From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 936D11FF2F6 for ; Wed, 15 May 2024 12:32:35 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 888C6145E2; Wed, 15 May 2024 12:32:47 +0200 (CEST) From: Aaron Lauterer To: pve-devel@lists.proxmox.com Date: Wed, 15 May 2024 12:32:12 +0200 Message-Id: <20240515103213.455567-2-a.lauterer@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240515103213.455567-1-a.lauterer@proxmox.com> References: <20240515103213.455567-1-a.lauterer@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.043 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [pvecm.pm] Subject: [pve-devel] [PATCH cluster 1/2] fix #5461: pvecm: ssh: adapt intra cluster ssh options X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" because otherwise the SSH calls to other nodes in the cluster will fail on newer clusters that only have the ssh known host keys located in the pmxcfs. By utilizing SSHInfo::ssh_info_to_ssh_opts we can add the needed options to the SSH call to have the node name aliased correctly and pointing SSH to the correct known hosts file. Signed-off-by: Aaron Lauterer --- src/PVE/CLI/pvecm.pm | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/src/PVE/CLI/pvecm.pm b/src/PVE/CLI/pvecm.pm index 0e8ca8f..5c285a9 100755 --- a/src/PVE/CLI/pvecm.pm +++ b/src/PVE/CLI/pvecm.pm @@ -18,6 +18,7 @@ use PVE::PTY; use PVE::API2::ClusterConfig; use PVE::Corosync; use PVE::Cluster::Setup; +use PVE::SSHInfo; use base qw(PVE::CLIHandler); @@ -173,9 +174,10 @@ __PACKAGE__->register_method ({ run_command([@$scp_cmd, "root\@\[$qnetd_addr\]:$ca_export_file", "/etc/pve/$ca_export_base"]); $foreach_member->(sub { my ($node, $ip) = @_; + my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node }); my $outsub = sub { print "\nnode '$node': " . shift }; run_command( - [@$ssh_cmd, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"], + [@$ssh_cmd, @$ssh_options, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"], noerr => 1, outfunc => \&$outsub ); }); @@ -206,9 +208,10 @@ __PACKAGE__->register_method ({ run_command([@$scp_cmd, "$db_dir_node/$p12_file_base", "/etc/pve/"]); $foreach_member->(sub { my ($node, $ip) = @_; + my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node }); my $outsub = sub { print "\nnode '$node': " . shift }; run_command([ - @$ssh_cmd, $ip, "$qdevice_certutil", "-m", "-c", + @$ssh_cmd, @$ssh_options, $ip, "$qdevice_certutil", "-m", "-c", "/etc/pve/$p12_file_base"], outfunc => \&$outsub ); }); @@ -243,10 +246,11 @@ __PACKAGE__->register_method ({ $foreach_member->(sub { my ($node, $ip) = @_; + my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node }); my $outsub = sub { print "\nnode '$node': " . shift }; print "\nINFO: start and enable corosync qdevice daemon on node '$node'...\n"; - run_command([@$ssh_cmd, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub); - run_command([@$ssh_cmd, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub); + run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub); + run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub); }); run_command(['corosync-cfgtool', '-R']); # do cluster wide config reload @@ -291,8 +295,9 @@ __PACKAGE__->register_method ({ # cleanup qdev state (cert storage) my $qdev_state_dir = "/etc/corosync/qdevice"; $foreach_member->(sub { - my (undef, $ip) = @_; - run_command([@$ssh_cmd, $ip, '--', 'rm', '-rf', $qdev_state_dir]); + my ($node, $ip) = @_; + my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node }); + run_command([@$ssh_cmd, @$ssh_options, $ip, '--', 'rm', '-rf', $qdev_state_dir]); }); }; @@ -300,9 +305,10 @@ __PACKAGE__->register_method ({ die $@ if $@; $foreach_member->(sub { - my (undef, $ip) = @_; - run_command([@$ssh_cmd, $ip, 'systemctl', 'stop', 'corosync-qdevice']); - run_command([@$ssh_cmd, $ip, 'systemctl', 'disable', 'corosync-qdevice']); + my ($node, $ip) = @_; + my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node }); + run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'stop', 'corosync-qdevice']); + run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'disable', 'corosync-qdevice']); }); run_command(['corosync-cfgtool', '-R']); -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel