News
====
+Version 2.1.2.1
+---------------
+
+*(Released Fri, 7 May 2010)*
+
+Fix a bug which prevented untagged KVM instances from starting.
+
+
+Version 2.1.2
+-------------
+
+*(Released Fri, 7 May 2010)*
+
+Another release with a long development cycle, during which many
+different features were added.
+
+Significant features
+~~~~~~~~~~~~~~~~~~~~
+
+The KVM hypervisor now can run the individual instances as non-root, to
+reduce the impact of a VM being hijacked due to bugs in the
+hypervisor. It is possible to run all instances as a single (non-root)
+user, to manually specify a user for each instance, or to dynamically
+allocate a user out of a cluster-wide pool to each instance, with the
+guarantee that no two instances will run under the same user ID on any
+given node.
+
+An experimental RAPI client library, that can be used standalone
+(without the other Ganeti libraries), is provided in the source tree as
+``lib/rapi/client.py``. Note this client might change its interface in
+the future, as we iterate on its capabilities.
+
+A new command, ``gnt-cluster renew-crypto`` has been added to easily
+replace the cluster's certificates and crypto keys. This might help in
+case they have been compromised, or have simply expired.
+
+A new disk option for instance creation has been added that allows one
+to "adopt" currently existing logical volumes, with data
+preservation. This should allow easier migration to Ganeti from
+unmanaged (or managed via other software) instances.
+
+Another disk improvement is the possibility to convert between redundant
+(DRBD) and plain (LVM) disk configuration for an instance. This should
+allow better scalability (starting with one node and growing the
+cluster, or shrinking a two-node cluster to one node).
+
+A new feature that could help with automated node failovers has been
+implemented: if a node sees itself as offline (by querying the master
+candidates), it will try to shutdown (hard) all instances and any active
+DRBD devices. This reduces the risk of duplicate instances if an
+external script automatically failovers the instances on such nodes. To
+enable this, the cluster parameter ``maintain_node_health`` should be
+enabled; in the future this option (per the name) will enable other
+automatic maintenance features.
+
+Instance export/import now will reuse the original instance
+specifications for all parameters; that means exporting an instance,
+deleting it and the importing it back should give an almost identical
+instance. Note that the default import behaviour has changed from
+before, where it created only one NIC; now it recreates the original
+number of NICs.
+
+Cluster verify has added a few new checks: SSL certificates validity,
+/etc/hosts consistency across the cluster, etc.
+
+Other changes
+~~~~~~~~~~~~~
+
+As usual, many internal changes were done, documentation fixes,
+etc. Among others:
+
+- Fixed cluster initialization with disabled cluster storage (regression
+ introduced in 2.1.1)
+- File-based storage supports growing the disks
+- Fixed behaviour of node role changes
+- Fixed cluster verify for some corner cases, plus a general rewrite of
+ cluster verify to allow future extension with more checks
+- Fixed log spamming by watcher and node daemon (regression introduced
+ in 2.1.1)
+- Fixed possible validation issues when changing the list of enabled
+ hypervisors
+- Fixed cleanup of /etc/hosts during node removal
+- Fixed RAPI response for invalid methods
+- Fixed bug with hashed passwords in ``ganeti-rapi`` daemon
+- Multiple small improvements to the KVM hypervisor (VNC usage, booting
+ from ide disks, etc.)
+- Allow OS changes without re-installation (to record a changed OS
+ outside of Ganeti, or to allow OS renames)
+- Allow instance creation without OS installation (useful for example if
+ the OS will be installed manually, or restored from a backup not in
+ Ganeti format)
+- Implemented option to make cluster ``copyfile`` use the replication
+ network
+- Added list of enabled hypervisors to ssconf (possibly useful for
+ external scripts)
+- Added a new tool (``tools/cfgupgrade12``) that allows upgrading from
+ 1.2 clusters
+- A partial form of node re-IP is possible via node readd, which now
+ allows changed node primary IP
+- Command line utilities now show an informational message if the job is
+ waiting for a lock
+- The logs of the master daemon now show the PID/UID/GID of the
+ connected client
+
+
+Version 2.1.1
+-------------
+
+*(Released Fri, 12 Mar 2010)*
+
+During the 2.1.0 long release candidate cycle, a lot of improvements and
+changes have accumulated with were released later as 2.1.1.
+
+Major changes
+~~~~~~~~~~~~~
+
+The node evacuate command (``gnt-node evacuate``) was significantly
+rewritten, and as such the IAllocator protocol was changed - a new
+request type has been added. This unfortunate change during a stable
+series is designed to improve performance of node evacuations; on
+clusters with more than about five nodes and which are well-balanced,
+evacuation should proceed in parallel for all instances of the node
+being evacuated. As such, any existing IAllocator scripts need to be
+updated, otherwise the above command will fail due to the unknown
+request. The provided "dumb" allocator has not been updated; but the
+ganeti-htools package supports the new protocol since version 0.2.4.
+
+Another important change is increased validation of node and instance
+names. This might create problems in special cases, if invalid host
+names are being used.
+
+Also, a new layer of hypervisor parameters has been added, that sits at
+OS level between the cluster defaults and the instance ones. This allows
+customisation of virtualization parameters depending on the installed
+OS. For example instances with OS 'X' may have a different KVM kernel
+(or any other parameter) than the cluster defaults. This is intended to
+help managing a multiple OSes on the same cluster, without manual
+modification of each instance's parameters.
+
+A tool for merging clusters, ``cluster-merge``, has been added in the
+tools sub-directory.
+
+Bug fixes
+~~~~~~~~~
+
+- Improved the int/float conversions that should make the code more
+ robust in face of errors from the node daemons
+- Fixed the remove node code in case of internal configuration errors
+- Fixed the node daemon behaviour in face of inconsistent queue
+ directory (e.g. read-only file-system where we can't open the files
+ read-write, etc.)
+- Fixed the behaviour of gnt-node modify for master candidate demotion;
+ now it either aborts cleanly or, if given the new “auto_promote”
+ parameter, will automatically promote other nodes as needed
+- Fixed compatibility with (unreleased yet) Python 2.6.5 that would
+ completely prevent Ganeti from working
+- Fixed bug for instance export when not all disks were successfully
+ exported
+- Fixed behaviour of node add when the new node is slow in starting up
+ the node daemon
+- Fixed handling of signals in the LUXI client, which should improve
+ behaviour of command-line scripts
+- Added checks for invalid node/instance names in the configuration (now
+ flagged during cluster verify)
+- Fixed watcher behaviour for disk activation errors
+- Fixed two potentially endless loops in http library, which led to the
+ RAPI daemon hanging and consuming 100% CPU in some cases
+- Fixed bug in RAPI daemon related to hashed passwords
+- Fixed bug for unintended qemu-level bridging of multi-NIC KVM
+ instances
+- Enhanced compatibility with non-Debian OSes, but not using absolute
+ path in some commands and allowing customisation of the ssh
+ configuration directory
+- Fixed possible future issue with new Python versions by abiding to the
+ proper use of ``__slots__`` attribute on classes
+- Added checks that should prevent directory traversal attacks
+- Many documentation fixes based on feedback from users
+
+New features
+~~~~~~~~~~~~
+
+- Added an “early_release” more for instance replace disks and node
+ evacuate, where we release locks earlier and thus allow higher
+ parallelism within the cluster
+- Added watcher hooks, intended to allow the watcher to restart other
+ daemons (e.g. from the ganeti-nbma project), but they can be used of
+ course for any other purpose
+- Added a compile-time disable for DRBD barriers, to increase
+ performance if the administrator trusts the power supply or the
+ storage system to not lose writes
+- Added the option of using syslog for logging instead of, or in
+ addition to, Ganeti's own log files
+- Removed boot restriction for paravirtual NICs for KVM, recent versions
+ can indeed boot from a paravirtual NIC
+- Added a generic debug level for many operations; while this is not
+ used widely yet, it allows one to pass the debug value all the way to
+ the OS scripts
+- Enhanced the hooks environment for instance moves (failovers,
+ migrations) where the primary/secondary nodes changed during the
+ operation, by adding {NEW,OLD}_{PRIMARY,SECONDARY} vars
+- Enhanced data validations for many user-supplied values; one important
+ item is the restrictions imposed on instance and node names, which
+ might reject some (invalid) host names
+- Add a configure-time option to disable file-based storage, if it's not
+ needed; this allows greater security separation between the master
+ node and the other nodes from the point of view of the inter-node RPC
+ protocol
+- Added user notification in interactive tools if job is waiting in the
+ job queue or trying to acquire locks
+- Added log messages when a job is waiting for locks
+- Added filtering by node tags in instance operations which admit
+ multiple instances (start, stop, reboot, reinstall)
+- Added a new tool for cluster mergers, ``cluster-merge``
+- Parameters from command line which are of the form ``a=b,c=d`` can now
+ use backslash escapes to pass in values which contain commas,
+ e.g. ``a=b\\c,d=e`` where the 'a' parameter would get the value
+ ``b,c``
+- For KVM, the instance name is the first parameter passed to KVM, so
+ that it's more visible in the process list
+
Version 2.1.0
-------------
+*(Released Tue, 2 Mar 2010)*
+
Ganeti 2.1 brings many improvements with it. Major changes:
- Added infrastructure to ease automated disk repairs
- Improved job locking logic to reduce impact of jobs acquiring multiple
locks waiting for other long-running jobs
-Detailed implementation details can be found in the Ganeti 2.1 design
+In-depth implementation details can be found in the Ganeti 2.1 design
document.
Details
``device_model``)
- Added more options to xen-pvm hypervisor (``use_bootloader``,
``bootloader_path`` and ``bootloader_args``)
+- Added the ``use_localtime`` option for the xen-hvm and kvm
+ hypervisors, and the default value for this has changed to false (in
+ 2.0 xen-hvm always enabled it)
- Added luxi call to submit multiple jobs in one go
-- Added cluster initialization time option to not modify ``/etc/hosts``
+- Added cluster initialization option to not modify ``/etc/hosts``
file on nodes
- Added network interface parameters
- Added dry run mode to some LUs
``--verbose`` to restore previous behaviour)
- Added UUIDs to the main config entities (cluster, nodes, instances)
- Added support for OS variants
+- Added support for hashed passwords in the Ganeti remote API users file
+ (``rapi_users``)
+- Added option to specify maximum timeout on instance shutdown
+- Added ``--no-ssh-init`` option to ``gnt-cluster init``
+- Added new helper script to start and stop Ganeti daemons
+ (``daemon-util``), with the intent to reduce the work necessary to
+ adjust Ganeti for non-Debian distributions and to start/stop daemons
+ from one place
- Added more unittests
- Fixed critical bug in ganeti-masterd startup
+- Removed the configure-time ``kvm-migration-port`` parameter, this is
+ now customisable at the cluster level for both the KVM and Xen
+ hypervisors using the new ``migration_port`` parameter
- Pass ``INSTANCE_REINSTALL`` variable to OS installation script when
reinstalling an instance
-- Converted to Sphinx (http://sphinx.pocoo.org/) for documentation
+- Allowed ``@`` in tag names
+- Migrated to Sphinx (http://sphinx.pocoo.org/) for documentation
- Many documentation updates
- Distribute hypervisor files on ``gnt-cluster redist-conf``
- ``gnt-instance reinstall`` can now reinstall multiple instances
- Match instance and node names case insensitively
- Reimplemented bash completion script to be more complete
- Improved burnin
-- Added option to specify maximum timeout on instance shutdown
-- Added ``--no-ssh-init`` option to ``gnt-cluster init``
+
+
+Version 2.0.6
+-------------
+
+*(Released Thu, 4 Feb 2010)*
+
+- Fix cleaner behaviour on nodes not in a cluster (Debian bug 568105)
+- Fix a string formatting bug
+- Improve safety of the code in some error paths
+- Improve data validation in the master of values returned from nodes
+
+
+Version 2.0.5
+-------------
+
+*(Released Thu, 17 Dec 2009)*
+
+- Fix security issue due to missing validation of iallocator names; this
+ allows local and remote execution of arbitrary executables
+- Fix failure of gnt-node list during instance removal
+- Ship the RAPI documentation in the archive
Version 2.0.4
-------------
+*(Released Wed, 30 Sep 2009)*
+
- Fixed many wrong messages
- Fixed a few bugs related to the locking library
- Fixed MAC checking at instance creation time
Version 2.0.3
-------------
+*(Released Fri, 7 Aug 2009)*
+
- Added ``--ignore-size`` to the ``gnt-instance activate-disks`` command
to allow using the pre-2.0.2 behaviour in activation, if any existing
instances have mismatched disk sizes in the configuration
Version 2.0.2
-------------
+*(Released Fri, 17 Jul 2009)*
+
- Added experimental support for stripped logical volumes; this should
enhance performance but comes with a higher complexity in the block
device handling; stripping is only enabled when passing
Version 2.0.1
-------------
+*(Released Tue, 16 Jun 2009)*
+
- added ``-H``/``-B`` startup parameters to ``gnt-instance``, which will
allow re-adding the start in single-user option (regression from 1.2)
- the watcher writes the instance status to a file, to allow monitoring
Version 2.0.0 final
-------------------
+*(Released Wed, 27 May 2009)*
+
- no changes from rc5
Version 2.0 release candidate 5
-------------------------------
+*(Released Wed, 20 May 2009)*
+
- fix a couple of bugs (validation, argument checks)
- fix ``gnt-cluster getmaster`` on non-master nodes (regression)
- some small improvements to RAPI and IAllocator
Version 2.0 release candidate 4
-------------------------------
+*(Released Mon, 27 Apr 2009)*
+
- change the OS list to not require locks; this helps with big clusters
- fix ``gnt-cluster verify`` and ``gnt-cluster verify-disks`` when the
volume group is broken
Version 2.0 release candidate 3
-------------------------------
+*(Released Wed, 8 Apr 2009)*
+
- Change the internal locking model of some ``gnt-node`` commands, in
order to reduce contention (and blocking of master daemon) when
batching many creation/reinstall jobs
Version 2.0 release candidate 2
-------------------------------
+*(Released Fri, 27 Mar 2009)*
+
- Now the cfgupgrade scripts works and can upgrade 1.2.7 clusters to 2.0
- Fix watcher startup sequence, improves the behaviour of busy clusters
- Some other fixes in ``gnt-cluster verify``, ``gnt-instance
Version 2.0 release candidate 1
-------------------------------
+*(Released Mon, 2 Mar 2009)*
+
- More documentation updates, now all docs should be more-or-less
up-to-date
- A couple of small fixes (mixed hypervisor clusters, offline nodes,
Version 2.0 beta 2
------------------
+*(Released Thu, 19 Feb 2009)*
+
- Xen PVM and KVM have switched the default value for the instance root
disk to the first partition on the first drive, instead of the whole
drive; this means that the OS installation scripts must be changed
Version 2.0 beta 1
------------------
+*(Released Mon, 26 Jan 2009)*
+
- Version 2 is a general rewrite of the code and therefore the
differences are too many to list, see the design document for 2.0 in
the ``doc/`` subdirectory for more details
Version 1.2.7
-------------
+*(Released Tue, 13 Jan 2009)*
+
- Change the default reboot type in ``gnt-instance reboot`` to "hard"
- Reuse the old instance mac address by default on instance import, if
the instance name is the same.
Version 1.2.6
-------------
+*(Released Wed, 24 Sep 2008)*
+
- new ``--hvm-nic-type`` and ``--hvm-disk-type`` flags to control the
type of disk exported to fully virtualized instances.
- provide access to the serial console of HVM instances
Version 1.2.5
-------------
+*(Released Tue, 22 Jul 2008)*
+
- note: the allowed size and number of tags per object were reduced
- fix a bug in ``gnt-cluster verify`` with inconsistent volume groups
- fixed twisted 8.x compatibility
Version 1.2.4
-------------
+*(Released Fri, 13 Jun 2008)*
+
- Experimental readonly, REST-based remote API implementation;
automatically started on master node, TCP port 5080, if enabled by
``--enable-rapi`` parameter to configure script.
Version 1.2.3
-------------
+*(Released Mon, 18 Feb 2008)*
+
- more tweaks to the disk activation code (especially helpful for DRBD)
- change the default ``gnt-instance list`` output format, now there is
one combined status field (see the manpage for the exact values this
Version 1.2.2
-------------
+*(Released Wed, 30 Jan 2008)*
+
- fix ``gnt-instance modify`` breakage introduced in 1.2.1 with the HVM
support (issue 23)
- add command aliases infrastructure and a few aliases
Version 1.2.1
-------------
+*(Released Wed, 16 Jan 2008)*
+
- experimental HVM support, read the install document, section
"Initializing the cluster"
- allow for the PVM hypervisor per-instance kernel and initrd paths
Version 1.2.0
-------------
+*(Released Tue, 4 Dec 2007)*
+
- Log the ``xm create`` output to the node daemon log on failure (to
help diagnosing the error)
- In debug mode, log all external commands output if failed to the logs
Version 1.2b3
-------------
+*(Released Wed, 28 Nov 2007)*
+
- Another round of updates to the DRBD 8 code to deal with more failures
in the replace secondary node operation
- Some more logging of failures in disk operations (lvm, drbd)
Version 1.2b2
-------------
+*(Released Tue, 13 Nov 2007)*
+
- Change configuration file format from Python's Pickle to JSON.
Upgrading is possible using the cfgupgrade utility.
- Add support for DRBD 8.0 (new disk template ``drbd``) which allows for
projects / ganeti-local / blobdiff