ganeti.initd: Move code checking config to daemon-util
This allows for more code re-use. daemon-util will also be used to startall daemons.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
daemon-util: Require dashes in commands
Even though the script uses underscores (_) internally, the externalcommands are supposed to be written using dashes (-).
Improve ganeti.serializer unittests
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Add unittests for ganeti.errors
Verify cluster certificates in LUVerifyCluster
When using pyOpenSSL 0.7 or above, LUClusterVerify will start to show awarning 30 days before a certificate expires. 7 days before thecertificate expires, the warning becomes an error. Once expired,LUVerifyCluster will always report an error. The latter is also supported...
utils: Add function to extract X509 cert validity
X509 uses ASN1 GENERALIZEDTIME or UTCTIME to store certificate validity.pyOpenSSL 0.7 and above allow us to retrieve both “notBefore” and“notAfter” as strings. Parsing them turned out to be a challenge since...
Add constant with cluster X509 certificates
Merge branch 'stable-2.1' into devel-2.1
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Release version 2.1.1
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Improve cluster verify with hypervisor errors
In case the hypervisor has issues on one node, currentlybackend.VerifyNode will exit via an exception (two exit paths possible,one via HypervisorError from hypervisor.Verify(), and one via RPCFailfrom GetInstanceList). This is bad as it invalidates all other checks of...
Fix wrong indentation
Sorry…
Adding qa tests for gnt-os modify
This adds basic qa tests for gnt-os modify
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Extend JobExecutor to allow custom feedback_fn
Switch burnin to cli.JobExecutor
Burnin has a custom job executor, because of its need to retry some jobseries.
While we cannot replace all of it, at least the execution we can switchto cli.JobExecutor, to take advantage of the recently-introducedout-of-order waiting....
cli.JobExecutor: poll jobs in execution order
… rather than submission order. The results are still returned in thesubmission order, and for this we needed to track internally the indexof the submission.
Add a partition function to split a list in two
This is similar to the Haskell function, except that the signature isreverse to match the 'any' and 'all' Python functions.
Improve burnin's Log function
This makes the Log function able to take multiple args for simplifiedmessage construction, similar to the ToStdout one.
Fix cluster verify with simulate-errors
In simulate errors mode, the test "ntime_diff is not None" will beignored, and thus a None value will try to be formatted as %.01f. Weworkaround this by formatting it before, and then only using %s, whichcan format a 'None' value....
KVM: remove unused variable
We don't need the pwentry when checking if a username exists, just to besure the KeyError is not returned. Remove the variable, and thus shut uplint.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Update NEWS file for the 2.1.1 release
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: René Nussbaumer <rn@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Validate the os-specific hypervisor parameters
This adds a validation similar to the one for cluster-wide hypervisorparamters.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
Document the security_* hypervisor parameters
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
KVM: add security model and domain parameters
Initially we only support the "user" model (in which the user runningthe virtual machine can be specified as an additional parameter).
We use usernames rather than uids in this mode, because the kvm -runasflag doesn't support uids anyway, and we check the passed username for...
KVM security: add global constants
These constants add two new kvm hypervisor parameters, specifying thesecurity model (user/pool) and the security domain, within that model.
Adding unittests for objects.Cluster.FillHV
This adds tests for the stacking of objects.Cluster.FillHV to verifythat the override is working as expected.
Fix man build error on older distributions
Passing <quote> rather than ' avoids having special characters at thebeginning of the line, which man doesn't like.
http.auth: Disable pylint warnings
Implement verify checks for node/instance names
Since we index the nodes and instances by their name, we should havechecks that the dict key to object.name mapping is correct.
Fix a python 2.6.5 compatibility
The upcoming python 2.6.5 release has a change that makes delattr(obj,attr) fail for slots-enabled objects if the attr is not already set.
To prevent against this, we only run the delattr if the attribute isalready set....
Document boot_order syntax for kvm
The gnt-instance manpage only contained the correct syntax for xen-pvm.Specify what the kvm syntax is, and also warn about a problem withvirtio+netboot, for older kvm versions.
Signed-off-by: Guido Trotter <ultrotter@google.com>...
KVM: Remove boot restriction for paravirtual nics
Newer virtio can boot from the network perfectly well, so there's nopoint in keeping this restriction in place. This will still fail onolder kernels.
KVM: pass the instance name as the first kvm flag
This makes it the first argument show, for example under "ps".
Update documentation for hashed passwords
http.server: Improve request logging in debug mode
Provide unittests for http.auth
To simplify writing unittests, one data structure class in http.server isalso changed. According to the coverage utility, this provides 95%coverage.
http.auth: Fix bug with checking hashed passwords
When username and password were sent for a resource not requiringauthentication, it wouldn't be accepted if the user in question had ahashed password. The reason was that the function GetAuthRealm used to...
Clarify cluster nic parameters in install.rst
There were a few outdated options specified there. This patch unifiesthe description under only one section, and updates it.
Add the auto_promote option to cli and gnt-node
This allows one to cleanly set a node offline and promote as neededother nodes.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Rework the node modify for mc-demotion
The current code in LUSetNodeParms regarding the demotion from mastercandidate role is complicated and duplicates the code in ConfigWriter,where such decisions should be made. Furthermore, we still cannot demotenodes (not even with force), if other regular nodes exist....
Fix node volumes list for stripped volumes
Currently backend.NodeVolumes() drops everything except the first PV,thus we get a truncated result. The patch is not the nicest, as Pythondoesn't have a simple `concat' function, so I had to change the listcomprehension to an explicit loop....
Fix typo that makes cluster verify to ignore hooks
The return from LUVerifyCluster should be True (or equivalent) for pass,and False (or equivalent) for fail. The HooksCallBack function uses '1'(= True) when a hook fails, which is exactly the opposite of what we...
Fix redistribute config and offline nodes
We need to manually filter out offline nodes before usingrpc.call_upload_file and rpc.call_write_ssconf_files, since these methodare static (they work without a ConfigWriter instance) and thus do notknow which nodes are offline and which are not)....
Adding documentation for “gnt-os modify”
This finishes the integration of per-os-hypervisor parameters by updatingthe man page.
Signed-off-by: René Nussbaumer <rn@google.com>Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Add “gnt-os modify” for per-os-hypervisor parameters
Introduce “gnt-os modify” command to make it possible to set theper-os-hypervisor parameters.
Show per-os-hypervisor parameters in “gnt-cluster info”
Let gnt-cluster info show us the per-os-hypervisor parameters.
Add support for per-os-hypervisor parameters
This patch implements all modifications to support per-os-hypervisorparameters in the framework.
cli: Add ArgOs for later use in gnt-os
KVM: Fix unintended qemu-level bridging of nics
Each nic should be connected to its own qemu vlan, to avoid them allbridging together.
Signed-off-by: Timothy Kuhlman <timkuhlman@gmail.com>Reviewed-by: Guido Trotter <ultrotter@google.com>Signed-off-by: Guido Trotter <ultrotter@google.com>...
Support passing in file object in utils.FileLock
This way we can re-use file objects opened in other places. Also add moreunittests.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Support arguments in utils.RunInSeparateProcess
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Convert utils.FileLock to utils.Retry
Validate the hostnames at creation time
This patch adds validation of new names used, i.e. at cluster init time,node add time, and instance creation.
For instances, especially when using «--no-name-check» (which skips DNSchecks), we should validate the give name, and also normalize it...
Add a function to validate and normalize hostnames
This differs slightly from the specification, by allowing names to startwith digits, not checking the length of individual components, andallowing underscores.
Signed-off-by: Iustin Pop <iustin@google.com>...
ListVisibleFiles: require normalized path names
This patch changes ListVisibleFiles to raise ProgrammerError if it'spassed a non-absolute/non-normalized path name, and adds unittests forthis behaviour.
Switch more code to PathJoin
This should remove most of the remaining constructs which can bereplaced by PathJoin.
Add caller-validation on Disk.StaticDevPath
Since in objects we don't have access to utils.py, we add a warning thatthe result value from objects.Disk.StaticDevPath might not be a validpath, and change its only caller to validate the path.
hv_kvm: remove hard-coded path constructs
This switches hv_kvm to PathJoin. There are still a few cases of directpath construction, but those should be safe.
hv_fake: remove hard-coded path constructs
This changes to hv_fake to PathJoin.
hv_chroot: remove hard-coded path constructs
This patch abstract the computation of an instance's root directory intoa separate function (that uses PathJoin instead of "%s/%s").
Add strict name validation for the LVM backend
Currently we don't enforce name validation for the LVM backend, on theidea that LVM itself will reject invalid names and we catch thoseerrors.
However, recent LVM documents the accepted VG/LV name space, so it's...
Implement disabling of file-based storage
Rationale: the file-based storage backend can add/remove files under acertain directory. However, the master node is also controlling thesetting of the file-based root directory, so basically it means we can'tprevent arbitrary modifications by the master of the node's filesystem....
Replace os.path.sep.join(seq) with utils.PathJoin
This is a no-op change, but at least we concentrate the calls to pathjoins into a single function.
A use in utils.FindFile is left as-is (don't want to raise exceptionsthere, at least for now).
Abstract OS log names computation
The various OS operations create log files in a specific directory(constants.LOG_OS_DIR). The construction of the log names is howeverspread and duplicated across multiple functions.
This patch abstracts this into a separate function that also validates...
Remove superfluous warnings in HooksRunner
For non-existing hooks (the majority of cases probably), logging awarning every time is not helpful. So we first check if we have a validdirectory.
Switch from os.path.join to utils.PathJoin
This passes a full burnin with lots of instances, and should be safe aswe mostly to join a known root (various constants) to a run-timevariable.
utils: Add a PathJoin function
This will replace os.path.join since it is not safe for directorytraversal issues.
Add an extra safety layer to _CleanDirectory
In order to protect from accidental use of _CleanDirectory on a randomdirectory, we add a list of allowed clean directories, somewhat similarto _ALLOWED_UPLOAD_FILES (but statically computed).
Avoid absolute path for privileged commands
Using absolute path for a privileged command is a bad idea as this path may vary.For example /usr/sbin/brctl in Debian and /sbin/brctl in ALTLinux. Using $PATH isa better idea.
Signed-off-by: Vitaly Kuznetsov <vitty@altlinux.ru>...
Make stable release 2.1.0
It is about time (rc0 was almost four months ago)…
watcher: Acquire lock early and give more friendly message
By opening the lock file early, other programs can lock thestate file to prevent ganeti-watcher from restarting daemons.Using the pause feature is inherently prone to race conditions.
Before a traceback was logged when the lock file couldn't...
Make SSH_CONFIG_DIR customizable
This patch adds ability to customize ssh config directory with --with-ssh-config-dir(instead of hardcoded /etc/ssh value). This is useful in Linux distributions withcustom ssh config directories (/etc/openssh in ALTLinux, for example)....
Add NLD constants to Ganeti
This avoids the need for them to be injected in the nbma repository.
Make pylint happy
I was using a too old version which doesn't got all those. Thispatch is fixing the new lint errors.
Merge remote branch 'origin/devel-2.0' into devel-2.1
Conflicts: NEWS: Trivial configure.ac: Trivial...
Fix two potentially endless loops in http library
The first can be problematic if poll(2) returns POLLHUP|POLLERR on asocket. Before it would be only be respected for SOCKOP_RECV, but sincethey can also occur on other socket operations, esp. in combination with...
Move watcher's EnsureDaemon function to utils
This is going to be used from the nbma repository, to ensure that thenld daemon is running.
Add multi-key support to the serializer
Signed-off-by: Balazs Lecz <leczb@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Adding tool for automated cluster-merger
This is the implementation of docs/design-cluster-merger.rst. It allowsthe automatic merging of one or more clusters into the invoking cluster.
While this version is tested and working it still needs some tweaking...
Fix bug in LUQueryConfigValues
LUQueryConfigValues supports multiple output fields. If the client askedfor the watcher pause status, it would not get a list, but simply thevalue.
Add watcher hooks
These hooks are run on all nodes, after the "base" daemons are started.
Abstract starting the node daemons
We're using a separate function for this, as we're going to add somefunctionality to this feature.
ganeti-watcher: remove unused Indent function
Fix typo in LUVerifyCluster when checking node time
The first argument to _ErrorIf should always be True in this case.
Add make target to generate unittest coverage report
Add unittests for ganeti.opcodes
According to “coverage”, this covers 99% of the code.
Catch disk activation errors in watcher
If activating disks fails for some reason, the watcher didn'tcatch the exception. With this patch it's caught and logged.
Disable warning for not calling ProcessEvent init
This class doesn't need its constructor to be called.
Implement utils.RunParts and use it for hooks
This function is a generic pythonic version of runparts. We currentlyuse it in the backend HooksRunner, but we'll use it for runningdifferent directories as well.
Change backend hooks runner to use RunCmd
And save lots of lines of code, in the process
Add reset_env option to RunCmd
This allows to run a command with only the passed in environment, ratherthan just updating the default one with it.
Now with unit testing.
Make it possible to pass custom private key path to SshRunner.Run
Handle EAGAIN in LUXI client
If too many clients try to connect to the master at the same time, some ofthem might fail if the master doesn't accept the connections fast enough.
Show message when job is waiting in queue or for locks
Jobs submitted via the standard command line utilities didn't give anyindication that anything is happening while they were waiting in the jobqueue (e.g. due to other jobs using all worker threads) or acquiring...
Update the IAllocator documentation
This should be rewritten from a 'change document' (e.g. "Ganeti onlysupports...") to a 'current implementation document', but in themeantime we can at least update it with the multi-evac changes.
Switch gnt-node evacuate to the new opcode
This switches gnt-node to the new opcode, and in the process alsoenables multi-node arguments for it.
Add LUNodeEvacuationStrategy
Add a new opcode for node evacuation
We add this as a new opcode since we don't want to alter the behaviourof current opcodes/lus.