On 13.04.21 14:16, Fabian Grünbichler wrote:
> as a unified helper for talking to a remote node. if the requested node
> has an entry in the remote config, the information from that entry is
> used. else, the first locally defined node of the requested cluster is
> used as proxy.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
> ---
> data/PVE/RemoteConfig.pm | 55 ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 55 insertions(+)
>
> diff --git a/data/PVE/RemoteConfig.pm b/data/PVE/RemoteConfig.pm
> index 23274de..7c395ba 100644
> --- a/data/PVE/RemoteConfig.pm
> +++ b/data/PVE/RemoteConfig.pm
> @@ -3,6 +3,7 @@ package PVE::RemoteConfig;
> use strict;
> use warnings;
>
> +use PVE::APIClient::LWP;
> use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file
> cfs_lock_file);
> use PVE::JSONSchema qw(get_standard_option);
> use PVE::Tools;
> @@ -158,6 +159,60 @@ sub lock {
> }
> }
>
> +# will attempt to connect with node's locally defined endpoint if possible
> +sub get_remote_info {
> + my ($self, $cluster, $node, $network_cidr) = @_;
> +
> + my $cluster_info = $self->{ids}->{$cluster};
> + die "Remote cluster '$cluster' is not defined!\n"
> + if !defined($cluster_info) || $cluster_info->{type} ne 'pvecluster';
> +
> + my $host = $node;
> +
> + # fallback to random node/endpoint if $node is not locally defined
> + if (!$cluster_info->{nodes}->{$node}) {
> + my @defined_nodes = keys %{$cluster_info->{nodes}};
> + $host = $defined_nodes[0];
> + }
> +
> + my $api_node = $self->{ids}->{$host};
> +
> + my $api_token = $cluster_info->{token} // $api_node->{token};
> +
> + my $conn_args = {
> + username => 'root@pam',
> + protocol => 'https',
> + host => $api_node->{endpoint},
> + apitoken => $api_token,
> + port => 8006,
> + };
> +
> + if (my $fp = $api_node->{fingerprint}) {
> + $conn_args->{cached_fingerprints} = { uc($fp) => 1 };
> + } else {
> + # FIXME add proper parameter to APIClient
that should now work out of the box? I.e., if no FP is passed we default to
verify_hostname = 1, and if verify_hostname is true we trust what openssl thinks
about the validity of the connection.
> + die "IMPLEMENT ME";
> + my $ssl_opts = {
> + verify_hostname => 1,
> +# SSL_ca_path => '/etc/ssl/certs',
> + SSL_verify_callback => 1,
> + };
> + }
> +
> + print "Establishing API connection with cluster '$cluster' node
> '$host'\n";
> +
> + my $conn = PVE::APIClient::LWP->new(%$conn_args);
> +
> +
> + my $args = {};
> + $args->{cidr} = $network_cidr if $network_cidr;
> +
> + print "Request IP information of node '$node'\n";
> + my $res = $conn->get("/nodes/$node/addr", $args);
> +
> + return ($res, $conn_args);
> +}
> +
> package PVE::RemoteConfig::Cluster;
>
> use PVE::RemoteConfig;
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
