Statistics
| Branch: | Tag: | Revision:

root @ 62a7853e

# Date Author Comment
62a7853e 01/14/2014 12:38 pm Jose A. Lopes

Fix Kvmd imports for Ubuntu 13.04 64

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

588d0ee4 01/13/2014 07:43 pm Jose A. Lopes

Unit tests for KVM daemon

Add unit tests for KVM daemon.

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

51958d2a 01/13/2014 07:43 pm Jose A. Lopes

QA for KVM instance shutdown

Add QA for instance shutdown for KVM.

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

2a60db50 01/13/2014 07:43 pm Jose A. Lopes

Manpage for 'gnt-instance'

Modify manpage for 'gnt-instance' detailing the 'user_shutdown'
parameter and how it related to the 'acpi' parameter.

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

f0caa4be 01/13/2014 07:43 pm Jose A. Lopes

Manpage for KVM daemon

Add manpage for the KVM daemon.

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

95d70148 01/13/2014 07:43 pm Jose A. Lopes

Hook KVM hypervisor with KVM daemon shutdown files

  • modify the KVM hypervisor to look for the shutdown files created by
    the KVM daemon, which determine whether an instance was shutdown by
    the user
  • modify the KVM hypervisor to spawn the KVM daemon if it is not...
afa0fca4 01/13/2014 07:43 pm Jose A. Lopes

User shutdown hypervisor parameter

Add user shutdown parameter for KVM. Based on this parameter, decide
what information to report for a KVM instance, for example,
distinguish between 'ADMIN_down' and 'USER_down'.

Signed-off-by: Jose A. Lopes <>...

306b855a 01/13/2014 07:43 pm Jose A. Lopes

Add helper function to tell if a daemon is alive

Add helper function 'utils.IsDaemonAlive' to tell if a daemon is alive
by name. This function will be necessary for the KVM hypervisor to
determine if the KVM daemon is running and otherwise start it.

Signed-off-by: Jose A. Lopes <>...

d6769989 01/13/2014 07:43 pm Jose A. Lopes

Add KVM daemon daemonize

Add KVM daemon entry point, command-line options, backgrounding, etc

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

db519e20 01/13/2014 07:43 pm Jose A. Lopes

Add KVM daemon logic

Add KVM daemon logic, which contains monitors for Qmp sockets and
directory/file watching.

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

cf51a981 01/13/2014 07:43 pm Jose A. Lopes

Generalize and reuse Unix domain sockets

Refactor module 'Ganeti.UDSServer' so the KVM daemon can reuse code
declared in this module to handle Unix domain sockets.

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

4084d18f 01/13/2014 07:43 pm Jose A. Lopes

KVM daemon datatype, user and group

  • add user and group to 'configure.ac', 'Makefile.am' and
    'AutoConf.hs.in'
  • extend 'Daemon' datatype with 'GanetiKvmd' and implement all related
    functions, such as, 'daemonName', etc.
  • export KVM daemon name as constant...
9131274c 01/13/2014 07:43 pm Jose A. Lopes

Fix whitespace

Fix whitespace in several modules.

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

91ef0821 01/13/2014 07:43 pm Jose A. Lopes

Fix according to the Ganeti style guide

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

570008e3 01/13/2014 07:43 pm Jose A. Lopes

Fix docstring for 'AsyncStreamServer'

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

63a3049a 01/13/2014 05:56 pm Klaus Aehlig

Document automatic actions taken at upgrade

When upgrading from any version below 2.11 to 2.11 or higher,
Ganeti will generate new RPC client certificates when upgrading
with ``gnt-cluster upgrade``. Document this behavior in the
UPGRADE notes to avoid user surprises....

b121199d 01/13/2014 12:08 pm Klaus Aehlig

Add generating node certificates as post-upgrade task

While, technically, Ganeti is still working without individual node
certificates, it is considered an error by gnt-cluster verify to
not have it done immediately after upgrading. So, to make automatic...

9b85ede9 01/13/2014 12:08 pm Klaus Aehlig

Add utility to compare versions

This will be needed, e.g., for post-upgrade task, as they
have to decide whether a feature was not yet present at
the version started from.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Hrvoje Ribicic <>

74289509 01/10/2014 02:31 pm Klaus Aehlig

Merge branch 'stable-2.10' into master

  • stable-2.10
    Run postupgrade hook after upgrade
    Provide path to post-upgrade
    Add an empty post-upgrade hook
    design: support post-upgrade hooks
    Also add the current version to the intent-to-upgrade file

Signed-off-by: Klaus Aehlig <>...

4a67e386 01/10/2014 02:19 pm Klaus Aehlig

Run postupgrade hook after upgrade

To allow for necessary last-moment adaptions, of the new cluster,
we run the post-upgrade hook of the target version, providing
the version we originally started from.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Petr Pudlak <>

1ef0324f 01/10/2014 02:19 pm Klaus Aehlig

Provide path to post-upgrade

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Petr Pudlak <>

fba59beb 01/10/2014 02:19 pm Klaus Aehlig

Add an empty post-upgrade hook

As 2.10 is the first version from which you can do automatic upgrades,
there is nothing to do when going to any other version in the 2.10
branch.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Petr Pudlak <>

4d765a17 01/10/2014 02:19 pm Klaus Aehlig

design: support post-upgrade hooks

While the general policy for Ganeti is to just accept the situation
it finds after being upgraded from an older version, in some cases
additional actions might be necessary. So support a hook for doing
so.

Signed-off-by: Klaus Aehlig <>...

3cac836b 01/10/2014 02:19 pm Klaus Aehlig

Also add the current version to the intent-to-upgrade file

Our design states, that the intent-to-upgrade file contains "the current
version of ganeti, the version to change to, and the process ID". Make the
implementation fit with that design.

Signed-off-by: Klaus Aehlig <>...

c8fca479 01/10/2014 10:03 am Santi Raffa

admin.rst: update and reword disk template section

The disk template section was not updated for Gluster. This commit
also refactors the section slightly by unifying the different remarks
about /etc/ganeti/file-storage-paths.

sphinx_ext is also changed in order to not hardcode too much...

333bd799 01/09/2014 05:54 pm Jose A. Lopes

Design document for KVM daemon

Design document for KVM daemon which is needed by the instance
shutdown detection for KVM.

Signed-off-by: Jose A. Lopes <>
Reviewed-by: Michele Tartara <>

eea5e916 01/09/2014 05:38 pm Petr Pudlak

Improve the point-free section of the style guide

Distinguish declaring functions in the point-free style and using
a very similar technique to avoid parentheses (which isn't technically
point-free).

Signed-off-by: Petr Pudlak <>
Reviewed-by: Klaus Aehlig <>

b18409cf 01/09/2014 04:53 pm Klaus Aehlig

Document 2.11 to 2.10 specific downgrade tasks

While the recommended way of downgrading from version 2.11 to 2.10
is ``gnt-cluster upgrade --to 2.10``, manual downgrade is supported.
So, the version-specific steps need to be documented in the UPGRADE
notes....

52261ad2 01/09/2014 04:53 pm Klaus Aehlig

Remove certification on 2.11 to 2.10 downgrade

While version 2.10 ignores any leftover client certificates, their
presence will prevent a the cluster working after an upgrade back
to version 2.11 again. So we have to remove them right at the
downgrade.

Signed-off-by: Klaus Aehlig <>...

c09c495c 01/09/2014 04:53 pm Klaus Aehlig

Add support for version-specific downgrade tasks

Upgrading can have no specific knowledge about additional
tasks besides upgrading the configuration, as upgrades need
to be able to go to any future version (within the same major
version). Downgrading, however, is version specific and always...

c09f6160 01/09/2014 04:53 pm Klaus Aehlig

design: version-specific downgrade actions

Some new features, like client-specific ssl certificates, require additional
steps at downgrade, so add this to the design. Two things should be noted.

- There cannot be explicit version-specific upgrade actions; upgrades...

df89787b 01/09/2014 04:52 pm Klaus Aehlig

Document support for automatic downgrades

The recommended way of downgrading a cluster from 2.11 onwards
is to use the ``gnt-cluster upgrade`` command. Document this in
the section on downgrades.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

3eea40a0 01/09/2014 02:03 pm Hrvoje Ribicic

Clean up epydoc comments

Add missing colons, and improve descriptions of parameters.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

82ce55fa 01/09/2014 02:03 pm Hrvoje Ribicic

Use options for turning functionality on/off

Two command-line options are added: one for confirming that the test
has been started intentionally, and one for showing the method
invocation output, which is useful, but not always needed.

Signed-off-by: Hrvoje Ribicic <>...

dd2bc9b6 01/09/2014 02:03 pm Hrvoje Ribicic

Add job cancellation workload

To examine if jobs can be cancelled correctly, provide workload related
to this as well.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

b896bb66 01/09/2014 02:03 pm Hrvoje Ribicic

Add cluster parameter change workload

One of the few leftover unused RAPI methods is the cluster modify
method. This patch tests it by setting and unsetting various safe
values.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

17733ecb 01/09/2014 02:03 pm Hrvoje Ribicic

Make an instance move workload that works in 2.6

The instance move workload present before this patch works on 2.11, but
fails on 2.6. The 2.11 workload will still be useful should any later
version of Ganeti use it as reference, but a 2.6 workload has to be...

9578de1c 01/09/2014 02:03 pm Hrvoje Ribicic

Add instance move workload

Through the use of functions provided by the rapi QA, all the requests
related to instance moves can be exercised.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

10937a16 01/09/2014 02:03 pm Hrvoje Ribicic

Make the move-instance tool more fault tolerant

The move-instance tool raises an exception when used with a cluster
running an earlier version of Ganeti. As the tool is meant to perform
inter-cluster moves, this situation could be encountered outside the...

66743fe3 01/09/2014 02:03 pm Hrvoje Ribicic

Allow the skipping of checks for inter-cluster move test

The inter-cluster instance move test is very interesting for the RAPI
compatibility tests, as it uses many RAPI requests that are otherwise
hard to exercise. It uses no command-line functionality apart from...

e5351ee9 01/09/2014 02:03 pm Hrvoje Ribicic

Make the finish function return the error status explicitly

The earlier version of the Finish function assumed that checking if the
value of the response is None would suffice to check if any errors have
occurred. This is not, and this patch adjusts the function to expose...

c2e22e7b 01/09/2014 02:03 pm Hrvoje Ribicic

Add migration and failover workload

This patch introduces additional calls adding migration and failover
RAPI operations, moving a DRBD-disk template instance between nodes.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

396c5dfb 01/09/2014 02:03 pm Hrvoje Ribicic

Add tracking of used client methods

As a helper or a warning to anyone extending the RAPI client, the
client wrapper now warns of unused methods or method arguments.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

82a8bf3e 01/09/2014 02:02 pm Hrvoje Ribicic

Add network workload

This patch exercises the network RAPI commands.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

4236968a 01/09/2014 02:02 pm Hrvoje Ribicic

Add miniature query filtering workload

As query filtering was not a part of the previous workloads, this patch
adds a single example of its use.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

9749bd5e 01/09/2014 02:02 pm Hrvoje Ribicic

Add per-resource query workload

The query requests are done to receive data about a certain resource
type. With tests for all the resources barring networks in place, the
query workloads can be added at the point where the existence of enough
resources in the system can be confirmed, making the results of the...

1086027a 01/09/2014 02:02 pm Hrvoje Ribicic

Add group-related workload

This patch further extends the RAPI workload by exercising all the
group-related functionality.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

6b710ec0 01/09/2014 02:02 pm Hrvoje Ribicic

Add node-related workload

This patch further expands the workload by performing various node
operations.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

89d52c9a 01/09/2014 02:02 pm Hrvoje Ribicic

Add warning about the RecreateInstanceDisks invocation

A test relying on RAPI alone cannot exercise the RecreateInstanceDisks
functionality properly - simply because it cannot damage an instance
to the point where its disks would be missing and in need of...

a9e3e04d 01/09/2014 02:02 pm Hrvoje Ribicic

Add various single instance operations

To further expand the number of RAPI methods in the workload, the
single instance operations are added in this patch. An instance is
created, deleted, shutdown, restarted, reinstalled, renamed, and
has its disks activated and deactivated and grown....

9f22ba9a 01/09/2014 02:02 pm Hrvoje Ribicic

Add tag method testing

This patch adds a generic way to test tagging of various entities via
RAPI. More tags testing will be added as other entitt tests are added.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

b87948f5 01/09/2014 02:02 pm Hrvoje Ribicic

Add helper function that waits for jobs to finish

Some RAPI calls result in the creation of a long-running job,
returning a job id to be used to extract the results later. To reduce
the amount of boilerplate, introduce a simple function to do the
waiting....

94981c7a 01/09/2014 02:02 pm Hrvoje Ribicic

Add simple retrieval operations to workload

This patch expands the RAPI workload with simple Get* commands.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

56803e14 01/09/2014 02:02 pm Hrvoje Ribicic

Add the first version of the RAPI workload script

The RAPI workload script supplies work for the RAPI compatibility
tests. The initial version does very little, but can be expanded
as needed.

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

a784d28c 01/09/2014 02:02 pm Hrvoje Ribicic

Make the qa_rapi setup method return the RAPI client

Signed-off-by: Hrvoje Ribicic <>
Reviewed-by: Helga Velroyen <>

fcd2359a 01/09/2014 02:02 pm Hrvoje Ribicic

Move RAPI secret lookup to qa_rapi

The RAPI secret lookup is a helper function used by the Ganeti QA to
retrieve the RAPI password of an already setup cluster. As this could
be useful to other utilities performing QA, move it to the qa_rapi
module.

Signed-off-by: Hrvoje Ribicic <>...

9110fb4a 01/09/2014 09:37 am Santi Raffa

Add code style document to documentation

The Ganeti code style has been stored on the project wiki at:

https://code.google.com/p/ganeti/wiki/StyleGuide
https://code.google.com/p/ganeti/wiki/HaskellStyleGuide

This commit combines the two pages into an .rst file with minimal...

ed748771 01/08/2014 05:07 pm Helga Velroyen

Correct exception when ssconf file does not exist

After an upgrade to 2.11, the ssconf file for the master
certificates might not exist. Based on the non-existance,
noded falls back to a compatibility mode regarding dealing
with SSL certificates. The check for the ssconf file...

d4b81bdd 01/08/2014 04:14 pm Klaus Aehlig

Also downgrade gluster parameters

Support for gluster was added only in version 2.11. So,
when downgrading to the 2.10 branch, these parameters
need to be removed.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

fc6ccde4 01/08/2014 03:01 pm Helga Velroyen

Create client certificate for normal nodes

The vcluster QA revealed a bug in the SSL certificate
handling code, where certificates were only created
when the node is a master-candidate. However, every node
should have a certificate, but only the digests of the...

a8551d9c 01/08/2014 12:26 pm Klaus Aehlig

Also consider filter fields for deciding if using live data

If the query fields don't require live data, we use the shortcut
and don't request live data. However, we cannot take this shortcut
if the fields the filter depends on requires live data.

Signed-off-by: Klaus Aehlig <>...

d3737aca 01/07/2014 02:48 pm Petr Pudlak

Catch exceptions when calling curses.setupterm() in QA

If it's running on a non-standard terminal, such as
rxvt-unicode-256color, the call fails with an exception. Instead, catch
the exception and proceed without coloring warnings/errors.

Signed-off-by: Petr Pudlak <>...

54a2661e 01/07/2014 12:03 pm Klaus Aehlig

Increase job queue polling interval

Now that all jobs are monitored with inotify, increase the polling interval.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

ea174b21 01/07/2014 12:03 pm Klaus Aehlig

After detecting a finished job, schedule again

In order to obtain a higher throughput of jobs, schedule new jobs
as soon as a job was detected to have finished.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

b81650b0 01/07/2014 12:03 pm Klaus Aehlig

Attach a watcher for jobs

Add a function that can serve as an event handler for inotify
updating a job in the job queue if the corresponding job file
changes. Also attach it to all jobs selected to be run.

Signed-off-by: Klaus Aehlig <>...

a2977f53 01/07/2014 12:03 pm Klaus Aehlig

JQScheduler: always pass JobWithStat

When attaching inotifies to jobs, we need to preserve
it through potential requeuing actions. Also, this information
is needed for cleaning up.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

cc5ab470 01/07/2014 12:03 pm Klaus Aehlig

Cleanup inotifies

When cleaning up finished jobs, remove the inotify
attached to them, if any.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

ed6cf449 01/07/2014 12:03 pm Klaus Aehlig

Add an optional inotify to jobs in the scheduler

This provides the infrastructure to monitor running jobs
by inotify, and hence update the queue promptly upon
job changes.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

d5665e10 01/07/2014 10:14 am Klaus Aehlig

Make luxid handle SetDrainFlag

Make luxid also handle queries to drain the job queue.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Guido Trotter <>

83a451f5 01/07/2014 10:14 am Klaus Aehlig

Add RPC for setting the queue drain flag

As luxid is also responsible for handling requests to drain the job queue,
we need the corresponding RPC in Haskell as well.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Guido Trotter <>

1264bd58 01/07/2014 10:14 am Klaus Aehlig

Fix sign in drain_flag request

The drain flag is set, if the queue is not open.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Guido Trotter <>

56c934da 01/02/2014 11:41 am Jose A. Lopes

Eliminate installation modes in OS reinstalls doc

Eliminate installation modes in OS reinstalls design doc and instead
allow disk images and OS scripts to be combined, with an optional
virtualized environment.

Signed-off-by: Jose A. Lopes <>...

e97cce9f 12/20/2013 03:49 pm Klaus Aehlig

Reinstantiate inotify after a lost file

When watching a file, reinstantiate the inotify if notified
of an event that removes the watch. Such events are likely
to happen, as our usual way to "modify" a file is to atomically
replace it by another one.

Signed-off-by: Klaus Aehlig <>...

2f575937 12/20/2013 03:49 pm Klaus Aehlig

Improve debug-logging for watch file

Also log, at debug level only, when a change of a watched
file was observed, but the change did not result in any
change of derived value.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

13b05c27 12/20/2013 03:49 pm Klaus Aehlig

Improve debugging by logging inotify events

At debug level, not only log that an inotify triggered,
but also log the actual event.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

575b31bf 12/20/2013 03:44 pm Helga Velroyen

Update design doc to match implementation

This patch contains some minor changes in the design doc
to make sure the details match the implementation.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

898fd9e1 12/20/2013 03:43 pm Helga Velroyen

Update UPGRADE nodes

Adds to the upgrade nodes that a renewal of the node
certificates is necessary.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

224c4204 12/20/2013 03:15 pm Helga Velroyen

Update NEWS wrt to client RPC certificates

This updates the NEWS file regarding the changes in
RPC communication.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

a6c43c02 12/20/2013 03:15 pm Helga Velroyen

Verify client certificates

This patch adds a step to 'gnt-cluster verify' to verify
the existence and validity of the nodes' client
certificates. Since this is a crucial point of the
security concept, the verification is very detailed with
expressive error messages and well tested by unit tests....

b3cc1646 12/20/2013 03:15 pm Helga Velroyen

Verify incoming RPCs against candidate map

From this patch on, incoming RPC calls are checked against
the map of valid master candidate certificates. If no map
is present, the cluster is assumed to be in
bootstrap/upgrade mode and compares the incoming call...

28756f80 12/20/2013 03:15 pm Helga Velroyen

Handle promoting/demoting nodes wrt to client certificates

This patch makes Ganeti correctly handle the client
certificates when nodes get promoted to master candidates
or demoted to normal nodes.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

d722af8b 12/20/2013 03:15 pm Helga Velroyen

Extend RPC call to create SSL certificates

So far the RPC call 'node_crypto_tokens' did only retrieve
the certificate digest of an existing certificate. This
call is now enhanced to also create a new certificate and
return the respective digest. This will be used in various...

60cc531d 12/20/2013 03:15 pm Helga Velroyen

Create client SSL certificates on cluster init

This patch makes Ganeti create a client SSL certificate for
the master node on cluster initialization. Note that some of
the code in this patch is later moved into an LU to serve
requirements for crypto renewal and updates, but for this...

1059337d 12/20/2013 03:15 pm Helga Velroyen

Store candidate certificates in ssconf

This patch enables Ganeti to store the candidate
certificate map in ssconf. A utility function to
read it is provided as well.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

840ad2ab 12/20/2013 03:15 pm Helga Velroyen

Handle client certificates on node add/remove

This patch adds the certificate of a newly added or
readded master candidate node to the map of master candidate
certificates. It removes a master candidate node's certificate
digest from the candidate certificate map if the node is...

5b6f9e35 12/20/2013 03:15 pm Helga Velroyen

Add certificate for master node

On cluster initialization, the master node's
SSL certificate digest is added to the list of master
candidate certificates.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

3bcf2140 12/20/2013 03:15 pm Helga Velroyen

Add candiate certificate map to configuration

At the end of this patch series, incoming RPC calls are
legitimized against a map of master candidate nodes'
SSL certificate digests. This patch adds the map itself
to the cluster's configuration.

Signed-off-by: Helga Velroyen <>...

b544a3c2 12/20/2013 03:15 pm Helga Velroyen

Retrieve a node's certificate digest

In various cluster operations, the master node needs to
retrieve the digest of a node's SSL certificate. For this
purpose, we add an RPC call to retrieve the digest. The
function is designed in a general way to make it possible...

3338a9ce 12/20/2013 03:15 pm Helga Velroyen

Utility functions to manipulate the candidate map

This patch adds a couple of utility functions to manipulate
the map of master candidate SSL certificate digests.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

c1cf0435 12/20/2013 03:15 pm Helga Velroyen

Remove superfluous imports

This removes some superfluous imports from the X509 (SSL)
unittests.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

b5ae26cd 12/20/2013 11:33 am Klaus Aehlig

Fix types for queries in QA

Due to the actual implementation of the '?' operator
in our query language, it happily accepted essentially
any value that was not 0 or False as being true. However,
it was always only specified to work on boolean values.
Therefore, our QA shouldn't test for this unspecified...

f3ac6f36 12/19/2013 01:59 pm Klaus Aehlig

Merge branch 'stable-2.10' into master

  • stable-2.10
    Version bump for 2.10.0~rc1
    Update NEWS for 2.10.0 rc1 release
    Fix pylint 0.26.0/Python 2.7 warning
    Update INSTALL and devnotes for 2.10 release
  • stable-2.9
    Bump revision for 2.9.2
    Update NEWS for 2.9.2 release...
9ba38706 12/18/2013 07:41 pm Petr Pudlak

Replace errors re-export in luxi.py with proper imports

Instead of re-exporting errors in luxi.py, import rpc/errors.py in the
modules that use them.

Signed-off-by: Petr Pudlak <>
Reviewed-by: Klaus Aehlig <>

edd09726 12/18/2013 04:47 pm Klaus Aehlig

break line longer than 80 chars

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

22656d9a 12/18/2013 04:40 pm Santi Raffa

luxi.py: Fix pylint warning about unused imports

Reexport exception classes more explicitly for pylint's convenience.

Signed-off-by: Santi Raffa <>
Reviewed-by: Helga Velroyen <>

ad3ab87e 12/18/2013 04:34 pm Santi Raffa

rpc: Fix one more py-apidoc warnings

Signed-off-by: Santi Raffa <>
Reviewed-by: Helga Velroyen <>

79258532 12/18/2013 03:49 pm Klaus Aehlig

hsqueeze: Also test for tagging

hsqueeze is required to tag nodes before powering them down. Also test
for this behavior.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Helga Velroyen <>

dcd54d32 12/18/2013 03:49 pm Klaus Aehlig

hsqueeze: tag nodes before offlining them

hsqueeze is supposed to tag nodes before powering them down, so that
it later can recognize which nodes can be activated later. When showing
the commands to execute, also add the tagging commands.

Signed-off-by: Klaus Aehlig <>...

25b2392b 12/18/2013 03:49 pm Klaus Aehlig

Add an hsqueeze test for drbd instances

In this example, there are two drbd instances, rendering a total of
four nodes ineligible for being offlined. Additionally, the master
may not be offlined either, leaving a single candidate.

Signed-off-by: Klaus Aehlig <>...

2a58a7b1 12/18/2013 03:49 pm Klaus Aehlig

hsqueeze: only consider nodes that are not secondaries

If an instance has a secondary node, it cannot be easily
moved to every node (in the same node group), as otherwise
no node would be distinguished as secondary. As hsqueeze
should only consider nodes were moving the instances away...