Confd IPv6 support
This patch series basically adds a new parameter 'family' to the constructorsof daemon.AsyncUDPSocket and confd.client.ConfdUDPClient. This enables theusers of these two classes to support IPv6.
In ganeti-confd.ConfdAsyncUDPClient a method to check the address families of...
Introduce lib/netutils.py
This patch moves network utility functions to a dedicated module.
Signed-off-by: Manuel Franceschini <livewire@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Merge branch 'devel-2.1'
Signed-off-by: Luca Bigliardi <shammash@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Mlockall: decrease warnings if ctypes module is not present
Node daemon prints a lot of warnings if --no-mlock option is not specified andctypes module is not present.
With the following patch the warning is printed only at noded startup.
Signed-off-by: Luca Bigliardi <shammash@google.com>...
Add drbd_helper rpc call
Fix ganeti-rapi version string
This was "broken" for almost a year :)
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
RAPI client: Switch to pycURL
Currently the RAPI client uses the urllib2 and httplib modules fromPython's standard library. They're used with pyOpenSSL in a very fragileway, and there are known issues when receiving large responses from a RAPIserver....
Rename some constants to facilitate IPv6 support
Signed-off-by: Manuel Franceschini <livewire@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Add missing pylint disable for "except:"
Why it's needed here but not a few lines above is a mistery that onlypylint understands.
Also fix an indentation error in another disable, for the same function.
Signed-off-by: Guido Trotter <ultrotter@google.com>...
masterd: use AsyncTerminatedMessageStream for luxi
Each luxi connection now creates an asyncore MasterClientHandler (whichis an AsyncTerminatedMessageStream subclass, sending each message to aclient worker). This makes it harder to DOS the master daemon by just...
Introduce an RPC call for OS parameters validation
While we only support the 'parameters' check today, the RPC call isgeneric enough that will be able to support other checks in the future.The backend function will both validate the parameters list (so as to...
import/export daemon: Add support for a magic prefix
This “magic” value will be used to ensure that we don't accidentiallyconnect to the wrong daemon (e.g. due to a bug), comparable to DRBD'sper-disk secret. Just depending on the SSL certificate isn't enough...
import/export: Validate remote host/port
The hostname and port received from the remote cluster shouldbe validated, just in case.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Handle ESRCH when sending signals
Upon sending signals, ESRCH can be reported when the target nolonger exists.
Remove the job queue drain rpc call
This call was introduced but never used. In two years.Since it's just creating/removing a file it can also be in simpler ways,without a special rpc call, if/when we need it again. In the meantime,let's give it to history....
Add unittest for ganeti-cleaner
import/export: Allow script to predict size
Once we have a size for an export (in the context of theimport/export daemon), we can provide the user with apercentage and ETA.
import/export daemon: Record amount of data transferred
This reports the amount of data transferred and the throughput (averagedover 60 seconds) to the master daemon. While not yet fully implemented,once the export scripts report the expected data size, we can even provide...
ensure-dirs: don't fail if no rapi log is present
Sometimes a node has never been a master. Or ran rapi. In that case weneed to create the file (because if later rapi gets started, it won't beable to create it itself).
Let daemon-utils fix the owners for ganeti-rapi
This is a workaround until we fully switched to user separation and fixes theowners of directories/log files so ganeti-rapi will start flawlessly. This isright now run for every daemon but as it operates on a relatively small subset...
Modify ganeti-masterd to set permission and owner of masterd-socket
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Let ganeti-rapi run under a different user/group
Convert ganeti-masterd's main thread to mainloop
Not much changes with this patch. The main loop for the IOServer isrepaced by mainloop.Run() and the main thread now uses asyncore tohandle connections to the master socket. Once it accepts them, though,...
ganeti-watcher should attempt to fix ganeti-rapi
Update ganeti-watcher so that it tests the master's RAPI port with asimple test (in this case GetVersion). If it fails, make one attemptat restarting ganeti-rapi and retest.
- daemons/ganeti-watcher: Test rapi and make one attempt at restarting it....
import/export daemon: Move command building into separate module
The import/export daemon code is already large. Moving some codeto a separate module will make it smaller and easier to test.
import/export daemon: Move some I/O processing code to module
The code parsing the child process' output is moved to a separateclass in the impexpd module. As more programs are added, it'llbecome more complex and should be separated.
Signed-off-by: Michael Hanselmann <hansmi@google.com>...
import/export daemon: Move command building into class
Instead of passing around many variables for building the executedcommand, they're now kept as instance variables.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
ErrorLoggingAsyncNotifier
This mixes AsyncNotifier with GanetiBaseAsyncoreDispatcher to provide anAsyncNotifier which will log errors, rather than bail out.
Put common import/export daemon options into object
The X509 key name and CA are passed from cmdlib all the way tothe backend import/export daemon. With the addition of an optionto choose the compression method, another parameter would haveto be passed all the way. By moving these options to a separate...
import-export daemon: Allow changing compression method
For example, exports on the same node shouldn't be compressed.
Make ConfdInotifyEventHandler a library function
Cut&Paste, plus the following changes: - The class is renamed to SingleFileEventHandler - The monitored filename must be passed in and doesn't default to the ganeti cluster config file - A small docstring is added to the class...
Remove errors.ConfdFatalError
This exception is caught, but never thrown. It became useless when wemoved confd from on/off to enabled/disabled, but always running on allnodes. Removing its definition and the code catching it can do no harm.
Conflicts: lib/luxi.py - trivial
ganeti-cleaner: Remove expired X509 certs
Importing/exporting an instance to a remote machine creates X509certificates which expire after some time. They need to be removed fromthe nodes as they become useless.
Abstract the LUXI eom into a constant
Currently the EOM terminator is hardcoded on the server side, and iscustomizable in the Transport object (with the default being the same asthe value found in the server), but not in the luxi client.
With this patch we move the value to constants, and remove the "fake"...
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
ganeti-cleaner: Write log file with removed files
Logfiles can be useful for debugging.
ganeti-masterd: Improve error logging for client requests
Ganeti errors should also be logged with a backtrace.
ganeti-noded: add the --no-mlock option
While mlock on noded is definitely good in most situations, there aresome - namely my laptop - where it has no benefit, and uses preciousnon-swappable memory. To avoid this we make it optional, with a new--no-mlock option. Note that only the main node daemon and its http...
Conflicts: daemons/ganeti-noded lib/daemon.py lib/rapi/baserlib.py lib/rapi/rlib2.py lib/utils.py
Signed-off-by: Luca Bigliardi <shammash@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Use console_logging in node daemon
Node daemon logs will be printed on system console if writing on the log filefails.
Lock node daemon children in memory
Lock node daemon in memory
Fix pylint 0.20.0 warnings
These seem to be wrong, possibly a regression in pylint.
Retry connection in import-export daemon
Until now, exactly one attempt was made to establish a connection.If it failed, the whole import/export for the disk in questionaborted. Retrying will make it more reliable.
Unfortunately the listening part can't be made completely...
Use new class for wakeup file descriptor in import/export daemon
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
Move some code into separate class in import/export daemon
Conflicts: lib/utils.py: Trivial
masterd: Log PID, UID and GID of connected client
This can be very useful if client programs run as non-root.
Remove two unused RPC functions
Both of these functions, “snapshot_export” and “instance_os_import”,have been replaced by the instance import/export daemon.
Add RPC call to send SIGTERM to import/export daemon
This will be used to stop the daemon without doing complete cleanup (yet).
Rename import/export RPC calls to match others
Add RPC calls to import and export instance data
These RPC calls can be used to start, monitor and stop the instance dataimport/export daemon.
Add daemon for instance import and export
This backend daemon for instance import and export will be used totransfer instance data to other machines. It is implemented in a genericway to support different ways of data input and output. The third-partyprogram “socat”, which is already used by the KVM hypervisor abstraction,...
Fix new pylint errors
Make watcher request the max coverage
Since the actions are potentially destructive, we should try to get aconsistent view of the cluster, so it's better to get the most coveragepossible.
Watcher: automatic shutdown of orphan resources
This patch changes the watcher so that it maintains (on all nodes) thelist of instances and DRBD devices by shutting down ones that confddaemons indicate should not be running on this node.
Signed-off-by: Iustin Pop <iustin@google.com>...
Merge remote branch 'devel-2.1'
Send "501 Not Implemented" back when method not found
Before this was "400 Bad Request" and thus it didn't reflectthe reality.
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Watcher: do not warn for missing hooks dir
If the hooks dir does not exist, do not warn needlessly. This is similarto commit a9b7e346 (for backend.py).
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
Watcher: fix some doc typos
ganeti-confd: Call pyinotify flags correctly
The "apparently pylint was right" commit.
Although the pyinotify constants work on old distributions, they fail onnew ones, with new python. Fixing this by calling them in a way thatworks everywhere.
Some epydoc fixes
Add a hint to masterd for inconsistent clusters
Add RPC calls to create and remove X509 certificates
Certificates and keys generated using these functions will be used forinter-cluster instance moves. As per design, the private key should neverleave the node.
Merge remote branch 'origin/devel-2.1'
Conflicts: lib/bootstrap.py: Trivial lib/constants.py: Trivial
Rightname confd's HMAC key
Currently, the ganeti-confd's HMAC key is called “cluster HMAC key” orsimply “HMAC key” everywhere. With the implementation of inter-clusterinstance moves, another HMAC key will be introduced for signing criticaldata. They can not be the same, so this patch clarifies the purpose of the...
daemon-util: Generate daemon path in separate function
daemon-util: Use “return” instead of “exit” in all functions
This is important if they're called directly within daemon-util.
daemon-util: Add function to start and stop all daemons
This is, to some degree, duplicated code from the init script. However,the init script has to conform to standards of the underlying Linuxdistributions, while these functions will be called by Ganeti itself. By...
ganeti.initd: Move all daemon names from init script to daemon-util
The list of daemon names will be used in daemon-util, too.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
ganeti.initd: Move code checking daemon exit code to daemon-util
This is again for re-using code.
ganeti.initd: Move code checking config to daemon-util
This allows for more code re-use. daemon-util will also be used to startall daemons.
daemon-util: Require dashes in commands
Even though the script uses underscores (_) internally, the externalcommands are supposed to be written using dashes (-).
http.auth: Fix bug with checking hashed passwords
When username and password were sent for a resource not requiringauthentication, it wouldn't be accepted if the user in question had ahashed password. The reason was that the function GetAuthRealm used to...
Switch from os.path.join to utils.PathJoin
This passes a full burnin with lots of instances, and should be safe aswe mostly to join a known root (various constants) to a run-timevariable.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
watcher: Acquire lock early and give more friendly message
By opening the lock file early, other programs can lock thestate file to prevent ganeti-watcher from restarting daemons.Using the pause feature is inherently prone to race conditions.
Before a traceback was logged when the lock file couldn't...
Merge remote branch 'origin/devel-2.0' into devel-2.1
Conflicts: NEWS: Trivial configure.ac: Trivial...
Move watcher's EnsureDaemon function to utils
This is going to be used from the nbma repository, to ensure that thenld daemon is running.
Add watcher hooks
These hooks are run on all nodes, after the "base" daemons are started.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Abstract starting the node daemons
We're using a separate function for this, as we're going to add somefunctionality to this feature.
ganeti-watcher: remove unused Indent function
Catch disk activation errors in watcher
If activating disks fails for some reason, the watcher didn'tcatch the exception. With this patch it's caught and logged.
Disable warning for not calling ProcessEvent init
This class doesn't need its constructor to be called.
Move RunInSeparateProcess to ganeti.utils
This function could be useful in other places and thisway we can easily unittest it.
ganeti-noded: Fix bug when export didn't succeed for all disks
snap_disks can contain boolean values. They weren't handled correctly.The error message was “Error while executing backend function: Invalidobject passed to FromDict: expected dict, got <type 'bool'>”....
Merge branch 'stable-2.1' into devel-2.1
Implement debug level across OS-related RPC calls
This doesn't implement the full functionality, we need to add the debuglevel to the opcodes too, but at least won't require changing the RPCcalls during the 2.1 series.
ganeti-cleaner: does 'echo 0' instead of 'exit 0'
This is from Debian Bug#568105.
ganeti-cleaner in one case erroneously calls "echo 0" instead of "exit0". As ganeti-cleaner is called in the daily cronjob, this leads to adaily mail containing just "0" with an unconfigured default install....
Merge remote branch 'origin/stable-2.1' into devel-2.1