RAPI: Add flag to require authentication
Most RAPI resources do not require authentication for the “GET” method.In some setups it can be desirable to always require authentication.This patch adds a command line parameter to always require it.
Some unrelated minor typos in the “ganeti-rapi” man page are also fixed....
Merge branch 'devel-2.7'
Build table with access permissions for RAPI resources
Sometimes it can be difficult to determine the access permissions neededfor a certain RAPI resource without looking at code. This table, addedat the end of “rapi.rst”, shows all resources and the permissions needed...
Allow generating different RAPI resource lookup tables
Until now the RAPI resource table returned by“rapi.connector.GetHandlers” always uses fixed strings or compiledregular expressions as dictionary keys. Now that a table of all RAPIresources (and their access rights) should be written for the...
Minor fixes regarding nic.network change
Make LookupNetwork() return None in case target is None. This fixesIssue 380. Rapi passes network=None and the lookup should not fail.
Make network client aware of new nic.network.gnt-network info showsthe IPs of each instance inside the network. It parses nic.networks...
baserlib: Make "_OPCODE_ATTRS" public
"_OPCODE_ATTRS" will also be used in the Sphinx extension.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Fix issue 378
In case a NIC is not inside a network then netinfo None. Thusnetinfo["name"] fails.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>Reviewed-by: Helga Velroyen <helgav@google.com>
RAPI documentation: Assertion for console fields
Assert that the documented fields are equal to those in the actualobject.
Sphinx extension: Module-level constant for tab width
Use a module-level constant for the tab width.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
Helper to retrieve access permissions for RAPI resource
Merge similar code into a helper function.
Status change reason support for Reboot
Add support to the Reboot command for specifying the reason for the laststatus change.
Some features are implemented as functions, even if used only once, becausethey will be used by the future patches introducing reason support for all...
Infrastructure for specifying instance status change reason
This patch introduces some infrastructural modifications that will be used bythe following commits to implement the support for specifying the reason forthe last status change of an instance....
Add request type to Confd server for getting instance list
Add to Confd server a new request type (and its implementation) to ask forthe list of instances in a node.
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Remove useless code in backend for network hooks
In backend NICs arrive with netinfo filled. If nic.network is not Nonenic.netinfo is not too. Thus all the info is derived from HooksDict()and nic.network must not be checked.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>...
Show network name and not uuid in instance info
This was before the case too. Now is bit trickier because nic.networkis uuid. Info must derive from nic.netinfo.
Implement network locking in Instance queries
This is needed in case more info than each nic's network uuid is tobe returned. We need to lock networks to get valid data. For nowonly the name is returned as an extra field. All other can be addedwith trivial effort....
Changes in query to support nic.network as uuid
Queries now return the network uuid as well as it's name. Here weonly use info provided be LUInstanceQueryData context.
Modify query LUs to supoprt nic.network as uuid
Make _InstanceQuery gather all network info related to instance'sNICs and in case of NETQ_INST in _NetworkQuery get all networkuuids directly from nic.network
Add GetInstanceNetworks() config method
This will be needed for Instance Queries. It walks through theinstance's NICs and returns a list network uuids that the NICsare attached to.
cmdlib changes to support nic.network as uuid
Refactor Instance related LUs to support nic.network asa uuid. This removes all the unnecessary invocations toLookupNetwork().
Make network config methods take uuid as argument
This will be needed in the following patches where nic.networkwill refer to network's uuid and not name.
Revert "Disable live-RPC queries under split query"
This reverts commit fb251c2c4c582ec0d6c00a6f6c5e134ed5196e03. On themaster branch we want to continue to have them enabled.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Rename lib/objectutils to outils.py
Back when this was introduced, I mentioned that it breaks heavily tabcompletion (ob<TAB> doesn't work anymore), but at that moment I didn'thave a suggestion what to name it. I think outils is good and shortenough, and doesn't conflict with anything else, so here it goes....
Fix wrong type in a docstring of the RAPI subsystem
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Finish the remote→restricted commands rename
The documentation still points to /etc/ganeti/remote-commands,although the code is already using restricted-command. Update thedocumentation and a few docstrings accordingly.
Signed-off-by: Iustin Pop <iustin@google.com>...
Force conflicts check in LUNetworkDisconnect
Until now if one disconnects a network with --no-conflicts-checkand then remove it, there is a possibility to leave instances with NICsreferencing non-existing networks. This causes network queries,instance removal and modification to fail....
If _UnlockedLookupNetwork() fails raise error
Make _UnlockedLookupNetwork() raise OpPrereqError (instead of returningNone) in case it does not find the requested network. Remove useless andduplicate code such as:
if net_uuid is None: raise...
This is a cherry-pick of commit 1cce2c4....
Change default xen root path to /dev/xvda1
All recent-enough versions of linux see the xen paravirtual device as/dev/xvd*.
This doesn't break old installations, as the default is only used on newclusters.
Signed-off-by: Guido Trotter <ultrotter@google.com>...
Fix rbd showmapped output parsing
'rbd showmapped' output formatting differs between older and newer versions ofthe ceph tools. Try to use json output formatting if available (currentlyavailable only in the ceph master branch). For bobtail, argonaut and older...
Improve reporting on errors.AddressPoolError exceptions
This patch improves the error messages given when a“errors.AddressPoolError” exception is caught. Includes some small stylefixes.
Remove network_type slot (Issue 363)
This slot was not used by Ganeti so the same info can beprovided via tags. In order not to break configuration datawe add a FromDict() method in Network config object thatremoves the deprecated network_type (if found) and then invoke...
Remove family and size from network objects
This info is not used by Ganeti and therefore is removed.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>Reviewed-by: Guido Trotter <ultrotter@google.com>
Make use of HooksDict() for networks
This can be used in hypervisor code as well. For consistencyexport *NETWORK_NAME and not *NETWORK throughout the code.
Moved uniformity check for exclusive_storage flag
Cluster-verify used to check that the value of exclusive_storage is uniformwithin node groups. Now, it's impossible to change the flag for a singlenode, so that check has been removed and an equivalent one has been added...
"exclusive_storage" cannot be changed on single nodes
There's never been support for a configuration where nodes in the same nodegroup have different values of the exclusive_storage flag. This patchdisables the possibility to change the flag for individual nodes....
Upgrades made on loading the configuration are always saved
Before, only some upgrades were written back to the configuration file. Alittle refactoring of _UpgradeConfig() has been done to write unit tests.
Signed-off-by: Bernardo Dal Seno <bdalseno@google.com>...
Show correct daemon name on Luxi connect errors
Since now confd also serves a Luxi endpoint, the current message incli.FormatError is misleading when actually failing to connect toit. The patch adds a somewhat hackish way to show the right daemonname....
ConfigData: run UpgradeConfig on network objects
Although this does nothing for now, running it is safe, and consistentwith how other objects behave.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
OS environment: add network information
1) Move the hooks environment dict generator inside the object. Thisalso adds missing values such as network family and uuid.2) Use the same generator both for the os environment and for theinstance hooks.3) Update manpage and hooks documentation....
Make gnt-os list work with no OSes
When absolutely no OSes are present on the cluster, the result ofOpOsDiagnose is an empty list. This is currently handled in gnt-os asan error condition, probably due to how OpOsDiagnose used to returnerrors in the past....
baserlib: Fix two mistakes in docstring
The method names were wrong due to copy & paste.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
vcluster: Make _MakeNodeRoot public
The QA code will also have to generate virtual paths and this functioncomes in handy.
hv_kvm: Error messages, punctuation, other style fixes
- Capitalize acronyms such as “QMP” or “SPICE”- Remove punctuation from error messages- Improve error reporting when sending a monitor command failed- Put “or” at end of line- Fix indentation for a concatenated string...
hv_kvm: Add TODO regarding monitor commands
Monitor calls should be replaced with QMP once KVM >= 0.14 is required.
Fix Haskell log file naming after virtual cluster changes
Commit 3329f4de changed the Haskell log file from constants tofunctions, but introduced a bug: it uses now the daemon name insteadof the correct log file, which means "ganeti-confd.log" instead of...
Extract container converters
“objects.ConfigObject” contains two useful functions for working withcontainers of serialized objects, “_ContainerToDicts” and“_ContainerFromDicts”. This patch separates those functions and movesthem into “objectutils” as they'll be useful for converting parts of the...
hv_xen: Fix epydoc error
“utils.RunCmd” is re-exported from “utils.process.RunCmd”. Epydocdoesn't fully understand this, so we have to refer to the original.
objects: Improve handling of TCP/UDP port pool
- Handle de-serialization correctly when pool is not defined- Serialize to empty list when the attribute is None (this should never happen in reality as the attribute is always set when de-serializing)- Add tests...
Switch KVM to multi-error verify results
This uses the new _FormatVerifyResults helper function to returnmultiple errors.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Make LXC fail verification if cgroup is not mounted
Since LXC now relies on cgroup memory limits to enforce memory, let'smake hypervisor verification (and thus cluster-verify) return errorswhen the cgroup filesystem is not mounted.
Add a helper function for hypervisor verification
This will allow easier multi-error results from hypervisors; rightnow, we only report the first error, which is not nice.
hv_lxc: fix whitespace errors
The latest lxc patches included a few whitespace style errors, that makelint fail. This patch fixes those.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
LXC: add support for the memory controller
Add support for the memory resource controller, useful to actually placememory limits on instances.
Support is still optional, in case the kernel doesn't have it compiledin, or in the case of Debian has it dependent on a kernel command-line...
LXC: adapt hv for newer lxc userspace tools
Currently hv_lxc depends on the behavior and output of older LXC tools,which have since changed, making it unable to function in currentdistributions (e.g. Debian wheezy).
Adapt the tools and expectation for the output and make it into a...
Fix logging arguments formatting
This fixes: “ganeti/hypervisor/hv_kvm.py:93: [W1201, _GetTunFeatures]Specify string format arguments as logging function parameters”, andalso updates the copyright years.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
Disable live-RPC queries under split query
Currently, the node listing RPC is very slow due to missingparallelisation. For the 2.7 release, we reset these back to masterd,hoping to revert them by the time 2.8 is ready.
There are a number of queries that I've left pointing to confd, as...
Document that OpTestDelay/TestDelay take duration in seconds
Also, fix @rtype and @return elements of utils.TestDelay(), which nowreturns a tuple but this wasn't being indicated.
Signed-off-by: Dato Simó <dato@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
hv_kvm: Refactor getting TAP features, add tests
Split retrieving supported features into a dedicated function which canbe mocked. Tests are added for both “_ProbeTapVnetHdr” and“_GetTunFeatures”.
Signed-off-by: Michael Hanselmann <hansmi@google.com>...
hv_kvm: Original error message, keyword parameter
- Include original error message when creating TAP interface failed- Pass keyword parameter as such
hv_xen: Fix issues with migration, add tests
Commit 3d942d8 broke instance migration (“self._cmd” was set to None).This patch fixes that issue, refactors “MigrateInstance” for testing andadds those tests.
kvm: fix bug while fetching -device list
_GetKVMOutput expects the command to succeed, but unfortunately on someversions of kvm "-device ?" will output a correct list of devices, whileexiting with an error code.
To fix this we accept failure in that case (note that this doesn't...
hv_xen: Split StopInstance
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
hv_xen: Abstract running Xen commands
Instead of using the “XEN_CMD” constant in multiple places, that is nowall in a single place and can easily be changed for unit tests (througha parameter given to the constructor).
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Bernardo Dal Seno <bdalseno@google.com>
List networks: call client explicitely
This way, it is easier to make it call the haskellimplementation of the network queries.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
hv_xen: Remove config after shutdown was successful
If stopping an instance failed, the configuration would already be goneand other operations depending on it (e.g. migration) would no longerwork. With this patch the configuration file is only removed once the...
hv_xen: Simplify writing configuration
Instead of calling _WriteConfigFileStatic from both derived classes,those now only return the content (minus the “do not edit” header). Theconfiguration is then written by the base class, XenHypervisor.
hv_xen: Prepare for unit tests, remove {static,class}method
Unit tests will have to specify a custom Xen configuration directory (atemporary directory). To this end “hv_xen.XenHypervisor” and its twoderived classes are modified to have fewer static and class methods. A...
hv_xen: Factorize and test disk configuration
The “_GetConfigFileDiskData” function is moved to module level andcleaned up (module-level constants for letters and file I/O drivers).
Until now only 24 disks would be supported (e.g. “sda” to “sdx”), when...
hv_xen: Refactor getting node information, add tests
Refactor and add tests for getting node (Domain-0) information.
hv_xen: Refactor running & parsing "xm list", add tests
This patch refactors “_RunXmList” and adds some tests.
hv_*: Always return from Verify, style fixes
Change all “Verify” methods in hypervisor abstractions to explicitelyreturn None if no problem was detected. Remove punctuation from errormessages. Update docstrings with “@return” and some small mistakes.
Check minimum size of networks on creation
When creating a network, so far no size constraints were checked.We now limit the size of a network to a /30 or bigger, althoughtecnically, the ipaddr library supports even /32 networks.
Signed-off-by: Helga Velroyen <helgav@google.com>...
constants: Add list of known Xen commands
These will be used in unittests.
_VerifyErrors()._Error() and _ErrorIf() are now consistent
_Error() didn't contain the logic for demoting errors to warnings and formarking an operation as failed. Now _ErrorIf() is just a minimal wrapperfor _Error().
Unit tests included.
Handle the result of QueryGroups() correctly
If no group is given for the “gnt-network connect“/“… disconnect”commands, the client uses the result of “QueryGroups()” which is a listof lists. Use “itertools.chain()” to handle the return value correctly....
hv_xen: Compose file name outside error handling
In _ReadConfigFile, the filename should be prepared outside thetry/except block. Fixes bad code formatting, too.
hv_base: Remove empty constructor
Add test for backend._GetBlockDevSymlinkPath
Add a unit test for the trivial “_GetBlockDevSymlinkPath” function inbackend (small changes in the function were required).
Fix format string of KVM output
This fixes a missing 's' in the format string andthe wrong quotes. Those bugs were introduced incommit 6e043e60.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
First part of confd timer changes
This patch changes the resolution of the timers: the watcher timergoes from 60s to 17s, and the polling-mode timer goes from 2 secondsto 250ms. The code changes a bit more due to the changes in the unitsof the various constants....
Fix type of 'node_whitelist' request parameter
If opportunistic_locking is used, then 'node_whitelist' parameter passedto the allocator is set to the LU's owned node locks. However, LU owned_lockshas type of 'set' while IReqInstanceAlloc expects type of...
hv_xen: Add test for CPU pinning configuration
Add a unittest for a function formatting CPU pinning information forXen's configuration.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
kvm: deduplicate 'get output' code
We had the same code twice, and were about to add a third time. Betterto collapse it into just one function.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
kvm: extract a regexp matching out of a for loop
kvm: remove last version-based feature detection
This was left behind because it required a different kvm invocation.Now that we can add new ones cheaply (two constants) it's easy to getrid of it. Differently than in other cases we support old version which...
Make Xen config path a build-time option
Stop hardcoding the path in “hv_xen.py”.
burnin: Don't keep hypervisor class around
Just determine whether it can migrate and keep that value instead of thefull hypervisor class.
Run pre-migrate hooks on primary node too
Signed-off-by: Constantinos Venetsanopoulos <cven@grnet.gr>Reviewed-by: Guido Trotter <ultrotter@google.com>
Check if KVM machine version is supported
If machine version is passed as an hv param, a check is madein target node whether this version is included in the supportedones derived from kvm -M ? command.