Apollon Oikonomopoulos [Tue, 12 Oct 2010 15:08:06 +0000 (18:08 +0300)]
Set list of trusted SSL CAs for client to verify
As per SSL_CTX_set_client_CA_list(3SSL), set the list of acceptable CAs
advertised to SSL clients to include the server's own certificate. This
evidently fixes the pycurl/gnutls RPC client.
During the TLS Handshake, when client verification is requested, the
Server sends a CertificateRequest message which states that the client
should send a valid certificate as a response. The CertificateRequest
message contains a section called "certificate_authorities", which,
according to the standard, is a list of the Distinguished Names (DNs) of
acceptable certification authorities. The client uses this list to send
a certificate signed by one of the acceptable CAs.
Under OpenSSL's server implementation, this list must be set manually
using some appropriate call, otherwise the list is empty. TLS 1.0[1]
does not state whether the list may be left blank, whereas TLS 1.1[2]
and 1.2[3] state that in case the list is blank, then the client *may*
send any certificate of a valid type (valid types are specified
elsewhere in the handshake).
OpenSSL clients seem to obey the behaviour specified in TLS 1.1+,
whereas at least curl+GnuTLS does not send any certificates if the list
is empty (which is not wrong per the spec, but also evidently not
configurable).
[1] http://tools.ietf.org/html/rfc2246
[2] http://tools.ietf.org/html/rfc4346
[3] http://tools.ietf.org/html/rfc5246
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Guido Trotter [Tue, 12 Oct 2010 15:30:50 +0000 (16:30 +0100)]
Require aclocal 1.11.1 or above for autogen.sh
1.11.1 is the version in squeeze and lucid, and we know it works. We
also know that 1.10.1 in hardy and lenny doesn't, nor do 1.10 in etch
and 1.9.6 in dapper. We haven't tested any other version.
With older versions python.m4 is buggy, and results in the package being
built not working on python 2.6 (which uses dist-packages rather than
site-packages as a module directory).
The autogen.sh interpreter is changed to bash, as we need to use the [[
builtin to compare versions with "<". [ doesn't have that functionality,
and we can't of course rely on dpkg, which won't be installed on all
distributions.
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Guido Trotter [Fri, 8 Oct 2010 17:31:29 +0000 (18:31 +0100)]
Merge commit 'v2.2.0.1' into stable-2.2
* commit 'v2.2.0.1':
Release Ganeti 2.2.0.1
Conflicts:
NEWS
- merge
configure.ac
- keep 2.2.1~rc0 version
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Luca Bigliardi <shammash@google.com>
Guido Trotter [Fri, 8 Oct 2010 16:55:40 +0000 (17:55 +0100)]
Release Ganeti 2.2.0.1
2.2.0 was built with old autotools, and it's incompatible with Python
2.6. Rebuilding with a newer autotools version fixes this.
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Luca Bigliardi <shammash@google.com>
Michael Hanselmann [Thu, 7 Oct 2010 13:08:47 +0000 (15:08 +0200)]
Bump version to 2.2.1~rc0
Also update NEWS.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Iustin Pop [Thu, 7 Oct 2010 09:56:12 +0000 (11:56 +0200)]
Try again to fix the inter-cluster move QA test
This time, we re-establish the old pri/sec nodes corretly. Unfortunately this
will require now a 3-node cluster at least for drbd instances, hence it's
somewhat suboptimal, but… The other option would be to move it simply from p:s
to s:p and then back to p:s, without involving a third node (for DRBD case),
but I think that moving it to a completely separate node is slightly better for
testing.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Wed, 6 Oct 2010 11:41:49 +0000 (13:41 +0200)]
QA: Fix instance move tests
The instance move tests were moving the instance from node pair (A,_) to
(B, A), and left it there. This patch makes sure that the first step
moves the instance to (B,A) but the second one back to (A,B), so that
the instance is left on the same primary node.
The original secondary node is lost though, if I read the code
correctly.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Michael Hanselmann [Fri, 1 Oct 2010 15:09:12 +0000 (17:09 +0200)]
Add simple unittest for utils.CommaJoin
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 1 Oct 2010 14:59:59 +0000 (16:59 +0200)]
LUDelTags: Improve formatting of error message
Use utils.CommaJoin to add spaces after comma, clean up code a bit.
Before: Tag(s) 'bar','baz','foo','moo' not found
After: Tag(s) 'bar', 'baz', 'foo', 'moo' not found
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 1 Oct 2010 14:59:41 +0000 (16:59 +0200)]
LUGetTags: Acquire locks in shared mode
Retrieving tags can be done while the lock is shared. Only writing
needs to be exclusive.
Also add a FIXME for cluster tags, where the code currently doesn't
use any locks except the config lock.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 1 Oct 2010 11:56:53 +0000 (13:56 +0200)]
gnt-cluster: Replace hardcoded “xenvg” with value retrieved from master
This fixes issue 125 (http://code.google.com/p/ganeti/issues/detail?id=125)
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 1 Oct 2010 11:56:46 +0000 (13:56 +0200)]
Export VG name via LUQueryConfigValues
This will be used by LUXI client programs to display the VG name.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Wed, 29 Sep 2010 15:34:51 +0000 (17:34 +0200)]
RAPI QA: Override MAC address when moving instance
This will make this test work again.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Wed, 29 Sep 2010 15:31:36 +0000 (17:31 +0200)]
move-instance: Allow overriding instance parameters
When moving a single instance within the same cluster, the NIC
is not allowed to re-use an existing MAC address. To avoid this,
NIC parameters must be overridden. BE, HV, OS and NIC parameters
can be overridden after applying this patch.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Wed, 29 Sep 2010 15:30:05 +0000 (17:30 +0200)]
cli: Move parsing of --net option to separate function
This function will also be used in tools/move-instance.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Guido Trotter [Tue, 5 Oct 2010 13:47:51 +0000 (14:47 +0100)]
kvm: collapse two consecutive extend calls
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Miguel Di Ciurcio Filho [Tue, 5 Oct 2010 13:35:02 +0000 (10:35 -0300)]
kvm: Introduce support for -mem-path
Using hugepages, KVM instances can get a good performance boost. To
activate that, we need to pass the -mem-path argument to KVM along with
the mount point of the hugetlbfs file system on the node.
For the sake of memory availability computation, we use the -mem-prealloc
argument when enabling hugepages, so KVM will reserve all hugepages it
needs when it starts. This avoids allocating an instance on a node that
will not have enough pages in case other instance needs more than what
is available after it boots.
Signed-off-by: Miguel Di Ciurcio Filho <miguel.filho@gmail.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Iustin Pop [Tue, 5 Oct 2010 09:07:28 +0000 (11:07 +0200)]
Rename the _oss cluster vars to _os
Per the mailing list discussion, rename _oss to _os, both in cluster parameters
and in the rest of the code.
This is just an s/_oss/_os, with the exception of a small bit of cleanup
around the helper_os function in cmdlib.py.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Michael Hanselmann [Mon, 4 Oct 2010 16:41:52 +0000 (18:41 +0200)]
Merge branch 'stable-2.2' into devel-2.2
* stable-2.2:
Bump version to 2.2.0, update NEWS
Fix instance rename regression from
3fe11ba3
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Michael Hanselmann [Mon, 4 Oct 2010 16:40:04 +0000 (18:40 +0200)]
gnt-job info: Sort input fields
This helps to find a value for complex opcodes.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Guido Trotter [Mon, 4 Oct 2010 15:22:53 +0000 (16:22 +0100)]
KVM: Add function to check the hypervisor version
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Michael Hanselmann [Mon, 4 Oct 2010 14:58:08 +0000 (16:58 +0200)]
Bump version to 2.2.0, update NEWS
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Iustin Pop [Thu, 30 Sep 2010 00:32:38 +0000 (20:32 -0400)]
Fix instance rename regression from
3fe11ba3
Committ
3fe11ba3 broke the instance rename as we don't use the FQDN
anymore. This fixes it.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Thu, 30 Sep 2010 00:32:38 +0000 (20:32 -0400)]
Fix instance rename regression from
3fe11ba3
Committ
3fe11ba3 broke the instance rename as we don't use the FQDN
anymore. This fixes it.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Michael Hanselmann [Thu, 30 Sep 2010 16:16:34 +0000 (18:16 +0200)]
Update RAPI documentation for /2/nodes/[node_name]/migrate
This was forgotten in commit
52194140.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Iustin Pop [Wed, 22 Sep 2010 07:34:12 +0000 (09:34 +0200)]
Sort OS names and variants in LUDiagnoseOS
The OS list and variants as returned from LUDiagnoseOS is not sorted,
and gnt-instance reinstall doesn't sort it either. This means that it
the menu that users are present with is inconsistent across clusters,
and that is confusing.
To make this consistent across all users of the LU, we sort the names in
the LU itself.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Tue, 21 Sep 2010 11:50:07 +0000 (13:50 +0200)]
Add some trivial QA tests for the new OS states
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Tue, 21 Sep 2010 08:07:12 +0000 (10:07 +0200)]
Change behaviour of OpDiagnoseOS w.r.t. 'valid'
This patch changes the behaviour of OpDiagnoseOS with regards to the
'valid' field to be similar to the one for the hidden/blacklisted
fields: unless this field is requested, invalid OSes are filtered out.
The rationale is that, except for the gnt-os info/diagnose, all other
users of this opcode are requesting the valid field just to filter out
invalid OSes, and not for any other use. Thus, changing this behaviour
makes these callers simpler.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Iustin Pop [Tue, 21 Sep 2010 07:59:33 +0000 (09:59 +0200)]
Allow gnt-os modify to change the new OS params
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Iustin Pop [Tue, 21 Sep 2010 07:58:53 +0000 (09:58 +0200)]
Add two more _T-type tests
These are useful for more in-depth checking of some kinds of arguments.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>
Iustin Pop [Mon, 20 Sep 2010 09:52:31 +0000 (11:52 +0200)]
Add blacklisted/hidden OS support in LUDiagnoseOS
This changes the behaviour of LUDiagnoseOS significantly.
The addition of hidden/blacklisted OSes would mean that each user-facing
client would have to filter intentionally such OSes from display, which
is not a good choice. Rather, the patch makes LUDiagnoseOS not return
any hidden or blacklisted OSes unless the hidden or respectively the
blacklisted status is requested.
While unconventional, this makes `gnt-instance reinstall --select-os`
work as intended without any changes; similar for gnt-os list. gnt-os
diagnose/gnt-os info are changed to query for, and display the new
fields.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Iustin Pop [Thu, 16 Sep 2010 15:42:51 +0000 (17:42 +0200)]
Restrict blacklisted OSes in instance installation
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Iustin Pop [Thu, 16 Sep 2010 14:34:15 +0000 (16:34 +0200)]
Add two new cluster settings
The new variables are:
- a list of hidden OSes, that should not be displayed to the users in
interactive selection (e.g. reinstall); however, if they are selected, they
can be used
- a list of OSes that should be hidden and blocked from install-time selection
The filtering will apply at pure OS name level, not OS+variant level.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Iustin Pop [Thu, 16 Sep 2010 14:00:25 +0000 (16:00 +0200)]
Abstract OS name/variant functions
Currently, the computation of the 'pure' name or the variant is
hardcoded and spread around the functions that need it. This is not
nice, and in the future we'd spread it even more with more usage of
variants/pure os names.
This patch abstracts these functions into the OS class, and then
replaces the hardcoded uses with the new functions.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Iustin Pop [Tue, 21 Sep 2010 08:38:04 +0000 (10:38 +0200)]
Add OS new states to the design doc
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Iustin Pop [Tue, 21 Sep 2010 08:26:02 +0000 (10:26 +0200)]
Remove the RPC changes from the 2.2 design
These were not implemented.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Iustin Pop [Tue, 21 Sep 2010 08:24:18 +0000 (10:24 +0200)]
Remove 'Detailed Design' from design-2.2.rst
This also bumps up the rest of the headings.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Michael Hanselmann [Wed, 22 Sep 2010 14:33:34 +0000 (16:33 +0200)]
Merge branch 'stable-2.2' into devel-2.2
* stable-2.2:
NEWS: Add 2.2.0~rc2 release date
Bump version to 2.2.0~rc2
Remove two old aliases
Fix migration on new KVMs
Prepare 2.2.0~rc2 release
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>
Michael Hanselmann [Wed, 22 Sep 2010 12:58:37 +0000 (14:58 +0200)]
Merge branch 'devel-2.1' into devel-2.2
* devel-2.1:
Fix mac checker regex
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>
Michael Hanselmann [Wed, 22 Sep 2010 12:49:52 +0000 (14:49 +0200)]
NEWS: Add 2.2.0~rc2 release date
This was forgotten when preparing the release.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>
Michael Hanselmann [Wed, 22 Sep 2010 10:44:17 +0000 (12:44 +0200)]
Bump version to 2.2.0~rc2
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Iustin Pop [Tue, 21 Sep 2010 18:24:28 +0000 (20:24 +0200)]
Fix mac checker regex
Currently, the mac checker regex could match a corner case of
11:22:33:44:55:66: (one extra colon at the end). We fix this, and we
also move the regex compilation outside of this function, at module
level.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Tue, 21 Sep 2010 07:09:08 +0000 (09:09 +0200)]
Remove two old aliases
These were deprecated since Ganeti 2.0, it's time to remove them.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Vitaly Kuznetsov [Thu, 16 Sep 2010 20:27:24 +0000 (20:27 +0000)]
Fix migration on new KVMs
New KVMs (0.12.1.2-el6 and 0.13.5 tested) exit immediately after
unsuccessful network connection when they are in "-incoming" mode. The
simple check netutils.TcpPing causes remote kvm to exit so the migration
will always fail. This check is also redundant by the way as if the
network port is closed migration will fail with guarantee. This commit
removes this check.
Signed-off-by: Vitaly Kuznetsov <vitty@altlinux.ru>
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 17 Sep 2010 15:51:58 +0000 (17:51 +0200)]
Fix typo in ganeti man page
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 17 Sep 2010 15:35:36 +0000 (17:35 +0200)]
cli: Pass options in {Add,Remove}Tags
They'll be used for job priorities. Also add an empty line to
gnt-os where it's missing.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 17 Sep 2010 11:45:57 +0000 (13:45 +0200)]
Prepare 2.2.0~rc2 release
Update NEWS, but not yet configure.ac.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Thu, 16 Sep 2010 10:46:32 +0000 (12:46 +0200)]
QA: Test more tag operations via RAPI
This ensures tag operations work via RAPI. Also print requested URI to
stdout for debugging.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Wed, 15 Sep 2010 19:38:23 +0000 (21:38 +0200)]
qa_rapi: Fix indentation error
If no function to verify the result was specified, qa_rapi._DoTests
wouldn't return the result.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Thu, 16 Sep 2010 10:38:18 +0000 (12:38 +0200)]
Merge branch 'stable-2.2' into devel-2.2
* stable-2.2:
cmdlib: Fix type of “name” parameter for tag operations
rlib2: Set tag operation param “name” to None for cluster tags
Fix OS_VARIANT variable setting
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Iustin Pop [Mon, 23 Aug 2010 14:20:26 +0000 (16:20 +0200)]
opcode summary: improve display for list summaries
Currently, opcodes like NODE_EVAC_STRATEGY look bad:
89684 error NODE_EVAC_STRATEGY([u'node3'])
With this patch, we try to render list arguments a little bit better:
89684 error NODE_EVAC_STRATEGY(node3)
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Thu, 16 Sep 2010 07:24:55 +0000 (09:24 +0200)]
Merge branch 'devel-2.1' into devel-2.2
* devel-2.1:
Fix case of MAC special-values
(no conflicts, took LGTM from original commit)
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Mon, 13 Sep 2010 09:30:03 +0000 (11:30 +0200)]
Fix case of MAC special-values
This fixes Debian bug #596347. An alternative would be to also allow
the uppercase form, but it's not nice I think.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Michael Hanselmann [Wed, 15 Sep 2010 19:37:38 +0000 (21:37 +0200)]
cmdlib: Fix type of “name” parameter for tag operations
The parameter “name” is be None for cluster tags.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Wed, 15 Sep 2010 19:39:05 +0000 (21:39 +0200)]
rlib2: Set tag operation param “name” to None for cluster tags
Otherwise parameter verification in the master daemon fails.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Mon, 13 Sep 2010 14:46:41 +0000 (16:46 +0200)]
Remove mcpu's ReportLocks callback
This is no longer needed with the new lock monitor. One callback is kept to
check for cancelled jobs.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 10 Sep 2010 15:28:30 +0000 (17:28 +0200)]
Revert "jqueue: Resume jobs from “waitlock” status"
This reverts commit
4008c8edae31a3971fa8c4b200238afc8005d3d4.
While it worked in my initial tests, I've now found cases where this doesn't
work properly as it is. More work is needed and will be done as part of the
Ganeti 2.3 job queue changes.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Vitaly Kuznetsov [Wed, 8 Sep 2010 16:57:45 +0000 (16:57 +0000)]
Fix OS_VARIANT variable setting
This was introduced in
efaa9b06d1e1e6d1678d0edd75b1ba37cf0de3d9.
in OSCoreEnv:
inst_os.name is pure operating system name (without variant) as variant is stripped
in OSFromDisk(). So we always get variant = inst_os.supported_variants[0] (first
variant in variants list).
Adding argument os_name with full name (including variant) solves this problem.
Signed-off-by: Vitaly Kuznetsov <vitty@altlinux.ru>
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
[modified by iustin to handle the call to OSCoreEnv from ValidateOS too]
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Michael Hanselmann [Fri, 10 Sep 2010 12:06:22 +0000 (14:06 +0200)]
Merge branch 'stable-2.2' into devel-2.2
* stable-2.2:
Fix pylint warning in http/__init__.py
Allow SSL ciphers to be overridden in HTTP server
If we had any errors in setup in one of the hosts, exit with non-zero
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 10 Sep 2010 11:48:53 +0000 (13:48 +0200)]
Fix pylint warning in http/__init__.py
My bad for not seeing this before:
R0201:614:HttpBase.GetSslCiphers: Method could be a function
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 10 Sep 2010 11:14:04 +0000 (13:14 +0200)]
Allow SSL ciphers to be overridden in HTTP server
Users of this class, such as the RAPI server, might want to override or adjust
the default SSL cipher defined in a constant.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Thu, 9 Sep 2010 16:17:25 +0000 (18:17 +0200)]
jqueue: Resume jobs from “waitlock” status
After an unclean restart of ganeti-masterd, jobs in the “waitlock” status can
be safely restarted. They hadn't modified the cluster yet.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>
Michael Hanselmann [Wed, 8 Sep 2010 17:25:07 +0000 (19:25 +0200)]
jqueue: Move queue inspection into separate function
This makes the __init__ function a lot smaller while not changing
functionality.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>
Michael Hanselmann [Thu, 9 Sep 2010 13:53:56 +0000 (15:53 +0200)]
jqueue: Don't update file in MarkUnfinishedOps
This reduced the number of updates to the job files. It's used in two places
while processing a job and the file is updated just afterwards.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Tue, 7 Sep 2010 14:04:00 +0000 (16:04 +0200)]
locking.SharedLock: Update class docstring
This was already outdated when the initial version of SharedLock was added
in commit
162c1c1f1 (February 2008).
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
René Nussbaumer [Thu, 9 Sep 2010 11:13:08 +0000 (13:13 +0200)]
If we had any errors in setup in one of the hosts, exit with non-zero
Signed-off-by: René Nussbaumer <rn@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
René Nussbaumer [Thu, 9 Sep 2010 11:09:41 +0000 (13:09 +0200)]
Fix the output of the key fingerprint from binary to hex
Signed-off-by: René Nussbaumer <rn@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Tue, 7 Sep 2010 09:53:12 +0000 (11:53 +0200)]
Merge branch 'stable-2.2' into devel-2.2
* stable-2.2:
Fix breakage introduced by commit
8044bf655
Remove “dry_run” from opcodes.OpCreateInstance
Disable the RAPI CA checks in watcher
move-instance: Fix parameter order in _CreateInstance
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Michael Hanselmann [Tue, 7 Sep 2010 09:44:26 +0000 (11:44 +0200)]
cli: Use list of options shared between commands
The completion script for bash has to know about these options. Until now
the list was in two places--once in cli.py and once in
autotools/build-bash-completion. A shared list is used with this patch.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Mon, 6 Sep 2010 19:58:31 +0000 (21:58 +0200)]
jqueue: Use separate function for encoding errors
Comes with unittest.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Manuel Franceschini [Fri, 3 Sep 2010 10:47:51 +0000 (12:47 +0200)]
Fix some epydoc warnings
Signed-off-by: Manuel Franceschini <livewire@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Michael Hanselmann [Thu, 2 Sep 2010 16:34:38 +0000 (18:34 +0200)]
Fix breakage introduced by commit
8044bf655
Note to self: even patches removing one line can break everything.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Manuel Franceschini <livewire@google.com>
Michael Hanselmann [Thu, 2 Sep 2010 15:52:44 +0000 (17:52 +0200)]
Remove “dry_run” from opcodes.OpCreateInstance
I'ts declared twice, once in opcodes.OpCode and here, and this one
is redundant.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Iustin Pop [Thu, 2 Sep 2010 09:18:27 +0000 (11:18 +0200)]
Disable the RAPI CA checks in watcher
Since the RAPI certificate is not necessarily self-signed, and we
currently don't have any configuration variable for the real CA file, we
disable for now the CA checks. This fixes the 'restart RAPI every 5
minutes' problem with non-self-signed certs.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Manuel Franceschini [Wed, 1 Sep 2010 09:34:30 +0000 (11:34 +0200)]
move-instance: Fix parameter order in _CreateInstance
This patch fixes a bug, which caused the primary and secondary
destination nodes to be revered on the destination cluster after an
instance move.
Signed-off-by: Manuel Franceschini <livewire@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Michael Hanselmann [Thu, 26 Aug 2010 16:17:20 +0000 (18:17 +0200)]
Show list of pending acquires in “gnt-debug locks”
This is accomplished by keeping a list of waiting threads instead
of just their number inside the lock-internal condition. A few
other tweaks to the output format are also made.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
René Nussbaumer [Tue, 24 Aug 2010 11:54:01 +0000 (13:54 +0200)]
Adding host key verification to setup-ssh
Signed-off-by: René Nussbaumer <rn@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
René Nussbaumer [Tue, 24 Aug 2010 14:21:37 +0000 (16:21 +0200)]
Adding a paramiko fingerprint format helper
And provide unittests for them
Signed-off-by: René Nussbaumer <rn@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Guido Trotter [Tue, 24 Aug 2010 17:06:33 +0000 (18:06 +0100)]
Merge branch 'devel-2.1' into devel-2.2
* devel-2.1:
Increase version to 2.1.7
Update NEWS for the 2.1.7 release
Conflicts:
NEWS
- merge
configure.ac
- keep the 2.2 version
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Guido Trotter [Tue, 24 Aug 2010 16:46:43 +0000 (17:46 +0100)]
Increase version to 2.1.7
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Guido Trotter [Fri, 20 Aug 2010 09:39:29 +0000 (10:39 +0100)]
Update NEWS for the 2.1.7 release
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Tue, 24 Aug 2010 15:22:29 +0000 (17:22 +0200)]
Fix race condition in locking unittest
While writing unittests for the new lock monitor, I made a small mistake and
didn't synchronize acquiring locks properly. This patch takes care of this
issue by adding additional synchronization.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Mon, 23 Aug 2010 17:32:54 +0000 (19:32 +0200)]
Add simple lock monitor
This patch adds an initial implementation of a lock monitor, accessible
for the user through “gnt-debug locks”. It currently shows all resource
locks: BGL, nodes and instances. Config and job queue locks could be
shown too, but wouldn't be of much help. The current owner(s) and mode
are also shown.
Showing pending acquires will require further changes on the SharedLock
internals and is not yet implemented.
Example output:
$ gnt-debug locks -o name,mode,owner
Name Mode Owner
BGL/BGL shared JobQueue19/Job147
instances/inst1 exclusive JobQueue19/Job147
instances/inst2 - -
instances/inst3 - -
instances/inst4 - -
nodes/node1 exclusive JobQueue19/Job147
nodes/node2 exclusive JobQueue19/Job147
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Mon, 23 Aug 2010 11:31:55 +0000 (13:31 +0200)]
workerpool: Allow setting task name
With this patch, the task name is added to the thread name and will show up in
logs. Log messages from jobs will look like “pid=578/JobQueue14/Job13 mcpu:289
DEBUG LU locks acquired/cluster/BGL/shared”.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Michael Hanselmann [Mon, 23 Aug 2010 15:14:11 +0000 (17:14 +0200)]
Use one function to parse “--fields” option values
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Mon, 23 Aug 2010 12:15:46 +0000 (14:15 +0200)]
locking.LockSet: Use function to get member lock name
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Mon, 23 Aug 2010 14:54:22 +0000 (16:54 +0200)]
Finalize removal of “lock_status” job field
When removing the field in commit
9bdab62198, I forgot to remove some parts.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Mon, 23 Aug 2010 11:58:41 +0000 (13:58 +0200)]
Prepare 2.2.0~rc1 release
Update NEWS and version number.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Iustin Pop [Sun, 22 Aug 2010 07:00:20 +0000 (09:00 +0200)]
setup-ssh: fix updating of authorized_keys
Due to what seems like a bug (or inconsistency) in paramiko, files
opened with a+ over SFTP need a seek() in order for the user to be able
to read data from them. We implement this, and rely on the fact that we
do iterate over all lines before writing and that the file is opened in
append mode (which at least on Linux should work correctly).
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Sun, 22 Aug 2010 06:37:32 +0000 (08:37 +0200)]
setup-ssh: Also use keys from the ssh-agent
Currently, setup-ssh only uses one disk-based key. This means that any
setup where we use keys from ssh-agent (which do not necessarily exist
on disk) will break when moving from the old method to setup-ssh.
This patch moves the SSH key handling to separate functions, and uses
both the disk key (first) and the agent keys for login.
The patch also fixes the root_logger setup level (I tried to hard to
reduce noise and broke the debug level, sorry).
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Fri, 20 Aug 2010 13:12:02 +0000 (15:12 +0200)]
setup-ssh: try to use key auth first
This patch changes the setup-ssh workflow to try key authentication
first, and then fall-back to password authentication. The password is
also read lazily, with no prompts if we can authenticate via keys.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Iustin Pop [Fri, 20 Aug 2010 13:02:12 +0000 (15:02 +0200)]
setup-ssh: redo the logging levels
There is not enough logged by default on stderr, and way too much
information in the log file.
Since we don't want to debug paramiko itself, we filter only warnings
and above.
Otherwise, we make WARNINGS the default level, with verbose meaning INFO
and debug, well, DEBUG.
Additionally, a message is improved.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Manuel Franceschini <livewire@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>
Iustin Pop [Fri, 20 Aug 2010 12:09:44 +0000 (14:09 +0200)]
setup-ssh: only read the ssh port once
Then reuse it. With certain setups, this could be slow when pre-seeding
an entire cluster.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>
Iustin Pop [Fri, 20 Aug 2010 11:54:54 +0000 (13:54 +0200)]
setup-ssh: fix the logging error message
This took a bit of interesting debugging, but the issue seems to be that
on older python/logging/paramiko (I'm not sure which is at fault here),
the other threads are finishing later than the main thread, so the
logging module closes the logging file (but doesn't unregister it)
before the paramiko thread(s) get a change to finish their logging.
Tested on both old versions (Dapper) and new versions (Lucid) of these
three pieces of the puzzle.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>
Michael Hanselmann [Fri, 20 Aug 2010 13:13:51 +0000 (15:13 +0200)]
Use Sphinx' :rfc: extension to refer to RFCs
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Michael Hanselmann [Fri, 20 Aug 2010 13:13:11 +0000 (15:13 +0200)]
Document non-standard usage of JSON in RAPI
This was requested in issue 118.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Manuel Franceschini [Fri, 20 Aug 2010 09:46:24 +0000 (11:46 +0200)]
Fix small spelling mistake
Signed-off-by: Manuel Franceschini <livewire@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
Iustin Pop [Thu, 19 Aug 2010 12:25:50 +0000 (14:25 +0200)]
Explicitly add dry-run to some commands
Based on manual inspection (that the command only does a submit of some
jobs/opcodes), we re-add the dry-run option on a subset of the existing
commands.
A few more commands could use dry-run, but the code doesn't deal nicely
with no results, so fixing those is left for later patches.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Thu, 19 Aug 2010 10:40:22 +0000 (12:40 +0200)]
Stop adding the dry-run option by default
Currently cli.py unconditionally adds the dry-run option. This patch
disables this, and exports dry-run as a normal option.
The other alternative I tried to implement (adding a new fake option for
disabling the auto-add per individual command) would require changes in
more places, as the list of options is no longer a homogeneous list.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Iustin Pop [Thu, 19 Aug 2010 13:51:00 +0000 (15:51 +0200)]
Fix a few commands behaviour with dry-run
These commands use or display the result from the LU, so in case of
dry-run, they will crash or display just 'None'. At least checking that
the result is 'true' (in the boolean sense) will make them work better.
As for gnt-os modify, it didn't pass the 'opts' parameter properly to
SubmitOpCode, so the dry-run option was silently ignored.
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
projects / ganeti-local / log