Thomas Lamprecht [Thu, 11 Apr 2019 05:46:09 +0000 (07:46 +0200)]
pmxcfs: allow read access for www-data to /run dir
There's no real sensible information here, and we naturally only
allow read, but no write/exec.
This makes our IPCC restart connection re-cachin heuristic also work
for processes run as www-data, e.g., pveproxy, and thus guarantee a
more seamless pmxcfs restart - e.g., for package updates.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 11 Apr 2019 05:42:21 +0000 (07:42 +0200)]
ipcc: increase restart grace period
with bad timing and general restart overhead 5 secs were sometimes a
too small timeout, even if it happened really seldom. Increase it a
bit, as it's desired to have the connection stay a live in a lot of
cases, e.g., to not get logged out on pve-cluster update as
pveproxy's verify_ticked couldn't do IPCC.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stoiko Ivanov [Tue, 12 Mar 2019 15:07:40 +0000 (16:07 +0100)]
mac_prefix: do not allow multicast prefixes
MAC-addresses having the LSB of the first octet set, are considered
multicast-addresses (see [0,1]). LXC (the kernel) does not allow
such a mac-address to be set for a device, thus preventing containers from
starting if a multicast prefix is set (reported in [2] by Alexandre)
This patch introduces 'mac-prefix' (permitting only unicast prefixes) via
register_format and uses it instead of the pattern.
Oguz Bektas [Tue, 5 Mar 2019 12:42:07 +0000 (13:42 +0100)]
allow to setup and remove qdevice for cluster
makes it possible to setup and remove qdevice through pvecm
requirements:
* all hosts need corosync-qdevice installed
* host serving as qdevice needs corosync-qnetd installed
* root ssh access from pve host to qdevice host
pve-cluster: dont pretend to be a time-sync provider
time-sync.target is a special passive unit, consumers (i.e., units that
intend to say "I want to start after synchronized time has been
established") should only order themselves after it. only providers
(i.e., units that intend to say "I am responsible for synchronizing the
clock") should pull it in via a dependency.
Thomas Lamprecht [Mon, 30 Jul 2018 12:31:00 +0000 (14:31 +0200)]
api/join: avoid using an IPv6 address as worker task ID
We used the hostname of the node over which we joined a cluster as
worker ID, which is then encoded in it's task UPID - a unique ID with
encoded information, separated by colons.
While this is no problem for normal hostnames, or IPv4 addresses, the
hostname can also be an IPv6 address - which is also separated by
colons. This throws of the upid_decode method.
While the, from a user POV, best solution would probably be to
connect and query the cluster name from the join peer it is much
simpler to just omit the ID to avoid such problems.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
pve-cluster is not a big project with to much dependencies, so
autotools was a bit of an overkill for it.
Omit it, plus a ./configure step in general and just use a plain
Makefile - in combination with pkg-config - like we do in our other
projects.
Build time gets reduced quite a bit - albeit the were never that big
anyway...:
(old autotools) time make deb
make deb 12.96s user 1.78s system 94% cpu 15.543 total
(new plain makefile) time make deb
make deb 9.40s user 1.14s system 100% cpu 10.465 total
A third less time needed here, and with compiling in parallel I can
shave off even 1.5 seconds more, so almost half of the original
time.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
fix #1843: always free certificate file after reading it
Reading https://$host:8006/nodes repeadedly leads to pveproxy keeping
a filedescriptor open for each node-certificate in the cluster and
eventually reaching its NOFile limit..
to workaround the case that we may possible get into the
uninterruptedly D state.
While this may still happen, it happens to a fork and we can return
an error to our caller.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
We call this in pve-cluster.service as ExecStartPost. We prefix it
with '-' to tell systemd that it should ignore non-zero exit codes,
but if the command hangs (e.g., on IO) systemd kills it after a
timeout (90 seconds default) which then doesn't get ignored and the
unit will also be put in failure state and stopped.
We specifically do not want this to happen, so wrap the updatecerts
call in run_with_timeout and give it a maximum of 30 seconds to
finish.
Reviewed-by: Stoiko Ivanov <s.ivanov@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
IPCConst.pm depends on cfs-ipc-ops.h. Additionally, since
the header is the "input" and IPCConst.pm.awk is the
generator, use the header as the main direct dependency and
add the generator as a secondary dependency afterwards
(thus we have to swap the awk parameters).
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Fri, 18 May 2018 10:37:25 +0000 (12:37 +0200)]
use constants for IPC request types
Add a simple header with the constants as defines.
Use a simple awk script to translate this to an perl module with the
constants exported. awk is far easier to understand and maintain than
h2ph or h2xs, also their result is quite a mess for such a trivial
thing, IMO.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
fix #1743: cluster create: default to ring0_addr for bindnet0
Else, if a separate network address was passed for ring0_addr but no
bindnet0 adress was set we used the wrong fallback.
Do not fallback to $local_node_ip but always to $ring0_addr, which
itself falls back to local node IP.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
pmxcfs: only exit parent when successfully started
since systemd depends that parent exits only
when the service is actually started, we need to wait for the
child to get to the point where it starts the fuse loop
and signal the parent to now exit and write the pid file
without this, we had an issue, where the
ExecStartPost hook (which runs pvecm updatecerts) did not run reliably,
but which is necessary to setup the nodes/ dir in /etc/pve
and generating the ssl certificates
this could also affect every service which has an
After=pve-cluster
Thomas Lamprecht [Tue, 27 Mar 2018 06:08:37 +0000 (08:08 +0200)]
API/Cluster: autoflush STDOUT for join and create
We're in a forked worker here, so STDOUT isn't connected to a
(pseudo)TTY directly, so perl flushes only when it's intewrnal buffer
is full.
Ensure each line gets flushed out to the API client in use to give
immediate feedback about the operation.
For example, our WebUIs Task Viewer won't show anything without this
quite a bit of time, you may even get logged out before the flush
from the perl side happens, which is simply bad UX.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 29 Mar 2018 09:06:08 +0000 (11:06 +0200)]
pvecm join: also default to resolved IP with use_ssh param
We already switched to this behaviour in pvecm create and pvecm join
(with API) but did not changed it for the case when a user requested
to use the old method to join with --use_ssh.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
cluster join: ensure updatecerts gets called on quorate cluster
We moved the start of pve-cluster together with the one of corosync
earlier, before the quorate check.
This meant that the 'pvecm updatecerts --silent' we call in the
from the pve-cluster.service through ExecStartPost exited as it has
not yet quorum.
So factor the respective code out to the Cluster perl module and
call this function manually after we reached quorum.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
If we are not part of a cluster we do not need to worry about other
members messing with the config. But there may be local contenders,
e.g., two automation script instances started in parallel by mistake
or two admin (sessions) which start a create or join clsuter request
at the same time.
Reuse the local flock for this purpose.
lock_file silents an exception, but does not alters it so we die if
$@ is set, to ensure a worker gets to know that something bad
happened.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
api/cluster: add endpoint to GET cluster join information
Returns all relevant information for joining this cluster over the
current connected node securely over the API, address, fingerprint,
totem config section and (not directly needed but possibly useful)
cluster configuration digest.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 12 Dec 2017 16:15:56 +0000 (17:15 +0100)]
api/cluster: create cluster in forked worker
Creating a cluster may need a bit longer, we need to gather random
data for the corosync authkey, restart services and such.
As we're now exposed in the API the 30 second response limit from
pveproxy is a big reason to do this. But we also get a nice task log
entry with this, which is nice.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 27 Nov 2017 11:53:46 +0000 (12:53 +0100)]
pvecm add: use API by default to join cluster
Default to using the API for a add node procedure.
But, allow the user to manually fall back to the legacy SSH method.
Also fallback if the API detected an not up to date peer, this is
done by checking for the 501 HTTP_NOT_IMPLEMENTED response code.
This could be removed in a later major release, e.g. 6.0.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 27 Nov 2017 09:55:14 +0000 (10:55 +0100)]
api/cluster: add join endpoint
Add an endpoint to the API which allows to join an existing PVE
cluster by only using the API instead of CLI tools (pvecm).
Use a worker as this operation may need longer than 30 seconds.
With the worker we also get a task log entry/window for an UI for
free, allowing to give better feedback.
The join helper will be reused by the CLI handler in a later patch.
It is based on its behaviour, but swapped out the ssh parts with API
calls.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
projects / pve-cluster.git / log