From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Thu, 8 Mar 2018 16:17:45 +0000 (+0100)
Subject: cluster join: ensure updatecerts gets called on quorate cluster
X-Git-Url: https://git.proxmox.com/?p=pve-cluster.git;a=commitdiff_plain;h=8f64504cb2e0fb55e93044ebf70fd8857cf4dab6

cluster join: ensure updatecerts gets called on quorate cluster

We moved the start of pve-cluster together with the one of corosync
earlier, before the quorate check.
This meant that the 'pvecm updatecerts --silent' we call in the
from the pve-cluster.service through ExecStartPost exited as it has
not yet quorum.

So factor the respective code out to the Cluster perl module and
call this function manually after we reached quorum.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index 746bcbe..7e16586 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -289,25 +289,7 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
-	PVE::Cluster::setup_rootsshconfig();
-
-	PVE::Cluster::gen_pve_vzdump_symlink();
-
-	if (!PVE::Cluster::check_cfs_quorum(1)) {
-	    return undef if $param->{silent};
-	    die "no quorum - unable to update files\n";
-	}
-
-	PVE::Cluster::setup_ssh_keys();
-
-	my $nodename = PVE::INotify::nodename();
-
-	my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);
-
-	PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $param->{force});
-	PVE::Cluster::ssh_merge_keys();
-	PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address);
-	PVE::Cluster::gen_pve_vzdump_files();
+	PVE::Cluster::updatecerts_and_ssh($param->@{qw(force silent)});
 
 	return undef;
     }});
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index a7c8bd4..2920ff6 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1863,19 +1863,41 @@ sub finish_join {
     }
     print "OK\n" if !$printqmsg;
 
-    my $local_ip_address = remote_node_ip($nodename);
-
-    print "generating node certificates\n";
-    gen_pve_node_files($nodename, $local_ip_address);
-
-    print "merge known_hosts file\n";
-    ssh_merge_known_hosts($nodename, $local_ip_address, 1);
+    updatecerts_and_ssh(1);
 
-    print "node certificate changed, restart pveproxy and pvedaemon services\n";
+    print "generated new node certificate, restart pveproxy and pvedaemon services\n";
     run_command(['systemctl', 'reload-or-restart', 'pvedaemon', 'pveproxy']);
 
     print "successfully added node '$nodename' to cluster.\n";
 }
 
+sub updatecerts_and_ssh {
+    my ($force_new_cert, $silent) = @_;
+
+    my $p = sub { print "$_[0]\n" if !$silent };
+
+    setup_rootsshconfig();
+
+    gen_pve_vzdump_symlink();
+
+    if (!check_cfs_quorum(1)) {
+	return undef if $silent;
+	die "no quorum - unable to update files\n";
+    }
+
+    setup_ssh_keys();
+
+    my $nodename = PVE::INotify::nodename();
+    my $local_ip_address = remote_node_ip($nodename);
+
+    $p->("(re)generate node files");
+    $p->("generate new node certificate") if $force_new_cert;
+    gen_pve_node_files($nodename, $local_ip_address, $force_new_cert);
+
+    $p->("merge authorized SSH keys and known hosts");
+    ssh_merge_keys();
+    ssh_merge_known_hosts($nodename, $local_ip_address);
+    gen_pve_vzdump_files();
+}
 
 1;