From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id B5C15746BF for ; Mon, 19 Apr 2021 09:49:15 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A4AF911AAA for ; Mon, 19 Apr 2021 09:48:45 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 8768811A9F for ; Mon, 19 Apr 2021 09:48:41 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 446C0436F0 for ; Mon, 19 Apr 2021 09:48:41 +0200 (CEST) Date: Mon, 19 Apr 2021 09:48:34 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox VE development discussion , Thomas Lamprecht References: <20210413121640.3602975-1-f.gruenbichler@proxmox.com> <20210413121640.3602975-9-f.gruenbichler@proxmox.com> In-Reply-To: MIME-Version: 1.0 User-Agent: astroid/0.15.0 (https://github.com/astroidmail/astroid) Message-Id: <1618818207.7v0hjv76ve.astroid@nora.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.026 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH cluster 2/4] add get_remote_info X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Apr 2021 07:49:15 -0000 On April 18, 2021 7:07 pm, Thomas Lamprecht wrote: > On 13.04.21 14:16, Fabian Gr=C3=BCnbichler wrote: >> as a unified helper for talking to a remote node. if the requested node >> has an entry in the remote config, the information from that entry is >> used. else, the first locally defined node of the requested cluster is >> used as proxy. >>=20 >> Signed-off-by: Fabian Gr=C3=BCnbichler >> --- >> data/PVE/RemoteConfig.pm | 55 ++++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 55 insertions(+) >>=20 >> diff --git a/data/PVE/RemoteConfig.pm b/data/PVE/RemoteConfig.pm >> index 23274de..7c395ba 100644 >> --- a/data/PVE/RemoteConfig.pm >> +++ b/data/PVE/RemoteConfig.pm >> @@ -3,6 +3,7 @@ package PVE::RemoteConfig; >> use strict; >> use warnings; >> =20 >> +use PVE::APIClient::LWP; >> use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_= lock_file); >> use PVE::JSONSchema qw(get_standard_option); >> use PVE::Tools; >> @@ -158,6 +159,60 @@ sub lock { >> } >> } >> =20 >> +# will attempt to connect with node's locally defined endpoint if possi= ble >> +sub get_remote_info { >> + my ($self, $cluster, $node, $network_cidr) =3D @_; >> + >> + my $cluster_info =3D $self->{ids}->{$cluster}; >> + die "Remote cluster '$cluster' is not defined!\n" >> + if !defined($cluster_info) || $cluster_info->{type} ne 'pvecluster'; >> + >> + my $host =3D $node; >> + >> + # fallback to random node/endpoint if $node is not locally defined >> + if (!$cluster_info->{nodes}->{$node}) { >> + my @defined_nodes =3D keys %{$cluster_info->{nodes}}; >> + $host =3D $defined_nodes[0]; >> + } >> + >> + my $api_node =3D $self->{ids}->{$host}; >> + >> + my $api_token =3D $cluster_info->{token} // $api_node->{token}; >> + >> + my $conn_args =3D { >> + username =3D> 'root@pam', >> + protocol =3D> 'https', >> + host =3D> $api_node->{endpoint}, >> + apitoken =3D> $api_token, >> + port =3D> 8006, >> + }; >> + >> + if (my $fp =3D $api_node->{fingerprint}) { >> + $conn_args->{cached_fingerprints} =3D { uc($fp) =3D> 1 }; >> + } else { >> + # FIXME add proper parameter to APIClient >=20 > that should now work out of the box? I.e., if no FP is passed we default = to > verify_hostname =3D 1, and if verify_hostname is true we trust what opens= sl thinks > about the validity of the connection. I didn't test it (and the tunnel binary itself still lacks that=20 functionality for sure), but that comment is leftover (only slightly=20 moved/reworded) from last year's PoC, so it's possible that the LWP=20 client handles this well nowadays :) >=20 >> + die "IMPLEMENT ME"; >> + my $ssl_opts =3D { >> + verify_hostname =3D> 1, >> +# SSL_ca_path =3D> '/etc/ssl/certs', >> + SSL_verify_callback =3D> 1, >> + }; >> + } >> + >> + print "Establishing API connection with cluster '$cluster' node '$h= ost'\n"; >> + >> + my $conn =3D PVE::APIClient::LWP->new(%$conn_args); >> + >> + >> + my $args =3D {}; >> + $args->{cidr} =3D $network_cidr if $network_cidr; >> + >> + print "Request IP information of node '$node'\n"; >> + my $res =3D $conn->get("/nodes/$node/addr", $args); >> + >> + return ($res, $conn_args); >> +} >> + >> package PVE::RemoteConfig::Cluster; >> =20 >> use PVE::RemoteConfig; >>=20 >=20 >=20 =