OS images in 'LUInstanceCreate' and OS scripts optional
Verify serialisation of LockLevel
For the new JSON instance Ganeti.Locking.Locks.LockLevel, verify thatreadJSON . showJSON = Ok.
Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Petr Pudlak <pudlak@google.com>
Add network locks to Haskell
Ganeti also has a lock level for networks, however this level was forgottenwhen the Ganeti lock hierarchy was implemented in Haskell.
Merge branch 'stable-2.11' into master
Merge branch 'stable-2.10' into stable-2.11
Merge branch 'stable-2.9' into stable-2.10
Merge branch 'origin/stable-2.8' into stable-2.9
Add a test for (de)serialization of Ssconf
.. to verify that readJSON . showJSON = Ok.
Signed-off-by: Petr Pudlak <pudlak@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>
Create a data type for representing RPC compressed data
It is serialized as a JSON pair. The first element is a numberdescribing the compression type, the second element the actual data(in this case Base64+Zlib encoded).
On the Python side it is decompressed by backend._Decompress....
Enable a timeout for instance shutdown
Add the timeout parameter to the StopInstance function of the hypervisor baseclass and to all its implementations.
Also, change the tests as required by this change.
Signed-off-by: Michele Tartara <mtartara@google.com>...
Refactor warnings issued by the latest 'hlint'
.. as the newest version of hlint adds additional checks
Verify that all lock owners indeed own a lock
Add a test verifying that the list of lock owners is nottoo big in the sense that every subject contained in thatlist owns at least one lock.
Verify the list of lock owners is complete
In other words, verify that if all the lock owners release theirlocks, the empty lock allocation is reached.
Add the interruptible option to the delay opcode
To prepare for the use of sockets to interrupt a running delay opcode,this patch adds an option to the opcode for doing so.
Signed-off-by: Hrvoje Ribicic <riba@google.com>Reviewed-by: Petr Pudlak <pudlak@google.com>
Fix failing tests
The previously introduced changes caused some tests to fail. This patchalters the tests to expect different values, while still ensuringcorrect behavior.
Extend RAPI client constant unit test with error codes
The RAPI client is meant to be independent from the wider Ganeticodebase, but it still needs to use Ganeti constants. To enforce this,a unit test is used. This patch extends the unit test with error code...
Remove duplicated '_CheckOSVariant'
It seems '_CheckOSVariant' was moved from 'ganeti.cmdlib.instance' to'ganeti.cmdlib.instance_utils' but the source was never deleted. Thispatch deletes the source copy if this function.
Signed-off-by: Jose A. Lopes <jabolopes@google.com>...
Test the instance 'ArrayObject Disk'
.. which is one of the few ones that use extra fields.
Add a helper function for testing 'ArrayObject' instances
It checks if 'fromJSArray . toJSArray' is equivalent to 'Ok'.
Verify the intervall property of GanetiLocks
According to the specification in our design, if A is a grouplock and B belogs to this group, then all locks between A and Bin the lock order also must belong to A. Verify this.
Signed-off-by: Klaus Aehlig <aehlig@google.com>...
Verify implication restriction on locks
As specified in our design, if A is a group lock and Bbelongs to A, then A must be earlier in the lock orderthan B. Verify this property.
Update Arbitrary GanetiLocks
With the extension of Ganeti.Locking.Locks.GanetiLocks to thefull lock hierarchy, also extend the instantiation of Arbitrary.
Use node UUIDs for executing LU hooks
LUNodeAdd, the only LU using a node name still, is changed to overwritePreparePostHookNodes() and use node UUIDs only as well.This allows to remove the support for 3-tuples as results ofBuildHooksNodes() and removes the translation to node names....
Add unittest for gnt-cluster modify --mac-prefix
Add unittest for cluster mac-prefix modification support.
Signed-off-by: Dimitris Bliablias <bl.dimitris@gmail.com>Reviewed-by: Jose A. Lopes <jabolopes@google.com>
Allow cluster mac prefix modification
Extend LUClusterSetParams to allow the modification of the clustermac-prefix setting in 'gnt-cluster modify' command.
This fixes part of issue 239.
Fix return of 'Validate'
Signed-off-by: Jose A. Lopes <jabolopes@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Verify serialization/deserialization consistency for Locks
As we made Ganeti.Locking.Locks an instance of JSON, we better verifythat we can readJSON what we showJSON.
Add test for serialization of LockAllocation
Verify readJSON . showJSON = Ok for LockAllocations.
Fix the test that checks for the order of instance's nodes
The test checks if the first node in the tuple is the primary node, butbecause it names the node so that it's the least one alphabetically, thetest always succeeds. This fixes the test.
Signed-off-by: Petr Pudlak <pudlak@google.com>...
Verify the result of opportunistic union
Verify that the result returned by the opportunistic union correctlyreflects the state change: locks not in the result are not changed,locks in the result are as requested.
Verify that opportunistic union only adds to the locks held
Add a test verifying that by opportunistic union the set of locksheld, and the level at which the locks are held, only increases.
Use opportunisticUnion in Arbitrary LockAllocation
Also allow the newly exported function opportunisticLockUnion in theconstruction of arbitrary lock allocations.
Generate arbitrary :: LockAllocation according to interface
While we know that freeLocks and intersectLocks are defined in termsof updateLocks, it is still cleaner to test against the interface: themodule Ganeti.Locking.Allocation exports several functions, and all...
Add a test verifying that lock-implication is honored
Locks can be included in one another. This inclusion can be violatedin two ways, viz.,- A holds a lock L and B holds an exclusive lock L belongs to, and- A holds an exclusive lock and B holds a lock L belongs to....
Verify that every owner mentioned as blocking actually is
If a request is blocked by multiple lock owners, verify that eachsingle one of them actually blocks the request. In other words,verify that, whenever all but one release their lock, the requeststill does not succeed....
Verify that the set of blocking owners is big enough
When a request is blocked, the list of blocking ownersshould exhaust all blocking reasons, i.e., if thoseowners release all their locks, the update must succeed.
Make TestLock an instance of Lock
Equip the type of test locks with a simple group structureconsisting of two lock groups and a big lock.
Verify that releasing a lock always succeeds
There are no restrictions on releasing a lock; so this operationhas to succeed unconditionally. Verify this.
Add '-c | --instance-communication' flag to instance modify
Make the lock allocation part of WConfD's state
As WConfD is supposed to be the authoritative source forconfiguration and locks, it needs to have access to the lockstate as well.
Verify atomicity of lock updates
Add a test verifying the atomicity of an update, i.e., if an updatesucceeds, then all requests must be satisfied in the final state, andif it fails, the state must be unchanged.
Verify lock stability over updates
Add a test that verifies that updates by one user do notaffect the locks held by a different user.
Verify Basic property for lock allocation
Verify the minimal consistency property for any formof lock handling: if a user holds an exclusive lock,then no other user can hold the same lock (neitherexclusively, nor shared).
Use node UUID as client certificate serial number
It turns out, that some implementations of OpenSSL are morepedantic in checking the certficates than others. In thisparticular case, the SSL connection could not beestablished when the serial number of the certificates...
Revert "Disabling client certificate usage"
This reverts commit 45f75526b848, which was introduced totemporarily disable the implementation of SSL clientcertificates. As this patch series fixes the reason forthe disabling, we are rolling back the patch....
Add mtime/ctime to ConfigData
It's used on the Python side, it's been missing on the Haskell side.
Add the WConfD daemon itself
The daemon exposes the declared functions in Ganeti.WConfd.Core to RPCclients (currently just 'echo').
Add the WConfD daemon to build configuration files
Also list it in the Haskell datatype, constants, Python constants andtest configuration.
Add tests for Ganeti.THH.Types
In particular, test (de)serialization of "OneTuple".
Add a helper test method for checking deserialization
It tests if a deserialization method fails properly when an invalidinput is given.
Add 'instance_communication_network' to 'OpClusterSetParams'
... and update the unit tests.
Add 'instance_communication_parameter' to 'Cluster'
Fix start/stop scripts to run luxid unconditionally
and update the unit check the list of daemons.
Signed-off-by: Petr Pudlak <pudlak@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Fix compatibility issues
Signed-off-by: Santi Raffa <rsanti@google.com>Reviewed-by: Jose A. Lopes <jabolopes@google.com>
SimpleFillOS: add unit tests for OS parameter merging
Adds tests to ensure OS parameters are dealt with consistently.
OpCodes: modify InstanceReinstall for private, secret params
Modify InstanceReinstall to accept and process private and secretparameters.
OpCodes: modify InstanceCreate for private, secret params
Modify InstanceCreate to accept process private and secret parameters.
OpCodes: modify ClusterSetParams for private parameters
Modify ClusterSetParams to accept and process private parameters.
OpCodes: modify InstanceSetParams for private parameters
Modify InstanceSetParams to accept and process private parameters.
Add private OS parameters to cluster and instance conf
This updates objects, constructors and mocks for Instance and Clusterobjects in Python and Haskell.
Add Private types to Python, Haskell
This commit adds the private containers to Python and Haskell.
serializer: emit and encode Private values
For inbound data the simplest, safest thing to do is to traverse allJSON right after encoding and search for private parameters by key.
This ensures that all consumers of this data get Private valuestransparently and consistently; the serializing methods don't have to...
OpCodes test: fix argument order (expected/but got)
Fix expected/but got value in some unit tests.
Add CLI and OpCode instance communication option
Signed-off-by: Jose A. Lopes <jabolopes@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
Add metadata daemon
... including, user, group, daemonizing code with command lineoptions, integration with the Snap HTTP server, and logic.
Add andRestArguments to IDiskParams
In this way, we cann pass through the opaque parametersrequired for disk creation and modification in the case ofexternal storage.
Add genAndRestArguments :: Gen (Map String JSValue)
So that objects using AndRestArguments are available for testing.As the AndRestArguments are intended for passing through additionalparameters passed on the command line, we restrict them to thevalues that are allowed at this position: Strings of ASCII characters...
Update getDirJobIDs to use ResultT
Also simplify code and remove unused functions.
Generalize type signatures of functions that produce Result
This allows them to be used in any 'MonadError', in particular in monad stackscomposed using ResultT, without explicit lifting.
Modify test to reflect RAPI operation changes
A rlib2 unittest tested for the wrong behaviour, and this patch changesthe inputs and expected values to account for this.
Signed-off-by: Hrvoje Ribicic <riba@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>
Assign unique filenames to filebased disks
With the new format for cmdline arguments, the user is able to add adisk to an instance at a specific index. But filebased disks' filenameshave the form "{0}/disk{1}" where '{0}' is the file_storage_dir and'{1}' is the index of the disk. So if an instance has 3 disks and we...
Add 'provider' to IDiskParams
IDISK_PROVIDER was included in python's IDISK_PARAMS, so itshould also be included in the Haskell code.
Now that luxid creates and enqueues jobs, without this patch theExtStorage interface is broken as the user can not pass the disk...
Disabling client certificate usage
This patch temporarily disables the usage of the clientSSL certificates. The handling of RPC connections had aconceptional flaw, because the certificates lack a propersignature. For this, Ganeti needs to implement a CA,...
query: fix detection of master in _GetNodeRole()
Commit 1c3231aa changed the invocation of _GetNodeRole() to pass themaster node by UUID and not by name, but didn't change theimplementation to compare the nodes by name. As a result, the masternode (which is also a master candidate) would always fall through to the...
Add opcode parameter for the maximal number of running jobs
This parameter of OpClusterSetParams will allow to set themaximal number of jobs to be run simultaneously.
Use ClockTime instead of Double in fields in Objects.hs
This affects "mtime" and "ctime" fields in all data types.
This also forces explicit declaration of how the fields are serializedin Query.
Also fix MaybeForJSON parsing and add unit tests
Its readJSON was mistakenly implemented as an infinite loop.
Add (de)serialization unit tests for TimeAsDoubleJSON
This includes adding an Arbitrary instance for TimeAsDouble, and also anorphan instance for Arbitrary ClockTime so that the current tests workunmodified.
Prepare master as new 2.12 branch
This adapts various file to make the current masterbranch the new stable-2.12 branch.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Unit tests for KVM daemon
Add unit tests for KVM daemon.
KVM daemon datatype, user and group
Add utility to compare versions
This will be needed, e.g., for post-upgrade task, as theyhave to decide whether a feature was not yet present atthe version started from.
Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Hrvoje Ribicic <riba@google.com>
Verify client certificates
This patch adds a step to 'gnt-cluster verify' to verifythe existence and validity of the nodes' clientcertificates. Since this is a crucial point of thesecurity concept, the verification is very detailed withexpressive error messages and well tested by unit tests....
Verify incoming RPCs against candidate map
From this patch on, incoming RPC calls are checked againstthe map of valid master candidate certificates. If no mapis present, the cluster is assumed to be inbootstrap/upgrade mode and compares the incoming call...
Extend RPC call to create SSL certificates
So far the RPC call 'node_crypto_tokens' did only retrievethe certificate digest of an existing certificate. Thiscall is now enhanced to also create a new certificate andreturn the respective digest. This will be used in various...
Handle client certificates on node add/remove
This patch adds the certificate of a newly added orreadded master candidate node to the map of master candidatecertificates. It removes a master candidate node's certificatedigest from the candidate certificate map if the node is...
Add certificate for master node
On cluster initialization, the master node'sSSL certificate digest is added to the list of mastercandidate certificates.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Hrvoje Ribicic <riba@google.com>