Synnefo » snf-ganeti

#

#

# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Google Inc.

#

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation; either version 2 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful, but

# WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

# General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

# 02110-1301, USA.

"""Configuration management for Ganeti

This module provides the interface to the Ganeti cluster configuration.

The configuration data is stored on every node but is updated on the master

only. After each update, the master distributes the data to the other nodes.

Currently, the data storage format is JSON. YAML was slow and consuming too

much memory.

"""

# pylint: disable=R0904

# R0904: Too many public methods

import copy

import os

import random

import logging

import time

import itertools

from ganeti import errors

from ganeti import locking

from ganeti import utils

from ganeti import constants

from ganeti import rpc

from ganeti import objects

from ganeti import serializer

from ganeti import uidpool

from ganeti import netutils

from ganeti import runtime

from ganeti import pathutils

from ganeti import network

_config_lock = locking.SharedLock("ConfigWriter")

# job id used for resource management at config upgrade time

_UPGRADE_CONFIG_JID = "jid-cfg-upgrade"

def _ValidateConfig(data):

  """Verifies that a configuration objects looks valid.

  This only verifies the version of the configuration.

  @raise errors.ConfigurationError: if the version differs from what

      we expect

  """

  if data.version != constants.CONFIG_VERSION:

    raise errors.ConfigVersionMismatch(constants.CONFIG_VERSION, data.version)

class TemporaryReservationManager:

  """A temporary resource reservation manager.

  This is used to reserve resources in a job, before using them, making sure

  other jobs cannot get them in the meantime.

  """

  def __init__(self):

    self._ec_reserved = {}

  def Reserved(self, resource):

    for holder_reserved in self._ec_reserved.values():

      if resource in holder_reserved:

        return True

    return False

  def Reserve(self, ec_id, resource):

    if self.Reserved(resource):

      raise errors.ReservationError("Duplicate reservation for resource '%s'"

                                    % str(resource))

    if ec_id not in self._ec_reserved:

      self._ec_reserved[ec_id] = set([resource])

    else:

      self._ec_reserved[ec_id].add(resource)

  def DropECReservations(self, ec_id):

    if ec_id in self._ec_reserved:

      del self._ec_reserved[ec_id]

  def GetReserved(self):

    all_reserved = set()

    for holder_reserved in self._ec_reserved.values():

      all_reserved.update(holder_reserved)

    return all_reserved

  def GetECReserved(self, ec_id):

    """ Used when you want to retrieve all reservations for a specific

        execution context. E.g when commiting reserved IPs for a specific

        network.

    """

    ec_reserved = set()

    if ec_id in self._ec_reserved:

      ec_reserved.update(self._ec_reserved[ec_id])

    return ec_reserved

  def Generate(self, existing, generate_one_fn, ec_id):

    """Generate a new resource of this type

    """

    assert callable(generate_one_fn)

    all_elems = self.GetReserved()

    all_elems.update(existing)

    retries = 64

    while retries > 0:

      new_resource = generate_one_fn()

      if new_resource is not None and new_resource not in all_elems:

        break

    else:

      raise errors.ConfigurationError("Not able generate new resource"

                                      " (last tried: %s)" % new_resource)

    self.Reserve(ec_id, new_resource)

    return new_resource

def _MatchNameComponentIgnoreCase(short_name, names):

  """Wrapper around L{utils.text.MatchNameComponent}.

  """

  return utils.MatchNameComponent(short_name, names, case_sensitive=False)

def _CheckInstanceDiskIvNames(disks):

  """Checks if instance's disks' C{iv_name} attributes are in order.

  @type disks: list of L{objects.Disk}

  @param disks: List of disks

  @rtype: list of tuples; (int, string, string)

  @return: List of wrongly named disks, each tuple contains disk index,

    expected and actual name

  """

  result = []

  for (idx, disk) in enumerate(disks):

    exp_iv_name = "disk/%s" % idx

    if disk.iv_name != exp_iv_name:

      result.append((idx, exp_iv_name, disk.iv_name))

  return result

class ConfigWriter:

  """The interface to the cluster configuration.

  @ivar _temporary_lvs: reservation manager for temporary LVs

  @ivar _all_rms: a list of all temporary reservation managers

  """

  def __init__(self, cfg_file=None, offline=False, _getents=runtime.GetEnts,

               accept_foreign=False):

    self.write_count = 0

    self._lock = _config_lock

    self._config_data = None

    self._offline = offline

    if cfg_file is None:

      self._cfg_file = pathutils.CLUSTER_CONF_FILE

    else:

      self._cfg_file = cfg_file

    self._getents = _getents

    self._temporary_ids = TemporaryReservationManager()

    self._temporary_drbds = {}

    self._temporary_macs = TemporaryReservationManager()

    self._temporary_secrets = TemporaryReservationManager()

    self._temporary_lvs = TemporaryReservationManager()

    self._temporary_ips = TemporaryReservationManager()

    self._all_rms = [self._temporary_ids, self._temporary_macs,

                     self._temporary_secrets, self._temporary_lvs,

                     self._temporary_ips]

    # Note: in order to prevent errors when resolving our name in

    # _DistributeConfig, we compute it here once and reuse it; it's

    # better to raise an error before starting to modify the config

    # file than after it was modified

    self._my_hostname = netutils.Hostname.GetSysName()

    self._last_cluster_serial = -1

    self._cfg_id = None

    self._context = None

    self._OpenConfig(accept_foreign)

  def _GetRpc(self, address_list):

    """Returns RPC runner for configuration.

    """

    return rpc.ConfigRunner(self._context, address_list)

  def SetContext(self, context):

    """Sets Ganeti context.

    """

    self._context = context

  # this method needs to be static, so that we can call it on the class

  @staticmethod

  def IsCluster():

    """Check if the cluster is configured.

    """

    return os.path.exists(pathutils.CLUSTER_CONF_FILE)

  @locking.ssynchronized(_config_lock, shared=1)

  def GetNdParams(self, node):

    """Get the node params populated with cluster defaults.

    @type node: L{objects.Node}

    @param node: The node we want to know the params for

    @return: A dict with the filled in node params

    """

    nodegroup = self._UnlockedGetNodeGroup(node.group)

    return self._config_data.cluster.FillND(node, nodegroup)

  @locking.ssynchronized(_config_lock, shared=1)

  def GetInstanceDiskParams(self, instance):

    """Get the disk params populated with inherit chain.

    @type instance: L{objects.Instance}

    @param instance: The instance we want to know the params for

    @return: A dict with the filled in disk params

    """

    node = self._UnlockedGetNodeInfo(instance.primary_node)

    nodegroup = self._UnlockedGetNodeGroup(node.group)

    return self._UnlockedGetGroupDiskParams(nodegroup)

  @locking.ssynchronized(_config_lock, shared=1)

  def GetGroupDiskParams(self, group):

    """Get the disk params populated with inherit chain.

    @type group: L{objects.NodeGroup}

    @param group: The group we want to know the params for

    @return: A dict with the filled in disk params

    """

    return self._UnlockedGetGroupDiskParams(group)

  def _UnlockedGetGroupDiskParams(self, group):

    """Get the disk params populated with inherit chain down to node-group.

    @type group: L{objects.NodeGroup}

    @param group: The group we want to know the params for

    @return: A dict with the filled in disk params

    """

    return self._config_data.cluster.SimpleFillDP(group.diskparams)

  def _UnlockedGetNetworkMACPrefix(self, net_uuid):

    """Return the network mac prefix if it exists or the cluster level default.

    """

    prefix = None

    if net_uuid:

      nobj = self._UnlockedGetNetwork(net_uuid)

      if nobj.mac_prefix:

        prefix = nobj.mac_prefix

    return prefix

  def _GenerateOneMAC(self, prefix=None):

    """Return a function that randomly generates a MAC suffic

       and appends it to the given prefix. If prefix is not given get

       the cluster level default.

    """

    if not prefix:

      prefix = self._config_data.cluster.mac_prefix

    def GenMac():

      byte1 = random.randrange(0, 256)

      byte2 = random.randrange(0, 256)

      byte3 = random.randrange(0, 256)

      mac = "%s:%02x:%02x:%02x" % (prefix, byte1, byte2, byte3)

      return mac

    return GenMac

  @locking.ssynchronized(_config_lock, shared=1)

  def GenerateMAC(self, net_uuid, ec_id):

    """Generate a MAC for an instance.

    This should check the current instances for duplicates.

    """

    existing = self._AllMACs()

    prefix = self._UnlockedGetNetworkMACPrefix(net_uuid)

    gen_mac = self._GenerateOneMAC(prefix)

    return self._temporary_ids.Generate(existing, gen_mac, ec_id)

  @locking.ssynchronized(_config_lock, shared=1)

  def ReserveMAC(self, mac, ec_id):

    """Reserve a MAC for an instance.

    This only checks instances managed by this cluster, it does not

    check for potential collisions elsewhere.

    """

    all_macs = self._AllMACs()

    if mac in all_macs:

      raise errors.ReservationError("mac already in use")

    else:

      self._temporary_macs.Reserve(ec_id, mac)

  def _UnlockedCommitTemporaryIps(self, ec_id):

    """Commit all reserved IP address to their respective pools

    """

    for action, address, net_uuid in self._temporary_ips.GetECReserved(ec_id):

      self._UnlockedCommitIp(action, net_uuid, address)

  def _UnlockedCommitIp(self, action, net_uuid, address):

    """Commit a reserved IP address to an IP pool.

    The IP address is taken from the network's IP pool and marked as reserved.

    """

    nobj = self._UnlockedGetNetwork(net_uuid)

    pool = network.AddressPool(nobj)

    if action == constants.RESERVE_ACTION:

      pool.Reserve(address)

    elif action == constants.RELEASE_ACTION:

      pool.Release(address)

  def _UnlockedReleaseIp(self, net_uuid, address, ec_id):

    """Give a specific IP address back to an IP pool.

    The IP address is returned to the IP pool designated by pool_id and marked

    as reserved.

    """

    self._temporary_ips.Reserve(ec_id,

                                (constants.RELEASE_ACTION, address, net_uuid))

  @locking.ssynchronized(_config_lock, shared=1)

  def ReleaseIp(self, net_uuid, address, ec_id):

    """Give a specified IP address back to an IP pool.

    This is just a wrapper around _UnlockedReleaseIp.

    """

    if net_uuid:

      self._UnlockedReleaseIp(net_uuid, address, ec_id)

  @locking.ssynchronized(_config_lock, shared=1)

  def GenerateIp(self, net_uuid, ec_id):

    """Find a free IPv4 address for an instance.

    """

    nobj = self._UnlockedGetNetwork(net_uuid)

    pool = network.AddressPool(nobj)

    def gen_one():

      try:

        ip = pool.GenerateFree()

      except errors.AddressPoolError:

        raise errors.ReservationError("Cannot generate IP. Network is full")

      return (constants.RESERVE_ACTION, ip, net_uuid)

    _, address, _ = self._temporary_ips.Generate([], gen_one, ec_id)

    return address

  def _UnlockedReserveIp(self, net_uuid, address, ec_id):

    """Reserve a given IPv4 address for use by an instance.

    """

    nobj = self._UnlockedGetNetwork(net_uuid)

    pool = network.AddressPool(nobj)

    try:

      isreserved = pool.IsReserved(address)

    except errors.AddressPoolError:

      raise errors.ReservationError("IP address not in network")

    if isreserved:

      raise errors.ReservationError("IP address already in use")

    return self._temporary_ips.Reserve(ec_id,

                                       (constants.RESERVE_ACTION,

                                        address, net_uuid))

  @locking.ssynchronized(_config_lock, shared=1)

  def ReserveIp(self, net_uuid, address, ec_id):

    """Reserve a given IPv4 address for use by an instance.

    """

    if net_uuid:

      return self._UnlockedReserveIp(net_uuid, address, ec_id)

  @locking.ssynchronized(_config_lock, shared=1)

  def ReserveLV(self, lv_name, ec_id):

    """Reserve an VG/LV pair for an instance.

    @type lv_name: string

    @param lv_name: the logical volume name to reserve

    """

    all_lvs = self._AllLVs()

    if lv_name in all_lvs:

      raise errors.ReservationError("LV already in use")

    else:

      self._temporary_lvs.Reserve(ec_id, lv_name)

  @locking.ssynchronized(_config_lock, shared=1)

  def GenerateDRBDSecret(self, ec_id):

    """Generate a DRBD secret.

    This checks the current disks for duplicates.

    """

    return self._temporary_secrets.Generate(self._AllDRBDSecrets(),

                                            utils.GenerateSecret,

                                            ec_id)

  def _AllLVs(self):

    """Compute the list of all LVs.

    """

    lvnames = set()

    for instance in self._config_data.instances.values():

      node_data = instance.MapLVsByNode()

      for lv_list in node_data.values():

        lvnames.update(lv_list)

    return lvnames

  def _AllDisks(self):

    """Compute the list of all Disks.

    """

    disks = []

    for instance in self._config_data.instances.values():

      disks.extend(instance.disks)

    return disks

  def _AllNICs(self):

    """Compute the list of all NICs.

    """

    nics = []

    for instance in self._config_data.instances.values():

      nics.extend(instance.nics)

    return nics

  def _AllIDs(self, include_temporary):

    """Compute the list of all UUIDs and names we have.

    @type include_temporary: boolean

    @param include_temporary: whether to include the _temporary_ids set

    @rtype: set

    @return: a set of IDs

    """

    existing = set()

    if include_temporary:

      existing.update(self._temporary_ids.GetReserved())

    existing.update(self._AllLVs())

    existing.update(self._config_data.instances.keys())

    existing.update(self._config_data.nodes.keys())

    existing.update([i.uuid for i in self._AllUUIDObjects() if i.uuid])

    return existing

  def _GenerateUniqueID(self, ec_id):

    """Generate an unique UUID.

    This checks the current node, instances and disk names for

    duplicates.

    @rtype: string

    @return: the unique id

    """

    existing = self._AllIDs(include_temporary=False)

    return self._temporary_ids.Generate(existing, utils.NewUUID, ec_id)

  @locking.ssynchronized(_config_lock, shared=1)

  def GenerateUniqueID(self, ec_id):

    """Generate an unique ID.

    This is just a wrapper over the unlocked version.

    @type ec_id: string

    @param ec_id: unique id for the job to reserve the id to

    """

    return self._GenerateUniqueID(ec_id)

  def _AllMACs(self):

    """Return all MACs present in the config.

    @rtype: list

    @return: the list of all MACs

    """

    result = []

    for instance in self._config_data.instances.values():

      for nic in instance.nics:

        result.append(nic.mac)

    return result

  def _AllDRBDSecrets(self):

    """Return all DRBD secrets present in the config.

    @rtype: list

    @return: the list of all DRBD secrets

    """

    def helper(disk, result):

      """Recursively gather secrets from this disk."""

      if disk.dev_type == constants.DT_DRBD8:

        result.append(disk.logical_id[5])

      if disk.children:

        for child in disk.children:

          helper(child, result)

    result = []

    for instance in self._config_data.instances.values():

      for disk in instance.disks:

        helper(disk, result)

    return result

  def _CheckDiskIDs(self, disk, l_ids, p_ids):

    """Compute duplicate disk IDs

    @type disk: L{objects.Disk}

    @param disk: the disk at which to start searching

    @type l_ids: list

    @param l_ids: list of current logical ids

    @type p_ids: list

    @param p_ids: list of current physical ids

    @rtype: list

    @return: a list of error messages

    """

    result = []

    if disk.logical_id is not None:

      if disk.logical_id in l_ids:

        result.append("duplicate logical id %s" % str(disk.logical_id))

      else:

        l_ids.append(disk.logical_id)

    if disk.physical_id is not None:

      if disk.physical_id in p_ids:

        result.append("duplicate physical id %s" % str(disk.physical_id))

      else:

        p_ids.append(disk.physical_id)

    if disk.children:

      for child in disk.children:

        result.extend(self._CheckDiskIDs(child, l_ids, p_ids))

    return result

  def _UnlockedVerifyConfig(self):

    """Verify function.

    @rtype: list

    @return: a list of error messages; a non-empty list signifies

        configuration errors

    """

    # pylint: disable=R0914

    result = []

    seen_macs = []

    ports = {}

    data = self._config_data

    cluster = data.cluster

    seen_lids = []

    seen_pids = []

    # global cluster checks

    if not cluster.enabled_hypervisors:

      result.append("enabled hypervisors list doesn't have any entries")

    invalid_hvs = set(cluster.enabled_hypervisors) - constants.HYPER_TYPES

    if invalid_hvs:

      result.append("enabled hypervisors contains invalid entries: %s" %

                    utils.CommaJoin(invalid_hvs))

    missing_hvp = (set(cluster.enabled_hypervisors) -

                   set(cluster.hvparams.keys()))

    if missing_hvp:

      result.append("hypervisor parameters missing for the enabled"

                    " hypervisor(s) %s" % utils.CommaJoin(missing_hvp))

    if not cluster.enabled_disk_templates:

      result.append("enabled disk templates list doesn't have any entries")

    invalid_disk_templates = set(cluster.enabled_disk_templates) \

                               - constants.DISK_TEMPLATES

    if invalid_disk_templates:

      result.append("enabled disk templates list contains invalid entries:"

                    " %s" % utils.CommaJoin(invalid_disk_templates))

    if cluster.master_node not in data.nodes:

      result.append("cluster has invalid primary node '%s'" %

                    cluster.master_node)

    def _helper(owner, attr, value, template):

      try:

        utils.ForceDictType(value, template)

      except errors.GenericError, err:

        result.append("%s has invalid %s: %s" % (owner, attr, err))

    def _helper_nic(owner, params):

      try:

        objects.NIC.CheckParameterSyntax(params)

      except errors.ConfigurationError, err:

        result.append("%s has invalid nicparams: %s" % (owner, err))

    def _helper_ipolicy(owner, ipolicy, iscluster):

      try:

        objects.InstancePolicy.CheckParameterSyntax(ipolicy, iscluster)

      except errors.ConfigurationError, err:

        result.append("%s has invalid instance policy: %s" % (owner, err))

      for key, value in ipolicy.items():

        if key == constants.ISPECS_MINMAX:

          for k in range(len(value)):

            _helper_ispecs(owner, "ipolicy/%s[%s]" % (key, k), value[k])

        elif key == constants.ISPECS_STD:

          _helper(owner, "ipolicy/" + key, value,

                  constants.ISPECS_PARAMETER_TYPES)

        else:

          # FIXME: assuming list type

          if key in constants.IPOLICY_PARAMETERS:

            exp_type = float

          else:

            exp_type = list

          if not isinstance(value, exp_type):

            result.append("%s has invalid instance policy: for %s,"

                          " expecting %s, got %s" %

                          (owner, key, exp_type.__name__, type(value)))

    def _helper_ispecs(owner, parentkey, params):

      for (key, value) in params.items():

        fullkey = "/".join([parentkey, key])

        _helper(owner, fullkey, value, constants.ISPECS_PARAMETER_TYPES)

    # check cluster parameters

    _helper("cluster", "beparams", cluster.SimpleFillBE({}),

            constants.BES_PARAMETER_TYPES)

    _helper("cluster", "nicparams", cluster.SimpleFillNIC({}),

            constants.NICS_PARAMETER_TYPES)

    _helper_nic("cluster", cluster.SimpleFillNIC({}))

    _helper("cluster", "ndparams", cluster.SimpleFillND({}),

            constants.NDS_PARAMETER_TYPES)

    _helper_ipolicy("cluster", cluster.ipolicy, True)

    # per-instance checks

    for instance_name in data.instances:

      instance = data.instances[instance_name]

      if instance.name != instance_name:

        result.append("instance '%s' is indexed by wrong name '%s'" %

                      (instance.name, instance_name))

      if instance.primary_node not in data.nodes:

        result.append("instance '%s' has invalid primary node '%s'" %

                      (instance_name, instance.primary_node))

      for snode in instance.secondary_nodes:

        if snode not in data.nodes:

          result.append("instance '%s' has invalid secondary node '%s'" %

                        (instance_name, snode))

      for idx, nic in enumerate(instance.nics):

        if nic.mac in seen_macs:

          result.append("instance '%s' has NIC %d mac %s duplicate" %

                        (instance_name, idx, nic.mac))

        else:

          seen_macs.append(nic.mac)

        if nic.nicparams:

          filled = cluster.SimpleFillNIC(nic.nicparams)

          owner = "instance %s nic %d" % (instance.name, idx)

          _helper(owner, "nicparams",

                  filled, constants.NICS_PARAMETER_TYPES)

          _helper_nic(owner, filled)

      # disk template checks

      if not instance.disk_template in data.cluster.enabled_disk_templates:

        result.append("instance '%s' uses the disabled disk template '%s'." %

                      (instance_name, instance.disk_template))

      # parameter checks

      if instance.beparams:

        _helper("instance %s" % instance.name, "beparams",

                cluster.FillBE(instance), constants.BES_PARAMETER_TYPES)

      # gather the drbd ports for duplicate checks

      for (idx, dsk) in enumerate(instance.disks):

        if dsk.dev_type in constants.LDS_DRBD:

          tcp_port = dsk.logical_id[2]

          if tcp_port not in ports:

            ports[tcp_port] = []

          ports[tcp_port].append((instance.name, "drbd disk %s" % idx))

      # gather network port reservation

      net_port = getattr(instance, "network_port", None)

      if net_port is not None:

        if net_port not in ports:

          ports[net_port] = []

        ports[net_port].append((instance.name, "network port"))

      # instance disk verify

      for idx, disk in enumerate(instance.disks):

        result.extend(["instance '%s' disk %d error: %s" %

                       (instance.name, idx, msg) for msg in disk.Verify()])

        result.extend(self._CheckDiskIDs(disk, seen_lids, seen_pids))

      wrong_names = _CheckInstanceDiskIvNames(instance.disks)

      if wrong_names:

        tmp = "; ".join(("name of disk %s should be '%s', but is '%s'" %

                         (idx, exp_name, actual_name))

                        for (idx, exp_name, actual_name) in wrong_names)

        result.append("Instance '%s' has wrongly named disks: %s" %

                      (instance.name, tmp))

    # cluster-wide pool of free ports

    for free_port in cluster.tcpudp_port_pool:

      if free_port not in ports:

        ports[free_port] = []

      ports[free_port].append(("cluster", "port marked as free"))

    # compute tcp/udp duplicate ports

    keys = ports.keys()

    keys.sort()

    for pnum in keys:

      pdata = ports[pnum]

      if len(pdata) > 1:

        txt = utils.CommaJoin(["%s/%s" % val for val in pdata])

        result.append("tcp/udp port %s has duplicates: %s" % (pnum, txt))

    # highest used tcp port check

    if keys:

      if keys[-1] > cluster.highest_used_port:

        result.append("Highest used port mismatch, saved %s, computed %s" %

                      (cluster.highest_used_port, keys[-1]))

    if not data.nodes[cluster.master_node].master_candidate:

      result.append("Master node is not a master candidate")

    # master candidate checks

    mc_now, mc_max, _ = self._UnlockedGetMasterCandidateStats()

    if mc_now < mc_max:

      result.append("Not enough master candidates: actual %d, target %d" %

                    (mc_now, mc_max))

    # node checks

    for node_name, node in data.nodes.items():

      if node.name != node_name:

        result.append("Node '%s' is indexed by wrong name '%s'" %

                      (node.name, node_name))

      if [node.master_candidate, node.drained, node.offline].count(True) > 1:

        result.append("Node %s state is invalid: master_candidate=%s,"

                      " drain=%s, offline=%s" %

                      (node.name, node.master_candidate, node.drained,

                       node.offline))

      if node.group not in data.nodegroups:

        result.append("Node '%s' has invalid group '%s'" %

                      (node.name, node.group))

      else:

        _helper("node %s" % node.name, "ndparams",

                cluster.FillND(node, data.nodegroups[node.group]),

                constants.NDS_PARAMETER_TYPES)

      used_globals = constants.NDC_GLOBALS.intersection(node.ndparams)

      if used_globals:

        result.append("Node '%s' has some global parameters set: %s" %

                      (node.name, utils.CommaJoin(used_globals)))

    # nodegroups checks

    nodegroups_names = set()

    for nodegroup_uuid in data.nodegroups:

      nodegroup = data.nodegroups[nodegroup_uuid]

      if nodegroup.uuid != nodegroup_uuid:

        result.append("node group '%s' (uuid: '%s') indexed by wrong uuid '%s'"

                      % (nodegroup.name, nodegroup.uuid, nodegroup_uuid))

      if utils.UUID_RE.match(nodegroup.name.lower()):

        result.append("node group '%s' (uuid: '%s') has uuid-like name" %

                      (nodegroup.name, nodegroup.uuid))

      if nodegroup.name in nodegroups_names:

        result.append("duplicate node group name '%s'" % nodegroup.name)

      else:

        nodegroups_names.add(nodegroup.name)

      group_name = "group %s" % nodegroup.name

      _helper_ipolicy(group_name, cluster.SimpleFillIPolicy(nodegroup.ipolicy),

                      False)

      if nodegroup.ndparams:

        _helper(group_name, "ndparams",

                cluster.SimpleFillND(nodegroup.ndparams),

                constants.NDS_PARAMETER_TYPES)

    # drbd minors check

    _, duplicates = self._UnlockedComputeDRBDMap()

    for node, minor, instance_a, instance_b in duplicates:

      result.append("DRBD minor %d on node %s is assigned twice to instances"

                    " %s and %s" % (minor, node, instance_a, instance_b))

    # IP checks

    default_nicparams = cluster.nicparams[constants.PP_DEFAULT]

    ips = {}

    def _AddIpAddress(ip, name):

      ips.setdefault(ip, []).append(name)

    _AddIpAddress(cluster.master_ip, "cluster_ip")

    for node in data.nodes.values():

      _AddIpAddress(node.primary_ip, "node:%s/primary" % node.name)

      if node.secondary_ip != node.primary_ip:

        _AddIpAddress(node.secondary_ip, "node:%s/secondary" % node.name)

    for instance in data.instances.values():

      for idx, nic in enumerate(instance.nics):

        if nic.ip is None:

          continue

        nicparams = objects.FillDict(default_nicparams, nic.nicparams)

        nic_mode = nicparams[constants.NIC_MODE]

        nic_link = nicparams[constants.NIC_LINK]

        if nic_mode == constants.NIC_MODE_BRIDGED:

          link = "bridge:%s" % nic_link

        elif nic_mode == constants.NIC_MODE_ROUTED:

          link = "route:%s" % nic_link

        else:

          raise errors.ProgrammerError("NIC mode '%s' not handled" % nic_mode)

        _AddIpAddress("%s/%s/%s" % (link, nic.ip, nic.network),

                      "instance:%s/nic:%d" % (instance.name, idx))

    for ip, owners in ips.items():

      if len(owners) > 1:

        result.append("IP address %s is used by multiple owners: %s" %

                      (ip, utils.CommaJoin(owners)))

    return result

  @locking.ssynchronized(_config_lock, shared=1)

  def VerifyConfig(self):

    """Verify function.

    This is just a wrapper over L{_UnlockedVerifyConfig}.

    @rtype: list

    @return: a list of error messages; a non-empty list signifies

        configuration errors

    """

    return self._UnlockedVerifyConfig()

  def _UnlockedSetDiskID(self, disk, node_name):

    """Convert the unique ID to the ID needed on the target nodes.

    This is used only for drbd, which needs ip/port configuration.

    The routine descends down and updates its children also, because

    this helps when the only the top device is passed to the remote

    node.

    This function is for internal use, when the config lock is already held.

    """

    if disk.children:

      for child in disk.children:

        self._UnlockedSetDiskID(child, node_name)

    if disk.logical_id is None and disk.physical_id is not None:

      return

    if disk.dev_type == constants.LD_DRBD8:

      pnode, snode, port, pminor, sminor, secret = disk.logical_id

      if node_name not in (pnode, snode):

        raise errors.ConfigurationError("DRBD device not knowing node %s" %

                                        node_name)

      pnode_info = self._UnlockedGetNodeInfo(pnode)

      snode_info = self._UnlockedGetNodeInfo(snode)

      if pnode_info is None or snode_info is None:

        raise errors.ConfigurationError("Can't find primary or secondary node"

                                        " for %s" % str(disk))

      p_data = (pnode_info.secondary_ip, port)

      s_data = (snode_info.secondary_ip, port)

      if pnode == node_name:

        disk.physical_id = p_data + s_data + (pminor, secret)

      else: # it must be secondary, we tested above

        disk.physical_id = s_data + p_data + (sminor, secret)

    else:

      disk.physical_id = disk.logical_id

    return

  @locking.ssynchronized(_config_lock)

  def SetDiskID(self, disk, node_name):

    """Convert the unique ID to the ID needed on the target nodes.

    This is used only for drbd, which needs ip/port configuration.

    The routine descends down and updates its children also, because

    this helps when the only the top device is passed to the remote

    node.

    """

    return self._UnlockedSetDiskID(disk, node_name)

  @locking.ssynchronized(_config_lock)

  def AddTcpUdpPort(self, port):

    """Adds a new port to the available port pool.

    @warning: this method does not "flush" the configuration (via

        L{_WriteConfig}); callers should do that themselves once the

        configuration is stable

    """

    if not isinstance(port, int):

      raise errors.ProgrammerError("Invalid type passed for port")

    self._config_data.cluster.tcpudp_port_pool.add(port)

  @locking.ssynchronized(_config_lock, shared=1)

  def GetPortList(self):

    """Returns a copy of the current port list.

    """

    return self._config_data.cluster.tcpudp_port_pool.copy()

  @locking.ssynchronized(_config_lock)

  def AllocatePort(self):

    """Allocate a port.

    The port will be taken from the available port pool or from the

    default port range (and in this case we increase

    highest_used_port).

    """

    # If there are TCP/IP ports configured, we use them first.

    if self._config_data.cluster.tcpudp_port_pool:

      port = self._config_data.cluster.tcpudp_port_pool.pop()

    else:

      port = self._config_data.cluster.highest_used_port + 1

      if port >= constants.LAST_DRBD_PORT:

        raise errors.ConfigurationError("The highest used port is greater"

                                        " than %s. Aborting." %

                                        constants.LAST_DRBD_PORT)

      self._config_data.cluster.highest_used_port = port

    self._WriteConfig()

    return port

  def _UnlockedComputeDRBDMap(self):

    """Compute the used DRBD minor/nodes.

    @rtype: (dict, list)

    @return: dictionary of node_name: dict of minor: instance_name;

        the returned dict will have all the nodes in it (even if with

        an empty list), and a list of duplicates; if the duplicates

        list is not empty, the configuration is corrupted and its caller

        should raise an exception

    """

    def _AppendUsedPorts(instance_name, disk, used):

      duplicates = []

      if disk.dev_type == constants.LD_DRBD8 and len(disk.logical_id) >= 5:

        node_a, node_b, _, minor_a, minor_b = disk.logical_id[:5]

        for node, port in ((node_a, minor_a), (node_b, minor_b)):

          assert node in used, ("Node '%s' of instance '%s' not found"

                                " in node list" % (node, instance_name))

          if port in used[node]:

            duplicates.append((node, port, instance_name, used[node][port]))

          else:

            used[node][port] = instance_name

      if disk.children:

        for child in disk.children:

          duplicates.extend(_AppendUsedPorts(instance_name, child, used))

      return duplicates

    duplicates = []

    my_dict = dict((node, {}) for node in self._config_data.nodes)

    for instance in self._config_data.instances.itervalues():

      for disk in instance.disks:

        duplicates.extend(_AppendUsedPorts(instance.name, disk, my_dict))

    for (node, minor), instance in self._temporary_drbds.iteritems():

      if minor in my_dict[node] and my_dict[node][minor] != instance:

        duplicates.append((node, minor, instance, my_dict[node][minor]))

      else:

        my_dict[node][minor] = instance

    return my_dict, duplicates

  @locking.ssynchronized(_config_lock)

  def ComputeDRBDMap(self):

    """Compute the used DRBD minor/nodes.

    This is just a wrapper over L{_UnlockedComputeDRBDMap}.

    @return: dictionary of node_name: dict of minor: instance_name;

        the returned dict will have all the nodes in it (even if with

        an empty list).

    """

    d_map, duplicates = self._UnlockedComputeDRBDMap()

    if duplicates:

      raise errors.ConfigurationError("Duplicate DRBD ports detected: %s" %

                                      str(duplicates))

    return d_map

  @locking.ssynchronized(_config_lock)

  def AllocateDRBDMinor(self, nodes, instance):

    """Allocate a drbd minor.

    The free minor will be automatically computed from the existing

    devices. A node can be given multiple times in order to allocate

    multiple minors. The result is the list of minors, in the same

    order as the passed nodes.

    @type instance: string

    @param instance: the instance for which we allocate minors

    """

    assert isinstance(instance, basestring), \

           "Invalid argument '%s' passed to AllocateDRBDMinor" % instance

    d_map, duplicates = self._UnlockedComputeDRBDMap()

    if duplicates:

      raise errors.ConfigurationError("Duplicate DRBD ports detected: %s" %

                                      str(duplicates))

    result = []

    for nname in nodes:

      ndata = d_map[nname]

      if not ndata:

        # no minors used, we can start at 0

        result.append(0)

        ndata[0] = instance

        self._temporary_drbds[(nname, 0)] = instance

        continue

      keys = ndata.keys()

      keys.sort()

      ffree = utils.FirstFree(keys)

      if ffree is None:

        # return the next minor

        # TODO: implement high-limit check

        minor = keys[-1] + 1

      else:

        minor = ffree

      # double-check minor against current instances

      assert minor not in d_map[nname], \

             ("Attempt to reuse allocated DRBD minor %d on node %s,"

              " already allocated to instance %s" %

              (minor, nname, d_map[nname][minor]))

      ndata[minor] = instance

      # double-check minor against reservation

      r_key = (nname, minor)

      assert r_key not in self._temporary_drbds, \

             ("Attempt to reuse reserved DRBD minor %d on node %s,"

              " reserved for instance %s" %

              (minor, nname, self._temporary_drbds[r_key]))

      self._temporary_drbds[r_key] = instance

      result.append(minor)

    logging.debug("Request to allocate drbd minors, input: %s, returning %s",

                  nodes, result)

    return result

  def _UnlockedReleaseDRBDMinors(self, instance):

    """Release temporary drbd minors allocated for a given instance.

    @type instance: string

    @param instance: the instance for which temporary minors should be

                     released