ganeti-github.git
4 years agoMerge branch 'stable-2.10' into stable-2.11 stable-2.11
Klaus Aehlig [Mon, 11 Jan 2016 11:30:30 +0000 (12:30 +0100)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  KVM: explicitly configure routed NICs late

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoKVM: explicitly configure routed NICs late stable-2.10
Apollon Oikonomopoulos [Wed, 2 Dec 2015 12:35:42 +0000 (14:35 +0200)]
KVM: explicitly configure routed NICs late

Commit cc8a8ed7 outlined the reasons for configuring bridged NICs early
during live migration and routed NICs after migration has been finished.
Back then these were the only types of NICs available, however with the
introduction of OVS support this has changed.

Since OVS bridges are essentially bridges, the considerations outlined
in cc8a8ed7 still apply: in particular, we do not want to lose the
gratuitous ARP sent out by the KVM NICs, so we have to configure
the OVS interfaces early in the migration process as well.

Rather than explicitly configure bridged and OVS interfaces early, we
prefer to explicitly configure routed interfaces late, since this leads
to more compact code.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoRevision bump for 2.11.8 v2.11.8
Hrvoje Ribicic [Mon, 14 Dec 2015 14:07:23 +0000 (15:07 +0100)]
Revision bump for 2.11.8

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoUpdate NEWS file for 2.11.8
Hrvoje Ribicic [Mon, 14 Dec 2015 14:06:50 +0000 (15:06 +0100)]
Update NEWS file for 2.11.8

With the security issues text and a list of minor issues.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoMerge branch 'stable-2.10' into stable-2.11
Hrvoje Ribicic [Mon, 14 Dec 2015 13:13:03 +0000 (14:13 +0100)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Version bump for 2.10.8
  Update NEWS file for 2.10.8

* stable-2.9
  Bump revision number
  Update NEWS file for 2.9.7 release
  Improve RAPI section on security

Conflicts:
  NEWS - Combine NEWS entries from both versions
  configure.ac - Take correct version numbers

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoVersion bump for 2.10.8 v2.10.8
Hrvoje Ribicic [Fri, 11 Dec 2015 11:09:21 +0000 (12:09 +0100)]
Version bump for 2.10.8

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoUpdate NEWS file for 2.10.8
Hrvoje Ribicic [Fri, 11 Dec 2015 11:08:22 +0000 (12:08 +0100)]
Update NEWS file for 2.10.8

With the security issues text and list minor issues.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.9' into stable-2.10
Hrvoje Ribicic [Thu, 10 Dec 2015 18:04:48 +0000 (19:04 +0100)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Bump revision number
  Update NEWS file for 2.9.7 release
  Improve RAPI section on security

Conflicts:
  NEWS - leave 2.9.7 info in
  configure.ac - revert version bump

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

4 years agoBump revision number stable-2.9 v2.9.7
Hrvoje Ribicic [Thu, 10 Dec 2015 16:40:51 +0000 (17:40 +0100)]
Bump revision number

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

4 years agoUpdate NEWS file for 2.9.7 release
Hrvoje Ribicic [Thu, 10 Dec 2015 16:39:53 +0000 (17:39 +0100)]
Update NEWS file for 2.9.7 release

... with security release info and minor changes.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

4 years agoImprove RAPI section on security
Hrvoje Ribicic [Thu, 10 Dec 2015 13:22:01 +0000 (14:22 +0100)]
Improve RAPI section on security

The RAPI section on security has been improved with new information
related on how users can lock RAPI down as they see fit, and what are
the risks involved with default settings.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoMerge branch 'stable-2.10' into stable-2.11
Hrvoje Ribicic [Mon, 30 Nov 2015 16:12:42 +0000 (17:12 +0100)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  (no changes)

* stable-2.9
  QA: Ensure the DRBD secret is not retrievable via RAPI
  Redact the DRBD secret in instance queries
  Do not attempt to use the DRBD secret in gnt-instance info

Conflicts:
  qa/qa_rapi.py - simply append new changes

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.9' into stable-2.10
Hrvoje Ribicic [Mon, 30 Nov 2015 15:49:09 +0000 (16:49 +0100)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  QA: Ensure the DRBD secret is not retrievable via RAPI
  Redact the DRBD secret in instance queries
  Do not attempt to use the DRBD secret in gnt-instance info

Conflicts:
  lib/cmdlib/instance_query.py - removed physical_id changes

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoQA: Ensure the DRBD secret is not retrievable via RAPI
Hrvoje Ribicic [Fri, 27 Nov 2015 17:32:42 +0000 (17:32 +0000)]
QA: Ensure the DRBD secret is not retrievable via RAPI

The best way to ensure that the DRBD secret does not inadvertently leak
is to introduce a QA test examining the output of the interface in
which the leak was originally introduced.

The test added determines the DRBD secret and makes RAPI requests,
examining them for its presence and failing if a match is found.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoRedact the DRBD secret in instance queries
Hrvoje Ribicic [Fri, 27 Nov 2015 15:58:13 +0000 (15:58 +0000)]
Redact the DRBD secret in instance queries

As the DRBD secret should be used only by Ganeti internals, replacing
the actual secret with None does not hamper Ganeti's work, while
preventing the secret from being leaked.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoDo not attempt to use the DRBD secret in gnt-instance info
Hrvoje Ribicic [Fri, 21 Aug 2015 19:46:18 +0000 (19:46 +0000)]
Do not attempt to use the DRBD secret in gnt-instance info

... so just redact what is output.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Wed, 11 Nov 2015 15:51:42 +0000 (16:51 +0100)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Remove -X from hspace man page
  Make htools tolerate missing "dtotal" and "dfree" on luxi

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoRemove -X from hspace man page
Klaus Aehlig [Mon, 26 Oct 2015 12:34:17 +0000 (13:34 +0100)]
Remove -X from hspace man page

hspace never had such an option.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

Cherry-picked-from: fa36daf4
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Oleg Ponomarev <oponomarev@google.com>

4 years agoMake htools tolerate missing "dtotal" and "dfree" on luxi
Klaus Aehlig [Tue, 16 Jun 2015 09:15:48 +0000 (11:15 +0200)]
Make htools tolerate missing "dtotal" and "dfree" on luxi

If a cluster allows sharedfile as only disk template, the amount of
total and free disk space might not be available. This is perfectly
normal, hence make the luxi backend handle it gracefully and just report
0 available disk on 0 total disk.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

Cherry-picked-from: 49644203
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

4 years agoFix default for --default-iallocator-params
Klaus Aehlig [Wed, 21 Oct 2015 15:36:23 +0000 (17:36 +0200)]
Fix default for --default-iallocator-params

We need to distinguish between the option not being provided
(i.e., no change requested) and the option being empty (i.e.,
a request to reset the value). Therefore, use None as a default,
not {}.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

4 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Thu, 8 Oct 2015 14:16:53 +0000 (16:16 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Add a test for parsing of admin_state in IAlloc backend
  At IAlloc backend guess state from admin state

* stable-2.9
  Update harep's man page to notify users of its limitations

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoMerge branch 'stable-2.9' into stable-2.10
Klaus Aehlig [Thu, 8 Oct 2015 13:27:59 +0000 (15:27 +0200)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Update harep's man page to notify users of its limitations

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoAdd a test for parsing of admin_state in IAlloc backend
Klaus Aehlig [Mon, 5 Oct 2015 14:34:23 +0000 (16:34 +0200)]
Add a test for parsing of admin_state in IAlloc backend

The administrative state of an instance is reported in the
IAllocator interface. Test whether that correctly propagates
to the parsed cluster state.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoAt IAlloc backend guess state from admin state
Klaus Aehlig [Mon, 5 Oct 2015 14:55:27 +0000 (16:55 +0200)]
At IAlloc backend guess state from admin state

At the IAlloc backend of htools we do not get the actual
state of the instance (as everything is state-of-record only).
However, we do get the administrative state. Therefore, by
assuming that for each instance the actual state is the one
corresponding to the administrated one, we can get a much better
description of the cluster than blindly assuming all instances
are running. Do so, whenever the admin_state is provided.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoUpdate harep's man page to notify users of its limitations
Petr Pudlak [Tue, 29 Sep 2015 12:04:11 +0000 (14:04 +0200)]
Update harep's man page to notify users of its limitations

In particular that it works only for 'drbd' and 'plain', and that it
doesn't perform hardware failure detection, which are both common user
expectations.

Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.10' into stable-2.11
Hrvoje Ribicic [Thu, 3 Sep 2015 12:10:34 +0000 (14:10 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  (no changes)

* stable-2.9
  Document quoting of special values in key-value parameters
  replace-disks: fix --ignore-ipolicy

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.9' into stable-2.10
Hrvoje Ribicic [Thu, 3 Sep 2015 11:22:54 +0000 (13:22 +0200)]
Merge branch 'stable-2.9' into stable-2.10

* stable-2.9
  Document quoting of special values in key-value parameters
  replace-disks: fix --ignore-ipolicy

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

4 years agoDocument quoting of special values in key-value parameters
Klaus Aehlig [Tue, 1 Sep 2015 13:23:41 +0000 (15:23 +0200)]
Document quoting of special values in key-value parameters

Since the early days of Ganeti, it is possible to pass in key-value
parameters also some special non-string values (the two boolean values
True and False and the special value None). However, the syntax for
entering them was never properly documented confusing people who had
to pass one of those values. So document it now.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

4 years agoreplace-disks: fix --ignore-ipolicy
Apollon Oikonomopoulos [Mon, 31 Aug 2015 14:20:36 +0000 (17:20 +0300)]
replace-disks: fix --ignore-ipolicy

CheckTargetNodeIPolicy was expecting an LU, but got a Tasklet instead.
This caused gnt-instance replace-disks --ignore-ipolicy to fail with a
"'TLReplaceDisks' object has no attribute 'LogWarning'" message in the
presence policy-related warnings. We fix this by passing the calling LU
to CheckTargetNodeIPolicy.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoMerge branch 'stable-2.10' into stable-2.11
Lisa Velden [Fri, 31 Jul 2015 08:22:01 +0000 (10:22 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Add a new unit test for LUInstanceMultiAlloc
  Fix a bug in LUInstanceMultiAlloc LU

Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoAdd a new unit test for LUInstanceMultiAlloc
Dimitris Bliablias [Wed, 29 Jul 2015 11:21:12 +0000 (14:21 +0300)]
Add a new unit test for LUInstanceMultiAlloc

This patch, extends the 'cmdlib.instance_unittest.py' with a new test
for instances multi allocations, in order to test an allocation of more
than one instances.

Signed-off-by: Dimitris Bliablias <dblia@skroutz.gr>
Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoFix a bug in LUInstanceMultiAlloc LU
Dimitris Bliablias [Wed, 29 Jul 2015 11:21:11 +0000 (14:21 +0300)]
Fix a bug in LUInstanceMultiAlloc LU

As of commit 804d72eb, some modifications on the LUInstanceMultiAlloc LU
resulted in breaking the instances multi allocation functionality.

In details, when using an iallocator for the instances allocation, the
'jobs' list is computed for allocations using the DRBD disk template
only and not for the rest templates, due to the wrong indentation of the
relevant code line. Furthermore, for the same reason, the allocation of
more than one instances always fails since the 'missing' set is not
computed after the processing of all the allocatable instances, as it
should do, but at the end of each instance iteration.

Signed-off-by: Dimitris Bliablias <dblia@skroutz.gr>
Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Lisa Velden <velden@google.com>

4 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Thu, 23 Jul 2015 17:22:39 +0000 (19:22 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Fix typo in secondary
  When hinting to do gnt-instance info, show the instance
  Update gnt-network example in admin page

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

4 years agoFix typo in secondary
Thomas Vander Stichele [Tue, 21 Jul 2015 08:33:50 +0000 (10:33 +0200)]
Fix typo in secondary

Signed-off-by: Thomas Vander Stichele <thomasvs@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoWhen hinting to do gnt-instance info, show the instance
Thomas Vander Stichele [Mon, 20 Jul 2015 20:24:59 +0000 (16:24 -0400)]
When hinting to do gnt-instance info, show the instance

Signed-off-by: Thomas Vander Stichele <thomasvs@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

4 years agoUpdate gnt-network example in admin page
Klaus Aehlig [Thu, 23 Jul 2015 10:38:14 +0000 (12:38 +0200)]
Update gnt-network example in admin page

Commit 2243b133 changed the syntax of the gnt-network command.
Mode and link are no longer passed as positional arguments, but
instead as named parameters in the --nic-parameters option.
However, the example in the admin page was not updated. Do this
now.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoFix capitalization of TestCase
Helga Velroyen [Fri, 3 Jul 2015 09:04:21 +0000 (11:04 +0200)]
Fix capitalization of TestCase

.. and with this unbreak the tests.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoTrigger renew-crypto on downgrade to 2.11
Helga Velroyen [Wed, 1 Jul 2015 08:16:34 +0000 (10:16 +0200)]
Trigger renew-crypto on downgrade to 2.11

With the upcoming changes in 2.12, is it necessary to run
'gnt-cluster renew-crypto --new-node-certificates'. To
ensure that our QA runs smoothely, this means that this
command needs to be added to the post-upgrade hooks of
2.11. To ensure that it is only run when coming from
2.12.X or from before 2.11, the utility functions are
extended by an equal operator for versions.

Note that it is unlikely that 2.11 will get another release,
so this is mainly to fix our QA. However, users downgrading
to a previous version of 2.11 will get a nagging message
to re-run renew-crypto manually.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoDowngrade log-message for rereading job
Klaus Aehlig [Mon, 29 Jun 2015 09:34:13 +0000 (11:34 +0200)]
Downgrade log-message for rereading job

The fact that luxid is rereading a job file because it has
changed on disk is mainly of internal interest for debugging.
Hence downgrade the log-level accordingly.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoDowgrade log-level for successful requests
Klaus Aehlig [Mon, 29 Jun 2015 09:30:13 +0000 (11:30 +0200)]
Dowgrade log-level for successful requests

Originally, only queries used the be served by haskell daemons
over domain sockets. As they were not too frequent, it was OK
to log each of them at INFO level. However, with requests as
frequent as WaitForJobChange served via luxid, logs fill up
to quickly. So log at debug level only.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Hrvoje Ribicic [Fri, 29 May 2015 15:45:34 +0000 (17:45 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Substitute 'suffix' for 'revision'

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoSubstitute 'suffix' for 'revision'
Lisa Velden [Tue, 19 May 2015 11:36:54 +0000 (13:36 +0200)]
Substitute 'suffix' for 'revision'

Signed-off-by: Lisa Velden <velden@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Mon, 18 May 2015 08:09:13 +0000 (10:09 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stbale-2.10
  Check for gnt-cluster before running gnt-cluster upgrade

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoCheck for gnt-cluster before running gnt-cluster upgrade
Christos Trochalakis [Tue, 12 May 2015 19:24:10 +0000 (22:24 +0300)]
Check for gnt-cluster before running gnt-cluster upgrade

When ganeti is removed (not purged) `/etc/cron.d/ganeti` is not deleted,
thus after a reboot cron tries to execute gnt-cluster upgrade and fails.

The same pattern is used on all other cron entries.

Signed-off-by: Christos Trochalakis <christos@skroutz.gr>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Mon, 20 Apr 2015 11:17:24 +0000 (13:17 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Update tag limitations
  Fix typos in doc/design-storagetypes.rst

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoUpdate tag limitations
Klaus Aehlig [Fri, 17 Apr 2015 16:54:22 +0000 (18:54 +0200)]
Update tag limitations

We always supported underscores in tags since \w in pythons
interpretation of regular expressions does include the underscore.
While this might have happened by accident, there is no reason to
change the implementation. The motivation for the restriction
was to avoid accidents with wrong (manual) shell escaping; the
underscore, however, has no special meaning to the shell. So
just make the documentation say what we implemented.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoUpdate configure file to version 2.11.7 v2.11.7
Helga Velroyen [Wed, 15 Apr 2015 08:40:04 +0000 (10:40 +0200)]
Update configure file to version 2.11.7

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoUpdate NEWS file for 2.11.7 release
Helga Velroyen [Wed, 15 Apr 2015 08:39:39 +0000 (10:39 +0200)]
Update NEWS file for 2.11.7 release

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoAdd logging to RenewCrypto
Helga Velroyen [Mon, 13 Apr 2015 09:07:45 +0000 (11:07 +0200)]
Add logging to RenewCrypto

As the LURenewCrypto is a pain to debug, this patch
adds a lot more logging of events to the method.
Note:
- As renew-crypto is a relatively rarely used operation
  in a normal production cluster, this won't clutter up
  real user's log files.
- Most of the messages are in debug mode, so they would
  anyway just show up in log files of clusters run in
  debug mode (as for example our QA clusters.
- A few log messages are in error mode, which is
  intentional as they log more details about the errors
  than is given in the feedback functions.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoFix typos in doc/design-storagetypes.rst
Gangbiao Liu [Wed, 8 Apr 2015 12:12:21 +0000 (20:12 +0800)]
Fix typos in doc/design-storagetypes.rst

Signed-off-by: Gangbiao Liu <lgb.nwpu@gmail.com>
Signed-off-by: Petr Pudlak <pudlak@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Fri, 10 Apr 2015 13:33:04 +0000 (15:33 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Make getFQDN prefer cluster protocol family
  Add version of getFQDN accepting preferences
  Make getFQDN honor vcluster

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoMake getFQDN prefer cluster protocol family
Klaus Aehlig [Fri, 10 Apr 2015 10:15:24 +0000 (12:15 +0200)]
Make getFQDN prefer cluster protocol family

In getFQDN, if the primary IP family of the cluster is known,
provide it as a hint.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoAdd version of getFQDN accepting preferences
Klaus Aehlig [Fri, 10 Apr 2015 10:05:50 +0000 (12:05 +0200)]
Add version of getFQDN accepting preferences

Still the best way to get the "canonical name" of a host
is to look up its host name and reverse look up the IP
address obtained. Obviously, that the result depends
on the protocol family used. So accept hints on which
family to prefer.

Note that getFQDN is exported on higher branches, so we
keep its type stable to avoid semantic merge conflicts.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoMake getFQDN honor vcluster
Klaus Aehlig [Mon, 2 Jun 2014 15:31:10 +0000 (17:31 +0200)]
Make getFQDN honor vcluster

Make the official (exported) getFQDN function honor the vcluster
setup. In this way, also Haskell daemons can obtain their name
correctly in a vcluster. In particular, voting will work.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

Cherry-picked-form: c29501f6
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoFix format string for gnt-network info
Klaus Aehlig [Thu, 9 Apr 2015 08:42:51 +0000 (10:42 +0200)]
Fix format string for gnt-network info

As soon as we have networks bigger than a /22, the lower
index of a line in the usage map can have 4 digits. So
prepare the formating for this.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoReplace textwrapper.wrap by a custom version for networks
Klaus Aehlig [Thu, 9 Apr 2015 08:20:37 +0000 (10:20 +0200)]
Replace textwrapper.wrap by a custom version for networks

"gnt-network info" also provides information about the mapping of used
IPs in that network. This mapping is obtained from the query as a long
string without any spaces. It seems that textwrap.wrap does not perform
well on those strings. Therefore, manually wrap that string, thus bringing
down the time "gnt-network info" takes for a /16 from 1.5 minutes to half
a second. Fixes issue 1016.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoAdd SSL improvements to NEWS file
Helga Velroyen [Wed, 8 Apr 2015 09:48:40 +0000 (11:48 +0200)]
Add SSL improvements to NEWS file

This adds a comment about the recent improvements of
'gnt-cluster renew-crypto --new-node-certificates'

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Wed, 8 Apr 2015 09:21:05 +0000 (11:21 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  fix typos in design-file-based-storage.rst doc
  Switch to our osminor
  Provide an alternative for os.minor working around its bug
  Fix typo
  CanTieredAlloc test: make instances big enough
  After master-failover verify reachability of master IP
  Report failure to deactivate old master IP in exit code
  Expose warnings during master-failover
  Fix manpage for gnt-cluster copyfile

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agofix typos in design-file-based-storage.rst doc
Gangbiao Liu [Wed, 8 Apr 2015 01:48:47 +0000 (09:48 +0800)]
fix typos in design-file-based-storage.rst doc

Fix typos in doc/design-file-based-storage.rst.

Signed-off-by: Gangbiao Liu <lgb.nwpu@gmail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoSwitch to our osminor
Klaus Aehlig [Tue, 7 Apr 2015 16:06:13 +0000 (18:06 +0200)]
Switch to our osminor

...and thus work around the bug in os.minor

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoProvide an alternative for os.minor working around its bug
Klaus Aehlig [Tue, 7 Apr 2015 16:04:28 +0000 (18:04 +0200)]
Provide an alternative for os.minor working around its bug

Python's os.minor still contains an old definition, whereas the
current one has changed. So we add our own definition working around
this bug.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoFix typo
Lisa Velden [Tue, 7 Apr 2015 12:37:37 +0000 (14:37 +0200)]
Fix typo

Signed-off-by: Lisa Velden <velden@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoCanTieredAlloc test: make instances big enough
Klaus Aehlig [Thu, 2 Apr 2015 16:03:12 +0000 (18:03 +0200)]
CanTieredAlloc test: make instances big enough

Fix a subtle bug in the CanTieredAlloc test. The property we were
testing for was actually not valid with the addition of an ipolicy.
The lower policy bound for disk was 4 times the unit for disks (256M).
So, a valid node have free disk only slightly larger than the ipolicy
lower bound. When shrinking disks, however, we go in steps of full
units---and thus might miss the window of opportunity if that is smaller
that a full unit. So, only use nodes that have at least 5 units worth
of resources for every resource.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoAfter master-failover verify reachability of master IP
Klaus Aehlig [Thu, 2 Apr 2015 13:26:45 +0000 (15:26 +0200)]
After master-failover verify reachability of master IP

...and warn if it is not. Note that the master activates
the master IP in an asynchronous task and will continue
even if that fails.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoReport failure to deactivate old master IP in exit code
Klaus Aehlig [Thu, 2 Apr 2015 09:46:03 +0000 (11:46 +0200)]
Report failure to deactivate old master IP in exit code

If we failed to disable the old master IP, the master failover
did not fully succeed, hence that should be reported in the
exit code. Nevertheless, the best is to proceed, as it is
better to have working cluster, albeit only reachable via
the primary IP of the new master node (and not the cluster
master IP), than not have a cluster. Also note, that for
this reason master will start up even if it cannot set
the cluster master IP. So, while there, fix the warning
message as well.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoExpose warnings during master-failover
Klaus Aehlig [Wed, 1 Apr 2015 16:04:59 +0000 (18:04 +0200)]
Expose warnings during master-failover

During master failover, there are some situations where problems
occur but the best thing to do is to carry on. These problems
are logged using the usual mechanism. However, a user usually
does not look into the log file unless the command executed
returns some hints that something might have gone wrong.
So also return the warnings as an additional return value,
allowing the CLI to report properly.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoFix manpage for gnt-cluster copyfile
Lisa Velden [Wed, 1 Apr 2015 16:07:30 +0000 (18:07 +0200)]
Fix manpage for gnt-cluster copyfile

Change "copyfile" position in example

Signed-off-by: Lisa Velden <velden@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Tue, 31 Mar 2015 08:27:54 +0000 (10:27 +0200)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Fixed typos
  Pass correct params in move-instance
  In CanTieredAlloc test set IPolicy
  Make genInstanceMaybeBiggerThanNode honor policy lower bound
  Also export a null ISpec
  Support instance generation within ranges
  Add a function to leave the list monad

Conflicts:
src/Ganeti/BasicTypes.hs (take all the imports)

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoFixed typos
Lisa Velden [Fri, 27 Mar 2015 13:19:06 +0000 (14:19 +0100)]
Fixed typos

Signed-off-by: Lisa Velden <velden@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoPass correct params in move-instance
Hrvoje Ribicic [Thu, 26 Mar 2015 14:35:42 +0000 (14:35 +0000)]
Pass correct params in move-instance

move-instance incorrectly passes backend params as the OS params when
moving an instance. This patch fixes this.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoIn CanTieredAlloc test set IPolicy
Klaus Aehlig [Wed, 25 Mar 2015 16:49:17 +0000 (17:49 +0100)]
In CanTieredAlloc test set IPolicy

Changing the test to allocate on nodes with a non-trivial
instance policy has two advantages.

- We test in a more realistic (and also more challenging)
  environment.

- Once the lower limit of the ipolicy is reached no more
  allocations are possible, thus having fewer shrinking
  rounds---and hence speeding up the test by a factor of 4.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoMake genInstanceMaybeBiggerThanNode honor policy lower bound
Klaus Aehlig [Wed, 25 Mar 2015 15:56:09 +0000 (16:56 +0100)]
Make genInstanceMaybeBiggerThanNode honor policy lower bound

Note that in all current calls to this function, the node has the
nullIPolicy, to the semantics does not change here.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoAlso export a null ISpec
Klaus Aehlig [Wed, 25 Mar 2015 16:01:18 +0000 (17:01 +0100)]
Also export a null ISpec

This is an ISpec for an instance with 0 resources. It can serve as a trivial
lower bound where we have to provide one but do not actually care.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoSupport instance generation within ranges
Klaus Aehlig [Wed, 25 Mar 2015 15:37:22 +0000 (16:37 +0100)]
Support instance generation within ranges

This will be used to generate instances big enough to fall within
a given instance policy.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoAdd a function to leave the list monad
Klaus Aehlig [Fri, 14 Feb 2014 23:12:23 +0000 (00:12 +0100)]
Add a function to leave the list monad

The list monad provides convenient syntax for non-deterministic
algorithms. Add a function leaving that monad with this intuition
in mind.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

Cherry-picked-from: a1da8a503ba
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>

5 years agoImprove error handling when looking up instances
Helga Velroyen [Mon, 23 Mar 2015 17:16:51 +0000 (18:16 +0100)]
Improve error handling when looking up instances

When looking up configuration data of instances which don't
exist, the code so far fails with a cryptic error messages
about NoneType not having an attribute. Although actually
this situation should not happen, let's at least throw an
exception with a proper description.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoCapture last exception
Helga Velroyen [Thu, 19 Mar 2015 16:13:16 +0000 (17:13 +0100)]
Capture last exception

This fixes a minor problem in LURenewCrypto, where we
use the exception variable after the try/except block.
By assigning it to a previously initialized one, we make
sure that we can access this information.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Hrvoje Ribicic [Thu, 19 Mar 2015 12:53:40 +0000 (13:53 +0100)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Make QA fail if KVM hotplugging fails
  Always preserve QA command output
  Don't lose stdout/stderr in AssertCommand
  qa_utils: Allow passing fail=None to AssertCommand
  qa_utils: Make AssertCommand return stdout/stderr as well
  Allow plain/DRBD conversions regardless of lack of disks
  Add support for ipolicy modifications to mock config

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoImprove speed of Xen hypervisor unit tests
Hrvoje Ribicic [Tue, 17 Mar 2015 22:07:46 +0000 (22:07 +0000)]
Improve speed of Xen hypervisor unit tests

Due to hard-coded timeouts used when listing instances, the Xen
unit tests took around 60s to execute. The key offender was a timeout
of five seconds used for an unsuccessful listing of instances. This
patch refactors the code slightly to define the timeout and delays used
in one place, allowing these to be changed during testing to a more
acceptable value. As a result, these tests take around 5s to execute.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoImprove Xen instance state handling
Hrvoje Ribicic [Tue, 17 Mar 2015 21:51:46 +0000 (21:51 +0000)]
Improve Xen instance state handling

Xen's utilities used by Ganeti to report instance state can have
interesting quirks, such as reporting that an instance resides in
different and somewhat contradictory states.

This patch improves the situation by ignoring the paused state, and
encoding some of the more exotic combinations that may appear.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoMake QA fail if KVM hotplugging fails
Hrvoje Ribicic [Wed, 18 Mar 2015 13:58:08 +0000 (14:58 +0100)]
Make QA fail if KVM hotplugging fails

Unlike almost all other modification commands, hotplugging a device and
failing does not result in an error code showing that the operation was
unsuccessful. Because of this, the QA ignored hotplugging failures. To
fix this, this patch makes the QA examine the output of the command for
signs of failure.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoAlways preserve QA command output
Hrvoje Ribicic [Tue, 17 Mar 2015 20:13:20 +0000 (20:13 +0000)]
Always preserve QA command output

A previous patch suppressed command output if the command succeded,
which reduces the amount of information we have in the QA, especially
warnings or the like. This patch restores the output, while still
ignoring the use cases in which we really do not care whether the
command succeeds or not.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoDon't lose stdout/stderr in AssertCommand
Klaus Aehlig [Tue, 4 Nov 2014 09:36:32 +0000 (10:36 +0100)]
Don't lose stdout/stderr in AssertCommand

If a command fails/succeeds that should not do so,
show stdout and stderr. This information can be
relevant for debugging.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

Cherry-picked-from: 7f7c9c2cc2fa7acccc9040ae12e454dbeac48d6f
Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoqa_utils: Allow passing fail=None to AssertCommand
Niklas Hambuechen [Wed, 8 Oct 2014 12:15:00 +0000 (14:15 +0200)]
qa_utils: Allow passing fail=None to AssertCommand

This is for cases where we don't care about the exit code.

Signed-off-by: Niklas Hambuechen <niklash@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Cherry-picked-from: 226455df57247d52b8f26bf9e2562644f6e18892
Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoqa_utils: Make AssertCommand return stdout/stderr as well
Niklas Hambuechen [Mon, 22 Sep 2014 15:43:22 +0000 (17:43 +0200)]
qa_utils: Make AssertCommand return stdout/stderr as well

This is usefull if the run commands output something that's needed afterwards.

Signed-off-by: Niklas Hambuechen <niklash@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Cherry-picked-from: b47587b0d8b9646adbf519a7b7286a0576e582c0
Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

5 years agoRenew crypto retries for non-master nodes
Helga Velroyen [Wed, 4 Mar 2015 22:14:12 +0000 (23:14 +0100)]
Renew crypto retries for non-master nodes

If renewing the SSL certificate for non-master nodes fails,
try retring two more times. Unit tests included.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoRetries for the master's SSL cert renewal
Helga Velroyen [Wed, 4 Mar 2015 21:55:27 +0000 (22:55 +0100)]
Retries for the master's SSL cert renewal

If renewing the master's client SSL certificate fails, try
two more times before giving up. Unit test included.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoUnit tests for offline nodes
Helga Velroyen [Wed, 4 Mar 2015 21:22:38 +0000 (22:22 +0100)]
Unit tests for offline nodes

Add a unit test which tests that offline nodes are skipped
by LURenewCrypto.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoDe-duplicate testing code regarding pathutils
Helga Velroyen [Wed, 4 Mar 2015 21:07:09 +0000 (22:07 +0100)]
De-duplicate testing code regarding pathutils

After introducing some unit tests in the last patches,
there is some opportunity to reduce the duplicate code
around the 'pathutils' module.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMake LURenewCrypto handle unreachable nodes properly
Helga Velroyen [Wed, 4 Mar 2015 21:01:23 +0000 (22:01 +0100)]
Make LURenewCrypto handle unreachable nodes properly

Currently an unreachable node can make LURenewCrypto fail
completely. This patch adds a unit test for it, and
improves the error handling of unreachable nodes in
a way, that the rest of the nodes are still handled
properly.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoError handling on failed SSL cert renewal for master
Helga Velroyen [Wed, 4 Mar 2015 20:31:40 +0000 (21:31 +0100)]
Error handling on failed SSL cert renewal for master

When the recreation of the master's SSL client certificate
fails, LURenewCrypto did not conclude very graciously.
This patch adds unit tests for this case and improves
the error handling.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoUnit test for LURenewCrypto's valid case
Helga Velroyen [Wed, 4 Mar 2015 17:41:45 +0000 (18:41 +0100)]
Unit test for LURenewCrypto's valid case

This adds a unit test which tests a successful run of
LURenewCrypto. While writing this, some options for
improvement became apparent and are fixed in this patch
as well.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMock support for pathutils
Helga Velroyen [Wed, 4 Mar 2015 18:14:28 +0000 (19:14 +0100)]
Mock support for pathutils

For better LURenewCrypto unit tests, we need to be able to
mock the pathutils module. This makes it necessary to add
some support to the testutils for patching this module.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoIncrease timeout of crypto token RPC
Helga Velroyen [Wed, 4 Mar 2015 19:46:14 +0000 (20:46 +0100)]
Increase timeout of crypto token RPC

Currently, gnt-cluster renew-crypto is not very robust. It
fails completely as soon as one node does not create new
crypto tokens fast enough. To give the RPC more time,
increase the timeout.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoAllow plain/DRBD conversions regardless of lack of disks
Hrvoje Ribicic [Mon, 16 Mar 2015 22:54:04 +0000 (22:54 +0000)]
Allow plain/DRBD conversions regardless of lack of disks

Because of trivial issues, it was impossible to use standard mechanisms
to convert a diskless plain instance to DRBD and vice versa. This
patch fixes that with a mechanism which will work until later versions,
where instances without disks organically take on the diskless
template.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoAdd support for ipolicy modifications to mock config
Hrvoje Ribicic [Mon, 16 Mar 2015 22:45:11 +0000 (22:45 +0000)]
Add support for ipolicy modifications to mock config

This patch adds a helper function making it easier to modify the
ipolicy within tests.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoSkip offline nodes in RENEW_CRYPTO jobs
Gerard Oskamp [Tue, 3 Mar 2015 11:28:59 +0000 (11:28 +0000)]
Skip offline nodes in RENEW_CRYPTO jobs

Without this fix, RENEW_CRYPTO jobs will fail with the following error
if you have at least one offline node in your cluster:

Could not create the node's (uuid 607e6982-c6b4-4197-800f-70d3e5976800)
SSL client certificate.: Node is marked offline

Signed-off-by: Gerard Oskamp <gjo@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Wed, 4 Mar 2015 16:00:37 +0000 (17:00 +0100)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Remove unused import

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoRemove unused import
Klaus Aehlig [Wed, 4 Mar 2015 15:26:12 +0000 (16:26 +0100)]
Remove unused import

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>

5 years agoMerge branch 'stable-2.10' into stable-2.11
Klaus Aehlig [Wed, 4 Mar 2015 14:48:47 +0000 (15:48 +0100)]
Merge branch 'stable-2.10' into stable-2.11

* stable-2.10
  Use an old way to instance NFData CollectorData
  MonD: force computation of state in stateful collectors
  Instance NFData CollectorData

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Petr Pudlak <pudlak@google.com>