+Version 2.1.2
+-------------
+
+*(Released Fri, 7 May 2010)*
+
+Another release with a long development cycle, during which many
+different features were added.
+
+Significant features
+~~~~~~~~~~~~~~~~~~~~
+
+The KVM hypervisor now can run the individual instances as non-root, to
+reduce the impact of a VM being hijacked due to bugs in the
+hypervisor. It is possible to run all instances as a single (non-root)
+user, to manually specify a user for each instance, or to dynamically
+allocate a user out of a cluster-wide pool to each instance, with the
+guarantee that no two instances will run under the same user ID on any
+given node.
+
+An experimental RAPI client library, that can be used standalone
+(without the other Ganeti libraries), is provided in the source tree as
+``lib/rapi/client.py``. Note this client might change its interface in
+the future, as we iterate on its capabilities.
+
+A new command, ``gnt-cluster renew-crypto`` has been added to easily
+replace the cluster's certificates and crypto keys. This might help in
+case they have been compromised, or have simply expired.
+
+A new disk option for instance creation has been added that allows one
+to "adopt" currently existing logical volumes, with data
+preservation. This should allow easier migration to Ganeti from
+unmanaged (or managed via other software) instances.
+
+Another disk improvement is the possibility to convert between redundant
+(DRBD) and plain (LVM) disk configuration for an instance. This should
+allow better scalability (starting with one node and growing the
+cluster, or shrinking a two-node cluster to one node).
+
+A new feature that could help with automated node failovers has been
+implemented: if a node sees itself as offline (by querying the master
+candidates), it will try to shutdown (hard) all instances and any active
+DRBD devices. This reduces the risk of duplicate instances if an
+external script automatically failovers the instances on such nodes. To
+enable this, the cluster parameter ``maintain_node_health`` should be
+enabled; in the future this option (per the name) will enable other
+automatic maintenance features.
+
+Instance export/import now will reuse the original instance
+specifications for all parameters; that means exporting an instance,
+deleting it and the importing it back should give an almost identical
+instance. Note that the default import behaviour has changed from
+before, where it created only one NIC; now it recreates the original
+number of NICs.
+
+Cluster verify has added a few new checks: SSL certificates validity,
+/etc/hosts consistency across the cluster, etc.
+
+Other changes
+~~~~~~~~~~~~~
+
+As usual, many internal changes were done, documentation fixes,
+etc. Among others:
+
+- Fixed cluster initialization with disabled cluster storage (regression
+ introduced in 2.1.1)
+- File-based storage supports growing the disks
+- Fixed behaviour of node role changes
+- Fixed cluster verify for some corner cases, plus a general rewrite of
+ cluster verify to allow future extension with more checks
+- Fixed log spamming by watcher and node daemon (regression introduced
+ in 2.1.1)
+- Fixed possible validation issues when changing the list of enabled
+ hypervisors
+- Fixed cleanup of /etc/hosts during node removal
+- Fixed RAPI response for invalid methods
+- Fixed bug with hashed passwords in ``ganeti-rapi`` daemon
+- Multiple small improvements to the KVM hypervisor (VNC usage, booting
+ from ide disks, etc.)
+- Allow OS changes without re-installation (to record a changed OS
+ outside of Ganeti, or to allow OS renames)
+- Allow instance creation without OS installation (useful for example if
+ the OS will be installed manually, or restored from a backup not in
+ Ganeti format)
+- Implemented option to make cluster ``copyfile`` use the replication
+ network
+- Added list of enabled hypervisors to ssconf (possibly useful for
+ external scripts)
+- Added a new tool (``tools/cfgupgrade12``) that allows upgrading from
+ 1.2 clusters
+- A partial form of node re-IP is possible via node readd, which now
+ allows changed node primary IP
+- Command line utilities now show an informational message if the job is
+ waiting for a lock
+- The logs of the master daemon now show the PID/UID/GID of the
+ connected client
+
+
+
+Version 2.1.1
+-------------
+
+*(Released Fri, 12 Mar 2010)*
+
+During the 2.1.0 long release candidate cycle, a lot of improvements and
+changes have accumulated with were released later as 2.1.1.
+
+Major changes
+~~~~~~~~~~~~~
+
+The node evacuate command (``gnt-node evacuate``) was significantly
+rewritten, and as such the IAllocator protocol was changed - a new
+request type has been added. This unfortunate change during a stable
+series is designed to improve performance of node evacuations; on
+clusters with more than about five nodes and which are well-balanced,
+evacuation should proceed in parallel for all instances of the node
+being evacuated. As such, any existing IAllocator scripts need to be
+updated, otherwise the above command will fail due to the unknown
+request. The provided "dumb" allocator has not been updated; but the
+ganeti-htools package supports the new protocol since version 0.2.4.
+
+Another important change is increased validation of node and instance
+names. This might create problems in special cases, if invalid host
+names are being used.
+
+Also, a new layer of hypervisor parameters has been added, that sits at
+OS level between the cluster defaults and the instance ones. This allows
+customisation of virtualization parameters depending on the installed
+OS. For example instances with OS 'X' may have a different KVM kernel
+(or any other parameter) than the cluster defaults. This is intended to
+help managing a multiple OSes on the same cluster, without manual
+modification of each instance's parameters.
+
+A tool for merging clusters, ``cluster-merge``, has been added in the
+tools sub-directory.
+
+Bug fixes
+~~~~~~~~~
+
+- Improved the int/float conversions that should make the code more
+ robust in face of errors from the node daemons
+- Fixed the remove node code in case of internal configuration errors
+- Fixed the node daemon behaviour in face of inconsistent queue
+ directory (e.g. read-only file-system where we can't open the files
+ read-write, etc.)
+- Fixed the behaviour of gnt-node modify for master candidate demotion;
+ now it either aborts cleanly or, if given the new “auto_promote”
+ parameter, will automatically promote other nodes as needed
+- Fixed compatibility with (unreleased yet) Python 2.6.5 that would
+ completely prevent Ganeti from working
+- Fixed bug for instance export when not all disks were successfully
+ exported
+- Fixed behaviour of node add when the new node is slow in starting up
+ the node daemon
+- Fixed handling of signals in the LUXI client, which should improve
+ behaviour of command-line scripts
+- Added checks for invalid node/instance names in the configuration (now
+ flagged during cluster verify)
+- Fixed watcher behaviour for disk activation errors
+- Fixed two potentially endless loops in http library, which led to the
+ RAPI daemon hanging and consuming 100% CPU in some cases
+- Fixed bug in RAPI daemon related to hashed passwords
+- Fixed bug for unintended qemu-level bridging of multi-NIC KVM
+ instances
+- Enhanced compatibility with non-Debian OSes, but not using absolute
+ path in some commands and allowing customisation of the ssh
+ configuration directory
+- Fixed possible future issue with new Python versions by abiding to the
+ proper use of ``__slots__`` attribute on classes
+- Added checks that should prevent directory traversal attacks
+- Many documentation fixes based on feedback from users
+
+New features
+~~~~~~~~~~~~
+
+- Added an “early_release” more for instance replace disks and node
+ evacuate, where we release locks earlier and thus allow higher
+ parallelism within the cluster
+- Added watcher hooks, intended to allow the watcher to restart other
+ daemons (e.g. from the ganeti-nbma project), but they can be used of
+ course for any other purpose
+- Added a compile-time disable for DRBD barriers, to increase
+ performance if the administrator trusts the power supply or the
+ storage system to not lose writes
+- Added the option of using syslog for logging instead of, or in
+ addition to, Ganeti's own log files
+- Removed boot restriction for paravirtual NICs for KVM, recent versions
+ can indeed boot from a paravirtual NIC
+- Added a generic debug level for many operations; while this is not
+ used widely yet, it allows one to pass the debug value all the way to
+ the OS scripts
+- Enhanced the hooks environment for instance moves (failovers,
+ migrations) where the primary/secondary nodes changed during the
+ operation, by adding {NEW,OLD}_{PRIMARY,SECONDARY} vars
+- Enhanced data validations for many user-supplied values; one important
+ item is the restrictions imposed on instance and node names, which
+ might reject some (invalid) host names
+- Add a configure-time option to disable file-based storage, if it's not
+ needed; this allows greater security separation between the master
+ node and the other nodes from the point of view of the inter-node RPC
+ protocol
+- Added user notification in interactive tools if job is waiting in the
+ job queue or trying to acquire locks
+- Added log messages when a job is waiting for locks
+- Added filtering by node tags in instance operations which admit
+ multiple instances (start, stop, reboot, reinstall)
+- Added a new tool for cluster mergers, ``cluster-merge``
+- Parameters from command line which are of the form ``a=b,c=d`` can now
+ use backslash escapes to pass in values which contain commas,
+ e.g. ``a=b\\c,d=e`` where the 'a' parameter would get the value
+ ``b,c``
+- For KVM, the instance name is the first parameter passed to KVM, so
+ that it's more visible in the process list
+