[pve-devel] [RFC cluster v2 06/10] pvecm: add: use API by default

Wed Dec 6 16:47:24 CET 2017

On 12/06/2017 04:10 PM, Fabian Grünbichler wrote:
> On Mon, Dec 04, 2017 at 12:11:13PM +0100, Thomas Lamprecht wrote:
>> Default to using the API for a add node procedure.
>>
>> But, allow the user to manually fall back to the legacy SSH method.
>> Also fallback if the API detected an not up to date peer.
>> This could be removed in a later release.
>>
>> Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
>> ---
>>  data/PVE/CLI/pvecm.pm | 45 +++++++++++++++++++++++++++++++++++++++++++--
>>  1 file changed, 43 insertions(+), 2 deletions(-)
>>
>> diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
>> index 7aedd3d..07ae0af 100755
>> --- a/data/PVE/CLI/pvecm.pm
>> +++ b/data/PVE/CLI/pvecm.pm
>> @@ -10,7 +10,9 @@ use PVE::Tools qw(run_command);
>>  use PVE::Cluster;
>>  use PVE::INotify;
>>  use PVE::JSONSchema;
>> +use PVE::RPCEnvironment;
>>  use PVE::CLIHandler;
>> +use PVE::PTY;
>>  use PVE::API2::ClusterConfig;
>>  use PVE::Corosync;
>>  
>> @@ -26,6 +28,10 @@ my $dbfile = "$libdir/config.db";
>>  my $authfile = "/etc/corosync/authkey";
>>  
>>  
>> +sub setup_environment {
>> +    PVE::RPCEnvironment->setup_default_cli_env();
>> +}
>> +
>>  __PACKAGE__->register_method ({
>>      name => 'keygen',
>>      path => 'keygen',
>> @@ -253,6 +259,17 @@ __PACKAGE__->register_method ({
>>  		    " needs an valid configured ring 1 interface in the cluster.",
>>  		optional => 1,
>>  	    },
>> +	    fingerprint => {
>> +		description => "SSL certificate fingerprint.",
>> +		type => 'string',
>> +		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
>> +		optional => 1,
>> +	    },
>> +	    'use_ssh' => {
>> +		type => 'boolean',
>> +		description => "Always use SSH to join, even if peer may do it over API.",
>> +		optional => 1,
>> +	    },
>>  	},
>>      },
>>      returns => { type => 'null' },
>> @@ -262,14 +279,38 @@ __PACKAGE__->register_method ({
>>  
>>  	my $nodename = PVE::INotify::nodename();
>>  
>> +	my $host = $param->{hostname};
>> +
>> +	if (!$param->{use_ssh}) {
>> +	    print "Please enter superuser (root) password for '$host':\n";
>> +	    my $password = PVE::PTY::read_password("Password for root\@$host: ");
>> +
>> +	    delete $param->{use_ssh};
>> +	    $param->{password} = $password;
>> +
>> +	    eval { PVE::API2::ClusterConfig->join($param) };
>> +
>> +	    if (my $err = $@) {
>> +		if ($err eq "Cannot use API to join, peer is not up to date!\n") {
>> +		    print "$err\n";
>> +		    print "Do you want to fallback to joining over SSH (yes/no)?\n";
> 
> I don't really like this (checking the error string). since this is CLI
> only, couldn't we just abort and include the pointer to CLI + SSH fall
> back in the ClusterConfig API error message?
> 

I guess we could do that too. Would be even the sterner reminder that
this and the cluster nodes should be on the same version, and its
easier to do - never a bad thing.

> otherwise, we'd need to factor out the version check including API
> Client setup, which is also not very nice..
> 
>> +
>> +		    my $answer = <>;
>> +		    die "OK, abort cluster join.\n" if $answer !~ m/^\s*y(es)?\s*$/i;
>> +		} else {
>> +		    die $err;
>> +		}
>> +	    } else {
>> +		return; # all OK, the API joint endpoint successfully set us up
>> +	    }
>> +	}
>> +
>>  	PVE::Cluster::setup_sshd_config();
>>  	PVE::Cluster::setup_rootsshconfig();
>>  	PVE::Cluster::setup_ssh_keys();
>>  
>>  	PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
>>  
>> -	my $host = $param->{hostname};
>> -
>>  	# make sure known_hosts is on local filesystem
>>  	PVE::Cluster::ssh_unmerge_known_hosts();
>>  
>> -- 
>> 2.11.0