Let gnt-cluster support prealloc_wipe_disks

This includes a new option gnt-cluster init and approriate output
on gnt-cluster info. Though gnt-cluster modify is not yet prepared.

Signed-off-by: René Nussbaumer <rn@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

diff --git a/lib/cmdlib.py b/lib/cmdlib.py
index 874b43b..95f7538 100644 (file)
--- a/lib/cmdlib.py
+++ b/lib/cmdlib.py
@@ -4049,6 +4049,7 @@ class LUQueryClusterInfo(NoHooksLU):
       "default_iallocator": cluster.default_iallocator,
       "reserved_lvs": cluster.reserved_lvs,
       "primary_ip_version": primary_ip_version,
+      "prealloc_wipe_disks": cluster.prealloc_wipe_disks,
       }
 
     return result

diff --git a/man/gnt-cluster.sgml b/man/gnt-cluster.sgml
index acf7de8..0567b68 100644 (file)
--- a/man/gnt-cluster.sgml
+++ b/man/gnt-cluster.sgml
@@ -258,6 +258,8 @@
         <sbr>
         <arg>--primary-ip-version <replaceable>version</replaceable></arg>
         <sbr>
+        <arg>--prealloc-wipe-disks</arg>
+        <sbr>
         <arg choice="req"><replaceable>clustername</replaceable></arg>
       </cmdsynopsis>
 
@@ -354,6 +356,13 @@
       </para>
 
       <para>
+        The <option>--prealloc-wipe-disks</option> sets a cluster wide
+        configuration value for wiping disks prior to allocation. This
+        increases security on instance level as the instance can't
+        access untouched data from it's underlying storage.
+      </para>
+
+      <para>
         <variablelist>
           <varlistentry>
             <term>xen-pvm</term>

diff --git a/scripts/gnt-cluster b/scripts/gnt-cluster
index 14cc0f7..4887bc1 100755 (executable)
--- a/scripts/gnt-cluster
+++ b/scripts/gnt-cluster
@@ -42,6 +42,11 @@ from ganeti import objects
 from ganeti import uidpool
 from ganeti import compat
 
+PREALLOC_WIPE_DISKS_OPT = cli_option("--prealloc-wipe-disks", default=False,
+                                     action="store_true",
+                                     dest="prealloc_wipe_disks",
+                                     help=("Wipe disks prior to instance"
+                                           " creation"))
 
 @UsesRPC
 def InitCluster(opts, args):
@@ -129,6 +134,7 @@ def InitCluster(opts, args):
                         uid_pool=uid_pool,
                         default_iallocator=opts.default_iallocator,
                         primary_ip_version=primary_ip_version,
+                        prealloc_wipe_disks=opts.prealloc_wipe_disks,
                         )
   op = opcodes.OpPostInitCluster()
   SubmitOpCode(op, opts=opts)
@@ -326,6 +332,7 @@ def ShowClusterConfig(opts, args):
                                   roman=opts.roman_integers))
   ToStdout("  - default instance allocator: %s", result["default_iallocator"])
   ToStdout("  - primary ip version: %d", result["primary_ip_version"])
+  ToStdout("  - preallocation wipe disks: %s", result["prealloc_wipe_disks"])
 
   ToStdout("Default instance parameters:")
   _PrintGroupedParams(result["beparams"], roman=opts.roman_integers)
@@ -862,7 +869,7 @@ commands = {
      NOLVM_STORAGE_OPT, NOMODIFY_ETCHOSTS_OPT, NOMODIFY_SSH_SETUP_OPT,
      SECONDARY_IP_OPT, VG_NAME_OPT, MAINTAIN_NODE_HEALTH_OPT,
      UIDPOOL_OPT, DRBD_HELPER_OPT, NODRBD_STORAGE_OPT,
-     DEFAULT_IALLOCATOR_OPT, PRIMARY_IP_VERSION_OPT],
+     DEFAULT_IALLOCATOR_OPT, PRIMARY_IP_VERSION_OPT, PREALLOC_WIPE_DISKS_OPT],
     "[opts...] <cluster_name>", "Initialises a new cluster configuration"),
   'destroy': (
     DestroyCluster, ARGS_NONE, [YES_DOIT_OPT],