Merge branch 'stable-2.12' into stable-2.13
* stable-2.12
Handle SSL setup when downgrading
Write SSH ports to ssconf files
Noded: Consider certificate chain in callback
Cluster-keys-replacement: update documentation
Backend: Use timestamp as serial no for server cert
UPGRADE: add note about 2.12.5
NEWS: Mention issue 1094
man: mention changes in renew-crypto
Verify: warn about self-signed client certs
Bootstrap: validate SSL setup before starting noded
Clean up configuration of curl request
Renew-crypto: remove superflous copying of node certs
Renew-crypto: propagate verbose and debug option
Noded: log the certificate and digest on noded startup
QA: reload rapi cert after renew crypto
Prepare-node-join: use common functions
Renew-crypto: remove dead code
Init: add master client certificate to configuration
Renew-crypto: rebuild digest map of all nodes
Noded: make "bootstrap" a constant
node-daemon-setup: generate client certificate
tools: Move (Re)GenerateClientCert to common
Renew cluster and client certificates together
Init: create the master's client cert in bootstrap
Renew client certs using ssl_update tool
Run functions while (some) daemons are stopped
Back up old client.pem files
Introduce ssl_update tool
x509 function for creating signed certs
Add tools/common.py from 2.13
Consider ECDSA in SSH setup
Update documentation of watcher and RAPI daemon
Watcher: add option for setting RAPI IP
When connecting to Metad fails, log the full stack trace
Set up the Metad client with allow_non_master
Set up the configuration client properly on non-masters
Add the 'allow_non_master' option to the WConfd RPC client
Add the option to disable master checks to the RPC client
Add 'allow_non_master' to the Luxi test transport class too
Add 'allow_non_master' to FdTransport for compatibility
Properly document all constructor arguments of Transport
Allow the Transport class to be used for non-master nodes
Don't define the set of all daemons twice
Conflicts:
Makefile.am
NEWS
UPGRADE
lib/client/gnt_cluster.py
lib/cmdlib/cluster.py
lib/tools/common.py
lib/tools/prepare_node_join.py
lib/watcher/__init__.py
man/ganeti-watcher.rst
src/Ganeti/OpCodes.hs
test/hs/Test/Ganeti/OpCodes.hs
test/py/cmdlib/cluster_unittest.py
test/py/ganeti.tools.prepare_node_join_unittest.py
tools/cfgupgrade
Resolutions:
Makefile.am:
add ssl_update and ssh_update
NEWS:
add new sections from 2.12 and 2.13
UPGRADE:
add notes for both 2.12 and 2.13
lib/client/gnt_cluster.py:
add all new options to RenewCluster, remove version-specific
downgrade code
lib/tools/common.py:
split the two mismatching versions of _VerifyCertificate
and VerifyCertificate up into [_]VerifyCertifcate{Soft,Strong}
and update usages accordingly
lib/tools/prepare_node_join.py
update usage of correct VerifyCertificate function
lib/watcher/__init__.py
add both new options, --rapi-ip and --no-verify-disks
man/ganeti-watcher.rst
update docs for both new options (see above)
src/Ganeti/OpCodes.hs
add all new options to OpRenewCrypto
test/hs/Test/Ganeti/OpCodes.hs
add enough 'arbitrary' for all new options of OpRenewCrypto
test/py/cmdlib/cluster_unittest.py
use changes from 2.12
test/py/ganeti.tools.prepare_node_join_unittest.py
remove tests that were moved to common_unittest.py
tools/cfgupgrade
use only downgrade code of 2.13
Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>
31 files changed: