[pve-devel] [PATCH cluster v3 08/14] pvecm add: use API by default to join cluster

Tue Dec 19 12:52:33 CET 2017

Default to using the API for a add node procedure.

But, allow the user to manually fall back to the legacy SSH method.
Also fallback if the API detected an not up to date peer, this is
done by checking for the 501 HTTP_NOT_IMPLEMENTED response code.

This could be removed in a later major release, e.g. 6.0.
---

changes v2 -> v3:
* move assert_joinable before asking for password
* detect through exceptions if the peer has an to old version and just abort if
  so, user can force ssh so better no automagic fallback

 data/PVE/CLI/pvecm.pm | 50 ++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 44 insertions(+), 6 deletions(-)

diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index ca7061f..9719dac 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -10,7 +10,9 @@ use PVE::Tools qw(run_command);
 use PVE::Cluster;
 use PVE::INotify;
 use PVE::JSONSchema;
+use PVE::RPCEnvironment;
 use PVE::CLIHandler;
+use PVE::PTY;
 use PVE::API2::ClusterConfig;
 use PVE::Corosync;
 
@@ -24,6 +26,10 @@ my $libdir = "/var/lib/pve-cluster";
 my $authfile = "/etc/corosync/authkey";
 
 
+sub setup_environment {
+    PVE::RPCEnvironment->setup_default_cli_env();
+}
+
 __PACKAGE__->register_method ({
     name => 'keygen',
     path => 'keygen',
@@ -251,6 +257,17 @@ __PACKAGE__->register_method ({
 		    " needs an valid configured ring 1 interface in the cluster.",
 		optional => 1,
 	    },
+	    fingerprint => {
+		description => "SSL certificate fingerprint.",
+		type => 'string',
+		pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$',
+		optional => 1,
+	    },
+	    'use_ssh' => {
+		type => 'boolean',
+		description => "Always use SSH to join, even if peer may do it over API.",
+		optional => 1,
+	    },
 	},
     },
     returns => { type => 'null' },
@@ -260,14 +277,35 @@ __PACKAGE__->register_method ({
 
 	my $nodename = PVE::INotify::nodename();
 
-	PVE::Cluster::setup_sshd_config();
-	PVE::Cluster::setup_rootsshconfig();
-	PVE::Cluster::setup_ssh_keys();
-
-	PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
-
 	my $host = $param->{hostname};
 
+	PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
+
+	if (!$param->{use_ssh}) {
+	    print "Please enter superuser (root) password for '$host':\n";
+	    my $password = PVE::PTY::read_password("Password for root\@$host: ");
+
+	    delete $param->{use_ssh};
+	    $param->{password} = $password;
+
+	    eval { PVE::API2::ClusterConfig->join($param) };
+
+	    if (my $err = $@) {
+		if (ref($err) eq 'PVE::APIClient::Exception' && $err->{code} == 501) {
+		    $err = "Remote side is not able to use API for Cluster join!\n" .
+		           "Pass the 'use_ssh' switch or update the remote side.\n";
+		}
+		die $err;
+	    }
+	    return; # all OK, the API join endpoint successfully set us up
+	}
+
+	# allow fallback to old ssh only join if wished or needed
+
+	PVE::Cluster::setup_sshd_config();
+	PVE::Cluster::setup_rootsshconfig();
+	PVE::Cluster::setup_ssh_keys();
+
 	# make sure known_hosts is on local filesystem
 	PVE::Cluster::ssh_unmerge_known_hosts();
 
-- 
2.11.0



