Verify client certificates
This patch adds a step to 'gnt-cluster verify' to verifythe existence and validity of the nodes' clientcertificates. Since this is a crucial point of thesecurity concept, the verification is very detailed withexpressive error messages and well tested by unit tests....
Verify incoming RPCs against candidate map
From this patch on, incoming RPC calls are checked againstthe map of valid master candidate certificates. If no mapis present, the cluster is assumed to be inbootstrap/upgrade mode and compares the incoming call...
Handle client certificates on node add/remove
This patch adds the certificate of a newly added orreadded master candidate node to the map of master candidatecertificates. It removes a master candidate node's certificatedigest from the candidate certificate map if the node is...
Add certificate for master node
On cluster initialization, the master node'sSSL certificate digest is added to the list of mastercandidate certificates.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Hrvoje Ribicic <riba@google.com>
Merge branch 'stable-2.10' into master
Add a Python directory for RPC code to keep it at one place
Move rpc.py to rpc/node.py and modify imports in existing code.
Signed-off-by: Petr Pudlak <pudlak@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Gluster: mount automatically
Add parameters to the Gluster disk template so Gluster can manage themount point point autonomously.
Signed-off-by: Santi Raffa <rsanti@google.com>Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Thomas Thrainer <thomasth@google.com>
Gluster: use ssconf value for mountpoint directory
Gluster still does not mount anything autonomously, but this commitchanges where Gluster expects its mountpoint to be.
Signed-off-by: Santi Raffa <rsanti@google.com>Signed-off-by: Thomas Thrainer <thomasth@google.com>...
Merge branch 'stable-2.9' into stable-2.10
Remove instance query python code
This patch removes the python code for the instancequeries. So far, it replaces it by 'NotImplemented'exceptions. In a later patch of this series, theremaining part is remove completely.
Signed-off-by: Helga Velroyen <helgav@google.com>...
Use query client when neccessary for group queries
This patch makes code use the query client for groupqueries where necessary in order to remove the pythonqueries soon.
Switch to haskell for export (aka backup) queries
This patch removes the python implementation of export(aka backup) queries. So far, it is replaced by'NotImplemented' exceptions, but later in this seriesit will be replaced completely.
masterd: implement query via luxi
The master daemon so far still did queries via the pythonimplementation. This patch implements that it uses thehaskell implementation and removes the node queries fromthe list of OP-queriable entities.
Introduce --hotplug-if-possible option
This will be useful for an external entity using RAPI thatwants to modify devices of instances.
The common use case for that is:"I want to add a NIC/disk to an instance. If it is runningthen try to hotplug the device. If not, then just add it to config."...
Allow instances to obtain externally reserved IPs
The administrator should be able to assign an externally reserved IPto a Ganeti instance manually, if desired. Currently this is notsupported. External reservations should act as holes in the pool andnot just as IPs already used by someone outside of Ganeti....
Don't allow optional node parameters
Ganeti does not support optional fields in parameters(hypervisor-params, disk-params, etc.). OpenVSwitch related nodeparameters were the exception to this rule, which caused numerousproblems related to import/export and (de-)serialization....
Remove hardcoded references to File, SharedFile templates
DTS_FILEBASED is a constant that exists and this commit makes surethat it is used whenever sensible, rather than resorting to hardcodingthe pair of templates in very many files.
Signed-off-by: Santi Raffa <rsanti@google.com>...
Check if hotplug is supported in CheckPrereq
Introduce new RPC hotplug_supported that invokes the correspondinghypervisor's method which checks if hotplug is generallysupported. Call this RPC early in CheckPrereq() and abort ifhotplug is not supported. Currently only KVM hypervisor with...
Use import-export daemon for intra-cluster moves
This unifies the inter- and intra-cluster moves and the backup code, soless code needs to be maintained.
Also fix failing tests for LUInstanceMove by following the code changesin the tests.
Signed-off-by: Thomas Thrainer <thomasth@google.com>...
Add unittests for Hotplug support
Try base InstanceSetParams tests that modify instance'sdevices with hotplug=True.
Add some unittests for kvm hypervisor regarding runtime filemanipulation. Based on a sample runtime file search forspecific disk and nic entries based on their UUID....
Hotplug: cmdlib support
Hotplugging is done by functions invoked by ApplyContainerMods(). Inorder hotplugging to take place the --hotplug option must be passedotherwise the modifications will take place after reboot.
NIC hotplug supports add, remove and modify. The modify is done by removing...
Return link_name in blockdev_assemble rpc
Until now this RPC returned only dev_path. Since we use it inhotplug we have to know the simlink of the device so that wepass it to the corresponding hypervisor command and include itin block_devices entry in runtime files....
Fix unit test regarding recent changes in node_info RPC
This fixes a unit test in instance_storage_unittest.py,which was affected by the recent change in the RCP'node_info'.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Hrovje Ribicic <riba@google.com>
Move orphaned unit tests to cmdlib/cluster_unittest.py
Through some merge from 2.9 to master, some unit testsin the file ganeti.comdlib.common_unittest.py wereno longer referenced in the Makefile and as such notrun anymore. With the introduction of the cmdlib test...
Add unit tests for LUBackupExport
This patch adds unit tests for LUBackupExport.
Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Add unit tests for LUBackupPrepare
This patch adds unit tests for LUBackupPrepare.
Add unit tests for LUBackupQuery
This patch adds unit tests for LUBackupQuery.
Move unit tests for --file-storage-dir to cmdlib/*
There were some unit tests for the '--file-storage-dir'option of 'gnt-cluster modify' still left in the unittest file ganeti.cmdlib.cluster_unittest.py.With the introducion of the unit test framework for...
Move disk template unit tests to test/py/cmdlib/
This patch moves some unit tests related to dis/enablingdisk templates from ganeti.cmdlib.cluster_unittest.pyto cmdlib/cluster_unittest.py to utilized the new cmdlibunit test framework.
Add tests specific to the user/kernelspace access feature
Check that the validation procedures don't accept invalid valuesand also don't choke on valid values.
Signed-off-by: Santi Raffa <rsanti@google.com>Reviewed-by: Thomas Thrainer <thomasth@google.com>
Define 'access' disk-parameter type
Add the "access" parameter to the RBD configuration. Fix test brokenby this change.
Replace 'IALLOCATOR_NEVAC_*' with 'NODE_EVAC_*'
Replace uses of 'IALLOCATOR_NEVAC_PRI', 'IALLOCATOR_NEVAC_SEC','IALLOCATOR_NEVAC_ALL', and 'IALLOCATOR_NEVAC_MODES', with'NODE_EVAC_PRI', 'NODE_EVAC_SEC', 'NODE_EVAC_ALL', and'NODE_EVAC_MODES', given that these constants are repeated....
Prevent lint error in mocked classes
Accessing private methods of parent classes is bad, but it is sometimes the bestapproach for classes mocking them for testing reasons.Selectively disable the related lint error just for the few functions that needto do it....
Fix indentation for newer lints
Newer versions of pylint are more strict regarding indentation rules. Thiscommit fixes a couple of indentations that they consider wrong.
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Jose A. Lopes <jabolopes@google.com>
Honor disks_active of instance when adding disks
Adding a disk to an instance used to leave the disk behind activated, nomatter how the disks_active flag of the instance was. This changes makesure that new disks are only active if the other disks of the instance...
Wait for disk sync when adding a disk
When creating an instance, gnt-instance waits for instance disks tosync. Inconsistently, this was not the case for adding a disk to aninstance. This patch changes the default behavior to wait for sync whenadding a disk, but honor the --no-wait-for-sync option which...
Remove physical_id from config mock
Disk objects no longer support the physical_id field, so remove it frommocked disk objects.
Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Jose A. Lopes <jabolopes@google.com>
Fix tests related to the physical_id field
Remove all references to the physical_id field of disk objects in tests.
Further tests for LUNodeAdd
This patch adds tests for the remaining functionality of LUNodeAdd.
Signed-off-by: Sebastian Gebhard <sege@fs.ei.tum.de>Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>
Add unittests for OpenvSwitch in LUNodeAdd
This patch adds node_unittest.py containing the framework for unittesting LUNodeAdd.At this point, only test setup and tests for OpenvSwitch areimplemented.
Signed-off-by: Sebastian Gebhard <sege@fs.ei.tum.de>...
Replace more IPs with reserved adresses
Recently, some IP addresses were changed to TEST-NETs from RFC 5737.This patch changes some more occurences of wrong IPs and replaces them.
TEST-NET-1 is used for primary_ips, TEST-NET-2 for networks and TEST-NET-3 for...
Mock RPC for unit tests
This patch enables patching the rpc module to create a mocked versionwhich can be used to mock a rpc.DnsOnlyRunner(). This is needed forunit testing LUNodeAdd, as it need to run RPCs against nodes not yetpresent in the configuration....
Fix example IPs and hostnames in tests
Our tests are a form of documentation, and hence should useIPs from the TEST-NET ranges according to RFC 5737. They definitelyshould not use real public IP addresses.
Similarly, example host names should be from one of the reserved...
Add unit test for LUInstanceQuery and -QueryData
This patch provides rudimentary unit test coverage for LUInstanceQueryand LUInstanceQueryData.
Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>
Add unit tests for LUInstanceMigrate and -Failover
This patch adds rudimentary unit test coverage for LUInstanceMigrate andLUInstanceFailover.
Add unit tests for LUInstanceChangeGroup
This patch provides unit test coverage for LUInstanceChangeGroup.
Add unit tests for LUInstanceSetParams
This patch adds unit tests for LUInstanceSetParams. It does not provide100% coverage, but covers a significant portion.
Fix testMasterNetmask in TestLUClusterSetParams
The netmask was previously wrongly given as a bitmask, now it's given asthe net prefix length.
Merge branch 'stable-2.9' into master
cluster modify: deprecate --no-drbd-storage
As in the previous patch, the option '--no-drbd-storage'is deprectated, because it is subsumed by the non-inclusionof 'drbd' in the list of enabled disk templates.
cmdlib/cluster.py: unit tests for usermode helper
This patch factors out the functions that deal with settingand modifying the DRBD usermode helper in cluster.py inorder to make them more unittestable. The unit tests areprovided as well. No functional changes otherwise....
Adapt tests for merged changes in IPolicy handling
The enabled disk templates in IPolicies are stricter checked after themerge from 2.9, so adapt the tests to follow those changes.
Add unit tests for LUInstanceMultiAlloc
This patch adds unit test coverage for LUInstanceMultiAlloc.
Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Add unit test for LUInstanceRename
This patch adds unit test coverage for LUInstanceRename.
Add basic unit tests for instance import
This patch adds basic unit tests for instance import inLUInstanceCreate. It does not provide full coverage though.
Introduce GetMockLU and reduce use of _FakeLU
Introduce a new method of creating a mocked LU for tests, and reduce theuse of the legacy _FakeLU class.
Add unit tests for LUInstanceRemove and -Move
This patch adds unit test coverage for LUInstanceRemove andLUInstanceMove.
Add unit tests for LUInstanceCreate and move tests
- Move instance related tests to instance_unittest.py- Adapt moved tests to the new test framework where appropriate- Add unit test coverage for LUInstanceCreate - Only instance creation is covered yet, no imports...
Add unit test for LUGroupVerifyDisks
This patch adds unit test coverage for LUGroupVerifyDisks.
Add unit test for LUGroupEvacuate
This patch adds unit test coverage for LUGroupEvacuate.
Add unit tests for LUGroupRename
This patch adds unit test coverage for LUGroupRename.
Add unit tests for LUGroupRemove
This patch adds unit test coverage for LUGroupRemove.
Add unit tests for LUGroupSetParams
This adds unit test coverage for LUGroupSetParams.
Add unit test for LUGroupQuery
Provide unit test coverage for LUGroupQuery.
Add unit tests for LUGroupAssignNodes
Add unit test coverage for LUGroupAssignNodes, including the splitinstances check.
Add unit tests for LUGroupAdd
Provide unit test coverage for LUGroupAdd.
Move TestLUGroupAssignNodes to group_unittest.py
While moving the test, it is adapted to the new test framework.
Add test for LUClusterVerifyDisks
This LU only creates additional jobs as result, so this is a trivialunit test.
Extend unit tests for LUClusterVerifyGroup
- Add tests for additional Verify* methods- Converted test for VerifyFiles to the new test framework- Added possibility to prepare the LU in a test class before actually executing the test method with it
Add possibility to access locked LU in tests
This features is useful to test (private) methods of LU's during tests,where those methods rely on the LU being completely initialized andlocking already performed.
An initial version of unit tests for LUClusterVerifyGroup makes use of...
Add test for LUClusterVerifyConfig
Add unit test covering LUClusterVerifyConfig.
Add test for LUClusterVerify
As this LU returns other jobs as result, submitting jobs from withinLU's is now mocked too.
Add unit test for LUClusterRename
Also mock the netutils and ssh module in order to test all code paths.
Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
Add unit test for LUClusterRepairDiskSizes
Also add build method for easy building of disk objects to the testframework.
Introduce shortcut properties for config objects
Some configuration objects are accessed quite often, so introduceshortcut properties for those.
Add unit test for LUClusterSetParams
Some changes to the test framework were performed while writing thistest: - Extended builder for disks - Introduced builder for NICs - Fixed bugs in RpcResultsBuilder
Add unit test for LUClusterPostInit
Also extract common assertion logic for hook invocations toCmdlibTestCase.
Add unit test for LUClusterQuery
Unit-test LUClusterQuery. Some changes in the mocked clusterconfiguration are made, because the configuration was not completelyvalid before.
Add unit test for LUClusterRedistConf
Unit-test LUClusterRedistConf. Given the simplicity of the LU, this unittest only exercises the LU code.
Add unit tests for LUClusterDestroy
This patch adds unit test for the LUClusterDestroy Logical Unit.
Move cmdlib-related unittests to cmdlib/
ganeti.cmdlib_unittest.py andganeti.cmdlib.instance_storage_unittest.py are moved to thetest/py/cmdlib directory. Also, they are renamed to match the names inthis module.
Additionally, instance_storage_unittest.py was added to the makefile, so...
Move cluster-related unittest to cluster_unittest
cmdlib_unittest should still be split further, but at least the clusterrelated tests are moved to the proper file yet.
Add unit tests for LUClusterConfigQuery
Also, proper initialization of the runtime architecture information wasadded.
Add unit test for LUClusterDeactivateMasterIp
This patch adds unit tests for the LUClusterDeactivateMasterIp LogicalUnit.
Add unit test for LUClusterActivateMasterIp
In order to properly assert the called RPC method, eq is implementedon ConfigObject as well.
Add unit test for LUTestAllocator
Additionally to adding unit tests for LUTestAllocator, the testframework was adapted for its requirements.
Enable pylint and PEP8 for test support code
The test support code is mainly written from scratch, so in order toensure to keep the code quality high, enable pylint and PEP8 checksfor it.
Due to some specialities of the test code, a dedicate pylintrc-test file...
Initial version of cmdlib test framework
The initial version of the cmdlib test framework is able to execute LU'swith the following components mocked:
A base test class is provided which makes it easy to execute opcodes and...