| Branch: | Tag: | Revision:

root / lib / cmdlib @ c1410048

Name Size 3.1 kB 16.4 kB 17.8 kB 127.7 kB 45 kB 31.3 kB 149.6 kB 37.5 kB 16.7 kB 9.8 kB 98.9 kB 18.8 kB 14.1 kB 18.7 kB 58.2 kB 6.2 kB 2.4 kB 6 kB 11.5 kB

Latest revisions

# Date Author Comment
c1410048 01/15/2014 11:27 am Helga Velroyen

Add certificate of auto-promoted master candidates to map

When a normal node is auto-promoted to be a master
candidate, its SSL client certificate digest needs
to be added to the map of candidate certificates
as well.

Signed-off-by: Helga Velroyen <>...

afa0fca4 01/13/2014 07:43 pm Jose A. Lopes

User shutdown hypervisor parameter

Add user shutdown parameter for KVM. Based on this parameter, decide
what information to report for a KVM instance, for example,
distinguish between 'ADMIN_down' and 'USER_down'.

Signed-off-by: Jose A. Lopes <>...

fc6ccde4 01/08/2014 03:01 pm Helga Velroyen

Create client certificate for normal nodes

The vcluster QA revealed a bug in the SSL certificate
handling code, where certificates were only created
when the node is a master-candidate. However, every node
should have a certificate, but only the digests of the...

a6c43c02 12/20/2013 03:15 pm Helga Velroyen

Verify client certificates

This patch adds a step to 'gnt-cluster verify' to verify
the existence and validity of the nodes' client
certificates. Since this is a crucial point of the
security concept, the verification is very detailed with
expressive error messages and well tested by unit tests....

b3cc1646 12/20/2013 03:15 pm Helga Velroyen

Verify incoming RPCs against candidate map

From this patch on, incoming RPC calls are checked against
the map of valid master candidate certificates. If no map
is present, the cluster is assumed to be in
bootstrap/upgrade mode and compares the incoming call...

28756f80 12/20/2013 03:15 pm Helga Velroyen

Handle promoting/demoting nodes wrt to client certificates

This patch makes Ganeti correctly handle the client
certificates when nodes get promoted to master candidates
or demoted to normal nodes.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

d722af8b 12/20/2013 03:15 pm Helga Velroyen

Extend RPC call to create SSL certificates

So far the RPC call 'node_crypto_tokens' did only retrieve
the certificate digest of an existing certificate. This
call is now enhanced to also create a new certificate and
return the respective digest. This will be used in various...

840ad2ab 12/20/2013 03:15 pm Helga Velroyen

Handle client certificates on node add/remove

This patch adds the certificate of a newly added or
readded master candidate node to the map of master candidate
certificates. It removes a master candidate node's certificate
digest from the candidate certificate map if the node is...

5b6f9e35 12/20/2013 03:15 pm Helga Velroyen

Add certificate for master node

On cluster initialization, the master node's
SSL certificate digest is added to the list of master
candidate certificates.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

f3ac6f36 12/19/2013 01:59 pm Klaus Aehlig

Merge branch 'stable-2.10' into master

  • stable-2.10
    Version bump for 2.10.0~rc1
    Update NEWS for 2.10.0 rc1 release
    Fix pylint 0.26.0/Python 2.7 warning
    Update INSTALL and devnotes for 2.10 release
  • stable-2.9
    Bump revision for 2.9.2
    Update NEWS for 2.9.2 release...

View revisions

Also available in: Atom