Synnefo » snf-ganeti

#

#

# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Google Inc.

#

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation; either version 2 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful, but

# WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

# General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

# 02110-1301, USA.

"""Functions used by the node daemon

@var _ALLOWED_UPLOAD_FILES: denotes which files are accepted in

     the L{UploadFile} function

@var _ALLOWED_CLEAN_DIRS: denotes which directories are accepted

     in the L{_CleanDirectory} function

"""

# pylint: disable=E1103,C0302

# E1103: %s %r has no %r member (but some types could not be

# inferred), because the _TryOSFromDisk returns either (True, os_obj)

# or (False, "string") which confuses pylint

# C0302: This module has become too big and should be split up

import os

import os.path

import shutil

import time

import stat

import errno

import re

import random

import logging

import tempfile

import zlib

import base64

import signal

from ganeti import errors

from ganeti import utils

from ganeti import ssh

from ganeti import hypervisor

from ganeti import constants

from ganeti.storage import bdev

from ganeti.storage import drbd

from ganeti.storage import filestorage

from ganeti import objects

from ganeti import ssconf

from ganeti import serializer

from ganeti import netutils

from ganeti import runtime

from ganeti import compat

from ganeti import pathutils

from ganeti import vcluster

from ganeti import ht

from ganeti.storage.base import BlockDev

from ganeti.storage.drbd import DRBD8

from ganeti import hooksmaster

_BOOT_ID_PATH = "/proc/sys/kernel/random/boot_id"

_ALLOWED_CLEAN_DIRS = compat.UniqueFrozenset([

  pathutils.DATA_DIR,

  pathutils.JOB_QUEUE_ARCHIVE_DIR,

  pathutils.QUEUE_DIR,

  pathutils.CRYPTO_KEYS_DIR,

  ])

_MAX_SSL_CERT_VALIDITY = 7 * 24 * 60 * 60

_X509_KEY_FILE = "key"

_X509_CERT_FILE = "cert"

_IES_STATUS_FILE = "status"

_IES_PID_FILE = "pid"

_IES_CA_FILE = "ca"

#: Valid LVS output line regex

_LVSLINE_REGEX = re.compile(r"^ *([^|]+)\|([^|]+)\|([0-9.]+)\|([^|]{6,})\|?$")

# Actions for the master setup script

_MASTER_START = "start"

_MASTER_STOP = "stop"

#: Maximum file permissions for restricted command directory and executables

_RCMD_MAX_MODE = (stat.S_IRWXU |

                  stat.S_IRGRP | stat.S_IXGRP |

                  stat.S_IROTH | stat.S_IXOTH)

#: Delay before returning an error for restricted commands

_RCMD_INVALID_DELAY = 10

#: How long to wait to acquire lock for restricted commands (shorter than

#: L{_RCMD_INVALID_DELAY}) to reduce blockage of noded forks when many

#: command requests arrive

_RCMD_LOCK_TIMEOUT = _RCMD_INVALID_DELAY * 0.8

class RPCFail(Exception):

  """Class denoting RPC failure.

  Its argument is the error message.

  """

def _GetInstReasonFilename(instance_name):

  """Path of the file containing the reason of the instance status change.

  @type instance_name: string

  @param instance_name: The name of the instance

  @rtype: string

  @return: The path of the file

  """

  return utils.PathJoin(pathutils.INSTANCE_REASON_DIR, instance_name)

def _StoreInstReasonTrail(instance_name, trail):

  """Serialize a reason trail related to an instance change of state to file.

  The exact location of the file depends on the name of the instance and on

  the configuration of the Ganeti cluster defined at deploy time.

  @type instance_name: string

  @param instance_name: The name of the instance

  @rtype: None

  """

  json = serializer.DumpJson(trail)

  filename = _GetInstReasonFilename(instance_name)

  utils.WriteFile(filename, data=json)

def _Fail(msg, *args, **kwargs):

  """Log an error and the raise an RPCFail exception.

  This exception is then handled specially in the ganeti daemon and

  turned into a 'failed' return type. As such, this function is a

  useful shortcut for logging the error and returning it to the master

  daemon.

  @type msg: string

  @param msg: the text of the exception

  @raise RPCFail

  """

  if args:

    msg = msg % args

  if "log" not in kwargs or kwargs["log"]: # if we should log this error

    if "exc" in kwargs and kwargs["exc"]:

      logging.exception(msg)

    else:

      logging.error(msg)

  raise RPCFail(msg)

def _GetConfig():

  """Simple wrapper to return a SimpleStore.

  @rtype: L{ssconf.SimpleStore}

  @return: a SimpleStore instance

  """

  return ssconf.SimpleStore()

def _GetSshRunner(cluster_name):

  """Simple wrapper to return an SshRunner.

  @type cluster_name: str

  @param cluster_name: the cluster name, which is needed

      by the SshRunner constructor

  @rtype: L{ssh.SshRunner}

  @return: an SshRunner instance

  """

  return ssh.SshRunner(cluster_name)

def _Decompress(data):

  """Unpacks data compressed by the RPC client.

  @type data: list or tuple

  @param data: Data sent by RPC client

  @rtype: str

  @return: Decompressed data

  """

  assert isinstance(data, (list, tuple))

  assert len(data) == 2

  (encoding, content) = data

  if encoding == constants.RPC_ENCODING_NONE:

    return content

  elif encoding == constants.RPC_ENCODING_ZLIB_BASE64:

    return zlib.decompress(base64.b64decode(content))

  else:

    raise AssertionError("Unknown data encoding")

def _CleanDirectory(path, exclude=None):

  """Removes all regular files in a directory.

  @type path: str

  @param path: the directory to clean

  @type exclude: list

  @param exclude: list of files to be excluded, defaults

      to the empty list

  """

  if path not in _ALLOWED_CLEAN_DIRS:

    _Fail("Path passed to _CleanDirectory not in allowed clean targets: '%s'",

          path)

  if not os.path.isdir(path):

    return

  if exclude is None:

    exclude = []

  else:

    # Normalize excluded paths

    exclude = [os.path.normpath(i) for i in exclude]

  for rel_name in utils.ListVisibleFiles(path):

    full_name = utils.PathJoin(path, rel_name)

    if full_name in exclude:

      continue

    if os.path.isfile(full_name) and not os.path.islink(full_name):

      utils.RemoveFile(full_name)

def _BuildUploadFileList():

  """Build the list of allowed upload files.

  This is abstracted so that it's built only once at module import time.

  """

  allowed_files = set([

    pathutils.CLUSTER_CONF_FILE,

    pathutils.ETC_HOSTS,

    pathutils.SSH_KNOWN_HOSTS_FILE,

    pathutils.VNC_PASSWORD_FILE,

    pathutils.RAPI_CERT_FILE,

    pathutils.SPICE_CERT_FILE,

    pathutils.SPICE_CACERT_FILE,

    pathutils.RAPI_USERS_FILE,

    pathutils.CONFD_HMAC_KEY,

    pathutils.CLUSTER_DOMAIN_SECRET_FILE,

    ])

  for hv_name in constants.HYPER_TYPES:

    hv_class = hypervisor.GetHypervisorClass(hv_name)

    allowed_files.update(hv_class.GetAncillaryFiles()[0])

  assert pathutils.FILE_STORAGE_PATHS_FILE not in allowed_files, \

    "Allowed file storage paths should never be uploaded via RPC"

  return frozenset(allowed_files)

_ALLOWED_UPLOAD_FILES = _BuildUploadFileList()

def JobQueuePurge():

  """Removes job queue files and archived jobs.

  @rtype: tuple

  @return: True, None

  """

  _CleanDirectory(pathutils.QUEUE_DIR, exclude=[pathutils.JOB_QUEUE_LOCK_FILE])

  _CleanDirectory(pathutils.JOB_QUEUE_ARCHIVE_DIR)

def GetMasterNodeName():

  """Returns the master node name.

  @rtype: string

  @return: name of the master node

  @raise RPCFail: in case of errors

  """

  try:

    return _GetConfig().GetMasterNode()

  except errors.ConfigurationError, err:

    _Fail("Cluster configuration incomplete: %s", err, exc=True)

def RunLocalHooks(hook_opcode, hooks_path, env_builder_fn):

  """Decorator that runs hooks before and after the decorated function.

  @type hook_opcode: string

  @param hook_opcode: opcode of the hook

  @type hooks_path: string

  @param hooks_path: path of the hooks

  @type env_builder_fn: function

  @param env_builder_fn: function that returns a dictionary containing the

    environment variables for the hooks. Will get all the parameters of the

    decorated function.

  @raise RPCFail: in case of pre-hook failure

  """

  def decorator(fn):

    def wrapper(*args, **kwargs):

      _, myself = ssconf.GetMasterAndMyself()

      nodes = ([myself], [myself])  # these hooks run locally

      env_fn = compat.partial(env_builder_fn, *args, **kwargs)

      cfg = _GetConfig()

      hr = HooksRunner()

      hm = hooksmaster.HooksMaster(hook_opcode, hooks_path, nodes,

                                   hr.RunLocalHooks, None, env_fn,

                                   logging.warning, cfg.GetClusterName(),

                                   cfg.GetMasterNode())

      hm.RunPhase(constants.HOOKS_PHASE_PRE)

      result = fn(*args, **kwargs)

      hm.RunPhase(constants.HOOKS_PHASE_POST)

      return result

    return wrapper

  return decorator

def _BuildMasterIpEnv(master_params, use_external_mip_script=None):

  """Builds environment variables for master IP hooks.

  @type master_params: L{objects.MasterNetworkParameters}

  @param master_params: network parameters of the master

  @type use_external_mip_script: boolean

  @param use_external_mip_script: whether to use an external master IP

    address setup script (unused, but necessary per the implementation of the

    _RunLocalHooks decorator)

  """

  # pylint: disable=W0613

  ver = netutils.IPAddress.GetVersionFromAddressFamily(master_params.ip_family)

  env = {

    "MASTER_NETDEV": master_params.netdev,

    "MASTER_IP": master_params.ip,

    "MASTER_NETMASK": str(master_params.netmask),

    "CLUSTER_IP_VERSION": str(ver),

  }

  return env

def _RunMasterSetupScript(master_params, action, use_external_mip_script):

  """Execute the master IP address setup script.

  @type master_params: L{objects.MasterNetworkParameters}

  @param master_params: network parameters of the master

  @type action: string

  @param action: action to pass to the script. Must be one of

    L{backend._MASTER_START} or L{backend._MASTER_STOP}

  @type use_external_mip_script: boolean

  @param use_external_mip_script: whether to use an external master IP

    address setup script

  @raise backend.RPCFail: if there are errors during the execution of the

    script

  """

  env = _BuildMasterIpEnv(master_params)

  if use_external_mip_script:

    setup_script = pathutils.EXTERNAL_MASTER_SETUP_SCRIPT

  else:

    setup_script = pathutils.DEFAULT_MASTER_SETUP_SCRIPT

  result = utils.RunCmd([setup_script, action], env=env, reset_env=True)

  if result.failed:

    _Fail("Failed to %s the master IP. Script return value: %s, output: '%s'" %

          (action, result.exit_code, result.output), log=True)

@RunLocalHooks(constants.FAKE_OP_MASTER_TURNUP, "master-ip-turnup",

               _BuildMasterIpEnv)

def ActivateMasterIp(master_params, use_external_mip_script):

  """Activate the IP address of the master daemon.

  @type master_params: L{objects.MasterNetworkParameters}

  @param master_params: network parameters of the master

  @type use_external_mip_script: boolean

  @param use_external_mip_script: whether to use an external master IP

    address setup script

  @raise RPCFail: in case of errors during the IP startup

  """

  _RunMasterSetupScript(master_params, _MASTER_START,

                        use_external_mip_script)

def StartMasterDaemons(no_voting):

  """Activate local node as master node.

  The function will start the master daemons (ganeti-masterd and ganeti-rapi).

  @type no_voting: boolean

  @param no_voting: whether to start ganeti-masterd without a node vote

      but still non-interactively

  @rtype: None

  """

  if no_voting:

    masterd_args = "--no-voting --yes-do-it"

  else:

    masterd_args = ""

  env = {

    "EXTRA_MASTERD_ARGS": masterd_args,

    }

  result = utils.RunCmd([pathutils.DAEMON_UTIL, "start-master"], env=env)

  if result.failed:

    msg = "Can't start Ganeti master: %s" % result.output

    logging.error(msg)

    _Fail(msg)

@RunLocalHooks(constants.FAKE_OP_MASTER_TURNDOWN, "master-ip-turndown",

               _BuildMasterIpEnv)

def DeactivateMasterIp(master_params, use_external_mip_script):

  """Deactivate the master IP on this node.

  @type master_params: L{objects.MasterNetworkParameters}

  @param master_params: network parameters of the master

  @type use_external_mip_script: boolean

  @param use_external_mip_script: whether to use an external master IP

    address setup script

  @raise RPCFail: in case of errors during the IP turndown

  """

  _RunMasterSetupScript(master_params, _MASTER_STOP,

                        use_external_mip_script)

def StopMasterDaemons():

  """Stop the master daemons on this node.

  Stop the master daemons (ganeti-masterd and ganeti-rapi) on this node.

  @rtype: None

  """

  # TODO: log and report back to the caller the error failures; we

  # need to decide in which case we fail the RPC for this

  result = utils.RunCmd([pathutils.DAEMON_UTIL, "stop-master"])

  if result.failed:

    logging.error("Could not stop Ganeti master, command %s had exitcode %s"

                  " and error %s",

                  result.cmd, result.exit_code, result.output)

def ChangeMasterNetmask(old_netmask, netmask, master_ip, master_netdev):

  """Change the netmask of the master IP.

  @param old_netmask: the old value of the netmask

  @param netmask: the new value of the netmask

  @param master_ip: the master IP

  @param master_netdev: the master network device

  """

  if old_netmask == netmask:

    return

  if not netutils.IPAddress.Own(master_ip):

    _Fail("The master IP address is not up, not attempting to change its"

          " netmask")

  result = utils.RunCmd([constants.IP_COMMAND_PATH, "address", "add",

                         "%s/%s" % (master_ip, netmask),

                         "dev", master_netdev, "label",

                         "%s:0" % master_netdev])

  if result.failed:

    _Fail("Could not set the new netmask on the master IP address")

  result = utils.RunCmd([constants.IP_COMMAND_PATH, "address", "del",

                         "%s/%s" % (master_ip, old_netmask),

                         "dev", master_netdev, "label",

                         "%s:0" % master_netdev])

  if result.failed:

    _Fail("Could not bring down the master IP address with the old netmask")

def EtcHostsModify(mode, host, ip):

  """Modify a host entry in /etc/hosts.

  @param mode: The mode to operate. Either add or remove entry

  @param host: The host to operate on

  @param ip: The ip associated with the entry

  """

  if mode == constants.ETC_HOSTS_ADD:

    if not ip:

      RPCFail("Mode 'add' needs 'ip' parameter, but parameter not"

              " present")

    utils.AddHostToEtcHosts(host, ip)

  elif mode == constants.ETC_HOSTS_REMOVE:

    if ip:

      RPCFail("Mode 'remove' does not allow 'ip' parameter, but"

              " parameter is present")

    utils.RemoveHostFromEtcHosts(host)

  else:

    RPCFail("Mode not supported")

def LeaveCluster(modify_ssh_setup):

  """Cleans up and remove the current node.

  This function cleans up and prepares the current node to be removed

  from the cluster.

  If processing is successful, then it raises an

  L{errors.QuitGanetiException} which is used as a special case to

  shutdown the node daemon.

  @param modify_ssh_setup: boolean

  """

  _CleanDirectory(pathutils.DATA_DIR)

  _CleanDirectory(pathutils.CRYPTO_KEYS_DIR)

  JobQueuePurge()

  if modify_ssh_setup:

    try:

      priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.SSH_LOGIN_USER)

      utils.RemoveAuthorizedKey(auth_keys, utils.ReadFile(pub_key))

      utils.RemoveFile(priv_key)

      utils.RemoveFile(pub_key)

    except errors.OpExecError:

      logging.exception("Error while processing ssh files")

  try:

    utils.RemoveFile(pathutils.CONFD_HMAC_KEY)

    utils.RemoveFile(pathutils.RAPI_CERT_FILE)

    utils.RemoveFile(pathutils.SPICE_CERT_FILE)

    utils.RemoveFile(pathutils.SPICE_CACERT_FILE)

    utils.RemoveFile(pathutils.NODED_CERT_FILE)

  except: # pylint: disable=W0702

    logging.exception("Error while removing cluster secrets")

  result = utils.RunCmd([pathutils.DAEMON_UTIL, "stop", constants.CONFD])

  if result.failed:

    logging.error("Command %s failed with exitcode %s and error %s",

                  result.cmd, result.exit_code, result.output)

  # Raise a custom exception (handled in ganeti-noded)

  raise errors.QuitGanetiException(True, "Shutdown scheduled")

def _CheckStorageParams(params, num_params):

  """Performs sanity checks for storage parameters.

  @type params: list

  @param params: list of storage parameters

  @type num_params: int

  @param num_params: expected number of parameters

  """

  if params is None:

    raise errors.ProgrammerError("No storage parameters for storage"

                                 " reporting is provided.")

  if not isinstance(params, list):

    raise errors.ProgrammerError("The storage parameters are not of type"

                                 " list: '%s'" % params)

  if not len(params) == num_params:

    raise errors.ProgrammerError("Did not receive the expected number of"

                                 "storage parameters: expected %s,"

                                 " received '%s'" % (num_params, len(params)))

def _CheckLvmStorageParams(params):

  """Performs sanity check for the 'exclusive storage' flag.

  @see: C{_CheckStorageParams}

  """

  _CheckStorageParams(params, 1)

  excl_stor = params[0]

  if not isinstance(params[0], bool):

    raise errors.ProgrammerError("Exclusive storage parameter is not"

                                 " boolean: '%s'." % excl_stor)

  return excl_stor

def _GetLvmVgSpaceInfo(name, params):

  """Wrapper around C{_GetVgInfo} which checks the storage parameters.

  @type name: string

  @param name: name of the volume group

  @type params: list

  @param params: list of storage parameters, which in this case should be

    containing only one for exclusive storage

  """

  excl_stor = _CheckLvmStorageParams(params)

  return _GetVgInfo(name, excl_stor)

def _GetVgInfo(

    name, excl_stor, info_fn=bdev.LogicalVolume.GetVGInfo):

  """Retrieves information about a LVM volume group.

  """

  # TODO: GetVGInfo supports returning information for multiple VGs at once

  vginfo = info_fn([name], excl_stor)

  if vginfo:

    vg_free = int(round(vginfo[0][0], 0))

    vg_size = int(round(vginfo[0][1], 0))

  else:

    vg_free = None

    vg_size = None

  return {

    "type": constants.ST_LVM_VG,

    "name": name,

    "storage_free": vg_free,

    "storage_size": vg_size,

    }

def _GetLvmPvSpaceInfo(name, params):

  """Wrapper around C{_GetVgSpindlesInfo} with sanity checks.

  @see: C{_GetLvmVgSpaceInfo}

  """

  excl_stor = _CheckLvmStorageParams(params)

  return _GetVgSpindlesInfo(name, excl_stor)

def _GetVgSpindlesInfo(

    name, excl_stor, info_fn=bdev.LogicalVolume.GetVgSpindlesInfo):

  """Retrieves information about spindles in an LVM volume group.

  @type name: string

  @param name: VG name

  @type excl_stor: bool

  @param excl_stor: exclusive storage

  @rtype: dict

  @return: dictionary whose keys are "name", "vg_free", "vg_size" for VG name,

      free spindles, total spindles respectively

  """

  if excl_stor:

    (vg_free, vg_size) = info_fn(name)

  else:

    vg_free = 0

    vg_size = 0

  return {

    "type": constants.ST_LVM_PV,

    "name": name,

    "storage_free": vg_free,

    "storage_size": vg_size,

    }

def _GetHvInfo(name, hvparams, get_hv_fn=hypervisor.GetHypervisor):

  """Retrieves node information from a hypervisor.

  The information returned depends on the hypervisor. Common items:

    - vg_size is the size of the configured volume group in MiB

    - vg_free is the free size of the volume group in MiB

    - memory_dom0 is the memory allocated for domain0 in MiB

    - memory_free is the currently available (free) ram in MiB

    - memory_total is the total number of ram in MiB

    - hv_version: the hypervisor version, if available

  @type hvparams: dict of string

  @param hvparams: the hypervisor's hvparams

  """

  return get_hv_fn(name).GetNodeInfo(hvparams=hvparams)

def _GetHvInfoAll(hv_specs, get_hv_fn=hypervisor.GetHypervisor):

  """Retrieves node information for all hypervisors.

  See C{_GetHvInfo} for information on the output.

  @type hv_specs: list of pairs (string, dict of strings)

  @param hv_specs: list of pairs of a hypervisor's name and its hvparams

  """

  if hv_specs is None:

    return None

  result = []

  for hvname, hvparams in hv_specs:

    result.append(_GetHvInfo(hvname, hvparams, get_hv_fn))

  return result

def _GetNamedNodeInfo(names, fn):

  """Calls C{fn} for all names in C{names} and returns a dictionary.

  @rtype: None or dict

  """

  if names is None:

    return None

  else:

    return map(fn, names)

def GetNodeInfo(storage_units, hv_specs):

  """Gives back a hash with different information about the node.

  @type storage_units: list of tuples (string, string, list)

  @param storage_units: List of tuples (storage unit, identifier, parameters) to

    ask for disk space information. In case of lvm-vg, the identifier is

    the VG name. The parameters can contain additional, storage-type-specific

    parameters, for example exclusive storage for lvm storage.

  @type hv_specs: list of pairs (string, dict of strings)

  @param hv_specs: list of pairs of a hypervisor's name and its hvparams

  @rtype: tuple; (string, None/dict, None/dict)

  @return: Tuple containing boot ID, volume group information and hypervisor

    information

  """

  bootid = utils.ReadFile(_BOOT_ID_PATH, size=128).rstrip("\n")

  storage_info = _GetNamedNodeInfo(

    storage_units,

    (lambda (storage_type, storage_key, storage_params):

        _ApplyStorageInfoFunction(storage_type, storage_key, storage_params)))

  hv_info = _GetHvInfoAll(hv_specs)

  return (bootid, storage_info, hv_info)

def _GetFileStorageSpaceInfo(path, params):

  """Wrapper around filestorage.GetSpaceInfo.

  The purpose of this wrapper is to call filestorage.GetFileStorageSpaceInfo

  and ignore the *args parameter to not leak it into the filestorage

  module's code.

  @see: C{filestorage.GetFileStorageSpaceInfo} for description of the

    parameters.

  """

  _CheckStorageParams(params, 0)

  return filestorage.GetFileStorageSpaceInfo(path)

# FIXME: implement storage reporting for all missing storage types.

_STORAGE_TYPE_INFO_FN = {

  constants.ST_BLOCK: None,

  constants.ST_DISKLESS: None,

  constants.ST_EXT: None,

  constants.ST_FILE: _GetFileStorageSpaceInfo,

  constants.ST_LVM_PV: _GetLvmPvSpaceInfo,

  constants.ST_LVM_VG: _GetLvmVgSpaceInfo,

  constants.ST_SHARED_FILE: None,

  constants.ST_RADOS: None,

}

def _ApplyStorageInfoFunction(storage_type, storage_key, *args):

  """Looks up and applies the correct function to calculate free and total

  storage for the given storage type.

  @type storage_type: string

  @param storage_type: the storage type for which the storage shall be reported.

  @type storage_key: string

  @param storage_key: identifier of a storage unit, e.g. the volume group name

    of an LVM storage unit

  @type args: any

  @param args: various parameters that can be used for storage reporting. These

    parameters and their semantics vary from storage type to storage type and

    are just propagated in this function.

  @return: the results of the application of the storage space function (see

    _STORAGE_TYPE_INFO_FN) if storage space reporting is implemented for that

    storage type

  @raises NotImplementedError: for storage types who don't support space

    reporting yet

  """

  fn = _STORAGE_TYPE_INFO_FN[storage_type]

  if fn is not None:

    return fn(storage_key, *args)

  else:

    raise NotImplementedError

def _CheckExclusivePvs(pvi_list):

  """Check that PVs are not shared among LVs

  @type pvi_list: list of L{objects.LvmPvInfo} objects

  @param pvi_list: information about the PVs

  @rtype: list of tuples (string, list of strings)

  @return: offending volumes, as tuples: (pv_name, [lv1_name, lv2_name...])

  """

  res = []

  for pvi in pvi_list:

    if len(pvi.lv_list) > 1:

      res.append((pvi.name, pvi.lv_list))

  return res

def _VerifyHypervisors(what, vm_capable, result, all_hvparams,

                       get_hv_fn=hypervisor.GetHypervisor):

  """Verifies the hypervisor. Appends the results to the 'results' list.

  @type what: C{dict}

  @param what: a dictionary of things to check

  @type vm_capable: boolean

  @param vm_capable: whether or not this node is vm capable

  @type result: dict

  @param result: dictionary of verification results; results of the

    verifications in this function will be added here

  @type all_hvparams: dict of dict of string

  @param all_hvparams: dictionary mapping hypervisor names to hvparams

  @type get_hv_fn: function

  @param get_hv_fn: function to retrieve the hypervisor, to improve testability

  """

  if not vm_capable:

    return

  if constants.NV_HYPERVISOR in what:

    result[constants.NV_HYPERVISOR] = {}

    for hv_name in what[constants.NV_HYPERVISOR]:

      hvparams = all_hvparams[hv_name]

      try:

        val = get_hv_fn(hv_name).Verify(hvparams=hvparams)

      except errors.HypervisorError, err:

        val = "Error while checking hypervisor: %s" % str(err)

      result[constants.NV_HYPERVISOR][hv_name] = val

def _VerifyHvparams(what, vm_capable, result,

                    get_hv_fn=hypervisor.GetHypervisor):

  """Verifies the hvparams. Appends the results to the 'results' list.

  @type what: C{dict}

  @param what: a dictionary of things to check

  @type vm_capable: boolean

  @param vm_capable: whether or not this node is vm capable

  @type result: dict

  @param result: dictionary of verification results; results of the

    verifications in this function will be added here

  @type get_hv_fn: function

  @param get_hv_fn: function to retrieve the hypervisor, to improve testability

  """

  if not vm_capable:

    return

  if constants.NV_HVPARAMS in what:

    result[constants.NV_HVPARAMS] = []

    for source, hv_name, hvparms in what[constants.NV_HVPARAMS]:

      try:

        logging.info("Validating hv %s, %s", hv_name, hvparms)

        get_hv_fn(hv_name).ValidateParameters(hvparms)

      except errors.HypervisorError, err:

        result[constants.NV_HVPARAMS].append((source, hv_name, str(err)))

def _VerifyInstanceList(what, vm_capable, result, all_hvparams):

  """Verifies the instance list.

  @type what: C{dict}

  @param what: a dictionary of things to check

  @type vm_capable: boolean

  @param vm_capable: whether or not this node is vm capable

  @type result: dict

  @param result: dictionary of verification results; results of the

    verifications in this function will be added here

  @type all_hvparams: dict of dict of string

  @param all_hvparams: dictionary mapping hypervisor names to hvparams

  """

  if constants.NV_INSTANCELIST in what and vm_capable:

    # GetInstanceList can fail

    try:

      val = GetInstanceList(what[constants.NV_INSTANCELIST],

                            all_hvparams=all_hvparams)

    except RPCFail, err:

      val = str(err)

    result[constants.NV_INSTANCELIST] = val

def _VerifyNodeInfo(what, vm_capable, result, all_hvparams):

  """Verifies the node info.

  @type what: C{dict}

  @param what: a dictionary of things to check

  @type vm_capable: boolean

  @param vm_capable: whether or not this node is vm capable

  @type result: dict

  @param result: dictionary of verification results; results of the

    verifications in this function will be added here

  @type all_hvparams: dict of dict of string

  @param all_hvparams: dictionary mapping hypervisor names to hvparams

  """

  if constants.NV_HVINFO in what and vm_capable:

    hvname = what[constants.NV_HVINFO]

    hyper = hypervisor.GetHypervisor(hvname)

    hvparams = all_hvparams[hvname]

    result[constants.NV_HVINFO] = hyper.GetNodeInfo(hvparams=hvparams)

def _VerifyClientCertificate(cert_file=pathutils.NODED_CLIENT_CERT_FILE):

  """Verify the existance and validity of the client SSL certificate.

  """

  create_cert_cmd = "gnt-cluster renew-crypto --new-node-certificates"

  if not os.path.exists(cert_file):

    return (constants.CV_ERROR,

            "The client certificate does not exist. Run '%s' to create"

            " client certificates for all nodes." % create_cert_cmd)

  (errcode, msg) = utils.VerifyCertificate(cert_file)

  if errcode is not None:

    return (errcode, msg)

  else:

    # if everything is fine, we return the digest to be compared to the config

    return (None, utils.GetCertificateDigest(cert_filename=cert_file))

def VerifyNode(what, cluster_name, all_hvparams, node_groups, groups_cfg):

  """Verify the status of the local node.

  Based on the input L{what} parameter, various checks are done on the

  local node.

  If the I{filelist} key is present, this list of

  files is checksummed and the file/checksum pairs are returned.

  If the I{nodelist} key is present, we check that we have

  connectivity via ssh with the target nodes (and check the hostname

  report).

  If the I{node-net-test} key is present, we check that we have

  connectivity to the given nodes via both primary IP and, if

  applicable, secondary IPs.

  @type what: C{dict}

  @param what: a dictionary of things to check:

      - filelist: list of files for which to compute checksums

      - nodelist: list of nodes we should check ssh communication with

      - node-net-test: list of nodes we should check node daemon port

        connectivity with

      - hypervisor: list with hypervisors to run the verify for

  @type cluster_name: string

  @param cluster_name: the cluster's name

  @type all_hvparams: dict of dict of strings

  @param all_hvparams: a dictionary mapping hypervisor names to hvparams

  @type node_groups: a dict of strings

  @param node_groups: node _names_ mapped to their group uuids (it's enough to

      have only those nodes that are in `what["nodelist"]`)

  @type groups_cfg: a dict of dict of strings

  @param groups_cfg: a dictionary mapping group uuids to their configuration

  @rtype: dict

  @return: a dictionary with the same keys as the input dict, and

      values representing the result of the checks

  """

  result = {}

  my_name = netutils.Hostname.GetSysName()

  port = netutils.GetDaemonPort(constants.NODED)

  vm_capable = my_name not in what.get(constants.NV_VMNODES, [])

  _VerifyHypervisors(what, vm_capable, result, all_hvparams)

  _VerifyHvparams(what, vm_capable, result)

  if constants.NV_FILELIST in what:

    fingerprints = utils.FingerprintFiles(map(vcluster.LocalizeVirtualPath,

                                              what[constants.NV_FILELIST]))

    result[constants.NV_FILELIST] = \

      dict((vcluster.MakeVirtualPath(key), value)

           for (key, value) in fingerprints.items())

  if constants.NV_CLIENT_CERT in what:

    result[constants.NV_CLIENT_CERT] = _VerifyClientCertificate()

  if constants.NV_NODELIST in what:

    (nodes, bynode) = what[constants.NV_NODELIST]

    # Add nodes from other groups (different for each node)

    try:

      nodes.extend(bynode[my_name])

    except KeyError:

      pass

    # Use a random order

    random.shuffle(nodes)

    # Try to contact all nodes

    val = {}

    for node in nodes:

      params = groups_cfg.get(node_groups.get(node))

      ssh_port = params["ndparams"].get(constants.ND_SSH_PORT)

      logging.debug("Ssh port %s (None = default) for node %s",

                    str(ssh_port), node)

      success, message = _GetSshRunner(cluster_name). \

                            VerifyNodeHostname(node, ssh_port)

      if not success:

        val[node] = message

    result[constants.NV_NODELIST] = val

  if constants.NV_NODENETTEST in what:

    result[constants.NV_NODENETTEST] = tmp = {}

    my_pip = my_sip = None

    for name, pip, sip in what[constants.NV_NODENETTEST]:

      if name == my_name:

        my_pip = pip

        my_sip = sip

        break

    if not my_pip:

      tmp[my_name] = ("Can't find my own primary/secondary IP"

                      " in the node list")

    else:

      for name, pip, sip in what[constants.NV_NODENETTEST]:

        fail = []

        if not netutils.TcpPing(pip, port, source=my_pip):

          fail.append("primary")

        if sip != pip:

          if not netutils.TcpPing(sip, port, source=my_sip):

            fail.append("secondary")

        if fail:

          tmp[name] = ("failure using the %s interface(s)" %

                       " and ".join(fail))

  if constants.NV_MASTERIP in what:

    # FIXME: add checks on incoming data structures (here and in the

    # rest of the function)

    master_name, master_ip = what[constants.NV_MASTERIP]

    if master_name == my_name:

      source = constants.IP4_ADDRESS_LOCALHOST

    else:

      source = None

    result[constants.NV_MASTERIP] = netutils.TcpPing(master_ip, port,

                                                     source=source)

  if constants.NV_USERSCRIPTS in what:

    result[constants.NV_USERSCRIPTS] = \

      [script for script in what[constants.NV_USERSCRIPTS]