[pve-devel] [PATCH cluster] cluster join: ensure updatecerts gets called on quorate cluster

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Mar 8 17:17:45 CET 2018


We moved the start of pve-cluster together with the one of corosync
earlier, before the quorate check.
This meant that the 'pvecm updatecerts --silent' we call in the
from the pve-cluster.service through ExecStartPost exited as it has
not yet quorum.

So factor the respective code out to the Cluster perl module and
call this function manually after we reached quorum.

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
 data/PVE/CLI/pvecm.pm | 20 +-------------------
 data/PVE/Cluster.pm   | 38 ++++++++++++++++++++++++++++++--------
 2 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index 124f9cd..e4278bc 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -289,25 +289,7 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
-	PVE::Cluster::setup_rootsshconfig();
-
-	PVE::Cluster::gen_pve_vzdump_symlink();
-
-	if (!PVE::Cluster::check_cfs_quorum(1)) {
-	    return undef if $param->{silent};
-	    die "no quorum - unable to update files\n";
-	}
-
-	PVE::Cluster::setup_ssh_keys();
-
-	my $nodename = PVE::INotify::nodename();
-
-	my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);
-
-	PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address, $param->{force});
-	PVE::Cluster::ssh_merge_keys();
-	PVE::Cluster::ssh_merge_known_hosts($nodename, $local_ip_address);
-	PVE::Cluster::gen_pve_vzdump_files();
+	PVE::Cluster::updatecerts_and_ssh($param->@{qw(force silent)});
 
 	return undef;
     }});
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index a7c8bd4..2920ff6 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1863,19 +1863,41 @@ sub finish_join {
     }
     print "OK\n" if !$printqmsg;
 
-    my $local_ip_address = remote_node_ip($nodename);
+    updatecerts_and_ssh(1);
 
-    print "generating node certificates\n";
-    gen_pve_node_files($nodename, $local_ip_address);
-
-    print "merge known_hosts file\n";
-    ssh_merge_known_hosts($nodename, $local_ip_address, 1);
-
-    print "node certificate changed, restart pveproxy and pvedaemon services\n";
+    print "generated new node certificate, restart pveproxy and pvedaemon services\n";
     run_command(['systemctl', 'reload-or-restart', 'pvedaemon', 'pveproxy']);
 
     print "successfully added node '$nodename' to cluster.\n";
 }
 
+sub updatecerts_and_ssh {
+    my ($force_new_cert, $silent) = @_;
+
+    my $p = sub { print "$_[0]\n" if !$silent };
+
+    setup_rootsshconfig();
+
+    gen_pve_vzdump_symlink();
+
+    if (!check_cfs_quorum(1)) {
+	return undef if $silent;
+	die "no quorum - unable to update files\n";
+    }
+
+    setup_ssh_keys();
+
+    my $nodename = PVE::INotify::nodename();
+    my $local_ip_address = remote_node_ip($nodename);
+
+    $p->("(re)generate node files");
+    $p->("generate new node certificate") if $force_new_cert;
+    gen_pve_node_files($nodename, $local_ip_address, $force_new_cert);
+
+    $p->("merge authorized SSH keys and known hosts");
+    ssh_merge_keys();
+    ssh_merge_known_hosts($nodename, $local_ip_address);
+    gen_pve_vzdump_files();
+}
 
 1;
-- 
2.14.2





More information about the pve-devel mailing list