]> git.proxmox.com Git - pve-cluster.git/blob - data/PVE/CLI/pvecm.pm
projects / pve-cluster.git / blob
? search:


746bcbec60f5a1336da5732ba69fab3d0609ad55
[pve-cluster.git] / data / PVE / CLI / pvecm.pm
1 package PVE::CLI::pvecm;
2
3 use strict;
4 use warnings;
5
6 use File::Path;
7 use File::Basename;
8 use PVE::Tools qw(run_command);
9 use PVE::Cluster;
10 use PVE::INotify;
11 use PVE::JSONSchema qw(get_standard_option);
12 use PVE::RPCEnvironment;
13 use PVE::CLIHandler;
14 use PVE::PTY;
15 use PVE::API2::ClusterConfig;
16 use PVE::Corosync;
17
18 use base qw(PVE::CLIHandler);
19
20 $ENV{HOME} = '/root'; # for ssh-copy-id
21
22 my $basedir = "/etc/pve";
23 my $clusterconf = "$basedir/corosync.conf";
24 my $libdir = "/var/lib/pve-cluster";
25 my $authfile = "/etc/corosync/authkey";
26
27
28 sub setup_environment {
29 PVE::RPCEnvironment->setup_default_cli_env();
30 }
31
32 __PACKAGE__->register_method ({
33 name => 'keygen',
34 path => 'keygen',
35 method => 'PUT',
36 description => "Generate new cryptographic key for corosync.",
37 parameters => {
38 additionalProperties => 0,
39 properties => {
40 filename => {
41 type => 'string',
42 description => "Output file name"
43 }
44 },
45 },
46 returns => { type => 'null' },
47
48 code => sub {
49 my ($param) = @_;
50
51 my $filename = $param->{filename};
52
53 # test EUID
54 $> == 0 || die "Error: Authorization key must be generated as root user.\n";
55 my $dirname = dirname($filename);
56
57 die "key file '$filename' already exists\n" if -e $filename;
58
59 File::Path::make_path($dirname) if $dirname;
60
61 run_command(['corosync-keygen', '-l', '-k', $filename]);
62
63 return undef;
64 }});
65
66 __PACKAGE__->register_method ({
67 name => 'add',
68 path => 'add',
69 method => 'PUT',
70 description => "Adds the current node to an existing cluster.",
71 parameters => {
72 additionalProperties => 0,
73 properties => {
74 hostname => {
75 type => 'string',
76 description => "Hostname (or IP) of an existing cluster member."
77 },
78 nodeid => get_standard_option('corosync-nodeid'),
79 votes => {
80 type => 'integer',
81 description => "Number of votes for this node",
82 minimum => 0,
83 optional => 1,
84 },
85 force => {
86 type => 'boolean',
87 description => "Do not throw error if node already exists.",
88 optional => 1,
89 },
90 ring0_addr => get_standard_option('corosync-ring0-addr'),
91 ring1_addr => get_standard_option('corosync-ring1-addr'),
92 fingerprint => get_standard_option('fingerprint-sha256', {
93 optional => 1,
94 }),
95 'use_ssh' => {
96 type => 'boolean',
97 description => "Always use SSH to join, even if peer may do it over API.",
98 optional => 1,
99 },
100 },
101 },
102 returns => { type => 'null' },
103
104 code => sub {
105 my ($param) = @_;
106
107 my $nodename = PVE::INotify::nodename();
108
109 my $host = $param->{hostname};
110
111 PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
112
113 my $worker = sub {
114
115 if (!$param->{use_ssh}) {
116 print "Please enter superuser (root) password for '$host':\n";
117 my $password = PVE::PTY::read_password("Password for root\@$host: ");
118
119 delete $param->{use_ssh};
120 $param->{password} = $password;
121
122 my $local_cluster_lock = "/var/lock/pvecm.lock";
123 PVE::Tools::lock_file($local_cluster_lock, 10, \&PVE::Cluster::join, $param);
124
125 if (my $err = $@) {
126 if (ref($err) eq 'PVE::APIClient::Exception' && defined($err->{code}) && $err->{code} == 501) {
127 $err = "Remote side is not able to use API for Cluster join!\n" .
128 "Pass the 'use_ssh' switch or update the remote side.\n";
129 }
130 die $err;
131 }
132 return; # all OK, the API join endpoint successfully set us up
133 }
134
135 # allow fallback to old ssh only join if wished or needed
136
137 PVE::Cluster::setup_sshd_config();
138 PVE::Cluster::setup_rootsshconfig();
139 PVE::Cluster::setup_ssh_keys();
140
141 # make sure known_hosts is on local filesystem
142 PVE::Cluster::ssh_unmerge_known_hosts();
143
144 my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"];
145 run_command($cmd, 'outfunc' => sub {}, 'errfunc' => sub {},
146 'errmsg' => "unable to copy ssh ID");
147
148 $cmd = ['ssh', $host, '-o', 'BatchMode=yes',
149 'pvecm', 'addnode', $nodename, '--force', 1];
150
151 push @$cmd, '--nodeid', $param->{nodeid} if $param->{nodeid};
152 push @$cmd, '--votes', $param->{votes} if defined($param->{votes});
153 push @$cmd, '--ring0_addr', $param->{ring0_addr} if defined($param->{ring0_addr});
154 push @$cmd, '--ring1_addr', $param->{ring1_addr} if defined($param->{ring1_addr});
155
156 if (system (@$cmd) != 0) {
157 my $cmdtxt = join (' ', @$cmd);
158 die "unable to add node: command failed ($cmdtxt)\n";
159 }
160
161 my $tmpdir = "$libdir/.pvecm_add.tmp.$$";
162 mkdir $tmpdir;
163
164 eval {
165 print "copy corosync auth key\n";
166 $cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq',
167 "[$host]:$authfile $clusterconf", $tmpdir];
168
169 system(@$cmd) == 0 || die "can't rsync data from host '$host'\n";
170
171 my $corosync_conf = PVE::Tools::file_get_contents("$tmpdir/corosync.conf");
172 my $corosync_authkey = PVE::Tools::file_get_contents("$tmpdir/authkey");
173
174 PVE::Cluster::finish_join($host, $corosync_conf, $corosync_authkey);
175 };
176 my $err = $@;
177
178 rmtree $tmpdir;
179
180 die $err if $err;
181 };
182
183 # use a synced worker so we get a nice task log when joining through CLI
184 my $rpcenv = PVE::RPCEnvironment::get();
185 my $authuser = $rpcenv->get_user();
186
187 $rpcenv->fork_worker('clusterjoin', '', $authuser, $worker);
188
189 return undef;
190 }});
191
192 __PACKAGE__->register_method ({
193 name => 'status',
194 path => 'status',
195 method => 'GET',
196 description => "Displays the local view of the cluster status.",
197 parameters => {
198 additionalProperties => 0,
199 properties => {},
200 },
201 returns => { type => 'null' },
202
203 code => sub {
204 my ($param) = @_;
205
206 PVE::Corosync::check_conf_exists();
207
208 my $cmd = ['corosync-quorumtool', '-siH'];
209
210 exec (@$cmd);
211
212 exit (-1); # should not be reached
213 }});
214
215 __PACKAGE__->register_method ({
216 name => 'nodes',
217 path => 'nodes',
218 method => 'GET',
219 description => "Displays the local view of the cluster nodes.",
220 parameters => {
221 additionalProperties => 0,
222 properties => {},
223 },
224 returns => { type => 'null' },
225
226 code => sub {
227 my ($param) = @_;
228
229 PVE::Corosync::check_conf_exists();
230
231 my $cmd = ['corosync-quorumtool', '-l'];
232
233 exec (@$cmd);
234
235 exit (-1); # should not be reached
236 }});
237
238 __PACKAGE__->register_method ({
239 name => 'expected',
240 path => 'expected',
241 method => 'PUT',
242 description => "Tells corosync a new value of expected votes.",
243 parameters => {
244 additionalProperties => 0,
245 properties => {
246 expected => {
247 type => 'integer',
248 description => "Expected votes",
249 minimum => 1,
250 },
251 },
252 },
253 returns => { type => 'null' },
254
255 code => sub {
256 my ($param) = @_;
257
258 PVE::Corosync::check_conf_exists();
259
260 my $cmd = ['corosync-quorumtool', '-e', $param->{expected}];
261
262 exec (@$cmd);
263
264 exit (-1); # should not be reached
265
266 }});
267
268 __PACKAGE__->register_method ({
269 name => 'updatecerts',
270 path => 'updatecerts',
271 method => 'PUT',
272 description => "Update node certificates (and generate all needed files/directories).",
273 parameters => {
274 additionalProperties => 0,
275 properties => {
276 force => {
277 description => "Force generation of new SSL certifate.",
278 type => 'boolean',
279 optional => 1,
280 },
281 silent => {
282 description => "Ignore errors (i.e. when cluster has no quorum).",
283 type => 'boolean',
284 optional => 1,
285 },
286 },
287 },
288 returns => { type => 'null' },
289 code => sub {
290 my ($param) = @_;
291
292 PVE::Cluster::setup_rootsshconfig();
293
294 PVE::Cluster::gen_pve_vzdump_symlink();
295
296 if (!PVE::Cluster::check_cfs_quorum(1)) {
297 return undef if $param->{silent};
298 die "no quorum - unable to update files\n";
299 }
300
301 PVE::Cluster::setup_ssh_keys();
302
303 my $nodename = PVE::INotify::nodename();
304
305 my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);
306
307 PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $param->{force});
308 PVE::Cluster::ssh_merge_keys();
309 PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address);
310 PVE::Cluster::gen_pve_vzdump_files();
311
312 return undef;
313 }});
314
315 __PACKAGE__->register_method ({
316 name => 'mtunnel',
317 path => 'mtunnel',
318 method => 'POST',
319 description => "Used by VM/CT migration - do not use manually.",
320 parameters => {
321 additionalProperties => 0,
322 properties => {
323 get_migration_ip => {
324 type => 'boolean',
325 default => 0,
326 description => 'return the migration IP, if configured',
327 optional => 1,
328 },
329 migration_network => {
330 type => 'string',
331 format => 'CIDR',
332 description => 'the migration network used to detect the local migration IP',
333 optional => 1,
334 },
335 'run-command' => {
336 type => 'boolean',
337 description => 'Run a command with a tcp socket as standard input.'
338 .' The IP address and port are printed via this'
339 ." command's stdandard output first, each on a separate line.",
340 optional => 1,
341 },
342 'extra-args' => PVE::JSONSchema::get_standard_option('extra-args'),
343 },
344 },
345 returns => { type => 'null'},
346 code => sub {
347 my ($param) = @_;
348
349 if (!PVE::Cluster::check_cfs_quorum(1)) {
350 print "no quorum\n";
351 return undef;
352 }
353
354 my $network = $param->{migration_network};
355 if ($param->{get_migration_ip}) {
356 die "cannot use --run-command with --get_migration_ip\n"
357 if $param->{'run-command'};
358 if (my $ip = PVE::Cluster::get_local_migration_ip($network)) {
359 print "ip: '$ip'\n";
360 } else {
361 print "no ip\n";
362 }
363 # do not keep tunnel open when asked for migration ip
364 return undef;
365 }
366
367 if ($param->{'run-command'}) {
368 my $cmd = $param->{'extra-args'};
369 die "missing command\n"
370 if !$cmd || !scalar(@$cmd);
371
372 # Get an ip address to listen on, and find a free migration port
373 my ($ip, $family);
374 if (defined($network)) {
375 $ip = PVE::Cluster::get_local_migration_ip($network)
376 or die "failed to get migration IP address to listen on\n";
377 $family = PVE::Tools::get_host_address_family($ip);
378 } else {
379 my $nodename = PVE::INotify::nodename();
380 ($ip, $family) = PVE::Network::get_ip_from_hostname($nodename, 0);
381 }
382 my $port = PVE::Tools::next_migrate_port($family, $ip);
383
384 PVE::Tools::pipe_socket_to_command($cmd, $ip, $port);
385 return undef;
386 }
387
388 print "tunnel online\n";
389 *STDOUT->flush();
390
391 while (my $line = <STDIN>) {
392 chomp $line;
393 last if $line =~ m/^quit$/;
394 }
395
396 return undef;
397 }});
398
399
400 our $cmddef = {
401 keygen => [ __PACKAGE__, 'keygen', ['filename']],
402 create => [ 'PVE::API2::ClusterConfig', 'create', ['clustername']],
403 add => [ __PACKAGE__, 'add', ['hostname']],
404 addnode => [ 'PVE::API2::ClusterConfig', 'addnode', ['node']],
405 delnode => [ 'PVE::API2::ClusterConfig', 'delnode', ['node']],
406 status => [ __PACKAGE__, 'status' ],
407 nodes => [ __PACKAGE__, 'nodes' ],
408 expected => [ __PACKAGE__, 'expected', ['expected']],
409 updatecerts => [ __PACKAGE__, 'updatecerts', []],
410 mtunnel => [ __PACKAGE__, 'mtunnel', ['extra-args']],
411 };
412
413 1;
Cluster FS and Tools