From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id D2F651FF137 for ; Tue, 17 Mar 2026 13:47:41 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 96C65CF8B; Tue, 17 Mar 2026 13:47:52 +0100 (CET) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Tue, 17 Mar 2026 13:47:48 +0100 Message-Id: Subject: Re: [PATCH ha-manager 3/3] api: status: add disarm-ha and arm-ha endpoints and CLI wiring From: "Dominik Rusovac" To: "Thomas Lamprecht" , X-Mailer: aerc 0.20.0 References: <20260309220128.973793-1-t.lamprecht@proxmox.com> <20260309220128.973793-4-t.lamprecht@proxmox.com> In-Reply-To: <20260309220128.973793-4-t.lamprecht@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1773751627548 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.719 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.408 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.819 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.903 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 54ZT2P7X64K5BOEKUF6OLDDO5WPRHMY3 X-Message-ID-Hash: 54ZT2P7X64K5BOEKUF6OLDDO5WPRHMY3 X-MailFrom: d.rusovac@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Please see my comments inline. On Mon Mar 9, 2026 at 10:57 PM CET, Thomas Lamprecht wrote: [snip] Extend the fencing status entry with disarming/disarmed states and the active resource mode. Each LRM entry shows 'watchdog released' once in disarm mode. The master and service status lines include the disarm state when applicable. These status extensions provide useful information in the web UI, which is very nice! [snip] +__PACKAGE__->register_method({ + name =3D> 'disarm-ha', + path =3D> 'disarm-ha', + method =3D> 'POST', protected =3D> 1, cfs-lock requires root privileges to create lock directory, thus endpoint needs to be protected. + description =3D> "Request disarming the HA stack, releasing all w= atchdogs cluster-wide.", + permissions =3D> { + check =3D> ['perm', '/', ['Sys.Console']], + }, + parameters =3D> { + additionalProperties =3D> 0, + properties =3D> { + 'resource-mode' =3D> { + description =3D> "Controls how HA managed resources a= re handled while disarmed." + . " The current state of resources is not affecte= d." + . " 'freeze': new commands and state changes are = not applied." + . " 'ignore': resources are removed from HA track= ing and can be" + . " managed as if they were not HA managed.", + type =3D> 'string', + enum =3D> ['freeze', 'ignore'], + }, + }, + }, + returns =3D> { type =3D> 'null' }, + code =3D> sub { + my ($param) =3D @_; + nit: Adding a guard that checks on prohibited use, e.g., some node is in maintenance state in combination with resource mode is 'ignore'; and returning some information as to why the disarming command was ignored, increases usability. This would of course entail the need for a different return type. + PVE::HA::Config::queue_crm_commands("disarm-ha $param->{'reso= urce-mode'}"); + + return undef; + }, +}); + +__PACKAGE__->register_method({ + name =3D> 'arm-ha', + path =3D> 'arm-ha', + method =3D> 'POST', protected =3D> 1, cfs-lock requires root privileges to create lock directory, thus endpoint needs to be protected. + description =3D> "Request re-arming the HA stack after it was dis= armed.", [snip]