Locking related fixes for networks
Use GetNetwork() only when having already aquired the lock,i.e. in CheckPrereq().
In LUNetworkConnect/Disconnect do not include Network info in Hooksenvironment, so that network locking can be avoided if conflictsare not checked....
jqueue: Don't modify input opcode when changing priority
Commit 4679547 implemented the ability to change job's priority after itwas submitted. The code contained a bug whereby it would modify theinput data for an opcode, something the job queue shouldn't do (logical...
Use new util function for mac_prefix validation
Use new NormalizeAndValidateThreeOctetMacPrefix() util function inLUNetworkAdd/LUNetworkSetParams to validate network's MAC prefix.Additionally, move the check in CheckArguments() in the case ofLUNetworkAdd....
LUClusterRedistConf: Use node allocation lock
All node locks are acquired.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
LUClusterRepairDiskSizes: Use node allocation lock
This opcode acquires all node resource locks, which conflicts withinstance allocations.
LUGroupVerifyDisks: Use node allocation lock
See comment in code.
LUClusterVerifyGroup: Use node allocation lock
LUInstanceReplaceDisks: Acquire node allocation lock
If the lock was acquired in the first place (only when an iallocator isused), it is released as soon as possible.
LUInstanceChangeGroup: Acquire node allocation lock
Changing instances' groups shouldn't conflict with instance allocations.
Acquire node allocation lock during node query
If locking is used (usually by ganeti-watcher), node allocations must betemporarily blocked.
iallocator: Add node whitelist
In the future instance creations might have a lock on all nodes as wasthe case until the implementation of opportunistic locking. Nodes forwhich the lock is not held will be shown to the iallocator plugin as ifthey were marked offline....
Allow ignoring successful commands in "gnt-cluster command"
In some cases it is useful to ignore the output of and avoid mentioningsuccessful commands. One would be when looking for a certain string ina file:
$ gnt-cluster command egrep -q '^testing$' /etc/......
errors: Show error descriptions in API documentation
Comments with a colon after the hash sign (“#:”) show up in theepydoc output.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Fix locking mistake introduced in commit 5cc1f88
The node resource locks were not set correctly on instance import.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Add safety check on job dependency/TIsLength
If TIsLength is applied to a non-container item, it will fail (typeerror) due to invalid application of len(). Since this can happen onuser-supplied data, we add an explicit TList/TTuple check (the TTupletest is a new one)....
LUClusterSetParams: Use node allocation lock
All resources are acquired and opportunistic instance creations wouldfail. Also add a TODO.
LUInstanceCreate: Acquire node allocation lock
Opportunistic locks are not yet used. This patch changesLUInstanceCreate to acquire the node allocation lock to avoid conflictswith other opcodes acquiring many node locks.
Signed-off-by: Michael Hanselmann <hansmi@google.com>...
Acquire node allocation lock for failover/migration
See code for an explanatory comment. The lock is released as soon aspossible.
Use GetMultiInstanceInfo in LUNetwork* opcodes
LUNetworkConnect/Disconnect looks up a nodegroup's instances forconflicting IPs. To do so, use GetNodeGroupInstances() andGetMulitInstanceInfo().
Additionally, check if the correct locks were acquired.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>...
utils.text: Function to verify MAC address prefix
The network management code needs to verify a MAC address prefix.Instead of (ab)using NormalizeAndValidateMac, clean code should be used.Unit tests for NormalizeAndValidateMac are updated and new ones for...
Factorize code for checking node daemon certificate
This code is going to be used by a new utility for setting up the nodedaemon. Unit tests are updated/added.
Additionally, the certificate and key stored in “server.pem” areverified, too.
Support opportunistic locks in mcpu/LUs
Similar to “share_locks”, a new dictionary containing booleans for eachlocking level is added to “cmdlib.LogicalUnit”. Logical units wanting tomake use of opportunistic locks will be able to configure thisdictionary accordingly....
Add opportunistic locking to GanetiLockManager
Just forwarding the parameter, nothing more.
locking: Implement opportunistic locking in LockSet
This patch adds a new parameter to “LockSet.acquire” named“opportunistic”. When enabled the lockset will try to acquire as manylocks as possible, but it won't wait for them (with the exception of thelockset-internal lock in case the whole set is acquired). This is...
Add ssconf function to read all files
Configuring a node daemon on a newly added node will need all ssconfvalues.
bootstrap.RunNodeSetupCmd: Add IPv6 support
Commit 224ff0f modified the node SSH setup to use the system's SSHclient. Before that Paramiko was used. It's not entirely clear whehterthe latter ever supported IPv6 properly, but with this patch“bootstrap.RunNodeSetupCmd” is changed to use it if configured. The code...
Factorize running node setup command
Part of the code used for running “prepare-node-join” can be re-used forrunning a tool to configure the node daemon.
ssconf: Add dry-run support for writing files
A new utility for configuring the node daemon will support a dry-runmode. This patch adds the necessary functionality to“ssconf.SimpleStore” and provides comprehensive tests for“SimpleStore.WriteFiles”. To enable the latter, a testing-only parameter...
ssconf: Add function to verify keys
The new utility for configuring the node daemon will have to checkwhether it received valid ssconf names.
LUNetworkAdd: Log warning when needed
In case conflicts are checked, log warnings if nodes' IPs cannotbe reserved.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Use constants.IP4_VERSION in LUNetworkAdd
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Fix locking in networks
Ensure that locks are held only if needed.
Add conflicts_check in OpNetworkAdd. This is needed if we want tocheck whether nodes/master IPs are included in network.
Depending on conflicts_check value, we have to hold node/instance locks...
Add Group, OS and Backup opcodes
This also corrects a docstring in OpBackupExport on the Python side.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Add a helper for the "iallocator" opcode field
This field is used with just changed description in about 10 opcodes,so unifying it makes things simpler for future potential changes tothe field type.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Rename OpTestAllocator.allocator to iallocator
This makes the OpCode more consistent with the other opcodes. Thedownside is incompatibility when upgrading from 2.6, but since this isa test opcode it shouldn't be problematic.
Signed-off-by: Iustin Pop <iustin@google.com>...
Fix empty list as default value in OpInstanceMultiAlloc
Commit 12e62af5 (“Adding the new opcode for multi-allocation”)introduced a "bad" default value; while porting this to Haskell, Irealised this is wrong.
Fix breakage introduced in commit a8b3b09
The order of the calls to “ctx.use_privatekey” and “ctx.use_certificate”was wrong, leading to an exception being thrown.
Factorize SSL context setup for certificate check
This code will also be used by the node daemon setup utility.
Introduce ht.TMaybeValueNone and ht.TValueNone
TValueNone checks if a value is "none" and TMaybeValueNone is a wrapperof TOr(TValueNone, x). This is used by OpNetworkSetParam in order toreset a network value (e.g. mac_prefix, gateway, etc.)
opcodes: Replace manual loop with map
Also remove a superfluous empty line in test file.
Fix type descriptions in RAPI documentation
This patch adds descriptors to the “_CheckCIDR*” functions in opcodesand improves the descriptions generated by “ht.TInstanceOf”, therebyindirectly fixing bad type descriptions in the RAPI documentation.
Before this patch:...
Fixing crash when removing disks
This bug was introduced by my commit "Check ispecs against ipolicy oninstance modify", because I did not filter for the 'add' action. Thus itwould try to read the size parameter also when removing disks.
Signed-off-by: Helga Velroyen <helgav@google.com>...
locking: Change locking order, move NAL after instances
Some opcodes, for example LUInstanceFailover and LUInstanceMigrate,can't know whether they need to acquire all nodes until they have a lockon the instance. In turn they would have to acquire the node allocation...
Add constant for node certificate mode
A new utility for configuring the node daemon will have to write thenode certificate as well. To not split information about the certificatefile even more, the constant is added to “pathutils”.
Move cluster verification out of prepare-node-join
A new tool for configuring the node daemon will also have to verify thecluster name, so it's better to have this function in a central place.In the process of moving it to ssconf it is also changed to use...
ssconf: Verify file size when reading, add some tests
Until now ssconf would limit the amount read from files to 128 KiB andsilently ignored files larger than that. With this patch a check isadded by using fstat(2) on the file descriptor while it's being read....
Fix pylint error introduced in commit 9675661
Missing spaces around operator.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
ssconf: Small error message fixes
- Include filename in error message- s/ip/IP/- Stop using superfluous variable
Remove ssconf.SimpleConfigReader
Commit b0dcdc1 removed the last user of this class.
ssconf: Move class-level constants to module
There is no good reason why these two constants should be inside theclass. This patch moves them to the module so they can be used without“self”.
Fix network query for extra stats fields
Extend _GetNetworkStatsField() to accept 4 arguments.This fixes Issue 323.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>Reviewed-by: Helga Velroyen <helgav@google.com>
Export UUID and serial no in network queries
Add uuid and serial_no to _NETWORK_SIMPLE_FIELDS in order to exportthem in network queries. Modify gnt-network to list them too.
ssconf: Remove unused regular expression
RE_VALID_SSCONF_NAME is not used anywhere.
Fix build after commit 9b7e05a
Commit 9b7e05a didn't quite work as expected: glm.is_owned expects alocking level, not a lock name.
Factorize logging setup in tools
Most tools had their own “SetupLogging” function, but they were allessentially the same. This patch adds a generic version to “utils.log”and provides unit tests.
Factorize code to load and verify JSON
A new tool to configure the node daemon will also have to load andverify JSON data.
LUNodeQueryStorage: Use node allocation lock
Block instance allocations when all node locks will be acquired.
cmdlib: Don't pass processor to _ComputeNics
The execution context ID can be passed right away.
cmdlib.LUInstanceRename: Another assertion for BGL
Check whether the BGL is actually held instead of just testing“REQ_BGL”.
cmdlib: Stop using proc.Log*
The Log* functions are re-exported through the LU. Inline use of stringformatting (“%”) was converted to additional arguments to Log* (unlike“feedback_fn”, these functions support it). Some punctuation has beenremoved from messages, as well as some small re-wordings....
cmdlib: Use CommaJoin where appropriate
Don't use inline versions of CommaJoin.
LUNetwork*: Build dictionaries right away
… instead of constructing an object, only to fill it separately.
locking: Method to check if LockSet is fully acquired
A new method is added to check whether the LockSet-internal lock isheld. This is the case after LockSet.acquire was called withlocking.ALL_SET.
Unit tests are updated, including one where the list of names must be...
mcpu: Start locking at correct level
Commit 8716b1d added a new lock level, LEVEL_NODE_ALLOC. It is ahead ofLEVEL_INSTANCE. The latter was hardcoded in mcpu to be locked rightafter the BGL, effectively ignoring LEVEL_NODE_ALLOC.
Add new lock level for node allocations
The new lock is similar to the BGL in the sense that it has its ownlevel and there is only one. It is called “node allocation lock”.Logical units will use it to synchronize with instance creations, whichin turn will start using opportunistic locks on nodes....
Fix network opcode parameters
Commit 32e3d8b1 (“opcodes: Network parameter improvements and fixes”)changed a few parameters in the network add, connect and set paramsopcodes, but some of the changes are buggy. The patch changed the typeto TMaybe(), whereas the default should have been changed from None to...
Introduce a TMaybe combinator
We have many cases in the code where we write TOr(TNone, a), so let'sintroduce a combinator that simplifies this case.
Beside replacing the above with TMaybe(a), I did a few other parameterfixes:
- noop change TOr(TNone, TDict) to TMaybeDict...
Replace dict() with {}
The network patches and an existing test added function-call baseddict construction as opposed to literal sintax.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michele Tartara <mtartara@google.com>
Export network in FinalizeExport()
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Fix bug in OpNetworkQuery result check
Fix bug in network module
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>Signed-off-by: Iustin Pop <iustin@google.com>[iustin@google.com: slightly improved code flow]Reviewed-by: Iustin Pop <iustin@google.com>
Make ipolicy violations a warning
So far, when running 'gnt-cluster verify' on a cluster whichhas instances that violate the instance policy, thoseviolations were shown as an error. This patch makes them awarning.
Small style fixes (' vs ") in network code
This is just trivial fixes; I think I caught all of them.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Rename leftovers from remote to restricted commands
As per Iustin Pop's suggestion in <20121115131730.GX824@google.com> on<ganeti-devel@googlegroups.com>.
backend: Rename RunRemoteCommand to RunRestrictedCmd
Rename constants and directory for restricted commands
Rename configure option for restricted commands
It is no longer “--enable-remote-commands”, but rather“--enable-restricted-commands”.
Add command line interface for running commands remotely
This patch adds a new command, “gnt-node restricted-command”. Since thesemantics are different from “gnt-cluster command”, the same subcommandshouldn't be re-used.
The included man page update also includes a small description of how to...
Remove delayed iallocator call in TLReplaceDisks
By setting the “delay_iallocator” parameter one could delay the call tothe instance allocator. This was not used for some time now, but thecode was still there.
cmdlib: Merge duplicated code for TLMigrateInstance
LUInstanceFailover and LUInstanceMigrate use TLMigrateInstance and hadthe essentially same code for expanding names and declaring locks. InLUInstanceMigrate.ExpandNames there was a mistake which led to node...
Fix lint error about too many variables
Lint complains about too many variables in the CheckPrereqmethod. While I think that this method/class would needsome refactoring in general, at least this patch makes lintshut up for now.
Check ispecs against ipolicy on instance modify
When modifying an instance, so far the specs were not checked againstthe ipolicy. This patch fixes this issue.
Note that for backend parameters which have a minimum and a maximumvalue (currently only memory), it checks both limits against the...
locking.LockSet: Replace boolean parameter with constants
Upcoming changes will add opportunistic locking to “locking.LockSet”.Doing so will require additional code in “LockSet.__acquire_inner”, atwhich point the existing “want_all” parameter does not always apply....
network: Style updates
- Quote characters- Docstrings
ht: Complain if TNone isn't listed first for TOr/TAnd
Some type descriptions are rather long. If "None" is listed at the endor somewhere in between it is easily missed. Therefore it should be atthe beginning, e.g. "None or (long description)".
opcodes: Network parameter improvements and fixes
- Use variables for checks for IP addresses (makes them more consistent, too)- Fix checks to accept default values- Small description improvements (e.g. s/IP/IP address/)
Merge branch 'devel-2.6'
Merge branch 'stable-2.6' into devel-2.6
locking: Use frozenset instead of utils.UniqueSequence
In this case “frozenset” is good enough as the result's order doesn'tmatter--it is the input to “sorted” (“utils.UniqueSequence” preservesthe order). “frozenset” is ca. 25% faster for this use-case....
Move _BuildNetworkEnv() at top-level
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>Reviewed-by: Iustin Pop <iustin@google.com>
Use bitarray 0.8 interface
Minor fix in query.py
Minor fix in ovf
Fix a few docstrings
Simplify GenerateFree in network module
GenerateFree now returns the first available IP in the networkor raises AddressPoolError if it is full.
Replace string values with proper constants
_UnlockedCommitIp is used either for releasing or reserving anIP inside a network. New constants RELEASE_ACTION/RESERVE_ACTIONare used to decide which is the case.
Add docstring to the GetECReserved config method
Simplify mac generation funtions
Introduce new config method _UnlockedGetNetworkMACPrefix and refactororiginal _GenerateOneMAC so that it takes prefix as an optionalargument and returns a function that actually generates a MAC. Ifprefix is not given or None it uses the cluster level default....
Fix _ComputeNics to include network slot
This bug was introduced after rebasing master branch.
Fixes to pass py-apidoc (make commit-check)