KVM: add VNC TLS and X509 parameters
With this parameters VNC for KVM is able to be protected by tls,optionally with an x509 certificate, and optionally verifying theclient as well. Additionally in this patch we limit the bind address tobeing a directory, rather than a file or a directory, for simplicity, as...
KVM: allow binding vnc to a file
Before we forced the VNC_BIND_ADDRESS to be an ip. Now we also accept apath, and bind the instance to it, or to a file in it if it's adirectory.
Reviewed-by: iustinp
Fix some issues for lockless queries
This patch converts some more jobs with only queries into cheaper luxiqueries (no job created), and fixes some fallout from the locklessqueries changes.
Reviewed-by: ultrotter
Revive RAPI QA tests for 2.0-style RAPI
This patch fixes the RAPI QA tests to work with today's RAPI code andalso does some other minor improvements: - QA: only create the cluster if so configured (‘create-cluster’ key), this allows running parts of the QA suite against existing clusters...
rapi: fix 'bulk' processing and add locking option
This patch fixes the 'bulk' parameter (before any non-emptyspecification was considered True, in conflict with the documentation,i.e. bulk=0 still did bulk queries).
The patch also adds optional locking on the instance/node listing (does...
rapi: cleanup and update to latest 2.0 API
This patch cleans up and updates the RAPI interface: - queries are changes to luxi queries instead of jobs, where possible - since we changed the API version, we remove the old-style attributes (sda_size, ip, etc.) and replace them with 2.0 style...
Enable lockless node queries
Similar to the instance list, this patch enables lockless node queris.“gnt-node list” accepts now the “--sync” flag which enables locking, thedefault is lockless.
Reviewed-by: imsnah
rapi: fix authentication and queries
For queries, we don't want to require authentication. We fix this by adding anoverride GetAuthRealm in the rapi daemon.
We also fix a method name.
Add one new luxi query: cluster info
This is the last query that RAPI executes via opcodes and is purelystatic (config values only). As such, we can convert it safely to aquery instead of job.
ssconf: add some more keys and some fixes
This patch adds the online node list and instance list to the ssconfkeys. In order to do distribute correctly the instance list, we need toupdate the cluster serial number on instance additions and removals.
The patch also changes the permissions on the ssconf files to be 0444:...
Implement lockless query operations
This patch adds the framework for, and enables lockless OpQueryInstances. Thismeans that instances will be shown in ERROR_up or ERROR_down state, even thoughthis is not an error (but just an in-progress job).
The framework is implemented as follows:...
KVM: Make GetAllInstancesInfo concurrency-safe
Or actually more so. If this function gets called while instances getshut down, it might try to report information on instances which don'texits. Try to fail gracefully if that happens, by just skipping an...
Correct a typo in ReadPidFile's docstring
Fix unittest encoding breakage
Due to the fact that we sanitize now the output from environmentscripts, the unittest needs to be adjusted. My bad for not checking it.
Allow gnt-node evacuate to use an iallocator
This is a partial implementation of fully automated node evacuation:we allow passing an iallocator and all instance replace-disks will beexecute via that iallocator.
The individual OpReplaceDisks opcodes are submitted in a single job,...
Add gnt-node migrate
This is a (modified) forward-port of commit 1190 on the 1.2 branch:
This is the same as gnt-node failover, and is also a cut&paste of its code (almost). It will be really really useful to quickly empty a healthy node. I can be persuaded to merge MigrateNode and FailoverNode...
An attempt at fixing some encoding issues
This patch unifies the hardcoded re-encoding attempts into a singlefunction in utils.py. This function is used to take either an unicode orstr object and convert it to a ASCII-only str object which can be safely...
lvmstrap: allow removable devices too
For testing or just in case a device is exported by a bad driver withthe 'removable' flag set, this patch adds a flag to lvmstrap that allowsit to use these devices too.
Documentation: update the gnt-os manpage
This patch updates the gnt-os man page and the common footer page forganeti 2.0.
Small patch for handling errors in node add
This small path hopefully fixes the handling of ssh verify errors innode add (note: untested).
ssh: more details on failure
In case we fail without output from the ssh command, we should at leastadd the exit code or any other failure reason to the error message, andlog it and the cmdline used to the node daemon log.
Give a sane permission to the known_host file
A couple of small changes to the OS environment
This patch correctly exports the mode of disks (rw/ro) and also exportsthe instance OS.
Whitespace change: bad indentation in constants.py
This patch only changes some indentation in constants.py.
Return error messages in node add ssh handling
When the rpc call node_add fails, we don't have any error message. Thispatch changes the call to return (status, data) so that the user can seethe correct error message.
gnt-instance: support no_PARAMETER value
Since parameters get set to False if a no_ is prefixed don't try tointerpret those boolean values, and pass them unchanged.
LUQueryClusterInfo: filter hvparams
We don't need to show hvparams for hypervisors which are not enabled onthe cluster.
KVM: advise about VNC support on GetShellCommand
KVM: enable VNC if a VNC_BIND_ADDRESS is defined
We'll also enable a tablet usb device, as suggested by the kvm man page.
KVM: Allow the HV_VNC_BIND_ADDRESS parameter
LUAddNode: copy the vnc password file also for KVM
Before we used to copy the file if xen-hvm was enabled on the cluster,no we'll do that if any enabled hypervisor is in the new HTS_USE_VNCgroup.
Add HT_KVM to HTS_REQ_PORT
HT_KVM doesn't technically require a port, but if it has one it can givevnc displays to instances.
KVM: make the kernel and initrd arguments optional
Under KVM we don't strictly need a kernel and initrd. If some are passedwe'll use them, otherwise the guest OS will need to behave as fullynative, and have its own boot loader and kernel.The root_path hypervisor parameter becomes mandatory only if a kernel is...
KVM: add the HV_SERIAL_CONSOLE parameter
Up until now a KVM instance was forced to have a serial port.With this change this is no longer mandatory, by default we'll use one,but if the HV_SERIAL_CONSOLE parameter is set to False we'll do without.
GetShellCommand: get hvparams and beparams
Sometimes the hypervisor will use the instance hv and/or be parametersto determine the best shell command. This is not possible, though,currently, as the instance hv/beparams are not filled, so we have topass the filled versions separately....
Implement software release version checks too
Currently the LUVerifyCluster only reports the protocol version changes,not software ones. This is useful to know/monitor, so we add this too asa warning.
gnt-instance list: accept input names
Currently gnt-instance list will refuse to take arguments, and alwaysreturn the full list of instances. This patch allows it to pass names toLUQueryInstances, so that we restrict the input to a given set ofinstances....
LUQueryInstances: keep the given order of names
Currently LUQueryInstances keeps the ordering of instances only in some cases,and in others it will reorder the list. This patch fixes this by more clearlyseparating the various cases (names passed or not and locking or not locking),...
locking.LockSet: don't modify input arguments
Currently LockSet.acquire() sorts in place it's input argument if it's alist. This is not good, since callers might depend on a specificordering of the input data, and this is a 'hidden' modification.
We fix it by simply using a sorted copy, instead of sorting in place....
Re-wrap some lines to keep them under 80 chars
This non-code change rewraps some lines in locking.py to keep them under80 chars.
Check that instance exists before confirm. queries
Currently we ask the user for confirmation, and only after (try to)remove, failover or migrate the instance. This doesn't work nicely ifthe instance doesn't exist, so we make a query for the instance before...
RAPI: tag work
Generalize tag work for instances/nodes/cluster tag management.
RAPI: rlib1 removal
The resources we still need moved to rlib2.
RAPI: Implement /2 resource
RAPI: Deprecate version Rapi version1
It is impossible to keep backward compatibility due tosignificant changes in the Ganeti core.
Fix gnt-cluster modify -H and offline nodes
Actually mark drives as read-only if so configured
This patch correctly marks the drives as read-only for Xen, and raisesand exception for KVM since it doesn't support read-only drives.
Fix some issues related to job cancelling
This patch fixes two issues with the cancel mechanism: - cancelled jobs show as such, and not in error state (we mark them as OP_STATUS_CANCELED and not OP_STATUS_ERROR) - queued jobs which are cancelled don't raise errors in the master (we...
Xen: use utils.WriteFile for the instance configs
Also raise HypervisorError rather than OpExecError.
Xen: use utils.Readfile to read the VNC password
Implement disk verify checks in config verify
This patch adds a simple check that the 'mode' attribute of top-level disks iscorrect. It does not recurse over children.
The framework could be extended with other checks in the future.
Fix the mode attribute of newly-created disks
Currently, only the LUSetInstanceParams correctly sets up the modeattribute via a manual operation. We remove this and instead do thecorrect setting in the generic _GenerateDiskTemplate function, so thatwe set the mode correctly for all disk creations....
Rework the multi-instance gnt commands
This patch changes the multi-instance gnt-* commands (gnt-instancestart/stop, gnt-node evacuate/failover) such that the individualoperations are submitted in parallel, ideally improving the speed of theexecution....
Fix single-job archiving (gnt-job archive)
This is a simply typo from the conversion to multi-job archiving.
KVM and Xen: add the HV_ROOT_PATH parameter
This parameter allows a different path to be passed to the instancekernel. The new parameter is mandatory, and by default has the value ofthe old hardcoded value for both kvm and xen.
Beta1 clusters will need to have this parameter added for their...
KVM: implement GetShellCommandForConsole
This is a class method, because it calls _InstanceSerial, which isanother class method. The patch changes it to classmethod for all thehypervisor classes.
KVM: classify _Instance{Monitor,Serial,KVMRuntime}
Those methods need nothing from the instantiated class, and justmanipulate strings, and fetch some class global variables, so they canbe classmethods.
Release 2.0 beta 1
Even though alpha started at 0, we release beta 1 first as we did for1.2.
Reviewed-by: imsnah, ultrotter
Update the NEWS documents for beta1
Also import the NEWS entries from the 1.2 branch which were added sincewe created it.
Xen and KVM: correct a typo when checking args
A missing 'be' was present in the error string for both xen and kvm,when the kernel or initrd path was not absolute.
Sort the instance names in batcher
In case we submit multiple instances via batcher, it's nicer to have thesorted nicely.
Fix batcher for 2.0-style disks and nics
This patch fixes the gnt-instance batch-create command, and in doing soalso slightly changes two other functions: - we change utils.ParseUnit so that it accepts integer values also (both ParseUnit(5) and ParseUnit("5") return the same value)...
Make iallocator work with offline nodes
This patch changes the iallocator framework to work with and properlyexport to plugins offline nodes. It does this by only exporting thestatic configuration data for those nodes, and not attempting to parsethe runtime data....
Remove checking of DRBD metadata for validity
Currently the DRBD code checks that the metadata devices are validbefore creation, initial disk attachment and add children.
However, the process for checking validity requires a free DRBD minor,and this conflict with parallel checking....
Rework the execution model in burnin
This patch changes (significantly) the execution model in burnin: - for all runs, (almost) all instance mods in a single Burn* procedure are done as part of a job; so for example add disk, stop, remove disk, start are no longer done as separate jobs but as a single job...
Relax the restrictions on temporary DRBD minors
Currently the restrictions are too harsh: there is a time intervalbetween an instance gets a new disk and before it is added to theconfiguration in which the restriction is not met. We solve this byallowing temporary DRBD minors to match existing minors (for the same...
Introduce more configuration consistency checks
This patch enhances the duplicate DRBD minors checks (currently just afew) and adds automatic checks of configuration consistency atconfiguration file writing time.
In order to do so and show meaningful error messages, the...
Fill the 'call' attribute of offline rpc results
When creating ‘fake’ results for offline nodes, we currently don't passthe call attribute. This complicates debugging, so even though thisshould not matter in practice, it's better to fix it.
A couple of small fixes to iallocator
This removes some constraints: - only two disks supported, this is no longer true as the underlying functions can now compute size for a variable number of disks - error when the hypervisor was not being passed...
luxi: close and reopen the socket on errors
This is less of an actual issue for regular gnt-* clients, but it'seasily reproducible with burnin and possible with RAPI (depending on howthe program uses luxi.Client(s)).
In case of burnin, if we interrupt the client (^C) while it polls the...
ShutdownInstance: log instance name, not object
When an instance fails to shut down we currently log its whole object,rather than just the instance name.
KVM live migration: handle failure
If the KVM live migration ends up in a 'failed' state it has beenaborted at the kvm level, and the machine is still running locally.We support also the 'cancelled' state even though there should be no wayof reaching it, without manual intervention....
KVM: change a few IOError with EnvironmentError
KVM: instance migration
The tcp port used for migrating KVM instances is selectable at./configure time. We use a single port as nodes are locked anyway duringa migration, so no two migrations can happen at the same time to thesame node.
KVM: add the _InstancePidAlive function
Throughout the kvm code we very often look for the instance pidfilename, read it, and check if the process is alive. Abstract this into aprivate function and use that one instead.
This patch also changes RebootInstance to check whether the instance is...
KVM: fix RebootInstance
RebootInstance was broken, because it just used to call StartInstancewith wrong parameters. With this patch we still stop the instance, butuse the saved kvm runtime to start it again.
KVM: retry the instance shutdown command
When we ask the instance to shutdown sometimes the command won't work,especially if the instance isn't fully booted up. We'll wait for a bit,and give it a few chances before giving up.
Xen: implement auxiliary migration functions
These are used, for the xen hypervisor, to copy the xen config file tothe remote node. This breaks migration for instances which have beenmigrated, but not restarted, with the old code, for which the configfile was just lost....
Automatically release DRBD minors on success
This patch converts the DRBD minors reservation protocol from explicitrelease to automatic release on the success paths. On the errors paths,it's still needed to manual release.
The patch doesn't bring much by itself, but is needed for a future patch...
Fix some more pylint errors
Two are real errors (invalid names) and one is style error (overridingname from outer scope).
One more gitignore rule
This was forgotten in the recent “switch to explicit ignore rules”.
Log the rpc call name in the RPC errors message
Currently the rpc module logs the error description and target node inrpc calls logging, as such:
2009-01-21 00:50:01,456: pid=1051/Thread-21 ERROR RPC error from node node1.example.com: Connection failed (111: Connection...
Change the instance status attribute to boolean
Due to historic reasons, the “should run or not” attribute of aninstance was denoted by its “status” attribute having a string value ofeither ‘up’ or ‘down’. Checking this is in code was done via hardcoding...
Implement the new live migration backend functions
MigrationInfo, AcceptInstance and AbortMigration are implemented ashypervisor specific functions, and by default they do nothing (asthey're not always necessary).
This patch also converts hv_base.MigrateInstance docstring to epydoc,...
KVM: save and remove the KVM runtime
At instance startup time we save the kvm runtime, and at stop time wedelete it. This patch also includes a function to load the kvm runtime,which is unused yet.
KVM: split KVM runtime generation and startup
Before we used to generate the kvm command line and then just run it.With this patch we split the generation from the time it is run,allowing us to save it and replay it at reboot.
We must take special care about instance nics:...
Add calls in the intra-node migration protocol
Currently the hypervisor is expected to do all the migration from thesource side. With this patch we also add the option of passing someinformation to the target side, and starting some operation there.
As a bonus, a function to cleanup any started operation is included....
Update the objects.Disk formatting method
With the addition of minors, this needs to show them too.
KVM: add a _CONF_DIR
Currently we keep pid files and control files. In the conf dir we'llalso keep the data to start the instance anew, and the networkinterface scripts. These will then be copied to a separate area (since_CONF_DIR could be mounted 'noexec') and used to start the instance....
KVM: Remove sockets after shutdown
Abstract the monitor and serial socket naming in two functions, andreuse them to cleanup the files after shutdown.
KVM: fix class docstring
Xen: use epydoc in MigrateInstance docstring
ShutdownInstance: report hypervisor error
When StopInstance raises an HypervisorError, report it in the loggedmessage to ease with debugging.
ConfigObject docstring, close an open parenthesis
Fix a typo in luxi's docstring
Update the logging output of job processing
(this is related to the master daemon log)
Currently it's not possible to follow (in the non-debug runs) thelogical execution thread of jobs. This is due to the fact that we don'tlog the thread name (so we lose the association of log messages to jobs)...
.gitignore: Don't exclude whole /autotools/ dir, but only files
This way newly added files will be not be excluded by default. Fixesalso a small whitespace error in utils.py.
Convert RenameInstance to (status, data)
This allows the rename failures to show the ouput of OS scripts.
Update gitignore rules
As per Michael's comment, gitignore should not ignore a couple of realfiles from the autotools/ directory.
Fix adding of disks to an instance
The ConfigWriter.AllocateDRBDMinor requires the instance name, not theinstance object. The LUSetInstanceParms is passing wrongly the instanceobject, which can cause breakage.
The patch also adds asserts to check for this mismatch in ConfigWriter....