Document the monitoring daemon in the admin guide

[ganeti-local] / doc / design-2.1.rst

diff --git a/doc/design-2.1.rst b/doc/design-2.1.rst
index 3be50f0..0251fef 100644 (file)
--- a/doc/design-2.1.rst
+++ b/doc/design-2.1.rst
@@ -18,12 +18,6 @@ Ganeti 2.1 will add features to help further automatization of cluster
 operations, further improve scalability to even bigger clusters, and
 make it easier to debug the Ganeti core.
 
 operations, further improve scalability to even bigger clusters, and
 make it easier to debug the Ganeti core.
 

-Background
-==========
-
-Overview
-========
-

 Detailed design
 ===============
 
 Detailed design
 ===============
 

@@ -235,8 +229,40 @@ Optimization: There's no need to touch the queue if there are no pending
 acquires and no current holders. The caller can have the lock
 immediately.
 
 acquires and no current holders. The caller can have the lock
 immediately.
 

-.. image:: design-2.1-lock-acquire.png
+.. digraph:: "design-2.1-lock-acquire"
+
+  graph[fontsize=8, fontname="Helvetica"]
+  node[fontsize=8, fontname="Helvetica", width="0", height="0"]
+  edge[fontsize=8, fontname="Helvetica"]
+
+  /* Actions */
+  abort[label="Abort\n(couldn't acquire)"]
+  acquire[label="Acquire lock"]
+  add_to_queue[label="Add condition to queue"]
+  wait[label="Wait for notification"]
+  remove_from_queue[label="Remove from queue"]
+
+  /* Conditions */
+  alone[label="Empty queue\nand can acquire?", shape=diamond]
+  have_timeout[label="Do I have\ntimeout?", shape=diamond]
+  top_of_queue_and_can_acquire[
+    label="On top of queue and\ncan acquire lock?",
+    shape=diamond,
+    ]

 
 

+  /* Lines */
+  alone->acquire[label="Yes"]
+  alone->add_to_queue[label="No"]
+
+  have_timeout->abort[label="Yes"]
+  have_timeout->wait[label="No"]
+
+  top_of_queue_and_can_acquire->acquire[label="Yes"]
+  top_of_queue_and_can_acquire->have_timeout[label="No"]
+
+  add_to_queue->wait
+  wait->top_of_queue_and_can_acquire
+  acquire->remove_from_queue

 
 Release
 *******
 
 Release
 *******

@@ -250,7 +276,37 @@ inactive condition will be made active. This ensures fairness with
 exclusive locks by forcing consecutive shared acquires to wait in the
 queue.
 
 exclusive locks by forcing consecutive shared acquires to wait in the
 queue.
 

-.. image:: design-2.1-lock-release.png
+.. digraph:: "design-2.1-lock-release"
+
+  graph[fontsize=8, fontname="Helvetica"]
+  node[fontsize=8, fontname="Helvetica", width="0", height="0"]
+  edge[fontsize=8, fontname="Helvetica"]
+
+  /* Actions */
+  remove_from_owners[label="Remove from owner list"]
+  notify[label="Notify topmost"]
+  swap_shared[label="Swap shared conditions"]
+  success[label="Success"]
+
+  /* Conditions */
+  have_pending[label="Any pending\nacquires?", shape=diamond]
+  was_active_queue[
+    label="Was active condition\nfor shared acquires?",
+    shape=diamond,
+    ]
+
+  /* Lines */
+  remove_from_owners->have_pending
+
+  have_pending->notify[label="Yes"]
+  have_pending->success[label="No"]
+
+  notify->was_active_queue
+
+  was_active_queue->swap_shared[label="Yes"]
+  was_active_queue->success[label="No"]
+
+  swap_shared->success

 
 
 Delete
 
 
 Delete

@@ -321,6 +377,131 @@ a powercycle request even when the system disk is heavily damaged and
 reading/writing to disk fails constantly.
 
 
 reading/writing to disk fails constantly.
 
 

+New Features
+------------
+
+Automated Ganeti Cluster Merger
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Current situation
++++++++++++++++++
+
+Currently there's no easy way to merge two or more clusters together.
+But in order to optimize resources this is a needed missing piece. The
+goal of this design doc is to come up with a easy to use solution which
+allows you to merge two or more cluster together.
+
+Initial contact
++++++++++++++++
+
+As the design of Ganeti is based on an autonomous system, Ganeti by
+itself has no way to reach nodes outside of its cluster. To overcome
+this situation we're required to prepare the cluster before we can go
+ahead with the actual merge: We've to replace at least the ssh keys on
+the affected nodes before we can do any operation within ``gnt-``
+commands.
+
+To make this a automated process we'll ask the user to provide us with
+the root password of every cluster we've to merge. We use the password
+to grab the current ``id_dsa`` key and then rely on that ssh key for any
+further communication to be made until the cluster is fully merged.
+
+Cluster merge
++++++++++++++
+
+After initial contact we do the cluster merge:
+
+1. Grab the list of nodes
+2. On all nodes add our own ``id_dsa.pub`` key to ``authorized_keys``
+3. Stop all instances running on the merging cluster
+4. Disable ``ganeti-watcher`` as it tries to restart Ganeti daemons
+5. Stop all Ganeti daemons on all merging nodes
+6. Grab the ``config.data`` from the master of the merging cluster
+7. Stop local ``ganeti-masterd``
+8. Merge the config:
+
+   1. Open our own cluster ``config.data``
+   2. Open cluster ``config.data`` of the merging cluster
+   3. Grab all nodes of the merging cluster
+   4. Set ``master_candidate`` to false on all merging nodes
+   5. Add the nodes to our own cluster ``config.data``
+   6. Grab all the instances on the merging cluster
+   7. Adjust the port if the instance has drbd layout:
+
+      1. In ``logical_id`` (index 2)
+      2. In ``physical_id`` (index 1 and 3)
+
+   8. Add the instances to our own cluster ``config.data``
+
+9. Start ``ganeti-masterd`` with ``--no-voting`` ``--yes-do-it``
+10. ``gnt-node add --readd`` on all merging nodes
+11. ``gnt-cluster redist-conf``
+12. Restart ``ganeti-masterd`` normally
+13. Enable ``ganeti-watcher`` again
+14. Start all merging instances again
+
+Rollback
+++++++++
+
+Until we actually (re)add any nodes we can abort and rollback the merge
+at any point. After merging the config, though, we've to get the backup
+copy of ``config.data`` (from another master candidate node). And for
+security reasons it's a good idea to undo ``id_dsa.pub`` distribution by
+going on every affected node and remove the ``id_dsa.pub`` key again.
+Also we've to keep in mind, that we've to start the Ganeti daemons and
+starting up the instances again.
+
+Verification
+++++++++++++
+
+Last but not least we should verify that the merge was successful.
+Therefore we run ``gnt-cluster verify``, which ensures that the cluster
+overall is in a healthy state. Additional it's also possible to compare
+the list of instances/nodes with a list made prior to the upgrade to
+make sure we didn't lose any data/instance/node.
+
+Appendix
+++++++++
+
+cluster-merge.py
+^^^^^^^^^^^^^^^^
+
+Used to merge the cluster config. This is a POC and might differ from
+actual production code.
+
+::
+
+  #!/usr/bin/python
+
+  import sys
+  from ganeti import config
+  from ganeti import constants
+
+  c_mine = config.ConfigWriter(offline=True)
+  c_other = config.ConfigWriter(sys.argv[1])
+
+  fake_id = 0
+  for node in c_other.GetNodeList():
+    node_info = c_other.GetNodeInfo(node)
+    node_info.master_candidate = False
+    c_mine.AddNode(node_info, str(fake_id))
+    fake_id += 1
+
+  for instance in c_other.GetInstanceList():
+    instance_info = c_other.GetInstanceInfo(instance)
+    for dsk in instance_info.disks:
+      if dsk.dev_type in constants.LDS_DRBD:
+         port = c_mine.AllocatePort()
+         logical_id = list(dsk.logical_id)
+         logical_id[2] = port
+         dsk.logical_id = tuple(logical_id)
+         physical_id = list(dsk.physical_id)
+         physical_id[1] = physical_id[3] = port
+         dsk.physical_id = tuple(physical_id)
+    c_mine.AddInstance(instance_info, str(fake_id))
+    fake_id += 1
+
+

 Feature changes
 ---------------
 
 Feature changes
 ---------------
 

@@ -399,27 +580,34 @@ A confd query will look like this, on the wire::
     "hmac": "4a4139b2c3c5921f7e439469a0a45ad200aead0f"
   }
 
     "hmac": "4a4139b2c3c5921f7e439469a0a45ad200aead0f"
   }
 

-"plj0" is a fourcc that details the message content. It stands for plain
+``plj0`` is a fourcc that details the message content. It stands for plain

 json 0, and can be changed as we move on to different type of protocols
 (for example protocol buffers, or encrypted json). What follows is a
 json encoded string, with the following fields:
 
 json 0, and can be changed as we move on to different type of protocols
 (for example protocol buffers, or encrypted json). What follows is a
 json encoded string, with the following fields:
 

-- 'msg' contains a JSON-encoded query, its fields are:
+- ``msg`` contains a JSON-encoded query, its fields are:
+
+  - ``protocol``, integer, is the confd protocol version (initially
+    just ``constants.CONFD_PROTOCOL_VERSION``, with a value of 1)
+  - ``type``, integer, is the query type. For example "node role by
+    name" or "node primary ip by instance ip". Constants will be
+    provided for the actual available query types
+  - ``query`` is a multi-type field (depending on the ``type`` field):
+
+    - it can be missing, when the request is fully determined by the
+      ``type`` field
+    - it can contain a string which denotes the search key: for
+      example an IP, or a node name
+    - it can contain a dictionary, in which case the actual details
+      vary further per request type

 
 

-  - 'protocol', integer, is the confd protocol version (initially just
-    constants.CONFD_PROTOCOL_VERSION, with a value of 1)
-  - 'type', integer, is the query type. For example "node role by name"
-    or "node primary ip by instance ip". Constants will be provided for
-    the actual available query types.
-  - 'query', string, is the search key. For example an ip, or a node
-    name.
-  - 'rsalt', string, is the required response salt. The client must use
-    it to recognize which answer it's getting.
+  - ``rsalt``, string, is the required response salt; the client must
+    use it to recognize which answer it's getting.

 
 

-- 'salt' must be the current unix timestamp, according to the client.
-  Servers can refuse messages which have a wrong timing, according to
-  their configuration and clock.
-- 'hmac' is an hmac signature of salt+msg, with the cluster hmac key
+- ``salt`` must be the current unix timestamp, according to the
+  client; servers should refuse messages which have a wrong timing,
+  according to their configuration and clock
+- ``hmac`` is an hmac signature of salt+msg, with the cluster hmac key

 
 If an answer comes back (which is optional, since confd works over UDP)
 it will be in this format::
 
 If an answer comes back (which is optional, since confd works over UDP)
 it will be in this format::

@@ -435,24 +623,25 @@ it will be in this format::
 
 Where:
 
 
 Where:
 

-- 'plj0' the message type magic fourcc, as discussed above
-- 'msg' contains a JSON-encoded answer, its fields are:
-
-  - 'protocol', integer, is the confd protocol version (initially just
-    constants.CONFD_PROTOCOL_VERSION, with a value of 1)
-  - 'status', integer, is the error code. Initially just 0 for 'ok' or
-    '1' for 'error' (in which case answer contains an error detail,
-    rather than an answer), but in the future it may be expanded to have
-    more meanings (eg: 2, the answer is compressed)
-  - 'answer', is the actual answer. Its type and meaning is query
-    specific. For example for "node primary ip by instance ip" queries
+- ``plj0`` the message type magic fourcc, as discussed above
+- ``msg`` contains a JSON-encoded answer, its fields are:
+
+  - ``protocol``, integer, is the confd protocol version (initially
+    just constants.CONFD_PROTOCOL_VERSION, with a value of 1)
+  - ``status``, integer, is the error code; initially just ``0`` for
+    'ok' or ``1`` for 'error' (in which case answer contains an error
+    detail, rather than an answer), but in the future it may be
+    expanded to have more meanings (e.g. ``2`` if the answer is
+    compressed)
+  - ``answer``, is the actual answer; its type and meaning is query
+    specific: for example for "node primary ip by instance ip" queries

     it will be a string containing an IP address, for "node role by
     it will be a string containing an IP address, for "node role by

-    name" queries it will be an integer which encodes the role (master,
-    candidate, drained, offline) according to constants.
+    name" queries it will be an integer which encodes the role
+    (master, candidate, drained, offline) according to constants

 
 

-- 'salt' is the requested salt from the query. A client can use it to
-  recognize what query the answer is answering.
-- 'hmac' is an hmac signature of salt+msg, with the cluster hmac key
+- ``salt`` is the requested salt from the query; a client can use it
+  to recognize what query the answer is answering.
+- ``hmac`` is an hmac signature of salt+msg, with the cluster hmac key

 
 
 Redistribute Config
 
 
 Redistribute Config

@@ -461,7 +650,7 @@ Redistribute Config
 Current State and shortcomings
 ++++++++++++++++++++++++++++++
 
 Current State and shortcomings
 ++++++++++++++++++++++++++++++
 

-Currently LURedistributeConfig triggers a copy of the updated
+Currently LUClusterRedistConf triggers a copy of the updated

 configuration file to all master candidates and of the ssconf files to
 all nodes. There are other files which are maintained manually but which
 are important to keep in sync. These are:
 configuration file to all master candidates and of the ssconf files to
 all nodes. There are other files which are maintained manually but which
 are important to keep in sync. These are:

@@ -661,7 +850,7 @@ We will change Ganeti to use UUIDs for entity tracking, but in a
 staggered way. In 2.1, we will simply add an “uuid” attribute to each
 of the instances, nodes and cluster itself. This will be reported on
 instance creation for nodes, and on node adds for the nodes. It will
 staggered way. In 2.1, we will simply add an “uuid” attribute to each
 of the instances, nodes and cluster itself. This will be reported on
 instance creation for nodes, and on node adds for the nodes. It will

-be of course avaiblable for querying via the OpQueryNodes/Instance and
+be of course avaiblable for querying via the OpNodeQuery/Instance and

 cluster information, and via RAPI as well.
 
 Note that Ganeti will not provide any way to change this attribute.
 cluster information, and via RAPI as well.
 
 Note that Ganeti will not provide any way to change this attribute.