* [pve-devel] [PATCH cluster v2] fix #5461: pvecm: use ssh_info_to_command for intra cluster ssh
@ 2024-05-16 12:08 Aaron Lauterer
2024-05-22 8:16 ` [pve-devel] applied: " Fabian Grünbichler
0 siblings, 1 reply; 2+ messages in thread
From: Aaron Lauterer @ 2024-05-16 12:08 UTC (permalink / raw)
To: pve-devel
because otherwise the SSH calls to other nodes in the cluster will fail
on newer clusters that only have the ssh host keys located in the
pmxcfs.
With ssh_info_to_command we get all the needed SSH options that set the
alias and point to the right known_hosts file.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
---
changes since v1:
* use ssh_info_to_command to get the cmd call & options in one go
this gives us short enough line lenghts
* remove $ssh_cmd from qdevice remove
* cleaned up \&$outsub -> $outsub symbol salad ;)
src/PVE/CLI/pvecm.pm | 40 +++++++++++++++++++++++++---------------
1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/src/PVE/CLI/pvecm.pm b/src/PVE/CLI/pvecm.pm
index 0e8ca8f..cc8b3d3 100755
--- a/src/PVE/CLI/pvecm.pm
+++ b/src/PVE/CLI/pvecm.pm
@@ -18,6 +18,7 @@ use PVE::PTY;
use PVE::API2::ClusterConfig;
use PVE::Corosync;
use PVE::Cluster::Setup;
+use PVE::SSHInfo;
use base qw(PVE::CLIHandler);
@@ -173,10 +174,11 @@ __PACKAGE__->register_method ({
run_command([@$scp_cmd, "root\@\[$qnetd_addr\]:$ca_export_file", "/etc/pve/$ca_export_base"]);
$foreach_member->(sub {
my ($node, $ip) = @_;
+ my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
my $outsub = sub { print "\nnode '$node': " . shift };
run_command(
- [@$ssh_cmd, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"],
- noerr => 1, outfunc => \&$outsub
+ [@$ssh_cluster_cmd, '--', $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"],
+ noerr => 1, outfunc => $outsub
);
});
unlink "/etc/pve/$ca_export_base";
@@ -206,11 +208,12 @@ __PACKAGE__->register_method ({
run_command([@$scp_cmd, "$db_dir_node/$p12_file_base", "/etc/pve/"]);
$foreach_member->(sub {
my ($node, $ip) = @_;
+ my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
my $outsub = sub { print "\nnode '$node': " . shift };
- run_command([
- @$ssh_cmd, $ip, "$qdevice_certutil", "-m", "-c",
- "/etc/pve/$p12_file_base"], outfunc => \&$outsub
- );
+ run_command(
+ [@$ssh_cluster_cmd, '--', "$qdevice_certutil", "-m", "-c", "/etc/pve/$p12_file_base"],
+ outfunc => $outsub
+ );
});
unlink "/etc/pve/$p12_file_base";
@@ -243,10 +246,17 @@ __PACKAGE__->register_method ({
$foreach_member->(sub {
my ($node, $ip) = @_;
+ my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
my $outsub = sub { print "\nnode '$node': " . shift };
print "\nINFO: start and enable corosync qdevice daemon on node '$node'...\n";
- run_command([@$ssh_cmd, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub);
- run_command([@$ssh_cmd, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub);
+ run_command(
+ [@$ssh_cluster_cmd, '--', 'systemctl', 'start', 'corosync-qdevice'],
+ outfunc => $outsub
+ );
+ run_command(
+ [@$ssh_cluster_cmd, '--', 'systemctl', 'enable', 'corosync-qdevice'],
+ outfunc => $outsub
+ );
});
run_command(['corosync-cfgtool', '-R']); # do cluster wide config reload
@@ -276,8 +286,6 @@ __PACKAGE__->register_method ({
if !$members->{$node}->{online};
}
- my $ssh_cmd = ['ssh', '-o', 'BatchMode=yes', '-lroot'];
-
my $code = sub {
my $conf = PVE::Cluster::cfs_read_file("corosync.conf");
my $quorum_section = $conf->{main}->{quorum};
@@ -291,8 +299,9 @@ __PACKAGE__->register_method ({
# cleanup qdev state (cert storage)
my $qdev_state_dir = "/etc/corosync/qdevice";
$foreach_member->(sub {
- my (undef, $ip) = @_;
- run_command([@$ssh_cmd, $ip, '--', 'rm', '-rf', $qdev_state_dir]);
+ my ($node, $ip) = @_;
+ my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
+ run_command([@$ssh_cluster_cmd, '--', 'rm', '-rf', $qdev_state_dir]);
});
};
@@ -300,9 +309,10 @@ __PACKAGE__->register_method ({
die $@ if $@;
$foreach_member->(sub {
- my (undef, $ip) = @_;
- run_command([@$ssh_cmd, $ip, 'systemctl', 'stop', 'corosync-qdevice']);
- run_command([@$ssh_cmd, $ip, 'systemctl', 'disable', 'corosync-qdevice']);
+ my ($node, $ip) = @_;
+ my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
+ run_command([@$ssh_cluster_cmd, '--', 'systemctl', 'stop', 'corosync-qdevice']);
+ run_command([@$ssh_cluster_cmd, '--', 'systemctl', 'disable', 'corosync-qdevice']);
});
run_command(['corosync-cfgtool', '-R']);
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] applied: [PATCH cluster v2] fix #5461: pvecm: use ssh_info_to_command for intra cluster ssh
2024-05-16 12:08 [pve-devel] [PATCH cluster v2] fix #5461: pvecm: use ssh_info_to_command for intra cluster ssh Aaron Lauterer
@ 2024-05-22 8:16 ` Fabian Grünbichler
0 siblings, 0 replies; 2+ messages in thread
From: Fabian Grünbichler @ 2024-05-22 8:16 UTC (permalink / raw)
To: Proxmox VE development discussion
On May 16, 2024 2:08 pm, Aaron Lauterer wrote:
> because otherwise the SSH calls to other nodes in the cluster will fail
> on newer clusters that only have the ssh host keys located in the
> pmxcfs.
>
> With ssh_info_to_command we get all the needed SSH options that set the
> alias and point to the right known_hosts file.
>
> Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
> ---
> changes since v1:
> * use ssh_info_to_command to get the cmd call & options in one go
> this gives us short enough line lenghts
> * remove $ssh_cmd from qdevice remove
> * cleaned up \&$outsub -> $outsub symbol salad ;)
>
> src/PVE/CLI/pvecm.pm | 40 +++++++++++++++++++++++++---------------
> 1 file changed, 25 insertions(+), 15 deletions(-)
>
> diff --git a/src/PVE/CLI/pvecm.pm b/src/PVE/CLI/pvecm.pm
> index 0e8ca8f..cc8b3d3 100755
> --- a/src/PVE/CLI/pvecm.pm
> +++ b/src/PVE/CLI/pvecm.pm
> @@ -18,6 +18,7 @@ use PVE::PTY;
> use PVE::API2::ClusterConfig;
> use PVE::Corosync;
> use PVE::Cluster::Setup;
> +use PVE::SSHInfo;
>
> use base qw(PVE::CLIHandler);
>
> @@ -173,10 +174,11 @@ __PACKAGE__->register_method ({
> run_command([@$scp_cmd, "root\@\[$qnetd_addr\]:$ca_export_file", "/etc/pve/$ca_export_base"]);
> $foreach_member->(sub {
> my ($node, $ip) = @_;
> + my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
> my $outsub = sub { print "\nnode '$node': " . shift };
> run_command(
> - [@$ssh_cmd, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"],
> - noerr => 1, outfunc => \&$outsub
> + [@$ssh_cluster_cmd, '--', $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"],
> + noerr => 1, outfunc => $outsub
> );
> });
> unlink "/etc/pve/$ca_export_base";
> @@ -206,11 +208,12 @@ __PACKAGE__->register_method ({
> run_command([@$scp_cmd, "$db_dir_node/$p12_file_base", "/etc/pve/"]);
> $foreach_member->(sub {
> my ($node, $ip) = @_;
> + my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
> my $outsub = sub { print "\nnode '$node': " . shift };
> - run_command([
> - @$ssh_cmd, $ip, "$qdevice_certutil", "-m", "-c",
> - "/etc/pve/$p12_file_base"], outfunc => \&$outsub
> - );
> + run_command(
> + [@$ssh_cluster_cmd, '--', "$qdevice_certutil", "-m", "-c", "/etc/pve/$p12_file_base"],
> + outfunc => $outsub
> + );
> });
> unlink "/etc/pve/$p12_file_base";
>
> @@ -243,10 +246,17 @@ __PACKAGE__->register_method ({
>
> $foreach_member->(sub {
> my ($node, $ip) = @_;
> + my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
> my $outsub = sub { print "\nnode '$node': " . shift };
> print "\nINFO: start and enable corosync qdevice daemon on node '$node'...\n";
> - run_command([@$ssh_cmd, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub);
> - run_command([@$ssh_cmd, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub);
> + run_command(
> + [@$ssh_cluster_cmd, '--', 'systemctl', 'start', 'corosync-qdevice'],
> + outfunc => $outsub
> + );
> + run_command(
> + [@$ssh_cluster_cmd, '--', 'systemctl', 'enable', 'corosync-qdevice'],
> + outfunc => $outsub
> + );
> });
>
> run_command(['corosync-cfgtool', '-R']); # do cluster wide config reload
> @@ -276,8 +286,6 @@ __PACKAGE__->register_method ({
> if !$members->{$node}->{online};
> }
>
> - my $ssh_cmd = ['ssh', '-o', 'BatchMode=yes', '-lroot'];
> -
> my $code = sub {
> my $conf = PVE::Cluster::cfs_read_file("corosync.conf");
> my $quorum_section = $conf->{main}->{quorum};
> @@ -291,8 +299,9 @@ __PACKAGE__->register_method ({
> # cleanup qdev state (cert storage)
> my $qdev_state_dir = "/etc/corosync/qdevice";
> $foreach_member->(sub {
> - my (undef, $ip) = @_;
> - run_command([@$ssh_cmd, $ip, '--', 'rm', '-rf', $qdev_state_dir]);
> + my ($node, $ip) = @_;
> + my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
> + run_command([@$ssh_cluster_cmd, '--', 'rm', '-rf', $qdev_state_dir]);
> });
> };
>
> @@ -300,9 +309,10 @@ __PACKAGE__->register_method ({
> die $@ if $@;
>
> $foreach_member->(sub {
> - my (undef, $ip) = @_;
> - run_command([@$ssh_cmd, $ip, 'systemctl', 'stop', 'corosync-qdevice']);
> - run_command([@$ssh_cmd, $ip, 'systemctl', 'disable', 'corosync-qdevice']);
> + my ($node, $ip) = @_;
> + my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
> + run_command([@$ssh_cluster_cmd, '--', 'systemctl', 'stop', 'corosync-qdevice']);
> + run_command([@$ssh_cluster_cmd, '--', 'systemctl', 'disable', 'corosync-qdevice']);
> });
>
> run_command(['corosync-cfgtool', '-R']);
> --
> 2.39.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-05-22 8:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-16 12:08 [pve-devel] [PATCH cluster v2] fix #5461: pvecm: use ssh_info_to_command for intra cluster ssh Aaron Lauterer
2024-05-22 8:16 ` [pve-devel] applied: " Fabian Grünbichler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox