[pve-devel] [PATCH cluster 2/4] add get_remote_info

Fabian Grünbichler f.gruenbichler at proxmox.com
Mon Apr 19 09:48:34 CEST 2021 

On April 18, 2021 7:07 pm, Thomas Lamprecht wrote:
> On 13.04.21 14:16, Fabian Grünbichler wrote:
>> as a unified helper for talking to a remote node. if the requested node
>> has an entry in the remote config, the information from that entry is
>> used.  else, the first locally defined node of the requested cluster is
>> used as proxy.
>> 
>> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
>> ---
>>  data/PVE/RemoteConfig.pm | 55 ++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 55 insertions(+)
>> 
>> diff --git a/data/PVE/RemoteConfig.pm b/data/PVE/RemoteConfig.pm
>> index 23274de..7c395ba 100644
>> --- a/data/PVE/RemoteConfig.pm
>> +++ b/data/PVE/RemoteConfig.pm
>> @@ -3,6 +3,7 @@ package PVE::RemoteConfig;
>>  use strict;
>>  use warnings;
>>  
>> +use PVE::APIClient::LWP;
>>  use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
>>  use PVE::JSONSchema qw(get_standard_option);
>>  use PVE::Tools;
>> @@ -158,6 +159,60 @@ sub lock {
>>      }
>>  }
>>  
>> +# will attempt to connect with node's locally defined endpoint if possible
>> +sub get_remote_info {
>> +    my ($self, $cluster, $node, $network_cidr) = @_;
>> +
>> +    my $cluster_info = $self->{ids}->{$cluster};
>> +    die "Remote cluster '$cluster' is not defined!\n"
>> +	if !defined($cluster_info) || $cluster_info->{type} ne 'pvecluster';
>> +
>> +    my $host = $node;
>> +
>> +    # fallback to random node/endpoint if $node is not locally defined
>> +    if (!$cluster_info->{nodes}->{$node}) {
>> +	my @defined_nodes = keys %{$cluster_info->{nodes}};
>> +	$host = $defined_nodes[0];
>> +    }
>> +
>> +    my $api_node = $self->{ids}->{$host};
>> +
>> +    my $api_token = $cluster_info->{token} // $api_node->{token};
>> +
>> +    my $conn_args = {
>> +	username => 'root at pam',
>> +	protocol => 'https',
>> +	host => $api_node->{endpoint},
>> +	apitoken => $api_token,
>> +	port => 8006,
>> +    };
>> +
>> +    if (my $fp = $api_node->{fingerprint}) {
>> +	$conn_args->{cached_fingerprints} = { uc($fp) => 1 };
>> +    } else {
>> +	# FIXME add proper parameter to APIClient
> 
> that should now work out of the box? I.e., if no FP is passed we default to
> verify_hostname = 1, and if verify_hostname is true we trust what openssl thinks
> about the validity of the connection.

I didn't test it (and the tunnel binary itself still lacks that 
functionality for sure), but that comment is leftover (only slightly 
moved/reworded) from last year's PoC, so it's possible that the LWP 
client handles this well nowadays :)

> 
>> +	die "IMPLEMENT ME";
>> +	my $ssl_opts = {
>> +	    verify_hostname => 1,
>> +#	    SSL_ca_path => '/etc/ssl/certs',
>> +	    SSL_verify_callback => 1,
>> +	};
>> +    }
>> +
>> +    print "Establishing API connection with cluster '$cluster' node '$host'\n";
>> +
>> +    my $conn = PVE::APIClient::LWP->new(%$conn_args);
>> +
>> +
>> +    my $args = {};
>> +    $args->{cidr} = $network_cidr if $network_cidr;
>> +
>> +    print "Request IP information of node '$node'\n";
>> +    my $res = $conn->get("/nodes/$node/addr", $args);
>> +
>> +    return ($res, $conn_args);
>> +}
>> +
>>  package PVE::RemoteConfig::Cluster;
>>  
>>  use PVE::RemoteConfig;
>> 
> 
>

More information about the pve-devel mailing list