Add uid_pool to ssconf
Signed-off-by: Balazs Lecz <leczb@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Add --uid-pool option to gnt-cluster init
Add printing of uid_pool to gnt-cluster info
Add --add-uids/--remove-uids to gnt-cluster modify
Add --uid-pool option to gnt-cluster modify
Add lib/uidpool.py module
Add uid_pool cluster parameter
backend: Consolidate code opening real block device
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
utils: Add class to split string stream into lines
This will be used by the new import/export daemon to splitoutput by its child processes into lines.
Fix cluster behaviour with disabled file storage
There are a few issues with disabled file storage:- cluster initialization is broken by default, as it uses the 'no' setting which is not a valid path- some other parts of the code require the file storage dir to be a...
Fix cfgupgrade with non-default DATA_DIR
Commit 43575108 added bootstrap.GenerateclusterCrypto and commit7506a7f1 changed cfgupgrade to use it. However, this lost thefunctionality of upgrading in non-default DATA_DIR.
To fix this, we enhance bootstrap.GenerateclusterCrypto to accept custom...
Improving the RAPI documentation
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Add a identify-defaults options for import
When importing an instance, all the saved valued will be used asexplicitly specified values, overriding the cluster defaults. This meansexport+import will change the status (from default to explicitlyspecified) of parameters....
Fix create/import verification of hvparams
Currently the instance creation checks the cluster hv defaults + the newparameters for validity, ignoring the os-specific hvparams (this was anoversight during the implementation of the os hvp). This patch uses the...
objects.Cluster: add method to get hv defaults
Currently the FillHV method is the one that does the cluster hvparams +os hvparams merger. However, in some cases we need to do just this,without adding the instance hvparams on top.
This patch adds a function to compute just this (hv + os hvp...
Reuse NIC information from export
If the user doesn't pass any nics in import, do not use a defaultone-nic, but instead read the nics from the export file as is.
Fortunately the export and the way nics are read from the command lineare compatible…
Signed-off-by: Iustin Pop <iustin@google.com>...
Reuse backend parameters from export
Similar to the previous patches, if we're missing some parameters andthe export has them (either in the new style or old-style), we reusethem.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Reuse disk information from export
If the user doesn't pass the disk information on import, automaticallyreuse the number and size of disks. This loses the iv_name attribute,but that is only cosmetic and cannot be changed by the user.
Reuse hypervisor parameters in import
If available, we reuse the parameters from the export info.
Read disk template from export info
This patch changes the instance import to read the disk templateautomatically from the export info, if the opcode doesn't alreadyspecify a disk template.
To do this, we have a couple of additional changes:
- change from required parameter to optional one for disk_template...
CreateInstance: separate the reading of the export
We move the reading of the export to a separate function, to simplifyCheckPrepreq and also read it earlier. This will allow building themissing opcode parameters from the export information, instead of...
Move code from ExpandNames to CheckPrereq
This is needed since only in CheckPrereq we have the nodes locked, andfuture import enhancements will need to have access to the export infoduring the parameter build.
CreateInstance: Move some code to CheckArguments
ExpandNames holds too much non-locking code (first LU to be converted toExpandNames, and we didn't have CheckArguments at that poin), and thispatch moves the checks that are lock-independent to CheckArguments....
Export more instance parameters in instance export
Currently the backend parameters are not exported automatically, butonly a few directly in the '[instance]' section. Hypervisor type andhypervisor parameters are not exported at all.
This patch creates two separate sections for the be and hv parameters,...
Export the nicparams too during instance export
The patch tries to export all params (based on the dict defined inconstants), using None for missing keys.
Handle errors better for wrong nic_count in export
This fixes an old 'FIXME' entry.
Fix new pylint errors
ConfdClient.SendRequest: allow max coverage
This patch changes the coverage parameter to allow specification of maxcoverage (via -1), versus auto-computation (default, 0) and manualspecification.
Unittests are updated for this case too.
Export the maintain_node_health option in ssconf
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Add a new cluster parameter maintain_node_health
This will be used to conditionally enable the watcher node maintenancefeature.
Add a new confd callback (StoreResultCallback)
This new callback simply stores (without calling any lower-levelcallback) the last result; coupled with the filtering callback, thisensures that it has the 'best' response after all have been received.
The result can then be retrieved via the GetResponse method....
ConfdClient: add synchronous wait for replies mode
Currently, there is no way for a user of the confd client library toknow how many replies there should be, whether all have been received,etc. This is bad since we can't reliably detect the consistency of the...
ConfdClient: unify some internal variables
Currently the requests are tracked in _request and in _expire_requests.This is conventient, but it restricts the ability to extend the requesttracking, e.g. via packet stats and/or extension of expiration time....
Fix consistency checks in ConfdFilterCallback
Commit 49b3fda added consistency checks, but these are wrongly triggeredfor old responses - we need to make sure to check that we have the sameserial.
Fix utils.WaitForFdCondition inner retry loop
Commit dfdc4060 added WaitForFdCondition which uses utils.Retry withouthandling timeout exceptions. This breaks any nested retry loops.
This patch fixes the above function, and also changes utils.Retry todetect and warn future similar cases. In addition, we add a few small...
Fix bug introduced in 76e5f8b54: mkdir mode
After commit 76e5f8b54, mkdir_mode in utils.RenameFile isno longer passed to Makedirs. This is fixed by this patch.
utils: Move wrapper code around os.makedirs into separate function
Adding RAPI client library.
Signed-off-by: David Knowles <dknowles@google.com>Reviewed-by: Iustin Pop <iustin@google.com>Signed-off-by: Iustin Pop <iustin@google.com>(modified slightly the unittest to account for missing httplib2 library)
Extend ConfdFilterCallback with consistency checks
Note that users of the callback will have to manually check theattribute.
Abstract the confd client creation
Most creation of confd clients will do the same steps: read MC file,parse it, read HMAC key, etc. We abstract this functionality so thatwe don't duplicate the code.
kvm_flag hypervisor parameter
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Move the runas user at execution time
Everything still works the same way, but the user is calculated eachtime we start kvm, rather than stored in the config file. This makes iteasier to implement the "pool" security model.
Signed-off-by: Guido Trotter <ultrotter@google.com>...
SerializableConfigParser: Make Loads class indep
Currently SerializableConfigParser.Loads is a static method that returnsa SerializableConfigParser. With this patch we change it to a classmethod that returns a member of the class. This way a subclass calling...
Unbreak command line job submission
A change introduced in 5299e61f modified the contents ofJobExecutor.jobs, missing a place where this tuple was deconstructed.This creates a traceback in gnt-* <any> --submit, fixed by this patch.
Write grow support for file storage
Allow file storage to be grown
Distribute list of enabled hypervisors in ssconf
This can be used by nodes to know which hypervisors they are supposed tosupport.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
Extend the hypervisor API with name-only shutdown
Currently the ShutdownInstance method of the hypervisors takes a fullinstance object. However, when doing instance shutdowns from the nodeonly, we don't have a full object, just the name.
To handle this use case, we add a new ‘name’ argument to the method,...
Fix burnin error when trying to grow a file volume
Abstract the growable disk types in a ganeti constants, and only rundisk grow, from burnin, on them.
Fix backend.VerifyNode behaviour for VG problems
In case LVM is broken, backend.GetVolumeList will raise an RPC exception(as expected since it's a function exposed over RPC). Therefore we mustbe prepared to catch any such exceptions, so that we don't fail the...
Introduce a bool CLI option type
This option type enforces its value to either True or False, relievingthe scripts from manually parsing the values in each function.
We also update the bash completion code to use the option type ifpossible.
A rewrite of LUClusterVerify
Per issue 90, current cluster verify is very very brittle. It's one ofthe oldest pieces of code, with only additions without cleanups over thelast years.
Among its problems:
- data initialization interspersed with verification of RPC results,...
Some epydoc fixes
Adding missing documentation to make the docs better
Also fixed a typo I noticed.
Remove race condition in FileStorage.Create
Rather than checking that the file doesn't exist, and then creating it,we create it with O_CREAT | O_EXCL, making sure the checking/creation isatomic.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
KVM: Check instances for actual liveness
Currently if we find a live process with the pid we saved we assume kvmis alive. What could happen, though, is that the pidfile has beenreused.
In order to avoid that we change the check to make sure, everywhere,...
KVM: improve GetInstanceInfo docstring
Revert "Only override any and all if not defined"
This reverts commit bd5617020a50bcd08269330638d64078c1b30b71.
Turns out our and python's any/all are not compatible.
Adding RAPI call to deactivate-disks for an instance
Adding RAPI call for activate-disks on an instance
SimpleConfigReader: add docstrings
All non-oneliner functions, after this patch, have their docstring.
Replace @keyword with @param in confd client
@keyword was used inappropriately.
ConfdClient: add synchronous features
By sending requests with async=False, and receiving replies withReceiveReply we can more easily use confd from a synchronous client.
ConfdCountingCallback
This new confd callback counts received replies for the registeredqueries.
move http.WaitForSocketCondition to utils
WaitForSocketCondition: rename, handle EINTR
- Rename WaitForSocketCondition to SingleWaitForFdCondition - Avoid potentially infinite loop, if we continue to get interrupted - Handle eintr correctly - Avoid the poller try/finally, as the poller object gets destroyed...
AsyncUDPSocket.process_next_packet
This function allows receiving socket data synchronously.
AsyncUDPSocket: abstract do_read function
This basically implements read handling, without catching allexceptions. When using the socket in synchronous mode, it's useful toavoid losing exception data (which, in an async daemon, can only belogged)
Only override any and all if not defined
If any or all are already defined (because we're using a new version ofpython) just link them inside "utils" rather than redefining them.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>...
backend: Two small style fixes
- Pass keyword parameter as such- Replace “not x == y” with “x != y”
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Allow cluster copy file over the replication net
This patch introduces the option “--use-replication-network” for thecluster copyfile functionality, which is useful if the primary andsecondary network are significantly different (see issue 32).
Enhance cli.GetOnlineNodes query/filtering
This patch allows GetOnlineNodes to return the secondary IPs instead ofthe node names, and to provide filtering of the master node (required tobe done in this function in case we return the secondary IPs).
Instance creation: implement --no-install mode
This is a simple patch that adds the no-install mode for instancecreation, allowing import from foreign source of the actual OS (insteadof requiring the preparation of data in a form expected by the import...
Allow OS changes without reinstallation
This patch modifies LUSetInstanceParms to allow OS name changes, withoutreinstallation, in case an OS gets renamed on-disk.
cmdlib: Abstract OS checks
This patch moves the node-has-os checks to a separate function.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Improve “gnt-cluster renew-crypto”
- Report exception text immediately instead of just logging it- Remove leftover assertion from when it still used “gnt-cluster modify”
Fix behaviour of gnt-node modify -C no
The current check on whether we require auto_promote or not is wrong, aswe check whether we will have exactly the correct number of mastercandidates left. But it is fine if we have more (e.g. when CPS=10 andmc_remaning=19) than the current number, and in that case we shouldn't...
Rename SSL_CERT_FILE to NODED_CERT_FILE
To be consistent with RAPI_CERT_FILE, the rather generic named“SSL_CERT_FILE” constant is renamed to “NODED_CERT_FILE”. The actual filename is not changed.
Rightname confd's HMAC key
Currently, the ganeti-confd's HMAC key is called “cluster HMAC key” orsimply “HMAC key” everywhere. With the implementation of inter-clusterinstance moves, another HMAC key will be introduced for signing criticaldata. They can not be the same, so this patch clarifies the purpose of the...
Clarify the error message for ':' in PV names
As described in issue 93, just saying ':' is not a valid char can beconfusing.
Implement conversion from drbd to plain
This is much simpler than the opposite, with fewer possibilities offailures.
Implement conversion from plain to drbd
This patch adds a new mode to instance modify, the changing of the disktemplate. For now only plain to drbd conversion is supported, and thenew secondary node must be specified manually (no iallocator support).
The procedure for conversion works as follows:...
Abstract check that an instance is down
Multiple LUs require that an instance is not running while they operateon the instance (reinstall, rename, modify, recreate disks, deactivatedisks). The code to do this check is duplicate many times, and not very...
Abstract node free disk space check
Both create instance and grow disk check the free disk space on nodesusing the same, duplicate code. Since we'll need this in other places inthe future, we abstract the check into a new function.
The patch adjusts the error message to be more in-line with the one for...
Abstract disk template verification
This is a simple check, but we'll need it in multiple places.
Implement disk adoption mode in gnt-instance
This patch modifies the parsing of the “--disk” argument to instancecreate to accept “adopt” as a valid key, which builds the correct diskstructure for OpCreateInstance.
LUCreateInstance: implement disk adoption mode
This new mode, valid only for the plain template disk, allows creationof an instance based on existing logical volumes (preserving data),rather than creation of new volumes and OS creation.
The new mode works as follows:...
ConfigWriter: add an LV reservation manager
This patch adds an LV reservation manager to be used for LV names. Sincewe now have four such managers, we create a list for easier release.
LUCreateInstance: Move parameter init earlier
This way, the parameters are available in CheckArguments too.
Implement replacing cluster certs and keys via “gnt-cluster renew-crypto”
Recent changes to “gnt-cluster verify” made it complain on expiring SSLcertificates. While it was possible to replace the SSL certificates andother cluster secrets manually before, doing so was cumbersome. Cluster...
cli: Add helper function to stop and start whole cluster
Replacing cluster certificates and keys requires all cluster daemons to beshut down. This might also be handy for the cluster merger tool, thoughthe function might need a few more extensions.
Signed-off-by: Michael Hanselmann <hansmi@google.com>...
bootstrap: Add new function to create cluster certs and keys
The code to generate cluster certificates, keys and secrets is currentlyspread over several places. It makes sense to move it to a separatefunction as we want to provide the user with the ability to automatically...
utils.CreateBackup: Use human-readable instead of seconds since Epoch
Seconds since the Epoch are not easily readable by a human. Using aformatted timestamp makes it easier (e.g.“….backup-2010-03-12_14_02_43.…”). This patch also makes OS logfiles usethis formatted timestamp....
Verify cluster certificates in LUVerifyCluster
When using pyOpenSSL 0.7 or above, LUClusterVerify will start to show awarning 30 days before a certificate expires. 7 days before thecertificate expires, the warning becomes an error. Once expired,LUVerifyCluster will always report an error. The latter is also supported...
utils: Add function to extract X509 cert validity
X509 uses ASN1 GENERALIZEDTIME or UTCTIME to store certificate validity.pyOpenSSL 0.7 and above allow us to retrieve both “notBefore” and“notAfter” as strings. Parsing them turned out to be a challenge since...
Add constant with cluster X509 certificates
Merge branch 'stable-2.1' into devel-2.1
Improve cluster verify with hypervisor errors
In case the hypervisor has issues on one node, currentlybackend.VerifyNode will exit via an exception (two exit paths possible,one via HypervisorError from hypervisor.Verify(), and one via RPCFailfrom GetInstanceList). This is bad as it invalidates all other checks of...
Fix wrong indentation
Sorry…
Extend JobExecutor to allow custom feedback_fn