[pve-devel] [RFC cluster v2 06/10] pvecm: add: use API by default

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Dec 4 12:11:13 CET 2017


Default to using the API for a add node procedure.

But, allow the user to manually fall back to the legacy SSH method.
Also fallback if the API detected an not up to date peer.
This could be removed in a later release.

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
 data/PVE/CLI/pvecm.pm | 45 +++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 43 insertions(+), 2 deletions(-)

diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index 7aedd3d..07ae0af 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -10,7 +10,9 @@ use PVE::Tools qw(run_command);
 use PVE::Cluster;
 use PVE::INotify;
 use PVE::JSONSchema;
+use PVE::RPCEnvironment;
 use PVE::CLIHandler;
+use PVE::PTY;
 use PVE::API2::ClusterConfig;
 use PVE::Corosync;
 
@@ -26,6 +28,10 @@ my $dbfile = "$libdir/config.db";
 my $authfile = "/etc/corosync/authkey";
 
 
+sub setup_environment {
+    PVE::RPCEnvironment->setup_default_cli_env();
+}
+
 __PACKAGE__->register_method ({
     name => 'keygen',
     path => 'keygen',
@@ -253,6 +259,17 @@ __PACKAGE__->register_method ({
 		    " needs an valid configured ring 1 interface in the cluster.",
 		optional => 1,
 	    },
+	    fingerprint => {
+		description => "SSL certificate fingerprint.",
+		type => 'string',
+		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
+		optional => 1,
+	    },
+	    'use_ssh' => {
+		type => 'boolean',
+		description => "Always use SSH to join, even if peer may do it over API.",
+		optional => 1,
+	    },
 	},
     },
     returns => { type => 'null' },
@@ -262,14 +279,38 @@ __PACKAGE__->register_method ({
 
 	my $nodename = PVE::INotify::nodename();
 
+	my $host = $param->{hostname};
+
+	if (!$param->{use_ssh}) {
+	    print "Please enter superuser (root) password for '$host':\n";
+	    my $password = PVE::PTY::read_password("Password for root\@$host: ");
+
+	    delete $param->{use_ssh};
+	    $param->{password} = $password;
+
+	    eval { PVE::API2::ClusterConfig->join($param) };
+
+	    if (my $err = $@) {
+		if ($err eq "Cannot use API to join, peer is not up to date!\n") {
+		    print "$err\n";
+		    print "Do you want to fallback to joining over SSH (yes/no)?\n";
+
+		    my $answer = <>;
+		    die "OK, abort cluster join.\n" if $answer !~ m/^\s*y(es)?\s*$/i;
+		} else {
+		    die $err;
+		}
+	    } else {
+		return; # all OK, the API joint endpoint successfully set us up
+	    }
+	}
+
 	PVE::Cluster::setup_sshd_config();
 	PVE::Cluster::setup_rootsshconfig();
 	PVE::Cluster::setup_ssh_keys();
 
 	PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
 
-	my $host = $param->{hostname};
-
 	# make sure known_hosts is on local filesystem
 	PVE::Cluster::ssh_unmerge_known_hosts();
 
-- 
2.11.0





More information about the pve-devel mailing list