ganeti-github.git
5 years agoMerge branch 'stable-2.9' into stable-2.10
Hrvoje Ribicic [Mon, 30 Nov 2015 15:49:09 +0000 (16:49 +0100)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  QA: Ensure the DRBD secret is not retrievable via RAPI
  Redact the DRBD secret in instance queries
  Do not attempt to use the DRBD secret in gnt-instance info

Conflicts:
  lib/cmdlib/instance_query.py - removed physical_id changes

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoQA: Ensure the DRBD secret is not retrievable via RAPI
Hrvoje Ribicic [Fri, 27 Nov 2015 17:32:42 +0000 (17:32 +0000)]
QA: Ensure the DRBD secret is not retrievable via RAPI

The best way to ensure that the DRBD secret does not inadvertently leak
is to introduce a QA test examining the output of the interface in
which the leak was originally introduced.

The test added determines the DRBD secret and makes RAPI requests,
examining them for its presence and failing if a match is found.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoRedact the DRBD secret in instance queries
Hrvoje Ribicic [Fri, 27 Nov 2015 15:58:13 +0000 (15:58 +0000)]
Redact the DRBD secret in instance queries

As the DRBD secret should be used only by Ganeti internals, replacing
the actual secret with None does not hamper Ganeti's work, while
preventing the secret from being leaked.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoDo not attempt to use the DRBD secret in gnt-instance info
Hrvoje Ribicic [Fri, 21 Aug 2015 19:46:18 +0000 (19:46 +0000)]
Do not attempt to use the DRBD secret in gnt-instance info

... so just redact what is output.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoRemove -X from hspace man page
Klaus Aehlig [Mon, 26 Oct 2015 12:34:17 +0000 (13:34 +0100)]
Remove -X from hspace man page

hspace never had such an option.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

Cherry-picked-from: fa36daf4
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

5 years agoMake htools tolerate missing "dtotal" and "dfree" on luxi
Klaus Aehlig [Tue, 16 Jun 2015 09:15:48 +0000 (11:15 +0200)]
Make htools tolerate missing "dtotal" and "dfree" on luxi

If a cluster allows sharedfile as only disk template, the amount of
total and free disk space might not be available. This is perfectly
normal, hence make the luxi backend handle it gracefully and just report
0 available disk on 0 total disk.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

Cherry-picked-from: 49644203
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoMerge branch 'stable-2.9' into stable-2.10
Klaus Aehlig [Thu, 8 Oct 2015 13:27:59 +0000 (15:27 +0200)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Update harep's man page to notify users of its limitations

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoAdd a test for parsing of admin_state in IAlloc backend
Klaus Aehlig [Mon, 5 Oct 2015 14:34:23 +0000 (16:34 +0200)]
Add a test for parsing of admin_state in IAlloc backend

The administrative state of an instance is reported in the
IAllocator interface. Test whether that correctly propagates
to the parsed cluster state.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoAt IAlloc backend guess state from admin state
Klaus Aehlig [Mon, 5 Oct 2015 14:55:27 +0000 (16:55 +0200)]
At IAlloc backend guess state from admin state

At the IAlloc backend of htools we do not get the actual
state of the instance (as everything is state-of-record only).
However, we do get the administrative state. Therefore, by
assuming that for each instance the actual state is the one
corresponding to the administrated one, we can get a much better
description of the cluster than blindly assuming all instances
are running. Do so, whenever the admin_state is provided.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoUpdate harep's man page to notify users of its limitations
Petr Pudlak [Tue, 29 Sep 2015 12:04:11 +0000 (14:04 +0200)]
Update harep's man page to notify users of its limitations

In particular that it works only for 'drbd' and 'plain', and that it
doesn't perform hardware failure detection, which are both common user
expectations.

Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMerge branch 'stable-2.9' into stable-2.10
Hrvoje Ribicic [Thu, 3 Sep 2015 11:22:54 +0000 (13:22 +0200)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Document quoting of special values in key-value parameters
  replace-disks: fix --ignore-ipolicy

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoDocument quoting of special values in key-value parameters
Klaus Aehlig [Tue, 1 Sep 2015 13:23:41 +0000 (15:23 +0200)]
Document quoting of special values in key-value parameters

Since the early days of Ganeti, it is possible to pass in key-value
parameters also some special non-string values (the two boolean values
True and False and the special value None). However, the syntax for
entering them was never properly documented confusing people who had
to pass one of those values. So document it now.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoreplace-disks: fix --ignore-ipolicy
Apollon Oikonomopoulos [Mon, 31 Aug 2015 14:20:36 +0000 (17:20 +0300)]
replace-disks: fix --ignore-ipolicy

CheckTargetNodeIPolicy was expecting an LU, but got a Tasklet instead.
This caused gnt-instance replace-disks --ignore-ipolicy to fail with a
"'TLReplaceDisks' object has no attribute 'LogWarning'" message in the
presence policy-related warnings. We fix this by passing the calling LU
to CheckTargetNodeIPolicy.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoAdd a new unit test for LUInstanceMultiAlloc
Dimitris Bliablias [Wed, 29 Jul 2015 11:21:12 +0000 (14:21 +0300)]
Add a new unit test for LUInstanceMultiAlloc

This patch, extends the 'cmdlib.instance_unittest.py' with a new test
for instances multi allocations, in order to test an allocation of more
than one instances.

Signed-off-by: Dimitris Bliablias <dblia@skroutz.gr>
Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoFix a bug in LUInstanceMultiAlloc LU
Dimitris Bliablias [Wed, 29 Jul 2015 11:21:11 +0000 (14:21 +0300)]
Fix a bug in LUInstanceMultiAlloc LU

As of commit 804d72eb, some modifications on the LUInstanceMultiAlloc LU
resulted in breaking the instances multi allocation functionality.

In details, when using an iallocator for the instances allocation, the
'jobs' list is computed for allocations using the DRBD disk template
only and not for the rest templates, due to the wrong indentation of the
relevant code line. Furthermore, for the same reason, the allocation of
more than one instances always fails since the 'missing' set is not
computed after the processing of all the allocatable instances, as it
should do, but at the end of each instance iteration.

Signed-off-by: Dimitris Bliablias <dblia@skroutz.gr>
Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

5 years agoFix typo in secondary
Thomas Vander Stichele [Tue, 21 Jul 2015 08:33:50 +0000 (10:33 +0200)]
Fix typo in secondary

Signed-off-by: Thomas Vander Stichele <thomasvs@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoWhen hinting to do gnt-instance info, show the instance
Thomas Vander Stichele [Mon, 20 Jul 2015 20:24:59 +0000 (16:24 -0400)]
When hinting to do gnt-instance info, show the instance

Signed-off-by: Thomas Vander Stichele <thomasvs@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoUpdate gnt-network example in admin page
Klaus Aehlig [Thu, 23 Jul 2015 10:38:14 +0000 (12:38 +0200)]
Update gnt-network example in admin page

Commit 2243b133 changed the syntax of the gnt-network command.
Mode and link are no longer passed as positional arguments, but
instead as named parameters in the --nic-parameters option.
However, the example in the admin page was not updated. Do this
now.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoSubstitute 'suffix' for 'revision'
Lisa Velden [Tue, 19 May 2015 11:36:54 +0000 (13:36 +0200)]
Substitute 'suffix' for 'revision'

Signed-off-by: Lisa Velden <velden@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoCheck for gnt-cluster before running gnt-cluster upgrade
Christos Trochalakis [Tue, 12 May 2015 19:24:10 +0000 (22:24 +0300)]
Check for gnt-cluster before running gnt-cluster upgrade

When ganeti is removed (not purged) `/etc/cron.d/ganeti` is not deleted,
thus after a reboot cron tries to execute gnt-cluster upgrade and fails.

The same pattern is used on all other cron entries.

Signed-off-by: Christos Trochalakis <christos@skroutz.gr>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoUpdate tag limitations
Klaus Aehlig [Fri, 17 Apr 2015 16:54:22 +0000 (18:54 +0200)]
Update tag limitations

We always supported underscores in tags since \w in pythons
interpretation of regular expressions does include the underscore.
While this might have happened by accident, there is no reason to
change the implementation. The motivation for the restriction
was to avoid accidents with wrong (manual) shell escaping; the
underscore, however, has no special meaning to the shell. So
just make the documentation say what we implemented.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoFix typos in doc/design-storagetypes.rst
Gangbiao Liu [Wed, 8 Apr 2015 12:12:21 +0000 (20:12 +0800)]
Fix typos in doc/design-storagetypes.rst

Signed-off-by: Gangbiao Liu <lgb.nwpu@gmail.com>
Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMake getFQDN prefer cluster protocol family
Klaus Aehlig [Fri, 10 Apr 2015 10:15:24 +0000 (12:15 +0200)]
Make getFQDN prefer cluster protocol family

In getFQDN, if the primary IP family of the cluster is known,
provide it as a hint.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoAdd version of getFQDN accepting preferences
Klaus Aehlig [Fri, 10 Apr 2015 10:05:50 +0000 (12:05 +0200)]
Add version of getFQDN accepting preferences

Still the best way to get the "canonical name" of a host
is to look up its host name and reverse look up the IP
address obtained. Obviously, that the result depends
on the protocol family used. So accept hints on which
family to prefer.

Note that getFQDN is exported on higher branches, so we
keep its type stable to avoid semantic merge conflicts.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoMake getFQDN honor vcluster
Klaus Aehlig [Mon, 2 Jun 2014 15:31:10 +0000 (17:31 +0200)]
Make getFQDN honor vcluster

Make the official (exported) getFQDN function honor the vcluster
setup. In this way, also Haskell daemons can obtain their name
correctly in a vcluster. In particular, voting will work.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

Cherry-picked-form: c29501f6
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agofix typos in design-file-based-storage.rst doc
Gangbiao Liu [Wed, 8 Apr 2015 01:48:47 +0000 (09:48 +0800)]
fix typos in design-file-based-storage.rst doc

Fix typos in doc/design-file-based-storage.rst.

Signed-off-by: Gangbiao Liu <lgb.nwpu@gmail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoSwitch to our osminor
Klaus Aehlig [Tue, 7 Apr 2015 16:06:13 +0000 (18:06 +0200)]
Switch to our osminor

...and thus work around the bug in os.minor

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoProvide an alternative for os.minor working around its bug
Klaus Aehlig [Tue, 7 Apr 2015 16:04:28 +0000 (18:04 +0200)]
Provide an alternative for os.minor working around its bug

Python's os.minor still contains an old definition, whereas the
current one has changed. So we add our own definition working around
this bug.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoFix typo
Lisa Velden [Tue, 7 Apr 2015 12:37:37 +0000 (14:37 +0200)]
Fix typo

Signed-off-by: Lisa Velden <velden@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoCanTieredAlloc test: make instances big enough
Klaus Aehlig [Thu, 2 Apr 2015 16:03:12 +0000 (18:03 +0200)]
CanTieredAlloc test: make instances big enough

Fix a subtle bug in the CanTieredAlloc test. The property we were
testing for was actually not valid with the addition of an ipolicy.
The lower policy bound for disk was 4 times the unit for disks (256M).
So, a valid node have free disk only slightly larger than the ipolicy
lower bound. When shrinking disks, however, we go in steps of full
units---and thus might miss the window of opportunity if that is smaller
that a full unit. So, only use nodes that have at least 5 units worth
of resources for every resource.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoAfter master-failover verify reachability of master IP
Klaus Aehlig [Thu, 2 Apr 2015 13:26:45 +0000 (15:26 +0200)]
After master-failover verify reachability of master IP

...and warn if it is not. Note that the master activates
the master IP in an asynchronous task and will continue
even if that fails.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoReport failure to deactivate old master IP in exit code
Klaus Aehlig [Thu, 2 Apr 2015 09:46:03 +0000 (11:46 +0200)]
Report failure to deactivate old master IP in exit code

If we failed to disable the old master IP, the master failover
did not fully succeed, hence that should be reported in the
exit code. Nevertheless, the best is to proceed, as it is
better to have working cluster, albeit only reachable via
the primary IP of the new master node (and not the cluster
master IP), than not have a cluster. Also note, that for
this reason master will start up even if it cannot set
the cluster master IP. So, while there, fix the warning
message as well.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoExpose warnings during master-failover
Klaus Aehlig [Wed, 1 Apr 2015 16:04:59 +0000 (18:04 +0200)]
Expose warnings during master-failover

During master failover, there are some situations where problems
occur but the best thing to do is to carry on. These problems
are logged using the usual mechanism. However, a user usually
does not look into the log file unless the command executed
returns some hints that something might have gone wrong.
So also return the warnings as an additional return value,
allowing the CLI to report properly.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoFix manpage for gnt-cluster copyfile
Lisa Velden [Wed, 1 Apr 2015 16:07:30 +0000 (18:07 +0200)]
Fix manpage for gnt-cluster copyfile

Change "copyfile" position in example

Signed-off-by: Lisa Velden <velden@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoFixed typos
Lisa Velden [Fri, 27 Mar 2015 13:19:06 +0000 (14:19 +0100)]
Fixed typos

Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoPass correct params in move-instance
Hrvoje Ribicic [Thu, 26 Mar 2015 14:35:42 +0000 (14:35 +0000)]
Pass correct params in move-instance

move-instance incorrectly passes backend params as the OS params when
moving an instance. This patch fixes this.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoIn CanTieredAlloc test set IPolicy
Klaus Aehlig [Wed, 25 Mar 2015 16:49:17 +0000 (17:49 +0100)]
In CanTieredAlloc test set IPolicy

Changing the test to allocate on nodes with a non-trivial
instance policy has two advantages.

- We test in a more realistic (and also more challenging)
  environment.

- Once the lower limit of the ipolicy is reached no more
  allocations are possible, thus having fewer shrinking
  rounds---and hence speeding up the test by a factor of 4.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoMake genInstanceMaybeBiggerThanNode honor policy lower bound
Klaus Aehlig [Wed, 25 Mar 2015 15:56:09 +0000 (16:56 +0100)]
Make genInstanceMaybeBiggerThanNode honor policy lower bound

Note that in all current calls to this function, the node has the
nullIPolicy, to the semantics does not change here.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoAlso export a null ISpec
Klaus Aehlig [Wed, 25 Mar 2015 16:01:18 +0000 (17:01 +0100)]
Also export a null ISpec

This is an ISpec for an instance with 0 resources. It can serve as a trivial
lower bound where we have to provide one but do not actually care.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoSupport instance generation within ranges
Klaus Aehlig [Wed, 25 Mar 2015 15:37:22 +0000 (16:37 +0100)]
Support instance generation within ranges

This will be used to generate instances big enough to fall within
a given instance policy.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoAdd a function to leave the list monad
Klaus Aehlig [Fri, 14 Feb 2014 23:12:23 +0000 (00:12 +0100)]
Add a function to leave the list monad

The list monad provides convenient syntax for non-deterministic
algorithms. Add a function leaving that monad with this intuition
in mind.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

Cherry-picked-from: a1da8a503ba
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoMake QA fail if KVM hotplugging fails
Hrvoje Ribicic [Wed, 18 Mar 2015 13:58:08 +0000 (14:58 +0100)]
Make QA fail if KVM hotplugging fails

Unlike almost all other modification commands, hotplugging a device and
failing does not result in an error code showing that the operation was
unsuccessful. Because of this, the QA ignored hotplugging failures. To
fix this, this patch makes the QA examine the output of the command for
signs of failure.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoAlways preserve QA command output
Hrvoje Ribicic [Tue, 17 Mar 2015 20:13:20 +0000 (20:13 +0000)]
Always preserve QA command output

A previous patch suppressed command output if the command succeded,
which reduces the amount of information we have in the QA, especially
warnings or the like. This patch restores the output, while still
ignoring the use cases in which we really do not care whether the
command succeeds or not.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoDon't lose stdout/stderr in AssertCommand
Klaus Aehlig [Tue, 4 Nov 2014 09:36:32 +0000 (10:36 +0100)]
Don't lose stdout/stderr in AssertCommand

If a command fails/succeeds that should not do so,
show stdout and stderr. This information can be
relevant for debugging.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

Cherry-picked-from: 7f7c9c2cc2fa7acccc9040ae12e454dbeac48d6f
Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoqa_utils: Allow passing fail=None to AssertCommand
Niklas Hambuechen [Wed, 8 Oct 2014 12:15:00 +0000 (14:15 +0200)]
qa_utils: Allow passing fail=None to AssertCommand

This is for cases where we don't care about the exit code.

Signed-off-by: Niklas Hambuechen <niklash@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Cherry-picked-from: 226455df57247d52b8f26bf9e2562644f6e18892
Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoqa_utils: Make AssertCommand return stdout/stderr as well
Niklas Hambuechen [Mon, 22 Sep 2014 15:43:22 +0000 (17:43 +0200)]
qa_utils: Make AssertCommand return stdout/stderr as well

This is usefull if the run commands output something that's needed afterwards.

Signed-off-by: Niklas Hambuechen <niklash@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Cherry-picked-from: b47587b0d8b9646adbf519a7b7286a0576e582c0
Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoAllow plain/DRBD conversions regardless of lack of disks
Hrvoje Ribicic [Mon, 16 Mar 2015 22:54:04 +0000 (22:54 +0000)]
Allow plain/DRBD conversions regardless of lack of disks

Because of trivial issues, it was impossible to use standard mechanisms
to convert a diskless plain instance to DRBD and vice versa. This
patch fixes that with a mechanism which will work until later versions,
where instances without disks organically take on the diskless
template.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoAdd support for ipolicy modifications to mock config
Hrvoje Ribicic [Mon, 16 Mar 2015 22:45:11 +0000 (22:45 +0000)]
Add support for ipolicy modifications to mock config

This patch adds a helper function making it easier to modify the
ipolicy within tests.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoRemove unused import
Klaus Aehlig [Wed, 4 Mar 2015 15:26:12 +0000 (16:26 +0100)]
Remove unused import

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoUse an old way to instance NFData CollectorData
Klaus Aehlig [Wed, 4 Mar 2015 10:04:45 +0000 (11:04 +0100)]
Use an old way to instance NFData CollectorData

...to make sure we can successfully build on platforms
with older versions of the containers library.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMonD: force computation of state in stateful collectors
Klaus Aehlig [Tue, 3 Mar 2015 13:31:17 +0000 (14:31 +0100)]
MonD: force computation of state in stateful collectors

...to avoid stateful collectors that are not queried regularly
accumulating thunks.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoInstance NFData CollectorData
Klaus Aehlig [Tue, 3 Mar 2015 13:38:30 +0000 (14:38 +0100)]
Instance NFData CollectorData

...so that we can force the states of stateful collectors.
This is necessary to avoid thunks accumulating in unobserved
collectors.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoRelax expectation of accuracy
Klaus Aehlig [Mon, 2 Mar 2015 15:09:28 +0000 (16:09 +0100)]
Relax expectation of accuracy

When updating statistics to obtain new standard deviations,
rounding errors do happen. Testing for an accuracy of 1e-10
is still an order of magnitude better than our limit of 1e-9
for taking action.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoImprove rounding accuracty in updateStatistics
Klaus Aehlig [Mon, 2 Mar 2015 14:56:22 +0000 (15:56 +0100)]
Improve rounding accuracty in updateStatistics

Rearrange the arithmetic operations in statistics update
by avoiding small differences of large numbers.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMerge branch 'stable-2.9' into stable-2.10
Petr Pudlak [Mon, 2 Mar 2015 16:00:57 +0000 (17:00 +0100)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Stop MonD when removing a node from a cluster

Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoStop MonD when removing a node from a cluster
Petr Pudlak [Thu, 26 Feb 2015 14:24:28 +0000 (15:24 +0100)]
Stop MonD when removing a node from a cluster

Currently if we remove a node from a cluster, or destroy a cluster, the
daemon is still running.

The non-master daemons are stopped in 'LeaveCluster', so add stopping
MonD there as well.

Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoUpdate gnt-backup manual to reflect real behavior
Hrvoje Ribicic [Thu, 12 Feb 2015 19:11:32 +0000 (19:11 +0000)]
Update gnt-backup manual to reflect real behavior

As the gnt-backup manual page still states incorrect information about
error codes stemming from 2010 and not reflecting changes of commit
44247302, this patch updates it.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoFinalize local export only if successful
Hrvoje Ribicic [Thu, 12 Feb 2015 17:34:47 +0000 (17:34 +0000)]
Finalize local export only if successful

Before commit 44247302, a failure in the transfer of a single disk
during an export was changed to make the entire transfer unsuccessful.
What did not change was an invocation of export finalization, which
removes the old backup if present and replaces it with whatever the
result of the transfer was. As a result, a failed backup of an instance
could destroy a previous backup.

This patch prevents the finalization from taking place - this leaves
some data lying around in a ".new" directory, but at least the old
backup is not deleted.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoFix haddock comment
Klaus Aehlig [Mon, 16 Feb 2015 13:44:07 +0000 (14:44 +0100)]
Fix haddock comment

In 2da679f, the CollectorData and CollectorMap types were
introduced. However, in the comment explaining those types,
the word "above" actually refered to a type introduced
later. Fix that.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMerge branch 'stable-2.9' into stable-2.10
Klaus Aehlig [Mon, 16 Feb 2015 11:35:04 +0000 (12:35 +0100)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Fix file descriptor leak in Confd Client
  Fix hlint warnings found by hlint 1.9.11

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoFix file descriptor leak in Confd Client
Klaus Aehlig [Thu, 12 Feb 2015 13:40:37 +0000 (14:40 +0100)]
Fix file descriptor leak in Confd Client

The queryOneServer function opens a UDP socket to connect
to the specified confd server. However, it would never
close it. Fix this and do so in a bracket construction
to make sure it also gets cleaned up in case of errors.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoFix hlint warnings found by hlint 1.9.11
Niklas Hambuechen [Fri, 7 Nov 2014 23:09:23 +0000 (00:09 +0100)]
Fix hlint warnings found by hlint 1.9.11

Our current hlint version cannot find them yet.

Signed-off-by: Niklas Hambuechen <niklash@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Cherry-picked-from: d05f1c86fcca10d2a52cfdcf538e8bfaf517f655

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoAlso distribute devel/build_chroot
Klaus Aehlig [Tue, 10 Feb 2015 15:49:59 +0000 (16:49 +0100)]
Also distribute devel/build_chroot

While not strictly necessary for using Ganeti, the distribution
tar ball is still supposed to be a complete for Ganeti development.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoUpdate ganeti download location
Klaus Aehlig [Tue, 10 Feb 2015 10:06:47 +0000 (11:06 +0100)]
Update ganeti download location

http://downloads.ganeti.org is now the primary location for
obtaining ganeti release tar balls.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoFix haddock comment
Klaus Aehlig [Fri, 6 Feb 2015 11:19:36 +0000 (12:19 +0100)]
Fix haddock comment

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoFix spacing
Klaus Aehlig [Thu, 22 Jan 2015 11:06:29 +0000 (12:06 +0100)]
Fix spacing

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoIngore automatically generated tools/shebang
Klaus Aehlig [Fri, 7 Nov 2014 15:05:49 +0000 (16:05 +0100)]
Ingore automatically generated tools/shebang

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Niklas Hambuechen <niklash@google.com>

Cherry-picked-from: 591363bfcfc99a10e7bed71d8af1f15df6cc57a8

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoAuto-upgrade hv_state_static and disk_state_static
Klaus Aehlig [Tue, 20 Jan 2015 14:08:08 +0000 (15:08 +0100)]
Auto-upgrade hv_state_static and disk_state_static

These cluster parameters were introduced in 2da9f556
without being added to the parameters implicitly upgraded
if missing. This now causes problems when upgrading pre-2.6
clusters to 2.11 or later where this parameter is assumed
to be a dictionary. So add the implicit upgrade.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoFix typo in gnt_cluster output
Aaron Karper [Wed, 7 Jan 2015 07:26:29 +0000 (08:26 +0100)]
Fix typo in gnt_cluster output

Fixes issue #1015

Signed-off-by: Aaron Karper <akarper@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

Cherry-picked from 19a5c6c351f815e89afe948897897a3eb14d29c3

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

6 years agoFix hlint warnings found by hlint 1.9.11
Niklas Hambuechen [Fri, 7 Nov 2014 23:09:23 +0000 (00:09 +0100)]
Fix hlint warnings found by hlint 1.9.11

Our current hlint version cannot find them yet.

Signed-off-by: Niklas Hambuechen <niklash@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Cherry-picked from: d05f1c86fcca

Conflicts:
src/Ganeti/Utils.hs (trivial)

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Niklas Hambuechen <niklash@google.com>

6 years agoOnly check header for non-generated files
Klaus Aehlig [Mon, 1 Dec 2014 18:19:00 +0000 (19:19 +0100)]
Only check header for non-generated files

For generated files, it is enough to check the headers of the
files they are generated from. Moreover, the generated files
have the shebang-line of the target system, which might be
different from the generic one checked for.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Niklas Hambuechen <niklash@google.com>

6 years agoFix python shebang line in tools as well github/stable-2.10
Klaus Aehlig [Mon, 3 Nov 2014 12:40:50 +0000 (13:40 +0100)]
Fix python shebang line in tools as well

While most of our top-level python scripts used to be generated
in the Makefile already, the scripts under tools used to be
"ready to use". However, in our current situation where the
python 2 interpreter is called different on different platforms
we still need to fix the shebang line. This patch achieves this
without moving source files around.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

6 years agoDo not hard-code python path
Klaus Aehlig [Thu, 30 Oct 2014 17:03:19 +0000 (18:03 +0100)]
Do not hard-code python path

...in our automatically generated top-level python files.
Instead use the automatically detected python path.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

6 years agoAdd a target to inspect make variables
Klaus Aehlig [Wed, 22 Oct 2014 09:52:17 +0000 (11:52 +0200)]
Add a target to inspect make variables

...this will allow inspecting, e.g., the effective compiler
flags without actually running the compiler. For example,
to see the value of the HFLAGS,

make print-HFLAGS

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

6 years agoHave fatal warnings on in developer mode
Klaus Aehlig [Wed, 22 Oct 2014 09:45:55 +0000 (11:45 +0200)]
Have fatal warnings on in developer mode

Unless you develop Ganeti, it is not a problem if some of
the functions used are deprecated in you newer haskell
environment. So allow those builds for normal users.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

6 years agoAdd a flag --developer-mode
Klaus Aehlig [Wed, 22 Oct 2014 09:37:26 +0000 (11:37 +0200)]
Add a flag --developer-mode

So that we can have fatal warnings in development, but
people can still build old Ganeti versions with newer
compilers despite some functions are deprecated by now.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

6 years agoFix check for sphinx-build from python2-sphinx
Neal Oakey [Tue, 21 Oct 2014 11:36:56 +0000 (13:36 +0200)]
Fix check for sphinx-build from python2-sphinx

if using python2-sphinx '/usr/bin/sphinx-build2 --version' prints
"Sphinx (sphinx-build2) 1.2.3" which didn't match the regex

Signed-off-by: Neal Oakey <neal.oakey@googlemail.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

6 years agouse the Python interpreter from env
Neal Oakey [Sat, 18 Oct 2014 00:08:06 +0000 (02:08 +0200)]
use the Python interpreter from env

use the Python interpreter which has been set via PYTHON env-var at
configure time

Signed-off-by: Neal Oakey <neal.oakey@googlemail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

6 years agoCheck the return value of query in ConnectToInstanceConsole
Yuto KAWAMURA(kawamuray) [Mon, 13 Oct 2014 18:27:58 +0000 (03:27 +0900)]
Check the return value of query in ConnectToInstanceConsole

When running gnt-instance console for an instance name that doesn't
exist, I got the following raw error:

...
    cl.QueryInstances([instance_name], ["console", "oper_state"], False)
ValueError: need more than 0 values to unpack

In this case we should raise the OpPrereqError to notify that the
instance which having that name doesn't exist.
This patch adds a check for the return value of the QueryInstances and
raise the OpPrereqError when the result of the query is a blank list.

Signed-off-by: Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

6 years agoMerge branch 'stable-2.9' into stable-2.10
Petr Pudlak [Mon, 6 Oct 2014 13:02:34 +0000 (15:02 +0200)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Ganeti.Daemon: always install SIGHUP handler

Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

6 years agoganeti.daemon: fix daemon mode with GnuTLS >= 3.3
Apollon Oikonomopoulos [Sat, 4 Oct 2014 18:14:03 +0000 (21:14 +0300)]
ganeti.daemon: fix daemon mode with GnuTLS >= 3.3

Newer GnuTLS versions (>= 3.3.0) use a library constructor for
initialization and open /dev/urandom on library load, way before we
fork(). Closing /dev/urandom on fork causes a failure to re-seed GnuTLS's
random number generator during the first ganeti.http.client request, which
in turn causes the process to silently abort(3).

For more background on this behavior, see this thread at the GnuTLS
mailing list:

http://lists.gnupg.org/pipermail/gnutls-help/2014-April/003429.html

Note that calling pycurl.global_init() at the correct place (as we do) is not
enough, as it does not cause a re-initialization of the GnuTLS library.

As we cannot reliably detect neither the GnuTLS version, nor the socket, we
work our way around this by keeping all fds referring to /dev/urandom open
after fork. We do so using the /proc/self/fd interface.

This fixes issues #961 and #964.

Note that this would not affect the Haskell daemons using cURL + GnuTLS,
because we don't close all file descriptors on fork there.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

6 years agoGaneti.Daemon: always install SIGHUP handler github/stable-2.9
Apollon Oikonomopoulos [Mon, 29 Sep 2014 14:41:38 +0000 (17:41 +0300)]
Ganeti.Daemon: always install SIGHUP handler

Install the SIGHUP handler regardless of the daemonization status. This
fixes issue #755.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

6 years agoFix DRBD version check for non VM capable nodes
Dimitris Aragiorgis [Thu, 25 Sep 2014 14:34:26 +0000 (17:34 +0300)]
Fix DRBD version check for non VM capable nodes

Commit 742dc8de revealed a bug concerning DRBD version check during
cluster verify: In case non VM cabables nodes have DRBD not
installed, we get a version mismatch warning.

VerifyNode() updates the NV_DRBDVERSION key in the response message
only if a node is VM capable. Even if noded fails to retrieve the
DRBD version, the error string is returned.

Thus we must first check in _VerifyGroupDRBDVersion() if the
NV_DRBDVERSION key of the response message is updated and
then verify if we have different versions across nodes.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

6 years agoFix invalid message from gnt-os
Yuto KAWAMURA(kawamuray) [Wed, 24 Sep 2014 19:12:04 +0000 (04:12 +0900)]
Fix invalid message from gnt-os

When we still don't have any os scripts installed, running gnt-os
diagnose or gnt-os info foo(whatever) shows an error message "Can't get
the OS list" even if the request has been succeeded.
The OpOsDiagnose can return a blank list, so we should check whether
the result is None.

Signed-off-by: Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

6 years agoRenaming NV_VMNODES to NV_NONVMNODES
Helga Velroyen [Tue, 5 Aug 2014 07:47:34 +0000 (09:47 +0200)]
Renaming NV_VMNODES to NV_NONVMNODES

This patch renames the constant 'NV_VMNODES' to
'NV_NONVMNODES' as it is actually used to store
a list of *non* vm-capable nodes.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

6 years agoNode names in NV_VMNODES
Helga Velroyen [Tue, 5 Aug 2014 07:46:56 +0000 (09:46 +0200)]
Node names in NV_VMNODES

This patch populates the list 'NV_VMNODES' with node
names and not node UUIDs, as the backend only uses this
list to identify VM-capable nodes by querying for the
node name.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

6 years agoUpdate the license statement
Klaus Aehlig [Tue, 9 Sep 2014 15:09:16 +0000 (17:09 +0200)]
Update the license statement

It was decided that Ganeti is relicensed under the 2-clause
BSD license. Update the license statements accordingly (issue #936).

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

6 years agoFix handling of the --online option
Dimitris Aragiorgis [Wed, 10 Sep 2014 22:00:12 +0000 (01:00 +0300)]
Fix handling of the --online option

From the man page, the --online option is supposed to mark an
instance down only if it is already offline. Otherwise it should
fail. With this patch we avoid undesired transitions to ADMIN_down
state while the instance is already up and running.

Fix the corresponding QA test as well (TestInstanceModify).

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

6 years agoAdd warning against hvparam changes with live migrations
Hrvoje Ribicic [Thu, 4 Sep 2014 20:57:49 +0000 (20:57 +0000)]
Add warning against hvparam changes with live migrations

Changing certain hvparams while an instance is running leads to a
dangerous situation for the instance. When the instance undergoes live
migration without having undergone a reboot that would have applied the
parameters, it is setup with the modified hvparams, and loaded with the
state relying on the old hvparams. Depending on what is used and how,
this might lead to a crash of the instance.

While a proper fix should go into a stable version of Ganeti as this is
not a trivial change, the least we can do is warn users that hvparam
changes may be dangerous.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

6 years agoClarify what is implemented wrt Ceph support
Hrvoje Ribicic [Tue, 26 Aug 2014 11:07:47 +0000 (13:07 +0200)]
Clarify what is implemented wrt Ceph support

This patch makes minor additions to the Ceph design doc documentation
to clarify that only some parts of the design have been implemented.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

6 years agoOnly verify LVs in configured VG during cluster verify
Vangelis Koukis [Thu, 21 Aug 2014 17:13:28 +0000 (20:13 +0300)]
Only verify LVs in configured VG during cluster verify

During cluster verification, Ganeti would complain about
orphan LVs in VGs other than the one specified in its configuration.

This commit fixes the backend layer for nodegroup verification
to only report LVs in the VG passed by the master node as part
of the node verification parameters.

Signed-off-by: Vangelis Koukis <vkoukis@grnet.gr>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

6 years agoFix network info in case of multi NIC instances
Dimitris Aragiorgis [Tue, 19 Aug 2014 12:48:50 +0000 (15:48 +0300)]
Fix network info in case of multi NIC instances

Network query mechanism fills inst_list field with the list of
instances that are connected to the corresponding network.
Fix the case of multi NIC instances where the NIC scan stopped
once a matching network was found.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

6 years agoOn upgrades, check for upgrades to resume first
Klaus Aehlig [Wed, 13 Aug 2014 12:08:22 +0000 (14:08 +0200)]
On upgrades, check for upgrades to resume first

Make gnt-cluster upgrade refuse to upgrade if an upgrade to be resumed
is present. For the convenience of the user, consider an upgrade
command to the same target version as the upgrade to be resumed as an
equivalent way of saying that the pending upgrade is to be resumed.
Fixes issue 906.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

6 years agoPause watcher during upgrade
Klaus Aehlig [Wed, 13 Aug 2014 08:59:43 +0000 (10:59 +0200)]
Pause watcher during upgrade

As also suggested in the manual upgrade instructions,
pause the watcher (for 1h) during the upgrade. Fixes
issue 905.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

6 years agoAllow instance disks to be added with --no-wait-for-sync
Hrvoje Ribicic [Mon, 11 Aug 2014 13:58:22 +0000 (15:58 +0200)]
Allow instance disks to be added with --no-wait-for-sync

The patch 3c260845147c6dad35e37c03ba9a7556814f3f3f fixed a bug where
adding a new disk to an instance with deactivated disks activated the
disk. However, it also introduced some erroneous behaviour, preventing
disks from being added to online instances with --no-wait-for-sync.

In line with the original meaning of the patch, this patch modifies the
check to disallow adding disks to shutdown instances with
--no-wait-for-sync, and allow doing so for online instances.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

6 years agoBump revision to 2.10.7 v2.10.7
Helga Velroyen [Tue, 5 Aug 2014 15:19:03 +0000 (17:19 +0200)]
Bump revision to 2.10.7

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

6 years agoPrepare NEWS file for 2.10.7 release
Helga Velroyen [Tue, 5 Aug 2014 15:17:43 +0000 (17:17 +0200)]
Prepare NEWS file for 2.10.7 release

Note the security issue with config backups
and other changes.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

6 years agoFix lint error
Helga Velroyen [Tue, 5 Aug 2014 15:25:50 +0000 (17:25 +0200)]
Fix lint error

This fixes a lint error of the previous patch complaining
about an unused variable.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

6 years agoCreate the config backup archive in a safe way
Apollon Oikonomopoulos [Fri, 1 Aug 2014 08:23:45 +0000 (11:23 +0300)]
Create the config backup archive in a safe way

Since the config backup archive contains sensitive information and is
written in world-readable locations (/var/lib by default), it should be
created in a safe way and with strict permissions.

This commit uses a temporary file to tackle two issues: the relaxed
permissions of the archive which respected the umask of the user running
`gnt-cluster upgrade' and a (possible) collision attack using a
pre-created file with the predictable backup filename.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

6 years agoAdd non-cherry-pickable changes related to state "rb----"
Hrvoje Ribicic [Wed, 30 Jul 2014 12:37:29 +0000 (12:37 +0000)]
Add non-cherry-pickable changes related to state "rb----"

Ganeti versions 2.11 and 2.12 have both had patches related to strange
Xen domU states which are still legitimate running states, but Ganeti
did not recognize them as such. The previous two cherry-picked patches
bring some of these changes, but the final patch needed (79cb7eceaca2)
cannot be cherry-picked because of a conflict with the other two
patches. The changes were made on different branches, and merged
together at a later time.

This patch manually adds the change, merging together the descriptions
of why certain states are allowed, and putting all of this into the
function docstring.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>