Bump version for Ganeti 2.3

[ganeti-local] / NEWS

News
====

Version 2.3 rc0
---------------

*(Released Tue, 2 Nov 2010)*

- Fixed clearing of the default iallocator using ``gnt-cluster modify``
- Fixed master failover race with watcher
- Fixed a bug in ``gnt-node modify`` which could lead to an inconsistent
  configuration
- Accept previously stopped instance for export with instance removal
- Simplify and extend the environment variables for instance OS scripts
- Added new node flags, ``master_capable`` and ``vm_capable``
- Added optional instance disk wiping prior during allocation. This is a
  cluster-wide option and can be set/modified using
  ``gnt-cluster {init,modify} --prealloc-wipe-disks``.
- Added IPv6 support, see :doc:`design document <design-2.3>` and
  :doc:`install-quick`
- Added a new watcher option (``--ignore-pause``)
- Added option to ignore offline node on instance start/stop
  (``--ignore-offline``)
- Allow overriding OS parameters with ``gnt-instance reinstall``
- Added ability to change node's secondary IP address using ``gnt-node
  modify``
- Implemented privilege separation for all daemons except
  ``ganeti-noded``, see ``configure`` options
- Complain if an instance's disk is marked faulty in ``gnt-cluster
  verify``
- Implemented job priorities (see ``ganeti(7)`` manpage)
- Ignore failures while shutting down instances during failover from
  offline node
- Exit daemon's bootstrap process only once daemon is ready
- Export more information via ``LUQueryInstances``/remote API
- Improved documentation, QA and unittests
- RAPI daemon now watches ``rapi_users`` all the time and doesn't need a
  restart if the file was created or changed
- Added LUXI protocol version sent with each request and response,
  allowing detection of server/client mismatches
- Moved the Python scripts among gnt-* and ganeti-* modules
- Moved all code related to setting up SSH to an external script,
  ``setup-ssh``
- Infrastructure changes for node group support in future versions


Version 2.2.1
-------------

*(Released Tue, 19 Oct 2010)*

- Disable SSL session ID cache in RPC client


Version 2.2.1 rc1
-----------------

*(Released Thu, 14 Oct 2010)*

- Fix interaction between Curl/GnuTLS and the Python's HTTP server
  (thanks Apollon Oikonomopoulos!), finally allowing the use of Curl
  with GnuTLS
- Fix problems with interaction between Curl and Python's HTTP server,
  resulting in increased speed in many RPC calls
- Improve our release script to prevent breakage with older aclocal and
  Python 2.6


Version 2.2.1 rc0
-----------------

*(Released Thu, 7 Oct 2010)*

- Fixed issue 125, replace hardcoded “xenvg” in ``gnt-cluster`` with
  value retrieved from master
- Added support for blacklisted or hidden OS definitions
- Added simple lock monitor (accessible via (``gnt-debug locks``)
- Added support for -mem-path in KVM hypervisor abstraction layer
- Allow overriding instance parameters in tool for inter-cluster
  instance moves (``tools/move-instance``)
- Improved opcode summaries (e.g. in ``gnt-job list``)
- Improve consistency of OS listing by sorting it
- Documentation updates


Version 2.2.0.1
---------------

*(Released Fri, 8 Oct 2010)*

- Rebuild with a newer autotools version, to fix python 2.6 compatibility


Version 2.2.0
-------------

*(Released Mon, 4 Oct 2010)*

- Fixed regression in ``gnt-instance rename``


Version 2.2.0 rc2
-----------------

*(Released Wed, 22 Sep 2010)*

- Fixed OS_VARIANT variable for OS scripts
- Fixed cluster tag operations via RAPI
- Made ``setup-ssh`` exit with non-zero code if an error occurred
- Disabled RAPI CA checks in watcher


Version 2.2.0 rc1
-----------------

*(Released Mon, 23 Aug 2010)*

- Support DRBD versions of the format "a.b.c.d"
- Updated manpages
- Re-introduce support for usage from multiple threads in RAPI client
- Instance renames and modify via RAPI
- Work around race condition between processing and archival in job
  queue
- Mark opcodes following failed one as failed, too
- Job field ``lock_status`` was removed due to difficulties making it
  work with the changed job queue in Ganeti 2.2; a better way to monitor
  locks is expected for a later 2.2.x release
- Fixed dry-run behaviour with many commands
- Support ``ssh-agent`` again when adding nodes
- Many additional bugfixes


Version 2.2.0 rc0
-----------------

*(Released Fri, 30 Jul 2010)*

Important change: the internal RPC mechanism between Ganeti nodes has
changed from using a home-grown http library (based on the Python base
libraries) to use the PycURL library. This requires that PycURL is
installed on nodes. Please note that on Debian/Ubuntu, PycURL is linked
against GnuTLS by default. cURL's support for GnuTLS had known issues
before cURL 7.21.0 and we recommend using the latest cURL release or
linking against OpenSSL. Most other distributions already link PycURL
and cURL against OpenSSL. The command::

  python -c 'import pycurl; print pycurl.version'

can be used to determine the libraries PycURL and cURL are linked
against.

Other significant changes:

- Rewrote much of the internals of the job queue, in order to achieve
  better parallelism; this decouples job query operations from the job
  processing, and it should allow much nicer behaviour of the master
  daemon under load, and it also has uncovered some long-standing bugs
  related to the job serialisation (now fixed)
- Added a default iallocator setting to the cluster parameters,
  eliminating the need to always pass nodes or an iallocator for
  operations that require selection of new node(s)
- Added experimental support for the LXC virtualization method
- Added support for OS parameters, which allows the installation of
  instances to pass parameter to OS scripts in order to customise the
  instance
- Added a hypervisor parameter controlling the migration type (live or
  non-live), since hypervisors have various levels of reliability; this
  has renamed the 'live' parameter to 'mode'
- Added a cluster parameter ``reserved_lvs`` that denotes reserved
  logical volumes, meaning that cluster verify will ignore them and not
  flag their presence as errors
- The watcher will now reset the error count for failed instances after
  8 hours, thus allowing self-healing if the problem that caused the
  instances to be down/fail to start has cleared in the meantime
- Added a cluster parameter ``drbd_usermode_helper`` that makes Ganeti
  check for, and warn, if the drbd module parameter ``usermode_helper``
  is not consistent with the cluster-wide setting; this is needed to
  make diagnose easier of failed drbd creations
- Started adding base IPv6 support, but this is not yet
  enabled/available for use
- Rename operations (cluster, instance) will now return the new name,
  which is especially useful if a short name was passed in
- Added support for instance migration in RAPI
- Added a tool to pre-configure nodes for the SSH setup, before joining
  them to the cluster; this will allow in the future a simplified model
  for node joining (but not yet fully enabled in 2.2); this needs the
  paramiko python library
- Fixed handling of name-resolving errors
- Fixed consistency of job results on the error path
- Fixed master-failover race condition when executed multiple times in
  sequence
- Fixed many bugs related to the job queue (mostly introduced during the
  2.2 development cycle, so not all are impacting 2.1)
- Fixed instance migration with missing disk symlinks
- Fixed handling of unknown jobs in ``gnt-job archive``
- And many other small fixes/improvements

Internal changes:

- Enhanced both the unittest and the QA coverage
- Switched the opcode validation to a generic model, and extended the
  validation to all opcode parameters
- Changed more parts of the code that write shell scripts to use the
  same class for this
- Switched the master daemon to use the asyncore library for the Luxi
  server endpoint


Version 2.2.0 beta 0
--------------------

*(Released Thu, 17 Jun 2010)*

- Added tool (``move-instance``) and infrastructure to move instances
  between separate clusters (see :doc:`separate documentation
  <move-instance>` and :doc:`design document <design-2.2>`)
- Added per-request RPC timeout
- RAPI now requires a Content-Type header for requests with a body (e.g.
  ``PUT`` or ``POST``) which must be set to ``application/json`` (see
  :rfc:`2616` (HTTP/1.1), section 7.2.1)
- ``ganeti-watcher`` attempts to restart ``ganeti-rapi`` if RAPI is not
  reachable
- Implemented initial support for running Ganeti daemons as separate
  users, see configure-time flags ``--with-user-prefix`` and
  ``--with-group-prefix`` (only ``ganeti-rapi`` is supported at this
  time)
- Instances can be removed after export (``gnt-backup export
  --remove-instance``)
- Self-signed certificates generated by Ganeti now use a 2048 bit RSA
  key (instead of 1024 bit)
- Added new cluster configuration file for cluster domain secret
- Import/export now use SSL instead of SSH
- Added support for showing estimated time when exporting an instance,
  see the ``ganeti-os-interface(7)`` manpage and look for
  ``EXP_SIZE_FD``

Version 2.1.7
-------------

*(Released Tue, 24 Aug 2010)*

Bugfixes only:
  - Don't ignore secondary node silently on non-mirrored disk templates
    (issue 113)
  - Fix --master-netdev arg name in gnt-cluster(8) (issue 114)
  - Fix usb_mouse parameter breaking with vnc_console (issue 109)
  - Properly document the usb_mouse parameter
  - Fix path in ganeti-rapi(8) (issue 116)
  - Adjust error message when the ganeti user's .ssh directory is
    missing
  - Add same-node-check when changing the disk template to drbd


Version 2.1.6
-------------

*(Released Fri, 16 Jul 2010)*

Bugfixes only:
  - Add an option to only select some reboot types during qa/burnin.
    (on some hypervisors consequent reboots are not supported)
  - Fix infrequent race condition in master failover. Sometimes the old
    master ip address would be still detected as up for a short time
    after it was removed, causing failover to fail.
  - Decrease mlockall warnings when the ctypes module is missing. On
    Python 2.4 we support running even if no ctypes module is installed,
    but we were too verbose about this issue.
  - Fix building on old distributions, on which man doesn't have a
    --warnings option.
  - Fix RAPI not to ignore the MAC address on instance creation
  - Implement the old instance creation format in the RAPI client.


Version 2.1.5
-------------

*(Released Thu, 01 Jul 2010)*

A small bugfix release:
  - Fix disk adoption: broken by strict --disk option checking in 2.1.4
  - Fix batch-create: broken in the whole 2.1 series due to a lookup on
    a non-existing option
  - Fix instance create: the --force-variant option was ignored
  - Improve pylint 0.21 compatibility and warnings with Python 2.6
  - Fix modify node storage with non-FQDN arguments
  - Fix RAPI client to authenticate under Python 2.6 when used
    for more than 5 requests needing authentication
  - Fix gnt-instance modify -t (storage) giving a wrong error message
    when converting a non-shutdown drbd instance to plain


Version 2.1.4
-------------

*(Released Fri, 18 Jun 2010)*

A small bugfix release:

  - Fix live migration of KVM instances started with older Ganeti
    versions which had fewer hypervisor parameters
  - Fix gnt-instance grow-disk on down instances
  - Fix an error-reporting bug during instance migration
  - Better checking of the ``--net`` and ``--disk`` values, to avoid
    silently ignoring broken ones
  - Fix an RPC error reporting bug affecting, for example, RAPI client
    users
  - Fix bug triggered by different API version os-es on different nodes
  - Fix a bug in instance startup with custom hvparams: OS level
    parameters would fail to be applied.
  - Fix the RAPI client under Python 2.6 (but more work is needed to
    make it work completely well with OpenSSL)
  - Fix handling of errors when resolving names from DNS


Version 2.1.3
-------------

*(Released Thu, 3 Jun 2010)*

A medium sized development cycle. Some new features, and some
fixes/small improvements/cleanups.

Significant features
~~~~~~~~~~~~~~~~~~~~

The node deamon now tries to mlock itself into memory, unless the
``--no-mlock`` flag is passed. It also doesn't fail if it can't write
its logs, and falls back to console logging. This allows emergency
features such as ``gnt-node powercycle`` to work even in the event of a
broken node disk (tested offlining the disk hosting the node's
filesystem and dropping its memory caches; don't try this at home)

KVM: add vhost-net acceleration support. It can be tested with a new
enough version of the kernel and of qemu-kvm.

KVM: Add instance chrooting feature. If you use privilege dropping for
your VMs you can also now force them to chroot to an empty directory,
before starting the emulated guest.

KVM: Add maximum migration bandwith and maximum downtime tweaking
support (requires a new-enough version of qemu-kvm).

Cluster verify will now warn if the master node doesn't have the master
ip configured on it.

Add a new (incompatible) instance creation request format to RAPI which
supports all parameters (previously only a subset was supported, and it
wasn't possible to extend the old format to accomodate all the new
features. The old format is still supported, and a client can check for
this feature, before using it, by checking for its presence in the
``features`` RAPI resource.

Now with ancient latin support. Try it passing the ``--roman`` option to
``gnt-instance info``, ``gnt-cluster info`` or ``gnt-node list``
(requires the python-roman module to be installed, in order to work).

Other changes
~~~~~~~~~~~~~

As usual many internal code refactorings, documentation updates, and
such. Among others:

  - Lots of improvements and cleanups to the experimental Remote API
    (RAPI) client library.
  - A new unit test suite for the core daemon libraries.
  - A fix to creating missing directories makes sure the umask is not
    applied anymore. This enforces the same directory permissions
    everywhere.
  - Better handling terminating daemons with ctrl+c (used when running
    them in debugging mode).
  - Fix a race condition in live migrating a KVM instance, when stat()
    on the old proc status file returned EINVAL, which is an unexpected
    value.
  - Fixed manpage checking with newer man and utf-8 charachters. But now
    you need the en_US.UTF-8 locale enabled to build Ganeti from git.


Version 2.1.2.1
---------------

*(Released Fri, 7 May 2010)*

Fix a bug which prevented untagged KVM instances from starting.


Version 2.1.2
-------------

*(Released Fri, 7 May 2010)*

Another release with a long development cycle, during which many
different features were added.

Significant features
~~~~~~~~~~~~~~~~~~~~

The KVM hypervisor now can run the individual instances as non-root, to
reduce the impact of a VM being hijacked due to bugs in the
hypervisor. It is possible to run all instances as a single (non-root)
user, to manually specify a user for each instance, or to dynamically
allocate a user out of a cluster-wide pool to each instance, with the
guarantee that no two instances will run under the same user ID on any
given node.

An experimental RAPI client library, that can be used standalone
(without the other Ganeti libraries), is provided in the source tree as
``lib/rapi/client.py``. Note this client might change its interface in
the future, as we iterate on its capabilities.

A new command, ``gnt-cluster renew-crypto`` has been added to easily
replace the cluster's certificates and crypto keys. This might help in
case they have been compromised, or have simply expired.

A new disk option for instance creation has been added that allows one
to "adopt" currently existing logical volumes, with data
preservation. This should allow easier migration to Ganeti from
unmanaged (or managed via other software) instances.

Another disk improvement is the possibility to convert between redundant
(DRBD) and plain (LVM) disk configuration for an instance. This should
allow better scalability (starting with one node and growing the
cluster, or shrinking a two-node cluster to one node).

A new feature that could help with automated node failovers has been
implemented: if a node sees itself as offline (by querying the master
candidates), it will try to shutdown (hard) all instances and any active
DRBD devices. This reduces the risk of duplicate instances if an
external script automatically failovers the instances on such nodes. To
enable this, the cluster parameter ``maintain_node_health`` should be
enabled; in the future this option (per the name) will enable other
automatic maintenance features.

Instance export/import now will reuse the original instance
specifications for all parameters; that means exporting an instance,
deleting it and the importing it back should give an almost identical
instance. Note that the default import behaviour has changed from
before, where it created only one NIC; now it recreates the original
number of NICs.

Cluster verify has added a few new checks: SSL certificates validity,
/etc/hosts consistency across the cluster, etc.

Other changes
~~~~~~~~~~~~~

As usual, many internal changes were done, documentation fixes,
etc. Among others:

- Fixed cluster initialization with disabled cluster storage (regression
  introduced in 2.1.1)
- File-based storage supports growing the disks
- Fixed behaviour of node role changes
- Fixed cluster verify for some corner cases, plus a general rewrite of
  cluster verify to allow future extension with more checks
- Fixed log spamming by watcher and node daemon (regression introduced
  in 2.1.1)
- Fixed possible validation issues when changing the list of enabled
  hypervisors
- Fixed cleanup of /etc/hosts during node removal
- Fixed RAPI response for invalid methods
- Fixed bug with hashed passwords in ``ganeti-rapi`` daemon
- Multiple small improvements to the KVM hypervisor (VNC usage, booting
  from ide disks, etc.)
- Allow OS changes without re-installation (to record a changed OS
  outside of Ganeti, or to allow OS renames)
- Allow instance creation without OS installation (useful for example if
  the OS will be installed manually, or restored from a backup not in
  Ganeti format)
- Implemented option to make cluster ``copyfile`` use the replication
  network
- Added list of enabled hypervisors to ssconf (possibly useful for
  external scripts)
- Added a new tool (``tools/cfgupgrade12``) that allows upgrading from
  1.2 clusters
- A partial form of node re-IP is possible via node readd, which now
  allows changed node primary IP
- Command line utilities now show an informational message if the job is
  waiting for a lock
- The logs of the master daemon now show the PID/UID/GID of the
  connected client


Version 2.1.1
-------------

*(Released Fri, 12 Mar 2010)*

During the 2.1.0 long release candidate cycle, a lot of improvements and
changes have accumulated with were released later as 2.1.1.

Major changes
~~~~~~~~~~~~~

The node evacuate command (``gnt-node evacuate``) was significantly
rewritten, and as such the IAllocator protocol was changed - a new
request type has been added. This unfortunate change during a stable
series is designed to improve performance of node evacuations; on
clusters with more than about five nodes and which are well-balanced,
evacuation should proceed in parallel for all instances of the node
being evacuated. As such, any existing IAllocator scripts need to be
updated, otherwise the above command will fail due to the unknown
request. The provided "dumb" allocator has not been updated; but the
ganeti-htools package supports the new protocol since version 0.2.4.

Another important change is increased validation of node and instance
names. This might create problems in special cases, if invalid host
names are being used.

Also, a new layer of hypervisor parameters has been added, that sits at
OS level between the cluster defaults and the instance ones. This allows
customisation of virtualization parameters depending on the installed
OS. For example instances with OS 'X' may have a different KVM kernel
(or any other parameter) than the cluster defaults. This is intended to
help managing a multiple OSes on the same cluster, without manual
modification of each instance's parameters.

A tool for merging clusters, ``cluster-merge``, has been added in the
tools sub-directory.

Bug fixes
~~~~~~~~~

- Improved the int/float conversions that should make the code more
  robust in face of errors from the node daemons
- Fixed the remove node code in case of internal configuration errors
- Fixed the node daemon behaviour in face of inconsistent queue
  directory (e.g. read-only file-system where we can't open the files
  read-write, etc.)
- Fixed the behaviour of gnt-node modify for master candidate demotion;
  now it either aborts cleanly or, if given the new “auto_promote”
  parameter, will automatically promote other nodes as needed
- Fixed compatibility with (unreleased yet) Python 2.6.5 that would
  completely prevent Ganeti from working
- Fixed bug for instance export when not all disks were successfully
  exported
- Fixed behaviour of node add when the new node is slow in starting up
  the node daemon
- Fixed handling of signals in the LUXI client, which should improve
  behaviour of command-line scripts
- Added checks for invalid node/instance names in the configuration (now
  flagged during cluster verify)
- Fixed watcher behaviour for disk activation errors
- Fixed two potentially endless loops in http library, which led to the
  RAPI daemon hanging and consuming 100% CPU in some cases
- Fixed bug in RAPI daemon related to hashed passwords
- Fixed bug for unintended qemu-level bridging of multi-NIC KVM
  instances
- Enhanced compatibility with non-Debian OSes, but not using absolute
  path in some commands and allowing customisation of the ssh
  configuration directory
- Fixed possible future issue with new Python versions by abiding to the
  proper use of ``__slots__`` attribute on classes
- Added checks that should prevent directory traversal attacks
- Many documentation fixes based on feedback from users

New features
~~~~~~~~~~~~

- Added an “early_release” more for instance replace disks and node
  evacuate, where we release locks earlier and thus allow higher
  parallelism within the cluster
- Added watcher hooks, intended to allow the watcher to restart other
  daemons (e.g. from the ganeti-nbma project), but they can be used of
  course for any other purpose
- Added a compile-time disable for DRBD barriers, to increase
  performance if the administrator trusts the power supply or the
  storage system to not lose writes
- Added the option of using syslog for logging instead of, or in
  addition to, Ganeti's own log files
- Removed boot restriction for paravirtual NICs for KVM, recent versions
  can indeed boot from a paravirtual NIC
- Added a generic debug level for many operations; while this is not
  used widely yet, it allows one to pass the debug value all the way to
  the OS scripts
- Enhanced the hooks environment for instance moves (failovers,
  migrations) where the primary/secondary nodes changed during the
  operation, by adding {NEW,OLD}_{PRIMARY,SECONDARY} vars
- Enhanced data validations for many user-supplied values; one important
  item is the restrictions imposed on instance and node names, which
  might reject some (invalid) host names
- Add a configure-time option to disable file-based storage, if it's not
  needed; this allows greater security separation between the master
  node and the other nodes from the point of view of the inter-node RPC
  protocol
- Added user notification in interactive tools if job is waiting in the
  job queue or trying to acquire locks
- Added log messages when a job is waiting for locks
- Added filtering by node tags in instance operations which admit
  multiple instances (start, stop, reboot, reinstall)
- Added a new tool for cluster mergers, ``cluster-merge``
- Parameters from command line which are of the form ``a=b,c=d`` can now
  use backslash escapes to pass in values which contain commas,
  e.g. ``a=b\\c,d=e`` where the 'a' parameter would get the value
  ``b,c``
- For KVM, the instance name is the first parameter passed to KVM, so
  that it's more visible in the process list


Version 2.1.0
-------------

*(Released Tue, 2 Mar 2010)*

Ganeti 2.1 brings many improvements with it. Major changes:

- Added infrastructure to ease automated disk repairs
- Added new daemon to export configuration data in a cheaper way than
  using the remote API
- Instance NICs can now be routed instead of being associated with a
  networking bridge
- Improved job locking logic to reduce impact of jobs acquiring multiple
  locks waiting for other long-running jobs

In-depth implementation details can be found in the Ganeti 2.1 design
document.

Details
~~~~~~~

- Added chroot hypervisor
- Added more options to xen-hvm hypervisor (``kernel_path`` and
  ``device_model``)
- Added more options to xen-pvm hypervisor (``use_bootloader``,
  ``bootloader_path`` and ``bootloader_args``)
- Added the ``use_localtime`` option for the xen-hvm and kvm
  hypervisors, and the default value for this has changed to false (in
  2.0 xen-hvm always enabled it)
- Added luxi call to submit multiple jobs in one go
- Added cluster initialization option to not modify ``/etc/hosts``
  file on nodes
- Added network interface parameters
- Added dry run mode to some LUs
- Added RAPI resources:

  - ``/2/instances/[instance_name]/info``
  - ``/2/instances/[instance_name]/replace-disks``
  - ``/2/nodes/[node_name]/evacuate``
  - ``/2/nodes/[node_name]/migrate``
  - ``/2/nodes/[node_name]/role``
  - ``/2/nodes/[node_name]/storage``
  - ``/2/nodes/[node_name]/storage/modify``
  - ``/2/nodes/[node_name]/storage/repair``

- Added OpCodes to evacuate or migrate all instances on a node
- Added new command to list storage elements on nodes (``gnt-node
  list-storage``) and modify them (``gnt-node modify-storage``)
- Added new ssconf files with master candidate IP address
  (``ssconf_master_candidates_ips``), node primary IP address
  (``ssconf_node_primary_ips``) and node secondary IP address
  (``ssconf_node_secondary_ips``)
- Added ``ganeti-confd`` and a client library to query the Ganeti
  configuration via UDP
- Added ability to run hooks after cluster initialization and before
  cluster destruction
- Added automatic mode for disk replace (``gnt-instance replace-disks
  --auto``)
- Added ``gnt-instance recreate-disks`` to re-create (empty) disks
  after catastrophic data-loss
- Added ``gnt-node repair-storage`` command to repair damaged LVM volume
  groups
- Added ``gnt-instance move`` command to move instances
- Added ``gnt-cluster watcher`` command to control watcher
- Added ``gnt-node powercycle`` command to powercycle nodes
- Added new job status field ``lock_status``
- Added parseable error codes to cluster verification (``gnt-cluster
  verify --error-codes``) and made output less verbose (use
  ``--verbose`` to restore previous behaviour)
- Added UUIDs to the main config entities (cluster, nodes, instances)
- Added support for OS variants
- Added support for hashed passwords in the Ganeti remote API users file
  (``rapi_users``)
- Added option to specify maximum timeout on instance shutdown
- Added ``--no-ssh-init`` option to ``gnt-cluster init``
- Added new helper script to start and stop Ganeti daemons
  (``daemon-util``), with the intent to reduce the work necessary to
  adjust Ganeti for non-Debian distributions and to start/stop daemons
  from one place
- Added more unittests
- Fixed critical bug in ganeti-masterd startup
- Removed the configure-time ``kvm-migration-port`` parameter, this is
  now customisable at the cluster level for both the KVM and Xen
  hypervisors using the new ``migration_port`` parameter
- Pass ``INSTANCE_REINSTALL`` variable to OS installation script when
  reinstalling an instance
- Allowed ``@`` in tag names
- Migrated to Sphinx (http://sphinx.pocoo.org/) for documentation
- Many documentation updates
- Distribute hypervisor files on ``gnt-cluster redist-conf``
- ``gnt-instance reinstall`` can now reinstall multiple instances
- Updated many command line parameters
- Introduced new OS API version 15
- No longer support a default hypervisor
- Treat virtual LVs as inexistent
- Improved job locking logic to reduce lock contention
- Match instance and node names case insensitively
- Reimplemented bash completion script to be more complete
- Improved burnin


Version 2.0.6
-------------

*(Released Thu, 4 Feb 2010)*

- Fix cleaner behaviour on nodes not in a cluster (Debian bug 568105)
- Fix a string formatting bug
- Improve safety of the code in some error paths
- Improve data validation in the master of values returned from nodes


Version 2.0.5
-------------

*(Released Thu, 17 Dec 2009)*

- Fix security issue due to missing validation of iallocator names; this
  allows local and remote execution of arbitrary executables
- Fix failure of gnt-node list during instance removal
- Ship the RAPI documentation in the archive


Version 2.0.4
-------------

*(Released Wed, 30 Sep 2009)*

- Fixed many wrong messages
- Fixed a few bugs related to the locking library
- Fixed MAC checking at instance creation time
- Fixed a DRBD parsing bug related to gaps in /proc/drbd
- Fixed a few issues related to signal handling in both daemons and
  scripts
- Fixed the example startup script provided
- Fixed insserv dependencies in the example startup script (patch from
  Debian)
- Fixed handling of drained nodes in the iallocator framework
- Fixed handling of KERNEL_PATH parameter for xen-hvm (Debian bug
  #528618)
- Fixed error related to invalid job IDs in job polling
- Fixed job/opcode persistence on unclean master shutdown
- Fixed handling of partial job processing after unclean master
  shutdown
- Fixed error reporting from LUs, previously all errors were converted
  into execution errors
- Fixed error reporting from burnin
- Decreased significantly the memory usage of the job queue
- Optimised slightly multi-job submission
- Optimised slightly opcode loading
- Backported the multi-job submit framework from the development
  branch; multi-instance start and stop should be faster
- Added script to clean archived jobs after 21 days; this will reduce
  the size of the queue directory
- Added some extra checks in disk size tracking
- Added an example ethers hook script
- Added a cluster parameter that prevents Ganeti from modifying of
  /etc/hosts
- Added more node information to RAPI responses
- Added a ``gnt-job watch`` command that allows following the ouput of a
  job
- Added a bind-address option to ganeti-rapi
- Added more checks to the configuration verify
- Enhanced the burnin script such that some operations can be retried
  automatically
- Converted instance reinstall to multi-instance model


Version 2.0.3
-------------

*(Released Fri, 7 Aug 2009)*

- Added ``--ignore-size`` to the ``gnt-instance activate-disks`` command
  to allow using the pre-2.0.2 behaviour in activation, if any existing
  instances have mismatched disk sizes in the configuration
- Added ``gnt-cluster repair-disk-sizes`` command to check and update
  any configuration mismatches for disk sizes
- Added ``gnt-master cluste-failover --no-voting`` to allow master
  failover to work on two-node clusters
- Fixed the ``--net`` option of ``gnt-backup import``, which was
  unusable
- Fixed detection of OS script errors in ``gnt-backup export``
- Fixed exit code of ``gnt-backup export``


Version 2.0.2
-------------

*(Released Fri, 17 Jul 2009)*

- Added experimental support for stripped logical volumes; this should
  enhance performance but comes with a higher complexity in the block
  device handling; stripping is only enabled when passing
  ``--with-lvm-stripecount=N`` to ``configure``, but codepaths are
  affected even in the non-stripped mode
- Improved resiliency against transient failures at the end of DRBD
  resyncs, and in general of DRBD resync checks
- Fixed a couple of issues with exports and snapshot errors
- Fixed a couple of issues in instance listing
- Added display of the disk size in ``gnt-instance info``
- Fixed checking for valid OSes in instance creation
- Fixed handling of the "vcpus" parameter in instance listing and in
  general of invalid parameters
- Fixed http server library, and thus RAPI, to handle invalid
  username/password combinations correctly; this means that now they
  report unauthorized for queries too, not only for modifications,
  allowing earlier detect of configuration problems
- Added a new "role" node list field, equivalent to the master/master
  candidate/drained/offline flags combinations
- Fixed cluster modify and changes of candidate pool size
- Fixed cluster verify error messages for wrong files on regular nodes
- Fixed a couple of issues with node demotion from master candidate role
- Fixed node readd issues
- Added non-interactive mode for ``ganeti-masterd --no-voting`` startup
- Added a new ``--no-voting`` option for masterfailover to fix failover
  on two-nodes clusters when the former master node is unreachable
- Added instance reinstall over RAPI


Version 2.0.1
-------------

*(Released Tue, 16 Jun 2009)*

- added ``-H``/``-B`` startup parameters to ``gnt-instance``, which will
  allow re-adding the start in single-user option (regression from 1.2)
- the watcher writes the instance status to a file, to allow monitoring
  to report the instance status (from the master) based on cached
  results of the watcher's queries; while this can get stale if the
  watcher is being locked due to other work on the cluster, this is
  still an improvement
- the watcher now also restarts the node daemon and the rapi daemon if
  they died
- fixed the watcher to handle full and drained queue cases
- hooks export more instance data in the environment, which helps if
  hook scripts need to take action based on the instance's properties
  (no longer need to query back into ganeti)
- instance failovers when the instance is stopped do not check for free
  RAM, so that failing over a stopped instance is possible in low memory
  situations
- rapi uses queries for tags instead of jobs (for less job traffic), and
  for cluster tags it won't talk to masterd at all but read them from
  ssconf
- a couple of error handling fixes in RAPI
- drbd handling: improved the error handling of inconsistent disks after
  resync to reduce the frequency of "there are some degraded disks for
  this instance" messages
- fixed a bug in live migration when DRBD doesn't want to reconnect (the
  error handling path called a wrong function name)


Version 2.0.0 final
-------------------

*(Released Wed, 27 May 2009)*

- no changes from rc5


Version 2.0 release candidate 5
-------------------------------

*(Released Wed, 20 May 2009)*

- fix a couple of bugs (validation, argument checks)
- fix ``gnt-cluster getmaster`` on non-master nodes (regression)
- some small improvements to RAPI and IAllocator
- make watcher automatically start the master daemon if down


Version 2.0 release candidate 4
-------------------------------

*(Released Mon, 27 Apr 2009)*

- change the OS list to not require locks; this helps with big clusters
- fix ``gnt-cluster verify`` and ``gnt-cluster verify-disks`` when the
  volume group is broken
- ``gnt-instance info``, without any arguments, doesn't run for all
  instances anymore; either pass ``--all`` or pass the desired
  instances; this helps against mistakes on big clusters where listing
  the information for all instances takes a long time
- miscellaneous doc and man pages fixes


Version 2.0 release candidate 3
-------------------------------

*(Released Wed, 8 Apr 2009)*

- Change the internal locking model of some ``gnt-node`` commands, in
  order to reduce contention (and blocking of master daemon) when
  batching many creation/reinstall jobs
- Fixes to Xen soft reboot
- No longer build documentation at build time, instead distribute it in
  the archive, in order to reduce the need for the whole docbook/rst
  toolchains


Version 2.0 release candidate 2
-------------------------------

*(Released Fri, 27 Mar 2009)*

- Now the cfgupgrade scripts works and can upgrade 1.2.7 clusters to 2.0
- Fix watcher startup sequence, improves the behaviour of busy clusters
- Some other fixes in ``gnt-cluster verify``, ``gnt-instance
  replace-disks``, ``gnt-instance add``, ``gnt-cluster queue``, KVM VNC
  bind address and other places
- Some documentation fixes and updates


Version 2.0 release candidate 1
-------------------------------

*(Released Mon, 2 Mar 2009)*

- More documentation updates, now all docs should be more-or-less
  up-to-date
- A couple of small fixes (mixed hypervisor clusters, offline nodes,
  etc.)
- Added a customizable HV_KERNEL_ARGS hypervisor parameter (for Xen PVM
  and KVM)
- Fix an issue related to $libdir/run/ganeti and cluster creation


Version 2.0 beta 2
------------------

*(Released Thu, 19 Feb 2009)*

- Xen PVM and KVM have switched the default value for the instance root
  disk to the first partition on the first drive, instead of the whole
  drive; this means that the OS installation scripts must be changed
  accordingly
- Man pages have been updated
- RAPI has been switched by default to HTTPS, and the exported functions
  should all work correctly
- RAPI v1 has been removed
- Many improvements to the KVM hypervisor
- Block device errors are now better reported
- Many other bugfixes and small improvements


Version 2.0 beta 1
------------------

*(Released Mon, 26 Jan 2009)*

- Version 2 is a general rewrite of the code and therefore the
  differences are too many to list, see the design document for 2.0 in
  the ``doc/`` subdirectory for more details
- In this beta version there is not yet a migration path from 1.2 (there
  will be one in the final 2.0 release)
- A few significant changes are:

  - all commands are executed by a daemon (``ganeti-masterd``) and the
    various ``gnt-*`` commands are just front-ends to it
  - all the commands are entered into, and executed from a job queue,
    see the ``gnt-job(8)`` manpage
  - the RAPI daemon supports read-write operations, secured by basic
    HTTP authentication on top of HTTPS
  - DRBD version 0.7 support has been removed, DRBD 8 is the only
    supported version (when migrating from Ganeti 1.2 to 2.0, you need
    to migrate to DRBD 8 first while still running Ganeti 1.2)
  - DRBD devices are using statically allocated minor numbers, which
    will be assigned to existing instances during the migration process
  - there is support for both Xen PVM and Xen HVM instances running on
    the same cluster
  - KVM virtualization is supported too
  - file-based storage has been implemented, which means that it is
    possible to run the cluster without LVM and DRBD storage, for
    example using a shared filesystem exported from shared storage (and
    still have live migration)


Version 1.2.7
-------------

*(Released Tue, 13 Jan 2009)*

- Change the default reboot type in ``gnt-instance reboot`` to "hard"
- Reuse the old instance mac address by default on instance import, if
  the instance name is the same.
- Handle situations in which the node info rpc returns incomplete
  results (issue 46)
- Add checks for tcp/udp ports collisions in ``gnt-cluster verify``
- Improved version of batcher:

  - state file support
  - instance mac address support
  - support for HVM clusters/instances

- Add an option to show the number of cpu sockets and nodes in
  ``gnt-node list``
- Support OSes that handle more than one version of the OS api (but do
  not change the current API in any other way)
- Fix ``gnt-node migrate``
- ``gnt-debug`` man page
- Fixes various more typos and small issues
- Increase disk resync maximum speed to 60MB/s (from 30MB/s)


Version 1.2.6
-------------

*(Released Wed, 24 Sep 2008)*

- new ``--hvm-nic-type`` and ``--hvm-disk-type`` flags to control the
  type of disk exported to fully virtualized instances.
- provide access to the serial console of HVM instances
- instance auto_balance flag, set by default. If turned off it will
  avoid warnings on cluster verify if there is not enough memory to fail
  over an instance. in the future it will prevent automatically failing
  it over when we will support that.
- batcher tool for instance creation, see ``tools/README.batcher``
- ``gnt-instance reinstall --select-os`` to interactively select a new
  operating system when reinstalling an instance.
- when changing the memory amount on instance modify a check has been
  added that the instance will be able to start. also warnings are
  emitted if the instance will not be able to fail over, if auto_balance
  is true.
- documentation fixes
- sync fields between ``gnt-instance list/modify/add/import``
- fix a race condition in drbd when the sync speed was set after giving
  the device a remote peer.


Version 1.2.5
-------------

*(Released Tue, 22 Jul 2008)*

- note: the allowed size and number of tags per object were reduced
- fix a bug in ``gnt-cluster verify`` with inconsistent volume groups
- fixed twisted 8.x compatibility
- fixed ``gnt-instance replace-disks`` with iallocator
- add TCP keepalives on twisted connections to detect restarted nodes
- disk increase support, see ``gnt-instance grow-disk``
- implement bulk node/instance query for RAPI
- add tags in node/instance listing (optional)
- experimental migration (and live migration) support, read the man page
  for ``gnt-instance migrate``
- the ``ganeti-watcher`` logs are now timestamped, and the watcher also
  has some small improvements in handling its state file


Version 1.2.4
-------------

*(Released Fri, 13 Jun 2008)*

- Experimental readonly, REST-based remote API implementation;
  automatically started on master node, TCP port 5080, if enabled by
  ``--enable-rapi`` parameter to configure script.
- Instance allocator support. Add and import instance accept a
  ``--iallocator`` parameter, and call that instance allocator to decide
  which node to use for the instance. The iallocator document describes
  what's expected from an allocator script.
- ``gnt-cluster verify`` N+1 memory redundancy checks: Unless passed the
  ``--no-nplus1-mem`` option ``gnt-cluster verify`` now checks that if a
  node is lost there is still enough memory to fail over the instances
  that reside on it.
- ``gnt-cluster verify`` hooks: it is now possible to add post-hooks to
  ``gnt-cluster verify``, to check for site-specific compliance. All the
  hooks will run, and their output, if any, will be displayed. Any
  failing hook will make the verification return an error value.
- ``gnt-cluster verify`` now checks that its peers are reachable on the
  primary and secondary interfaces
- ``gnt-node add`` now supports the ``--readd`` option, to readd a node
  that is still declared as part of the cluster and has failed.
- ``gnt-* list`` commands now accept a new ``-o +field`` way of
  specifying output fields, that just adds the chosen fields to the
  default ones.
- ``gnt-backup`` now has a new ``remove`` command to delete an existing
  export from the filesystem.
- New per-instance parameters hvm_acpi, hvm_pae and hvm_cdrom_image_path
  have been added. Using them you can enable/disable acpi and pae
  support, and specify a path for a cd image to be exported to the
  instance. These parameters as the name suggest only work on HVM
  clusters.
- When upgrading an HVM cluster to Ganeti 1.2.4, the values for ACPI and
  PAE support will be set to the previously hardcoded values, but the
  (previously hardcoded) path to the CDROM ISO image will be unset and
  if required, needs to be set manually with ``gnt-instance modify``
  after the upgrade.
- The address to which an instance's VNC console is bound is now
  selectable per-instance, rather than being cluster wide. Of course
  this only applies to instances controlled via VNC, so currently just
  applies to HVM clusters.


Version 1.2.3
-------------

*(Released Mon, 18 Feb 2008)*

- more tweaks to the disk activation code (especially helpful for DRBD)
- change the default ``gnt-instance list`` output format, now there is
  one combined status field (see the manpage for the exact values this
  field will have)
- some more fixes for the mac export to hooks change
- make Ganeti not break with DRBD 8.2.x (which changed the version
  format in ``/proc/drbd``) (issue 24)
- add an upgrade tool from "remote_raid1" disk template to "drbd" disk
  template, allowing migration from DRBD0.7+MD to DRBD8


Version 1.2.2
-------------

*(Released Wed, 30 Jan 2008)*

- fix ``gnt-instance modify`` breakage introduced in 1.2.1 with the HVM
  support (issue 23)
- add command aliases infrastructure and a few aliases
- allow listing of VCPUs in the ``gnt-instance list`` and improve the
  man pages and the ``--help`` option of ``gnt-node
  list``/``gnt-instance list``
- fix ``gnt-backup list`` with down nodes (issue 21)
- change the tools location (move from $pkgdatadir to $pkglibdir/tools)
- fix the dist archive and add a check for including svn/git files in
  the future
- some developer-related changes: improve the burnin and the QA suite,
  add an upload script for testing during development


Version 1.2.1
-------------

*(Released Wed, 16 Jan 2008)*

- experimental HVM support, read the install document, section
  "Initializing the cluster"
- allow for the PVM hypervisor per-instance kernel and initrd paths
- add a new command ``gnt-cluster verify-disks`` which uses a new
  algorithm to improve the reconnection of the DRBD pairs if the device
  on the secondary node has gone away
- make logical volume code auto-activate LVs at disk activation time
- slightly improve the speed of activating disks
- allow specification of the MAC address at instance creation time, and
  changing it later via ``gnt-instance modify``
- fix handling of external commands that generate lots of output on
  stderr
- update documentation with regard to minimum version of DRBD8 supported


Version 1.2.0
-------------

*(Released Tue, 4 Dec 2007)*

- Log the ``xm create`` output to the node daemon log on failure (to
  help diagnosing the error)
- In debug mode, log all external commands output if failed to the logs
- Change parsing of lvm commands to ignore stderr


Version 1.2b3
-------------

*(Released Wed, 28 Nov 2007)*

- Another round of updates to the DRBD 8 code to deal with more failures
  in the replace secondary node operation
- Some more logging of failures in disk operations (lvm, drbd)
- A few documentation updates
- QA updates


Version 1.2b2
-------------

*(Released Tue, 13 Nov 2007)*

- Change configuration file format from Python's Pickle to JSON.
  Upgrading is possible using the cfgupgrade utility.
- Add support for DRBD 8.0 (new disk template ``drbd``) which allows for
  faster replace disks and is more stable (DRBD 8 has many improvements
  compared to DRBD 0.7)
- Added command line tags support (see man pages for ``gnt-instance``,
  ``gnt-node``, ``gnt-cluster``)
- Added instance rename support
- Added multi-instance startup/shutdown
- Added cluster rename support
- Added ``gnt-node evacuate`` to simplify some node operations
- Added instance reboot operation that can speedup reboot as compared to
  stop and start
- Soften the requirement that hostnames are in FQDN format
- The ``ganeti-watcher`` now activates drbd pairs after secondary node
  reboots
- Removed dependency on debian's patched fping that uses the
  non-standard ``-S`` option
- Now the OS definitions are searched for in multiple, configurable
  paths (easier for distros to package)
- Some changes to the hooks infrastructure (especially the new
  post-configuration update hook)
- Other small bugfixes

.. vim: set textwidth=72 syntax=rst :
.. Local Variables:
.. mode: rst
.. fill-column: 72
.. End: