From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 52E1C1FF38C
	for <inbox@lore.proxmox.com>; Thu, 16 May 2024 14:08:23 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id DEECA3691A;
	Thu, 16 May 2024 14:08:33 +0200 (CEST)
From: Aaron Lauterer <a.lauterer@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 16 May 2024 14:08:27 +0200
Message-Id: <20240516120827.1119487-1-a.lauterer@proxmox.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.043 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH cluster v2] fix #5461: pvecm: use
 ssh_info_to_command for intra cluster ssh
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

because otherwise the SSH calls to other nodes in the cluster will fail
on newer clusters that only have the ssh host keys located in the
pmxcfs.

With ssh_info_to_command we get all the needed SSH options that set the
alias and point to the right known_hosts file.

Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
---
changes since v1:
* use ssh_info_to_command to get the cmd call & options in one go
    this gives us short enough line lenghts
* remove $ssh_cmd from qdevice remove
* cleaned up \&$outsub -> $outsub symbol salad ;)

 src/PVE/CLI/pvecm.pm | 40 +++++++++++++++++++++++++---------------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/src/PVE/CLI/pvecm.pm b/src/PVE/CLI/pvecm.pm
index 0e8ca8f..cc8b3d3 100755
--- a/src/PVE/CLI/pvecm.pm
+++ b/src/PVE/CLI/pvecm.pm
@@ -18,6 +18,7 @@ use PVE::PTY;
 use PVE::API2::ClusterConfig;
 use PVE::Corosync;
 use PVE::Cluster::Setup;
+use PVE::SSHInfo;
 
 use base qw(PVE::CLIHandler);
 
@@ -173,10 +174,11 @@ __PACKAGE__->register_method ({
 	run_command([@$scp_cmd, "root\@\[$qnetd_addr\]:$ca_export_file", "/etc/pve/$ca_export_base"]);
 	$foreach_member->(sub {
 	    my ($node, $ip) = @_;
+	    my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
 	    my $outsub = sub { print "\nnode '$node': " . shift };
 	    run_command(
-		[@$ssh_cmd, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"],
-		noerr => 1, outfunc => \&$outsub
+		[@$ssh_cluster_cmd, '--', $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"],
+		noerr => 1, outfunc => $outsub
 	    );
 	});
 	unlink "/etc/pve/$ca_export_base";
@@ -206,11 +208,12 @@ __PACKAGE__->register_method ({
 	run_command([@$scp_cmd, "$db_dir_node/$p12_file_base", "/etc/pve/"]);
 	$foreach_member->(sub {
 	    my ($node, $ip) = @_;
+	    my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
 	    my $outsub = sub { print "\nnode '$node': " . shift };
-	    run_command([
-		    @$ssh_cmd, $ip, "$qdevice_certutil", "-m", "-c",
-		    "/etc/pve/$p12_file_base"], outfunc => \&$outsub
-		);
+	    run_command(
+		[@$ssh_cluster_cmd, '--', "$qdevice_certutil", "-m", "-c", "/etc/pve/$p12_file_base"],
+		outfunc => $outsub
+	    );
 	});
 	unlink "/etc/pve/$p12_file_base";
 
@@ -243,10 +246,17 @@ __PACKAGE__->register_method ({
 
 	$foreach_member->(sub {
 	    my ($node, $ip) = @_;
+	    my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
 	    my $outsub = sub { print "\nnode '$node': " . shift };
 	    print "\nINFO: start and enable corosync qdevice daemon on node '$node'...\n";
-	    run_command([@$ssh_cmd, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub);
-	    run_command([@$ssh_cmd, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub);
+	    run_command(
+		[@$ssh_cluster_cmd, '--', 'systemctl', 'start', 'corosync-qdevice'],
+		outfunc => $outsub
+	    );
+	    run_command(
+		[@$ssh_cluster_cmd, '--', 'systemctl', 'enable', 'corosync-qdevice'],
+		outfunc => $outsub
+	    );
 	});
 
 	run_command(['corosync-cfgtool', '-R']); # do cluster wide config reload
@@ -276,8 +286,6 @@ __PACKAGE__->register_method ({
 		if !$members->{$node}->{online};
 	}
 
-	my $ssh_cmd = ['ssh', '-o', 'BatchMode=yes', '-lroot'];
-
 	my $code = sub {
 	    my $conf = PVE::Cluster::cfs_read_file("corosync.conf");
 	    my $quorum_section = $conf->{main}->{quorum};
@@ -291,8 +299,9 @@ __PACKAGE__->register_method ({
 	    # cleanup qdev state (cert storage)
 	    my $qdev_state_dir =  "/etc/corosync/qdevice";
 	    $foreach_member->(sub {
-		my (undef, $ip) = @_;
-		run_command([@$ssh_cmd, $ip, '--', 'rm', '-rf', $qdev_state_dir]);
+		my ($node, $ip) = @_;
+		my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
+		run_command([@$ssh_cluster_cmd, '--', 'rm', '-rf', $qdev_state_dir]);
 	    });
 	};
 
@@ -300,9 +309,10 @@ __PACKAGE__->register_method ({
 	die $@ if $@;
 
 	$foreach_member->(sub {
-	    my (undef, $ip) = @_;
-	    run_command([@$ssh_cmd, $ip, 'systemctl', 'stop', 'corosync-qdevice']);
-	    run_command([@$ssh_cmd, $ip, 'systemctl', 'disable', 'corosync-qdevice']);
+	    my ($node, $ip) = @_;
+	    my $ssh_cluster_cmd = PVE::SSHInfo::ssh_info_to_command({ ip => $ip, name => $node });
+	    run_command([@$ssh_cluster_cmd, '--', 'systemctl', 'stop', 'corosync-qdevice']);
+	    run_command([@$ssh_cluster_cmd, '--', 'systemctl', 'disable', 'corosync-qdevice']);
 	});
 
 	run_command(['corosync-cfgtool', '-R']);
-- 
2.39.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel