]>
git.proxmox.com Git - pve-cluster.git/blob - data/PVE/CLI/pvecm.pm
746bcbec60f5a1336da5732ba69fab3d0609ad55
1 package PVE
::CLI
::pvecm
;
8 use PVE
::Tools
qw(run_command);
11 use PVE
::JSONSchema
qw(get_standard_option);
12 use PVE
::RPCEnvironment
;
15 use PVE
::API2
::ClusterConfig
;
18 use base
qw(PVE::CLIHandler);
20 $ENV{HOME
} = '/root'; # for ssh-copy-id
22 my $basedir = "/etc/pve";
23 my $clusterconf = "$basedir/corosync.conf";
24 my $libdir = "/var/lib/pve-cluster";
25 my $authfile = "/etc/corosync/authkey";
28 sub setup_environment
{
29 PVE
::RPCEnvironment-
>setup_default_cli_env();
32 __PACKAGE__-
>register_method ({
36 description
=> "Generate new cryptographic key for corosync.",
38 additionalProperties
=> 0,
42 description
=> "Output file name"
46 returns
=> { type
=> 'null' },
51 my $filename = $param->{filename
};
54 $> == 0 || die "Error: Authorization key must be generated as root user.\n";
55 my $dirname = dirname
($filename);
57 die "key file '$filename' already exists\n" if -e
$filename;
59 File
::Path
::make_path
($dirname) if $dirname;
61 run_command
(['corosync-keygen', '-l', '-k', $filename]);
66 __PACKAGE__-
>register_method ({
70 description
=> "Adds the current node to an existing cluster.",
72 additionalProperties
=> 0,
76 description
=> "Hostname (or IP) of an existing cluster member."
78 nodeid
=> get_standard_option
('corosync-nodeid'),
81 description
=> "Number of votes for this node",
87 description
=> "Do not throw error if node already exists.",
90 ring0_addr
=> get_standard_option
('corosync-ring0-addr'),
91 ring1_addr
=> get_standard_option
('corosync-ring1-addr'),
92 fingerprint
=> get_standard_option
('fingerprint-sha256', {
97 description
=> "Always use SSH to join, even if peer may do it over API.",
102 returns
=> { type
=> 'null' },
107 my $nodename = PVE
::INotify
::nodename
();
109 my $host = $param->{hostname
};
111 PVE
::Cluster
::assert_joinable
($param->{ring0_addr
}, $param->{ring1_addr
}, $param->{force
});
115 if (!$param->{use_ssh
}) {
116 print "Please enter superuser (root) password for '$host':\n";
117 my $password = PVE
::PTY
::read_password
("Password for root\@$host: ");
119 delete $param->{use_ssh
};
120 $param->{password
} = $password;
122 my $local_cluster_lock = "/var/lock/pvecm.lock";
123 PVE
::Tools
::lock_file
($local_cluster_lock, 10, \
&PVE
::Cluster
::join, $param);
126 if (ref($err) eq 'PVE::APIClient::Exception' && defined($err->{code
}) && $err->{code
} == 501) {
127 $err = "Remote side is not able to use API for Cluster join!\n" .
128 "Pass the 'use_ssh' switch or update the remote side.\n";
132 return; # all OK, the API join endpoint successfully set us up
135 # allow fallback to old ssh only join if wished or needed
137 PVE
::Cluster
::setup_sshd_config
();
138 PVE
::Cluster
::setup_rootsshconfig
();
139 PVE
::Cluster
::setup_ssh_keys
();
141 # make sure known_hosts is on local filesystem
142 PVE
::Cluster
::ssh_unmerge_known_hosts
();
144 my $cmd = ['ssh-copy-id', '-i', '/root/.ssh/id_rsa', "root\@$host"];
145 run_command
($cmd, 'outfunc' => sub {}, 'errfunc' => sub {},
146 'errmsg' => "unable to copy ssh ID");
148 $cmd = ['ssh', $host, '-o', 'BatchMode=yes',
149 'pvecm', 'addnode', $nodename, '--force', 1];
151 push @$cmd, '--nodeid', $param->{nodeid
} if $param->{nodeid
};
152 push @$cmd, '--votes', $param->{votes
} if defined($param->{votes
});
153 push @$cmd, '--ring0_addr', $param->{ring0_addr
} if defined($param->{ring0_addr
});
154 push @$cmd, '--ring1_addr', $param->{ring1_addr
} if defined($param->{ring1_addr
});
156 if (system (@$cmd) != 0) {
157 my $cmdtxt = join (' ', @$cmd);
158 die "unable to add node: command failed ($cmdtxt)\n";
161 my $tmpdir = "$libdir/.pvecm_add.tmp.$$";
165 print "copy corosync auth key\n";
166 $cmd = ['rsync', '--rsh=ssh -l root -o BatchMode=yes', '-lpgoq',
167 "[$host]:$authfile $clusterconf", $tmpdir];
169 system(@$cmd) == 0 || die "can't rsync data from host '$host'\n";
171 my $corosync_conf = PVE
::Tools
::file_get_contents
("$tmpdir/corosync.conf");
172 my $corosync_authkey = PVE
::Tools
::file_get_contents
("$tmpdir/authkey");
174 PVE
::Cluster
::finish_join
($host, $corosync_conf, $corosync_authkey);
183 # use a synced worker so we get a nice task log when joining through CLI
184 my $rpcenv = PVE
::RPCEnvironment
::get
();
185 my $authuser = $rpcenv->get_user();
187 $rpcenv->fork_worker('clusterjoin', '', $authuser, $worker);
192 __PACKAGE__-
>register_method ({
196 description
=> "Displays the local view of the cluster status.",
198 additionalProperties
=> 0,
201 returns
=> { type
=> 'null' },
206 PVE
::Corosync
::check_conf_exists
();
208 my $cmd = ['corosync-quorumtool', '-siH'];
212 exit (-1); # should not be reached
215 __PACKAGE__-
>register_method ({
219 description
=> "Displays the local view of the cluster nodes.",
221 additionalProperties
=> 0,
224 returns
=> { type
=> 'null' },
229 PVE
::Corosync
::check_conf_exists
();
231 my $cmd = ['corosync-quorumtool', '-l'];
235 exit (-1); # should not be reached
238 __PACKAGE__-
>register_method ({
242 description
=> "Tells corosync a new value of expected votes.",
244 additionalProperties
=> 0,
248 description
=> "Expected votes",
253 returns
=> { type
=> 'null' },
258 PVE
::Corosync
::check_conf_exists
();
260 my $cmd = ['corosync-quorumtool', '-e', $param->{expected
}];
264 exit (-1); # should not be reached
268 __PACKAGE__-
>register_method ({
269 name
=> 'updatecerts',
270 path
=> 'updatecerts',
272 description
=> "Update node certificates (and generate all needed files/directories).",
274 additionalProperties
=> 0,
277 description
=> "Force generation of new SSL certifate.",
282 description
=> "Ignore errors (i.e. when cluster has no quorum).",
288 returns
=> { type
=> 'null' },
292 PVE
::Cluster
::setup_rootsshconfig
();
294 PVE
::Cluster
::gen_pve_vzdump_symlink
();
296 if (!PVE
::Cluster
::check_cfs_quorum
(1)) {
297 return undef if $param->{silent
};
298 die "no quorum - unable to update files\n";
301 PVE
::Cluster
::setup_ssh_keys
();
303 my $nodename = PVE
::INotify
::nodename
();
305 my $local_ip_address = PVE
::Cluster
::remote_node_ip
($nodename);
307 PVE
::Cluster
::gen_pve_node_files
($nodename, $local_ip_address, $param->{force
});
308 PVE
::Cluster
::ssh_merge_keys
();
309 PVE
::Cluster
::ssh_merge_known_hosts
($nodename, $local_ip_address);
310 PVE
::Cluster
::gen_pve_vzdump_files
();
315 __PACKAGE__-
>register_method ({
319 description
=> "Used by VM/CT migration - do not use manually.",
321 additionalProperties
=> 0,
323 get_migration_ip
=> {
326 description
=> 'return the migration IP, if configured',
329 migration_network
=> {
332 description
=> 'the migration network used to detect the local migration IP',
337 description
=> 'Run a command with a tcp socket as standard input.'
338 .' The IP address and port are printed via this'
339 ." command's stdandard output first, each on a separate line.",
342 'extra-args' => PVE
::JSONSchema
::get_standard_option
('extra-args'),
345 returns
=> { type
=> 'null'},
349 if (!PVE
::Cluster
::check_cfs_quorum
(1)) {
354 my $network = $param->{migration_network
};
355 if ($param->{get_migration_ip
}) {
356 die "cannot use --run-command with --get_migration_ip\n"
357 if $param->{'run-command'};
358 if (my $ip = PVE
::Cluster
::get_local_migration_ip
($network)) {
363 # do not keep tunnel open when asked for migration ip
367 if ($param->{'run-command'}) {
368 my $cmd = $param->{'extra-args'};
369 die "missing command\n"
370 if !$cmd || !scalar(@$cmd);
372 # Get an ip address to listen on, and find a free migration port
374 if (defined($network)) {
375 $ip = PVE
::Cluster
::get_local_migration_ip
($network)
376 or die "failed to get migration IP address to listen on\n";
377 $family = PVE
::Tools
::get_host_address_family
($ip);
379 my $nodename = PVE
::INotify
::nodename
();
380 ($ip, $family) = PVE
::Network
::get_ip_from_hostname
($nodename, 0);
382 my $port = PVE
::Tools
::next_migrate_port
($family, $ip);
384 PVE
::Tools
::pipe_socket_to_command
($cmd, $ip, $port);
388 print "tunnel online\n";
391 while (my $line = <STDIN
>) {
393 last if $line =~ m/^quit$/;
401 keygen
=> [ __PACKAGE__
, 'keygen', ['filename']],
402 create
=> [ 'PVE::API2::ClusterConfig', 'create', ['clustername']],
403 add
=> [ __PACKAGE__
, 'add', ['hostname']],
404 addnode
=> [ 'PVE::API2::ClusterConfig', 'addnode', ['node']],
405 delnode
=> [ 'PVE::API2::ClusterConfig', 'delnode', ['node']],
406 status
=> [ __PACKAGE__
, 'status' ],
407 nodes
=> [ __PACKAGE__
, 'nodes' ],
408 expected
=> [ __PACKAGE__
, 'expected', ['expected']],
409 updatecerts
=> [ __PACKAGE__
, 'updatecerts', []],
410 mtunnel
=> [ __PACKAGE__
, 'mtunnel', ['extra-args']],