Fix permission errors for split users
Correctly set ownership and permissions for daemon log files, correctthe name of the luxid logfile and set the ownership of the query socketcorrectly.
Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
Make RAPI export device names and UUIDs
Add UUIDs and names of instance's disks and NICs to the list of instancefields that are returned from RAPI.
Signed-off-by: Christos Stavrakakis <cstavr@grnet.gr>Reviewed-by: Helga Velroyen <helgav@google.com>
Fix permission problem related to Issue 477
Commit 91525dee856951ace940c78b6254a1c7344b4803 fixed Issue 477 but broke"gnt-cluster info".
This commit offers a solution to both problems, by changing the permissionof the socket instead of changing the permission the confd process is run...
Add hs function to easily change file ownership
The Haskell library functions only allow to change file ownership usinguid/gid. A function for doing that with explicit names is added by thiscommit.
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Rename queryd to luxid
As queryd will, in the future, handle all LUXI request, queue jobs andmost likely perform various other tasks, it is renamed to luxid already.This will safe some headache when upgrading Ganeti installations, as wedon't have to deal with a daemon rename....
Document the rapi client not to have a QueryNetworks method
While there is a luxi query QueryNetworks, the rapi client does notprovide such a method. Document this by declaring it in theKNOWN_UNUSED_LUXI calls.
Signed-off-by: Klaus Aehlig <aehlig@google.com>...
Enable unit tests again
A while ago, the execution of python unit tests wasaccidentally disabled for distcheck. This patchenables them again. This will lead to a couple oftests failing, but we decided to submit this firstand then fix the broken tests in separate patches....
Document ganeti-queryd
Add a man page for ganeti-queryd and update the documentation forganeti-confd in various places.
Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Add ganeti-queryd to QA env test
Test for the newly introduces ganeti-queryd in the environment test ofQA.
Add queryd daemon (split from confd)
queryd is added as a new daemon which handles configuration queries overLUXI. This functionality was removed from confd, which now only queriesover the network.
The queryd user is added to the master group such that it can access...
Extract ConfigReader from Confd/Server.hs
Confd's functionality to watch the Ganeti configuration file isextracted to the ConfigReader module. No functional changes areintroduced.
This extraction makes will enable us to split queryd from confd, asqueryd will have to use the same functionality....
Add timestamps to haskell network query fields
Add timestamp fields to the list of available network query fields inthe Haskell code.
Merge branch 'stable-2.7' into stable-2.8
Conflicts:...
Change method dispatch in ClientOps to enforce luxi.REQ_ALL
ClientOps' handle_request dispatches on the luxi request received. Changethis to first verify if the request is luxi.REQ_ALL. In this way, we catchprogramming errors introducing "secret" luxi requests earlier. This is relevant,...
Allow modify_etc_hosts to be changed
The modify_etc_hosts options, enabling the cluster to modify the /etc/hostsfiles of nodes, and to keep them in sync, could only be set at cluster inittime.
With this commit it can now be changed through modify_etc_hosts as well....
Add --modify-etc-hosts option for CLI tools
The option will be used by gnt-cluster modify in the following commit.
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Add luxiReqQueryNetworks to LuxiOp
When the QueryNetwork was introduced as a method, apparentlyit was forgotten in the Haskell world. Add it here as well.
Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Log received message at debug level
At debug level, we can well afford to have a detailed entryfor each message received by a server.
Set the correct group for confd
Starting confd as a member of the daemons group allows the RAPI daemon to accessthe LUXI socket.
Fixes Issue 477.
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>
Log RPC errors from inside executeRpcCall
executeRpcCall is the function to be used for executing RPCs, so it makes senseto use it as the single point for logging all thte RPC call errors.
Fixes Issue 293.
Signed-off-by: Michele Tartara <mtartara@google.com>...
Factor out the logRpcErrors function
This function can be useful to multiple RPC calls, therefore it is movedto the file containing the common RPC functions.
Also, it is made more generic by changing its signature.
Expose bulk parameter for GetJobs in RAPI client
This patch exposes the bulk argument of the jobs resource onthe RAPI python wrapper, making it possible to retrieve statusinformation about all jobs with a single call.
Signed-off-by: Leon Handreke <lhandreke@google.com>...
Add git send-email to the chroot
"git send-email" is used as part of the official workflow but it was notinstalled in the chroot.
This patch adds it.
Add tests for CanRead
Verify that the CanRead function is actually able to check whether a file hasthe proper permissions.
Fix RAPI to include missing network fields
Fix RAPI interface to include missing network fields. Specifically, fixinstance queries to include the network name for instance NICs. Also fixnetwork queries to include missing common fields, like uuid and serial....
Add support for querying network timestamps
Add creation and modified timestamps when creating a new network, andextend the available query fields for networks with these fields,namely 'ctime' and 'mtime'.
Signed-off-by: Christos Stavrakakis <cstavr@grnet.gr>...
Only generate node lists with nodes having different names
genNodeList is used in testing to generate list of nodesthat could come up in cluster configurations. Since namesare used to assign indices to nodes, they have to be unique;this is also the case in all real clusters....
Cluster verify checks server.pem permissions
Currently, ConfD must be able to access server.pem (though this is likely tochange in the future). If this is not true, all sorts of weird things happen,such as "gnt-node list" printing lots of question marks instead of actual...
Add function for checking file access permissions
The CanRead function checks whether a user of the local machine (specifiedby name) can access a given file.
IsUserInGroup is a helper function for CanRead, but might also be usedindependently, so its name does not begin with an underscore....
Prevent silent failure in case of connection problems
While running "gnt-node list", if a query to ConfD fails (especiallybecause of permission problems) it used to just fail silently, with gnt-nodeshowing question marks instead of data.
With this patch, ConfD records the error in its log file, together with a...
In the crontab example, look for the correct binary
When ganeti-master-cleaner was merged back into ganeti-cleaner in 46118ed2,the binary to test for should have also been updated. Do this now.
Fix apt-get invocation in chroot_builder
Use the macro containing all the required parameters, instead of just using"apt-get install".
Fix wrong numbering in UPGRADE documentation
Conflicts: NEWS: trivial configure.ac: trivial
Also remove prop_IterateAlloc_sane from test list
In f4d1bb7 that test was removed, but forgotten to remove itfrom the list of tests to be executed. Fix that.
Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
Fix documentation for prop_Alloc_sane
As discussed in the last commit, placing a new instance on the clustercan lead to a cluster that can be improved by moving previously addedinstances. For an empty cluster, however, there are no previousinstances. So add this to the test description to make obvious why...
Remove IterateAllocSane test
The test is testing for a property that just isn't true. Iteratedallocation greedily place one instance at a time taking the locallymost balanced solution. Then it is tested whether the resulting globalallocation can be improved....
Release version 2.7.0
We don't have notice of anything blocking for 2.7, and it's been inrelease candidate state long enough. Any future problems can beaddressed as bugfixes.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>
Fix "instance replace" typo in admin.rst
gnt-instance `replace` should read `replace-disks`
Clean up work around for host name filtering
These functions simply served as a work around to expresshost name matching by regular expressions, instead of usingcorrect equality filter on host names that providesthe correct matching already.
Do not handle host queries special
As, since 91c1a265, the equality used for host names alreadyis based on matching, there is no need to use a special functionfor this any more.
Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Fix typo in the install guide
Fix error in installation instructions
Remove erroneous trailing "\"
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Add documentation for harep
Include a section in the Administrator's guide describing how to use theautorepair tool.
Fixes Issue 446
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Thomas Thrainer <thomasth@google.com>
Fix typo in ganeti-2.8 design doc
Support big-step shrinking in tiered allocation
In tiered allocation, if by shrinking only a single resource a validallocation can be found, shrinking is bound to shrink on this resource.Of course, after shrinking that resource a little bit without finding...
Disable pylint E1101 on hypothetical import
In some versions of python the module IN does not providethe constant SO_PEERCRED (issue 191). So in commit 069a4ba work around was added. However, this work around stillleaves lint warnings when working with those versions of...
Provide the right fix for the kvm_extra parameter
With the previous adjustment the arguments were boxed into one extraarray. This actually makes the parameter work (with the same caveats).
The manpage is also updated with the limitations.
Signed-off-by: Guido Trotter <ultrotter@google.com>...
kvm: don't pass whole extra as a single argument
If extra is longer than a single word passing it the way it was passedwon't work. Of course this solution is also only partial, as won't takeinto account any form of quoting. :/
NEWS and version updates for 2.7.0~rc3
Time for a new release.
For node queries allow short forms of host names
For node queries use the host-name filter instead of the simpleequality-based one.
Provide a special filter for host names
For host names, usually short forms are used, e.g., node1 or node1.subinstead of the full qualified node1.sub.example.com. Therefore comparingnode names only by equality is too restrictive. This patch provides an...
gnt-cluster info (py): add enabled disk templates
This fixes issue 485. In the python implementation ofthe cluster config info, the enabled_disk_templateswere missing.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Version bump to 2.8.0~beta1
Change version numbers in documentation
Some of the documents have the version number of Ganeti. This commit updatesit in preparation for the 2.8 version bump.
Fix issue with python coverage tests
The recently introduced check for python libraries required only for testing(commit 27df5b736ef72b3b12c07f32d64dbac95fe7a5ba) was not correct. Thispatch fixes the issue.
grow disk: call SetDiskID before blockdev_getsize
Missing this call caused blockdev_getsize to be called on the wrongphysical device, and fail.
This fixes Issue 497.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
Catch DeviceCreationError unhandled exceptions
_CreateBlockDevInner is called twice in TLReplaceDisks. While thisshould be fixed, right now this leaves the DeviceCreationError exceptionunhandled, which causes a problem due to the fact that this exception...
Fix daemon QA tests
TestInstanceConsecutiveFailures now leaves the test instance in the samestate it got it.
Disable python test if required libraries are missing
Some python libraries are only needed for the tests, but not for runningGaneti. If those libraries are missing, just disable the Python tests.
Better specify what packages to install
Improve install guide
Add command for updating the list of cabal packages, before startinginstalling them.
Fix typo in the documentation index
Fix typos in the documentation index
This patch fixes some typos in the documentation index.
Signed-off-by: Weiwei Jia <harryxiyou@gmail.com>Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
Update security document wrt confd access to SSL cert
The fact that confd has been given access to the server.pem certificateneeds to be described in the security document.
Fix permissions of the queue archive dir
The permissions were set to 0740, but of course being a directory thecorrect permissions are 0750.
Add a warning about the restriction of gnt-node evacuate
Even though gnt-node evacuate should be able to evacuate all instancesat once, this currently is not the case. Add a warning about this deficitfor the time being.
Add tools for building deb packages to build_chroot
The chroot only had tools for building and testing Ganeti, but not forbuilding its Debian packages. They are added by this commit.
Improve the final message of build_chroot
Give more precise instructions on the next steps to actually run thechroot.
Make build_chroot self-contained
The configuration file are included in build_chroot, and areautomatically created by the script if it is not able to find themalready in the directory pointed by $DATA_DIR.
Note that the configuration file directory is cleaned if it's temporary,...
Add confd user to masterd group
The server.pem file is 0440 (materd_uid, masterd_gid) and cannot beaccessed by confd.
This patch contains a workaround for 2.8.0~beta1 (adding conf to themasterd group in the user setup tool, and remembering the users to...
In tiered allocation, cut non-promising shrinking tries
The heuristics for tiered allocation has been improved in that itchooses to shrink such a resource next where by shrinking only thisresource a valid allocation can be made, if such a resource exists....
Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Thomas Thrainer <thomasth@google.com>
More agressively line break man pages
Newer versions of pandoc (as, e.g., shipped with Ubuntu 13.04)more agressively quote, in particular minus signs. That sometimesleads to unintended line breaks, which are a problem, if the newline starts with a dot....
Version bump to 2.8.0~alpha1
Now that alpha versions are supported, we can bump the version numberfor branch stable-2.8 to 2.8.
This also requires updating the cfgupgrade tool.
Thanks to the previous patches, all the other documents can be upgradedduring the alpha lifetime, before switching to beta (that will enable...
Make cfgupgrade idempotent
One of the unit tests checks whether cfgupgrade's downgrade option isidempotent. It is, but a version number check made it impossible toactually downgrade multiple times.
With this change, both the current-version version number and the...
Update config version number when downgrading
The downgrade option of the cfgupgrade tool was not changing the versionnumber in the configuration file of the cluster while performing thedowngrade.
Add test for shrink heuristics over different resources
In this example, memory prevents adding more than one instance onthe first node. Yet, on the other nodes, 2 instances can be placedeach, if disks are shrunk appropriately. This, however, requiresto courageous decision to shrink disks next, even though more nodes...
Improve hspace shrinking strategy
In tired allocation, hspace shrinks that resource of the instancenext, that causes failure on most nodes. While, this is not a badstrategy in general, it can lead hspace into a dead end if for a largenumber of nodes a particular resource blocks any further allocation of...
Convenience function for iterating while the result is Ok
For a function f :: a -> GenericResult a, iterate it (in the sense of themonad), until the result is Bad; return the list of values occurred.
Provide witness for the sum-type structure of GenericResult
GenericResult, while rightfully a type of its own, is isomorphicto Either. So, also provide the case analysis function (i.e., theuniversal arrow out of the sum).
Disable more version checks for alpha versions
Alpha versions should not check for version numbers in READMEsand documentation.
Allow alpha versions not to have an entry in the NEWS file
Alpha versions are still under heavy development, and can therefore not have anentry in the NEWS file yet. The entry will have to be added before switching tothe first beta version.
Partially fixes Issue 448...
Add tests for check-news
Unit tests verifying the behaviour of the check-news script are added.
This required adding a new make target, "autotools-check" directly called from"commit-check", because the usual tests are executed in the build directory,whereas these, being relative to the autotools, cannot be executed there because...
Introduce support for alpha versions
An alpha version can be used to name a release while a previous one is stillbeing developed.
E.g. 2.9.0~alpha1 can be out while 2.8.0~rc1 is being worked on.
When a version is marked as alpha, it is allowed to have unreleased versions...
Improve docstring
Fix bug in Makefile.am
There was a typo in the name of the script for launching offline tests.
Conflicts: (trival, take union of added files/tests) Makefile.am test/hs/shelltests/htools-hspace.test...
Add a test for hspace to respect instance policy
In this example, the instance policy for disks prevents allocationof more than one instance per node. The test verifies that tieredallocation still respects this and doesn't attempt to place policyviolating instances on the cluster....
Make shrinkByType aware of individual disks
When shrinking an instances, you can't just get smaller disk footprintwhile leaving the individual disks as they are. Make the shrinkheuristic aware of that fact, and decrease all individual disks aswell. Fixes issue 484....
Restructure documentation index page
The index page of the documentation used to be just a list of links.Now it is a proper introduction to all the other pages.
Fixes Issue 424.
Add missing parenthesis to description of --machine-readable
Update NEWS file for 2.8
Add to the NEWS file the list of modifications performed during the 2.8development cycle.
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Bernardo Dal Seno <bdalseno@google.com>
Add --force option to gnt-cluster modify
Make the force option of the ClusterSetParams Opcode availableon the command line.
Add a force option to the ClusterSetParams Opcode
If set, the op code will, in particular, try to set the master IPon the new netdev, even if shutting down the master IP on the oldnetdev failed.
Document the monitoring daemon in the admin guide
The administrator's guide must include a section describing the monitoringdaemon and its API, in order for the users to be able to use it.
Factor out the API of the monitoring daemon
It will be included by both the design document and the user documentation.
Add monitoring agent info to the security document
Add information regarding the monitoring agent and its security tothe security document.