and only fallback to SSH in case it doesn't work. this will allow use to
remove 'pvecm mtunnel' in the next major release! :)
Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
---
Notes:
the downside of this is a dependency from
libpve-cluster-perl
to
libpve-access-control
I don't see another place where we could put this though?
get_ssh_info is currently used by
PVE::Replication
PVE::AstractMigrate
PVE::API2::Qemu
PVE::API2::Storage::Content
itself ;)
in addition to the above, ssh_info_to_command is also used by
PVE::Storage
and there is no package/module that can be used by
libpve-storage-perl, qemu-server, libpve-guest-common
and can in turn use
pve-cluster, libpve-access-control
data/PVE/CLI/pvecm.pm | 14 +++++++++++++-
data/PVE/SSHInfo.pm | 35 +++++++++++++++++++++++++++++++++--
2 files changed, 46 insertions(+), 3 deletions(-)
diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index d3fde3c..4805689 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -572,11 +572,12 @@ __PACKAGE__->register_method ({
return undef;
}});
+# FIXME: remove with PVE 7.0, see comment below
__PACKAGE__->register_method ({
name => 'mtunnel',
path => 'mtunnel',
method => 'POST',
- description => "Used by VM/CT migration - do not use manually.",
+ description => "Only used for backwards-compatibility - will be removed in
PVE 7.0",
parameters => {
additionalProperties => 0,
properties => {
@@ -604,6 +605,17 @@ __PACKAGE__->register_method ({
},
returns => { type => 'null'},
code => sub {
+# WARNING: deprecated!
+#
+# this should only be called for compatibility reasons in case of
+#
+# PVE::Storage::storage_migration with both
+# - insecure migration set AND
+# - target node libpve-storage-perl version <= 6.0-4
+#
+# PVE::Cluster/PVE::SSHInfo::get_ssh_info with
+# - $network_cidr set
+# - target node pve-manager version <= 6.0-11
my ($param) = @_;
if (!PVE::Cluster::check_cfs_quorum(1)) {
diff --git a/data/PVE/SSHInfo.pm b/data/PVE/SSHInfo.pm
index fadd36c..ed1319a 100644
--- a/data/PVE/SSHInfo.pm
+++ b/data/PVE/SSHInfo.pm
@@ -3,6 +3,8 @@ package PVE::SSHInfo;
use strict;
use warnings;
+use PVE::AccessControl;
+use PVE::APIClient::LWP;
use PVE::Cluster;
use PVE::Tools;
@@ -11,11 +13,40 @@ sub get_ssh_info {
my $ip;
if (defined($network_cidr)) {
+ # attempt with API first, requires pve-manager >= 6.0-12
+ eval {
+ my $host = PVE::Cluster::remote_node_ip($node);
+ my $conn_args = {
+ username => 'root@pam',
+ ticket => PVE::AccessControl::assemble_ticket('root@pam'),
+ cookie_name => 'PVEAuthCookie',
+ protocol => 'https',
+ host => $host,
+ port => 8006,
+ };
+
+ my $fp = PVE::Cluster::get_node_fingerprint($node);
+ $conn_args->{cached_fingerprints} = { uc($fp) => 1 };
+
+ my $conn = PVE::APIClient::LWP->new(%$conn_args);
+
+ my $args = { 'extra' => $network_cidr };
+
+ my $res = $conn->get("/nodes/${node}/addr", $args);
+ my $ips = $res->{extra};
+
+ die "failed to get ip for node '$node' in network '$network_cidr'\n"
+ if scalar($ips) != 1;
+
+ $ip = @$ips[0]
+ };
+ }
+
+ # fallback to 'pvecm mtunnel'
+ if (defined($network_cidr) && !defined($ip)) {
# Use mtunnel via to get the remote node's ip inside $network_cidr.
# This goes over the regular network (iow. uses get_ssh_info() with
# $network_cidr undefined.
- # FIXME: Use the REST API client for this after creating an API entry
- # for get_migration_ip.
my $default_remote = get_ssh_info($node, undef);
my $default_ssh = ssh_info_to_command($default_remote);
my $cmd =[@$default_ssh, 'pvecm', 'mtunnel',
--
2.20.1
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
