Add cluster domain secret
Information exchanged between different clusters via untrustedthird parties (e.g. for remote instance import/export) must besigned with a secret shared between all involved clusters toensure the third party doesn't modify the information....
Merge remote branch 'origin/devel-2.1'
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Improve “gnt-cluster renew-crypto”
- Report exception text immediately instead of just logging it- Remove leftover assertion from when it still used “gnt-cluster modify”
Conflicts: lib/bootstrap.py: Trivial lib/constants.py: Trivial
Signed-off-by: Michael Hanselmann <hansmi@google.com>...
Rename SSL_CERT_FILE to NODED_CERT_FILE
To be consistent with RAPI_CERT_FILE, the rather generic named“SSL_CERT_FILE” constant is renamed to “NODED_CERT_FILE”. The actual filename is not changed.
Rightname confd's HMAC key
Currently, the ganeti-confd's HMAC key is called “cluster HMAC key” orsimply “HMAC key” everywhere. With the implementation of inter-clusterinstance moves, another HMAC key will be introduced for signing criticaldata. They can not be the same, so this patch clarifies the purpose of the...
Implement conversion from plain to drbd
This patch adds a new mode to instance modify, the changing of the disktemplate. For now only plain to drbd conversion is supported, and thenew secondary node must be specified manually (no iallocator support).
The procedure for conversion works as follows:...
Implement replacing cluster certs and keys via “gnt-cluster renew-crypto”
Recent changes to “gnt-cluster verify” made it complain on expiring SSLcertificates. While it was possible to replace the SSL certificates andother cluster secrets manually before, doing so was cumbersome. Cluster...
View revisions
Also available in: Atom