]>
git.proxmox.com Git - pve-cluster.git/blob - data/PVE/CLI/pvecm.pm
41c2f9cc69d645b4634b49a9990815c20321d1d2
1 package PVE
::CLI
::pvecm
;
20 use base
qw(PVE::CLIHandler);
22 $ENV{HOME
} = '/root'; # for ssh-copy-id
24 my $basedir = "/etc/pve";
25 my $clusterconf = "$basedir/corosync.conf";
26 my $libdir = "/var/lib/pve-cluster";
27 my $backupdir = "/var/lib/pve-cluster/backup";
28 my $dbfile = "$libdir/config.db";
29 my $authfile = "/etc/corosync/authkey";
33 print "backup old database\n";
41 ['gzip', '-', \
">${backupdir}/config-${ctime}.sql.gz"],
44 PVE
::Tools
::run_command
($cmd, 'errmsg' => "cannot backup old database\n");
50 foreach my $fn (<$backupdir/config-*.sql
.gz
>) {
51 if ($fn =~ m!/config-(\d+)\.sql.gz$!) {
52 push @bklist, [$fn, $1];
56 @bklist = sort { $b->[1] <=> $a->[1] } @bklist;
58 while (scalar (@bklist) >= $maxfiles) {
60 print "delete old backup '$d->[0]'\n";
65 __PACKAGE__-
>register_method ({
69 description
=> "Generate new cryptographic key for corosync.",
71 additionalProperties
=> 0,
75 description
=> "Output file name"
79 returns
=> { type
=> 'null' },
84 my $filename = $param->{filename
};
87 $> == 0 || die "Error: Authorization key must be generated as root user.\n";
88 my $dirname = dirname
($filename);
89 my $basename = basename
($filename);
91 die "key file '$filename' already exists\n" if -e
$filename;
93 File
::Path
::make_path
($dirname) if $dirname;
95 my $cmd = ['corosync-keygen', '-l', '-k', $filename];
96 PVE
::Tools
::run_command
($cmd);
101 __PACKAGE__-
>register_method ({
105 description
=> "Generate new cluster configuration.",
107 additionalProperties
=> 0,
110 description
=> "The name of the cluster.",
111 type
=> 'string', format
=> 'pve-node',
116 description
=> "Node id for this node.",
122 description
=> "Number of votes for this node.",
127 type
=> 'string', format
=> 'ip',
128 description
=> "This specifies the network address the corosync ring 0".
129 " executive should bind to and defaults to the local IP address of the node.",
133 type
=> 'string', format
=> 'address',
134 description
=> "Hostname (or IP) of the corosync ring0 address of this node.".
135 " Defaults to the hostname of the node.",
139 type
=> 'string', format
=> 'ip',
140 description
=> "This specifies the network address the corosync ring 1".
141 " executive should bind to and is optional.",
145 type
=> 'string', format
=> 'address',
146 description
=> "Hostname (or IP) of the corosync ring1 address, this".
147 " needs an valid bindnet1_addr.",
152 returns
=> { type
=> 'null' },
157 -f
$clusterconf && die "cluster config '$clusterconf' already exists\n";
159 PVE
::Cluster
::setup_sshd_config
(1);
160 PVE
::Cluster
::setup_rootsshconfig
();
161 PVE
::Cluster
::setup_ssh_keys
();
163 -f
$authfile || __PACKAGE__-
>keygen({filename
=> $authfile});
165 -f
$authfile || die "no authentication key available\n";
167 my $clustername = $param->{clustername
};
169 $param->{nodeid
} = 1 if !$param->{nodeid
};
171 $param->{votes
} = 1 if !defined($param->{votes
});
173 my $nodename = PVE
::INotify
::nodename
();
175 my $local_ip_address = PVE
::Cluster
::remote_node_ip
($nodename);
177 $param->{bindnet0_addr
} = $local_ip_address
178 if !defined($param->{bindnet0_addr
});
180 $param->{ring0_addr
} = $nodename if !defined($param->{ring0_addr
});
182 die "Param bindnet1_addr and ring1_addr are dependend, use both or none!\n"
183 if (defined($param->{bindnet1_addr
}) != defined($param->{ring1_addr
}));
185 my $bind_is_ipv6 = Net
::IP
::ip_is_ipv6
($param->{bindnet0_addr
});
187 # use string as here-doc format distracts more
188 my $interfaces = "interface {\n ringnumber: 0\n" .
189 " bindnetaddr: $param->{bindnet0_addr}\n }";
191 my $ring_addresses = "ring0_addr: $param->{ring0_addr}" ;
193 # allow use of multiple rings (rrp) at cluster creation time
194 if ($param->{bindnet1_addr
}) {
195 die "IPv6 and IPv4 cannot be mixed, use one or the other!\n"
196 if Net
::IP
::ip_is_ipv6
($param->{bindnet1_addr
}) != $bind_is_ipv6;
198 $interfaces .= "\n interface {\n ringnumber: 1\n" .
199 " bindnetaddr: $param->{bindnet1_addr}\n }\n";
201 $interfaces .= "rrp_mode: passive\n"; # only passive is stable and tested
203 $ring_addresses .= "\n ring1_addr: $param->{ring1_addr}";
205 } elsif($param->{rrp_mode
} && $param->{rrp_mode
} ne 'none') {
207 warn "rrp_mode '$param->{rrp_mode}' useless when using only one".
208 " ring, using 'none' instead";
209 # corosync defaults to none if only one interface is configured
210 $param->{rrp_mode
} = undef;
214 # No, corosync cannot deduce this on its own
215 my $ipversion = $bind_is_ipv6 ?
'ipv6' : 'ipv4';
221 cluster_name: $clustername
223 ip_version: $ipversion
231 nodeid: $param->{nodeid}
232 quorum_votes: $param->{votes}
237 provider: corosync_votequorum
246 PVE
::Tools
::file_set_contents
($clusterconf, $config);
248 PVE
::Cluster
::ssh_merge_keys
();
250 PVE
::Cluster
::gen_pve_node_files
($nodename, $local_ip_address);
252 PVE
::Cluster
::ssh_merge_known_hosts
($nodename, $local_ip_address, 1);
254 PVE
::Tools
::run_command
('systemctl restart pve-cluster'); # restart
256 PVE
::Tools
::run_command
('systemctl restart corosync'); # restart
261 __PACKAGE__-
>register_method ({
265 description
=> "Adds a node to the cluster configuration.",
267 additionalProperties
=> 0,
269 node
=> PVE
::JSONSchema
::get_standard_option
('pve-node'),
272 description
=> "Node id for this node.",
278 description
=> "Number of votes for this node",
284 description
=> "Do not throw error if node already exists.",
288 type
=> 'string', format
=> 'address',
289 description
=> "Hostname (or IP) of the corosync ring0 address of this node.".
290 " Defaults to nodes hostname.",
294 type
=> 'string', format
=> 'address',
295 description
=> "Hostname (or IP) of the corosync ring1 address, this".
296 " needs an valid bindnet1_addr.",
301 returns
=> { type
=> 'null' },
306 if (!$param->{force
} && (-t STDIN
|| -t STDOUT
)) {
307 die "error: `addnode` should not get called interactively!\nUse ".
308 "`pvecm add <cluster-node>` to add a node to a cluster!\n";
311 PVE
::Cluster
::check_cfs_quorum
();
314 my $conf = PVE
::Cluster
::cfs_read_file
("corosync.conf");
315 my $nodelist = PVE
::Corosync
::nodelist
($conf);
316 my $totem_cfg = PVE
::Corosync
::totem_config
($conf);
318 my $name = $param->{node
};
320 # ensure we do not reuse an address, that can crash the whole cluster!
321 my $check_duplicate_addr = sub {
323 return if !defined($addr);
325 while (my ($k, $v) = each %$nodelist) {
326 next if $k eq $name; # allows re-adding a node if force is set
327 if ($v->{ring0_addr
} eq $addr || ($v->{ring1_addr
} && $v->{ring1_addr
} eq $addr)) {
328 die "corosync: address '$addr' already defined by node '$k'\n";
333 &$check_duplicate_addr($param->{ring0_addr
});
334 &$check_duplicate_addr($param->{ring1_addr
});
336 $param->{ring0_addr
} = $name if !$param->{ring0_addr
};
338 die "corosync: using 'ring1_addr' parameter needs a configured ring 1 interface!\n"
339 if $param->{ring1_addr
} && !defined($totem_cfg->{interface
}->{1});
341 die "corosync: ring 1 interface configured but 'ring1_addr' parameter not defined!\n"
342 if defined($totem_cfg->{interface
}->{1}) && !defined($param->{ring1_addr
});
344 if (defined(my $res = $nodelist->{$name})) {
345 $param->{nodeid
} = $res->{nodeid
} if !$param->{nodeid
};
346 $param->{votes
} = $res->{quorum_votes
} if !defined($param->{votes
});
348 if ($res->{quorum_votes
} == $param->{votes
} &&
349 $res->{nodeid
} == $param->{nodeid
}) {
350 print "node $name already defined\n";
351 if ($param->{force
}) {
357 die "can't add existing node\n";
359 } elsif (!$param->{nodeid
}) {
364 foreach my $v (values %$nodelist) {
365 if ($v->{nodeid
} eq $nodeid) {
374 $param->{nodeid
} = $nodeid;
377 $param->{votes
} = 1 if !defined($param->{votes
});
379 PVE
::Cluster
::gen_local_dirs
($name);
381 eval { PVE
::Cluster
::ssh_merge_keys
(); };
384 $nodelist->{$name} = {
385 ring0_addr
=> $param->{ring0_addr
},
386 nodeid
=> $param->{nodeid
},
389 $nodelist->{$name}->{ring1_addr
} = $param->{ring1_addr
} if $param->{ring1_addr
};
390 $nodelist->{$name}->{quorum_votes
} = $param->{votes
} if $param->{votes
};
392 PVE
::Corosync
::update_nodelist
($conf, $nodelist);
395 PVE
::Cluster
::cfs_lock_file
('corosync.conf', 10, &$code);
402 __PACKAGE__-
>register_method ({
406 description
=> "Removes a node to the cluster configuration.",
408 additionalProperties
=> 0,
412 description
=> "Hostname or IP of the corosync ring0 address of this node.",
416 returns
=> { type
=> 'null' },
421 PVE
::Cluster
::check_cfs_quorum
();
424 my $conf = PVE
::Cluster
::cfs_read_file
("corosync.conf");
425 my $nodelist = PVE
::Corosync
::nodelist
($conf);
430 foreach my $tmp_node (keys %$nodelist) {
431 my $d = $nodelist->{$tmp_node};
432 my $ring0_addr = $d->{ring0_addr
};
433 my $ring1_addr = $d->{ring1_addr
};
434 if (($tmp_node eq $param->{node
}) ||
435 (defined($ring0_addr) && ($ring0_addr eq $param->{node
})) ||
436 (defined($ring1_addr) && ($ring1_addr eq $param->{node
}))) {
438 $nodeid = $d->{nodeid
};
443 die "Node/IP: $param->{node} is not a known host of the cluster.\n"
446 my $our_nodename = PVE
::INotify
::nodename
();
447 die "Cannot delete myself from cluster!\n" if $node eq $our_nodename;
449 delete $nodelist->{$node};
451 PVE
::Corosync
::update_nodelist
($conf, $nodelist);
453 PVE
::Tools
::run_command
(['corosync-cfgtool','-k', $nodeid])
457 PVE
::Cluster
::cfs_lock_file
('corosync.conf', 10, $code);
463 __PACKAGE__-
>register_method ({
467 description
=> "Adds the current node to an existing cluster.",
469 additionalProperties
=> 0,
473 description
=> "Hostname (or IP) of an existing cluster member."
477 description
=> "Node id for this node.",
483 description
=> "Number of votes for this node",
489 description
=> "Do not throw error if node already exists.",
493 type
=> 'string', format
=> 'address',
494 description
=> "Hostname (or IP) of the corosync ring0 address of this node.".
495 " Defaults to nodes hostname.",
499 type
=> 'string', format
=> 'address',
500 description
=> "Hostname (or IP) of the corosync ring1 address, this".
501 " needs an valid configured ring 1 interface in the cluster.",
506 returns
=> { type
=> 'null' },
511 my $nodename = PVE
::INotify
::nodename
();
513 PVE
::Cluster
::setup_sshd_config
(1);
514 PVE
::Cluster
::setup_rootsshconfig
();
515 PVE
::Cluster
::setup_ssh_keys
();
517 my $host = $param->{hostname
};
519 my ($errors, $warnings) = ('', '');
522 my ($msg, $suppress) = @_;
525 $warnings .= "* $msg\n";
527 $errors .= "* $msg\n";
531 if (!$param->{force
}) {
534 &$error("authentication key '$authfile' already exists", $param->{force
});
537 if (-f
$clusterconf) {
538 &$error("cluster config '$clusterconf' already exists", $param->{force
});
541 my $vmlist = PVE
::Cluster
::get_vmlist
();
542 if ($vmlist && $vmlist->{ids
} && scalar(keys %{$vmlist->{ids
}})) {
543 &$error("this host already contains virtual guests", $param->{force
});
546 if (system("corosync-quorumtool -l >/dev/null 2>&1") == 0) {
547 &$error("corosync is already running, is this node already in a cluster?!", $param->{force
});
551 # check if corosync ring IPs are configured on the current nodes interfaces
555 if (!PVE
::JSONSchema
::pve_verify_ip
($ip, 1)) {
557 eval { $ip = PVE
::Network
::get_ip_from_hostname
($host); };
559 &$error("cannot use '$host': $@\n") ;
564 my $cidr = (Net
::IP
::ip_is_ipv6
($ip)) ?
"$ip/128" : "$ip/32";
565 my $configured_ips = PVE
::Network
::get_local_ip_from_cidr
($cidr);
567 &$error("cannot use IP '$ip', it must be configured exactly once on local node!\n")
568 if (scalar(@$configured_ips) != 1);
572 &$check_ip($param->{ring0_addr
});
573 &$check_ip($param->{ring1_addr
});
575 warn "warning, ignore the following errors:\n$warnings" if $warnings;
576 die "detected the following error(s):\n$errors" if $errors;
578 # make sure known_hosts is on local filesystem
579 PVE
::Cluster
::ssh_unmerge_known_hosts
();
581 my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"];
582 PVE
::Tools
::run_command
($cmd, 'outfunc' => sub {}, 'errfunc' => sub {},
583 'errmsg' => "unable to copy ssh ID");
585 $cmd = ['ssh', $host, '-o', 'BatchMode=yes',
586 'pvecm', 'addnode', $nodename, '--force', 1];
588 push @$cmd, '--nodeid', $param->{nodeid
} if $param->{nodeid
};
590 push @$cmd, '--votes', $param->{votes
} if defined($param->{votes
});
592 push @$cmd, '--ring0_addr', $param->{ring0_addr
} if defined($param->{ring0_addr
});
594 push @$cmd, '--ring1_addr', $param->{ring1_addr
} if defined($param->{ring1_addr
});
596 if (system (@$cmd) != 0) {
597 my $cmdtxt = join (' ', @$cmd);
598 die "unable to add node: command failed ($cmdtxt)\n";
601 my $tmpdir = "$libdir/.pvecm_add.tmp.$$";
605 print "copy corosync auth key\n";
606 $cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq',
607 "[$host]:$authfile $clusterconf", $tmpdir];
609 system(@$cmd) == 0 || die "can't rsync data from host '$host'\n";
611 mkdir "/etc/corosync";
612 my $confbase = basename
($clusterconf);
614 $cmd = "cp '$tmpdir/$confbase' '/etc/corosync/$confbase'";
615 system($cmd) == 0 || die "can't copy cluster configuration\n";
617 my $keybase = basename
($authfile);
618 system ("cp '$tmpdir/$keybase' '$authfile'") == 0 ||
619 die "can't copy '$tmpdir/$keybase' to '$authfile'\n";
621 print "stopping pve-cluster service\n";
623 system("umount $basedir -f >/dev/null 2>&1");
624 system("systemctl stop pve-cluster") == 0 ||
625 die "can't stop pve-cluster service\n";
631 system("systemctl start pve-cluster") == 0 ||
632 die "starting pve-cluster failed\n";
634 system("systemctl start corosync");
638 while (!PVE
::Cluster
::check_cfs_quorum
(1)) {
640 print "waiting for quorum...";
646 print "OK\n" if !$printqmsg;
648 my $local_ip_address = PVE
::Cluster
::remote_node_ip
($nodename);
650 print "generating node certificates\n";
651 PVE
::Cluster
::gen_pve_node_files
($nodename, $local_ip_address);
653 print "merge known_hosts file\n";
654 PVE
::Cluster
::ssh_merge_known_hosts
($nodename, $local_ip_address, 1);
656 print "restart services\n";
657 # restart pvedaemon (changed certs)
658 system("systemctl restart pvedaemon");
659 # restart pveproxy (changed certs)
660 system("systemctl restart pveproxy");
662 print "successfully added node '$nodename' to cluster.\n";
673 __PACKAGE__-
>register_method ({
677 description
=> "Displays the local view of the cluster status.",
679 additionalProperties
=> 0,
682 returns
=> { type
=> 'null' },
687 PVE
::Corosync
::check_conf_exists
();
689 my $cmd = ['corosync-quorumtool', '-siH'];
693 exit (-1); # should not be reached
696 __PACKAGE__-
>register_method ({
700 description
=> "Displays the local view of the cluster nodes.",
702 additionalProperties
=> 0,
705 returns
=> { type
=> 'null' },
710 PVE
::Corosync
::check_conf_exists
();
712 my $cmd = ['corosync-quorumtool', '-l'];
716 exit (-1); # should not be reached
719 __PACKAGE__-
>register_method ({
723 description
=> "Tells corosync a new value of expected votes.",
725 additionalProperties
=> 0,
729 description
=> "Expected votes",
734 returns
=> { type
=> 'null' },
739 PVE
::Corosync
::check_conf_exists
();
741 my $cmd = ['corosync-quorumtool', '-e', $param->{expected
}];
745 exit (-1); # should not be reached
749 __PACKAGE__-
>register_method ({
750 name
=> 'updatecerts',
751 path
=> 'updatecerts',
753 description
=> "Update node certificates (and generate all needed files/directories).",
755 additionalProperties
=> 0,
758 description
=> "Force generation of new SSL certifate.",
763 description
=> "Ignore errors (i.e. when cluster has no quorum).",
769 returns
=> { type
=> 'null' },
773 PVE
::Cluster
::setup_sshd_config
(0);
774 PVE
::Cluster
::setup_rootsshconfig
();
776 PVE
::Cluster
::gen_pve_vzdump_symlink
();
778 if (!PVE
::Cluster
::check_cfs_quorum
(1)) {
779 return undef if $param->{silent
};
780 die "no quorum - unable to update files\n";
783 PVE
::Cluster
::setup_ssh_keys
();
785 my $nodename = PVE
::INotify
::nodename
();
787 my $local_ip_address = PVE
::Cluster
::remote_node_ip
($nodename);
789 PVE
::Cluster
::gen_pve_node_files
($nodename, $local_ip_address, $param->{force
});
790 PVE
::Cluster
::ssh_merge_keys
();
791 PVE
::Cluster
::ssh_merge_known_hosts
($nodename, $local_ip_address);
792 PVE
::Cluster
::gen_pve_vzdump_files
();
797 __PACKAGE__-
>register_method ({
801 description
=> "Used by VM/CT migration - do not use manually.",
803 additionalProperties
=> 0,
805 get_migration_ip
=> {
808 description
=> 'return the migration IP, if configured',
811 migration_network
=> {
814 description
=> 'the migration network used to detect the local migration IP',
819 description
=> 'Run a command with a tcp socket as standard input.'
820 .' The IP address and port are printed via this'
821 ." command's stdandard output first, each on a separate line.",
824 'extra-args' => PVE
::JSONSchema
::get_standard_option
('extra-args'),
827 returns
=> { type
=> 'null'},
831 if (!PVE
::Cluster
::check_cfs_quorum
(1)) {
836 my $network = $param->{migration_network
};
837 if ($param->{get_migration_ip
}) {
838 die "cannot use --run-command with --get_migration_ip\n"
839 if $param->{'run-command'};
840 if (my $ip = PVE
::Cluster
::get_local_migration_ip
($network)) {
845 # do not keep tunnel open when asked for migration ip
849 if ($param->{'run-command'}) {
850 my $cmd = $param->{'extra-args'};
851 die "missing command\n"
852 if !$cmd || !scalar(@$cmd);
854 # Get an ip address to listen on, and find a free migration port
856 if (defined($network)) {
857 $ip = PVE
::Cluster
::get_local_migration_ip
($network)
858 or die "failed to get migration IP address to listen on\n";
859 $family = Net
::IP
::ip_is_ipv6
($ip) ? AF_INET6
: AF_INET
;
861 my $nodename = PVE
::INotify
::nodename
();
862 ($ip, $family) = PVE
::Network
::get_ip_from_hostname
($nodename, 0);
864 my $port = PVE
::Tools
::next_migrate_port
($family, $ip);
866 PVE
::Tools
::pipe_socket_to_command
($cmd, $ip, $port);
870 print "tunnel online\n";
873 while (my $line = <>) {
875 last if $line =~ m/^quit$/;
883 keygen
=> [ __PACKAGE__
, 'keygen', ['filename']],
884 create
=> [ __PACKAGE__
, 'create', ['clustername']],
885 add
=> [ __PACKAGE__
, 'add', ['hostname']],
886 addnode
=> [ __PACKAGE__
, 'addnode', ['node']],
887 delnode
=> [ __PACKAGE__
, 'delnode', ['node']],
888 status
=> [ __PACKAGE__
, 'status' ],
889 nodes
=> [ __PACKAGE__
, 'nodes' ],
890 expected
=> [ __PACKAGE__
, 'expected', ['expected']],
891 updatecerts
=> [ __PACKAGE__
, 'updatecerts', []],
892 mtunnel
=> [ __PACKAGE__
, 'mtunnel', ['extra-args']],