pvecm add: use API by default to join cluster

Default to using the API for a add node procedure.

But, allow the user to manually fall back to the legacy SSH method.
Also fallback if the API detected an not up to date peer, this is
done by checking for the 501 HTTP_NOT_IMPLEMENTED response code.

This could be removed in a later major release, e.g. 6.0.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index 4659d4b5a811cf437345b5f640444a280663a3f1..ef8fac02690d761ef17de6b4dc4fa5c9b8bc550b 100755 (executable)
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -10,7 +10,9 @@ use PVE::Tools qw(run_command);
 use PVE::Cluster;
 use PVE::INotify;
 use PVE::JSONSchema;
+use PVE::RPCEnvironment;
 use PVE::CLIHandler;
+use PVE::PTY;
 use PVE::API2::ClusterConfig;
 use PVE::Corosync;
 
@@ -24,6 +26,10 @@ my $libdir = "/var/lib/pve-cluster";
 my $authfile = "/etc/corosync/authkey";
 
 
+sub setup_environment {
+    PVE::RPCEnvironment->setup_default_cli_env();
+}
+
 __PACKAGE__->register_method ({
     name => 'keygen',
     path => 'keygen',
@@ -251,6 +257,14 @@ __PACKAGE__->register_method ({
                    " needs an valid configured ring 1 interface in the cluster.",
                optional => 1,
            },
+           fingerprint => PVE::JSONSchema::get_standard_option('fingerprint-sha256', {
+               optional => 1,
+           }),
+           'use_ssh' => {
+               type => 'boolean',
+               description => "Always use SSH to join, even if peer may do it over API.",
+               optional => 1,
+           },
        },
     },
     returns => { type => 'null' },
@@ -260,13 +274,34 @@ __PACKAGE__->register_method ({
 
        my $nodename = PVE::INotify::nodename();
 
-       PVE::Cluster::setup_sshd_config();
-       PVE::Cluster::setup_rootsshconfig();
-       PVE::Cluster::setup_ssh_keys();
+       my $host = $param->{hostname};
 
        PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
 
-       my $host = $param->{hostname};
+       if (!$param->{use_ssh}) {
+           print "Please enter superuser (root) password for '$host':\n";
+           my $password = PVE::PTY::read_password("Password for root\@$host: ");
+
+           delete $param->{use_ssh};
+           $param->{password} = $password;
+
+           eval { PVE::Cluster::join($param) };
+
+           if (my $err = $@) {
+               if (ref($err) eq 'PVE::APIClient::Exception' && $err->{code} == 501) {
+                   $err = "Remote side is not able to use API for Cluster join!\n" .
+                          "Pass the 'use_ssh' switch or update the remote side.\n";
+               }
+               die $err;
+           }
+           return; # all OK, the API join endpoint successfully set us up
+       }
+
+       # allow fallback to old ssh only join if wished or needed
+
+       PVE::Cluster::setup_sshd_config();
+       PVE::Cluster::setup_rootsshconfig();
+       PVE::Cluster::setup_ssh_keys();
 
        # make sure known_hosts is on local filesystem
        PVE::Cluster::ssh_unmerge_known_hosts();