From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <t.lamprecht@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 557CB74500
 for <pve-devel@lists.proxmox.com>; Sun, 18 Apr 2021 19:07:55 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 430DCD52F
 for <pve-devel@lists.proxmox.com>; Sun, 18 Apr 2021 19:07:25 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id AEF92D524
 for <pve-devel@lists.proxmox.com>; Sun, 18 Apr 2021 19:07:24 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7128E4276B
 for <pve-devel@lists.proxmox.com>; Sun, 18 Apr 2021 19:07:24 +0200 (CEST)
Message-ID: <e3974f3f-a801-da91-556d-aa66fc7d045b@proxmox.com>
Date: Sun, 18 Apr 2021 19:07:23 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101
 Thunderbird/88.0
Content-Language: en-US
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 =?UTF-8?Q?Fabian_Gr=c3=bcnbichler?= <f.gruenbichler@proxmox.com>
References: <20210413121640.3602975-1-f.gruenbichler@proxmox.com>
 <20210413121640.3602975-9-f.gruenbichler@proxmox.com>
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
In-Reply-To: <20210413121640.3602975-9-f.gruenbichler@proxmox.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.039 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 NICE_REPLY_A           -0.001 Looks like a legit reply (A)
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH cluster 2/4] add get_remote_info
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Sun, 18 Apr 2021 17:07:55 -0000

On 13.04.21 14:16, Fabian Gr=C3=BCnbichler wrote:
> as a unified helper for talking to a remote node. if the requested node=

> has an entry in the remote config, the information from that entry is
> used.  else, the first locally defined node of the requested cluster is=

> used as proxy.
>=20
> Signed-off-by: Fabian Gr=C3=BCnbichler <f.gruenbichler@proxmox.com>
> ---
>  data/PVE/RemoteConfig.pm | 55 ++++++++++++++++++++++++++++++++++++++++=

>  1 file changed, 55 insertions(+)
>=20
> diff --git a/data/PVE/RemoteConfig.pm b/data/PVE/RemoteConfig.pm
> index 23274de..7c395ba 100644
> --- a/data/PVE/RemoteConfig.pm
> +++ b/data/PVE/RemoteConfig.pm
> @@ -3,6 +3,7 @@ package PVE::RemoteConfig;
>  use strict;
>  use warnings;
> =20
> +use PVE::APIClient::LWP;
>  use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs=
_lock_file);
>  use PVE::JSONSchema qw(get_standard_option);
>  use PVE::Tools;
> @@ -158,6 +159,60 @@ sub lock {
>      }
>  }
> =20
> +# will attempt to connect with node's locally defined endpoint if poss=
ible
> +sub get_remote_info {
> +    my ($self, $cluster, $node, $network_cidr) =3D @_;
> +
> +    my $cluster_info =3D $self->{ids}->{$cluster};
> +    die "Remote cluster '$cluster' is not defined!\n"
> +	if !defined($cluster_info) || $cluster_info->{type} ne 'pvecluster';
> +
> +    my $host =3D $node;
> +
> +    # fallback to random node/endpoint if $node is not locally defined=

> +    if (!$cluster_info->{nodes}->{$node}) {
> +	my @defined_nodes =3D keys %{$cluster_info->{nodes}};
> +	$host =3D $defined_nodes[0];
> +    }
> +
> +    my $api_node =3D $self->{ids}->{$host};
> +
> +    my $api_token =3D $cluster_info->{token} // $api_node->{token};
> +
> +    my $conn_args =3D {
> +	username =3D> 'root@pam',
> +	protocol =3D> 'https',
> +	host =3D> $api_node->{endpoint},
> +	apitoken =3D> $api_token,
> +	port =3D> 8006,
> +    };
> +
> +    if (my $fp =3D $api_node->{fingerprint}) {
> +	$conn_args->{cached_fingerprints} =3D { uc($fp) =3D> 1 };
> +    } else {
> +	# FIXME add proper parameter to APIClient

that should now work out of the box? I.e., if no FP is passed we default =
to
verify_hostname =3D 1, and if verify_hostname is true we trust what opens=
sl thinks
about the validity of the connection.

> +	die "IMPLEMENT ME";
> +	my $ssl_opts =3D {
> +	    verify_hostname =3D> 1,
> +#	    SSL_ca_path =3D> '/etc/ssl/certs',
> +	    SSL_verify_callback =3D> 1,
> +	};
> +    }
> +
> +    print "Establishing API connection with cluster '$cluster' node '$=
host'\n";
> +
> +    my $conn =3D PVE::APIClient::LWP->new(%$conn_args);
> +
> +
> +    my $args =3D {};
> +    $args->{cidr} =3D $network_cidr if $network_cidr;
> +
> +    print "Request IP information of node '$node'\n";
> +    my $res =3D $conn->get("/nodes/$node/addr", $args);
> +
> +    return ($res, $conn_args);
> +}
> +
>  package PVE::RemoteConfig::Cluster;
> =20
>  use PVE::RemoteConfig;
>=20