| Branch: | Tag: | Revision:

root / lib @ c8fca479

Name Size
  watcher 1.2 kB 285 Bytes 6.1 kB 145.5 kB 42 kB 137.9 kB 4.3 kB 97.4 kB 2.9 kB 27.6 kB 10.9 kB 9.6 kB 17.1 kB 75.4 kB 6.1 kB 60.9 kB 7.2 kB 18.3 kB 19.7 kB 7.7 kB 65.7 kB 391 Bytes 6.9 kB 7.7 kB 4.3 kB 66 kB 6.2 kB 9.5 kB 86.3 kB 26 kB 8.4 kB 4.5 kB 13.5 kB 10.7 kB 11.7 kB 7.4 kB 18.3 kB

Latest revisions

# Date Author Comment
c8fca479 01/10/2014 10:03 am Santi Raffa

admin.rst: update and reword disk template section

The disk template section was not updated for Gluster. This commit
also refactors the section slightly by unifying the different remarks
about /etc/ganeti/file-storage-paths.

sphinx_ext is also changed in order to not hardcode too much...

52261ad2 01/09/2014 04:53 pm Klaus Aehlig

Remove certification on 2.11 to 2.10 downgrade

While version 2.10 ignores any leftover client certificates, their
presence will prevent a the cluster working after an upgrade back
to version 2.11 again. So we have to remove them right at the

Signed-off-by: Klaus Aehlig <>...

c09c495c 01/09/2014 04:53 pm Klaus Aehlig

Add support for version-specific downgrade tasks

Upgrading can have no specific knowledge about additional
tasks besides upgrading the configuration, as upgrades need
to be able to go to any future version (within the same major
version). Downgrading, however, is version specific and always...

ed748771 01/08/2014 05:07 pm Helga Velroyen

Correct exception when ssconf file does not exist

After an upgrade to 2.11, the ssconf file for the master
certificates might not exist. Based on the non-existance,
noded falls back to a compatibility mode regarding dealing
with SSL certificates. The check for the ssconf file...

fc6ccde4 01/08/2014 03:01 pm Helga Velroyen

Create client certificate for normal nodes

The vcluster QA revealed a bug in the SSL certificate
handling code, where certificates were only created
when the node is a master-candidate. However, every node
should have a certificate, but only the digests of the...

a6c43c02 12/20/2013 03:15 pm Helga Velroyen

Verify client certificates

This patch adds a step to 'gnt-cluster verify' to verify
the existence and validity of the nodes' client
certificates. Since this is a crucial point of the
security concept, the verification is very detailed with
expressive error messages and well tested by unit tests....

b3cc1646 12/20/2013 03:15 pm Helga Velroyen

Verify incoming RPCs against candidate map

From this patch on, incoming RPC calls are checked against
the map of valid master candidate certificates. If no map
is present, the cluster is assumed to be in
bootstrap/upgrade mode and compares the incoming call...

28756f80 12/20/2013 03:15 pm Helga Velroyen

Handle promoting/demoting nodes wrt to client certificates

This patch makes Ganeti correctly handle the client
certificates when nodes get promoted to master candidates
or demoted to normal nodes.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

d722af8b 12/20/2013 03:15 pm Helga Velroyen

Extend RPC call to create SSL certificates

So far the RPC call 'node_crypto_tokens' did only retrieve
the certificate digest of an existing certificate. This
call is now enhanced to also create a new certificate and
return the respective digest. This will be used in various...

60cc531d 12/20/2013 03:15 pm Helga Velroyen

Create client SSL certificates on cluster init

This patch makes Ganeti create a client SSL certificate for
the master node on cluster initialization. Note that some of
the code in this patch is later moved into an LU to serve
requirements for crypto renewal and updates, but for this...

View revisions

Also available in: Atom