[pve-devel] [PATCH v3 cluster 2/4] pvecm: updatecerts: wait for quorum

Fiona Ebner f.ebner at proxmox.com
Fri Jun 30 13:59:42 CEST 2023

Mostly useful for the updatecerts call triggered via the ExecStartPre
hook for pveproxy.service.

When starting a node that's part of a cluster, there is a time window
between the start of pve-cluster.service and when quorum is reached
(from the node's perspective). pveproxy.service is ordered after
pve-cluster.service, but that does not prevent the ExecStartPre hook
from being executed before the node is part of the quorate partition.

The pvecm updatecerts command won't do much without quorum. Generating
local (non-pmxcfs) files is still done before waiting on quorum.

In particular, it might happen that the base directories for observed
files will not get created during/after the upgrade from Proxmox VE 7
to 8 (reported in the community forum [0] and reproduced right away in
a virtual test cluster).

Waiting on quorum should highly increase the chances for successful
execution of the ExecStartPre hook.

[0]: https://forum.proxmox.com/threads/129644/

Suggested-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>

Changes in v3:
    * Fix commit title.
Changes in v2:
    * Different approach: always wait for quorum until timeout.

 src/PVE/CLI/pvecm.pm | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/PVE/CLI/pvecm.pm b/src/PVE/CLI/pvecm.pm
index ebc15bd..a0550c2 100755
--- a/src/PVE/CLI/pvecm.pm
+++ b/src/PVE/CLI/pvecm.pm
@@ -6,6 +6,8 @@ use warnings;
 use Cwd qw(getcwd);
 use File::Path;
 use File::Basename;
+use Time::HiRes qw(usleep);
 use PVE::Tools qw(run_command);
 use PVE::Cluster;
 use PVE::INotify;
@@ -577,6 +579,12 @@ __PACKAGE__->register_method ({
 	# no-good for ExecStartPre as it fails the whole service in this case
 	PVE::Tools::run_fork_with_timeout(30, sub {
+	    for (my $i = 0; !PVE::Cluster::check_cfs_quorum(1); $i++) {
+		print "waiting for pmxcfs mount to appear and get quorate...\n" if $i % 50 == 0;
+		usleep(100 * 1000);
+	    }
 	    PVE::Cluster::Setup::updatecerts_and_ssh($param->@{qw(force silent)});

More information about the pve-devel mailing list