History | View | Annotate | Download (33.3 kB)
Move a function from backend to ssconf
The “WriteSsconfFiles” function is used to write ssconf files. By movingit we can avoid importing backend into bootstrap. The latter is importedby CLI programs and backend doesn't have much to do with them.
Signed-off-by: Michael Hanselmann <hansmi@google.com>...
Stop hardcoding root user
Some parts of the code still use a hardcoded user name: root. This patchreplaces all with a constant specified at build time. The end goal is tomake it possible to run a Ganeti cluster without any special privileges(of course this will prevent some functionality from working)....
bootstrap.SetupNodeDaemon: Stop hardcoding bind address
Commit b43dcc5a11 added support for IPv6. To have the node daemon bindto an IPv6 address on startup it changed the code to pass a static bindaddress (0.0.0.0 or ::0). If a user had configured another bind address...
Migrate lib/bootstrap.py from constants to pathutils
File system paths moved from constants to pathutils.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
constants: Move most paths to separate module
This is inpreparation for the implementation of virtual clusters. Manypaths will change based on an environment variable and are no longerconstant and should no longer be in “constants.py”. Since “constants.py”...
Bump pep8 version to 1.2
Debian Wheezy will ship with this version, and it has many improved checks compared to 0.6, so let's:
- bump version in the docs- silence some new checks that are wrong due to our indent=2 instead of 4- fix lots of errors in the code where the indentation was wrong by 1...
Fix uses of OpPrereqError without code info
A while back, we did cleanup the code and ensured (manually) that useof OpPrereqError includes an errors.ECODE_* field as secondargument. Since we cannot automate the check for this, it turns outthat more and more such usage has crept over the years, including in...
Verify the options on diskparameters
This prevents from setting for example drbd options on the plain disktemplate.
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
cmdlib: Remove all diskparams calculations not required anymore
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
RPC: Add a new client type for DNS only
This patch moves the “call_version” to a new RPC client definition andthen adds a new runner using the DNS resolver for getting the hostaddress.
The standard “BootstrapRunner”, where the call was before, tries to...
Replace single- with double-quotes
In at least two cases "%s" is replaced with str(), too.
Further fixes to instance policy validation
As a followup from "Remove extraneous check in policy creation", thereare more places where we build an ipolicy, and then manually check forits validity. This is very bad style, as it duplicates theverification code across many places....
Add new disk_templates parameter to instance policy
This is a bit more complex patch, as it requires changing theassumption that all keys in the policy dict points to values that arethemselves dicts. Right now we introduce an assumption that anynon-dicts are lists, we'll see in the future if this holds or whether...
gnt-cluster: Add hv/disk state to init
InitCluster supports instance policy
Signed-off-by: Agata Murawska <agatamurawska@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Add basic support for disk parameters
objects.py: * add disk parameters to Disk, Cluster, NodeGroup.
constants.py: * add dictionaries that will hold types and default values for disk parameters (for now, empty).
test/ganeti.constants_unittest.py:...
Remove BE_MEMORY from beparams but keep compatibility
Queries are already compatible (be/memory is an alias for be/maxmem) andimport/exports work. This patch patch fixes it for cluster init, modifyand instance add/start/modify.
Signed-off-by: Guido Trotter <ultrotter@google.com>...
Change master IP address RPCs for external script
Change the master IP address RPC call chain to accept theuse_external_master_ip_script parameter. Introduces an unused parameterin backend.ActivateMasterIp and backend.DeactivateMasterIp, that will beused in the next commit....
Add --use-external-mip-script flag
- add a command line flag to gnt-cluster init and modify to change the value of the cluster parameter use_external_mip_script;- add two constants representing the paths of the default script and of the external script;...
Pass MasterNetworkParameters instances in RPCs
Pass instances of objects.MasterNetworkParameters when calling RPCs foractivation and deactivation of master IP.
Signed-off-by: Andrea Spadaccini <spadaccio@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Use MasterNetworkParameters attributes for RPC
Instead of manually unpacking the return values ofcfg.GetMasterNetworkParameters, let it return an instance ofobjects.MasterNetworkParameters and pass its attributes.
Signed-off-by: Andrea Spadaccini <spadaccio@google.com>...
Uniform master IP activation and deactivation
Add the master IP family parameter to the master IP deactivation RPCs,so that the activation and deactivation interfaces are uniform.
Explicitly pass params to deactivate_master_ip
Make the master explicitly pass the parameters to thedeactivate_master_ip RPC, and change all the call flow to use the newinterface.
Signed-off-by: Andrea Spadaccini <spadaccio@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Change the semantics of stop_master RPC
To avoid polluting the stop_master RPC interface with networkparameters, this patch removes the deactivation of the master IP fromthis RPC.
The call to deactivate_master_ip is then added before every stop_master...
Move bootstrap-related RPC to generated wrappers
With this patch, only 6 RPC are left as old-style code.
Restore backend.GetMasterInfo return values order
Change 5a8648eb609f7e3a8d7ad7f82e93cfdd467a8fb5 changed the order of thereturn values of backend.GetMasterInfo(). This broke the users of themaster_info RPC.
This change restores the original order, and adds a comment in...
Add cluster netmask parameter
Add the master_netmask cluster parameter, that represents the netmask ofthe master IP, encoded as a CIDR suffix.
This parameter can be set via the --master-netmask of gnt-cluster initand gnt-cluster modify. The default behaviour is to be consistent with...
Split starting and stopping master IP and daemons
Implementation of TLS-protected SPICE connections
Added support for TLS-protected SPICE connections:
Added SPICE TLS option and related cert paths
DeprecationWarning fixes for pylint
In version 0.21, pylint unified all the disable-* (and enable-*)directives to disable (resp. enable). This leads to a lot ofDeprecationWarning being emitted even if one uses the recommendedversion of pylint (0.21.1, as stated in devnotes.rst)....
PEP8 style fixes
Identified using the “pep8” utility.
remove bootstrap._InitSharedFileStorage
This function is a copy of bootstrap._InitFileStorage with the followingdifferences: - check constants.ENABLE_SHARED_FILE_STORAGE and not constants.ENABLE_FILE_STORAGE - use different local variable names - one different error string...
Automatically enable hail if enabled and found
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Shared file storage initialization code
Add shared file storage handling during cluster initialization.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Core shared file storage support
This patch introduces core file storage support, consisting of the following:
A configure-time switch for enabling/disabling shared file storagesupport and controlling the shared file storage location:--with-shared-file-storage-dir=. Shared file storage configuration is then...
gnt-cluster master-failover: Undrain queue
- Move functions for drain status (tracked via file) from jqueue to jstore- Undrain queue on master failover if necessary- Add QA test
Merge branch 'devel-2.3' into devel-2.4
Wait for master to become available on initialization
This is analogue to the existing check for a responsive node daemon.
Start all daemons on cluster initialization
At least ganeti-confd was not started. It got started a few minuteslater by ganeti-watcher. Also move one pylint disable to the effectiveline.
Cleanup bootstrap.SetupNodeDaemon
- Code formatting- Use ShellQuote for one argument- Remove variables no longer used after commit 9294514d
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
Introduce constant for the name of the initial node group
Signed-off-by: Adeodato Simo <dato@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Adding ndparams to gnt-cluster init|modify and man page
This is reverting the revert and adaption to fix the issue which causedthe revert
bootstrap: Set master node's {c,m}time on cluster init
Revert "InitCluster support for ndparams"
This reverts commit fd7f5b411ca61be2e4eff638773ba6c0fac7eb32.
InitCluster support for ndparams
ConfigWriter: prevent using a foreign config
If the configuration file doesn't denote this node as master, we preventstartup. This would have detected our previous race condition moreeasily, hence we add it as a permanent check.
Signed-off-by: Iustin Pop <iustin@google.com>...
Fix bootstrap.MasterFailover race with watcher
This fixes a recently diagnosed race condition between master failoverand the watcher.
Currently, the master failover first stops the master daemon, checksthat the IP is no longer reachable, and then distributes the updated...
Add prealloc_wipe_disks as a cluster-wide configuration variable
This is the first step for the support of wiping block devices priorto creation of the instance.
Stop all daemons precautiosly before trying to start ganeti-noded again
Please note that if the pid file is broken or missing we'll not catchthe process (if any is running) and it's up to the user to fix this state
Signed-off-by: René Nussbaumer <rn@google.com>...
InitConfig: create nodegroups as well
This patch also ensures that the initial configuration has all theneeded UUIDs and that they are unique, by using aTemporaryReservationManager inside InitConfit to generate them.
Change bootstrap.SetupDaemonNode to use scp as we can assume SSH is setup
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Manuel Franceschini <livewire@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Switch to the RPC call to update /etc/hosts in LUAddNode and LURemoveNode
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
gnt-node add: add error msg when using IPv6
Signed-off-by: Manuel Franceschini <livewire@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Use family in backend.StartMaster
This patches changes the StartMaster method to consult the clusterprimary ip version when deciding whether to use arping or ndisc6 afteractivating the master ip.
Signed-off-by: Manuel Franceschini <livewire@google.com>...
Support IPv6 node add
Signed-off-by: Manuel Franceschini <livewire@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Add new cluster parameter primary_ip_version
We expose the ip_version (4, 6) to the external interface and internallywe convert it to ip_family (AF_INET=2, AF_INET6=10). This makes the codemore concise as all functions deal with family rather than version....
Fix some small newline style issues
Support for resolving hostnames to IPv6 addresses
This patch enables IPv6 name resolution by using socket.getaddrinfoinstead of socket.gethostbyname_ex.
It renames the HostInfo class to Hostname and unifies its use throughoutthe code. This is achieved by using static calls where no object is...
cluster init: Write ssconf before noded starts
This change is needed as we will need to read the primary ip versioncluster parameter before we start the node daemon. The reason is that weneed to know in advance if we bind to the IPv4 or IPv6 any address....
Introduce new IPAddress classes
This patch unifies the netutils functions dealing with IP addresses tothree classes:- IPAddress: Common IP address functionality- IPv4Address: IPv4 specific functionality- IPv6address: IPv6-specific functionality
Furthermore it adds methods to check whether an address is a loopback...
Always set commonName in X509 certificates
Due to the current switch of the RPC client to PycURL, a bug with newerversions of libcurl surfaced. When the 'Subject' or 'Issuer' of'server.pem' were empty, SSL handshake failed.
This patch changes the certificate generation functions such that they...
Introduce lib/netutils.py
This patch moves network utility functions to a dedicated module.
Add default_iallocator cluster parameter
Add a cluster parameter to hold the iallocator that will be used by defaultwhen required and no alternative (manually-specified iallocator ormanually-specified node(s)) is given.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>...
Add a delay in master failover
I have seen some very seldom errors where (it seems) the address isstill live for a short while after removing it from the old master, thusthe new master will fail in startup/adding its own IP address.
To prevent against this, we add a delay/retry before we proceed, if the...
Check and set drbd helper during bootstrap
Signed-off-by: Luca Bigliardi <shammash@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Introduce utils.IsValidIP{4,6}()
This patch introduces functions to check for valid IPv4 and IPv6addresses and converts IsValidIP() to return True if it is either a IPv4or a IPv6 address.
For now we do not change the functional behavior and replace IsValidIP...
cfgupgrade: Local variable for cluster-domain-secret filename
This is necessary to allow cfgupgrade to work on a non-standard directory.
Merge branch 'devel-2.1'
Conflicts: doc/security.rst trivial lib/cli.py trivial
Signed-off-by: Balazs Lecz <leczb@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Add --uid-pool option to gnt-cluster init
Signed-off-by: Balazs Lecz <leczb@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Fix cluster behaviour with disabled file storage
There are a few issues with disabled file storage:- cluster initialization is broken by default, as it uses the 'no' setting which is not a valid path- some other parts of the code require the file storage dir to be a...
Fix cfgupgrade with non-default DATA_DIR
Commit 43575108 added bootstrap.GenerateclusterCrypto and commit7506a7f1 changed cfgupgrade to use it. However, this lost thefunctionality of upgrading in non-default DATA_DIR.
To fix this, we enhance bootstrap.GenerateclusterCrypto to accept custom...
Add a new cluster parameter maintain_node_health
This will be used to conditionally enable the watcher node maintenancefeature.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Add cluster domain secret
Information exchanged between different clusters via untrustedthird parties (e.g. for remote instance import/export) must besigned with a secret shared between all involved clusters toensure the third party doesn't modify the information....
Merge remote branch 'origin/devel-2.1'
Conflicts: lib/bootstrap.py: Trivial lib/constants.py: Trivial
Rename SSL_CERT_FILE to NODED_CERT_FILE
To be consistent with RAPI_CERT_FILE, the rather generic named“SSL_CERT_FILE” constant is renamed to “NODED_CERT_FILE”. The actual filename is not changed.
Rightname confd's HMAC key
Currently, the ganeti-confd's HMAC key is called “cluster HMAC key” orsimply “HMAC key” everywhere. With the implementation of inter-clusterinstance moves, another HMAC key will be introduced for signing criticaldata. They can not be the same, so this patch clarifies the purpose of the...
bootstrap: Add new function to create cluster certs and keys
The code to generate cluster certificates, keys and secrets is currentlyspread over several places. It makes sense to move it to a separatefunction as we want to provide the user with the ability to automatically...
Validate the hostnames at creation time
This patch adds validation of new names used, i.e. at cluster init time,node add time, and instance creation.
For instances, especially when using «--no-name-check» (which skips DNSchecks), we should validate the give name, and also normalize it...
bootstrap: Wait for node daemon when adding new node
Until now this was only done for the master node, thoughthe problem originally fixed in 8f215968 also occurs forother node daemons.
Move function generating SSL certs into utils
Also add unittest.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Generate hmac file with a newline at the end
This makes it slightly easier to cut&paste its content.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Add new “daemon-util” script to start/stop Ganeti daemons
Until now, Ganeti started and stopped its own daemons using custom functions.To start, the daemon was just executed and then sent the appropriate signals tostop it again. Init scripts would have to pay attention to the PID file and...
Introduce a wrapper for hostname resolving
Currently a few of the LU's CheckPrereq use utils.HostInfo which raisesa resolver error in case of failure. This is an exception from thestandard that CheckPrereq should raise an OpPrereqError if the error isin the 'pre' phase (so that it can be retried)....
Another round of pylint-related style fixes
A newer version of pylint, more warnings…
bootstrap: Convert to utils.Retry
Convert the rest of the OpPrereqError users
This finishes the conversion of OpPrereqError creation to two-argumentstyle. Any leftovers as one-argument are not breaking anything, justlosing information about the errors.
Make cluster initialization more reliable
There was a race condition between starting the node daemonand sending requests to write the ssconf files. With thispatch, the initialization waits up to ten seconds for thenode daemon to become responsive.
Provide feedback from redistributing configuration
This is particularily useful for “gnt-cluster redist-conf”, butalso for all other cases where the configuration files arerewritten on other nodes.
$ gnt-cluster redist-conf… Copy of file /var/lib/ganeti/config.data to node … failed: Error while...
Adding '--no-ssh-init' option to 'gnt-cluster init'.
Allows the initialization of a cluster without the creation or distributionof SSH key pairs. Includes changes for LeaveCluster and RPC.
Signed-off-by: Ken Wehr <ksw@google.com>Signed-off-by: Guido Trotter <ultrotter@google.com>...
bootstrap: Factorize HMAC key generation
Make bootstrap._GenerateSelfSignedSslCert public
Add uuid on node/instance add and cluster init
This patch does a little bit of cleanup first, since we want to callGenerateUniqueID without reacquiring the lock.
Note that we don't necessarily need to do this for the cluster, since atfirst startup ConfigWriter will do it anyway. But it's better to...
Node init: copy hmac key as well
Without this confd will not start when a node is added to the cluster.
Remove RpcResult.RemoteFailMsg completely
Fix authorized_keys generation at cluster init
Copy pub_key in authorized_keys.
Signed-off-by: Luca Bigliardi <shammash@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Use ReadFile/WriteFile in more places
This survived QA, burnin and unittests.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Luca Bigliardi <shammash@google.com>