code.grnet.gr Git - ganeti-local/log

Hotplug: cfgupgrade for deprecated fields

Add cfgupgrade so that we remove any deprecated fields hotplug
implementation used in the past.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Hotplug: Update manpages and NEWS

Add --hotplug entry in gnt-instance manpage.
Add NEWS entry for hotplug support.
In both cases mention that hotplug is only supported only the
the KVM Hypervisror and for versions >= 1.0.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Hotplug: client support

Add --hotplug option. Only used in OpInstanceSetParams.
If this is omitted, modifications become effective after reboot.

Ask user confirmation in case NIC modify + hotplug because it will
be done via removing old NIC (and the corresponding tap) and adding
a new one in the same PCI slot.

Corresponding mods in haskell opcode definitions.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Hotplug: cmdlib support

Hotpluging is done by functions invoked by ApplyContainerMods(). In
order hotpluging to take place the --hotplug option must be passed
otherwise the modifications will take place after reboot.

NIC hotplug supports add, remove and modify. The modify is done by removing
the existing NIC and adding a new one in the same pci slot.

Disk hotplug support add and remove. Before hotpluging a Disk it
must be assembled. During LUInstanceSetParams() newly created disks
are not added to the instance so ExpandCheckDisks() in
AssembleInstanceDisks() will fail. So we make this check optional
only for this case.

In order to remove a disk (with blockdev_remove) it must be shutdown. So
after unpluging the disk ShutdownDiskInstanceDisks() must be invoked.

For both device types we use the generic RPC call_hotplug_device.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Hotplug: rpc support

Introduce new RPC that eventually invoke hypervisor specific
hotplug functions. In order to be generic it has the following
arguments: device type, action, device, extra info, seq.
Device type can be NIC or DISK, action can be ADD, REMOVE,
device is the NIC or Disk object, extra info is used by Disk
hotplug to point the device path and seq is the device index
(from the master perspective)

If hypervisor does not support hotplug the opcode will fail.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Introduce hotplug methods (hypervisor inteface)

4 new methods: HotAddDevice, HotDelDevice, HotModDevice, HotplugSupported
All these are the hypervisor interface with the backend.
In general they read current runtime info, do the actual hotplug
and update the runtime file.

NIC hot-add:
- open a tap and get its file descriptor.
- pass fd with SCM rights (using python-fdsend) via monitor socket
- create netdev and device with id=kvm_devid and proper pci info

Disk hot-add:
- create drive with id=kvm_devid
- create device with id=kvm_devid and corresponding pci info

Use MonitorSocket in _PassTapFd in order to connect to monitor socket
and pass the tap's file descriptor using fdsend.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Extract socket related code from QmpMonitor class

Separate unix socket related code from QmpMonitor class and
make the latter extend the newly introduced one: MonitorSocket

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Helper methods that check for hotplug support

Hotplug is currently *not* supported for:

- KVM < 1.0
- existing devices in the cluster
- python-fdsend module is not installed (NIC hotplug)
- chroot (Disk hotplug)
- security mode other than None (Disk hotplug)

For the above reasons raise HotplugError exception and
let masterd handle it.

TODO: modify CallHotplugCommand() so that it parses
monitor output and reports whether the command
succeeded or not.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Use -device with pci info if possible

Extend kvm_cmd with -device option for the case of paravirual
Disks and NICs.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Hepler methods for PCI slots and device ids

Device naming:
QEMU monitor expects devices to be uniquely named. Device ids derive
from the following function:
kvm_devid = <device_type>-<part of uuid>-pci-<pci_slot>
Device ids must be reproduce-able when we want to remove them.
For that reason we store the pci slot inside the runtime file and
in case we want to remove a device we obtain its pci slot by
parsing the corresponding runtime enrty and matching the device
by its uuid.

Finding the PCI slot:
For newly added devices Hypervisor parses existing PCI allocations
(via _GetFreePCISlot() and eventually ``info pci`` monitor
command) and decides the PCI slot to plug in the device. During
instance startup hypervisor invokes _UpdatePCISlots() for every
device of the instance. Initial PCI reservations derive from KVM
default setup, that allocates 4 slots for devices other than disks
and NICs.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Prepare block_devices runtime entry

With this patch we add another entry in runtime files along with
kvm_cmd, kvm_nics, and hvparams. block_devices that used to be
encapsulated inside kvm_cmd, live now separately just like nics do
but in tupples of (L{objects.Disk}, dev_path).

Introduce also _GetExistingDeviceInfo() helper function to search
for runtime entries. This is going to be useful later in hotplug
methods.

Define new exception: HotplugError.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Prepare kvm options to support -device for disks

Newer kvm version support -device driver,... option where available
drivers can be found by running kvm -device ? command. Currently
ganeti uses `if` property of driver to define the disk type to use
which is also passed as hvparam. This patch prepares the use of
-device option only for paravirtual disks. To support other drivers
as well we must create a mapping between the values passed now as
disk_type hvparam and existing drivers. Note that if -device is used
`if` property of `drive` option should be `none`.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Introduce _GenerateKVMBlockDevicesOptions()

Simply move logic that generates block device related
options out of _GenerateKVMRuntime().

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Add hotplug related constants

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Hotplug: objects and constants additions

Add pci slot in NIC/Disk objects. This slot will be used only
by hypervisor code. Currently only KVM will use it and store it
temporarily in runtime files.
Add HOTPLUG_* constants to define device types an hotplug actions.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Version bump for 2.8.2

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

Update NEWS file for 2.8.2 release

Add a section in the file for the new upcoming release.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

DRBD: ensure peers are UpToDate for dual-primary

DrbdAttachNet supports both, normal primary/secondary node operation, and
(during live migration) dual-primary operation. When resources are newly
attached, we poll until we find all of them in connected or syncing operation.

Although aggressive, this is enough for primary/secondary operation, because
the primary/secondary role is not changed from within DrbdAttachNet. However,
in the dual-primary ("multimaster") case, both peers are subsequently upgraded
to the primary role.  If - for unspecified reasons - both disks are not
UpToDate, then a resync may be triggered after both peers have switched to
primary, causing the resource to disconnect:

  kernel: [1465514.164009] block drbd2: I shall become SyncTarget, but I am
    primary!
  kernel: [1465514.171562] block drbd2: ASSERT( os.conn == C_WF_REPORT_PARAMS )
    in /build/linux-rrsxby/linux-3.2.51/drivers/block/drbd/drbd_receiver.c:3245

This seems to be extremely racey and is possibly triggered by some underlying
network issues (e.g. high latency), but it has been observed in the wild. By
logging the DRBD resource state in the old secondary, we managed to see a
resource getting promoted to primary while it was:

  WFSyncUUID Secondary/Primary Outdated/UpToDate

We fix this by explicitly waiting for "Connected" cstate and
"UpToDate/UpToDate" disks, as advised in [1]:

  "For this purpose and scenario,
   you only want to promote once you are Connected UpToDate/UpToDate."

[1] http://lists.linbit.com/pipermail/drbd-user/2013-July/020173.html

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Improve error message for replace-disks

In some conditions, replace-disks will fail if the disks are not properly
activated. Improve the error message suggesting to run activate-disks before
executing replace-disks.

Fixes Issue 606.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Add all dependencies for confd as test dependencies

Since our tests pull in confd as a dependency, all build dependencies
for confd are also necessary to run the tests.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Add snap-server to the test-relevenat packages

While snap-server is only needed for the optional monitoring daemon,
some tests, notably those testing these optional features, still depend
on it. So, if snap-server is missing, the Haskell tests should not be
run, as they cannot even be build.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Placate warnings on ganeti.outils_unittest.py

Change ovf.py from using 'if foo:' to 'if foo is not None:' checks as
suggested by the FutureWarnings the OVF library raises otherwise.
This fixes issue 557.

Signed-off-by: Santi Raffa <rsanti@google.com>
Reviewed-by: Jose Lopes <jabolopes@google.com>

Version bump for 2.8.1

Also, update the NEWS file accordingly.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Verify that ConfD is running after master-failover

This patch adds additional 'gnt-node list' commands to
the testing of 'gnt-cluster master-failover' in order to
test if ConfD (or LuxiD) is still running after a
master-failover.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

daemon-util: handle luxid in {start,stop}_master()

Luxid was not handled in start_master() and stop_master() at all. As a result,
during a master-failover, luxid would be left running on the old master and
would not start on the new master, leaving the cluster without management until
luxid was manually started.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Fix typo in storage.FileStorage docstring

Signed-off-by: Santi Raffa <rsanti@google.com>
Reviewed-by: Jose Lopes <jabolopes@google.com>

Fix path for serial file

It is actually located inside the queue directory.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

Improve harep documentation

Add a more complete description of how the tool works.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Fix typo in walkthrough documentation

Fix typo in walkthrough documentation, where 'instance3' should read
'instance1' in order to be consistent with the output below in the
example.

Signed-off-by: Jose A. Lopes <jabolopes@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Don't attemp ipv6 ssh in case of ipv4 cluster

In case of a cluster with primary-ip-version=4, there is no need
for cluster to try ipv6 ssh connections which may timeout.
So append '-4' on ssh if cluster is ipv4-only

Signed-off-by: Costas Drogos <costas.drogos@gmail.com>
Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Fix outdated documentation for users-setup

The --yes-do-it parameter was not properly documented yet. Add it to the
administration guide.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Fix wrong release date in the NEWS file

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Version bump for 2.8.0

Also, update the NEWS file accordingly.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Add daemon split design doc

This describes the future planned structure of Ganeti daemons.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Merge branch 'stable-2.7' into stable-2.8

Conflicts are trivially solved.

* stable-2.7
Version bump for 2.7.2 (updated NEWS file)

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Conflicts:
NEWS
configure.ac

Version bump for 2.7.2

Change the version number and the NEWS file for the 2.7.2 bugfix release.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

Add additional tests for utils.Retry

Also have some tests where the time the various components
(inspecting the time function, calling the function, etc) have
a non-trivial time. Also, have two tests demonstrating that
the number of retries actually depends on the amount of time
the function takes to complete.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

Make retry tests independent of actual time

Even in the tests, real time is used. While, generally, the assumptions
about execution time are pretty safe, in some rare circumstances, e.g.,
on machines with extremely heavy load they do not hold true, thus rendering
the tests flaky. Fix this, by mocking time.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

Fix corner-case in handling of remaining retry time

Consider a remaining time of 0 as already timed out. Otherwise,
there is no guarantee that calling utils.Retry with timeout 0
will call the function precisely once; it might run in time
shorter than the resolution of timer.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

Perform proper cleanup on termination of Haskell daemons

Haskell deamons did not perform proper cleanup at termination. There was no code
for removing the pid file, and the code in LuxiD for removing the unix socket
file was not working, because it is implemented with a "finally" statement,
which is executed only when the main loop of the daemon is exited (either
normally, or through an exception), but not when it is terminated by a SIGTERM.

This commit adds a proper handler for SIGTERM, which transforms it into a
successful termination exception. This allows both the newly added cleanup code
for pid files and the unmodified cleanup code for unix sockets to be executed.

Fixes Issue 581 and 582.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Version bump for 2.8 rc3

Also, add to the NEWS file a couple of items that were still missing.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

Merge branch 'stable-2.7' into stable-2.8

* stable-2.7
Fix incorrect manpage reference to htools

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Fix incorrect manpage reference to htools

the manpages for hcheck, hinfo and hroller have an incorrect reference
to htools(7) which does not exist. This patch links them to htools(1).

This bug also fixes Debian BTS#721824 (http://bugs.debian.org/721824)

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Add a default to file-driver when unspecified over RAPI

The file-driver value, used by file-based instances, had a default value when
an instance was being created over the CLI, but not when the instance was
created through the RAPI.

This patch introduces a default value for the remote API and, while doing so,
also centralizes in a single place the definition of such a value, for both the
interfaces, in order to remove the possibility for them to be out of sync.

Fixes Issue 571.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Remove typo from RAPI documentation

"be used instead." was repeated twice.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Describe the files in doc/users in NEWS

While only a small feature, the files in doc/users can influence
the way ganeti is packaged. Hence it should be mentioned in the
news file.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Update the upgrade procedure

Now that users-setup asks for confirmation, explain in the
procedure how asking for this confirmation can be skipped.
This skipping is particularly important for users following
the recommendation of using the distributed shell (dsh).

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Make tools/users-setup explain its actions first

Before doing any changes, make tools/users-setup explain its
actions first, and ask the user for confirmation. If the first
argument is --yes-do-it, this step will be skipped.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Generate tools/users-setup from descriptions

Now that we have a machine readable description of the users
to be added to the system, use it to generate the tools/users-setup
script, so that we again have only one authoritative source of
the user and group requirements. This also has the advantage of
of avoiding duplicate additions and attemps add a user root.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Provide ganeti user and group data in easy-to-parse form

Upon build time, also generate, in the directory doc/users, files
containing the groups, the users with their primary group, and the
additional groupmemberships to be added. In this way, packages can use
their own way of adding users to the system, instead of telling the
adiministrator to run tools/users-setup.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Remove dsahostkeypub during config downgrade

Remove the newly-added DSA host public key field from the configuration file
when downgrading to 2.7, if present. Otherwise masterd will refuse to start.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Mark the DSA host pubkey as optional

Commit a9542a4 introduced support for DSA SSH keys. However, the dsahostkeypub
field added to the config is not marked as optional in the Haskell components.
As a result, luxid thinks the config file is corrupt and refuses to start. We
fix this by marking the dsahostkeypub as an optionalField.

This fixes issue 560.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Fix documentation for gnt-node evacuate -p option

Update the documentation to remove the claim that the --primary-only
option results in data copies while in fact it only fails over/migrates
the all primary instances.

Signed-off-by: Leon Handreke <lhandreke@google.com>
Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

NEWS update and version bump for 2.8 rc2

Latest modifications and fixes added to the NEWS file.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Add unit test for GetLinuxNodeInfo

The function was not unit tested previously.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

Prepare GetLinuxNodeInfo for testing

The names of the input files are not hardcoded anymore, but they are now default
parameters.

No changes for the callers, but it's now possible to test the function more
easily.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

Make the DRBD collector more failure-resilient

If information about instances is not available, just log the error and
continue without it.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Add function to unwrap Results logging failures

Add logWarningIfBad, a utility function similar to exitIfBad, that logs a
warning and returns a default value instead of just crashing the program if
the unpacked value is Bad.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Allow instance mods if only osparams are given

osparams are now recognized as changes, so changing only those without
other changes works too now.

(cherry picked from commit 5eae613c2e1e65101c5d5f7d2e8ffd7cc6edc7d5)

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Fix harep manpage title

The harep manpage title underline was one character short, leading in
pandoc producing an invalid manpage header.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

Use FQDN to check master node status

The master node name in SS conf is stored as FQDN, so also use the FQDN
on each node to check if it is the master node.

This fixes issue 551.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Merge branch 'stable-2.7' into stable-2.8

* stable-2.7
  Fix documentation of gnt-instance batch-create
  Support multi instance allocs without iallocator
  Document --no-conflicts-check for gnt-network
  Check disk template in right dict when copying
  ganeti.backend_unittest: chmod restricted cmd dir
  Fix formatting of tuple in error message
  Fix 'prcre' typo in INSTALL
  Format gnt-network info group output
  Add 2.7.2 NEWS entry

Conflicts:
INSTALL
      (trivial)
NEWS
      (added entry to unreleased 2.8 section with remark that it was
       merged from 2.7)
lib/cmdlib.py
      (followed cmdlib split)

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Fix batch creation of instances

During batch creation of instances the 'reason' field in opcodes is set
to None (but the field is present). This caused problems when adding a
reasons to the reason trail.

Setting the default value for the 'reason' field to the empty list fixes
this issue.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Fix documentation of gnt-instance batch-create

The documentation of gnt-instance batch-create was outdated and
contained invalid examples. This patch corrects the man page and
includes working example inputs.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Support multi instance allocs without iallocator

If all instances in the multi allocation request have already their
primary and secondary node set, there is no need for an iallocator. Thus
don't require it in this case and omit the call to it all together.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Support DSA SSH keys in bootstrap

As outlined in issue 338, Ganeti failed to initialize a cluster if no
RSA SSH key is present on the master node. This patch extends Ganetis
support to DSA keys, so clusters with only DSA keys are possible now.

This fixes issue 338.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

Include VCS version in `gnt-cluster version`

Also print the VCS version in the output of `gnt-cluster version`. This
makes the VCS version also available over RAPI, etc.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

Document 'viridian' hypervisor parameter

List the 'viridian' hypervisor parameter (valid for Xen HVM) in the
gnt-instance manpage.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

Support 'viridian' parameter in Xen HVM

This parameter is required to prevent bluescreens in Windows instances.

This fixes issue 233.

Signed-off-by: Heiko Baumann <heibau@googlemail.com>
Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

Document --no-conflicts-check for gnt-network

gnt-network add and connect do support the --no-conflicts-check option.
This is now also documented in the man pages.

This fixes issue 526.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Version bump for 2.8.0 rc1

Update NEWS file and version number.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Add Make to the list of dependencies

Make is a required dependency, but it was not specified in the install guide.
This commit adds it.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

Check for luxid permission during verify config

confd no longer needs access to the noded certificate file, but luxid
does. Change the check to use the right user.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Add monitoring-query-format.rst to $(docinput)

Commit 431ff2c10 split the monitoring system documentation in two parts but did
not include the new monitoring-query-format.rst to $(docinput). As a result,
current tarballs of 2.8 do not ship doc/monitoring-query-format.rst.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Fix documentation building rules

Implement the correct behavior to be kept when sphinx-build is not installed.
It was already correctly checked, but instead of just disabling the
documentation generation, an error message was printed, having "make" fail.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

Check disk template in right dict when copying

Due to the structure of the code this condition can't possibly be true.
We have to look in the new_diskparams dict instead, otherwise it'd be
possible to try to update a non-existing entry.

(The same patch is in stable-2.7 as 106441d already).

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Check disk template in right dict when copying

Due to the structure of the code this condition can't possibly be true.
We have to look in the new_diskparams dict instead, otherwise it'd be
possible to try to update a non-existing entry.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

ganeti.backend_unittest: chmod restricted cmd dir

TestVerifyRestrictedCmdDirectory.testNormal implicitly relies on the current
umask to check the behaviour of backend._VerifyRestrictedCmdDirectory. However,
when run under a more relaxed umask (as in the case of the Debian buildd's
using sbuild and - apparently - umask 0002), it fails.

Since this kind of failure is already tested for previously and since we should
check that a "known-normal" directory passes the test, we explicitly chmod()
the temporary directory to 0755.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Fix formatting of tuple in error message

The missing str() call caused to raise another exception than the wanted
one. Transforming the tuple to string fixes this problem.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Mark the UUID design doc as implemented

The code implementing the UUID design document is included in Ganeti 2.8.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Clarify that cmdlib/ must be removed downgrading

Downgrading from 2.8 to a previous version will fail if the new cmdlib/
directory is not removed.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Fix formatting error in the UPGRADE document

An item of the enumerated list was not rendered correctly.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Make build_chroot compatible with Squeeze

Modify build_chroot to make it compatible with debian Squeeze. This
is done by using a function instead of a alias for the command that
was failing.

Fixes Issue 507.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Thomas Thrainer <thomasth@google.com>

Update security doc and NEWS for luxid

Document the split of luxid from confd in security.rst and in the NEWS
file.

Signed-off-by: Thomas Thrainer <thomasth@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Add --cleanup to instance failover manpage

Describe the new parameter in the manpage of gnt-instance.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Update NEWS with failover cleanup

Describe the new feature in the NEWS file.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Add cleanup parameter to instance failover

Most of the code is shared with instance migrate, so we actually only need
to add the parameter and pass its value along the the common code.

Also, tests and harep are updated to support the right set of options to
the "failover" opcode.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Fix 'prcre' typo in INSTALL

Thanks to "Izhar ul Hassan" for reporting the issue.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Update NEWS file for 2.8 wrt vnet_hdr KVM hvparam

Document the addition of the vnet_hdr HV parameter for KVM in the NEWS
file for 2.8.

Signed-off-by: Stratos Psomadakis <psomas@grnet.gr>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Document the vnet_hdr HV parameter for KVM

Document the vnet_hdr HV parameter for KVM in the gnt-instance man page.

Signed-off-by: Stratos Psomadakis <psomas@grnet.gr>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Format gnt-network info group output

gnt-network info currently displays the connected group output unformatted:

# gnt-network info
...
connected to node groups:
['med', 'bridged', 'staging']

This patch adds formatting to the node group output.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Add 2.7.2 NEWS entry

Prepare to list changes for 2.7.2.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Prepare NEWS for 2.8.0 beta2

- Create stub "initial release" entry for beta1.
- Keep main 2.8 release information at top
- Add initial "since beta1" section

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Fix the downgrade function of cfgupgrade

The downgrade was not correctly removing some of the UUIDs (namely, those
of disks and NICs).

Fixes Issue 510.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

Increase maximum HTTP message size

After adding a new KVM parameter, RAPI queries related to KVM have become
too big, so we need to increase this.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

Clarify hbal man page

In the sense of hbal, and, in fact, all htools, drained nodes
are considered as offline. Also, the cluster score is not just
the sum of its component, but, e.g., the count of instances on
offline nodes is weighted stronger.

Signed-off-by: Klaus Aehlig <aehlig@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Properly add the UUID to all the disks

Starting from Ganeti 2.8 all the disks need to have a UUID.
A function for adding a UUID automatically to disks was present, but it didn't
consider disks with children (like DRBD).

The function is modified to work recursively.

Partially fixes Issue 510.

Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

Merge branch 'stable-2.7' into stable-2.8

* stable-2.7:
  Update NEWS and version for Ganeti 2.7.1
  daemon-util: pass --oknodo at rotate_logs
  Add logrotate example
  daemon-util: provide rotate_logs and rotate_all_logs actions

Conflicts:
NEWS: trivial
configure.ac: trivial (keep 2.8 version)

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Update NEWS and version for Ganeti 2.7.1

Release 2.7.1 with a handful of minor fixes.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Michele Tartara <mtartara@google.com>

Add hvparam to disable VNET_HDR on tap devices

IFF_VNET_HDR allows tap devices to extract a VIRTIO_NET_HDR from pkts
going through the tap iface, enabling segmentation offload for the
virtio nics.

Current (Debian) kernels (3.2 for Debian Squeeze backrports / Wheezy)
don't seem able to handle well VMs with 'broken' virtio ifaces (e.g.
FreeBSD virtio-net driver), using GSO. Broken or malicious virtio-net
drivers can cause the host kernel to flood the logs with WARNs(),
effectively live-locking the system and affecting its overall stabitlity
(eg DRBD disconnects).

The WARN() flooding has been fixed / ratelimited in Linus' tree, but it
hasn't been backported to -stable.

This patch adds the vnet_hdr hvparam for KVM, to select whether the tap
devices used for KVM virtio ifaces will get created with VNET_HDR
support (IFF_VNET_HDR), even when the underlying kernel supports it, in
order to avoid this issue.

Signed-off-by: Stratos Psomadakis <psomas@grnet.gr>
Reviewed-by: Guido Trotter <ultrotter@google.com>