hypervisors: add hvparams to GetNodeInfo

[ganeti-local] / lib / config.py
diff --git a/lib/config.py b/lib/config.py

index 353c288..de06e6e 100644 (file)
--- a/lib/config.py
+++ b/lib/config.py
@@ -1,7 +1,7 @@
  #
  #
  
  #
  #
  
-# Copyright (C) 2006, 2007 Google Inc.
+# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Google Inc.
  #
  # This program is free software; you can redistribute it and/or modify
  # it under the terms of the GNU General Public License as published by
  #
  # This program is free software; you can redistribute it and/or modify
  # it under the terms of the GNU General Public License as published by
@@ -31,10 +31,15 @@ much memory.
  
  """
  
  
  """
  
+# pylint: disable=R0904
+# R0904: Too many public methods
+
+import copy
  import os
  import random
  import logging
  import time
  import os
  import random
  import logging
  import time
+import itertools
  
  from ganeti import errors
  from ganeti import locking
  
  from ganeti import errors
  from ganeti import locking
@@ -43,9 +48,14 @@ from ganeti import constants
  from ganeti import rpc
  from ganeti import objects
  from ganeti import serializer
  from ganeti import rpc
  from ganeti import objects
  from ganeti import serializer
+from ganeti import uidpool
+from ganeti import netutils
+from ganeti import runtime
+from ganeti import pathutils
+from ganeti import network
  
  
  
  
-_config_lock = locking.SharedLock()
+_config_lock = locking.SharedLock("ConfigWriter")
  
  # job id used for resource management at config upgrade time
  _UPGRADE_CONFIG_JID = "jid-cfg-upgrade"
  
  # job id used for resource management at config upgrade time
  _UPGRADE_CONFIG_JID = "jid-cfg-upgrade"
@@ -61,10 +71,7 @@ def _ValidateConfig(data):
  
    """
    if data.version != constants.CONFIG_VERSION:
  
    """
    if data.version != constants.CONFIG_VERSION:
-    raise errors.ConfigurationError("Cluster configuration version"
-                                    " mismatch, got %s instead of %s" %
-                                    (data.version,
-                                     constants.CONFIG_VERSION))
+    raise errors.ConfigVersionMismatch(constants.CONFIG_VERSION, data.version)
  
  
  class TemporaryReservationManager:
  
  
  class TemporaryReservationManager:
@@ -78,15 +85,15 @@ class TemporaryReservationManager:
      self._ec_reserved = {}
  
    def Reserved(self, resource):
      self._ec_reserved = {}
  
    def Reserved(self, resource):
-    for holder_reserved in self._ec_reserved.items():
+    for holder_reserved in self._ec_reserved.values():
        if resource in holder_reserved:
          return True
      return False
  
    def Reserve(self, ec_id, resource):
      if self.Reserved(resource):
        if resource in holder_reserved:
          return True
      return False
  
    def Reserve(self, ec_id, resource):
      if self.Reserved(resource):
-      raise errors.ReservationError("Duplicate reservation for resource: %s." %
-                                    (resource))
+      raise errors.ReservationError("Duplicate reservation for resource '%s'"
+                                    % str(resource))
      if ec_id not in self._ec_reserved:
        self._ec_reserved[ec_id] = set([resource])
      else:
      if ec_id not in self._ec_reserved:
        self._ec_reserved[ec_id] = set([resource])
      else:
@@ -102,6 +109,17 @@ class TemporaryReservationManager:
        all_reserved.update(holder_reserved)
      return all_reserved
  
        all_reserved.update(holder_reserved)
      return all_reserved
  
+  def GetECReserved(self, ec_id):
+    """ Used when you want to retrieve all reservations for a specific
+        execution context. E.g when commiting reserved IPs for a specific
+        network.
+
+    """
+    ec_reserved = set()
+    if ec_id in self._ec_reserved:
+      ec_reserved.update(self._ec_reserved[ec_id])
+    return ec_reserved
+
    def Generate(self, existing, generate_one_fn, ec_id):
      """Generate a new resource of this type
  
    def Generate(self, existing, generate_one_fn, ec_id):
      """Generate a new resource of this type
  
@@ -122,6 +140,33 @@ class TemporaryReservationManager:
      return new_resource
  
  
      return new_resource
  
  
+def _MatchNameComponentIgnoreCase(short_name, names):
+  """Wrapper around L{utils.text.MatchNameComponent}.
+
+  """
+  return utils.MatchNameComponent(short_name, names, case_sensitive=False)
+
+
+def _CheckInstanceDiskIvNames(disks):
+  """Checks if instance's disks' C{iv_name} attributes are in order.
+
+  @type disks: list of L{objects.Disk}
+  @param disks: List of disks
+  @rtype: list of tuples; (int, string, string)
+  @return: List of wrongly named disks, each tuple contains disk index,
+    expected and actual name
+
+  """
+  result = []
+
+  for (idx, disk) in enumerate(disks):
+    exp_iv_name = "disk/%s" % idx
+    if disk.iv_name != exp_iv_name:
+      result.append((idx, exp_iv_name, disk.iv_name))
+
+  return result
+
+
  class ConfigWriter:
    """The interface to the cluster configuration.
  
  class ConfigWriter:
    """The interface to the cluster configuration.
  
@@ -129,29 +174,47 @@ class ConfigWriter:
    @ivar _all_rms: a list of all temporary reservation managers
  
    """
    @ivar _all_rms: a list of all temporary reservation managers
  
    """
-  def __init__(self, cfg_file=None, offline=False):
+  def __init__(self, cfg_file=None, offline=False, _getents=runtime.GetEnts,
+               accept_foreign=False):
      self.write_count = 0
      self._lock = _config_lock
      self._config_data = None
      self._offline = offline
      if cfg_file is None:
      self.write_count = 0
      self._lock = _config_lock
      self._config_data = None
      self._offline = offline
      if cfg_file is None:
-      self._cfg_file = constants.CLUSTER_CONF_FILE
+      self._cfg_file = pathutils.CLUSTER_CONF_FILE
      else:
        self._cfg_file = cfg_file
      else:
        self._cfg_file = cfg_file
+    self._getents = _getents
      self._temporary_ids = TemporaryReservationManager()
      self._temporary_drbds = {}
      self._temporary_macs = TemporaryReservationManager()
      self._temporary_secrets = TemporaryReservationManager()
      self._temporary_lvs = TemporaryReservationManager()
      self._temporary_ids = TemporaryReservationManager()
      self._temporary_drbds = {}
      self._temporary_macs = TemporaryReservationManager()
      self._temporary_secrets = TemporaryReservationManager()
      self._temporary_lvs = TemporaryReservationManager()
+    self._temporary_ips = TemporaryReservationManager()
      self._all_rms = [self._temporary_ids, self._temporary_macs,
      self._all_rms = [self._temporary_ids, self._temporary_macs,
-                     self._temporary_secrets, self._temporary_lvs]
+                     self._temporary_secrets, self._temporary_lvs,
+                     self._temporary_ips]
      # Note: in order to prevent errors when resolving our name in
      # _DistributeConfig, we compute it here once and reuse it; it's
      # better to raise an error before starting to modify the config
      # file than after it was modified
      # Note: in order to prevent errors when resolving our name in
      # _DistributeConfig, we compute it here once and reuse it; it's
      # better to raise an error before starting to modify the config
      # file than after it was modified
-    self._my_hostname = utils.HostInfo().name
+    self._my_hostname = netutils.Hostname.GetSysName()
      self._last_cluster_serial = -1
      self._last_cluster_serial = -1
-    self._OpenConfig()
+    self._cfg_id = None
+    self._context = None
+    self._OpenConfig(accept_foreign)
+
+  def _GetRpc(self, address_list):
+    """Returns RPC runner for configuration.
+
+    """
+    return rpc.ConfigRunner(self._context, address_list)
+
+  def SetContext(self, context):
+    """Sets Ganeti context.
+
+    """
+    self._context = context
  
    # this method needs to be static, so that we can call it on the class
    @staticmethod
  
    # this method needs to be static, so that we can call it on the class
    @staticmethod
@@ -159,28 +222,95 @@ class ConfigWriter:
      """Check if the cluster is configured.
  
      """
      """Check if the cluster is configured.
  
      """
-    return os.path.exists(constants.CLUSTER_CONF_FILE)
+    return os.path.exists(pathutils.CLUSTER_CONF_FILE)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNdParams(self, node):
+    """Get the node params populated with cluster defaults.
  
  
-  def _GenerateOneMAC(self):
-    """Generate one mac address
+    @type node: L{objects.Node}
+    @param node: The node we want to know the params for
+    @return: A dict with the filled in node params
  
      """
  
      """
-    prefix = self._config_data.cluster.mac_prefix
-    byte1 = random.randrange(0, 256)
-    byte2 = random.randrange(0, 256)
-    byte3 = random.randrange(0, 256)
-    mac = "%s:%02x:%02x:%02x" % (prefix, byte1, byte2, byte3)
-    return mac
+    nodegroup = self._UnlockedGetNodeGroup(node.group)
+    return self._config_data.cluster.FillND(node, nodegroup)
  
    @locking.ssynchronized(_config_lock, shared=1)
  
    @locking.ssynchronized(_config_lock, shared=1)
-  def GenerateMAC(self, ec_id):
+  def GetInstanceDiskParams(self, instance):
+    """Get the disk params populated with inherit chain.
+
+    @type instance: L{objects.Instance}
+    @param instance: The instance we want to know the params for
+    @return: A dict with the filled in disk params
+
+    """
+    node = self._UnlockedGetNodeInfo(instance.primary_node)
+    nodegroup = self._UnlockedGetNodeGroup(node.group)
+    return self._UnlockedGetGroupDiskParams(nodegroup)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetGroupDiskParams(self, group):
+    """Get the disk params populated with inherit chain.
+
+    @type group: L{objects.NodeGroup}
+    @param group: The group we want to know the params for
+    @return: A dict with the filled in disk params
+
+    """
+    return self._UnlockedGetGroupDiskParams(group)
+
+  def _UnlockedGetGroupDiskParams(self, group):
+    """Get the disk params populated with inherit chain down to node-group.
+
+    @type group: L{objects.NodeGroup}
+    @param group: The group we want to know the params for
+    @return: A dict with the filled in disk params
+
+    """
+    return self._config_data.cluster.SimpleFillDP(group.diskparams)
+
+  def _UnlockedGetNetworkMACPrefix(self, net_uuid):
+    """Return the network mac prefix if it exists or the cluster level default.
+
+    """
+    prefix = None
+    if net_uuid:
+      nobj = self._UnlockedGetNetwork(net_uuid)
+      if nobj.mac_prefix:
+        prefix = nobj.mac_prefix
+
+    return prefix
+
+  def _GenerateOneMAC(self, prefix=None):
+    """Return a function that randomly generates a MAC suffic
+       and appends it to the given prefix. If prefix is not given get
+       the cluster level default.
+
+    """
+    if not prefix:
+      prefix = self._config_data.cluster.mac_prefix
+
+    def GenMac():
+      byte1 = random.randrange(0, 256)
+      byte2 = random.randrange(0, 256)
+      byte3 = random.randrange(0, 256)
+      mac = "%s:%02x:%02x:%02x" % (prefix, byte1, byte2, byte3)
+      return mac
+
+    return GenMac
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GenerateMAC(self, net_uuid, ec_id):
      """Generate a MAC for an instance.
  
      This should check the current instances for duplicates.
  
      """
      existing = self._AllMACs()
      """Generate a MAC for an instance.
  
      This should check the current instances for duplicates.
  
      """
      existing = self._AllMACs()
-    return self._temporary_ids.Generate(existing, self._GenerateOneMAC, ec_id)
+    prefix = self._UnlockedGetNetworkMACPrefix(net_uuid)
+    gen_mac = self._GenerateOneMAC(prefix)
+    return self._temporary_ids.Generate(existing, gen_mac, ec_id)
  
    @locking.ssynchronized(_config_lock, shared=1)
    def ReserveMAC(self, mac, ec_id):
  
    @locking.ssynchronized(_config_lock, shared=1)
    def ReserveMAC(self, mac, ec_id):
@@ -194,7 +324,90 @@ class ConfigWriter:
      if mac in all_macs:
        raise errors.ReservationError("mac already in use")
      else:
      if mac in all_macs:
        raise errors.ReservationError("mac already in use")
      else:
-      self._temporary_macs.Reserve(mac, ec_id)
+      self._temporary_macs.Reserve(ec_id, mac)
+
+  def _UnlockedCommitTemporaryIps(self, ec_id):
+    """Commit all reserved IP address to their respective pools
+
+    """
+    for action, address, net_uuid in self._temporary_ips.GetECReserved(ec_id):
+      self._UnlockedCommitIp(action, net_uuid, address)
+
+  def _UnlockedCommitIp(self, action, net_uuid, address):
+    """Commit a reserved IP address to an IP pool.
+
+    The IP address is taken from the network's IP pool and marked as reserved.
+
+    """
+    nobj = self._UnlockedGetNetwork(net_uuid)
+    pool = network.AddressPool(nobj)
+    if action == constants.RESERVE_ACTION:
+      pool.Reserve(address)
+    elif action == constants.RELEASE_ACTION:
+      pool.Release(address)
+
+  def _UnlockedReleaseIp(self, net_uuid, address, ec_id):
+    """Give a specific IP address back to an IP pool.
+
+    The IP address is returned to the IP pool designated by pool_id and marked
+    as reserved.
+
+    """
+    self._temporary_ips.Reserve(ec_id,
+                                (constants.RELEASE_ACTION, address, net_uuid))
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def ReleaseIp(self, net_uuid, address, ec_id):
+    """Give a specified IP address back to an IP pool.
+
+    This is just a wrapper around _UnlockedReleaseIp.
+
+    """
+    if net_uuid:
+      self._UnlockedReleaseIp(net_uuid, address, ec_id)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GenerateIp(self, net_uuid, ec_id):
+    """Find a free IPv4 address for an instance.
+
+    """
+    nobj = self._UnlockedGetNetwork(net_uuid)
+    pool = network.AddressPool(nobj)
+
+    def gen_one():
+      try:
+        ip = pool.GenerateFree()
+      except errors.AddressPoolError:
+        raise errors.ReservationError("Cannot generate IP. Network is full")
+      return (constants.RESERVE_ACTION, ip, net_uuid)
+
+    _, address, _ = self._temporary_ips.Generate([], gen_one, ec_id)
+    return address
+
+  def _UnlockedReserveIp(self, net_uuid, address, ec_id):
+    """Reserve a given IPv4 address for use by an instance.
+
+    """
+    nobj = self._UnlockedGetNetwork(net_uuid)
+    pool = network.AddressPool(nobj)
+    try:
+      isreserved = pool.IsReserved(address)
+    except errors.AddressPoolError:
+      raise errors.ReservationError("IP address not in network")
+    if isreserved:
+      raise errors.ReservationError("IP address already in use")
+
+    return self._temporary_ips.Reserve(ec_id,
+                                       (constants.RESERVE_ACTION,
+                                        address, net_uuid))
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def ReserveIp(self, net_uuid, address, ec_id):
+    """Reserve a given IPv4 address for use by an instance.
+
+    """
+    if net_uuid:
+      return self._UnlockedReserveIp(net_uuid, address, ec_id)
  
    @locking.ssynchronized(_config_lock, shared=1)
    def ReserveLV(self, lv_name, ec_id):
  
    @locking.ssynchronized(_config_lock, shared=1)
    def ReserveLV(self, lv_name, ec_id):
@@ -208,7 +421,7 @@ class ConfigWriter:
      if lv_name in all_lvs:
        raise errors.ReservationError("LV already in use")
      else:
      if lv_name in all_lvs:
        raise errors.ReservationError("LV already in use")
      else:
-      self._temporary_lvs.Reserve(lv_name, ec_id)
+      self._temporary_lvs.Reserve(ec_id, lv_name)
  
    @locking.ssynchronized(_config_lock, shared=1)
    def GenerateDRBDSecret(self, ec_id):
  
    @locking.ssynchronized(_config_lock, shared=1)
    def GenerateDRBDSecret(self, ec_id):
@@ -232,6 +445,24 @@ class ConfigWriter:
          lvnames.update(lv_list)
      return lvnames
  
          lvnames.update(lv_list)
      return lvnames
  
+  def _AllDisks(self):
+    """Compute the list of all Disks.
+
+    """
+    disks = []
+    for instance in self._config_data.instances.values():
+      disks.extend(instance.disks)
+    return disks
+
+  def _AllNICs(self):
+    """Compute the list of all NICs.
+
+    """
+    nics = []
+    for instance in self._config_data.instances.values():
+      nics.extend(instance.nics)
+    return nics
+
    def _AllIDs(self, include_temporary):
      """Compute the list of all UUIDs and names we have.
  
    def _AllIDs(self, include_temporary):
      """Compute the list of all UUIDs and names we have.
  
@@ -349,24 +580,89 @@ class ConfigWriter:
          configuration errors
  
      """
          configuration errors
  
      """
+    # pylint: disable=R0914
      result = []
      seen_macs = []
      ports = {}
      data = self._config_data
      result = []
      seen_macs = []
      ports = {}
      data = self._config_data
+    cluster = data.cluster
      seen_lids = []
      seen_pids = []
  
      # global cluster checks
      seen_lids = []
      seen_pids = []
  
      # global cluster checks
-    if not data.cluster.enabled_hypervisors:
+    if not cluster.enabled_hypervisors:
        result.append("enabled hypervisors list doesn't have any entries")
        result.append("enabled hypervisors list doesn't have any entries")
-    invalid_hvs = set(data.cluster.enabled_hypervisors) - constants.HYPER_TYPES
+    invalid_hvs = set(cluster.enabled_hypervisors) - constants.HYPER_TYPES
      if invalid_hvs:
        result.append("enabled hypervisors contains invalid entries: %s" %
      if invalid_hvs:
        result.append("enabled hypervisors contains invalid entries: %s" %
-                    invalid_hvs)
-
-    if data.cluster.master_node not in data.nodes:
+                    utils.CommaJoin(invalid_hvs))
+    missing_hvp = (set(cluster.enabled_hypervisors) -
+                   set(cluster.hvparams.keys()))
+    if missing_hvp:
+      result.append("hypervisor parameters missing for the enabled"
+                    " hypervisor(s) %s" % utils.CommaJoin(missing_hvp))
+
+    if not cluster.enabled_disk_templates:
+      result.append("enabled disk templates list doesn't have any entries")
+    invalid_disk_templates = set(cluster.enabled_disk_templates) \
+                               - constants.DISK_TEMPLATES
+    if invalid_disk_templates:
+      result.append("enabled disk templates list contains invalid entries:"
+                    " %s" % utils.CommaJoin(invalid_disk_templates))
+
+    if cluster.master_node not in data.nodes:
        result.append("cluster has invalid primary node '%s'" %
        result.append("cluster has invalid primary node '%s'" %
-                    data.cluster.master_node)
+                    cluster.master_node)
+
+    def _helper(owner, attr, value, template):
+      try:
+        utils.ForceDictType(value, template)
+      except errors.GenericError, err:
+        result.append("%s has invalid %s: %s" % (owner, attr, err))
+
+    def _helper_nic(owner, params):
+      try:
+        objects.NIC.CheckParameterSyntax(params)
+      except errors.ConfigurationError, err:
+        result.append("%s has invalid nicparams: %s" % (owner, err))
+
+    def _helper_ipolicy(owner, ipolicy, iscluster):
+      try:
+        objects.InstancePolicy.CheckParameterSyntax(ipolicy, iscluster)
+      except errors.ConfigurationError, err:
+        result.append("%s has invalid instance policy: %s" % (owner, err))
+      for key, value in ipolicy.items():
+        if key == constants.ISPECS_MINMAX:
+          for k in range(len(value)):
+            _helper_ispecs(owner, "ipolicy/%s[%s]" % (key, k), value[k])
+        elif key == constants.ISPECS_STD:
+          _helper(owner, "ipolicy/" + key, value,
+                  constants.ISPECS_PARAMETER_TYPES)
+        else:
+          # FIXME: assuming list type
+          if key in constants.IPOLICY_PARAMETERS:
+            exp_type = float
+          else:
+            exp_type = list
+          if not isinstance(value, exp_type):
+            result.append("%s has invalid instance policy: for %s,"
+                          " expecting %s, got %s" %
+                          (owner, key, exp_type.__name__, type(value)))
+
+    def _helper_ispecs(owner, parentkey, params):
+      for (key, value) in params.items():
+        fullkey = "/".join([parentkey, key])
+        _helper(owner, fullkey, value, constants.ISPECS_PARAMETER_TYPES)
+
+    # check cluster parameters
+    _helper("cluster", "beparams", cluster.SimpleFillBE({}),
+            constants.BES_PARAMETER_TYPES)
+    _helper("cluster", "nicparams", cluster.SimpleFillNIC({}),
+            constants.NICS_PARAMETER_TYPES)
+    _helper_nic("cluster", cluster.SimpleFillNIC({}))
+    _helper("cluster", "ndparams", cluster.SimpleFillND({}),
+            constants.NDS_PARAMETER_TYPES)
+    _helper_ipolicy("cluster", cluster.ipolicy, True)
  
      # per-instance checks
      for instance_name in data.instances:
  
      # per-instance checks
      for instance_name in data.instances:
@@ -387,14 +683,30 @@ class ConfigWriter:
                          (instance_name, idx, nic.mac))
          else:
            seen_macs.append(nic.mac)
                          (instance_name, idx, nic.mac))
          else:
            seen_macs.append(nic.mac)
+        if nic.nicparams:
+          filled = cluster.SimpleFillNIC(nic.nicparams)
+          owner = "instance %s nic %d" % (instance.name, idx)
+          _helper(owner, "nicparams",
+                  filled, constants.NICS_PARAMETER_TYPES)
+          _helper_nic(owner, filled)
+
+      # disk template checks
+      if not instance.disk_template in data.cluster.enabled_disk_templates:
+        result.append("instance '%s' uses the disabled disk template '%s'." %
+                      (instance_name, instance.disk_template))
+
+      # parameter checks
+      if instance.beparams:
+        _helper("instance %s" % instance.name, "beparams",
+                cluster.FillBE(instance), constants.BES_PARAMETER_TYPES)
  
        # gather the drbd ports for duplicate checks
  
        # gather the drbd ports for duplicate checks
-      for dsk in instance.disks:
+      for (idx, dsk) in enumerate(instance.disks):
          if dsk.dev_type in constants.LDS_DRBD:
            tcp_port = dsk.logical_id[2]
            if tcp_port not in ports:
              ports[tcp_port] = []
          if dsk.dev_type in constants.LDS_DRBD:
            tcp_port = dsk.logical_id[2]
            if tcp_port not in ports:
              ports[tcp_port] = []
-          ports[tcp_port].append((instance.name, "drbd disk %s" % dsk.iv_name))
+          ports[tcp_port].append((instance.name, "drbd disk %s" % idx))
        # gather network port reservation
        net_port = getattr(instance, "network_port", None)
        if net_port is not None:
        # gather network port reservation
        net_port = getattr(instance, "network_port", None)
        if net_port is not None:
@@ -408,8 +720,17 @@ class ConfigWriter:
                         (instance.name, idx, msg) for msg in disk.Verify()])
          result.extend(self._CheckDiskIDs(disk, seen_lids, seen_pids))
  
                         (instance.name, idx, msg) for msg in disk.Verify()])
          result.extend(self._CheckDiskIDs(disk, seen_lids, seen_pids))
  
+      wrong_names = _CheckInstanceDiskIvNames(instance.disks)
+      if wrong_names:
+        tmp = "; ".join(("name of disk %s should be '%s', but is '%s'" %
+                         (idx, exp_name, actual_name))
+                        for (idx, exp_name, actual_name) in wrong_names)
+
+        result.append("Instance '%s' has wrongly named disks: %s" %
+                      (instance.name, tmp))
+
      # cluster-wide pool of free ports
      # cluster-wide pool of free ports
-    for free_port in data.cluster.tcpudp_port_pool:
+    for free_port in cluster.tcpudp_port_pool:
        if free_port not in ports:
          ports[free_port] = []
        ports[free_port].append(("cluster", "port marked as free"))
        if free_port not in ports:
          ports[free_port] = []
        ports[free_port].append(("cluster", "port marked as free"))
@@ -425,11 +746,11 @@ class ConfigWriter:
  
      # highest used tcp port check
      if keys:
  
      # highest used tcp port check
      if keys:
-      if keys[-1] > data.cluster.highest_used_port:
+      if keys[-1] > cluster.highest_used_port:
          result.append("Highest used port mismatch, saved %s, computed %s" %
          result.append("Highest used port mismatch, saved %s, computed %s" %
-                      (data.cluster.highest_used_port, keys[-1]))
+                      (cluster.highest_used_port, keys[-1]))
  
  
-    if not data.nodes[data.cluster.master_node].master_candidate:
+    if not data.nodes[cluster.master_node].master_candidate:
        result.append("Master node is not a master candidate")
  
      # master candidate checks
        result.append("Master node is not a master candidate")
  
      # master candidate checks
@@ -446,8 +767,41 @@ class ConfigWriter:
        if [node.master_candidate, node.drained, node.offline].count(True) > 1:
          result.append("Node %s state is invalid: master_candidate=%s,"
                        " drain=%s, offline=%s" %
        if [node.master_candidate, node.drained, node.offline].count(True) > 1:
          result.append("Node %s state is invalid: master_candidate=%s,"
                        " drain=%s, offline=%s" %
-                      (node.name, node.master_candidate, node.drain,
+                      (node.name, node.master_candidate, node.drained,
                         node.offline))
                         node.offline))
+      if node.group not in data.nodegroups:
+        result.append("Node '%s' has invalid group '%s'" %
+                      (node.name, node.group))
+      else:
+        _helper("node %s" % node.name, "ndparams",
+                cluster.FillND(node, data.nodegroups[node.group]),
+                constants.NDS_PARAMETER_TYPES)
+      used_globals = constants.NDC_GLOBALS.intersection(node.ndparams)
+      if used_globals:
+        result.append("Node '%s' has some global parameters set: %s" %
+                      (node.name, utils.CommaJoin(used_globals)))
+
+    # nodegroups checks
+    nodegroups_names = set()
+    for nodegroup_uuid in data.nodegroups:
+      nodegroup = data.nodegroups[nodegroup_uuid]
+      if nodegroup.uuid != nodegroup_uuid:
+        result.append("node group '%s' (uuid: '%s') indexed by wrong uuid '%s'"
+                      % (nodegroup.name, nodegroup.uuid, nodegroup_uuid))
+      if utils.UUID_RE.match(nodegroup.name.lower()):
+        result.append("node group '%s' (uuid: '%s') has uuid-like name" %
+                      (nodegroup.name, nodegroup.uuid))
+      if nodegroup.name in nodegroups_names:
+        result.append("duplicate node group name '%s'" % nodegroup.name)
+      else:
+        nodegroups_names.add(nodegroup.name)
+      group_name = "group %s" % nodegroup.name
+      _helper_ipolicy(group_name, cluster.SimpleFillIPolicy(nodegroup.ipolicy),
+                      False)
+      if nodegroup.ndparams:
+        _helper(group_name, "ndparams",
+                cluster.SimpleFillND(nodegroup.ndparams),
+                constants.NDS_PARAMETER_TYPES)
  
      # drbd minors check
      _, duplicates = self._UnlockedComputeDRBDMap()
  
      # drbd minors check
      _, duplicates = self._UnlockedComputeDRBDMap()
@@ -456,13 +810,13 @@ class ConfigWriter:
                      " %s and %s" % (minor, node, instance_a, instance_b))
  
      # IP checks
                      " %s and %s" % (minor, node, instance_a, instance_b))
  
      # IP checks
-    default_nicparams = data.cluster.nicparams[constants.PP_DEFAULT]
+    default_nicparams = cluster.nicparams[constants.PP_DEFAULT]
      ips = {}
  
      def _AddIpAddress(ip, name):
        ips.setdefault(ip, []).append(name)
  
      ips = {}
  
      def _AddIpAddress(ip, name):
        ips.setdefault(ip, []).append(name)
  
-    _AddIpAddress(data.cluster.master_ip, "cluster_ip")
+    _AddIpAddress(cluster.master_ip, "cluster_ip")
  
      for node in data.nodes.values():
        _AddIpAddress(node.primary_ip, "node:%s/primary" % node.name)
  
      for node in data.nodes.values():
        _AddIpAddress(node.primary_ip, "node:%s/primary" % node.name)
@@ -485,7 +839,7 @@ class ConfigWriter:
          else:
            raise errors.ProgrammerError("NIC mode '%s' not handled" % nic_mode)
  
          else:
            raise errors.ProgrammerError("NIC mode '%s' not handled" % nic_mode)
  
-        _AddIpAddress("%s/%s" % (link, nic.ip),
+        _AddIpAddress("%s/%s/%s" % (link, nic.ip, nic.network),
                        "instance:%s/nic:%d" % (instance.name, idx))
  
      for ip, owners in ips.items():
                        "instance:%s/nic:%d" % (instance.name, idx))
  
      for ip, owners in ips.items():
@@ -563,12 +917,15 @@ class ConfigWriter:
    def AddTcpUdpPort(self, port):
      """Adds a new port to the available port pool.
  
    def AddTcpUdpPort(self, port):
      """Adds a new port to the available port pool.
  
+    @warning: this method does not "flush" the configuration (via
+        L{_WriteConfig}); callers should do that themselves once the
+        configuration is stable
+
      """
      if not isinstance(port, int):
        raise errors.ProgrammerError("Invalid type passed for port")
  
      self._config_data.cluster.tcpudp_port_pool.add(port)
      """
      if not isinstance(port, int):
        raise errors.ProgrammerError("Invalid type passed for port")
  
      self._config_data.cluster.tcpudp_port_pool.add(port)
-    self._WriteConfig()
  
    @locking.ssynchronized(_config_lock, shared=1)
    def GetPortList(self):
  
    @locking.ssynchronized(_config_lock, shared=1)
    def GetPortList(self):
@@ -787,6 +1144,20 @@ class ConfigWriter:
      return self._config_data.cluster.master_netdev
  
    @locking.ssynchronized(_config_lock, shared=1)
      return self._config_data.cluster.master_netdev
  
    @locking.ssynchronized(_config_lock, shared=1)
+  def GetMasterNetmask(self):
+    """Get the netmask of the master node for this cluster.
+
+    """
+    return self._config_data.cluster.master_netmask
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetUseExternalMipScript(self):
+    """Get flag representing whether to use the external master IP setup script.
+
+    """
+    return self._config_data.cluster.use_external_mip_script
+
+  @locking.ssynchronized(_config_lock, shared=1)
    def GetFileStorageDir(self):
      """Get the file storage dir for this cluster.
  
    def GetFileStorageDir(self):
      """Get the file storage dir for this cluster.
  
@@ -794,6 +1165,13 @@ class ConfigWriter:
      return self._config_data.cluster.file_storage_dir
  
    @locking.ssynchronized(_config_lock, shared=1)
      return self._config_data.cluster.file_storage_dir
  
    @locking.ssynchronized(_config_lock, shared=1)
+  def GetSharedFileStorageDir(self):
+    """Get the shared file storage dir for this cluster.
+
+    """
+    return self._config_data.cluster.shared_file_storage_dir
+
+  @locking.ssynchronized(_config_lock, shared=1)
    def GetHypervisorType(self):
      """Get the hypervisor type for this cluster.
  
    def GetHypervisorType(self):
      """Get the hypervisor type for this cluster.
  
@@ -810,6 +1188,207 @@ class ConfigWriter:
      """
      return self._config_data.cluster.rsahostkeypub
  
      """
      return self._config_data.cluster.rsahostkeypub
  
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetDefaultIAllocator(self):
+    """Get the default instance allocator for this cluster.
+
+    """
+    return self._config_data.cluster.default_iallocator
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetPrimaryIPFamily(self):
+    """Get cluster primary ip family.
+
+    @return: primary ip family
+
+    """
+    return self._config_data.cluster.primary_ip_family
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetMasterNetworkParameters(self):
+    """Get network parameters of the master node.
+
+    @rtype: L{object.MasterNetworkParameters}
+    @return: network parameters of the master node
+
+    """
+    cluster = self._config_data.cluster
+    result = objects.MasterNetworkParameters(
+      name=cluster.master_node, ip=cluster.master_ip,
+      netmask=cluster.master_netmask, netdev=cluster.master_netdev,
+      ip_family=cluster.primary_ip_family)
+
+    return result
+
+  @locking.ssynchronized(_config_lock)
+  def AddNodeGroup(self, group, ec_id, check_uuid=True):
+    """Add a node group to the configuration.
+
+    This method calls group.UpgradeConfig() to fill any missing attributes
+    according to their default values.
+
+    @type group: L{objects.NodeGroup}
+    @param group: the NodeGroup object to add
+    @type ec_id: string
+    @param ec_id: unique id for the job to use when creating a missing UUID
+    @type check_uuid: bool
+    @param check_uuid: add an UUID to the group if it doesn't have one or, if
+                       it does, ensure that it does not exist in the
+                       configuration already
+
+    """
+    self._UnlockedAddNodeGroup(group, ec_id, check_uuid)
+    self._WriteConfig()
+
+  def _UnlockedAddNodeGroup(self, group, ec_id, check_uuid):
+    """Add a node group to the configuration.
+
+    """
+    logging.info("Adding node group %s to configuration", group.name)
+
+    # Some code might need to add a node group with a pre-populated UUID
+    # generated with ConfigWriter.GenerateUniqueID(). We allow them to bypass
+    # the "does this UUID" exist already check.
+    if check_uuid:
+      self._EnsureUUID(group, ec_id)
+
+    try:
+      existing_uuid = self._UnlockedLookupNodeGroup(group.name)
+    except errors.OpPrereqError:
+      pass
+    else:
+      raise errors.OpPrereqError("Desired group name '%s' already exists as a"
+                                 " node group (UUID: %s)" %
+                                 (group.name, existing_uuid),
+                                 errors.ECODE_EXISTS)
+
+    group.serial_no = 1
+    group.ctime = group.mtime = time.time()
+    group.UpgradeConfig()
+
+    self._config_data.nodegroups[group.uuid] = group
+    self._config_data.cluster.serial_no += 1
+
+  @locking.ssynchronized(_config_lock)
+  def RemoveNodeGroup(self, group_uuid):
+    """Remove a node group from the configuration.
+
+    @type group_uuid: string
+    @param group_uuid: the UUID of the node group to remove
+
+    """
+    logging.info("Removing node group %s from configuration", group_uuid)
+
+    if group_uuid not in self._config_data.nodegroups:
+      raise errors.ConfigurationError("Unknown node group '%s'" % group_uuid)
+
+    assert len(self._config_data.nodegroups) != 1, \
+            "Group '%s' is the only group, cannot be removed" % group_uuid
+
+    del self._config_data.nodegroups[group_uuid]
+    self._config_data.cluster.serial_no += 1
+    self._WriteConfig()
+
+  def _UnlockedLookupNodeGroup(self, target):
+    """Lookup a node group's UUID.
+
+    @type target: string or None
+    @param target: group name or UUID or None to look for the default
+    @rtype: string
+    @return: nodegroup UUID
+    @raises errors.OpPrereqError: when the target group cannot be found
+
+    """
+    if target is None:
+      if len(self._config_data.nodegroups) != 1:
+        raise errors.OpPrereqError("More than one node group exists. Target"
+                                   " group must be specified explicitly.")
+      else:
+        return self._config_data.nodegroups.keys()[0]
+    if target in self._config_data.nodegroups:
+      return target
+    for nodegroup in self._config_data.nodegroups.values():
+      if nodegroup.name == target:
+        return nodegroup.uuid
+    raise errors.OpPrereqError("Node group '%s' not found" % target,
+                               errors.ECODE_NOENT)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def LookupNodeGroup(self, target):
+    """Lookup a node group's UUID.
+
+    This function is just a wrapper over L{_UnlockedLookupNodeGroup}.
+
+    @type target: string or None
+    @param target: group name or UUID or None to look for the default
+    @rtype: string
+    @return: nodegroup UUID
+
+    """
+    return self._UnlockedLookupNodeGroup(target)
+
+  def _UnlockedGetNodeGroup(self, uuid):
+    """Lookup a node group.
+
+    @type uuid: string
+    @param uuid: group UUID
+    @rtype: L{objects.NodeGroup} or None
+    @return: nodegroup object, or None if not found
+
+    """
+    if uuid not in self._config_data.nodegroups:
+      return None
+
+    return self._config_data.nodegroups[uuid]
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNodeGroup(self, uuid):
+    """Lookup a node group.
+
+    @type uuid: string
+    @param uuid: group UUID
+    @rtype: L{objects.NodeGroup} or None
+    @return: nodegroup object, or None if not found
+
+    """
+    return self._UnlockedGetNodeGroup(uuid)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetAllNodeGroupsInfo(self):
+    """Get the configuration of all node groups.
+
+    """
+    return dict(self._config_data.nodegroups)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNodeGroupList(self):
+    """Get a list of node groups.
+
+    """
+    return self._config_data.nodegroups.keys()
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNodeGroupMembersByNodes(self, nodes):
+    """Get nodes which are member in the same nodegroups as the given nodes.
+
+    """
+    ngfn = lambda node_name: self._UnlockedGetNodeInfo(node_name).group
+    return frozenset(member_name
+                     for node_name in nodes
+                     for member_name in
+                       self._UnlockedGetNodeGroup(ngfn(node_name)).members)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetMultiNodeGroupInfo(self, group_uuids):
+    """Get the configuration of multiple node groups.
+
+    @param group_uuids: List of node group UUIDs
+    @rtype: list
+    @return: List of tuples of (group_uuid, group_info)
+
+    """
+    return [(uuid, self._UnlockedGetNodeGroup(uuid)) for uuid in group_uuids]
+
    @locking.ssynchronized(_config_lock)
    def AddInstance(self, instance, ec_id):
      """Add an instance to the config.
    @locking.ssynchronized(_config_lock)
    def AddInstance(self, instance, ec_id):
      """Add an instance to the config.
@@ -841,6 +1420,7 @@ class ConfigWriter:
      self._config_data.instances[instance.name] = instance
      self._config_data.cluster.serial_no += 1
      self._UnlockedReleaseDRBDMinors(instance.name)
      self._config_data.instances[instance.name] = instance
      self._config_data.cluster.serial_no += 1
      self._UnlockedReleaseDRBDMinors(instance.name)
+    self._UnlockedCommitTemporaryIps(ec_id)
      self._WriteConfig()
  
    def _EnsureUUID(self, item, ec_id):
      self._WriteConfig()
  
    def _EnsureUUID(self, item, ec_id):
@@ -856,19 +1436,27 @@ class ConfigWriter:
        raise errors.ConfigurationError("Cannot add '%s': UUID %s already"
                                        " in use" % (item.name, item.uuid))
  
        raise errors.ConfigurationError("Cannot add '%s': UUID %s already"
                                        " in use" % (item.name, item.uuid))
  
-  def _SetInstanceStatus(self, instance_name, status):
+  def _SetInstanceStatus(self, instance_name, status, disks_active):
      """Set the instance's status to a given value.
  
      """
      """Set the instance's status to a given value.
  
      """
-    assert isinstance(status, bool), \
-           "Invalid status '%s' passed to SetInstanceStatus" % (status,)
-
      if instance_name not in self._config_data.instances:
        raise errors.ConfigurationError("Unknown instance '%s'" %
                                        instance_name)
      instance = self._config_data.instances[instance_name]
      if instance_name not in self._config_data.instances:
        raise errors.ConfigurationError("Unknown instance '%s'" %
                                        instance_name)
      instance = self._config_data.instances[instance_name]
-    if instance.admin_up != status:
-      instance.admin_up = status
+
+    if status is None:
+      status = instance.admin_state
+    if disks_active is None:
+      disks_active = instance.disks_active
+
+    assert status in constants.ADMINST_ALL, \
+           "Invalid status '%s' passed to SetInstanceStatus" % (status,)
+
+    if instance.admin_state != status or \
+       instance.disks_active != disks_active:
+      instance.admin_state = status
+      instance.disks_active = disks_active
        instance.serial_no += 1
        instance.mtime = time.time()
        self._WriteConfig()
        instance.serial_no += 1
        instance.mtime = time.time()
        self._WriteConfig()
@@ -877,8 +1465,19 @@ class ConfigWriter:
    def MarkInstanceUp(self, instance_name):
      """Mark the instance status to up in the config.
  
    def MarkInstanceUp(self, instance_name):
      """Mark the instance status to up in the config.
  
+    This also sets the instance disks active flag.
+
+    """
+    self._SetInstanceStatus(instance_name, constants.ADMINST_UP, True)
+
+  @locking.ssynchronized(_config_lock)
+  def MarkInstanceOffline(self, instance_name):
+    """Mark the instance status to down in the config.
+
+    This also clears the instance disks active flag.
+
      """
      """
-    self._SetInstanceStatus(instance_name, True)
+    self._SetInstanceStatus(instance_name, constants.ADMINST_OFFLINE, False)
  
    @locking.ssynchronized(_config_lock)
    def RemoveInstance(self, instance_name):
  
    @locking.ssynchronized(_config_lock)
    def RemoveInstance(self, instance_name):
@@ -887,6 +1486,21 @@ class ConfigWriter:
      """
      if instance_name not in self._config_data.instances:
        raise errors.ConfigurationError("Unknown instance '%s'" % instance_name)
      """
      if instance_name not in self._config_data.instances:
        raise errors.ConfigurationError("Unknown instance '%s'" % instance_name)
+
+    # If a network port has been allocated to the instance,
+    # return it to the pool of free ports.
+    inst = self._config_data.instances[instance_name]
+    network_port = getattr(inst, "network_port", None)
+    if network_port is not None:
+      self._config_data.cluster.tcpudp_port_pool.add(network_port)
+
+    instance = self._UnlockedGetInstanceInfo(instance_name)
+
+    for nic in instance.nics:
+      if nic.network and nic.ip:
+        # Return all IP addresses to the respective address pools
+        self._UnlockedCommitIp(constants.RELEASE_ACTION, nic.network, nic.ip)
+
      del self._config_data.instances[instance_name]
      self._config_data.cluster.serial_no += 1
      self._WriteConfig()
      del self._config_data.instances[instance_name]
      self._config_data.cluster.serial_no += 1
      self._WriteConfig()
@@ -902,28 +1516,52 @@ class ConfigWriter:
      """
      if old_name not in self._config_data.instances:
        raise errors.ConfigurationError("Unknown instance '%s'" % old_name)
      """
      if old_name not in self._config_data.instances:
        raise errors.ConfigurationError("Unknown instance '%s'" % old_name)
-    inst = self._config_data.instances[old_name]
-    del self._config_data.instances[old_name]
+
+    # Operate on a copy to not loose instance object in case of a failure
+    inst = self._config_data.instances[old_name].Copy()
      inst.name = new_name
  
      inst.name = new_name
  
-    for disk in inst.disks:
+    for (idx, disk) in enumerate(inst.disks):
        if disk.dev_type == constants.LD_FILE:
          # rename the file paths in logical and physical id
          file_storage_dir = os.path.dirname(os.path.dirname(disk.logical_id[1]))
        if disk.dev_type == constants.LD_FILE:
          # rename the file paths in logical and physical id
          file_storage_dir = os.path.dirname(os.path.dirname(disk.logical_id[1]))
-        disk.physical_id = disk.logical_id = (disk.logical_id[0],
-                                              utils.PathJoin(file_storage_dir,
-                                                             inst.name,
-                                                             disk.iv_name))
+        disk.logical_id = (disk.logical_id[0],
+                           utils.PathJoin(file_storage_dir, inst.name,
+                                          "disk%s" % idx))
+        disk.physical_id = disk.logical_id
  
  
+    # Actually replace instance object
+    del self._config_data.instances[old_name]
      self._config_data.instances[inst.name] = inst
      self._config_data.instances[inst.name] = inst
+
+    # Force update of ssconf files
+    self._config_data.cluster.serial_no += 1
+
      self._WriteConfig()
  
    @locking.ssynchronized(_config_lock)
    def MarkInstanceDown(self, instance_name):
      """Mark the status of an instance to down in the configuration.
  
      self._WriteConfig()
  
    @locking.ssynchronized(_config_lock)
    def MarkInstanceDown(self, instance_name):
      """Mark the status of an instance to down in the configuration.
  
+    This does not touch the instance disks active flag, as shut down instances
+    can still have active disks.
+
+    """
+    self._SetInstanceStatus(instance_name, constants.ADMINST_DOWN, None)
+
+  @locking.ssynchronized(_config_lock)
+  def MarkInstanceDisksActive(self, instance_name):
+    """Mark the status of instance disks active.
+
+    """
+    self._SetInstanceStatus(instance_name, None, True)
+
+  @locking.ssynchronized(_config_lock)
+  def MarkInstanceDisksInactive(self, instance_name):
+    """Mark the status of instance disks inactive.
+
      """
      """
-    self._SetInstanceStatus(instance_name, False)
+    self._SetInstanceStatus(instance_name, None, False)
  
    def _UnlockedGetInstanceList(self):
      """Get the list of instances.
  
    def _UnlockedGetInstanceList(self):
      """Get the list of instances.
@@ -943,14 +1581,12 @@ class ConfigWriter:
      """
      return self._UnlockedGetInstanceList()
  
      """
      return self._UnlockedGetInstanceList()
  
-  @locking.ssynchronized(_config_lock, shared=1)
    def ExpandInstanceName(self, short_name):
      """Attempt to expand an incomplete instance name.
  
      """
    def ExpandInstanceName(self, short_name):
      """Attempt to expand an incomplete instance name.
  
      """
-    return utils.MatchNameComponent(short_name,
-                                    self._config_data.instances.keys(),
-                                    case_sensitive=False)
+    # Locking is done in L{ConfigWriter.GetInstanceList}
+    return _MatchNameComponentIgnoreCase(short_name, self.GetInstanceList())
  
    def _UnlockedGetInstanceInfo(self, instance_name):
      """Returns information about an instance.
  
    def _UnlockedGetInstanceInfo(self, instance_name):
      """Returns information about an instance.
@@ -980,6 +1616,56 @@ class ConfigWriter:
      return self._UnlockedGetInstanceInfo(instance_name)
  
    @locking.ssynchronized(_config_lock, shared=1)
      return self._UnlockedGetInstanceInfo(instance_name)
  
    @locking.ssynchronized(_config_lock, shared=1)
+  def GetInstanceNodeGroups(self, instance_name, primary_only=False):
+    """Returns set of node group UUIDs for instance's nodes.
+
+    @rtype: frozenset
+
+    """
+    instance = self._UnlockedGetInstanceInfo(instance_name)
+    if not instance:
+      raise errors.ConfigurationError("Unknown instance '%s'" % instance_name)
+
+    if primary_only:
+      nodes = [instance.primary_node]
+    else:
+      nodes = instance.all_nodes
+
+    return frozenset(self._UnlockedGetNodeInfo(node_name).group
+                     for node_name in nodes)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetInstanceNetworks(self, instance_name):
+    """Returns set of network UUIDs for instance's nics.
+
+    @rtype: frozenset
+
+    """
+    instance = self._UnlockedGetInstanceInfo(instance_name)
+    if not instance:
+      raise errors.ConfigurationError("Unknown instance '%s'" % instance_name)
+
+    networks = set()
+    for nic in instance.nics:
+      if nic.network:
+        networks.add(nic.network)
+
+    return frozenset(networks)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetMultiInstanceInfo(self, instances):
+    """Get the configuration of multiple instances.
+
+    @param instances: list of instance names
+    @rtype: list
+    @return: list of tuples (instance, instance_info), where
+        instance_info is what would GetInstanceInfo return for the
+        node, while keeping the original order
+
+    """
+    return [(name, self._UnlockedGetInstanceInfo(name)) for name in instances]
+
+  @locking.ssynchronized(_config_lock, shared=1)
    def GetAllInstancesInfo(self):
      """Get the configuration of all instances.
  
    def GetAllInstancesInfo(self):
      """Get the configuration of all instances.
  
@@ -992,6 +1678,22 @@ class ConfigWriter:
                      for instance in self._UnlockedGetInstanceList()])
      return my_dict
  
                      for instance in self._UnlockedGetInstanceList()])
      return my_dict
  
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetInstancesInfoByFilter(self, filter_fn):
+    """Get instance configuration with a filter.
+
+    @type filter_fn: callable
+    @param filter_fn: Filter function receiving instance object as parameter,
+      returning boolean. Important: this function is called while the
+      configuration locks is held. It must not do any complex work or call
+      functions potentially leading to a deadlock. Ideally it doesn't call any
+      other functions and just compares instance attributes.
+
+    """
+    return dict((name, inst)
+                for (name, inst) in self._config_data.instances.items()
+                if filter_fn(inst))
+
    @locking.ssynchronized(_config_lock)
    def AddNode(self, node, ec_id):
      """Add a node to the configuration.
    @locking.ssynchronized(_config_lock)
    def AddNode(self, node, ec_id):
      """Add a node to the configuration.
@@ -1006,6 +1708,7 @@ class ConfigWriter:
  
      node.serial_no = 1
      node.ctime = node.mtime = time.time()
  
      node.serial_no = 1
      node.ctime = node.mtime = time.time()
+    self._UnlockedAddNodeToGroup(node.name, node.group)
      self._config_data.nodes[node.name] = node
      self._config_data.cluster.serial_no += 1
      self._WriteConfig()
      self._config_data.nodes[node.name] = node
      self._config_data.cluster.serial_no += 1
      self._WriteConfig()
@@ -1020,18 +1723,17 @@ class ConfigWriter:
      if node_name not in self._config_data.nodes:
        raise errors.ConfigurationError("Unknown node '%s'" % node_name)
  
      if node_name not in self._config_data.nodes:
        raise errors.ConfigurationError("Unknown node '%s'" % node_name)
  
+    self._UnlockedRemoveNodeFromGroup(self._config_data.nodes[node_name])
      del self._config_data.nodes[node_name]
      self._config_data.cluster.serial_no += 1
      self._WriteConfig()
  
      del self._config_data.nodes[node_name]
      self._config_data.cluster.serial_no += 1
      self._WriteConfig()
  
-  @locking.ssynchronized(_config_lock, shared=1)
    def ExpandNodeName(self, short_name):
    def ExpandNodeName(self, short_name):
-    """Attempt to expand an incomplete instance name.
+    """Attempt to expand an incomplete node name.
  
      """
  
      """
-    return utils.MatchNameComponent(short_name,
-                                    self._config_data.nodes.keys(),
-                                    case_sensitive=False)
+    # Locking is done in L{ConfigWriter.GetNodeList}
+    return _MatchNameComponentIgnoreCase(short_name, self.GetNodeList())
  
    def _UnlockedGetNodeInfo(self, node_name):
      """Get the configuration of a node, as stored in the config.
  
    def _UnlockedGetNodeInfo(self, node_name):
      """Get the configuration of a node, as stored in the config.
@@ -1064,6 +1766,71 @@ class ConfigWriter:
      """
      return self._UnlockedGetNodeInfo(node_name)
  
      """
      return self._UnlockedGetNodeInfo(node_name)
  
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNodeInstances(self, node_name):
+    """Get the instances of a node, as stored in the config.
+
+    @param node_name: the node name, e.g. I{node1.example.com}
+
+    @rtype: (list, list)
+    @return: a tuple with two lists: the primary and the secondary instances
+
+    """
+    pri = []
+    sec = []
+    for inst in self._config_data.instances.values():
+      if inst.primary_node == node_name:
+        pri.append(inst.name)
+      if node_name in inst.secondary_nodes:
+        sec.append(inst.name)
+    return (pri, sec)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNodeGroupInstances(self, uuid, primary_only=False):
+    """Get the instances of a node group.
+
+    @param uuid: Node group UUID
+    @param primary_only: Whether to only consider primary nodes
+    @rtype: frozenset
+    @return: List of instance names in node group
+
+    """
+    if primary_only:
+      nodes_fn = lambda inst: [inst.primary_node]
+    else:
+      nodes_fn = lambda inst: inst.all_nodes
+
+    return frozenset(inst.name
+                     for inst in self._config_data.instances.values()
+                     for node_name in nodes_fn(inst)
+                     if self._UnlockedGetNodeInfo(node_name).group == uuid)
+
+  def _UnlockedGetHvparamsString(self, hvname):
+    """Return the string representation of the list of hyervisor parameters of
+    the given hypervisor.
+
+    @see: C{GetHvparams}
+
+    """
+    result = ""
+    hvparams = self._config_data.cluster.hvparams[hvname]
+    for key in hvparams:
+      result += "%s=%s\n" % (key, hvparams[key])
+    return result
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetHvparamsString(self, hvname):
+    """Return the hypervisor parameters of the given hypervisor.
+
+    @type hvname: string
+    @param hvname: name of a hypervisor
+    @rtype: string
+    @return: string containing key-value-pairs, one pair on each line;
+      format: KEY=VALUE
+
+    """
+    return self._UnlockedGetHvparamsString(hvname)
+
    def _UnlockedGetNodeList(self):
      """Return the list of nodes which are in the configuration.
  
    def _UnlockedGetNodeList(self):
      """Return the list of nodes which are in the configuration.
  
@@ -1098,6 +1865,37 @@ class ConfigWriter:
      return self._UnlockedGetOnlineNodeList()
  
    @locking.ssynchronized(_config_lock, shared=1)
      return self._UnlockedGetOnlineNodeList()
  
    @locking.ssynchronized(_config_lock, shared=1)
+  def GetVmCapableNodeList(self):
+    """Return the list of nodes which are not vm capable.
+
+    """
+    all_nodes = [self._UnlockedGetNodeInfo(node)
+                 for node in self._UnlockedGetNodeList()]
+    return [node.name for node in all_nodes if node.vm_capable]
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNonVmCapableNodeList(self):
+    """Return the list of nodes which are not vm capable.
+
+    """
+    all_nodes = [self._UnlockedGetNodeInfo(node)
+                 for node in self._UnlockedGetNodeList()]
+    return [node.name for node in all_nodes if not node.vm_capable]
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetMultiNodeInfo(self, nodes):
+    """Get the configuration of multiple nodes.
+
+    @param nodes: list of node names
+    @rtype: list
+    @return: list of tuples of (node, node_info), where node_info is
+        what would GetNodeInfo return for the node, in the original
+        order
+
+    """
+    return [(name, self._UnlockedGetNodeInfo(name)) for name in nodes]
+
+  @locking.ssynchronized(_config_lock, shared=1)
    def GetAllNodesInfo(self):
      """Get the configuration of all nodes.
  
    def GetAllNodesInfo(self):
      """Get the configuration of all nodes.
  
@@ -1106,9 +1904,27 @@ class ConfigWriter:
                would GetNodeInfo return for the node
  
      """
                would GetNodeInfo return for the node
  
      """
-    my_dict = dict([(node, self._UnlockedGetNodeInfo(node))
-                    for node in self._UnlockedGetNodeList()])
-    return my_dict
+    return self._UnlockedGetAllNodesInfo()
+
+  def _UnlockedGetAllNodesInfo(self):
+    """Gets configuration of all nodes.
+
+    @note: See L{GetAllNodesInfo}
+
+    """
+    return dict([(node, self._UnlockedGetNodeInfo(node))
+                 for node in self._UnlockedGetNodeList()])
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNodeGroupsFromNodes(self, nodes):
+    """Returns groups for a list of nodes.
+
+    @type nodes: list of string
+    @param nodes: List of node names
+    @rtype: frozenset
+
+    """
+    return frozenset(self._UnlockedGetNodeInfo(name).group for name in nodes)
  
    def _UnlockedGetMasterCandidateStats(self, exceptions=None):
      """Get the number of current and maximum desired and possible candidates.
  
    def _UnlockedGetMasterCandidateStats(self, exceptions=None):
      """Get the number of current and maximum desired and possible candidates.
@@ -1123,7 +1939,7 @@ class ConfigWriter:
      for node in self._config_data.nodes.values():
        if exceptions and node.name in exceptions:
          continue
      for node in self._config_data.nodes.values():
        if exceptions and node.name in exceptions:
          continue
-      if not (node.offline or node.drained):
+      if not (node.offline or node.drained) and node.master_capable:
          mc_max += 1
        if node.master_candidate:
          mc_now += 1
          mc_max += 1
        if node.master_candidate:
          mc_now += 1
@@ -1164,7 +1980,7 @@ class ConfigWriter:
            break
          node = self._config_data.nodes[name]
          if (node.master_candidate or node.offline or node.drained or
            break
          node = self._config_data.nodes[name]
          if (node.master_candidate or node.offline or node.drained or
-            node.name in exceptions):
+            node.name in exceptions or not node.master_capable):
            continue
          mod_list.append(node)
          node.master_candidate = True
            continue
          mod_list.append(node)
          node.master_candidate = True
@@ -1180,6 +1996,107 @@ class ConfigWriter:
  
      return mod_list
  
  
      return mod_list
  
+  def _UnlockedAddNodeToGroup(self, node_name, nodegroup_uuid):
+    """Add a given node to the specified group.
+
+    """
+    if nodegroup_uuid not in self._config_data.nodegroups:
+      # This can happen if a node group gets deleted between its lookup and
+      # when we're adding the first node to it, since we don't keep a lock in
+      # the meantime. It's ok though, as we'll fail cleanly if the node group
+      # is not found anymore.
+      raise errors.OpExecError("Unknown node group: %s" % nodegroup_uuid)
+    if node_name not in self._config_data.nodegroups[nodegroup_uuid].members:
+      self._config_data.nodegroups[nodegroup_uuid].members.append(node_name)
+
+  def _UnlockedRemoveNodeFromGroup(self, node):
+    """Remove a given node from its group.
+
+    """
+    nodegroup = node.group
+    if nodegroup not in self._config_data.nodegroups:
+      logging.warning("Warning: node '%s' has unknown node group '%s'"
+                      " (while being removed from it)", node.name, nodegroup)
+    nodegroup_obj = self._config_data.nodegroups[nodegroup]
+    if node.name not in nodegroup_obj.members:
+      logging.warning("Warning: node '%s' not a member of its node group '%s'"
+                      " (while being removed from it)", node.name, nodegroup)
+    else:
+      nodegroup_obj.members.remove(node.name)
+
+  @locking.ssynchronized(_config_lock)
+  def AssignGroupNodes(self, mods):
+    """Changes the group of a number of nodes.
+
+    @type mods: list of tuples; (node name, new group UUID)
+    @param mods: Node membership modifications
+
+    """
+    groups = self._config_data.nodegroups
+    nodes = self._config_data.nodes
+
+    resmod = []
+
+    # Try to resolve names/UUIDs first
+    for (node_name, new_group_uuid) in mods:
+      try:
+        node = nodes[node_name]
+      except KeyError:
+        raise errors.ConfigurationError("Unable to find node '%s'" % node_name)
+
+      if node.group == new_group_uuid:
+        # Node is being assigned to its current group
+        logging.debug("Node '%s' was assigned to its current group (%s)",
+                      node_name, node.group)
+        continue
+
+      # Try to find current group of node
+      try:
+        old_group = groups[node.group]
+      except KeyError:
+        raise errors.ConfigurationError("Unable to find old group '%s'" %
+                                        node.group)
+
+      # Try to find new group for node
+      try:
+        new_group = groups[new_group_uuid]
+      except KeyError:
+        raise errors.ConfigurationError("Unable to find new group '%s'" %
+                                        new_group_uuid)
+
+      assert node.name in old_group.members, \
+        ("Inconsistent configuration: node '%s' not listed in members for its"
+         " old group '%s'" % (node.name, old_group.uuid))
+      assert node.name not in new_group.members, \
+        ("Inconsistent configuration: node '%s' already listed in members for"
+         " its new group '%s'" % (node.name, new_group.uuid))
+
+      resmod.append((node, old_group, new_group))
+
+    # Apply changes
+    for (node, old_group, new_group) in resmod:
+      assert node.uuid != new_group.uuid and old_group.uuid != new_group.uuid, \
+        "Assigning to current group is not possible"
+
+      node.group = new_group.uuid
+
+      # Update members of involved groups
+      if node.name in old_group.members:
+        old_group.members.remove(node.name)
+      if node.name not in new_group.members:
+        new_group.members.append(node.name)
+
+    # Update timestamps and serials (only once per node/group object)
+    now = time.time()
+    for obj in frozenset(itertools.chain(*resmod)): # pylint: disable=W0142
+      obj.serial_no += 1
+      obj.mtime = now
+
+    # Force ssconf update
+    self._config_data.cluster.serial_no += 1
+
+    self._WriteConfig()
+
    def _BumpSerialNo(self):
      """Bump up the serial number of the config.
  
    def _BumpSerialNo(self):
      """Bump up the serial number of the config.
  
@@ -1193,9 +2110,13 @@ class ConfigWriter:
      """
      return (self._config_data.instances.values() +
              self._config_data.nodes.values() +
      """
      return (self._config_data.instances.values() +
              self._config_data.nodes.values() +
+            self._config_data.nodegroups.values() +
+            self._config_data.networks.values() +
+            self._AllDisks() +
+            self._AllNICs() +
              [self._config_data.cluster])
  
              [self._config_data.cluster])
  
-  def _OpenConfig(self):
+  def _OpenConfig(self, accept_foreign):
      """Read the config data from disk.
  
      """
      """Read the config data from disk.
  
      """
@@ -1209,43 +2130,78 @@ class ConfigWriter:
      # Make sure the configuration has the right version
      _ValidateConfig(data)
  
      # Make sure the configuration has the right version
      _ValidateConfig(data)
  
-    if (not hasattr(data, 'cluster') or
-        not hasattr(data.cluster, 'rsahostkeypub')):
+    if (not hasattr(data, "cluster") or
+        not hasattr(data.cluster, "rsahostkeypub")):
        raise errors.ConfigurationError("Incomplete configuration"
                                        " (missing cluster.rsahostkeypub)")
  
        raise errors.ConfigurationError("Incomplete configuration"
                                        " (missing cluster.rsahostkeypub)")
  
-    # Upgrade configuration if needed
-    data.UpgradeConfig()
+    if data.cluster.master_node != self._my_hostname and not accept_foreign:
+      msg = ("The configuration denotes node %s as master, while my"
+             " hostname is %s; opening a foreign configuration is only"
+             " possible in accept_foreign mode" %
+             (data.cluster.master_node, self._my_hostname))
+      raise errors.ConfigurationError(msg)
  
      self._config_data = data
      # reset the last serial as -1 so that the next write will cause
      # ssconf update
      self._last_cluster_serial = -1
  
  
      self._config_data = data
      # reset the last serial as -1 so that the next write will cause
      # ssconf update
      self._last_cluster_serial = -1
  
-    # And finally run our (custom) config upgrade sequence
+    # Upgrade configuration if needed
      self._UpgradeConfig()
  
      self._UpgradeConfig()
  
+    self._cfg_id = utils.GetFileID(path=self._cfg_file)
+
    def _UpgradeConfig(self):
    def _UpgradeConfig(self):
-    """Run upgrade steps that cannot be done purely in the objects.
+    """Run any upgrade steps.
  
  
-    This is because some data elements need uniqueness across the
-    whole configuration, etc.
+    This method performs both in-object upgrades and also update some data
+    elements that need uniqueness across the whole configuration or interact
+    with other objects.
  
  
-    @warning: this function will call L{_WriteConfig()}, so it needs
-        to either be called with the lock held or from a safe place
-        (the constructor)
+    @warning: this function will call L{_WriteConfig()}, but also
+        L{DropECReservations} so it needs to be called only from a
+        "safe" place (the constructor). If one wanted to call it with
+        the lock held, a DropECReservationUnlocked would need to be
+        created first, to avoid causing deadlock.
  
      """
  
      """
-    modified = False
+    # Keep a copy of the persistent part of _config_data to check for changes
+    # Serialization doesn't guarantee order in dictionaries
+    oldconf = copy.deepcopy(self._config_data.ToDict())
+
+    # In-object upgrades
+    self._config_data.UpgradeConfig()
+
      for item in self._AllUUIDObjects():
        if item.uuid is None:
          item.uuid = self._GenerateUniqueID(_UPGRADE_CONFIG_JID)
      for item in self._AllUUIDObjects():
        if item.uuid is None:
          item.uuid = self._GenerateUniqueID(_UPGRADE_CONFIG_JID)
-        modified = True
+    if not self._config_data.nodegroups:
+      default_nodegroup_name = constants.INITIAL_NODE_GROUP_NAME
+      default_nodegroup = objects.NodeGroup(name=default_nodegroup_name,
+                                            members=[])
+      self._UnlockedAddNodeGroup(default_nodegroup, _UPGRADE_CONFIG_JID, True)
+    for node in self._config_data.nodes.values():
+      if not node.group:
+        node.group = self.LookupNodeGroup(None)
+      # This is technically *not* an upgrade, but needs to be done both when
+      # nodegroups are being added, and upon normally loading the config,
+      # because the members list of a node group is discarded upon
+      # serializing/deserializing the object.
+      self._UnlockedAddNodeToGroup(node.name, node.group)
+
+    modified = (oldconf != self._config_data.ToDict())
      if modified:
        self._WriteConfig()
        # This is ok even if it acquires the internal lock, as _UpgradeConfig is
        # only called at config init time, without the lock held
        self.DropECReservations(_UPGRADE_CONFIG_JID)
      if modified:
        self._WriteConfig()
        # This is ok even if it acquires the internal lock, as _UpgradeConfig is
        # only called at config init time, without the lock held
        self.DropECReservations(_UPGRADE_CONFIG_JID)
+    else:
+      config_errors = self._UnlockedVerifyConfig()
+      if config_errors:
+        errmsg = ("Loaded configuration data is not consistent: %s" %
+                  (utils.CommaJoin(config_errors)))
+        logging.critical(errmsg)
  
    def _DistributeConfig(self, feedback_fn):
      """Distribute the configuration to the other nodes.
  
    def _DistributeConfig(self, feedback_fn):
      """Distribute the configuration to the other nodes.
@@ -1275,8 +2231,9 @@ class ConfigWriter:
        node_list.append(node_info.name)
        addr_list.append(node_info.primary_ip)
  
        node_list.append(node_info.name)
        addr_list.append(node_info.primary_ip)
  
-    result = rpc.RpcRunner.call_upload_file(node_list, self._cfg_file,
-                                            address_list=addr_list)
+    # TODO: Use dedicated resolver talking to config writer for name resolution
+    result = \
+      self._GetRpc(addr_list).call_upload_file(node_list, self._cfg_file)
      for to_node, to_result in result.items():
        msg = to_result.fail_msg
        if msg:
      for to_node, to_result in result.items():
        msg = to_result.fail_msg
        if msg:
@@ -1314,7 +2271,18 @@ class ConfigWriter:
      self._BumpSerialNo()
      txt = serializer.Dump(self._config_data.ToDict())
  
      self._BumpSerialNo()
      txt = serializer.Dump(self._config_data.ToDict())
  
-    utils.WriteFile(destination, data=txt)
+    getents = self._getents()
+    try:
+      fd = utils.SafeWriteFile(destination, self._cfg_id, data=txt,
+                               close=False, gid=getents.confd_gid, mode=0640)
+    except errors.LockError:
+      raise errors.ConfigurationError("The configuration file has been"
+                                      " modified since the last write, cannot"
+                                      " update")
+    try:
+      self._cfg_id = utils.GetFileID(fd=fd)
+    finally:
+      os.close(fd)
  
      self.write_count += 1
  
  
      self.write_count += 1
  
@@ -1324,7 +2292,7 @@ class ConfigWriter:
      # Write ssconf files on all nodes (including locally)
      if self._last_cluster_serial < self._config_data.cluster.serial_no:
        if not self._offline:
      # Write ssconf files on all nodes (including locally)
      if self._last_cluster_serial < self._config_data.cluster.serial_no:
        if not self._offline:
-        result = rpc.RpcRunner.call_write_ssconf_files(
+        result = self._GetRpc(None).call_write_ssconf_files(
            self._UnlockedGetOnlineNodeList(),
            self._UnlockedGetSsconfValues())
  
            self._UnlockedGetOnlineNodeList(),
            self._UnlockedGetSsconfValues())
  
@@ -1340,6 +2308,40 @@ class ConfigWriter:
  
        self._last_cluster_serial = self._config_data.cluster.serial_no
  
  
        self._last_cluster_serial = self._config_data.cluster.serial_no
  
+  def _GetAllHvparamsStrings(self, hypervisors):
+    """Get the hvparams of all given hypervisors from the config.
+
+    @type hypervisors: list of string
+    @param hypervisors: list of hypervisor names
+    @rtype: dict of strings
+    @returns: dictionary mapping the hypervisor name to a string representation
+      of the hypervisor's hvparams
+
+    """
+    hvparams = {}
+    for hv in hypervisors:
+      hvparams[hv] = self._UnlockedGetHvparamsString(hv)
+    return hvparams
+
+  @staticmethod
+  def _ExtendByAllHvparamsStrings(ssconf_values, all_hvparams):
+    """Extends the ssconf_values dictionary by hvparams.
+
+    @type ssconf_values: dict of strings
+    @param ssconf_values: dictionary mapping ssconf_keys to strings
+      representing the content of ssconf files
+    @type all_hvparams: dict of strings
+    @param all_hvparams: dictionary mapping hypervisor names to a string
+      representation of their hvparams
+    @rtype: same as ssconf_values
+    @returns: the ssconf_values dictionary extended by hvparams
+
+    """
+    for hv in all_hvparams:
+      ssconf_key = constants.SS_HVPARAMS_PREF + hv
+      ssconf_values[ssconf_key] = all_hvparams[hv]
+    return ssconf_values
+
    def _UnlockedGetSsconfValues(self):
      """Return the values needed by ssconf.
  
    def _UnlockedGetSsconfValues(self):
      """Return the values needed by ssconf.
  
@@ -1371,26 +2373,58 @@ class ConfigWriter:
      cluster_tags = fn(cluster.GetTags())
  
      hypervisor_list = fn(cluster.enabled_hypervisors)
      cluster_tags = fn(cluster.GetTags())
  
      hypervisor_list = fn(cluster.enabled_hypervisors)
+    all_hvparams = self._GetAllHvparamsStrings(constants.HYPER_TYPES)
+
+    uid_pool = uidpool.FormatUidPool(cluster.uid_pool, separator="\n")
+
+    nodegroups = ["%s %s" % (nodegroup.uuid, nodegroup.name) for nodegroup in
+                  self._config_data.nodegroups.values()]
+    nodegroups_data = fn(utils.NiceSort(nodegroups))
+    networks = ["%s %s" % (net.uuid, net.name) for net in
+                self._config_data.networks.values()]
+    networks_data = fn(utils.NiceSort(networks))
  
  
-    return {
+    ssconf_values = {
        constants.SS_CLUSTER_NAME: cluster.cluster_name,
        constants.SS_CLUSTER_TAGS: cluster_tags,
        constants.SS_FILE_STORAGE_DIR: cluster.file_storage_dir,
        constants.SS_CLUSTER_NAME: cluster.cluster_name,
        constants.SS_CLUSTER_TAGS: cluster_tags,
        constants.SS_FILE_STORAGE_DIR: cluster.file_storage_dir,
+      constants.SS_SHARED_FILE_STORAGE_DIR: cluster.shared_file_storage_dir,
        constants.SS_MASTER_CANDIDATES: mc_data,
        constants.SS_MASTER_CANDIDATES_IPS: mc_ips_data,
        constants.SS_MASTER_IP: cluster.master_ip,
        constants.SS_MASTER_NETDEV: cluster.master_netdev,
        constants.SS_MASTER_CANDIDATES: mc_data,
        constants.SS_MASTER_CANDIDATES_IPS: mc_ips_data,
        constants.SS_MASTER_IP: cluster.master_ip,
        constants.SS_MASTER_NETDEV: cluster.master_netdev,
+      constants.SS_MASTER_NETMASK: str(cluster.master_netmask),
        constants.SS_MASTER_NODE: cluster.master_node,
        constants.SS_NODE_LIST: node_data,
        constants.SS_NODE_PRIMARY_IPS: node_pri_ips_data,
        constants.SS_NODE_SECONDARY_IPS: node_snd_ips_data,
        constants.SS_OFFLINE_NODES: off_data,
        constants.SS_ONLINE_NODES: on_data,
        constants.SS_MASTER_NODE: cluster.master_node,
        constants.SS_NODE_LIST: node_data,
        constants.SS_NODE_PRIMARY_IPS: node_pri_ips_data,
        constants.SS_NODE_SECONDARY_IPS: node_snd_ips_data,
        constants.SS_OFFLINE_NODES: off_data,
        constants.SS_ONLINE_NODES: on_data,
+      constants.SS_PRIMARY_IP_FAMILY: str(cluster.primary_ip_family),
        constants.SS_INSTANCE_LIST: instance_data,
        constants.SS_RELEASE_VERSION: constants.RELEASE_VERSION,
        constants.SS_HYPERVISOR_LIST: hypervisor_list,
        constants.SS_MAINTAIN_NODE_HEALTH: str(cluster.maintain_node_health),
        constants.SS_INSTANCE_LIST: instance_data,
        constants.SS_RELEASE_VERSION: constants.RELEASE_VERSION,
        constants.SS_HYPERVISOR_LIST: hypervisor_list,
        constants.SS_MAINTAIN_NODE_HEALTH: str(cluster.maintain_node_health),
+      constants.SS_UID_POOL: uid_pool,
+      constants.SS_NODEGROUPS: nodegroups_data,
+      constants.SS_NETWORKS: networks_data,
        }
        }
+    ssconf_values = self._ExtendByAllHvparamsStrings(ssconf_values,
+                                                     all_hvparams)
+    bad_values = [(k, v) for k, v in ssconf_values.items()
+                  if not isinstance(v, (str, basestring))]
+    if bad_values:
+      err = utils.CommaJoin("%s=%s" % (k, v) for k, v in bad_values)
+      raise errors.ConfigurationError("Some ssconf key(s) have non-string"
+                                      " values: %s" % err)
+    return ssconf_values
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetSsconfValues(self):
+    """Wrapper using lock around _UnlockedGetSsconf().
+
+    """
+    return self._UnlockedGetSsconfValues()
  
    @locking.ssynchronized(_config_lock, shared=1)
    def GetVGName(self):
  
    @locking.ssynchronized(_config_lock, shared=1)
    def GetVGName(self):
@@ -1409,6 +2443,22 @@ class ConfigWriter:
      self._WriteConfig()
  
    @locking.ssynchronized(_config_lock, shared=1)
      self._WriteConfig()
  
    @locking.ssynchronized(_config_lock, shared=1)
+  def GetDRBDHelper(self):
+    """Return DRBD usermode helper.
+
+    """
+    return self._config_data.cluster.drbd_usermode_helper
+
+  @locking.ssynchronized(_config_lock)
+  def SetDRBDHelper(self, drbd_helper):
+    """Set DRBD usermode helper.
+
+    """
+    self._config_data.cluster.drbd_usermode_helper = drbd_helper
+    self._config_data.cluster.serial_no += 1
+    self._WriteConfig()
+
+  @locking.ssynchronized(_config_lock, shared=1)
    def GetMACPrefix(self):
      """Return the mac prefix.
  
    def GetMACPrefix(self):
      """Return the mac prefix.
  
@@ -1425,8 +2475,15 @@ class ConfigWriter:
      """
      return self._config_data.cluster
  
      """
      return self._config_data.cluster
  
+  @locking.ssynchronized(_config_lock, shared=1)
+  def HasAnyDiskOfType(self, dev_type):
+    """Check if in there is at disk of the given type in the configuration.
+
+    """
+    return self._config_data.HasAnyDiskOfType(dev_type)
+
    @locking.ssynchronized(_config_lock)
    @locking.ssynchronized(_config_lock)
-  def Update(self, target, feedback_fn):
+  def Update(self, target, feedback_fn, ec_id=None):
      """Notify function to be called after updates.
  
      This function must be called when an object (as returned by
      """Notify function to be called after updates.
  
      This function must be called when an object (as returned by
@@ -1452,6 +2509,10 @@ class ConfigWriter:
        update_serial = True
      elif isinstance(target, objects.Instance):
        test = target in self._config_data.instances.values()
        update_serial = True
      elif isinstance(target, objects.Instance):
        test = target in self._config_data.instances.values()
+    elif isinstance(target, objects.NodeGroup):
+      test = target in self._config_data.nodegroups.values()
+    elif isinstance(target, objects.Network):
+      test = target in self._config_data.networks.values()
      else:
        raise errors.ProgrammerError("Invalid object type (%s) passed to"
                                     " ConfigWriter.Update" % type(target))
      else:
        raise errors.ProgrammerError("Invalid object type (%s) passed to"
                                     " ConfigWriter.Update" % type(target))
@@ -1469,6 +2530,10 @@ class ConfigWriter:
      if isinstance(target, objects.Instance):
        self._UnlockedReleaseDRBDMinors(target.name)
  
      if isinstance(target, objects.Instance):
        self._UnlockedReleaseDRBDMinors(target.name)
  
+    if ec_id is not None:
+      # Commit all ips reserved by OpInstanceSetParams and OpGroupSetParams
+      self._UnlockedCommitTemporaryIps(ec_id)
+
      self._WriteConfig(feedback_fn=feedback_fn)
  
    @locking.ssynchronized(_config_lock)
      self._WriteConfig(feedback_fn=feedback_fn)
  
    @locking.ssynchronized(_config_lock)
@@ -1478,3 +2543,192 @@ class ConfigWriter:
      """
      for rm in self._all_rms:
        rm.DropECReservations(ec_id)
      """
      for rm in self._all_rms:
        rm.DropECReservations(ec_id)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetAllNetworksInfo(self):
+    """Get configuration info of all the networks.
+
+    """
+    return dict(self._config_data.networks)
+
+  def _UnlockedGetNetworkList(self):
+    """Get the list of networks.
+
+    This function is for internal use, when the config lock is already held.
+
+    """
+    return self._config_data.networks.keys()
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNetworkList(self):
+    """Get the list of networks.
+
+    @return: array of networks, ex. ["main", "vlan100", "200]
+
+    """
+    return self._UnlockedGetNetworkList()
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNetworkNames(self):
+    """Get a list of network names
+
+    """
+    names = [net.name
+             for net in self._config_data.networks.values()]
+    return names
+
+  def _UnlockedGetNetwork(self, uuid):
+    """Returns information about a network.
+
+    This function is for internal use, when the config lock is already held.
+
+    """
+    if uuid not in self._config_data.networks:
+      return None
+
+    return self._config_data.networks[uuid]
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetNetwork(self, uuid):
+    """Returns information about a network.
+
+    It takes the information from the configuration file.
+
+    @param uuid: UUID of the network
+
+    @rtype: L{objects.Network}
+    @return: the network object
+
+    """
+    return self._UnlockedGetNetwork(uuid)
+
+  @locking.ssynchronized(_config_lock)
+  def AddNetwork(self, net, ec_id, check_uuid=True):
+    """Add a network to the configuration.
+
+    @type net: L{objects.Network}
+    @param net: the Network object to add
+    @type ec_id: string
+    @param ec_id: unique id for the job to use when creating a missing UUID
+
+    """
+    self._UnlockedAddNetwork(net, ec_id, check_uuid)
+    self._WriteConfig()
+
+  def _UnlockedAddNetwork(self, net, ec_id, check_uuid):
+    """Add a network to the configuration.
+
+    """
+    logging.info("Adding network %s to configuration", net.name)
+
+    if check_uuid:
+      self._EnsureUUID(net, ec_id)
+
+    net.serial_no = 1
+    self._config_data.networks[net.uuid] = net
+    self._config_data.cluster.serial_no += 1
+
+  def _UnlockedLookupNetwork(self, target):
+    """Lookup a network's UUID.
+
+    @type target: string
+    @param target: network name or UUID
+    @rtype: string
+    @return: network UUID
+    @raises errors.OpPrereqError: when the target network cannot be found
+
+    """
+    if target is None:
+      return None
+    if target in self._config_data.networks:
+      return target
+    for net in self._config_data.networks.values():
+      if net.name == target:
+        return net.uuid
+    raise errors.OpPrereqError("Network '%s' not found" % target,
+                               errors.ECODE_NOENT)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def LookupNetwork(self, target):
+    """Lookup a network's UUID.
+
+    This function is just a wrapper over L{_UnlockedLookupNetwork}.
+
+    @type target: string
+    @param target: network name or UUID
+    @rtype: string
+    @return: network UUID
+
+    """
+    return self._UnlockedLookupNetwork(target)
+
+  @locking.ssynchronized(_config_lock)
+  def RemoveNetwork(self, network_uuid):
+    """Remove a network from the configuration.
+
+    @type network_uuid: string
+    @param network_uuid: the UUID of the network to remove
+
+    """
+    logging.info("Removing network %s from configuration", network_uuid)
+
+    if network_uuid not in self._config_data.networks:
+      raise errors.ConfigurationError("Unknown network '%s'" % network_uuid)
+
+    del self._config_data.networks[network_uuid]
+    self._config_data.cluster.serial_no += 1
+    self._WriteConfig()
+
+  def _UnlockedGetGroupNetParams(self, net_uuid, node):
+    """Get the netparams (mode, link) of a network.
+
+    Get a network's netparams for a given node.
+
+    @type net_uuid: string
+    @param net_uuid: network uuid
+    @type node: string
+    @param node: node name
+    @rtype: dict or None
+    @return: netparams
+
+    """
+    node_info = self._UnlockedGetNodeInfo(node)
+    nodegroup_info = self._UnlockedGetNodeGroup(node_info.group)
+    netparams = nodegroup_info.networks.get(net_uuid, None)
+
+    return netparams
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def GetGroupNetParams(self, net_uuid, node):
+    """Locking wrapper of _UnlockedGetGroupNetParams()
+
+    """
+    return self._UnlockedGetGroupNetParams(net_uuid, node)
+
+  @locking.ssynchronized(_config_lock, shared=1)
+  def CheckIPInNodeGroup(self, ip, node):
+    """Check IP uniqueness in nodegroup.
+
+    Check networks that are connected in the node's node group
+    if ip is contained in any of them. Used when creating/adding
+    a NIC to ensure uniqueness among nodegroups.
+
+    @type ip: string
+    @param ip: ip address
+    @type node: string
+    @param node: node name
+    @rtype: (string, dict) or (None, None)
+    @return: (network name, netparams)
+
+    """
+    if ip is None:
+      return (None, None)
+    node_info = self._UnlockedGetNodeInfo(node)
+    nodegroup_info = self._UnlockedGetNodeGroup(node_info.group)
+    for net_uuid in nodegroup_info.networks.keys():
+      net_info = self._UnlockedGetNetwork(net_uuid)
+      pool = network.AddressPool(net_info)
+      if pool.Contains(ip):
+        return (net_info.name, nodegroup_info.networks[net_uuid])
+
+    return (None, None)