[pve-devel] [PATCH cluster 1/2] fix #5461: pvecm: ssh: adapt intra cluster ssh options

Aaron Lauterer a.lauterer at proxmox.com
Thu May 16 12:38:49 CEST 2024 

I'll give it a try and will send a v2 :)

On  2024-05-16  12:17, Fabian Grünbichler wrote:
> On May 15, 2024 12:32 pm, Aaron Lauterer wrote:
>> because otherwise the SSH calls to other nodes in the cluster will fail
>> on newer clusters that only have the ssh known host keys located in the
>> pmxcfs.
>>
>> By utilizing SSHInfo::ssh_info_to_ssh_opts we can add the needed options
>> to the SSH call to have the node name aliased correctly and pointing SSH
>> to the correct known hosts file.
> 
> couldn't this completely be switched over to use ssh_info_to_command ?
> then we'd also benefit from other existing and future additions there
> 
> ssh_info_to_ssh_opts is basically the escape hatch for cases where that
> does not work, like scp ;)
> 
>> Signed-off-by: Aaron Lauterer <a.lauterer at proxmox.com>
>> ---
>>   src/PVE/CLI/pvecm.pm | 24 +++++++++++++++---------
>>   1 file changed, 15 insertions(+), 9 deletions(-)
>>
>> diff --git a/src/PVE/CLI/pvecm.pm b/src/PVE/CLI/pvecm.pm
>> index 0e8ca8f..5c285a9 100755
>> --- a/src/PVE/CLI/pvecm.pm
>> +++ b/src/PVE/CLI/pvecm.pm
>> @@ -18,6 +18,7 @@ use PVE::PTY;
>>   use PVE::API2::ClusterConfig;
>>   use PVE::Corosync;
>>   use PVE::Cluster::Setup;
>> +use PVE::SSHInfo;
>>   
>>   use base qw(PVE::CLIHandler);
>>   
>> @@ -173,9 +174,10 @@ __PACKAGE__->register_method ({
>>   	run_command([@$scp_cmd, "root\@\[$qnetd_addr\]:$ca_export_file", "/etc/pve/$ca_export_base"]);
>>   	$foreach_member->(sub {
>>   	    my ($node, $ip) = @_;
>> +	    my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node });
>>   	    my $outsub = sub { print "\nnode '$node': " . shift };
>>   	    run_command(
>> -		[@$ssh_cmd, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"],
>> +		[@$ssh_cmd, @$ssh_options, $ip, $qdevice_certutil, "-i", "-c", "/etc/pve/$ca_export_base"],
>>   		noerr => 1, outfunc => \&$outsub
>>   	    );
>>   	});
>> @@ -206,9 +208,10 @@ __PACKAGE__->register_method ({
>>   	run_command([@$scp_cmd, "$db_dir_node/$p12_file_base", "/etc/pve/"]);
>>   	$foreach_member->(sub {
>>   	    my ($node, $ip) = @_;
>> +	    my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node });
>>   	    my $outsub = sub { print "\nnode '$node': " . shift };
>>   	    run_command([
>> -		    @$ssh_cmd, $ip, "$qdevice_certutil", "-m", "-c",
>> +		    @$ssh_cmd, @$ssh_options, $ip, "$qdevice_certutil", "-m", "-c",
>>   		    "/etc/pve/$p12_file_base"], outfunc => \&$outsub
>>   		);
>>   	});
>> @@ -243,10 +246,11 @@ __PACKAGE__->register_method ({
>>   
>>   	$foreach_member->(sub {
>>   	    my ($node, $ip) = @_;
>> +	    my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node });
>>   	    my $outsub = sub { print "\nnode '$node': " . shift };
>>   	    print "\nINFO: start and enable corosync qdevice daemon on node '$node'...\n";
>> -	    run_command([@$ssh_cmd, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub);
>> -	    run_command([@$ssh_cmd, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub);
>> +	    run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'start', 'corosync-qdevice'], outfunc => \&$outsub);
>> +	    run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'enable', 'corosync-qdevice'], outfunc => \&$outsub);
>>   	});
>>   
>>   	run_command(['corosync-cfgtool', '-R']); # do cluster wide config reload
>> @@ -291,8 +295,9 @@ __PACKAGE__->register_method ({
>>   	    # cleanup qdev state (cert storage)
>>   	    my $qdev_state_dir =  "/etc/corosync/qdevice";
>>   	    $foreach_member->(sub {
>> -		my (undef, $ip) = @_;
>> -		run_command([@$ssh_cmd, $ip, '--', 'rm', '-rf', $qdev_state_dir]);
>> +		my ($node, $ip) = @_;
>> +		my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node });
>> +		run_command([@$ssh_cmd, @$ssh_options, $ip, '--', 'rm', '-rf', $qdev_state_dir]);
>>   	    });
>>   	};
>>   
>> @@ -300,9 +305,10 @@ __PACKAGE__->register_method ({
>>   	die $@ if $@;
>>   
>>   	$foreach_member->(sub {
>> -	    my (undef, $ip) = @_;
>> -	    run_command([@$ssh_cmd, $ip, 'systemctl', 'stop', 'corosync-qdevice']);
>> -	    run_command([@$ssh_cmd, $ip, 'systemctl', 'disable', 'corosync-qdevice']);
>> +	    my ($node, $ip) = @_;
>> +	    my $ssh_options = PVE::SSHInfo::ssh_info_to_ssh_opts ({ ip => $ip, name => $node });
>> +	    run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'stop', 'corosync-qdevice']);
>> +	    run_command([@$ssh_cmd, @$ssh_options, $ip, 'systemctl', 'disable', 'corosync-qdevice']);
>>   	});
>>   
>>   	run_command(['corosync-cfgtool', '-R']);
>> -- 
>> 2.39.2
>>
>>
>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at lists.proxmox.com
>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
>>
>>
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
>

More information about the pve-devel mailing list