[pve-devel] [RFC cluster v2 06/10] pvecm: add: use API by default
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Dec 6 16:10:38 CET 2017
On Mon, Dec 04, 2017 at 12:11:13PM +0100, Thomas Lamprecht wrote:
> Default to using the API for a add node procedure.
>
> But, allow the user to manually fall back to the legacy SSH method.
> Also fallback if the API detected an not up to date peer.
> This could be removed in a later release.
>
> Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
> ---
> data/PVE/CLI/pvecm.pm | 45 +++++++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 43 insertions(+), 2 deletions(-)
>
> diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
> index 7aedd3d..07ae0af 100755
> --- a/data/PVE/CLI/pvecm.pm
> +++ b/data/PVE/CLI/pvecm.pm
> @@ -10,7 +10,9 @@ use PVE::Tools qw(run_command);
> use PVE::Cluster;
> use PVE::INotify;
> use PVE::JSONSchema;
> +use PVE::RPCEnvironment;
> use PVE::CLIHandler;
> +use PVE::PTY;
> use PVE::API2::ClusterConfig;
> use PVE::Corosync;
>
> @@ -26,6 +28,10 @@ my $dbfile = "$libdir/config.db";
> my $authfile = "/etc/corosync/authkey";
>
>
> +sub setup_environment {
> + PVE::RPCEnvironment->setup_default_cli_env();
> +}
> +
> __PACKAGE__->register_method ({
> name => 'keygen',
> path => 'keygen',
> @@ -253,6 +259,17 @@ __PACKAGE__->register_method ({
> " needs an valid configured ring 1 interface in the cluster.",
> optional => 1,
> },
> + fingerprint => {
> + description => "SSL certificate fingerprint.",
> + type => 'string',
> + pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
> + optional => 1,
> + },
> + 'use_ssh' => {
> + type => 'boolean',
> + description => "Always use SSH to join, even if peer may do it over API.",
> + optional => 1,
> + },
> },
> },
> returns => { type => 'null' },
> @@ -262,14 +279,38 @@ __PACKAGE__->register_method ({
>
> my $nodename = PVE::INotify::nodename();
>
> + my $host = $param->{hostname};
> +
> + if (!$param->{use_ssh}) {
> + print "Please enter superuser (root) password for '$host':\n";
> + my $password = PVE::PTY::read_password("Password for root\@$host: ");
> +
> + delete $param->{use_ssh};
> + $param->{password} = $password;
> +
> + eval { PVE::API2::ClusterConfig->join($param) };
> +
> + if (my $err = $@) {
> + if ($err eq "Cannot use API to join, peer is not up to date!\n") {
> + print "$err\n";
> + print "Do you want to fallback to joining over SSH (yes/no)?\n";
I don't really like this (checking the error string). since this is CLI
only, couldn't we just abort and include the pointer to CLI + SSH fall
back in the ClusterConfig API error message?
otherwise, we'd need to factor out the version check including API
Client setup, which is also not very nice..
> +
> + my $answer = <>;
> + die "OK, abort cluster join.\n" if $answer !~ m/^\s*y(es)?\s*$/i;
> + } else {
> + die $err;
> + }
> + } else {
> + return; # all OK, the API joint endpoint successfully set us up
> + }
> + }
> +
> PVE::Cluster::setup_sshd_config();
> PVE::Cluster::setup_rootsshconfig();
> PVE::Cluster::setup_ssh_keys();
>
> PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
>
> - my $host = $param->{hostname};
> -
> # make sure known_hosts is on local filesystem
> PVE::Cluster::ssh_unmerge_known_hosts();
>
> --
> 2.11.0
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list