backup=True)
-def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
- new_cds, rapi_cert_pem=None, cds=None,
+def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_spice_cert,
+ new_confd_hmac_key, new_cds,
+ rapi_cert_pem=None, spice_cert_pem=None,
+ spice_cacert_pem=None, cds=None,
nodecert_file=constants.NODED_CERT_FILE,
rapicert_file=constants.RAPI_CERT_FILE,
+ spicecert_file=constants.SPICE_CERT_FILE,
+ spicecacert_file=constants.SPICE_CACERT_FILE,
hmackey_file=constants.CONFD_HMAC_KEY,
cds_file=constants.CLUSTER_DOMAIN_SECRET_FILE):
"""Updates the cluster certificates, keys and secrets.
@param new_cluster_cert: Whether to generate a new cluster certificate
@type new_rapi_cert: bool
@param new_rapi_cert: Whether to generate a new RAPI certificate
+ @type new_spice_cert: bool
+ @param new_spice_cert: Whether to generate a new SPICE certificate
@type new_confd_hmac_key: bool
@param new_confd_hmac_key: Whether to generate a new HMAC key
@type new_cds: bool
@param new_cds: Whether to generate a new cluster domain secret
@type rapi_cert_pem: string
@param rapi_cert_pem: New RAPI certificate in PEM format
+ @type spice_cert_pem: string
+ @param spice_cert_pem: New SPICE certificate in PEM format
+ @type spice_cacert_pem: string
+ @param spice_cacert_pem: Certificate of the CA that signed the SPICE
+ certificate, in PEM format
@type cds: string
@param cds: New cluster domain secret
@type nodecert_file: string
@param nodecert_file: optional override of the node cert file path
@type rapicert_file: string
@param rapicert_file: optional override of the rapi cert file path
+ @type spicecert_file: string
+ @param spicecert_file: optional override of the spice cert file path
+ @type spicecacert_file: string
+ @param spicecacert_file: optional override of the spice CA cert file path
@type hmackey_file: string
@param hmackey_file: optional override of the hmac key file path
logging.debug("Generating new RAPI certificate at %s", rapicert_file)
utils.GenerateSelfSignedSslCert(rapicert_file)
+ # SPICE
+ spice_cert_exists = os.path.exists(spicecert_file)
+ spice_cacert_exists = os.path.exists(spicecacert_file)
+ if spice_cert_pem:
+ # spice_cert_pem implies also spice_cacert_pem
+ logging.debug("Writing SPICE certificate at %s", spicecert_file)
+ utils.WriteFile(spicecert_file, data=spice_cert_pem, backup=True)
+ logging.debug("Writing SPICE CA certificate at %s", spicecacert_file)
+ utils.WriteFile(spicecacert_file, data=spice_cacert_pem, backup=True)
+ elif new_spice_cert or not spice_cert_exists:
+ if spice_cert_exists:
+ utils.CreateBackup(spicecert_file)
+ if spice_cacert_exists:
+ utils.CreateBackup(spicecacert_file)
+
+ logging.debug("Generating new self-signed SPICE certificate at %s",
+ spicecert_file)
+ (_, cert_pem) = utils.GenerateSelfSignedSslCert(spicecert_file)
+
+ # Self-signed certificate -> the public certificate is also the CA public
+ # certificate
+ logging.debug("Writing the public certificate to %s",
+ spicecert_file)
+ utils.io.WriteFile(spicecacert_file, mode=0400, data=cert_pem)
+
# Cluster domain secret
if cds:
logging.debug("Writing cluster domain secret to %s", cds_file)
"""
# Generate cluster secrets
- GenerateClusterCrypto(True, False, False, False)
+ GenerateClusterCrypto(True, False, False, False, False)
result = utils.RunCmd([constants.DAEMON_UTIL, "start", constants.NODED])
if result.failed:
"""
def _CheckNodeDaemon():
- result = rpc.RpcRunner.call_version([node_name])[node_name]
+ result = rpc.BootstrapRunner().call_version([node_name])[node_name]
if result.fail_msg:
raise utils.RetryAgain()
def InitCluster(cluster_name, mac_prefix, # pylint: disable=R0913
- master_netdev, file_storage_dir, shared_file_storage_dir,
- candidate_pool_size, secondary_ip=None, vg_name=None,
- beparams=None, nicparams=None, ndparams=None, hvparams=None,
- enabled_hypervisors=None, modify_etc_hosts=True,
- modify_ssh_setup=True, maintain_node_health=False,
- drbd_helper=None, uid_pool=None, default_iallocator=None,
- primary_ip_version=None, prealloc_wipe_disks=False):
+ master_netmask, master_netdev, file_storage_dir,
+ shared_file_storage_dir, candidate_pool_size, secondary_ip=None,
+ vg_name=None, beparams=None, nicparams=None, ndparams=None,
+ hvparams=None, diskparams=None, enabled_hypervisors=None,
+ modify_etc_hosts=True, modify_ssh_setup=True,
+ maintain_node_health=False, drbd_helper=None, uid_pool=None,
+ default_iallocator=None, primary_ip_version=None,
+ prealloc_wipe_disks=False, use_external_mip_script=False):
"""Initialise the cluster.
@type candidate_pool_size: int
" entries: %s" % invalid_hvs,
errors.ECODE_INVAL)
- ipcls = None
- if primary_ip_version == constants.IP4_VERSION:
- ipcls = netutils.IP4Address
- elif primary_ip_version == constants.IP6_VERSION:
- ipcls = netutils.IP6Address
- else:
+ try:
+ ipcls = netutils.IPAddress.GetClassFromIpVersion(primary_ip_version)
+ except errors.ProgrammerError:
raise errors.OpPrereqError("Invalid primary ip version: %d." %
primary_ip_version)
" but it does not belong to this host." %
secondary_ip, errors.ECODE_ENVIRON)
+ if master_netmask is not None:
+ if not ipcls.ValidateNetmask(master_netmask):
+ raise errors.OpPrereqError("CIDR netmask (%s) not valid for IPv%s " %
+ (master_netmask, primary_ip_version))
+ else:
+ master_netmask = ipcls.iplen
+
if vg_name is not None:
# Check if volume group is valid
vgstatus = utils.CheckVolumeGroupSize(utils.ListVolumeGroups(), vg_name,
dirs = [(constants.RUN_GANETI_DIR, constants.RUN_DIRS_MODE)]
utils.EnsureDirs(dirs)
+ objects.UpgradeBeParams(beparams)
utils.ForceDictType(beparams, constants.BES_PARAMETER_TYPES)
utils.ForceDictType(nicparams, constants.NICS_PARAMETER_TYPES)
objects.NIC.CheckParameterSyntax(nicparams)
hv_class = hypervisor.GetHypervisor(hv_name)
hv_class.CheckParameterSyntax(hv_params)
+ # diskparams is a mapping of disk-template->diskparams dict
+ for template, dt_params in diskparams.items():
+ param_keys = set(dt_params.keys())
+ default_param_keys = set(constants.DISK_DT_DEFAULTS[template].keys())
+ if not (param_keys <= default_param_keys):
+ unknown_params = param_keys - default_param_keys
+ raise errors.OpPrereqError("Invalid parameters for disk template %s:"
+ " %s" % (template,
+ utils.CommaJoin(unknown_params)))
+ utils.ForceDictType(dt_params, constants.DISK_DT_TYPES)
+
# set up ssh config and /etc/hosts
sshline = utils.ReadFile(constants.SSH_HOST_RSA_PUB)
sshkey = sshline.split(" ")[1]
tcpudp_port_pool=set(),
master_node=hostname.name,
master_ip=clustername.ip,
+ master_netmask=master_netmask,
master_netdev=master_netdev,
cluster_name=clustername.name,
file_storage_dir=file_storage_dir,
nicparams={constants.PP_DEFAULT: nicparams},
ndparams=ndparams,
hvparams=hvparams,
+ diskparams=diskparams,
candidate_pool_size=candidate_pool_size,
modify_etc_hosts=modify_etc_hosts,
modify_ssh_setup=modify_ssh_setup,
default_iallocator=default_iallocator,
primary_ip_family=ipcls.family,
prealloc_wipe_disks=prealloc_wipe_disks,
+ use_external_mip_script=use_external_mip_script,
)
master_node_config = objects.Node(name=hostname.name,
primary_ip=hostname.ip,
uuid=uuid_generator.Generate([], utils.NewUUID, _INITCONF_ECID),
name=constants.INITIAL_NODE_GROUP_NAME,
members=[master_node_config.name],
+ diskparams=cluster_config.diskparams,
)
nodegroups = {
default_nodegroup.uuid: default_nodegroup,
"""
cfg = config.ConfigWriter()
modify_ssh_setup = cfg.GetClusterInfo().modify_ssh_setup
- result = rpc.RpcRunner.call_node_stop_master(master)
+ runner = rpc.BootstrapRunner()
+
+ master_params = cfg.GetMasterNetworkParameters()
+ master_params.name = master
+ ems = cfg.GetUseExternalMipScript()
+ result = runner.call_node_deactivate_master_ip(master_params.name,
+ master_params, ems)
+
+ msg = result.fail_msg
+ if msg:
+ logging.warning("Could not disable the master IP: %s", msg)
+
+ result = runner.call_node_stop_master(master)
msg = result.fail_msg
if msg:
logging.warning("Could not disable the master role: %s", msg)
- result = rpc.RpcRunner.call_node_leave_cluster(master, modify_ssh_setup)
+
+ result = runner.call_node_leave_cluster(master, modify_ssh_setup)
msg = result.fail_msg
if msg:
logging.warning("Could not shutdown the node daemon and cleanup"
logging.info("Stopping the master daemon on node %s", old_master)
- result = rpc.RpcRunner.call_node_stop_master(old_master)
+ runner = rpc.BootstrapRunner()
+ master_params = cfg.GetMasterNetworkParameters()
+ master_params.name = old_master
+ ems = cfg.GetUseExternalMipScript()
+ result = runner.call_node_deactivate_master_ip(master_params.name,
+ master_params, ems)
+
+ msg = result.fail_msg
+ if msg:
+ logging.warning("Could not disable the master IP: %s", msg)
+
+ result = runner.call_node_stop_master(old_master)
msg = result.fail_msg
if msg:
logging.error("Could not disable the master role on the old master"
logging.info("Starting the master daemons on the new master")
- result = rpc.RpcRunner.call_node_start_master_daemons(new_master, no_voting)
+ result = rpc.BootstrapRunner().call_node_start_master_daemons(new_master,
+ no_voting)
msg = result.fail_msg
if msg:
logging.error("Could not start the master role on the new master"
if not node_list:
# no nodes left (eventually after removing myself)
return []
- results = rpc.RpcRunner.call_master_info(node_list)
+ results = rpc.BootstrapRunner().call_master_info(node_list)
if not isinstance(results, dict):
# this should not happen (unless internal error in rpc)
logging.critical("Can't complete rpc call, aborting master startup")
if msg:
logging.warning("Error contacting node %s: %s", node, msg)
fail = True
- # for now we accept both length 3 and 4 (data[3] is primary ip version)
+ # for now we accept both length 3, 4 and 5 (data[3] is primary ip version
+ # and data[4] is the master netmask)
elif not isinstance(data, (tuple, list)) or len(data) < 3:
logging.warning("Invalid data received from node %s: %s", node, data)
fail = True
projects / ganeti-local / blobdiff