $qnetd_addr, | |
227 | algorithm => $algorithm, | |
228 | } | |
229 | }; | |
230 | $qdev_section->{votes} = 1 if $algorithm eq 'ffsplit'; | |
231 | ||
232 | $quorum_section->{device} = $qdev_section; | |
233 | ||
234 | PVE::Corosync::atomic_write_conf($conf); | |
235 | }; | |
236 | ||
237 | print "\nINFO: add QDevice to cluster configuration\n"; | |
238 | PVE::Cluster::cfs_lock_file('corosync.conf', 10, $code); | |
239 | die $@ if $@; | |
240 | ||
241 | $foreach_member->(sub { | |
242 | my ($node, $ip) = @_; | |
243 | my $outsub = sub { print "\nnode '$node': " . shift }; | |
244 | print "\nINFO: start and enable corosync qdevice daemon on node '$node'...\n"; | |
245 | run_command([@$ssh_cmd, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub); | |
246 | run_command([@$ssh_cmd, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub); | |
247 | }); | |
248 | ||
249 | run_command(['corosync-cfgtool', '-R']); # do cluster wide config reload | |
250 | ||
251 | return undef; | |
252 | }}); | |
253 | ||
254 | __PACKAGE__->register_method ({ | |
255 | name => 'remove_qdevice', | |
256 | path => 'remove_qdevice', | |
257 | method => 'DELETE', | |
258 | description => "Remove a configured QDevice", | |
259 | parameters => { | |
260 | additionalProperties => 0, | |
261 | properties => {}, | |
262 | }, | |
263 | returns => { type => 'null' }, | |
264 | ||
265 | code => sub { | |
266 | my ($param) = @_; | |
267 | ||
268 | die "Node not in a cluster. Aborting.\n" | |
269 | if !PVE::Corosync::check_conf_exists(1); | |
270 | ||
271 | my $members = PVE::Cluster::get_members(); | |
272 | foreach my $node (sort keys %$members) { | |
273 | die "All nodes must be online! Node $node is offline, aborting.\n" | |
274 | if !$members->{$node}->{online}; | |
275 | } | |
276 | ||
277 | my $ssh_cmd = ['ssh', '-o', 'BatchMode=yes', '-lroot']; | |
278 | ||
279 | my $code = sub { | |
280 | my $conf = PVE::Cluster::cfs_read_file("corosync.conf"); | |
281 | my $quorum_section = $conf->{main}->{quorum}; | |
282 | ||
283 | die "No QDevice configured!\n" if !defined($quorum_section->{device}); | |
284 | ||
285 | delete $quorum_section->{device}; | |
286 | ||
287 | PVE::Corosync::atomic_write_conf($conf); | |
288 | ||
289 | # cleanup qdev state (cert storage) | |
290 | my $qdev_state_dir = "/etc/corosync/qdevice"; | |
291 | $foreach_member->(sub { | |
292 | my (undef, $ip) = @_; | |
293 | run_command([@$ssh_cmd, $ip, '--', 'rm', '-rf', $qdev_state_dir]); | |
294 | }); | |
295 | }; | |
296 | ||
297 | PVE::Cluster::cfs_lock_file('corosync.conf', 10, $code); | |
298 | die $@ if $@; | |
299 | ||
300 | $foreach_member->(sub { | |
301 | my (undef, $ip) = @_; | |
302 | run_command([@$ssh_cmd, $ip, 'systemctl', 'stop', 'corosync-qdevice']); | |
303 | run_command([@$ssh_cmd, $ip, 'systemctl', 'disable', 'corosync-qdevice']); | |
304 | }); | |
305 | ||
306 | run_command(['corosync-cfgtool', '-R']); | |
307 | ||
308 | print "\nRemoved Qdevice.\n"; | |
309 | ||
310 | return undef; | |
311 | }}); | |
312 | ||
313 | __PACKAGE__->register_method ({ | |
314 | name => 'add', | |
315 | path => 'add', | |
316 | method => 'PUT', | |
317 | description => "Adds the current node to an existing cluster.", | |
318 | parameters => { | |
319 | additionalProperties => 0, | |
320 | properties => { | |
321 | hostname => { | |
322 | type => 'string', | |
323 | description => "Hostname (or IP) of an existing cluster member." | |
324 | }, | |
325 | nodeid => get_standard_option('corosync-nodeid'), | |
326 | votes => { | |
327 | type => 'integer', | |
328 | description => "Number of votes for this node", | |
329 | minimum => 0, | |
330 | optional => 1, | |
331 | }, | |
332 | force => { | |
333 | type => 'boolean', | |
334 | description => "Do not throw error if node already exists.", | |
335 | optional => 1, | |
336 | }, | |
337 | link0 => get_standard_option('corosync-link'), | |
338 | link1 => get_standard_option('corosync-link'), | |
339 | fingerprint => get_standard_option('fingerprint-sha256', { | |
340 | optional => 1, | |
341 | }), | |
342 | 'use_ssh' => { | |
343 | type => 'boolean', | |
344 | description => "Always use SSH to join, even if peer may do it over API.", | |
345 | optional => 1, | |
346 | }, | |
347 | }, | |
348 | }, | |
349 | returns => { type => 'null' }, | |
350 | ||
351 | code => sub { | |
352 | my ($param) = @_; | |
353 | ||
354 | my $nodename = PVE::INotify::nodename(); | |
355 | ||
356 | my $host = $param->{hostname}; | |
357 | my $local_ip_address = PVE::Cluster::remote_node_ip($nodename); | |
358 | ||
359 | my $link0 = PVE::Cluster::parse_corosync_link($param->{link0}); | |
360 | my $link1 = PVE::Cluster::parse_corosync_link($param->{link1}); | |
361 | ||
362 | PVE::Cluster::assert_joinable($local_ip_address, $link0, $link1, $param->{force}); | |
363 | ||
364 | my $worker = sub { | |
365 | ||
366 | if (!$param->{use_ssh}) { | |
367 | print "Please enter superuser (root) password for '$host':\n"; | |
368 | my $password = PVE::PTY::read_password("Password for root\@$host: "); | |
369 | ||
370 | delete $param->{use_ssh}; | |
371 | $param->{password} = $password; | |
372 | ||
373 | my $local_cluster_lock = "/var/lock/pvecm.lock"; | |
374 | PVE::Tools::lock_file($local_cluster_lock, 10, \&PVE::Cluster::join, $param); | |
375 | ||
376 | if (my $err = $@) { | |
377 | if (ref($err) eq 'PVE::APIClient::Exception' && defined($err->{code}) && $err->{code} == 501) { | |
378 | $err = "Remote side is not able to use API for Cluster join!\n" . | |
379 | "Pass the 'use_ssh' switch or update the remote side.\n"; | |
380 | } | |
381 | die $err; | |
382 | } | |
383 | return; # all OK, the API join endpoint successfully set us up | |
384 | } | |
385 | ||
386 | # allow fallback to old ssh only join if wished or needed | |
387 | ||
388 | PVE::Cluster::setup_sshd_config(); | |
389 | PVE::Cluster::setup_rootsshconfig(); | |
390 | PVE::Cluster::setup_ssh_keys(); | |
391 | ||
392 | # make sure known_hosts is on local filesystem | |
393 | PVE::Cluster::ssh_unmerge_known_hosts(); | |
394 | ||
395 | my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"]; | |
396 | run_command($cmd, 'outfunc' => sub {}, 'errfunc' => sub {}, | |
397 | 'errmsg' => "unable to copy ssh ID"); | |
398 | ||
399 | $cmd = ['ssh', $host, '-o', 'BatchMode=yes', | |
400 | 'pvecm', 'addnode', $nodename, '--force', 1]; | |
401 | ||
402 | push @$cmd, '--nodeid', $param->{nodeid} if $param->{nodeid}; | |
403 | push @$cmd, '--votes', $param->{votes} if defined($param->{votes}); | |
404 | # just pass the un-parsed string through, or as we've address as | |
405 | # the default_key, we can just pass the fallback directly too | |
406 | push @$cmd, '--link0', $param->{link0} // $local_ip_address; | |
407 | push @$cmd, '--link1', $param->{link1} if defined($param->{link1}); | |
408 | ||
409 | if (system (@$cmd) != 0) { | |
410 | my $cmdtxt = join (' ', @$cmd); | |
411 | die "unable to add node: command failed ($cmdtxt)\n"; | |
412 | } | |
413 | ||
414 | my $tmpdir = "$libdir/.pvecm_add.tmp.$$"; | |
415 | mkdir $tmpdir; | |
416 | ||
417 | eval { | |
418 | print "copy corosync auth key\n"; | |
419 | $cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq', | |
420 | "[$host]:$authfile $clusterconf", $tmpdir]; | |
421 | ||
422 | system(@$cmd) == 0 || die "can't rsync data from host '$host'\n"; | |
423 | ||
424 | my $corosync_conf = PVE::Tools::file_get_contents("$tmpdir/corosync.conf"); | |
425 | my $corosync_authkey = PVE::Tools::file_get_contents("$tmpdir/authkey"); | |
426 | ||
427 | PVE::Cluster::finish_join($host, $corosync_conf, $corosync_authkey); | |
428 | }; | |
429 | my $err = $@; | |
430 | ||
431 | rmtree $tmpdir; | |
432 | ||
433 | die $err if $err; | |
434 | }; | |
435 | ||
436 | # use a synced worker so we get a nice task log when joining through CLI | |
437 | my $rpcenv = PVE::RPCEnvironment::get(); | |
438 | my $authuser = $rpcenv->get_user(); | |
439 | ||
440 | $rpcenv->fork_worker('clusterjoin', '', $authuser, $worker); | |
441 | ||
442 | return undef; | |
443 | }}); | |
444 | ||
445 | __PACKAGE__->register_method ({ | |
446 | name => 'status', | |
447 | path => 'status', | |
448 | method => 'GET', | |
449 | description => "Displays the local view of the cluster status.", | |
450 | parameters => { | |
451 | additionalProperties => 0, | |
452 | properties => {}, | |
453 | }, | |
454 | returns => { type => 'null' }, | |
455 | ||
456 | code => sub { | |
457 | my ($param) = @_; | |
458 | ||
459 | PVE::Corosync::check_conf_exists(); | |
460 | ||
461 | my $cmd = ['corosync-quorumtool', '-siH']; | |
462 | ||
463 | exec (@$cmd); | |
464 | ||
465 | exit (-1); # should not be reached | |
466 | }}); | |
467 | ||
468 | __PACKAGE__->register_method ({ | |
469 | name => 'nodes', | |
470 | path => 'nodes', | |
471 | method => 'GET', | |
472 | description => "Displays the local view of the cluster nodes.", | |
473 | parameters => { | |
474 | additionalProperties => 0, | |
475 | properties => {}, | |
476 | }, | |
477 | returns => { type => 'null' }, | |
478 | ||
479 | code => sub { | |
480 | my ($param) = @_; | |
481 | ||
482 | PVE::Corosync::check_conf_exists(); | |
483 | ||
484 | my $cmd = ['corosync-quorumtool', '-l']; | |
485 | ||
486 | exec (@$cmd); | |
487 | ||
488 | exit (-1); # should not be reached | |
489 | }}); | |
490 | ||
491 | __PACKAGE__->register_method ({ | |
492 | name => 'expected', | |
493 | path => 'expected', | |
494 | method => 'PUT', | |
495 | description => "Tells corosync a new value of expected votes.", | |
496 | parameters => { | |
497 | additionalProperties => 0, | |
498 | properties => { | |
499 | expected => { | |
500 | type => 'integer', | |
501 | description => "Expected votes", | |
502 | minimum => 1, | |
503 | }, | |
504 | }, | |
505 | }, | |
506 | returns => { type => 'null' }, | |
507 | ||
508 | code => sub { | |
509 | my ($param) = @_; | |
510 | ||
511 | PVE::Corosync::check_conf_exists(); | |
512 | ||
513 | my $cmd = ['corosync-quorumtool', '-e', $param->{expected}]; | |
514 | ||
515 | exec (@$cmd); | |
516 | ||
517 | exit (-1); # should not be reached | |
518 | ||
519 | }}); | |
520 | ||
521 | __PACKAGE__->register_method ({ | |
522 | name => 'updatecerts', | |
523 | path => 'updatecerts', | |
524 | method => 'PUT', | |
525 | description => "Update node certificates (and generate all needed files/directories).", | |
526 | parameters => { | |
527 | additionalProperties => 0, | |
528 | properties => { | |
529 | force => { | |
530 | description => "Force generation of new SSL certifate.", | |
531 | type => 'boolean', | |
532 | optional => 1, | |
533 | }, | |
534 | silent => { | |
535 | description => "Ignore errors (i.e. when cluster has no quorum).", | |
536 | type => 'boolean', | |
537 | optional => 1, | |
538 | }, | |
539 | }, | |
540 | }, | |
541 | returns => { type => 'null' }, | |
542 | code => sub { | |
543 | my ($param) = @_; | |
544 | ||
545 | # we get called by the pve-cluster.service ExecStartPost and as we do | |
546 | # IO (on /etc/pve) which can hang (uninterruptedly D state). That'd be | |
547 | # no-good for ExecStartPost as it fails the whole service in this case | |
548 | PVE::Tools::run_fork_with_timeout(30, sub { | |
549 | PVE::Cluster::updatecerts_and_ssh($param->@{qw(force silent)}); | |
550 | }); | |
551 | ||
552 | return undef; | |
553 | }}); | |
554 | ||
555 | __PACKAGE__->register_method ({ | |
556 | name => 'mtunnel', | |
557 | path => 'mtunnel', | |
558 | method => 'POST', | |
559 | description => "Used by VM/CT migration - do not use manually.", | |
560 | parameters => { | |
561 | additionalProperties => 0, | |
562 | properties => { | |
563 | get_migration_ip => { | |
564 | type => 'boolean', | |
565 | default => 0, | |
566 | description => 'return the migration IP, if configured', | |
567 | optional => 1, | |
568 | }, | |
569 | migration_network => { | |
570 | type => 'string', | |
571 | format => 'CIDR', | |
572 | description => 'the migration network used to detect the local migration IP', | |
573 | optional => 1, | |
574 | }, | |
575 | 'run-command' => { | |
576 | type => 'boolean', | |
577 | description => 'Run a command with a tcp socket as standard input.' | |
578 | .' The IP address and port are printed via this' | |
579 | ." command's stdandard output first, each on a separate line.", | |
580 | optional => 1, | |
581 | }, | |
582 | 'extra-args' => PVE::JSONSchema::get_standard_option('extra-args'), | |
583 | }, | |
584 | }, | |
585 | returns => { type => 'null'}, | |
586 | code => sub { | |
587 | my ($param) = @_; | |
588 | ||
589 | if (!PVE::Cluster::check_cfs_quorum(1)) { | |
590 | print "no quorum\n"; | |
591 | return undef; | |
592 | } | |
593 | ||
594 | my $network = $param->{migration_network}; | |
595 | if ($param->{get_migration_ip}) { | |
596 | die "cannot use --run-command with --get_migration_ip\n" | |
597 | if $param->{'run-command'}; | |
598 | if (my $ip = PVE::Cluster::get_local_migration_ip($network)) { | |
599 | print "ip: '$ip'\n"; | |
600 | } else { | |
601 | print "no ip\n"; | |
602 | } | |
603 | # do not keep tunnel open when asked for migration ip | |
604 | return undef; | |
605 | } | |
606 | ||
607 | if ($param->{'run-command'}) { | |
608 | my $cmd = $param->{'extra-args'}; | |
609 | die "missing command\n" | |
610 | if !$cmd || !scalar(@$cmd); | |
611 | ||
612 | # Get an ip address to listen on, and find a free migration port | |
613 | my ($ip, $family); | |
614 | if (defined($network)) { | |
615 | $ip = PVE::Cluster::get_local_migration_ip($network) | |
616 | or die "failed to get migration IP address to listen on\n"; | |
617 | $family = PVE::Tools::get_host_address_family($ip); | |
618 | } else { | |
619 | my $nodename = PVE::INotify::nodename(); | |
620 | ($ip, $family) = PVE::Network::get_ip_from_hostname($nodename, 0); | |
621 | } | |
622 | my $port = PVE::Tools::next_migrate_port($family, $ip); | |
623 | ||
624 | PVE::Tools::pipe_socket_to_command($cmd, $ip, $port); | |
625 | return undef; | |
626 | } | |
627 | ||
628 | print "tunnel online\n"; | |
629 | *STDOUT->flush(); | |
630 | ||
631 | while (my $line = <STDIN>) { | |
632 | chomp $line; | |
633 | last if $line =~ m/^quit$/; | |
634 | } | |
635 | ||
636 | return undef; | |
637 | }}); | |
638 | ||
639 | ||
640 | our $cmddef = { | |
641 | keygen => [ __PACKAGE__, 'keygen', ['filename']], | |
642 | create => [ 'PVE::API2::ClusterConfig', 'create', ['clustername']], | |
643 | add => [ __PACKAGE__, 'add', ['hostname']], | |
644 | addnode => [ 'PVE::API2::ClusterConfig', 'addnode', ['node']], | |
645 | delnode => [ 'PVE::API2::ClusterConfig', 'delnode', ['node']], | |
646 | status => [ __PACKAGE__, 'status' ], | |
647 | nodes => [ __PACKAGE__, 'nodes' ], | |
648 | expected => [ __PACKAGE__, 'expected', ['expected']], | |
649 | updatecerts => [ __PACKAGE__, 'updatecerts', []], | |
650 | mtunnel => [ __PACKAGE__, 'mtunnel', ['extra-args']], | |
651 | qdevice => { | |
652 | setup => [ __PACKAGE__, 'setup_qdevice', ['address']], | |
653 | remove => [ __PACKAGE__, 'remove_qdevice', []], | |
654 | } | |
655 | }; | |
656 | ||
657 | 1; |