[pve-devel] [RFC cluster 6/6] pvecm: add: use API by default
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Nov 27 14:13:03 CET 2017
Default to using the API for a add node procedure.
But, allow the user to manually fall back to the legacy SSH method.
Also fallback if the API detected an not up to date peer.
This could be removed in a later release.
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
data/PVE/CLI/pvecm.pm | 44 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 42 insertions(+), 2 deletions(-)
diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index e76a822..b7cc70b 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -10,6 +10,7 @@ use PVE::Tools qw(run_command);
use PVE::Cluster;
use PVE::INotify;
use PVE::JSONSchema;
+use PVE::RPCEnvironment;
use PVE::CLIHandler;
use PVE::API2::ClusterConfig;
use PVE::Corosync;
@@ -26,6 +27,10 @@ my $dbfile = "$libdir/config.db";
my $authfile = "/etc/corosync/authkey";
+sub setup_environment {
+ PVE::RPCEnvironment->setup_default_cli_env();
+}
+
__PACKAGE__->register_method ({
name => 'keygen',
path => 'keygen',
@@ -261,6 +266,17 @@ __PACKAGE__->register_method ({
" needs an valid configured ring 1 interface in the cluster.",
optional => 1,
},
+ fingerprint => {
+ description => "SSL certificate fingerprint.",
+ type => 'string',
+ pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
+ optional => 1,
+ },
+ 'use_ssh' => {
+ type => 'boolean',
+ description => "Always use SSH to join, even if peer may do it over API.",
+ optional => 1,
+ },
},
},
returns => { type => 'null' },
@@ -270,14 +286,38 @@ __PACKAGE__->register_method ({
my $nodename = PVE::INotify::nodename();
+ my $host = $param->{hostname};
+
+ if (!$param->{use_ssh}) {
+ print "Please enter superuser (root) password for '$host':\n";
+ my $password = PVE::CLIHandler::read_password(undef, 1);
+
+ delete $param->{use_ssh};
+ $param->{password} = $password;
+
+ eval { PVE::API2::ClusterConfig->join($param) };
+
+ if (my $err = $@) {
+ if ($err eq "Cannot use API to join, peer is not up to date!\n") {
+ print "$err\n";
+ print "Do you want to fallback to joining over SSH (yes/no)?\n";
+
+ my $answer = <>;
+ die "OK, abort cluster join.\n" if $answer !~ m/^\s*y(es)?\s*$/i;
+ } else {
+ die $err;
+ }
+ } else {
+ return; # all OK, the API joint endpoint successfully set us up
+ }
+ }
+
PVE::Cluster::setup_sshd_config();
PVE::Cluster::setup_rootsshconfig();
PVE::Cluster::setup_ssh_keys();
PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
- my $host = $param->{hostname};
-
# make sure known_hosts is on local filesystem
PVE::Cluster::ssh_unmerge_known_hosts();
--
2.11.0
More information about the pve-devel
mailing list