cluster join: ensure updatecerts gets called on quorate cluster

We moved the start of pve-cluster together with the one of corosync
earlier, before the quorate check.
This meant that the 'pvecm updatecerts --silent' we call in the
from the pve-cluster.service through ExecStartPost exited as it has
not yet quorum.

So factor the respective code out to the Cluster perl module and
call this function manually after we reached quorum.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index 746bcbec60f5a1336da5732ba69fab3d0609ad55..7e165868ee1f07f694ec466969754a811f1b76a8 100755 (executable)
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -289,25 +289,7 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
 
-       PVE::Cluster::setup_rootsshconfig();
-
-       PVE::Cluster::gen_pve_vzdump_symlink();
-
-       if (!PVE::Cluster::check_cfs_quorum(1)) {
-           return undef if $param->{silent};
-           die "no quorum - unable to update files\n";
-       }
-
-       PVE::Cluster::setup_ssh_keys();
-
-       my $nodename = PVE::INotify::nodename();
-
-       my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);
-
-       PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $param->{force});
-       PVE::Cluster::ssh_merge_keys();
-       PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address);
-       PVE::Cluster::gen_pve_vzdump_files();
+       PVE::Cluster::updatecerts_and_ssh($param->@{qw(force silent)});
 
        return undef;
     }});

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index a7c8bd40d0b532a92c8f7656d4c45d45850f6369..2920ff600b1ae9eb050ff842e7e216eba10e430f 100644 (file)
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1863,19 +1863,41 @@ sub finish_join {
     }
     print "OK\n" if !$printqmsg;
 
-    my $local_ip_address = remote_node_ip($nodename);
-
-    print "generating node certificates\n";
-    gen_pve_node_files($nodename, $local_ip_address);
-
-    print "merge known_hosts file\n";
-    ssh_merge_known_hosts($nodename, $local_ip_address, 1);
+    updatecerts_and_ssh(1);
 
-    print "node certificate changed, restart pveproxy and pvedaemon services\n";
+    print "generated new node certificate, restart pveproxy and pvedaemon services\n";
     run_command(['systemctl', 'reload-or-restart', 'pvedaemon', 'pveproxy']);
 
     print "successfully added node '$nodename' to cluster.\n";
 }
 
+sub updatecerts_and_ssh {
+    my ($force_new_cert, $silent) = @_;
+
+    my $p = sub { print "$_[0]\n" if !$silent };
+
+    setup_rootsshconfig();
+
+    gen_pve_vzdump_symlink();
+
+    if (!check_cfs_quorum(1)) {
+       return undef if $silent;
+       die "no quorum - unable to update files\n";
+    }
+
+    setup_ssh_keys();
+
+    my $nodename = PVE::INotify::nodename();
+    my $local_ip_address = remote_node_ip($nodename);
+
+    $p->("(re)generate node files");
+    $p->("generate new node certificate") if $force_new_cert;
+    gen_pve_node_files($nodename, $local_ip_address, $force_new_cert);
+
+    $p->("merge authorized SSH keys and known hosts");
+    ssh_merge_keys();
+    ssh_merge_known_hosts($nodename, $local_ip_address);
+    gen_pve_vzdump_files();
+}
 
 1;