From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 8C25C1FF38C for ; Thu, 16 May 2024 12:18:09 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 20D4034ABA; Thu, 16 May 2024 12:18:21 +0200 (CEST) Date: Thu, 16 May 2024 12:17:42 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox VE development discussion References: <20240515103213.455567-1-a.lauterer@proxmox.com> <20240515103213.455567-2-a.lauterer@proxmox.com> In-Reply-To: <20240515103213.455567-2-a.lauterer@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid) Message-Id: <1715852043.kplc7htoyp.astroid@yuna.none> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.054 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH cluster 1/2] fix #5461: pvecm: ssh: adapt intra cluster ssh options X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" On May 15, 2024 12:32 pm, Aaron Lauterer wrote: > because otherwise the SSH calls to other nodes in the cluster will fail > on newer clusters that only have the ssh known host keys located in the > pmxcfs. > > By utilizing SSHInfo::ssh_info_to_ssh_opts we can add the needed options > to the SSH call to have the node name aliased correctly and pointing SSH > to the correct known hosts file. couldn't this completely be switched over to use ssh_info_to_command ? then we'd also benefit from other existing and future additions there ssh_info_to_ssh_opts is basically the escape hatch for cases where that does not work, like scp ;) > Signed-off-by: Aaron Lauterer > --- > src/PVE/CLI/pvecm.pm | 24 +++++++++++++++--------- > 1 file changed, 15 insertions(+), 9 deletions(-) > > diff --git a/src/PVE/CLI/pvecm.pm b/src/PVE/CLI/pvecm.pm > index 0e8ca8f..5c285a9 100755 > --- a/src/PVE/CLI/pvecm.pm > +++ b/src/PVE/CLI/pvecm.pm > @@ -18,6 +18,7 @@ use PVE::PTY; > use PVE::API2::ClusterConfig; > use PVE::Corosync; > use PVE::Cluster::Setup; > +use PVE::SSHInfo; > > use base qw(PVE::CLIHandler); > > @@ -173,9 +174,10 @@ __PACKAGE__->register_method ({ > run_command([@$scp_cmd, "root\@\[$qnetd_addr\]:$ca_export_file", "/etc/pve/$ca_export_base"]); > $foreach_member->(sub { > my ($node, $ip) = @_; > + my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node }); > my $outsub = sub { print "\nnode '$node': " . shift }; > run_command( > - [@$ssh_cmd, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"], > + [@$ssh_cmd, @$ssh_options, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"], > noerr => 1, outfunc => \&$outsub > ); > }); > @@ -206,9 +208,10 @@ __PACKAGE__->register_method ({ > run_command([@$scp_cmd, "$db_dir_node/$p12_file_base", "/etc/pve/"]); > $foreach_member->(sub { > my ($node, $ip) = @_; > + my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node }); > my $outsub = sub { print "\nnode '$node': " . shift }; > run_command([ > - @$ssh_cmd, $ip, "$qdevice_certutil", "-m", "-c", > + @$ssh_cmd, @$ssh_options, $ip, "$qdevice_certutil", "-m", "-c", > "/etc/pve/$p12_file_base"], outfunc => \&$outsub > ); > }); > @@ -243,10 +246,11 @@ __PACKAGE__->register_method ({ > > $foreach_member->(sub { > my ($node, $ip) = @_; > + my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node }); > my $outsub = sub { print "\nnode '$node': " . shift }; > print "\nINFO: start and enable corosync qdevice daemon on node '$node'...\n"; > - run_command([@$ssh_cmd, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub); > - run_command([@$ssh_cmd, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub); > + run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub); > + run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub); > }); > > run_command(['corosync-cfgtool', '-R']); # do cluster wide config reload > @@ -291,8 +295,9 @@ __PACKAGE__->register_method ({ > # cleanup qdev state (cert storage) > my $qdev_state_dir = "/etc/corosync/qdevice"; > $foreach_member->(sub { > - my (undef, $ip) = @_; > - run_command([@$ssh_cmd, $ip, '--', 'rm', '-rf', $qdev_state_dir]); > + my ($node, $ip) = @_; > + my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node }); > + run_command([@$ssh_cmd, @$ssh_options, $ip, '--', 'rm', '-rf', $qdev_state_dir]); > }); > }; > > @@ -300,9 +305,10 @@ __PACKAGE__->register_method ({ > die $@ if $@; > > $foreach_member->(sub { > - my (undef, $ip) = @_; > - run_command([@$ssh_cmd, $ip, 'systemctl', 'stop', 'corosync-qdevice']); > - run_command([@$ssh_cmd, $ip, 'systemctl', 'disable', 'corosync-qdevice']); > + my ($node, $ip) = @_; > + my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node }); > + run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'stop', 'corosync-qdevice']); > + run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'disable', 'corosync-qdevice']); > }); > > run_command(['corosync-cfgtool', '-R']); > -- > 2.39.2 > > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel