From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 52E1C1FF38C for ; Thu, 16 May 2024 14:08:23 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DEECA3691A; Thu, 16 May 2024 14:08:33 +0200 (CEST) From: Aaron Lauterer To: pve-devel@lists.proxmox.com Date: Thu, 16 May 2024 14:08:27 +0200 Message-Id: <20240516120827.1119487-1-a.lauterer@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.043 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH cluster v2] fix #5461: pvecm: use ssh_info_to_command for intra cluster ssh X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" because otherwise the SSH calls to other nodes in the cluster will fail on newer clusters that only have the ssh host keys located in the pmxcfs. With ssh_info_to_command we get all the needed SSH options that set the alias and point to the right known_hosts file. Signed-off-by: Aaron Lauterer --- changes since v1: * use ssh_info_to_command to get the cmd call & options in one go this gives us short enough line lenghts * remove $ssh_cmd from qdevice remove * cleaned up \&$outsub -> $outsub symbol salad ;) src/PVE/CLI/pvecm.pm | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/src/PVE/CLI/pvecm.pm b/src/PVE/CLI/pvecm.pm index 0e8ca8f..cc8b3d3 100755 --- a/src/PVE/CLI/pvecm.pm +++ b/src/PVE/CLI/pvecm.pm @@ -18,6 +18,7 @@ use PVE::PTY; use PVE::API2::ClusterConfig; use PVE::Corosync; use PVE::Cluster::Setup; +use PVE::SSHInfo; use base qw(PVE::CLIHandler); @@ -173,10 +174,11 @@ __PACKAGE__->register_method ({ run_command([@$scp_cmd, "root\@\[$qnetd_addr\]:$ca_export_file", "/etc/pve/$ca_export_base"]); $foreach_member->(sub { my ($node, $ip) = @_; + my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node }); my $outsub = sub { print "\nnode '$node': " . shift }; run_command( - [@$ssh_cmd, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"], - noerr => 1, outfunc => \&$outsub + [@$ssh_cluster_cmd, '--', $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"], + noerr => 1, outfunc => $outsub ); }); unlink "/etc/pve/$ca_export_base"; @@ -206,11 +208,12 @@ __PACKAGE__->register_method ({ run_command([@$scp_cmd, "$db_dir_node/$p12_file_base", "/etc/pve/"]); $foreach_member->(sub { my ($node, $ip) = @_; + my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node }); my $outsub = sub { print "\nnode '$node': " . shift }; - run_command([ - @$ssh_cmd, $ip, "$qdevice_certutil", "-m", "-c", - "/etc/pve/$p12_file_base"], outfunc => \&$outsub - ); + run_command( + [@$ssh_cluster_cmd, '--', "$qdevice_certutil", "-m", "-c", "/etc/pve/$p12_file_base"], + outfunc => $outsub + ); }); unlink "/etc/pve/$p12_file_base"; @@ -243,10 +246,17 @@ __PACKAGE__->register_method ({ $foreach_member->(sub { my ($node, $ip) = @_; + my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node }); my $outsub = sub { print "\nnode '$node': " . shift }; print "\nINFO: start and enable corosync qdevice daemon on node '$node'...\n"; - run_command([@$ssh_cmd, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub); - run_command([@$ssh_cmd, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub); + run_command( + [@$ssh_cluster_cmd, '--', 'systemctl', 'start', 'corosync-qdevice'], + outfunc => $outsub + ); + run_command( + [@$ssh_cluster_cmd, '--', 'systemctl', 'enable', 'corosync-qdevice'], + outfunc => $outsub + ); }); run_command(['corosync-cfgtool', '-R']); # do cluster wide config reload @@ -276,8 +286,6 @@ __PACKAGE__->register_method ({ if !$members->{$node}->{online}; } - my $ssh_cmd = ['ssh', '-o', 'BatchMode=yes', '-lroot']; - my $code = sub { my $conf = PVE::Cluster::cfs_read_file("corosync.conf"); my $quorum_section = $conf->{main}->{quorum}; @@ -291,8 +299,9 @@ __PACKAGE__->register_method ({ # cleanup qdev state (cert storage) my $qdev_state_dir = "/etc/corosync/qdevice"; $foreach_member->(sub { - my (undef, $ip) = @_; - run_command([@$ssh_cmd, $ip, '--', 'rm', '-rf', $qdev_state_dir]); + my ($node, $ip) = @_; + my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node }); + run_command([@$ssh_cluster_cmd, '--', 'rm', '-rf', $qdev_state_dir]); }); }; @@ -300,9 +309,10 @@ __PACKAGE__->register_method ({ die $@ if $@; $foreach_member->(sub { - my (undef, $ip) = @_; - run_command([@$ssh_cmd, $ip, 'systemctl', 'stop', 'corosync-qdevice']); - run_command([@$ssh_cmd, $ip, 'systemctl', 'disable', 'corosync-qdevice']); + my ($node, $ip) = @_; + my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node }); + run_command([@$ssh_cluster_cmd, '--', 'systemctl', 'stop', 'corosync-qdevice']); + run_command([@$ssh_cluster_cmd, '--', 'systemctl', 'disable', 'corosync-qdevice']); }); run_command(['corosync-cfgtool', '-R']); -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel