History | View | Annotate | Download (37 kB)
Introduce utils.IsValidIP{4,6}()
This patch introduces functions to check for valid IPv4 and IPv6addresses and converts IsValidIP() to return True if it is either a IPv4or a IPv6 address.
For now we do not change the functional behavior and replace IsValidIP...
Replace '0.0.0.0' with constant
Signed-off-by: Manuel Franceschini <livewire@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
_ExecuteKVMRuntime: fix hv parameter fun
When executing the kvm runtime we were currently accessing a mix of theparameters as configured currently on the instance and the ones it wasstarted with. We were doing it without a precise criteria, but quite by...
Update FinalizeMigration docstring
This is used not only for aborted migrations, so the docstring shouldreflect that.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Add KVM chroot feature
This patch adds a new boolean hypervisor parameter to the KVM hypervisor,named 'use_chroot'.If it's turned on for an instance, than KVM is started in "chroot mode":Ganeti creates an empty directory for the instance and passes the path...
KVM: Migration bandwidth and downtime control
Introduce 2 new hypervisor options, migration_bandwidth and migration_downtimeand implement KVM migration bandwidth and downtime control.
migration_bandwidth controls KVM's maximal bandwidth during migration, in...
KVM: vhost net acceleration support
This will only work on patched or newer (>= 2.6.34) kernels and with apatched version of qemu-kvm.
Convert some ReadFile calls to ReadOneLineFile
For passwords we require strict oneliners, we're a bit more lax with pidand uid files.
KVM: only export instance tags if present
Currently non-tagged instances fail starting with a TypeError.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Iustin Pop <iustin@google.com>Reviewed-by: Balazs Lecz <leczb@google.com>
KVM: make tags available in KVM_NET_SCRIPT
Make instance tags available as a space-separated list during the execution ofthe network setup script. This allows tag-based control of things like firewallrules and/or networking setup.
Signed-off-by: Guido Trotter <ultrotter@google.com>...
Add a hypervisor constant for migration support
This variable can be used by other tools to determine in a generic waywhether a given hypervisor supports migration or not.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Fix indentation error
Commit 9cf4321fc39ec36359d9c90b22b36d33b6adc2f4 indented some lines by4 spaces rather than 2, and was git-amed without noticing. Fixing.
Add -usbdevice tablet to KVM when using vnc
When using VNC, it is recommended to use a tablet-styleinput device instead of a mouse. This allows most VNC viewersto send proper mouse coordinates to the virtual machine's desktopresulting in perfectly aligned guest and host mouse pointers....
Only use boot=on on non-ide disks only (KVM)
boot=on implies that KVM boots using extboot. This is only requiredto boot non-IDE disks and has the side-effect that there is at mostone bootable device. This behaviour breaks some operating systems,most notably the windows installer that tries to chainload the hard-disk...
KVM: fix a bug in _TryReadUidFile
If the uid pool is not in use _TryReadUidFile will try to return "uid" even if it hasn't tried to read it at all.
KVM: implement the HT_SM_POOL security model
In order not to complicate to much the _ExecuteKVMRuntime function withnested try/except/finally/else constructs we move the actualruncmd+check call in a separate _RunKVMCmd function.
KVM: add an instance uid file concept
If this file exists, for an instance, we release the uid containedinside back to the uid pool, at instance shutdown.
KVM: move post-shutdown cleanup operations
Currently putting the cleanup just after the actual shutdown ensuresthat it never gets called, due to how the retry/shutdown cycle works.So we move those cleanups to their new dedicated place.
kvm_flag hypervisor parameter
Move the runas user at execution time
Everything still works the same way, but the user is calculated eachtime we start kvm, rather than stored in the config file. This makes iteasier to implement the "pool" security model.
Extend the hypervisor API with name-only shutdown
Currently the ShutdownInstance method of the hypervisors takes a fullinstance object. However, when doing instance shutdowns from the nodeonly, we don't have a full object, just the name.
To handle this use case, we add a new ‘name’ argument to the method,...
KVM: Check instances for actual liveness
Currently if we find a live process with the pid we saved we assume kvmis alive. What could happen, though, is that the pidfile has beenreused.
In order to avoid that we change the check to make sure, everywhere,...
KVM: improve GetInstanceInfo docstring
KVM: remove unused variable
We don't need the pwentry when checking if a username exists, just to besure the KeyError is not returned. Remove the variable, and thus shut uplint.
KVM: add security model and domain parameters
Initially we only support the "user" model (in which the user runningthe virtual machine can be specified as an additional parameter).
We use usernames rather than uids in this mode, because the kvm -runasflag doesn't support uids anyway, and we check the passed username for...
KVM: Remove boot restriction for paravirtual nics
Newer virtio can boot from the network perfectly well, so there's nopoint in keeping this restriction in place. This will still fail onolder kernels.
KVM: pass the instance name as the first kvm flag
This makes it the first argument show, for example under "ps".
KVM: Fix unintended qemu-level bridging of nics
Each nic should be connected to its own qemu vlan, to avoid them allbridging together.
Signed-off-by: Timothy Kuhlman <timkuhlman@gmail.com>Reviewed-by: Guido Trotter <ultrotter@google.com>Signed-off-by: Guido Trotter <ultrotter@google.com>...
hv_kvm: remove hard-coded path constructs
This switches hv_kvm to PathJoin. There are still a few cases of directpath construction, but those should be safe.
Avoid absolute path for privileged commands
Using absolute path for a privileged command is a bad idea as this path may vary.For example /usr/sbin/brctl in Debian and /sbin/brctl in ALTLinux. Using $PATH isa better idea.
Signed-off-by: Vitaly Kuznetsov <vitty@altlinux.ru>...
KVM: fix pylint warning
Specify string format arguments as logging function parameters
Signed-off-by: Guido Trotter <ultrotter@google.com>
KVM: be more resilient on broken migration answers
Before, when doing kvm live migrations we use to accept an "unknownstatus" but to reject anything that didn't match our regexp. Since we'veseen "info migrate" return a completely empty answer, we'll be more...
KVM: Abstract/rework instance up checks
This patch abstract the check "is instance stopped" into a separatefunction, and thus simplifies a couple of higher-level functions. Italso moves from manual read of the pidfile to use the (correctabstraction of) _InstancePidAlive....
KVM: Split out the pidfile computation
In some cases we only need the pidfile, but not the pid or the alivestatus.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Olivier Tharan <olive@google.com>
Remove many 'Unused variable' warnings
Note there are some cases left which need extra cleanup.
Fix use of the logging functions
The logging functions expand the arguments themselves, thus it's saferto let them do it rather than manual string formatting.
Also re-wraps one comment.
Add disk cache control parameter for KVM
This patch adds the 'cache' parameter for KVM; currently this is onlycustomisable at the hypervisor level, so it's the same for all drives(except any CDROM image, which gets the default).
Signed-off-by: Iustin Pop <iustin@google.com>...
KVM: fail when a routed nic has no ip
This shouldn't happen, but if it does it's better to fail at this level,rather than create a broken NIC script, which is hard to debug.
Fix and simplify socat escape detection
- Program paths should not be --with-… options (see Autoconf docs)- Simplify checks for escape functionality- Make SOCAT_USE_ESCAPE variable a bool
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
KVMHypervisor: fix broken error format string
Add use_localtime parameter for xen-hvm and kvm
Currently xen-hvm and kvm use different real time clock by default. Toreduce confusion, this patch adds an optional use_localtime parameter.
If the real time clock on the instance is set to local time, the...
kvm console: use socat raw mode with escape
If this is enabled at configure time, we pass in different parameters tothe socat console, making it a lot more manageable.
Migration: add check for listening target
This patch adds a check for listening on the remote port in Xen and KVMmigrations. This will be generating a single “load of migration failed”message for KVM, but otherwise not prevent the migration. For Xen (which...
hypervisors: switch to using HV_MIGRATION_PORT
This changes KVM to use HV_MIGRATION_PORT instead of KVM_MIGRATION_PORTand enables passing the port for Xen migrations.
Since KVM_MIGRATION_PORT is not used anymore, we stop exporting it fromconstants.py....
Introduce HV_MIGRATION_PORT hypervisor parameter
This parameter will replace the direct use of KVM_MIGRATION_PORT and theimplicit use of the Xen migration port.
While it doesn't make sense to change this at instance level, we don'thave any other infrastructure for cluster-wide hypervisor parameters, so...
hypervisors: change MigrateInstance API
Currently the $hypervisor.MigrateInstance takes the instance name. Thispatch changes it to take the instance object, such that other instanceproperties (especially hvparams) are available to it.
Revert "kvm console: use socat raw mode with escape"
This reverts commit ce0eb6694e3fb2510035501539c7acc92a0f174e, since it dependson 37fc2cf5ba8919cef407199ee540aad4b1a9a2b6 which will be reverted too.
KVM netscript: add static routes, with no suffix
The /32 suffix is useless, since the kernel already assumes single-host,if no suffix is specified. Moreover we prefer these routes to be"static" so that routing daemons, if present, won't mess with them....
KVMHypervisor: implement instance policy routing
Until now we relied on traffic from instances being policy routed via arule based on the instance network. With this change we can enforce iton the instance interfaces. Since the ip rules survive interface...
KVMHypervisor: configure v6 parameters on nic
In routing mode we are tweaking a few parameters on the interface. Withthis patch we'll tweak both the v4 and v6 ones.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Code and docstring style fixes
Found using pylint and epydoc.
KVMHypervisor: use the StopInstance retry feature
Since we know StopInstance is going to be called more than once (atleast twice, once with force and once without, but normally quite a lotmore) we don't need our own sleep/loop, and we can just send one monitor...
Hypervisors: Add retry= to StopInstance
Currently some hypervisors need the stop operations to be retried morethan once, while other ones only do it in one pass. With this changewe'll handle retries outside the hypervisor code, but telling whetherthis is the first try or not....
VNC password: move to hv param and use in kvm
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Olivier Tharan <olive@google.com>
KVMHypervisor: wrap long line
KVM nic script: enable interface forwarding
If forwarding is enabled globally this is a no-op. If instead it'senabled only for some special interfaces where instance traffic has togo to/comes from (for example a gre tunnel) then it's useful toexplicitely enable it for the instances interfaces as well....
KVM nic script: use routed link as table
In order to be able to maintain the node network standard routinguntouched while routing instance traffic through a different dedicatedinterface (eg: a gre tunnel) we need to specify the instance routingpath inside a separate table, which will also contain different default...
KVM hypervisor: Use ReadFile
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Luca Bigliardi <shammash@google.com>
A few style fixes
Fix various pylint warnings
There were multiple issues: - copy-paste resulted in wrong indentation - wrong function name - missing spaces around assignment - overriding built-in names (type, dir) or already defines ones (errors, hypervisor)
KVMHypervisor, fix a bug in MigrateInstance
This was introduced as a typo in commit7e66c35b5685525538dd65dd3dff75b5346d30d7 while removing duplicate codefrom the KVM hypervisor.
KVM: NIC parameters
Add a node powercycle command
This (somewhat big) patch adds support for remotely rebooting the nodesvia whatever support the hypervisor has for such a concept.
For KVM/fake (and containers in the future) this just uses sysrq plus a‘reboot’ call if the sysrq method failed. For Xen, it first tries the...
Hypervisors: make absolute path checking strict
Use the new utils.IsAbsNormPath function, rather than just os.path.isabs
KVM: add the network script to the ancillary files
KVM: replace hardcoded network script path
Currently the kvm automatic network scripts accepts to be overridden byan user supplied /etc/ganeti/kvm-vif-bridge script. We keep thisfunctionality but move the hardcoded path to a constant, dependent alsoon SYSCONFDIR....
Merge branch 'master' into branch-2.1
Move to data-based hvparam checks instead of code
Currently the hypervisor parameters are checked using hard-coded snippets ineach hypervisor. However, most parameter checks fall into three cases: - file check - directory check - string value in a set...
Merge commit 'origin/next' into branch-2.1
Move more hypervisor strings into constants
This patch adds constants for the mouse and boot order strings; whilethere are still some issues remaining, we're trying to cleanup hardcodedstrings from the hypervisors.
Since the formatting of frozensets is currently wrong, we also add an...
KVM: Abstract runtime file removal in a function
This removes some code which was duplicated in shutdown and migrate.
KVMHypervisor: return memory and cpus as integers
Currently the KVM hypervisor returns strings for the memory and cpuvalues, while the xen hypervisor returns integers. Making this uniformconverting the values to integers in KVM as well.
Abstract Linux node information in hv_base
Currently both hv_fake and hv_kvm implement practically identical codeto get the node information. Since future container-like hypervisorswill also need this functionality, this patch moves it into the baseclass (as a separate function) which can then be called from classes...
kvm: use the correct vnc bind address
There is a bug in kvm, when binding vnc to a specific address theconstant 'vnc_bind_address' is passed in, instead of the actualrequested address. This patch fixes it.
Reviewed-by: iustinp
Use EnsureDirs in KVM as well.
The KVM hypervisor has also code to ensure a list of directories exist.Substitute it with our new utils function.
Remove the extra_args parameter in instance start
This patch removes the extra_args parameter and instead switches theinstance to the HV_KERNEL_ARGS hypervisor option.
This is a big change, but it's a needed cleanup, this extra parameter onall RPC calls is not generic and we also need to have a persistent value...
Simplify a little the hypervisor routines
Instead of “instance.hvparams”, we use a shorter “hvp” name to make readabilitybetter.
Reviewed-by: imsnah
KVM: Correct CheckParameterSyntax docstring
The comment is not really true anymore, as we have a lot of parametersnowadays.
KVM: Fix _CallMonitorCommand error message
1) Only instance_name is available2) There was a missing string parameter
KVM: Add usb mouse type parameter
In some cases 'mouse' may work better than 'tablet', so we'll handleboth by allowing the user to specify a parameter. By default no mouse isused.
KVM: allow netboot
With this patch we allow KVM instances to be booted off the network.The only issue is that this is not compatible with virtio nics, sowe disallow them, when booting from the net.
KVM: actually support different nic types
When executing the KVM runtime we load the nic type from the runtimehvparams and use it to specify the nic model type. As for the disk wetranslate the DEV_PARAVIRTUAL type to 'virtio'.
KVM: export hvparams in the runtime
They'll be used to set the nic type when we execute the runtime, sincethe nics are processed later. We need to save the hvparams because wewant to use the same one as when we saved the runtime, rather than usethe current instance ones, to avoid applying only some changed...
KVM: actually support different disk types
By passing the relevant if= value to the disk we support different disktypes. The only change is that we'll translate "paravirtual" to"virtio" to keep only one "paravirtualized" value, around ganeti. Theif= value is calculated outside the disks loop, as it's the same for all...
KVM: parameters for different disk and nic types
- Add a bunch of NICs and DISKs types- Specify which one are valid disks and nics for KVM (the new ones toghether with some of the old ones)- Add the default values (paravirtual)- Allow the disk and nic types as parameters and check their validity...
s/HT_HVM_VNC_BASE_PORT/VNC_BASE_PORT/g
The VNC base port has nothing to do with HVM itself, and is general toVNC itself, so we're removing the HT_HVM prefix to the constant.
Export the cpu nodes and sockets from Xen
This is a hand-picked forward patch of commit 1755 on the 1.2 branch(hand-picked since the trees diverged too much since then):
The patch changed the xen hypervisor to compute the number of cpu sockets/nodes and enables the command line and the RAPI to show this...
KVM: don't boot from a virtio cdrom
Apparently it's not supported. Also add -boot command line parametersto kvm, since they seem to help booting from the right place. Everythingwill still only work when not using a kernel, but well... :)
KVM: don't boot from cdrom with no cdrom
Support cdrom image and boot order for KVM
The cdrom image has the same meaning than in Xen HVM, and so doesboot_order, even though it has a slightly different syntax, and uses thevalue 'disk' too boot from disk and 'cdrom' to boot from cdrom.
KVM: add VNC TLS and X509 parameters
With this parameters VNC for KVM is able to be protected by tls,optionally with an x509 certificate, and optionally verifying theclient as well. Additionally in this patch we limit the bind address tobeing a directory, rather than a file or a directory, for simplicity, as...
KVM: allow binding vnc to a file
Before we forced the VNC_BIND_ADDRESS to be an ip. Now we also accept apath, and bind the instance to it, or to a file in it if it's adirectory.
KVM: Make GetAllInstancesInfo concurrency-safe
Or actually more so. If this function gets called while instances getshut down, it might try to report information on instances which don'texits. Try to fail gracefully if that happens, by just skipping an...
KVM: advise about VNC support on GetShellCommand
KVM: enable VNC if a VNC_BIND_ADDRESS is defined
We'll also enable a tablet usb device, as suggested by the kvm man page.
KVM: Allow the HV_VNC_BIND_ADDRESS parameter
KVM: make the kernel and initrd arguments optional
Under KVM we don't strictly need a kernel and initrd. If some are passedwe'll use them, otherwise the guest OS will need to behave as fullynative, and have its own boot loader and kernel.The root_path hypervisor parameter becomes mandatory only if a kernel is...
KVM: add the HV_SERIAL_CONSOLE parameter
Up until now a KVM instance was forced to have a serial port.With this change this is no longer mandatory, by default we'll use one,but if the HV_SERIAL_CONSOLE parameter is set to False we'll do without.
GetShellCommand: get hvparams and beparams
Sometimes the hypervisor will use the instance hv and/or be parametersto determine the best shell command. This is not possible, though,currently, as the instance hv/beparams are not filled, so we have topass the filled versions separately....