ganeti-github.git
4 years agoFix documentation for master-failover
Hrvoje Ribicic [Mon, 4 Jan 2016 13:16:45 +0000 (14:16 +0100)]
Fix documentation for master-failover

The gnt-cluster manual still specified that arguments should be passed
to the master daemon - one which no longer exists. This patch specifies
the two new daemons to which arguments should be passed instead.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

4 years agoBump revision number for 2.12.6 v2.12.6
Hrvoje Ribicic [Mon, 14 Dec 2015 16:42:03 +0000 (17:42 +0100)]
Bump revision number for 2.12.6

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoUpdate NEWS file for 2.12.6
Hrvoje Ribicic [Mon, 14 Dec 2015 16:41:09 +0000 (17:41 +0100)]
Update NEWS file for 2.12.6

With the security issues text and a list of minor issues.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.11' into stable-2.12
Hrvoje Ribicic [Mon, 14 Dec 2015 16:15:14 +0000 (17:15 +0100)]
Merge branch 'stable-2.11' into stable-2.12

* stable-2.11
  Revision bump for 2.11.8
  Update NEWS file for 2.11.8

* stable-2.10
  Version bump for 2.10.8
  Update NEWS file for 2.10.8

* stable-2.9
  Bump revision number
  Update NEWS file for 2.9.7 release
  Improve RAPI section on security

Conflicts:
  NEWS - Merged entries
  configure.ac - Took 2.12 version numbers

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoRevision bump for 2.11.8 v2.11.8
Hrvoje Ribicic [Mon, 14 Dec 2015 14:07:23 +0000 (15:07 +0100)]
Revision bump for 2.11.8

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoUpdate NEWS file for 2.11.8
Hrvoje Ribicic [Mon, 14 Dec 2015 14:06:50 +0000 (15:06 +0100)]
Update NEWS file for 2.11.8

With the security issues text and a list of minor issues.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoMerge branch 'stable-2.10' into stable-2.11
Hrvoje Ribicic [Mon, 14 Dec 2015 13:13:03 +0000 (14:13 +0100)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Version bump for 2.10.8
  Update NEWS file for 2.10.8

* stable-2.9
  Bump revision number
  Update NEWS file for 2.9.7 release
  Improve RAPI section on security

Conflicts:
  NEWS - Combine NEWS entries from both versions
  configure.ac - Take correct version numbers

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoVersion bump for 2.10.8 v2.10.8
Hrvoje Ribicic [Fri, 11 Dec 2015 11:09:21 +0000 (12:09 +0100)]
Version bump for 2.10.8

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoUpdate NEWS file for 2.10.8
Hrvoje Ribicic [Fri, 11 Dec 2015 11:08:22 +0000 (12:08 +0100)]
Update NEWS file for 2.10.8

With the security issues text and list minor issues.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.9' into stable-2.10
Hrvoje Ribicic [Thu, 10 Dec 2015 18:04:48 +0000 (19:04 +0100)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Bump revision number
  Update NEWS file for 2.9.7 release
  Improve RAPI section on security

Conflicts:
  NEWS - leave 2.9.7 info in
  configure.ac - revert version bump

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

4 years agoBump revision number stable-2.9 v2.9.7
Hrvoje Ribicic [Thu, 10 Dec 2015 16:40:51 +0000 (17:40 +0100)]
Bump revision number

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

4 years agoUpdate NEWS file for 2.9.7 release
Hrvoje Ribicic [Thu, 10 Dec 2015 16:39:53 +0000 (17:39 +0100)]
Update NEWS file for 2.9.7 release

... with security release info and minor changes.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

4 years agoImprove RAPI section on security
Hrvoje Ribicic [Thu, 10 Dec 2015 13:22:01 +0000 (14:22 +0100)]
Improve RAPI section on security

The RAPI section on security has been improved with new information
related on how users can lock RAPI down as they see fit, and what are
the risks involved with default settings.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoRestrict showing of DRBD secret using types
Hrvoje Ribicic [Tue, 1 Dec 2015 16:11:38 +0000 (16:11 +0000)]
Restrict showing of DRBD secret using types

While the Python changes from 2.9 do prevent Ganeti from accidentally
revealing the Haskell secret, they may not do so forever. The queries
are planned to switch from Python to Haskell at some point, and should
someone want to use the DRBD secret, they can do so easily.

As a more elegant way of hiding the secret, wrap it in a Private
wrapper, preventing it from leaking out unless explicitly requested.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.11' into stable-2.12
Hrvoje Ribicic [Tue, 1 Dec 2015 15:57:49 +0000 (15:57 +0000)]
Merge branch 'stable-2.11' into stable-2.12

* stable-2.11
  (no changes)

* stable-2.10
  (no changes)

* stable-2.9
  QA: Ensure the DRBD secret is not retrievable via RAPI
  Redact the DRBD secret in instance queries
  Do not attempt to use the DRBD secret in gnt-instance info

Conflicts:
  lib/client/gnt_instance.py - taken the 2.11 version, with explicit
                               parameter use
  qa/qa_rapi.py - merged imports, resolved trivial conflict

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.10' into stable-2.11
Hrvoje Ribicic [Mon, 30 Nov 2015 16:12:42 +0000 (17:12 +0100)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  (no changes)

* stable-2.9
  QA: Ensure the DRBD secret is not retrievable via RAPI
  Redact the DRBD secret in instance queries
  Do not attempt to use the DRBD secret in gnt-instance info

Conflicts:
  qa/qa_rapi.py - simply append new changes

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.9' into stable-2.10
Hrvoje Ribicic [Mon, 30 Nov 2015 15:49:09 +0000 (16:49 +0100)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  QA: Ensure the DRBD secret is not retrievable via RAPI
  Redact the DRBD secret in instance queries
  Do not attempt to use the DRBD secret in gnt-instance info

Conflicts:
  lib/cmdlib/instance_query.py - removed physical_id changes

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoQA: Ensure the DRBD secret is not retrievable via RAPI
Hrvoje Ribicic [Fri, 27 Nov 2015 17:32:42 +0000 (17:32 +0000)]
QA: Ensure the DRBD secret is not retrievable via RAPI

The best way to ensure that the DRBD secret does not inadvertently leak
is to introduce a QA test examining the output of the interface in
which the leak was originally introduced.

The test added determines the DRBD secret and makes RAPI requests,
examining them for its presence and failing if a match is found.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoRedact the DRBD secret in instance queries
Hrvoje Ribicic [Fri, 27 Nov 2015 15:58:13 +0000 (15:58 +0000)]
Redact the DRBD secret in instance queries

As the DRBD secret should be used only by Ganeti internals, replacing
the actual secret with None does not hamper Ganeti's work, while
preventing the secret from being leaked.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoDo not attempt to use the DRBD secret in gnt-instance info
Hrvoje Ribicic [Fri, 21 Aug 2015 19:46:18 +0000 (19:46 +0000)]
Do not attempt to use the DRBD secret in gnt-instance info

... so just redact what is output.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoCalculate correct affected nodes set in InstanceChangeGroup
Oleg Ponomarev [Fri, 20 Nov 2015 20:45:11 +0000 (21:45 +0100)]
Calculate correct affected nodes set in InstanceChangeGroup

This is the fix for the issue 1144. The nodes affected by the
InstanceChangeGroup logical unit were calculated incorrectly and that
broke 'gnt-instance change-group --to' operation. This patch fixes it.

Signed-off-by: Oleg Ponomarev <oponomarev@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoMerge branch 'stable-2.11' into stable-2.12
Oleg Ponomarev [Wed, 11 Nov 2015 16:04:40 +0000 (17:04 +0100)]
Merge branch 'stable-2.11' into stable-2.12

    * stable-2.11
      (no changes)

    * stable-2.10
      Remove -X from hspace man page
      Make htools tolerate missing "dtotal" and "dfree" on luxi

Signed-off-by: Oleg Ponomarev <oponomarev@google.com>
Reviewed-by: Liza Velden <velden@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Wed, 11 Nov 2015 15:51:42 +0000 (16:51 +0100)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Remove -X from hspace man page
  Make htools tolerate missing "dtotal" and "dfree" on luxi

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoRevert "Also consider connection time out a network error"
Klaus Aehlig [Tue, 10 Nov 2015 16:47:44 +0000 (17:47 +0100)]
Revert "Also consider connection time out a network error"

This reverts commit 84c17185ad47070944c64ab64a8c7dfd60a260f9.
We use RetryOnNetworkError for basically every form of internal
communication. While it makes sense to retry---given that we
assume daemons might come and go at any time---we can only do
so safely, if we positively know that we did not cause any
side effect. Given that not all our requests are idempotent
(e.g., submitting jobs is not)---in fact, the majority is
not--, retrying on timeouts is not safe.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoClone lists before modifying
Klaus Aehlig [Tue, 10 Nov 2015 15:40:47 +0000 (16:40 +0100)]
Clone lists before modifying

When an opcode expands to a list of jobs, we extend the reason trail
of the new jobs with that of the original opcode that expanded to them.
Before modifying the reason trail, however, we should duplicate it to
avoid side effects on shared copies---like the default empty list.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoMake lockConfig call retryable
Klaus Aehlig [Wed, 4 Nov 2015 13:52:16 +0000 (14:52 +0100)]
Make lockConfig call retryable

Locking the configuration is naturally idempotent. However,
the corresponding WConfD call had a check refusing to lock
the config, if the caller has already locked it, arguing that
this should not happen. That argument misses that we have the
built-in assumption that daemons might be restarted at any time,
including the moment where a request is processed, but the caller
did not get the answer yet. So allow retries, hower logging that
they occurred (as this should only happen rarely).

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoReturn the correct error code in the post-upgrade script
Hrvoje Ribicic [Mon, 2 Nov 2015 17:19:22 +0000 (17:19 +0000)]
Return the correct error code in the post-upgrade script

While we want all the post-upgrade actions to be undertaken, should one
of these fail, the correct error code should be returned so that the
upgrade script can report issues.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

5 years agoMake openssl refrain from DH altogether
Klaus Aehlig [Mon, 2 Nov 2015 10:44:34 +0000 (11:44 +0100)]
Make openssl refrain from DH altogether

As various ssl implementations have different ideas about
which dh key lengths are acceptable, refrain from standard
dh altogether (and not only from anonymous dh) to avoid
handshake problems.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoRemove -X from hspace man page
Klaus Aehlig [Mon, 26 Oct 2015 12:34:17 +0000 (13:34 +0100)]
Remove -X from hspace man page

hspace never had such an option.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

Cherry-picked-from: fa36daf4
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

5 years agoFix upgrades of instances with missing creation time
Hrvoje Ribicic [Tue, 27 Oct 2015 18:38:16 +0000 (18:38 +0000)]
Fix upgrades of instances with missing creation time

Some instances from very old Ganeti versions may not have any creation
time information embedded in the config. The upgrade code does not
expect this, and crashes horribly when trying to populate newly
separate disk objects with the same creation time, and this patch
fixes things by inserting a fake value: 0.

The value was chosen because the serialization and deserialization of
such an instance in Haskell yields a value of 0 for the ctime, making
the time consistent between instance and disk. While showing the epoch
time instead of N/A in gnt-instance info is suboptimal, due to the age
of the Ganeti version in which these instances must have been created,
they are at least still ordered correctly.

Signed-off-by: Gerard Oskamp <gjo@google.com>
Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMake htools tolerate missing "dtotal" and "dfree" on luxi
Klaus Aehlig [Tue, 16 Jun 2015 09:15:48 +0000 (11:15 +0200)]
Make htools tolerate missing "dtotal" and "dfree" on luxi

If a cluster allows sharedfile as only disk template, the amount of
total and free disk space might not be available. This is perfectly
normal, hence make the luxi backend handle it gracefully and just report
0 available disk on 0 total disk.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

Cherry-picked-from: 49644203
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoMerge branch 'stable-2.11' into stable-2.12
Klaus Aehlig [Thu, 22 Oct 2015 07:13:23 +0000 (09:13 +0200)]
Merge branch 'stable-2.11' into stable-2.12

* stable-2.11
  Fix default for --default-iallocator-params

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoFix default for --default-iallocator-params
Klaus Aehlig [Wed, 21 Oct 2015 15:36:23 +0000 (17:36 +0200)]
Fix default for --default-iallocator-params

We need to distinguish between the option not being provided
(i.e., no change requested) and the option being empty (i.e.,
a request to reset the value). Therefore, use None as a default,
not {}.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoFix inconsistency in python and haskell objects
Oleg Ponomarev [Mon, 12 Oct 2015 14:25:33 +0000 (16:25 +0200)]
Fix inconsistency in python and haskell objects

Currently hv/disk_state_static parameters are supported only for cluster
object properly. For node groups and nodes they were introduced in
2da9f556, however only on the python side. This could cause problems
during upgrades from old versions.

This patch adds hv and disk states fields to haskell objects as a
notSerializedDefaultField which will fix the problem without the changes
in behaviour. Also it modifies corresponding haskell arbitrary instances.

The patch is inspired by e78fb0d6 and 553363a3.

Signed-off-by: Oleg Ponomarev <oponomarev@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoAdd notSerializeDefault default field option
Oleg Ponomarev [Mon, 12 Oct 2015 14:25:32 +0000 (16:25 +0200)]
Add notSerializeDefault default field option

Default field with notSerializedDefault flag set is a default field which
will be serialized only if it's value differs from the default one. This
flag can be set by using notSerializedDefaultField field type instead of
defaultField field type.

This field is introduced in order to fix a bug of inconsistency between
haskell and python config modules which leads to inconsistent config
after ganeti updgrade.

Signed-off-by: Oleg Ponomarev <oponomarev@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Cherry-picked from: c0a2c62b9ad96c3e35cae0ffdcdf63a09164f537

Signed-off-by: Oleg Ponomarev <oponomarev@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMove design-disks.rst to drafts
Klaus Aehlig [Mon, 12 Oct 2015 12:15:07 +0000 (14:15 +0200)]
Move design-disks.rst to drafts

When, in commit 2676f31, the design for stand-alone disks
was added, it was not added to the list of draft designs,
but accidentally to the list of designs not shown in the index;
the latter, however, is only for implemented designs. As this
design still isn't fully implemented, fix this now.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoMerge branch 'stable-2.11' into stable-2.12
Klaus Aehlig [Thu, 8 Oct 2015 14:35:35 +0000 (16:35 +0200)]
Merge branch 'stable-2.11' into stable-2.12

* stable-2.11
  (no changes)

* stable-2.10
  Add a test for parsing of admin_state in IAlloc backend
  At IAlloc backend guess state from admin state

* stable-2.9
  Update harep's man page to notify users of its limitations

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Thu, 8 Oct 2015 14:16:53 +0000 (16:16 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Add a test for parsing of admin_state in IAlloc backend
  At IAlloc backend guess state from admin state

* stable-2.9
  Update harep's man page to notify users of its limitations

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoQA: Retrieve only the RAPI certificate
Hrvoje Ribicic [Sun, 27 Sep 2015 21:55:51 +0000 (21:55 +0000)]
QA: Retrieve only the RAPI certificate

The QA previously took in the entire certificate file, along with the
private key. As this is really not necessary, change it to be more
conservative.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoQA: Allow usage of specific RAPI certificates and files
Hrvoje Ribicic [Wed, 23 Sep 2015 14:38:50 +0000 (16:38 +0200)]
QA: Allow usage of specific RAPI certificates and files

In some situations, we want to make sure the QA runs with a certain set
of certificates, secrets, users, and the like. This patch allows the QA
to look for a directory on the master node where all of these can be
found, and transplant them into the right place. This allow cluster
creation, renew-crypto, or any other cert-affecting operation to be
tested while preserving RAPI access.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoQA: Reload certificates only when renew-crypto has been run
Hrvoje Ribicic [Thu, 24 Sep 2015 10:36:31 +0000 (12:36 +0200)]
QA: Reload certificates only when renew-crypto has been run

When the cluster refreshes the RAPI certificate as it does in the
renew-crypto test, the stored certificate in the curl config of the
RAPI client has to be renewed. But it should only be renewed when the
test is enabled, so this patch moves that code into the test.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoQA: Restart Ganeti after adding the RAPI users file
Hrvoje Ribicic [Thu, 24 Sep 2015 21:20:30 +0000 (23:20 +0200)]
QA: Restart Ganeti after adding the RAPI users file

... otherwise we have no guarantee that the RAPI daemon will pick up
the change.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoQA: Add reading the RAPI password from a file
Hrvoje Ribicic [Tue, 22 Sep 2015 17:14:50 +0000 (19:14 +0200)]
QA: Add reading the RAPI password from a file

For situations where we're running the QA against a cluster which uses
a hashed password for access, it can be useful to be able to read the
password from a local file. This patch allows this to happen, throwing
in a few refactorings along the way.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoQA: Allow the RAPI user to be set
Hrvoje Ribicic [Tue, 22 Sep 2015 17:09:06 +0000 (19:09 +0200)]
QA: Allow the RAPI user to be set

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoQA: Do not remove nodes from cluster without destroying it
Hrvoje Ribicic [Tue, 22 Sep 2015 15:20:46 +0000 (17:20 +0200)]
QA: Do not remove nodes from cluster without destroying it

The Ganeti QA can be set up to optionally both create and destroy a
cluster during its runtime. Before this patch, the QA removed all the
nodes barring the master one at the end of a QA, regardless of whether
the cluster was supposed to be disassembled. This patch fixes this
behaviour and lets created clusters remain in place after a QA.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoQA: Refactor RAPI handling
Hrvoje Ribicic [Tue, 7 Jul 2015 00:49:23 +0000 (00:49 +0000)]
QA: Refactor RAPI handling

Since the QA RAPI code already uses the horror of global variables to
save the username and password within the qa_rapi module, the code can
be refactored to make the storage of these values outside the module
unnecessary. This encapsulates the RAPI functionality better, and will
allow for easier refactoring in later commits.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoMerge branch 'stable-2.9' into stable-2.10
Klaus Aehlig [Thu, 8 Oct 2015 13:27:59 +0000 (15:27 +0200)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Update harep's man page to notify users of its limitations

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoAdd a test for parsing of admin_state in IAlloc backend
Klaus Aehlig [Mon, 5 Oct 2015 14:34:23 +0000 (16:34 +0200)]
Add a test for parsing of admin_state in IAlloc backend

The administrative state of an instance is reported in the
IAllocator interface. Test whether that correctly propagates
to the parsed cluster state.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoAt IAlloc backend guess state from admin state
Klaus Aehlig [Mon, 5 Oct 2015 14:55:27 +0000 (16:55 +0200)]
At IAlloc backend guess state from admin state

At the IAlloc backend of htools we do not get the actual
state of the instance (as everything is state-of-record only).
However, we do get the administrative state. Therefore, by
assuming that for each instance the actual state is the one
corresponding to the administrated one, we can get a much better
description of the cluster than blindly assuming all instances
are running. Do so, whenever the admin_state is provided.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoUpdate harep's man page to notify users of its limitations
Petr Pudlak [Tue, 29 Sep 2015 12:04:11 +0000 (14:04 +0200)]
Update harep's man page to notify users of its limitations

In particular that it works only for 'drbd' and 'plain', and that it
doesn't perform hardware failure detection, which are both common user
expectations.

Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoIncrease default disk size of burnin to 1G
BSRK Aditya [Thu, 24 Sep 2015 12:14:45 +0000 (14:14 +0200)]
Increase default disk size of burnin to 1G

The previous default value causes burnin to fail at instance
creation as the disk size was too low.

Signed-off-by: BSRK Aditya <bsrk@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agobreak line with more than 80 characters
Klaus Aehlig [Mon, 21 Sep 2015 11:41:25 +0000 (13:41 +0200)]
break line with more than 80 characters

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoOnly search for Python-2 interpreters
Klaus Aehlig [Mon, 21 Sep 2015 08:39:19 +0000 (10:39 +0200)]
Only search for Python-2 interpreters

Ganeti is not yet ready for Python 3. Therefore, at configure-time,
we effectively have two constraints for the version of Python to
use: ">=2.6" and "<3.0". As, unfortunuately, the AM_PYTHON_PATH
macro only supports minimal-version constraints, we afterwards verify
that we got an interpreter for Python 2. We also tune the search
heuristics to first check binaries that most likely are interpreters
for Python 2. To also work with older versions of the autotools, we
do the "<3.0" check manually and no rely on it already being supported
in the AM_PYTHON_CHECK_VERSION macro.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoFix faulty comments / indentation
Hrvoje Ribicic [Wed, 16 Sep 2015 13:23:59 +0000 (15:23 +0200)]
Fix faulty comments / indentation

As a part of patch 6b16d04a318d33a59, some errors were inadvertently
introduced by adding documentation. This patch fixes them.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoHandle Xen 4.3 states better
Hrvoje Ribicic [Tue, 15 Sep 2015 08:37:11 +0000 (10:37 +0200)]
Handle Xen 4.3 states better

In Xen commit e1475a6693aac8cddc4bdd456548aa05a625556b, the output from
xl list was extended to provide a reason for shutdowns. This breaks
our somewhat strict parsing of the output in certain situations where
the new states appear (e.g. the short suspension during a migration, or
an instance reboot).

This patch makes sure the new states (barring the mysterious watchdog
state) are handled correctly.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMerge branch 'stable-2.11' into stable-2.12
Hrvoje Ribicic [Thu, 3 Sep 2015 12:39:26 +0000 (14:39 +0200)]
Merge branch 'stable-2.11' into stable-2.12

* stable-2.11
  (no changes)

* stable-2.10
  (no changes)

* stable-2.9
  Document quoting of special values in key-value parameters
  replace-disks: fix --ignore-ipolicy

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Hrvoje Ribicic [Thu, 3 Sep 2015 12:10:34 +0000 (14:10 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  (no changes)

* stable-2.9
  Document quoting of special values in key-value parameters
  replace-disks: fix --ignore-ipolicy

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMerge branch 'stable-2.9' into stable-2.10
Hrvoje Ribicic [Thu, 3 Sep 2015 11:22:54 +0000 (13:22 +0200)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Document quoting of special values in key-value parameters
  replace-disks: fix --ignore-ipolicy

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoAdd forgotten IPOLICY_SPINDLE_RATIO to __all__ variable
Oleg Ponomarev [Thu, 3 Sep 2015 09:08:49 +0000 (11:08 +0200)]
Add forgotten IPOLICY_SPINDLE_RATIO to __all__ variable

Signed-off-by: Oleg Ponomarev <oponomarev@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoDocument quoting of special values in key-value parameters
Klaus Aehlig [Tue, 1 Sep 2015 13:23:41 +0000 (15:23 +0200)]
Document quoting of special values in key-value parameters

Since the early days of Ganeti, it is possible to pass in key-value
parameters also some special non-string values (the two boolean values
True and False and the special value None). However, the syntax for
entering them was never properly documented confusing people who had
to pass one of those values. So document it now.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoreplace-disks: fix --ignore-ipolicy
Apollon Oikonomopoulos [Mon, 31 Aug 2015 14:20:36 +0000 (17:20 +0300)]
replace-disks: fix --ignore-ipolicy

CheckTargetNodeIPolicy was expecting an LU, but got a Tasklet instead.
This caused gnt-instance replace-disks --ignore-ipolicy to fail with a
"'TLReplaceDisks' object has no attribute 'LogWarning'" message in the
presence policy-related warnings. We fix this by passing the calling LU
to CheckTargetNodeIPolicy.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMake QA turn on user-shutdown when testing it
Hrvoje Ribicic [Wed, 19 Aug 2015 21:35:22 +0000 (23:35 +0200)]
Make QA turn on user-shutdown when testing it

Commit fe6287b4 made the --user-shutdown switch meaningful for Xen,
preventing USER_DOWN reporting if disabled. The QA turned this switch
on for KVM, where it is needed to start the specialized daemon, but
not for Xen. This patch fixes the discrepancy.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoFix disabling of user shutdown reporting
Hrvoje Ribicic [Mon, 17 Aug 2015 18:24:24 +0000 (18:24 +0000)]
Fix disabling of user shutdown reporting

Unlike the Python-side query logic still used for more detailed
queries, the Haskell queries neglected to take into account the
user-shutdown cluster-level parameter, turning USER_DOWN reporting on
by default. This is especially bad considering that this parameter was
introduced to give time to users to adapt their automation to take the
new statuses into account. This patch makes the parameter usable,
albeit possibly too late.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoMake confd answer disk requests querying by name
Hrvoje Ribicic [Tue, 18 Aug 2015 14:35:21 +0000 (14:35 +0000)]
Make confd answer disk requests querying by name

As a result of an additional bit of code introduced by patch fa3c0df5,
queries for instance disks sent to the configuration daemon required
additional information about the instance. This information was fetched
through a manual search of the list of instances, rather than the
function capable of searching by name or by uuid.

This made the burnin tool used by our tests fail when inquiring for
information and broke QA, and this patch fixes the problem.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agognt-node add: password auth is only one method
Klaus Aehlig [Tue, 11 Aug 2015 07:41:38 +0000 (09:41 +0200)]
gnt-node add: password auth is only one method

The man page for gnt-node add is slightly misleading.
In can be read to mean that we insist on password
authentication for root on the target node. However,
the only point the man page is trying to make here
is that credentials have to be provided to allow to
ssh as root to the target node; password is only of
the many options. Fix the wording accordingly.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoAccept allocation of 0 jobs
Klaus Aehlig [Fri, 7 Aug 2015 15:57:34 +0000 (17:57 +0200)]
Accept allocation of 0 jobs

However, short-cut them and return the empty list
directly, as we do not need to do any change to the
serial file.

Note that allocating 0 jobs has legitimate use cases,
like gnt-node migrate on an empty node. Doing so
without complaining in line with the behaviour of
earlier Ganeti versions.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoReturn multiple fields multiple times
Klaus Aehlig [Tue, 4 Aug 2015 16:03:03 +0000 (18:03 +0200)]
Return multiple fields multiple times

While it is not very useful, our specification still says
that we should return the values for fields requested multiple
times also multiple times. Commit 237a43b added fetching of
fields not requested but needed to evaluate the filter; to
avoid overhead the list of fields was deduplicated, thereby
breaking the said property. Restore it by only deduplicating
and filtering the additional fields.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoIn queries collect all needed data
Klaus Aehlig [Tue, 4 Aug 2015 13:19:01 +0000 (15:19 +0200)]
In queries collect all needed data

Queries are affected by two forms of fields:
- those the user wishes to see, and
- those needed to evaluate the filter provided.
For internal handling, we do have to fetch the
fields of either category to avoid wrong results,
even if we only output fields of the first category.
Ensure this fetch.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoAdd a function computing the filter arguments
Klaus Aehlig [Tue, 4 Aug 2015 13:03:31 +0000 (15:03 +0200)]
Add a function computing the filter arguments

When collecting live data for queries, we need to also
collect the fields the filter talks about, not only the
fields the user wants to see. Therefore, we need a function
computing those fields.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoUtils: Add ordNub
Niklas Hambuechen [Fri, 1 Aug 2014 15:27:11 +0000 (17:27 +0200)]
Utils: Add ordNub

For n*log(n) duplicate removal (as opposed to nub's n^2).

Signed-off-by: Niklas Hambuechen <niklash@google.com>
Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Cherry-picked-from: 5dd8067d
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoAccept timeout errors are luxi down
Klaus Aehlig [Mon, 3 Aug 2015 11:29:42 +0000 (13:29 +0200)]
Accept timeout errors are luxi down

With the extended retry-logic connecting to luxid, an absence
of luxid can also be perceived as a TimeoutError. Therefore,
also for this error, make the watcher try to restart the luxi
daemon.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoCorrect indendation
Lisa Velden [Mon, 3 Aug 2015 08:43:59 +0000 (10:43 +0200)]
Correct indendation

to satisfy pylint.

Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMerge branch 'stable-2.11' into stable-2.12
Lisa Velden [Mon, 3 Aug 2015 07:00:43 +0000 (09:00 +0200)]
Merge branch 'stable-2.11' into stable-2.12

* stable-2.11
  (no changes)

* stable-2.10
  Add a new unit test for LUInstanceMultiAlloc
  Fix a bug in LUInstanceMultiAlloc LU

Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoIn confd provide proper serial number
Klaus Aehlig [Fri, 31 Jul 2015 12:46:34 +0000 (14:46 +0200)]
In confd provide proper serial number

The confd protocol heavily relies on the serial number
to filter out outdated responses. However, the current
implementation always returned 0 as serial number. Fix
this and return a serial number that is bumped with every
change that affects the answer.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Lisa Velden [Fri, 31 Jul 2015 08:22:01 +0000 (10:22 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Add a new unit test for LUInstanceMultiAlloc
  Fix a bug in LUInstanceMultiAlloc LU

Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoAdd a new unit test for LUInstanceMultiAlloc
Dimitris Bliablias [Wed, 29 Jul 2015 11:21:12 +0000 (14:21 +0300)]
Add a new unit test for LUInstanceMultiAlloc

This patch, extends the 'cmdlib.instance_unittest.py' with a new test
for instances multi allocations, in order to test an allocation of more
than one instances.

Signed-off-by: Dimitris Bliablias <dblia@skroutz.gr>
Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoFix a bug in LUInstanceMultiAlloc LU
Dimitris Bliablias [Wed, 29 Jul 2015 11:21:11 +0000 (14:21 +0300)]
Fix a bug in LUInstanceMultiAlloc LU

As of commit 804d72eb, some modifications on the LUInstanceMultiAlloc LU
resulted in breaking the instances multi allocation functionality.

In details, when using an iallocator for the instances allocation, the
'jobs' list is computed for allocations using the DRBD disk template
only and not for the rest templates, due to the wrong indentation of the
relevant code line. Furthermore, for the same reason, the allocation of
more than one instances always fails since the 'missing' set is not
computed after the processing of all the allocatable instances, as it
should do, but at the end of each instance iteration.

Signed-off-by: Dimitris Bliablias <dblia@skroutz.gr>
Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoAlso provide default arguments for mond
Klaus Aehlig [Fri, 24 Jul 2015 10:38:41 +0000 (12:38 +0200)]
Also provide default arguments for mond

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoMerge branch 'stable-2.11' into stable-2.12
Klaus Aehlig [Fri, 24 Jul 2015 09:17:09 +0000 (11:17 +0200)]
Merge branch 'stable-2.11' into stable-2.12

* stable-2.11
  (no changes)

* stable-2.10
  Fix typo in secondary
  When hinting to do gnt-instance info, show the instance
  Update gnt-network example in admin page

Conflicts:
lib/cmdlib/instance_storage.py: trivial

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Thu, 23 Jul 2015 17:22:39 +0000 (19:22 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Fix typo in secondary
  When hinting to do gnt-instance info, show the instance
  Update gnt-network example in admin page

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoFix typo in secondary
Thomas Vander Stichele [Tue, 21 Jul 2015 08:33:50 +0000 (10:33 +0200)]
Fix typo in secondary

Signed-off-by: Thomas Vander Stichele <thomasvs@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoWhen hinting to do gnt-instance info, show the instance
Thomas Vander Stichele [Mon, 20 Jul 2015 20:24:59 +0000 (16:24 -0400)]
When hinting to do gnt-instance info, show the instance

Signed-off-by: Thomas Vander Stichele <thomasvs@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoUpdate gnt-network example in admin page
Klaus Aehlig [Thu, 23 Jul 2015 10:38:14 +0000 (12:38 +0200)]
Update gnt-network example in admin page

Commit 2243b133 changed the syntax of the gnt-network command.
Mode and link are no longer passed as positional arguments, but
instead as named parameters in the --nic-parameters option.
However, the example in the admin page was not updated. Do this
now.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoSupport sphinx 1.3
Klaus Aehlig [Tue, 21 Jul 2015 10:46:57 +0000 (12:46 +0200)]
Support sphinx 1.3

First, enable_manpages is now required to be a bool; fortunately,
we set it via the environment in conf.py anyway, so no need to
pass it as an option as well. Also, the default template has been
renamed to classic; so branch on the sphinx version to choose the
correct name. Fixes issue #1119.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoMake documentation for -H serial_console more explicit
Lisa Velden [Tue, 21 Jul 2015 12:34:42 +0000 (14:34 +0200)]
Make documentation for -H serial_console more explicit

Mention that apart from enabling the emulation of a serial port in KVM
"console=ttyS0,<serial_speed>" is appended to the end of kernel_args.

Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoBugfix in checkInstanceMove function in Cluster.hs
Oleg Ponomarev [Wed, 15 Jul 2015 17:46:14 +0000 (20:46 +0300)]
Bugfix in checkInstanceMove function in Cluster.hs

checkInstanceMove function tries all possible moves of single instance
in order to found an optimal move. When option --no-disk-moves is
enabled, current implementation tries only Failover move while
FailoverToAny is a suitable move too. This patch fixes the bug.

Signed-off-by: Oleg Ponomarev <onponomarev@gmail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoRevision bump for 2.12.5 v2.12.5
Petr Pudlak [Mon, 13 Jul 2015 14:02:16 +0000 (16:02 +0200)]
Revision bump for 2.12.5

Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoUpdate the NEWS file for 2.12.5
Petr Pudlak [Mon, 13 Jul 2015 14:00:57 +0000 (16:00 +0200)]
Update the NEWS file for 2.12.5

... mentioning all the changes.

Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoUpdate Xen documentation in install.rst
Hrvoje Ribicic [Mon, 13 Jul 2015 10:14:50 +0000 (10:14 +0000)]
Update Xen documentation in install.rst

The Xen documentation in install.rst was out of date, describing
xm-specific changes at the point where 2.12 is mostly used with xl.
This patch removes xm-specific migration steps, references the official
Xen wiki instead of replicating information from it, removes the
VNC setup settings that are outdated for xl and probably for xm, and
slightly rewrites the documentation.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoClarify need for the migration_port Xen param
Hrvoje Ribicic [Mon, 13 Jul 2015 10:14:17 +0000 (10:14 +0000)]
Clarify need for the migration_port Xen param

... depending on which toolstack is used.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMerge branch 'stable-2.11' into stable-2.12
Klaus Aehlig [Wed, 8 Jul 2015 15:36:24 +0000 (17:36 +0200)]
Merge branch 'stable-2.11' into stable-2.12

* stable-2.11
  Fix capitalization of TestCase
  Trigger renew-crypto on downgrade to 2.11

Conflicts:
tools/post-upgrade: use 2.12 condition on when to run the hook

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoTell git to ignore tools/ssl-update
Klaus Aehlig [Wed, 8 Jul 2015 14:38:32 +0000 (16:38 +0200)]
Tell git to ignore tools/ssl-update

This tools was recently added, but not added to .gitignore. Do
so now.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoUse 'exclude_daemons' option for master only
Helga Velroyen [Thu, 2 Jul 2015 13:07:12 +0000 (15:07 +0200)]
Use 'exclude_daemons' option for master only

During 'gnt-cluster renew-crypto --new-cluster-certificate'
or '... --new-node-certficates' all daemons are shutdown,
except for wconfd and noded. So far, noded was not shutdown
on all nodes, although it is only necessary on the master.
This patch makes sure that the 'exclude_daemons' flag only
applies to the master, as all interesting operations will
only need them there.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoDisable superfluous restarting of daemons
Helga Velroyen [Thu, 2 Jul 2015 12:42:20 +0000 (14:42 +0200)]
Disable superfluous restarting of daemons

This patch fixes a little glitch where the Ganeti
daemons were stopped and started unnecessarily if
only the cluster certficate was renewed but nothing
else.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoAdd tests exercising the "crashed" state handling
Hrvoje Ribicic [Mon, 6 Jul 2015 17:23:31 +0000 (17:23 +0000)]
Add tests exercising the "crashed" state handling

This patch adds a few tests that make sure the state is handled
properly, using examples taken from a running cluster.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoAdd proper handling of the "crashed" Xen state
Hrvoje Ribicic [Mon, 6 Jul 2015 17:17:41 +0000 (17:17 +0000)]
Add proper handling of the "crashed" Xen state

Whenever an instance would enter the crashed state due to kernel issues
or other horrible problems, Ganeti would not be able to interpret the
data and would report strange and incomprehensible errors. This patch
fixes this by adding proper handling for the "crashed" state.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoHandle SSL setup when downgrading
Helga Velroyen [Wed, 1 Jul 2015 08:45:02 +0000 (10:45 +0200)]
Handle SSL setup when downgrading

This patch will handle the downgrade of the SSL setup
from 2.12 to 2.11. Essentially, all client.pem and
ssconf_master_candidates_certs files will be deleted.
This will kick the cluster in a pre-2.11 mode wrt to
SSL and result in a nagging message to re-run
'gnt-cluster renew-crypto' when as output of 'gnt-cluster
verify'.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoWrite SSH ports to ssconf files
Helga Velroyen [Tue, 30 Jun 2015 08:48:11 +0000 (10:48 +0200)]
Write SSH ports to ssconf files

For the downgrading of the SSL setup from 2.12 to 2.11, we
need to be able to SSH into machines while no daemons are
running. Unfortunately currently the only way to obtain
custom-configured SSH ports is by queries. In order to
access this information with daemons being shutdown, this
patch adds the SSH port information to an ssconf file.

This will also be used to simplify some backend calls for
the *SSH* handling in 2.13.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoNoded: Consider certificate chain in callback
Helga Velroyen [Wed, 24 Jun 2015 12:19:17 +0000 (14:19 +0200)]
Noded: Consider certificate chain in callback

This patch significantly changes the callback that is
called upon receiving an incoming SSL connection. Since
this callback is called not only with the certificate
that the client sends, but also (in some implementations)
with the entire certificate chain of the client
certificate.

In our case, the certficate chain contains
the client certificate and the server certificate as
the one that signed the client certificate. This means
that we have to accept the server certificate, but only
if we receive it with the 'depth' greater than 0, meaning
that this is part of the chain and not the actual
certificate. If the depth value is 0, we can be sure
to have received the actual certficate and match it
against the list of master candidate certificates as
before.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoCluster-keys-replacement: update documentation
Helga Velroyen [Wed, 24 Jun 2015 12:03:03 +0000 (14:03 +0200)]
Cluster-keys-replacement: update documentation

This patch updates the cluster-keys-replacement document
which assists user about how to replace the crypto keys
for their cluster. This now reflects the changes wrt
server/client certificates.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>