Statistics
| Branch: | Tag: | Revision:

root / lib / tools @ 0602cef3

# Date Author Comment
0602cef3 12/03/2012 04:33 pm Michael Hanselmann

Factorize code for checking node daemon certificate

This code is going to be used by a new utility for setting up the node
daemon. Unit tests are updated/added.

Additionally, the certificate and key stored in “server.pem” are
verified, too.

Signed-off-by: Michael Hanselmann <>...

a8b3b09d 11/30/2012 10:51 am Michael Hanselmann

Factorize SSL context setup for certificate check

This code will also be used by the node daemon setup utility.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Helga Velroyen <>

c9f79949 11/29/2012 10:01 am Michael Hanselmann

Add constant for node certificate mode

A new utility for configuring the node daemon will have to write the
node certificate as well. To not split information about the certificate
file even more, the constant is added to “pathutils”.

Signed-off-by: Michael Hanselmann <>...

dffa96d6 11/28/2012 01:48 pm Michael Hanselmann

Move cluster verification out of prepare-node-join

A new tool for configuring the node daemon will also have to verify the
cluster name, so it's better to have this function in a central place.
In the process of moving it to ssconf it is also changed to use...

5d630c22 11/27/2012 12:54 pm Michael Hanselmann

Factorize code to load and verify JSON

A new tool to configure the node daemon will also have to load and
verify JSON data.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Guido Trotter <>

796b5152 11/27/2012 12:54 pm Michael Hanselmann

Factorize logging setup in tools

Most tools had their own “SetupLogging” function, but they were all
essentially the same. This patch adds a generic version to “utils.log”
and provides unit tests.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Guido Trotter <>

efd38c3d 10/30/2012 12:59 am Bernardo Dal Seno

Fix permission for socket directory

The directory must we writable also by the confd daemon user.

Signed-off-by: Bernardo Dal Seno <>
Reviewed-by: Iustin Pop <>

f712208d 10/26/2012 05:27 pm Michael Hanselmann

prepare-node-join: Use ssh.GetAllUserFiles

Instead of building the dictionary locally, the global version in
“ssh.py” can be used.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

ebae9e37 10/26/2012 03:37 pm Michael Hanselmann

prepare_node_join: Move daemon SSH files to constants

This dictionary will also be useful in “gnt-node add”.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

340ae7da 10/26/2012 03:37 pm Michael Hanselmann

prepare-node-join: Swap private and public keys

Other places, such as “ssh.GetUserFiles”, use a structure where the
private key comes before the private key. Until now prepare-node-join
did the opposite, that is the public key came first. To avoid confusion...

910ef222 10/26/2012 03:37 pm Michael Hanselmann

prepare-node-join: Use public key directly for auth…_keys

A public key already includes the necessary prefix (“ssh-rsa” or
“ssh-dss”), so there is no need to add it again.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

c87440f5 10/25/2012 03:16 pm Michael Hanselmann

Drop SSHS_FORCE constant

It is not actually used.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Helga Velroyen <>

1facaf11 10/23/2012 07:08 pm Michael Hanselmann

tools.prepare_node_join: Fix pep8 errors

Pep8 didn't agree with the indentation.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Guido Trotter <>

d12b9f66 10/23/2012 06:32 pm Michael Hanselmann

Add initial implementation of prepare-node-join

This is a new tool as per the design document “design-ssh-setup”. It
receives a JSON data structure on its standard input and configures the
SSH daemon and root's SSH keys accordingly. Unit tests are included....

a4b247f0 10/18/2012 01:52 pm Michael Hanselmann

Merge branch 'devel-2.6'

  • devel-2.6:
    ensure-dirs: Don't accept arguments
    ensure-dirs: Fix program name on usage screen
    cli: Fix small typo

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

fca74633 10/18/2012 01:43 pm Michael Hanselmann

ensure-dirs: Don't accept arguments

Before they would just be silently ignored.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

8d77ac10 10/18/2012 01:43 pm Michael Hanselmann

ensure-dirs: Fix program name on usage screen

No string replacements are used, so doubling of the percent sign is not
necessary.

Before: Usage: %ensure-dirs [--full-run]
After: Usage: ensure-dirs [--full-run]

Signed-off-by: Michael Hanselmann <>...

11f53fdb 10/16/2012 05:43 pm Michael Hanselmann

Merge branch 'devel-2.6'

  • devel-2.6:
    ensure-dirs: Fix permissions on master socket
    Update security document for version 2.6
    Update NEWS and bump version to 2.6.1
    Text.hs: update field lists in parseData comments

Conflicts:
NEWS: Trivial
lib/tools/ensure_dirs.py: constant moved to pathutils...

48e3db76 10/16/2012 05:38 pm Michael Hanselmann

ensure-dirs: Fix permissions on master socket

A socket shouldn't have its executable bit set.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

2958c56e 09/28/2012 03:16 pm Michael Hanselmann

ganeti-cleaner: Separate queue cleaning code

This code does not need to run as root, therefore it's better to split
it out. It is now run with the same permissions as the master daemon.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

6a5e841d 09/27/2012 07:10 pm Michael Hanselmann

ensure-dirs: Don't hardcode ssconf file group

Otherwise chown(2) will fail when noded doesn't run as root.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

39b8cd94 09/27/2012 05:46 pm Michael Hanselmann

ensure-dirs: Don't convert list to tuple

Tuples are data structures, not containers.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: René Nussbaumer <>

3a6a89d7 09/27/2012 01:46 pm Michael Hanselmann

Revert unintentional change of daemon log file names

Commit 3329f4dea6 unintentionally changed the filenames of all daemon
log files. This patch reverts part of those changes.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Guido Trotter <>

7e97aca4 09/18/2012 06:11 pm Michael Hanselmann

Migrate lib/tools/ensure_dirs.py to pathutils

File system paths moved from constants to pathutils.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

3329f4de 09/18/2012 05:58 pm Michael Hanselmann

constants: Move most paths to separate module

This is inpreparation for the implementation of virtual clusters. Many
paths will change based on an environment variable and are no longer
constant and should no longer be in “constants.py”. Since “constants.py”...

7dcf333d 10/31/2011 05:54 pm Michael Hanselmann

Merge branch 'devel-2.5'

  • devel-2.5:
    Fix wrong headers and licences
    Update NEWS and increase to 2.4.5
    Fix parameters of RpcResult in hooks unit tests
    Fix a too long line.
    Move RenameFile to the new functions
    ensure_dirs: Move some useful functions into utils....
b81b3c96 10/26/2011 11:42 am René Nussbaumer

ensure_dirs: Move some useful functions into utils.

With this change we can easily reuse this functionality where it makes
sense on other parts of Ganeti.

Signed-off-by: René Nussbaumer <>
Reviewed-by: Michael Hanselmann <>

69f78cf7 10/19/2011 05:52 pm René Nussbaumer

Ensure permission on the job queue version file

Signed-off-by: René Nussbaumer <>
Reviewed-by: Iustin Pop <>

bfe86c76 09/20/2011 05:04 pm Andrea Spadaccini

Added SPICE TLS option and related cert paths

Signed-off-by: Andrea Spadaccini <>
Reviewed-by: Michael Hanselmann <>

f299ca21 08/19/2011 05:51 pm Michael Hanselmann

Unify some file headers

Remove unnecessary commas, add empty lines where necessary to make them
consistent.

I'm working on a script to check this, but it's not yet ready.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: René Nussbaumer <>

a95f19d7 08/19/2011 04:25 pm Michael Hanselmann

ensure-dirs: Fix epydoc error

Signed-off-by: Michael Hanselmann <>
Reviewed-by: René Nussbaumer <>

c3f54085 08/19/2011 03:11 pm Michael Hanselmann

ensure-dirs: Check mode and owner before changing

This avoids many calls to chmod(2) and chown(2), and thereby ctime
updates.

Since I had to update the unittests anyway I untangled the code a bit,
split it into more separate functions and added some more tests....

d00a730d 08/19/2011 03:11 pm Michael Hanselmann

ensure-dirs: Refine error handling on stat(2)

The “_stat_fn” function is renamed to “_lstat_fn” to reflect its
function. The try/except block just wraps calling lstat(2) and nothing
else.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: René Nussbaumer <>

297657a2 08/19/2011 03:11 pm Michael Hanselmann

ensure-dirs: Change wording of some messages

Signed-off-by: Michael Hanselmann <>
Reviewed-by: René Nussbaumer <>

961226f6 08/19/2011 03:11 pm Michael Hanselmann

ensure-dirs: Implement debug logging

There was no logging at all.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: René Nussbaumer <>

cb66225d 08/19/2011 03:11 pm Michael Hanselmann

ensure-dirs: Set permissions on job files in queue

This was a regression from 2.4.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: René Nussbaumer <>

247ee81f 08/19/2011 11:28 am Michael Hanselmann

ensure-dirs: Set permissions on queue lock file

Signed-off-by: Michael Hanselmann <>
Reviewed-by: René Nussbaumer <>

cd57bab6 08/17/2011 05:57 pm Michael Hanselmann

ensure-dirs: Set correct permissions on ssconf files

The files should be 0444, not 0400. This was a regression from 2.4.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: René Nussbaumer <>

0d2bf835 03/24/2011 10:29 am René Nussbaumer

Rewrite of ensure-dirs in python

I provided unittest to test the important pieces of the infrastructure.
The one remaining function (ResuriveEnsure) is not easy to unittest
but also not critical if it fails to operate correctly.

Signed-off-by: René Nussbaumer <>...