Statistics
| Branch: | Tag: | Revision:

root / lib @ 649bcdd8

# Date Author Comment
649bcdd8 04/16/2010 04:11 pm Balazs Lecz

Manage the assignment of uids from the uid pool

Signed-off-by: Balazs Lecz <>
Reviewed-by: Guido Trotter <>

0fbae49a 04/16/2010 04:11 pm Balazs Lecz

Add uid_pool to ssconf

Signed-off-by: Balazs Lecz <>
Reviewed-by: Guido Trotter <>

39b0f0c2 04/16/2010 04:10 pm Balazs Lecz

Add --uid-pool option to gnt-cluster init

Signed-off-by: Balazs Lecz <>
Reviewed-by: Guido Trotter <>

852bbc95 04/16/2010 04:10 pm Balazs Lecz

Add printing of uid_pool to gnt-cluster info

Signed-off-by: Balazs Lecz <>
Reviewed-by: Guido Trotter <>

fdad8c4d 04/16/2010 04:10 pm Balazs Lecz

Add --add-uids/--remove-uids to gnt-cluster modify

Signed-off-by: Balazs Lecz <>
Reviewed-by: Guido Trotter <>

1338f2b4 04/16/2010 04:10 pm Balazs Lecz

Add --uid-pool option to gnt-cluster modify

Signed-off-by: Balazs Lecz <>
Reviewed-by: Guido Trotter <>

6d127406 04/16/2010 04:10 pm Balazs Lecz

Add lib/uidpool.py module

Signed-off-by: Balazs Lecz <>
Reviewed-by: Guido Trotter <>

4437d889 04/16/2010 04:10 pm Balazs Lecz

Add uid_pool cluster parameter

Signed-off-by: Balazs Lecz <>
Reviewed-by: Guido Trotter <>

f2e07bb4 04/16/2010 03:33 pm Michael Hanselmann

backend: Consolidate code opening real block device

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

339be5a8 04/15/2010 06:24 pm Michael Hanselmann

utils: Add class to split string stream into lines

This will be used by the new import/export daemon to split
output by its child processes into lines.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

0e3baaf3 04/15/2010 05:37 pm Iustin Pop

Fix cluster behaviour with disabled file storage

There are a few issues with disabled file storage:
- cluster initialization is broken by default, as it uses the 'no'
setting which is not a valid path
- some other parts of the code require the file storage dir to be a...

aeefe835 04/15/2010 05:36 pm Iustin Pop

Fix cfgupgrade with non-default DATA_DIR

Commit 43575108 added bootstrap.GenerateclusterCrypto and commit
7506a7f1 changed cfgupgrade to use it. However, this lost the
functionality of upgrading in non-default DATA_DIR.

To fix this, we enhance bootstrap.GenerateclusterCrypto to accept custom...

88394aa7 04/15/2010 12:08 pm René Nussbaumer

Improving the RAPI documentation

  • Be more clear about when POST and PUT should be used
  • Be more verbose on parameters
  • Describe allowed parameter values (if not self explaining)

Signed-off-by: René Nussbaumer <>
Reviewed-by: Iustin Pop <>

e588764d 04/12/2010 04:57 pm Iustin Pop

Add a identify-defaults options for import

When importing an instance, all the saved valued will be used as
explicitly specified values, overriding the cluster defaults. This means
export+import will change the status (from default to explicitly
specified) of parameters....

b6cd72b2 04/12/2010 04:57 pm Iustin Pop

Fix create/import verification of hvparams

Currently the instance creation checks the cluster hv defaults + the new
parameters for validity, ignoring the os-specific hvparams (this was an
oversight during the implementation of the os hvp). This patch uses the...

d63479b5 04/12/2010 04:57 pm Iustin Pop

objects.Cluster: add method to get hv defaults

Currently the FillHV method is the one that does the cluster hvparams +
os hvparams merger. However, in some cases we need to do just this,
without adding the instance hvparams on top.

This patch adds a function to compute just this (hv + os hvp...

0af0f641 04/12/2010 04:57 pm Iustin Pop

Reuse NIC information from export

If the user doesn't pass any nics in import, do not use a default
one-nic, but instead read the nics from the export file as is.

Fortunately the export and the way nics are read from the command line
are compatible…

Signed-off-by: Iustin Pop <>...

cc0d88e9 04/12/2010 04:57 pm Iustin Pop

Reuse backend parameters from export

Similar to the previous patches, if we're missing some parameters and
the export has them (either in the new style or old-style), we reuse
them.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

9b12ed0f 04/12/2010 04:57 pm Iustin Pop

Reuse disk information from export

If the user doesn't pass the disk information on import, automatically
reuse the number and size of disks. This loses the iv_name attribute,
but that is only cosmetic and cannot be changed by the user.

Signed-off-by: Iustin Pop <>...

9f88b0e8 04/12/2010 04:56 pm Iustin Pop

Reuse hypervisor parameters in import

If available, we reuse the parameters from the export info.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

f276c4b5 04/12/2010 04:56 pm Iustin Pop

Read disk template from export info

This patch changes the instance import to read the disk template
automatically from the export info, if the opcode doesn't already
specify a disk template.

To do this, we have a couple of additional changes:

- change from required parameter to optional one for disk_template...

c1c31426 04/12/2010 04:56 pm Iustin Pop

CreateInstance: separate the reading of the export

We move the reading of the export to a separate function, to simplify
CheckPrepreq and also read it earlier. This will allow building the
missing opcode parameters from the export information, instead of...

22f50b1d 04/12/2010 04:56 pm Iustin Pop

Move code from ExpandNames to CheckPrereq

This is needed since only in CheckPrereq we have the nodes locked, and
future import enhancements will need to have access to the export info
during the parameter build.

Signed-off-by: Iustin Pop <>...

417eabe2 04/12/2010 04:56 pm Iustin Pop

CreateInstance: Move some code to CheckArguments

ExpandNames holds too much non-locking code (first LU to be converted to
ExpandNames, and we didn't have CheckArguments at that poin), and this
patch moves the checks that are lock-independent to CheckArguments....

3c8954ad 04/12/2010 04:56 pm Iustin Pop

Export more instance parameters in instance export

Currently the backend parameters are not exported automatically, but
only a few directly in the '[instance]' section. Hypervisor type and
hypervisor parameters are not exported at all.

This patch creates two separate sections for the be and hv parameters,...

6801eb5c 04/12/2010 04:56 pm Iustin Pop

Export the nicparams too during instance export

The patch tries to export all params (based on the dict defined in
constants), using None for missing keys.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

2a518543 04/12/2010 04:56 pm Iustin Pop

Handle errors better for wrong nic_count in export

This fixes an old 'FIXME' entry.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

fe7c59d5 04/09/2010 05:54 pm Guido Trotter

Fix new pylint errors

Under squeeze pylint reports the following errors:
  • Module ganeti.serializer
    E1103:155:LoadSignedJson: Instance of 'False' has no 'get' member (but some types could not be inferred)
  • Module ganeti-masterd
    E1103:166:ClientRqHandler.handle: Instance of 'False' has no 'get' member (but some types could not be inferred)...
cc6484c4 04/09/2010 10:57 am Iustin Pop

ConfdClient.SendRequest: allow max coverage

This patch changes the coverage parameter to allow specification of max
coverage (via -1), versus auto-computation (default, 0) and manual
specification.

Unittests are updated for this case too.

Signed-off-by: Iustin Pop <>...

5c465a95 04/08/2010 06:50 pm Iustin Pop

Export the maintain_node_health option in ssconf

Signed-off-by: Iustin Pop <>
Reviewed-by: Guido Trotter <>

3953242f 04/08/2010 06:50 pm Iustin Pop

Add a new cluster parameter maintain_node_health

This will be used to conditionally enable the watcher node maintenance
feature.

Signed-off-by: Iustin Pop <>
Reviewed-by: Guido Trotter <>

aa2efc52 04/08/2010 06:50 pm Iustin Pop

Add a new confd callback (StoreResultCallback)

This new callback simply stores (without calling any lower-level
callback) the last result; coupled with the filtering callback, this
ensures that it has the 'best' response after all have been received.

The result can then be retrieved via the GetResponse method....

bfbbc223 04/08/2010 06:50 pm Iustin Pop

ConfdClient: add synchronous wait for replies mode

Currently, there is no way for a user of the confd client library to
know how many replies there should be, whether all have been received,
etc. This is bad since we can't reliably detect the consistency of the...

71e114da 04/08/2010 06:50 pm Iustin Pop

ConfdClient: unify some internal variables

Currently the requests are tracked in _request and in _expire_requests.
This is conventient, but it restricts the ability to extend the request
tracking, e.g. via packet stats and/or extension of expiration time....

39292d3a 04/07/2010 04:57 pm Iustin Pop

Fix consistency checks in ConfdFilterCallback

Commit 49b3fda added consistency checks, but these are wrongly triggered
for old responses - we need to make sure to check that we have the same
serial.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

1b429e2a 04/07/2010 04:55 pm Iustin Pop

Fix utils.WaitForFdCondition inner retry loop

Commit dfdc4060 added WaitForFdCondition which uses utils.Retry without
handling timeout exceptions. This breaks any nested retry loops.

This patch fixes the above function, and also changes utils.Retry to
detect and warn future similar cases. In addition, we add a few small...

cc2f004d 04/07/2010 04:31 pm Michael Hanselmann

Fix bug introduced in 76e5f8b54: mkdir mode

After commit 76e5f8b54, mkdir_mode in utils.RenameFile is
no longer passed to Makedirs. This is fixed by this patch.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

76e5f8b5 04/07/2010 04:15 pm Michael Hanselmann

utils: Move wrapper code around os.makedirs into separate function

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

95ab4de9 04/06/2010 05:37 pm David Knowles

Adding RAPI client library.

Signed-off-by: David Knowles <>
Reviewed-by: Iustin Pop <>
Signed-off-by: Iustin Pop <>
(modified slightly the unittest to account for
missing httplib2 library)

49b3fdac 04/06/2010 12:51 pm Iustin Pop

Extend ConfdFilterCallback with consistency checks

Note that users of the callback will have to manually check the
attribute.

Signed-off-by: Iustin Pop <>
Reviewed-by: Guido Trotter <>

5b349fd1 04/06/2010 12:27 pm Iustin Pop

Abstract the confd client creation

Most creation of confd clients will do the same steps: read MC file,
parse it, read HMAC key, etc. We abstract this functionality so that
we don't duplicate the code.

Signed-off-by: Iustin Pop <>
Reviewed-by: Guido Trotter <>

7ba594c0 03/31/2010 06:51 pm Guido Trotter

kvm_flag hypervisor parameter

Signed-off-by: Guido Trotter <>
Reviewed-by: Iustin Pop <>

cef34868 03/31/2010 05:59 pm Guido Trotter

Move the runas user at execution time

Everything still works the same way, but the user is calculated each
time we start kvm, rather than stored in the config file. This makes it
easier to implement the "pool" security model.

Signed-off-by: Guido Trotter <>...

b39bf4bb 03/25/2010 02:47 pm Guido Trotter

SerializableConfigParser: Make Loads class indep

Currently SerializableConfigParser.Loads is a static method that returns
a SerializableConfigParser. With this patch we change it to a class
method that returns a member of the class. This way a subclass calling...

71834b2a 03/23/2010 06:14 pm Guido Trotter

Unbreak command line job submission

A change introduced in 5299e61f modified the contents of
JobExecutor.jobs, missing a place where this tuple was deconstructed.
This creates a traceback in gnt-* <any> --submit, fixed by this patch.

Signed-off-by: Guido Trotter <>...

91e2d9ec 03/23/2010 01:04 pm Guido Trotter

Write grow support for file storage

Signed-off-by: Guido Trotter <>
Reviewed-by: Iustin Pop <>

2c42c5df 03/23/2010 01:04 pm Guido Trotter

Allow file storage to be grown

Signed-off-by: Guido Trotter <>
Reviewed-by: Iustin Pop <>

4f7a6a10 03/23/2010 12:21 pm Iustin Pop

Distribute list of enabled hypervisors in ssconf

This can be used by nodes to know which hypervisors they are supposed to
support.

Signed-off-by: Iustin Pop <>
Reviewed-by: René Nussbaumer <>

bbcf7ad0 03/23/2010 12:21 pm Iustin Pop

Extend the hypervisor API with name-only shutdown

Currently the ShutdownInstance method of the hypervisors takes a full
instance object. However, when doing instance shutdowns from the node
only, we don't have a full object, just the name.

To handle this use case, we add a new ‘name’ argument to the method,...

728489a3 03/23/2010 11:31 am Guido Trotter

Fix burnin error when trying to grow a file volume

Abstract the growable disk types in a ganeti constants, and only run
disk grow, from burnin, on them.

Signed-off-by: Guido Trotter <>
Reviewed-by: Iustin Pop <>

ed904904 03/23/2010 10:35 am Iustin Pop

Fix backend.VerifyNode behaviour for VG problems

In case LVM is broken, backend.GetVolumeList will raise an RPC exception
(as expected since it's a function exposed over RPC). Therefore we must
be prepared to catch any such exceptions, so that we don't fail the...

e7b61bb0 03/23/2010 10:35 am Iustin Pop

Introduce a bool CLI option type

This option type enforces its value to either True or False, relieving
the scripts from manually parsing the values in each function.

We also update the bash completion code to use the option type if
possible.

Signed-off-by: Iustin Pop <>...

02c521e4 03/23/2010 10:35 am Iustin Pop

A rewrite of LUClusterVerify

Per issue 90, current cluster verify is very very brittle. It's one of
the oldest pieces of code, with only additions without cleanups over the
last years.

Among its problems:

- data initialization interspersed with verification of RPC results,...

3a488770 03/23/2010 10:35 am Iustin Pop

Some epydoc fixes

Signed-off-by: Iustin Pop <>
Reviewed-by: Guido Trotter <>

2263aec2 03/23/2010 10:33 am René Nussbaumer

Adding missing documentation to make the docs better

Also fixed a typo I noticed.

Signed-off-by: René Nussbaumer <>
Reviewed-by: Iustin Pop <>

cdeefd9b 03/22/2010 08:06 pm Guido Trotter

Remove race condition in FileStorage.Create

Rather than checking that the file doesn't exist, and then creating it,
we create it with O_CREAT | O_EXCL, making sure the checking/creation is
atomic.

Signed-off-by: Guido Trotter <>
Reviewed-by: Michael Hanselmann <>

263b8de6 03/22/2010 08:06 pm Guido Trotter

KVM: Check instances for actual liveness

Currently if we find a live process with the pid we saved we assume kvm
is alive. What could happen, though, is that the pidfile has been
reused.

In order to avoid that we change the check to make sure, everywhere,...

4fbb3c60 03/22/2010 08:06 pm Guido Trotter

KVM: improve GetInstanceInfo docstring

Signed-off-by: Guido Trotter <>
Reviewed-by: Iustin Pop <>

284c69f0 03/22/2010 08:06 pm Guido Trotter

Revert "Only override any and all if not defined"

This reverts commit bd5617020a50bcd08269330638d64078c1b30b71.

Turns out our and python's any/all are not compatible.

Signed-off-by: Guido Trotter <>
Reviewed-by: Iustin Pop <>

0a37de5f 03/22/2010 05:25 pm René Nussbaumer

Adding RAPI call to deactivate-disks for an instance

Signed-off-by: René Nussbaumer <>
Reviewed-by: Iustin Pop <>

2197b66f 03/22/2010 05:25 pm René Nussbaumer

Adding RAPI call for activate-disks on an instance

Signed-off-by: René Nussbaumer <>
Reviewed-by: Iustin Pop <>

9d099698 03/18/2010 04:29 pm Guido Trotter

SimpleConfigReader: add docstrings

All non-oneliner functions, after this patch, have their docstring.

Signed-off-by: Guido Trotter <>
Reviewed-by: Iustin Pop <>

d63997b3 03/18/2010 01:39 pm Guido Trotter

Replace @keyword with @param in confd client

@keyword was used inappropriately.

Signed-off-by: Guido Trotter <>
Reviewed-by: Michael Hanselmann <>

8496d93c 03/18/2010 01:39 pm Guido Trotter

ConfdClient: add synchronous features

By sending requests with async=False, and receiving replies with
ReceiveReply we can more easily use confd from a synchronous client.

Signed-off-by: Guido Trotter <>
Reviewed-by: Iustin Pop <>

04cdf663 03/18/2010 01:39 pm Guido Trotter

ConfdCountingCallback

This new confd callback counts received replies for the registered
queries.

Signed-off-by: Guido Trotter <>
Reviewed-by: Michael Hanselmann <>

dcd511c8 03/18/2010 01:39 pm Guido Trotter

move http.WaitForSocketCondition to utils

Signed-off-by: Guido Trotter <>
Reviewed-by: Michael Hanselmann <>

dfdc4060 03/18/2010 01:39 pm Guido Trotter

WaitForSocketCondition: rename, handle EINTR

- Rename WaitForSocketCondition to SingleWaitForFdCondition
- Avoid potentially infinite loop, if we continue to get interrupted
- Handle eintr correctly
- Avoid the poller try/finally, as the poller object gets destroyed...

6ddf5c8f 03/18/2010 01:39 pm Guido Trotter

AsyncUDPSocket.process_next_packet

This function allows receiving socket data synchronously.

Signed-off-by: Guido Trotter <>
Reviewed-by: Michael Hanselmann <>

8216580d 03/18/2010 01:38 pm Guido Trotter

AsyncUDPSocket: abstract do_read function

This basically implements read handling, without catching all
exceptions. When using the socket in synchronous mode, it's useful to
avoid losing exception data (which, in an async daemon, can only be
logged)

Signed-off-by: Guido Trotter <>...

bd561702 03/18/2010 01:38 pm Guido Trotter

Only override any and all if not defined

If any or all are already defined (because we're using a new version of
python) just link them inside "utils" rather than redefining them.

Signed-off-by: Guido Trotter <>
Reviewed-by: Michael Hanselmann <>...

56569f4e 03/17/2010 06:58 pm Michael Hanselmann

backend: Two small style fixes

- Pass keyword parameter as such
- Replace “not x == y” with “x != y”

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Guido Trotter <>
Reviewed-by: Iustin Pop <>

74adc100 03/17/2010 06:22 pm Iustin Pop

Allow cluster copy file over the replication net

This patch introduces the option “--use-replication-network” for the
cluster copyfile functionality, which is useful if the primary and
secondary network are significantly different (see issue 32).

Signed-off-by: Iustin Pop <>...

e9e26bb3 03/17/2010 06:22 pm Iustin Pop

Enhance cli.GetOnlineNodes query/filtering

This patch allows GetOnlineNodes to return the secondary IPs instead of
the node names, and to provide filtering of the master node (required to
be done in this function in case we return the secondary IPs).

Signed-off-by: Iustin Pop <>...

25a8792c 03/17/2010 04:11 pm Iustin Pop

Instance creation: implement --no-install mode

This is a simple patch that adds the no-install mode for instance
creation, allowing import from foreign source of the actual OS (instead
of requiring the preparation of data in a form expected by the import...

96b39bcc 03/17/2010 04:10 pm Iustin Pop

Allow OS changes without reinstallation

This patch modifies LUSetInstanceParms to allow OS name changes, without
reinstallation, in case an OS gets renamed on-disk.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

231cd901 03/17/2010 04:10 pm Iustin Pop

cmdlib: Abstract OS checks

This patch moves the node-has-os checks to a separate function.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>
Reviewed-by: Guido Trotter <>

d512e84b 03/16/2010 04:05 pm Michael Hanselmann

Improve “gnt-cluster renew-crypto”

- Report exception text immediately instead of just logging it
- Remove leftover assertion from when it still used “gnt-cluster
modify”

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

8fe9239e 03/16/2010 03:29 pm Iustin Pop

Fix behaviour of gnt-node modify -C no

The current check on whether we require auto_promote or not is wrong, as
we check whether we will have exactly the correct number of master
candidates left. But it is fine if we have more (e.g. when CPS=10 and
mc_remaning=19) than the current number, and in that case we shouldn't...

168c1de2 03/15/2010 06:40 pm Michael Hanselmann

Rename SSL_CERT_FILE to NODED_CERT_FILE

To be consistent with RAPI_CERT_FILE, the rather generic named
“SSL_CERT_FILE” constant is renamed to “NODED_CERT_FILE”. The actual file
name is not changed.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

6b7d5878 03/15/2010 06:40 pm Michael Hanselmann

Rightname confd's HMAC key

Currently, the ganeti-confd's HMAC key is called “cluster HMAC key” or
simply “HMAC key” everywhere. With the implementation of inter-cluster
instance moves, another HMAC key will be introduced for signing critical
data. They can not be the same, so this patch clarifies the purpose of the...

01b6558a 03/15/2010 06:18 pm Iustin Pop

Clarify the error message for ':' in PV names

As described in issue 93, just saying ':' is not a valid char can be
confusing.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

2f414c48 03/15/2010 05:38 pm Iustin Pop

Implement conversion from drbd to plain

This is much simpler than the opposite, with fewer possibilities of
failures.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

e29e9550 03/15/2010 05:38 pm Iustin Pop

Implement conversion from plain to drbd

This patch adds a new mode to instance modify, the changing of the disk
template. For now only plain to drbd conversion is supported, and the
new secondary node must be specified manually (no iallocator support).

The procedure for conversion works as follows:...

31624382 03/15/2010 05:29 pm Iustin Pop

Abstract check that an instance is down

Multiple LUs require that an instance is not running while they operate
on the instance (reinstall, rename, modify, recreate disks, deactivate
disks). The code to do this check is duplicate many times, and not very...

701384a9 03/15/2010 05:29 pm Iustin Pop

Abstract node free disk space check

Both create instance and grow disk check the free disk space on nodes
using the same, duplicate code. Since we'll need this in other places in
the future, we abstract the check into a new function.

The patch adjusts the error message to be more in-line with the one for...

5d55819e 03/15/2010 05:28 pm Iustin Pop

Abstract disk template verification

This is a simple check, but we'll need it in multiple places.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

5029db65 03/15/2010 05:17 pm Iustin Pop

Implement disk adoption mode in gnt-instance

This patch modifies the parsing of the “--disk” argument to instance
create to accept “adopt” as a valid key, which builds the correct disk
structure for OpCreateInstance.

Signed-off-by: Iustin Pop <>...

c3589cf8 03/15/2010 05:17 pm Iustin Pop

LUCreateInstance: implement disk adoption mode

This new mode, valid only for the plain template disk, allows creation
of an instance based on existing logical volumes (preserving data),
rather than creation of new volumes and OS creation.

The new mode works as follows:...

d8aee57e 03/15/2010 05:16 pm Iustin Pop

ConfigWriter: add an LV reservation manager

This patch adds an LV reservation manager to be used for LV names. Since
we now have four such managers, we create a list for easier release.

Signed-off-by: Iustin Pop <>
Reviewed-by: Guido Trotter <>

df4272e5 03/15/2010 05:16 pm Iustin Pop

LUCreateInstance: Move parameter init earlier

This way, the parameters are available in CheckArguments too.

Signed-off-by: Iustin Pop <>
Reviewed-by: Guido Trotter <>

6d4a1656 03/12/2010 05:45 pm Michael Hanselmann

Implement replacing cluster certs and keys via “gnt-cluster renew-crypto”

Recent changes to “gnt-cluster verify” made it complain on expiring SSL
certificates. While it was possible to replace the SSL certificates and
other cluster secrets manually before, doing so was cumbersome. Cluster...

7e49b6ce 03/12/2010 05:45 pm Michael Hanselmann

cli: Add helper function to stop and start whole cluster

Replacing cluster certificates and keys requires all cluster daemons to be
shut down. This might also be handy for the cluster merger tool, though
the function might need a few more extensions.

Signed-off-by: Michael Hanselmann <>...

43575108 03/12/2010 05:44 pm Michael Hanselmann

bootstrap: Add new function to create cluster certs and keys

The code to generate cluster certificates, keys and secrets is currently
spread over several places. It makes sense to move it to a separate
function as we want to provide the user with the ability to automatically...

1d466a4f 03/12/2010 05:44 pm Michael Hanselmann

utils.CreateBackup: Use human-readable instead of seconds since Epoch

Seconds since the Epoch are not easily readable by a human. Using a
formatted timestamp makes it easier (e.g.
“….backup-2010-03-12_14_02_43.…”). This patch also makes OS logfiles use
this formatted timestamp....

b98bf262 03/12/2010 05:44 pm Michael Hanselmann

Verify cluster certificates in LUVerifyCluster

When using pyOpenSSL 0.7 or above, LUClusterVerify will start to show a
warning 30 days before a certificate expires. 7 days before the
certificate expires, the warning becomes an error. Once expired,
LUVerifyCluster will always report an error. The latter is also supported...

27e46076 03/12/2010 05:44 pm Michael Hanselmann

utils: Add function to extract X509 cert validity

X509 uses ASN1 GENERALIZEDTIME or UTCTIME to store certificate validity.
pyOpenSSL 0.7 and above allow us to retrieve both “notBefore” and
“notAfter” as strings. Parsing them turned out to be a challenge since...

d3100055 03/12/2010 05:44 pm Michael Hanselmann

Add constant with cluster X509 certificates

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

3ab991a4 03/12/2010 03:32 pm Iustin Pop

Merge branch 'stable-2.1' into devel-2.1

  • stable-2.1:
    Release version 2.1.1
    Update NEWS file for the 2.1.1 release
    Validate the os-specific hypervisor parameters

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

0cf5e7f5 03/12/2010 11:33 am Iustin Pop

Improve cluster verify with hypervisor errors

In case the hypervisor has issues on one node, currently
backend.VerifyNode will exit via an exception (two exit paths possible,
one via HypervisorError from hypervisor.Verify(), and one via RPCFail
from GetInstanceList). This is bad as it invalidates all other checks of...

c63355f2 03/11/2010 05:45 pm Iustin Pop

Fix wrong indentation

Sorry…

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>