History | View | Annotate | Download (32.7 kB)
Use node UUID as client certificate serial number
It turns out, that some implementations of OpenSSL are morepedantic in checking the certficates than others. In thisparticular case, the SSL connection could not beestablished when the serial number of the certificates...
Verify client certificates
This patch adds a step to 'gnt-cluster verify' to verifythe existence and validity of the nodes' clientcertificates. Since this is a crucial point of thesecurity concept, the verification is very detailed withexpressive error messages and well tested by unit tests....
Verify incoming RPCs against candidate map
From this patch on, incoming RPC calls are checked againstthe map of valid master candidate certificates. If no mapis present, the cluster is assumed to be inbootstrap/upgrade mode and compares the incoming call...
Extend RPC call to create SSL certificates
So far the RPC call 'node_crypto_tokens' did only retrievethe certificate digest of an existing certificate. Thiscall is now enhanced to also create a new certificate andreturn the respective digest. This will be used in various...
Retrieve a node's certificate digest
In various cluster operations, the master node needs toretrieve the digest of a node's SSL certificate. For thispurpose, we add an RPC call to retrieve the digest. Thefunction is designed in a general way to make it possible...
Gluster: add the Shared File storage type
The shared file and gluster disk templates should not report their diskspace information like file does, because they do not behave the same.
If a cluster pulls from the same, shared source of storage then it is...
Use configured SSH ports when connecting to a console
This is accomplished by passing the corresponding node group tohv_*.py. Tests for hv_*.py that call GetInstanceConsole updated.
Signed-off-by: Petr Pudlak <pudlak@google.com>Reviewed-by: Hrvoje Ribicic <riba@google.com>
Update unit tests for custom SSH ports
The unit tests now include the configurations of SSH ports for nodegroups/nodes.
Use custom SSH ports in node groups when working with nodes
Calling `gnt-instance console` with a custom SSH port doesn't work yet.
Add a console information RPC call
As the instance queries need console information, and the informationis retrieved through python classes that should not be ported yet, anRPC call supplying the information has been added. Some tests as well.
Signed-off-by: Hrvoje Ribicic <riba@google.com>...
Merge branch 'stable-2.8' into stable-2.9
Merge branch 'stable-2.7' into stable-2.8
ganeti.backend_unittest: chmod restricted cmd dir
TestVerifyRestrictedCmdDirectory.testNormal implicitly relies on the currentumask to check the behaviour of backend._VerifyRestrictedCmdDirectory. However,when run under a more relaxed umask (as in the case of the Debian buildd's...
Fix another missing renaming
This fixes a (due to a merge) slipped occurence ofVALID_STORAGE_TYPES which was renamed to STORAGE_TYPES.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
Rename VALID_STORAGE_TYPES to STORAGE_TYPES
For consistency, this patch renames 'VALID_STORAGE_TYPES'to 'STORAGE_TYPES', because the set of valid disktemplates is also just names 'DISK_TEMPLATES'.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Move space reporting constant to constants.py
This patch moves the constant which is used to determinewhether a storage type provides storage space reportingfrom the utils package to the constants. This way, wecan also use it in haskell and it fits there semantically...
Unit tests for _GetVgInfo
This patch provides unit tests for the backend's_GetVgInfo function. In order to mock the underlyingbackend function, it was necessary to make it anoptional parameter of the function.
Signed-off-by: Helga Velroyen <helgav@google.com>...
Fix module functions overridden by mocks
This patch fixes remaining occurrences of module functionsthat were overridden by mock functions. They need to beset back to their original functions after the test caseends.
Unit tests for _GetVgSpindlesInfo
This patch provides unit tests for _GetVgSpindlesInfo.In order to mock the used function for the 'bdev' moduleI made the low-level storage function an optional parameterof _GetVgSpindlesInfo. I also found out that mocked...
More sanity checks for spindle space reporting
This patch adds a wrapper around the space reportingfor spindles which includes more sanity checks forthe input. Unit tests provided.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>
Tighten sanity checks for '_GetLvmVgSpaceInfo'
This patch tightens the sanity checks for the input of'_GetLvmVgSpaceInfo' and provides unit tests for it.
Factor out check for storage params
This patch factors out the sanity checks for storageparameters in its own function. Unit tests included.
Add general storage parameters to node info call
As described in the design doc about storage types,we plan to generalize the RPC call "node info" wrt tostorage types. This patch extends the call by acceptinga list of storage units, that is not only identified...
backend unit tests: remove unused imports and variables
This patch removes some unused imports and an unusedvariable of the backend unit test. No functional changesotherwise.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Thomas Thrainer <thomasth@google.com>
Unit tests for ApplyStorageSpaceFunction
So far, the function 'ApplyStorageSpaceFunction' was notcovered by unit tests. Before the integration of spacereporting for file storage, we add those missing tests.
backend.py: use hvparams in GetNodeInfo
This patch extends the GetNodeInfo function of the backendmodule by a hvparams parameter. For now, it contains afallback solution for when the parameter is None. Thisfallback will be removed in a later patch of this series....
Verify: xen toolstack, hypervisor and hvparams
This patch extends the node verification by:- Adding a check for the xen toolstack when the hypervisor is verified.- Factoring out the hypervisor verification in a subfunction to increase testability.- Factoring out the hvparams verification in a...
backend.py: hvparams in 'GetInstanceList'
Propagating the use of hvparams further up the callinghierarchy, this patch makes the backend module use thehvparams in 'GetInstanceList'. Unit tests provided.
Remove old "reason" implementation
Remove the useless parts of the old, partial, implementation of the support fortracking the reason of instances state change, before implementing the newreason trail support, as per the design document.
Signed-off-by: Michele Tartara <mtartara@google.com>...
Infrastructure for specifying instance status change reason
This patch introduces some infrastructural modifications that will be used bythe following commits to implement the support for specifying the reason forthe last status change of an instance....
Finish the remote→restricted commands rename
The documentation still points to /etc/ganeti/remote-commands,although the code is already using restricted-command. Update thedocumentation and a few docstrings accordingly.
Signed-off-by: Iustin Pop <iustin@google.com>...
Add test for backend._GetBlockDevSymlinkPath
Add a unit test for the trivial “_GetBlockDevSymlinkPath” function inbackend (small changes in the function were required).
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Bernardo Dal Seno <bdalseno@google.com>
Move python test files to test/py
This is the first step of the test files reorganisation: moving test/*(except test/data) to new directory test/py/.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>