RetryOnSignal: handle socket error as well
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Merge branch 'devel-2.1'
Conflicts: daemons/ganeti-noded lib/daemon.py lib/rapi/baserlib.py lib/rapi/rlib2.py lib/utils.py
Signed-off-by: Luca Bigliardi <shammash@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Fix some pylint warnings
Disable warnings for:- except Exception,- use of __errno_location,- redeclaration of handleError()
Signed-off-by: Luca Bigliardi <shammash@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Fix logging string format
Fix this pylint warning:[W6501, Mlockall] Specify string format arguments as logging function parameters
Fix Filehandler / FileHandler typo
Fix typo spotted by pylint:E1101:2095:LogFileHandler.handleError: Module 'logging' has no 'Filehandler' member
RAPI client: Implement instance creation
Currently this only supports the new instance creation request dataformat version 1, but support for the old version can be easilyimplemented.
Most arguments are optional and documented in the RAPI documentation....
RAPI: Add new request data format for instance creation
As mentioned in commit d975f482d, the current way of creating aninstance via RAPI is not very flexible. With this patch, a newinstance creation request data format is introduced and documented.Support can be detected by checking the list of features returned...
Mention RAPI client in documentation
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
rapi.baserlib: Add function to check variable type
Also add a separate function to retrieve body parameters. Havingit separate (independent of a class instance) will make it easierto unittest users of this function.
Signed-off-by: Michael Hanselmann <hansmi@google.com>...
Add new /2/features RAPI resource
The /2/features RAPI resource can be used to detect optionalfeatures implemented by the RAPI server. This will be usedto recognize servers implementing a new request format forinstance creation requests.
Daemons conditionally setup console logging
Use LogFileHandler conditionally in SetupLogging
Add a parameter to SetupLogging to use LogFileHandler (default is off)
Introduce LogFileHandler class
Add a log handler class which logs to /dev/console in case of logging errors.
Add /dev/console constant
Lock PowercycleNode child in memory
Introduce Mlockall()
Add Mlockall() utility to lock current process' virtual adress space into RAM.
Fix wrong variable name in commit d975f482
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
RAPI: Add initial support for instance creation request version
The way the resource /2/instances expects its request data (e.g.instance name, disks, NICs) to be formatted in a dict is notvery extensible. HV and BE parameters are interleaved with allother values. In commit 495cfdf0 a new parameter “mode” was added...
Convert some ReadFile calls to ReadOneLineFile
For passwords we require strict oneliners, we're a bit more lax with pidand uid files.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
utils.ReadOneLineFile()
Read the first non-empty file line. When strict is set, abort if morethan one line is non-empty. Some unittests inspired by the reverted onesfrom commit b774bb106cc28d008e790ad2666eb64c76866fa0, and some new ones.
Signed-off-by: Guido Trotter <ultrotter@google.com>...
Remove oneline= parameter from utils.ReadFile
This partially reverts commit b774bb106cc28d008e790ad2666eb64c76866fa0.Unittests unrelated to that particular functionality but introduced inthat commit are left untouched. Since the temporary directory is now...
RAPI client: Fix SSL error reporting for real
My previous patch, commit 857705e8, helped in one particularsituation where the exception didn't contain any arguments(pyOpenSSL reporting a WantReadError, which shouldn't occur with ablocking socket anyway). With this patch, more common and uncommon...
RAPI client: Improve SSL error reporting
RAPI client: Don't check node role in client
Only the server knows which node roles can be set via RAPI.Constants are provided for convenience.
RAPI client: Update ReplaceInstanceDisks
- The RAPI client shouldn't check the replacement mode as only the server knows which ones are valid (constants are still provided for convenience)- Disks shouldn't be a list of names, but of indexes
RAPI client: Fix behaviour of “allocatable” storage flag
When modifying a storage unit, the “allocatable” flag should defaultto “no modification”. This replicates the behaviour of the commandline interface.
RAPI client: Encode boolean and None query values
Boolean values must be passed as 0 or 1. None should be an emptyvalue ("").
RAPI client: No longer check storage type locally
Only the RAPI server (actually masterd) knows which storage typesare valid. The exception can no longer be raised as the type isonly checked in the job.
RAPI client: Add constant for RAPI version
This reverts a60e3cb0a partially by moving the RAPI version into a constant.
Add RAPI client utility module with RAPI PollJob function
The RAPI client module shouldn't depend on any Ganeti module, yet it'suseful to have some Ganeti-specific code, like a PollJob function forRAPI.
RAPI client: Don't assume job IDs to be numeric
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: David Knowles <dknowles@google.com>
RAPI client: Include HTTP error code in GanetiApiError exception
Having the HTTP error code allows users of the class to act differently basedon the error code.
RAPI client: Allow waiting for job changes
RAPI: Allow waiting for job changes
RAPI client: Rename “DeleteJob” to “CancelJob”
Jobs can't be deleted, but cancelled (even though the HTTP method“DELETE” is used).
RAPI client: Various code style changes
- Replace hardcoded values with constants- Code formatting- Exception messages without periods and fixed string formatting
RAPI client: Always pass _SendRequest args as positional
RAPI client: Simplify URL construction
RAPI client: Instantiate JSON encoder only once
RAPI client: Always return job ID
Even removing tags returns a job ID.
RAPI client: Hardcode version in URLs
If the version changes, the API is likely to change as well. Nothaving to ask for the version first makes the code simpler.
Remove httplib2 dependency from ganeti.rapi.client
- It's possible to implement all functionality in ganeti.rapi.client using Python's standard modules httplib and urllib2- By doing so, proper SSL certificate verification is implemented- Adjust some of the code to Ganeti's code style (this is not yet...
utils.ReadFile: Add parameter to read only one line
Reading only one line is useful for reading passwords from files. Thisalso adds unittests for utils.ReadFile.
Fix tiny typo in cluster verify
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Balazs Lecz <leczb@google.com>
Fix import/export
63bcea2a5 added file checks for import/export, but unfortunately theywere broken.
cli: Make PollJob generic to support other protocols
By separating the LUXI-specific code and stdio-related codeinto separate classes, we can make cli.PollJob protocol-agnostic, allowing it to be used with RAPI.
This patch also adds unittests for cli.PollJob....
Force ssh to allocate a tty
This is required to avoid the"Pseudo-terminal will not be allocated because stdin is not a terminal." ssh error message in case a Ganeti script is run non-interactively.
Signed-off-by: Balazs Lecz <leczb@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Retry{Again,Timeout}: explain reraising
IsProcessAlive: retry stat() a few times
On multiprocessor dom0 stat() on /proc can sometimes return EINVAL.Before giving up, we try a few times to get a consistent answer.
utils.Retry: pass up timeout arguments
If Retry has to fail with RetryTimeout, it might be useful to pass theRetry argument to RetryTimeout, to help debugging outside the Retrycycle. We also define a RetryTimeout.RaiseInner() helper, to re-raise anexception passed to RetryAgain. All served with a side of unit tests....
Merge branch 'stable-2.1' into devel-2.1
KVM: only export instance tags if present
Currently non-tagged instances fail starting with a TypeError.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>Reviewed-by: Balazs Lecz <leczb@google.com>
ssh.GetUserFiles: move to EnsureDirs
We also create a generic SECURE_DIR_MODE constant, rather thanhardcoding 0700 in the code.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Balazs Lecz <leczb@google.com>
Hypervisors: use utils.EnsureDirs
Swap a few os.mkdir calls with utils.EnsureDirs
backend: remove a couple of useless mkdir calls
Those directories must exist for the node daemon to run (it's in thenode daemon's list of ensured directories) and those functions are onlycalled by the node daemon, so there's no point in those checks+mkdir...
daemon.GenericMain: fix docstring
The docstring reports a wrong type for the "dirs" argument. Fixing.
jstore: use EnsureDirs, and add more constants
Small fixes for RAPI client
- Always check SSL certificate for validity- Actually JSON-encode HTTP content
Signed-off-by: David Knowles <dknowles@google.com>Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
backend: Check paths and always write CA file for import/export daemon
Once the import/export daemon uses separate users, the node daemon file (whichis used for intra-cluster transfers) might not be readable anymore. Alwayswriting it to a daemon-specific file will make this easier....
Add optional “salt” argument to utils.{,Verify}Sha1Hmac
We're using salted hashes all over the place.
Use utility functions for HMAC
HMAC will be used in more places. Centralizing some parts can't hurt.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
LUExportInstance: Move exporting code to helper class
This will simplify the implementation of intra-cluster instanceexports and reduces the number of local variables inLUExportInstance.Exec.
verify cluster: check /etc/hosts consistency
If we are told to modify /etc/hosts, then verify its consistency duringcluster verify.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Cleanup /etc/hosts during node removal
It seems that commit d8470559 dropped the cleanup of /etc/hosts when anode is removed from the cluster. I don't know for sure, but it seemsaccidental. As long as we add it to /etc/hosts, we should clean it uptoo....
Move cmdlib._VerifyCertificate to utils
This function will also be useful for inter-cluster instancemoves for verifying certificates.
KVM: make tags available in KVM_NET_SCRIPT
Make instance tags available as a space-separated list during the execution ofthe network setup script. This allows tag-based control of things like firewallrules and/or networking setup.
Remove "ssconf.CheckMasterCandidate"
This function is not used anymore, so there's no point in keeping itaround.
This reverts commit 3f71b464ad5cdd1f1b53f2a31a4eef4e2a5550cc, apart froma one empty line conflict in ssconf.py
Add wrapper class for signal.set_wrapper_fd
Managing file descriptors is always a bit tricky. Having this in a separateclass is better.
Conflicts: lib/utils.py: Trivial
masterd: Log PID, UID and GID of connected client
This can be very useful if client programs run as non-root.
Remove two unused RPC functions
Both of these functions, “snapshot_export” and “instance_os_import”,have been replaced by the instance import/export daemon.
cmdlib: Convert instance import to new style
Use instance data transfer utility to import instances.
cmdlib: Convert instance export to new style
With this change, exports of several disks will occur in parallel. Errorhandling has also been improved.
cmdlib: Add utility to transfer instance data within the cluster
This is yet another wrapper around the instance import/export utilityclasses, providing an even simpler API for instance imports/exports withinthe same cluster.
cmdlib: Add utility for instance data import/export
Interpreting the backend's import/export daemon status is a bit tricky.This utility code keeps track of multiple transfers at the same time.Users can supply callback functions to react to events.
Timeouts are currently hardcoded. Intra-cluster instance moves will likely...
Factorize LUExportInstance
Apart from moving parts of the code to separate functions, error handlingis also improved by making sure snapshots are always removed.
Use ints instead of strings to represent user-ids
Signed-off-by: Balazs Lecz <leczb@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Complete what was begun in commit ef40fbfb4
The X509 certificate RPC functions were also renamed, but Iforgot to rename them in rpc.py. Fortunately they aren't usedyet.
Add RPC call to send SIGTERM to import/export daemon
This will be used to stop the daemon without doing complete cleanup (yet).
Rename import/export RPC calls to match others
Fix broken commit 9e302a8
Commit 9e302a8 split the StopInstance function in two without properlyduplicating the local variables.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
ssh: make quiet configurable
Currently both CopyFileToNode and BuildCmd hardcode "-q" in the options.This patch moves this setting as a configurable option to_BuildSshOptions.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
SSH: do not check IPs
Since we use the cluster name for the SSH known_hosts file, ssh willalways detect a changed IP (since we never connect to the cluster mastername, but the node names), and will complain about it/try to update theuser known hosts file (since that is /dev/null, it doesn't matter, but...
Add separate module for backported language functionality
utils.py, where they were before, is already huge.
hv_chroot: move unmount to CleanupInstance()
This allows cleanup to be done properly if the "instance" wasn't runningat all (based on the CleanupInstance framework, instead of the retry inhypervisor).
LUSetClusterParams: initialize needed parameters
… since the opcode doesn't auto-initialize to None.
Add a hypervisor constant for migration support
This variable can be used by other tools to determine in a generic waywhether a given hypervisor supports migration or not.
Fix indentation error
Commit 9cf4321fc39ec36359d9c90b22b36d33b6adc2f4 indented some lines by4 spaces rather than 2, and was git-amed without noticing. Fixing.
utils: Add function for partial application of function arguments
The function's code was mostly copied from Python's documentationand it's equivalent to “functools.partial” in Python 2.5 and above.
Add -usbdevice tablet to KVM when using vnc
When using VNC, it is recommended to use a tablet-styleinput device instead of a mouse. This allows most VNC viewersto send proper mouse coordinates to the virtual machine's desktopresulting in perfectly aligned guest and host mouse pointers....
Only use boot=on on non-ide disks only (KVM)
boot=on implies that KVM boots using extboot. This is only requiredto boot non-IDE disks and has the side-effect that there is at mostone bootable device. This behaviour breaks some operating systems,most notably the windows installer that tries to chainload the hard-disk...
KVM: fix a bug in _TryReadUidFile
If the uid pool is not in use _TryReadUidFile will try to return "uid" even if it hasn't tried to read it at all.
utils: Add function to read locked PID file
This is useful in combination with utils.StartDaemon and will be used forreading the import/export daemon's PID file.
Add ganeti.masterd module
This will be used to keep masterd-specific code.