jqueue: Use timeout when acquiring locks
As already noted in the design document, an opcode's priority isincreased when the lock(s) can't be acquired within a certain amount oftime, except at the highest priority, where in such a case a blockingacquire is used....
RAPI server: Move user file watching out, update documentation
This patch moves the code watching the users file into aa separate class to not mix it with HTTP serving. The usersfile is now driven from outside the HTTP server class.
Also the documentation is updated to mention the automatic...
Update the authentication mapping in RAPI if users file has been updated
Please note: This only works if the file existed upon startup. If the file wascreated later, ganeti-rapi has to be restarted.
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Modify daemon-util to support launching daemons under different user/groups
Remove utils.EnsureDir as this is done by ensure-dirs.in now
Partial Revert "Let ganeti-rapi run under a different user/group"
This partially reverts commit 8b72b05c51208190796b558233d69dae7643c7f7.
Basically it removes the user involved changes
Merge branch 'devel-2.2'
Merge branch 'stable-2.2' into devel-2.2
Signed-off-by: Michael Hanselmann <hansmi@google.com>...
Allow ensure-dirs to run partially and skip big file chunks
The startup of the daemons would take a lot of time otherwise,also it's not needed to set the permissions of those file overand over again, because if the daemons are once migrated to theuser they will keep creating the file for that user....
Adapt ensure-dirs to accomodate the additional permissions and files
Please note that this can and will be improved over time. There are discussionsabout automated file generation of ensure-dirs so we can really keep all thepermissions and file ownerships in one place. Because right now they are all...
Disable the RAPI CA checks in watcher
Since the RAPI certificate is not necessarily self-signed, and wecurrently don't have any configuration variable for the real CA file, wedisable for now the CA checks. This fixes the 'restart RAPI every 5minutes' problem with non-self-signed certs....
hansmi helped me with merging the conflict. Thanks
Conflicts: lib/workerpool.py
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Add simple lock monitor
This patch adds an initial implementation of a lock monitor, accessiblefor the user through “gnt-debug locks”. It currently shows all resourcelocks: BGL, nodes and instances. Config and job queue locks could beshown too, but wouldn't be of much help. The current owner(s) and mode...
Add RPC calls to update /etc/hosts
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Removing all ssh setup code from the core
Support for resolving hostnames to IPv6 addresses
This patch enables IPv6 name resolution by using socket.getaddrinfoinstead of socket.gethostbyname_ex.
It renames the HostInfo class to Hostname and unifies its use throughoutthe code. This is achieved by using static calls where no object is...
Introduce new IPAddress classes
This patch unifies the netutils functions dealing with IP addresses tothree classes:- IPAddress: Common IP address functionality- IPv4Address: IPv4 specific functionality- IPv6address: IPv6-specific functionality
Furthermore it adds methods to check whether an address is a loopback...
workerpool: Change signature of AddTask function to not use *args
By changing it to a normal parameter, which must be a sequence, we canstart using keyword parameters.
Before this patch all arguments to “AddTask(self, *args)” were passed asarguments to the worker's “RunTask” method. Priorities, which should be...
masterd: move the IP activation from Exec to Check
Currently, the master IP activation is done in the Exec function. Sincethe original masterd process returns after forking, and Exec is run inthe (grand)child process, this means that after 'ganeti-masterd' has...
Move the UsesRPC decorator from cli to rpc
This is needed because not just the cli scripts need this decorator, butthe master daemon too (and it already duplicated the code once).
In cli.py we just leave a stub, so that we don't have to modify all thescripts to import rpc.py....
watcher: smarter handling of instance records
This patch implements a few changes to the instance handling. First, oldinstances which no longer exist on the cluster are removed from thestate file, to keep things clean.
Second, the instance restart counters are reset every 8 hours, since...
Convert RPC client to PycURL
Instead of using our custom HTTP client, using PycURL's multiinterface allows us to get rid of the HTTP client threadpool.The majority of the code is still in the ganeti.http.clientmodule.
A simple per-thread HTTP client pool gives cURL a chance to...
Confd IPv6 support
This patch series basically adds a new parameter 'family' to the constructorsof daemon.AsyncUDPSocket and confd.client.ConfdUDPClient. This enables theusers of these two classes to support IPv6.
In ganeti-confd.ConfdAsyncUDPClient a method to check the address families of...
Introduce lib/netutils.py
This patch moves network utility functions to a dedicated module.
Signed-off-by: Manuel Franceschini <livewire@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Merge branch 'devel-2.1'
Signed-off-by: Luca Bigliardi <shammash@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Mlockall: decrease warnings if ctypes module is not present
Node daemon prints a lot of warnings if --no-mlock option is not specified andctypes module is not present.
With the following patch the warning is printed only at noded startup.
Signed-off-by: Luca Bigliardi <shammash@google.com>...
Add drbd_helper rpc call
Fix ganeti-rapi version string
This was "broken" for almost a year :)
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
RAPI client: Switch to pycURL
Currently the RAPI client uses the urllib2 and httplib modules fromPython's standard library. They're used with pyOpenSSL in a very fragileway, and there are known issues when receiving large responses from a RAPIserver....
Rename some constants to facilitate IPv6 support
Signed-off-by: Manuel Franceschini <livewire@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Add missing pylint disable for "except:"
Why it's needed here but not a few lines above is a mistery that onlypylint understands.
Also fix an indentation error in another disable, for the same function.
Signed-off-by: Guido Trotter <ultrotter@google.com>...
masterd: use AsyncTerminatedMessageStream for luxi
Each luxi connection now creates an asyncore MasterClientHandler (whichis an AsyncTerminatedMessageStream subclass, sending each message to aclient worker). This makes it harder to DOS the master daemon by just...
Introduce an RPC call for OS parameters validation
While we only support the 'parameters' check today, the RPC call isgeneric enough that will be able to support other checks in the future.The backend function will both validate the parameters list (so as to...
import/export daemon: Add support for a magic prefix
This “magic” value will be used to ensure that we don't accidentiallyconnect to the wrong daemon (e.g. due to a bug), comparable to DRBD'sper-disk secret. Just depending on the SSL certificate isn't enough...
import/export: Validate remote host/port
The hostname and port received from the remote cluster shouldbe validated, just in case.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Handle ESRCH when sending signals
Upon sending signals, ESRCH can be reported when the target nolonger exists.
Remove the job queue drain rpc call
This call was introduced but never used. In two years.Since it's just creating/removing a file it can also be in simpler ways,without a special rpc call, if/when we need it again. In the meantime,let's give it to history....
Add unittest for ganeti-cleaner
import/export: Allow script to predict size
Once we have a size for an export (in the context of theimport/export daemon), we can provide the user with apercentage and ETA.
import/export daemon: Record amount of data transferred
This reports the amount of data transferred and the throughput (averagedover 60 seconds) to the master daemon. While not yet fully implemented,once the export scripts report the expected data size, we can even provide...
ensure-dirs: don't fail if no rapi log is present
Sometimes a node has never been a master. Or ran rapi. In that case weneed to create the file (because if later rapi gets started, it won't beable to create it itself).
Let daemon-utils fix the owners for ganeti-rapi
This is a workaround until we fully switched to user separation and fixes theowners of directories/log files so ganeti-rapi will start flawlessly. This isright now run for every daemon but as it operates on a relatively small subset...
Modify ganeti-masterd to set permission and owner of masterd-socket
Let ganeti-rapi run under a different user/group
Convert ganeti-masterd's main thread to mainloop
Not much changes with this patch. The main loop for the IOServer isrepaced by mainloop.Run() and the main thread now uses asyncore tohandle connections to the master socket. Once it accepts them, though,...
ganeti-watcher should attempt to fix ganeti-rapi
Update ganeti-watcher so that it tests the master's RAPI port with asimple test (in this case GetVersion). If it fails, make one attemptat restarting ganeti-rapi and retest.
- daemons/ganeti-watcher: Test rapi and make one attempt at restarting it....
import/export daemon: Move command building into separate module
The import/export daemon code is already large. Moving some codeto a separate module will make it smaller and easier to test.
import/export daemon: Move some I/O processing code to module
The code parsing the child process' output is moved to a separateclass in the impexpd module. As more programs are added, it'llbecome more complex and should be separated.
import/export daemon: Move command building into class
Instead of passing around many variables for building the executedcommand, they're now kept as instance variables.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
ErrorLoggingAsyncNotifier
This mixes AsyncNotifier with GanetiBaseAsyncoreDispatcher to provide anAsyncNotifier which will log errors, rather than bail out.
Put common import/export daemon options into object
The X509 key name and CA are passed from cmdlib all the way tothe backend import/export daemon. With the addition of an optionto choose the compression method, another parameter would haveto be passed all the way. By moving these options to a separate...
import-export daemon: Allow changing compression method
For example, exports on the same node shouldn't be compressed.
Make ConfdInotifyEventHandler a library function
Cut&Paste, plus the following changes: - The class is renamed to SingleFileEventHandler - The monitored filename must be passed in and doesn't default to the ganeti cluster config file - A small docstring is added to the class...
Remove errors.ConfdFatalError
This exception is caught, but never thrown. It became useless when wemoved confd from on/off to enabled/disabled, but always running on allnodes. Removing its definition and the code catching it can do no harm.
Conflicts: lib/luxi.py - trivial
ganeti-cleaner: Remove expired X509 certs
Importing/exporting an instance to a remote machine creates X509certificates which expire after some time. They need to be removed fromthe nodes as they become useless.
Abstract the LUXI eom into a constant
Currently the EOM terminator is hardcoded on the server side, and iscustomizable in the Transport object (with the default being the same asthe value found in the server), but not in the luxi client.
With this patch we move the value to constants, and remove the "fake"...
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
ganeti-cleaner: Write log file with removed files
Logfiles can be useful for debugging.
ganeti-masterd: Improve error logging for client requests
Ganeti errors should also be logged with a backtrace.
ganeti-noded: add the --no-mlock option
While mlock on noded is definitely good in most situations, there aresome - namely my laptop - where it has no benefit, and uses preciousnon-swappable memory. To avoid this we make it optional, with a new--no-mlock option. Note that only the main node daemon and its http...
Conflicts: daemons/ganeti-noded lib/daemon.py lib/rapi/baserlib.py lib/rapi/rlib2.py lib/utils.py
Signed-off-by: Luca Bigliardi <shammash@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Use console_logging in node daemon
Node daemon logs will be printed on system console if writing on the log filefails.
Lock node daemon children in memory
Lock node daemon in memory
Fix pylint 0.20.0 warnings
These seem to be wrong, possibly a regression in pylint.
Retry connection in import-export daemon
Until now, exactly one attempt was made to establish a connection.If it failed, the whole import/export for the disk in questionaborted. Retrying will make it more reliable.
Unfortunately the listening part can't be made completely...
Use new class for wakeup file descriptor in import/export daemon
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
Move some code into separate class in import/export daemon
Conflicts: lib/utils.py: Trivial
masterd: Log PID, UID and GID of connected client
This can be very useful if client programs run as non-root.
Remove two unused RPC functions
Both of these functions, “snapshot_export” and “instance_os_import”,have been replaced by the instance import/export daemon.
Add RPC call to send SIGTERM to import/export daemon
This will be used to stop the daemon without doing complete cleanup (yet).
Rename import/export RPC calls to match others
Add RPC calls to import and export instance data
These RPC calls can be used to start, monitor and stop the instance dataimport/export daemon.
Add daemon for instance import and export
This backend daemon for instance import and export will be used totransfer instance data to other machines. It is implemented in a genericway to support different ways of data input and output. The third-partyprogram “socat”, which is already used by the KVM hypervisor abstraction,...
Fix new pylint errors
Make watcher request the max coverage
Since the actions are potentially destructive, we should try to get aconsistent view of the cluster, so it's better to get the most coveragepossible.
Watcher: automatic shutdown of orphan resources
This patch changes the watcher so that it maintains (on all nodes) thelist of instances and DRBD devices by shutting down ones that confddaemons indicate should not be running on this node.
Signed-off-by: Iustin Pop <iustin@google.com>...
Merge remote branch 'devel-2.1'
Send "501 Not Implemented" back when method not found
Before this was "400 Bad Request" and thus it didn't reflectthe reality.
Watcher: do not warn for missing hooks dir
If the hooks dir does not exist, do not warn needlessly. This is similarto commit a9b7e346 (for backend.py).
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
Watcher: fix some doc typos
ganeti-confd: Call pyinotify flags correctly
The "apparently pylint was right" commit.
Although the pyinotify constants work on old distributions, they fail onnew ones, with new python. Fixing this by calling them in a way thatworks everywhere.
Some epydoc fixes
Add a hint to masterd for inconsistent clusters
Add RPC calls to create and remove X509 certificates
Certificates and keys generated using these functions will be used forinter-cluster instance moves. As per design, the private key should neverleave the node.
Merge remote branch 'origin/devel-2.1'
Conflicts: lib/bootstrap.py: Trivial lib/constants.py: Trivial
Rightname confd's HMAC key
Currently, the ganeti-confd's HMAC key is called “cluster HMAC key” orsimply “HMAC key” everywhere. With the implementation of inter-clusterinstance moves, another HMAC key will be introduced for signing criticaldata. They can not be the same, so this patch clarifies the purpose of the...
daemon-util: Generate daemon path in separate function
daemon-util: Use “return” instead of “exit” in all functions
This is important if they're called directly within daemon-util.
daemon-util: Add function to start and stop all daemons
This is, to some degree, duplicated code from the init script. However,the init script has to conform to standards of the underlying Linuxdistributions, while these functions will be called by Ganeti itself. By...
ganeti.initd: Move all daemon names from init script to daemon-util
The list of daemon names will be used in daemon-util, too.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>Reviewed-by: René Nussbaumer <rn@google.com>