import sys
import os.path
import time
+import OpenSSL
from ganeti.cli import *
from ganeti import opcodes
from ganeti import bootstrap
from ganeti import ssh
from ganeti import objects
+from ganeti import uidpool
+from ganeti import compat
@UsesRPC
if opts.mac_prefix is None:
opts.mac_prefix = constants.DEFAULT_MAC_PREFIX
+ uid_pool = opts.uid_pool
+ if uid_pool is not None:
+ uid_pool = uidpool.ParseUidPool(uid_pool)
+
bootstrap.InitCluster(cluster_name=args[0],
secondary_ip=opts.secondary_ip,
vg_name=vg_name,
candidate_pool_size=opts.candidate_pool_size,
modify_etc_hosts=opts.modify_etc_hosts,
modify_ssh_setup=opts.modify_ssh_setup,
+ maintain_node_health=opts.maintain_node_health,
+ uid_pool=uid_pool,
)
op = opcodes.OpPostInitCluster()
SubmitOpCode(op, opts=opts)
return 0
-def _PrintGroupedParams(paramsdict):
+def _PrintGroupedParams(paramsdict, level=1, roman=False):
"""Print Grouped parameters (be, nic, disk) by group.
@type paramsdict: dict of dicts
@param paramsdict: {group: {param: value, ...}, ...}
+ @type level: int
+ @param level: Level of indention
"""
- for gr_name, gr_dict in paramsdict.items():
- ToStdout(" - %s:", gr_name)
- for item, val in gr_dict.iteritems():
- ToStdout(" %s: %s", item, val)
+ indent = " " * level
+ for item, val in sorted(paramsdict.items()):
+ if isinstance(val, dict):
+ ToStdout("%s- %s:", indent, item)
+ _PrintGroupedParams(val, level=level + 1, roman=roman)
+ elif roman and isinstance(val, int):
+ ToStdout("%s %s: %s", indent, item, compat.TryToRoman(val))
+ else:
+ ToStdout("%s %s: %s", indent, item, val)
def ShowClusterConfig(opts, args):
ToStdout("Hypervisor parameters:")
_PrintGroupedParams(result["hvparams"])
+ ToStdout("OS specific hypervisor parameters:")
+ _PrintGroupedParams(result["os_hvp"])
+
ToStdout("Cluster parameters:")
- ToStdout(" - candidate pool size: %s", result["candidate_pool_size"])
+ ToStdout(" - candidate pool size: %s",
+ compat.TryToRoman(result["candidate_pool_size"],
+ convert=opts.roman_integers))
ToStdout(" - master netdev: %s", result["master_netdev"])
ToStdout(" - lvm volume group: %s", result["volume_group_name"])
ToStdout(" - file storage path: %s", result["file_storage_dir"])
+ ToStdout(" - maintenance of node health: %s",
+ result["maintain_node_health"])
+ ToStdout(" - uid pool: %s",
+ uidpool.FormatUidPool(result["uid_pool"],
+ roman=opts.roman_integers))
ToStdout("Default instance parameters:")
- _PrintGroupedParams(result["beparams"])
+ _PrintGroupedParams(result["beparams"], roman=opts.roman_integers)
ToStdout("Default nic parameters:")
- _PrintGroupedParams(result["nicparams"])
+ _PrintGroupedParams(result["nicparams"], roman=opts.roman_integers)
return 0
cl = GetClient()
- myname = utils.GetHostInfo().name
-
cluster_name = cl.QueryConfigValues(["cluster_name"])[0]
- results = GetOnlineNodes(nodes=opts.nodes, cl=cl)
- results = [name for name in results if name != myname]
+ results = GetOnlineNodes(nodes=opts.nodes, cl=cl, filter_master=True,
+ secondary_ips=opts.use_replication_network)
srun = ssh.SshRunner(cluster_name=cluster_name)
for node in results:
if missing:
for iname, ival in missing.iteritems():
- all_missing = utils.all(ival, lambda x: x[0] in bad_nodes)
+ all_missing = compat.all(ival, lambda x: x[0] in bad_nodes)
if all_missing:
ToStdout("Instance %s cannot be verified as it lives on"
" broken nodes", iname)
ToStdout("%s %s", path, tag)
+def _RenewCrypto(new_cluster_cert, new_rapi_cert, rapi_cert_filename,
+ new_confd_hmac_key, new_cds, cds_filename,
+ force):
+ """Renews cluster certificates, keys and secrets.
+
+ @type new_cluster_cert: bool
+ @param new_cluster_cert: Whether to generate a new cluster certificate
+ @type new_rapi_cert: bool
+ @param new_rapi_cert: Whether to generate a new RAPI certificate
+ @type rapi_cert_filename: string
+ @param rapi_cert_filename: Path to file containing new RAPI certificate
+ @type new_confd_hmac_key: bool
+ @param new_confd_hmac_key: Whether to generate a new HMAC key
+ @type new_cds: bool
+ @param new_cds: Whether to generate a new cluster domain secret
+ @type cds_filename: string
+ @param cds_filename: Path to file containing new cluster domain secret
+ @type force: bool
+ @param force: Whether to ask user for confirmation
+
+ """
+ if new_rapi_cert and rapi_cert_filename:
+ ToStderr("Only one of the --new-rapi-certficate and --rapi-certificate"
+ " options can be specified at the same time.")
+ return 1
+
+ if new_cds and cds_filename:
+ ToStderr("Only one of the --new-cluster-domain-secret and"
+ " --cluster-domain-secret options can be specified at"
+ " the same time.")
+ return 1
+
+ if rapi_cert_filename:
+ # Read and verify new certificate
+ try:
+ rapi_cert_pem = utils.ReadFile(rapi_cert_filename)
+
+ OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
+ rapi_cert_pem)
+ except Exception, err: # pylint: disable-msg=W0703
+ ToStderr("Can't load new RAPI certificate from %s: %s" %
+ (rapi_cert_filename, str(err)))
+ return 1
+
+ try:
+ OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, rapi_cert_pem)
+ except Exception, err: # pylint: disable-msg=W0703
+ ToStderr("Can't load new RAPI private key from %s: %s" %
+ (rapi_cert_filename, str(err)))
+ return 1
+
+ else:
+ rapi_cert_pem = None
+
+ if cds_filename:
+ try:
+ cds = utils.ReadFile(cds_filename)
+ except Exception, err: # pylint: disable-msg=W0703
+ ToStderr("Can't load new cluster domain secret from %s: %s" %
+ (cds_filename, str(err)))
+ return 1
+ else:
+ cds = None
+
+ if not force:
+ usertext = ("This requires all daemons on all nodes to be restarted and"
+ " may take some time. Continue?")
+ if not AskUser(usertext):
+ return 1
+
+ def _RenewCryptoInner(ctx):
+ ctx.feedback_fn("Updating certificates and keys")
+ bootstrap.GenerateClusterCrypto(new_cluster_cert, new_rapi_cert,
+ new_confd_hmac_key,
+ new_cds,
+ rapi_cert_pem=rapi_cert_pem,
+ cds=cds)
+
+ files_to_copy = []
+
+ if new_cluster_cert:
+ files_to_copy.append(constants.NODED_CERT_FILE)
+
+ if new_rapi_cert or rapi_cert_pem:
+ files_to_copy.append(constants.RAPI_CERT_FILE)
+
+ if new_confd_hmac_key:
+ files_to_copy.append(constants.CONFD_HMAC_KEY)
+
+ if new_cds or cds:
+ files_to_copy.append(constants.CLUSTER_DOMAIN_SECRET_FILE)
+
+ if files_to_copy:
+ for node_name in ctx.nonmaster_nodes:
+ ctx.feedback_fn("Copying %s to %s" %
+ (", ".join(files_to_copy), node_name))
+ for file_name in files_to_copy:
+ ctx.ssh.CopyFileToNode(node_name, file_name)
+
+ RunWhileClusterStopped(ToStdout, _RenewCryptoInner)
+
+ ToStdout("All requested certificates and keys have been replaced."
+ " Running \"gnt-cluster verify\" now is recommended.")
+
+ return 0
+
+
+def RenewCrypto(opts, args):
+ """Renews cluster certificates, keys and secrets.
+
+ """
+ return _RenewCrypto(opts.new_cluster_cert,
+ opts.new_rapi_cert,
+ opts.rapi_cert,
+ opts.new_confd_hmac_key,
+ opts.new_cluster_domain_secret,
+ opts.cluster_domain_secret,
+ opts.force)
+
+
def SetClusterParams(opts, args):
"""Modify the cluster.
if not (not opts.lvm_storage or opts.vg_name or
opts.enabled_hypervisors or opts.hvparams or
opts.beparams or opts.nicparams or
- opts.candidate_pool_size is not None):
+ opts.candidate_pool_size is not None or
+ opts.uid_pool is not None or
+ opts.maintain_node_health is not None or
+ opts.add_uids is not None or
+ opts.remove_uids is not None):
ToStderr("Please give at least one of the parameters.")
return 1
vg_name = opts.vg_name
if not opts.lvm_storage and opts.vg_name:
- ToStdout("Options --no-lvm-storage and --vg-name conflict.")
+ ToStderr("Options --no-lvm-storage and --vg-name conflict.")
return 1
- elif not opts.lvm_storage:
- vg_name = ''
+
+ if not opts.lvm_storage:
+ vg_name = ""
hvlist = opts.enabled_hypervisors
if hvlist is not None:
nicparams = opts.nicparams
utils.ForceDictType(nicparams, constants.NICS_PARAMETER_TYPES)
+
+ mnh = opts.maintain_node_health
+
+ uid_pool = opts.uid_pool
+ if uid_pool is not None:
+ uid_pool = uidpool.ParseUidPool(uid_pool)
+
+ add_uids = opts.add_uids
+ if add_uids is not None:
+ add_uids = uidpool.ParseUidPool(add_uids)
+
+ remove_uids = opts.remove_uids
+ if remove_uids is not None:
+ remove_uids = uidpool.ParseUidPool(remove_uids)
+
op = opcodes.OpSetClusterParams(vg_name=vg_name,
enabled_hypervisors=hvlist,
hvparams=hvparams,
+ os_hvp=None,
beparams=beparams,
nicparams=nicparams,
- candidate_pool_size=opts.candidate_pool_size)
+ candidate_pool_size=opts.candidate_pool_size,
+ maintain_node_health=mnh,
+ uid_pool=uid_pool,
+ add_uids=add_uids,
+ remove_uids=remove_uids)
SubmitOpCode(op, opts=opts)
return 0
[BACKEND_OPT, CP_SIZE_OPT, ENABLED_HV_OPT, GLOBAL_FILEDIR_OPT,
HVLIST_OPT, MAC_PREFIX_OPT, MASTER_NETDEV_OPT, NIC_PARAMS_OPT,
NOLVM_STORAGE_OPT, NOMODIFY_ETCHOSTS_OPT, NOMODIFY_SSH_SETUP_OPT,
- SECONDARY_IP_OPT, VG_NAME_OPT],
+ SECONDARY_IP_OPT, VG_NAME_OPT, MAINTAIN_NODE_HEALTH_OPT,
+ UIDPOOL_OPT],
"[opts...] <cluster_name>", "Initialises a new cluster configuration"),
'destroy': (
DestroyCluster, ARGS_NONE, [YES_DOIT_OPT],
"", "Shows the cluster master"),
'copyfile': (
ClusterCopyFile, [ArgFile(min=1, max=1)],
- [NODE_LIST_OPT],
+ [NODE_LIST_OPT, USE_REPL_NET_OPT],
"[-n node...] <filename>", "Copies a file to all (or only some) nodes"),
'command': (
RunClusterCommand, [ArgCommand(min=1)],
[NODE_LIST_OPT],
"[-n node...] <command>", "Runs a command on all (or only some) nodes"),
'info': (
- ShowClusterConfig, ARGS_NONE, [],
- "", "Show cluster configuration"),
+ ShowClusterConfig, ARGS_NONE, [ROMAN_OPT],
+ "[--roman]", "Show cluster configuration"),
'list-tags': (
ListTags, ARGS_NONE, [], "", "List the tags of the cluster"),
'add-tags': (
'modify': (
SetClusterParams, ARGS_NONE,
[BACKEND_OPT, CP_SIZE_OPT, ENABLED_HV_OPT, HVLIST_OPT,
- NIC_PARAMS_OPT, NOLVM_STORAGE_OPT, VG_NAME_OPT],
+ NIC_PARAMS_OPT, NOLVM_STORAGE_OPT, VG_NAME_OPT, MAINTAIN_NODE_HEALTH_OPT,
+ UIDPOOL_OPT, ADD_UIDS_OPT, REMOVE_UIDS_OPT],
"[opts...]",
"Alters the parameters of the cluster"),
+ "renew-crypto": (
+ RenewCrypto, ARGS_NONE,
+ [NEW_CLUSTER_CERT_OPT, NEW_RAPI_CERT_OPT, RAPI_CERT_OPT,
+ NEW_CONFD_HMAC_KEY_OPT, FORCE_OPT,
+ NEW_CLUSTER_DOMAIN_SECRET_OPT, CLUSTER_DOMAIN_SECRET_OPT],
+ "[opts...]",
+ "Renews cluster certificates, keys and secrets"),
}
+
if __name__ == '__main__':
sys.exit(GenericMain(commands, override={"tag_type": constants.TAG_CLUSTER}))
projects / ganeti-local / blobdiff