Create client certificate for normal nodes
The vcluster QA revealed a bug in the SSL certificatehandling code, where certificates were only createdwhen the node is a master-candidate. However, every nodeshould have a certificate, but only the digests of the...
Verify client certificates
This patch adds a step to 'gnt-cluster verify' to verifythe existence and validity of the nodes' clientcertificates. Since this is a crucial point of thesecurity concept, the verification is very detailed withexpressive error messages and well tested by unit tests....
Verify incoming RPCs against candidate map
From this patch on, incoming RPC calls are checked againstthe map of valid master candidate certificates. If no mapis present, the cluster is assumed to be inbootstrap/upgrade mode and compares the incoming call...
Handle promoting/demoting nodes wrt to client certificates
This patch makes Ganeti correctly handle the clientcertificates when nodes get promoted to master candidatesor demoted to normal nodes.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Hrvoje Ribicic <riba@google.com>
Extend RPC call to create SSL certificates
So far the RPC call 'node_crypto_tokens' did only retrievethe certificate digest of an existing certificate. Thiscall is now enhanced to also create a new certificate andreturn the respective digest. This will be used in various...
Handle client certificates on node add/remove
This patch adds the certificate of a newly added orreadded master candidate node to the map of master candidatecertificates. It removes a master candidate node's certificatedigest from the candidate certificate map if the node is...
Add certificate for master node
On cluster initialization, the master node'sSSL certificate digest is added to the list of mastercandidate certificates.
Merge branch 'stable-2.10' into master
rpc: Fix py-apidoc warnings
The previous commits shuffled code around using import renames asglue. apidoc ignores import renames, however, and chokes on somenow invalid link targets.
This commit fixes the issue.
Signed-off-by: Santi Raffa <rsanti@google.com>...
Add a Python directory for RPC code to keep it at one place
Move rpc.py to rpc/node.py and modify imports in existing code.
Signed-off-by: Petr Pudlak <pudlak@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Gluster: add the Shared File storage type
The shared file and gluster disk templates should not report their diskspace information like file does, because they do not behave the same.
If a cluster pulls from the same, shared source of storage then it is...
Gluster: add userspace access support
Add support for the QEMU gluster: protocol. Also change the accessmode routines so they check the access parameter for all templates.
Signed-off-by: Santi Raffa <rsanti@google.com>Signed-off-by: Thomas Thrainer <thomasth@google.com>...
Gluster: mount automatically
Add parameters to the Gluster disk template so Gluster can manage themount point point autonomously.
Signed-off-by: Santi Raffa <rsanti@google.com>Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Thomas Thrainer <thomasth@google.com>
Gluster: use ssconf value for mountpoint directory
Gluster still does not mount anything autonomously, but this commitchanges where Gluster expects its mountpoint to be.
Gluster: minimal implementation
Add Gluster to Ganeti by essentially cloning the shared file behavioureverywhere in the code base.
gnt-cluster verify: demote orphan volume error to warning
Ganeti checks for orphan volume by making sure that it knows about allvolumes on disk; any additional orphan volume, even if created by theadministrator, causes a failure in gnt-cluster verify. Given that...
Merge branch 'stable-2.9' into stable-2.10
Adapt parameters that moved to instance variables
Due to a change in the code organization in stable-2.9, somemethod variables became instance variables, causing a semanticmerge conflict. Fix this.
Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Merge branch 'stable-2.8' into stable-2.9
Support reseting arbitrary params of ext disks
If param=default and the param already exists then we removeit from params dict. This is stolen by GetUpdatedParams() whichis used for hvparams modification/inheritance.
This means that 'default' value is not accepted for an arbitrary...
Allow modification of arbitrary params for ext
Disks of ext template are allowed to have arbitrary parametersstored in the Disk object's params slot. Those parameters can bepassed during creation of a new disk, either in LUInstanceCreate()or in LUInsanceSetParams(). Still those parameters can not be...
SetDiskID() before accepting an instance
SetDiskID() fills physical_id slot of a Disk object.
LUInstanceSetParams() does not invoke SetDiskID() upon creation of anew disk. As a result the physical_id slot of the Disk object inconfig data is missing.
In case of ext disk template, in AcceptInstance() we invoke...
Lock group(s) when creating instances
This is required to prevent race conditions such as removing a networkfrom a group and adding an instance at the same time. (See issue 621#2.)
Signed-off-by: Petr Pudlak <pudlak@google.com>Reviewed-by: Thomas Thrainer <thomasth@google.com>...
Add default file_driver if missing
If the file driver of an instance with file based storage is not specified, thedefault one is automatically added by the UpgradeConfig function.
Fixes Issue 571.
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Fix a bug in InstanceSetParams concerning names
In case no name is passed in disk modifications we shouldkeep the old one. If name=none then set disk name to None.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>Reviewed-by: Jose A. Lopes <jabolopes@google.com>
Add default_iallocator_params cluster parameter
Add a cluster parameter to hold the iallocator parameters usedby the default instance allocator. Implement the option tomodify config.data, query config.data and upgrade man pages,tests and cfgupgrade tool. The new default_iallocator_params is...
Fix NODE/NODE_RES locking in LUInstanceCreate
Both NODE and NODE_RES locks were acquired opportunistically if sorequested by the user. LUInstanceCreate requires, however, that theactually locked elements on NODE and NODE_RES level are the same.
This patch changes the locking of NODE_RES such that those locks are not...
Instance queries: remove opcodes and LU
Removes the remains of the instance queries.
Export and network queries: remove opcodes and LUs
Removes the remains of the export (aka backup) and networkqueries.
Group queries: remove opcodes and LUs
Removes the remains of the group query code.
Node queries: remove opcodes and LUs
Removes the remains of the node query code.
Remove instance query python code
This patch removes the python code for the instancequeries. So far, it replaces it by 'NotImplemented'exceptions. In a later patch of this series, theremaining part is remove completely.
Signed-off-by: Helga Velroyen <helgav@google.com>...
Switch to Haskell for group queries
This patch removes the group query implementationin python in order to use the new Haskell implementation.
Switch to haskell for export (aka backup) queries
This patch removes the python implementation of export(aka backup) queries. So far, it is replaced by'NotImplemented' exceptions, but later in this seriesit will be replaced completely.
Switch to Haskell for network queries
This patch removes the python implementation of networkqueries and replaces it with 'NotImplemented' exceptions.It will be removed completely once all queries areswitched to Haskell.
Disable node query code
This patch removes the python query implementation fornodes. So far, the code is replaced by 'NotImplemented'exceptions, because the overall structure of query classescan be removed more easily at once when all queryimplementations are ready to be removed....
masterd: implement query via luxi
The master daemon so far still did queries via the pythonimplementation. This patch implements that it uses thehaskell implementation and removes the node queries fromthe list of OP-queriable entities.
Introduce --hotplug-if-possible option
This will be useful for an external entity using RAPI thatwants to modify devices of instances.
The common use case for that is:"I want to add a NIC/disk to an instance. If it is runningthen try to hotplug the device. If not, then just add it to config."...
Allow instances to obtain externally reserved IPs
The administrator should be able to assign an externally reserved IPto a Ganeti instance manually, if desired. Currently this is notsupported. External reservations should act as holes in the pool andnot just as IPs already used by someone outside of Ganeti....
Mark cluster's IPs as externally reserved
Currently, upon network creation, nodes' and master's IPsare reserved in the pool.
This leads to pool reservations ('X' in map) that cannot be changedafterwards, although they may need to (e.g. in case of node...
Use configured SSH ports when connecting to a console
This is accomplished by passing the corresponding node group tohv_*.py. Tests for hv_*.py that call GetInstanceConsole updated.
Signed-off-by: Petr Pudlak <pudlak@google.com>Reviewed-by: Hrvoje Ribicic <riba@google.com>
Use custom SSH ports in node groups when working with nodes
Calling `gnt-instance console` with a custom SSH port doesn't work yet.
Don't allow optional node parameters
Ganeti does not support optional fields in parameters(hypervisor-params, disk-params, etc.). OpenVSwitch related nodeparameters were the exception to this rule, which caused numerousproblems related to import/export and (de-)serialization....
Fix instance info
Signed-off-by: Jose A. Lopes <jabolopes@google.com>Reviewed-by: Hrvoje Ribicic <riba@google.com>
Prevent instance start when user down
Prevent starting a given instance when that instance has been shutdownby the user, given that the instance must be first properly shutdown.
Fix typo in documentation
Fix retrieval of xen command in class method
This patch fixes issue 608. When introducing theconfigurability of the xen toolstack in commit8ef418bb92, the hypervisor api was accidentally changedin a way that let to this error in KVM.
Remove hardcoded references to File, SharedFile templates
DTS_FILEBASED is a constant that exists and this commit makes surethat it is used whenever sensible, rather than resorting to hardcodingthe pair of templates in very many files.
Readd nodes as online
Patch d0d7d7cf accidentally removed the offline-flag resetwhen readding a node. Readd it.
Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Thomas Thrainer <thomasth@google.com>
When verifying BRBD version, ignore missing values
When comparing for consistency of the DRBD versions, someversions might not be available via RPC, typically, if thenode is offline. In this case, leave these nodes out of thetest, instead of failing with an internal python error....
Conflicts: NEWS: trivial configure.ac: drop suffix bump of stable-2.9
Signed-off-by: Klaus Aehlig <aehlig@google.com>...
Conflicts: lib/cmdlib/instance_storage.pyResolved by manually applying the node name to uuidtransition on the version of stable-2.9.
Improve error message for replace-disks
In some conditions, replace-disks will fail if the disks are not properlyactivated. Improve the error message suggesting to run activate-disks beforeexecuting replace-disks.
Fixes Issue 606.
Signed-off-by: Michele Tartara <mtartara@google.com>...
Fix indentation that triggers PEP8 error
Signed-off-by: Petr Pudlak <pudlak@google.com>Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>
Check if hotplug is supported in CheckPrereq
Introduce new RPC hotplug_supported that invokes the correspondinghypervisor's method which checks if hotplug is generallysupported. Call this RPC early in CheckPrereq() and abort ifhotplug is not supported. Currently only KVM hypervisor with...
Create Open vSwitch on Master during Cluster init
Currently, Open vSwitch is only created on additional nodes, not on the masteritself.This fixes the issue and creates and configures an Open vSwitch on the masternode during cluster init.
Signed-off-by: Sebastian Gebhard <sege@fs.ei.tum.de>...
Add possibility to compress to OpInstanceCreate
OpInstanceCreate now supports the 'compress' option. It allows to enablecompression during instance imports.
Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>
Honor compress parameter in remote backups
Use the specified compression mode not only for local exports, but alsofor remote ones.
Support import with compressed instance moves
Support compressing instance data while sending it to the target node oninstance imports.
Add local compression to OpBackupExport
OpBackupExport is extended by a compress parameter. This parameter(either 'none' or 'gzip') controls if instance disks are compressedbefore being sent over the network to the destination node.
Signed-off-by: Thomas Thrainer <thomasth@google.com>...
Add possibility to compress to OpInstanceMove
OpInstanceMove now supports the 'compress' option. It allows to enablecompression for intra-cluster instance moves.
Use import-export daemon for intra-cluster moves
This unifies the inter- and intra-cluster moves and the backup code, soless code needs to be maintained.
Also fix failing tests for LUInstanceMove by following the code changesin the tests.
Use cluster variable consistently
The cluster object is already retrieved from the configuration, so useit consistently in LUInstanceMove.CheckPrereq().
Correct comments
Correct comments which confuse the target node with the secondary nodeof an instance in LUInstanceMove.
Fix usage of xm/xl for gnt-instance modify --new-primary
This fixes issue 519. When calling 'gnt-instance modify--new-primary', an exception was raised, because aRPC call was not called with the right hypervisorparameters which caused the backend function to crash,...
Minor changes regarding hotplug support
Fix in RPC
Use _SingleDiskDictDP() instead of _ObjectDict() for serializinga disk.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Thomas Thrainer <thomasth@google.com>
Hotplug: cmdlib support
Hotplugging is done by functions invoked by ApplyContainerMods(). Inorder hotplugging to take place the --hotplug option must be passedotherwise the modifications will take place after reboot.
NIC hotplug supports add, remove and modify. The modify is done by removing...
Add unit tests for LUBackupExport
This patch adds unit tests for LUBackupExport.
Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Helga Velroyen <helgav@google.com>
Use node names in LUBackupQuery
The result of LUBackupQuery has to be indexed by node name rather thanby node UUID, otherwise the automatically constructed filter won'treturn any results.
Make 'gnt-node list-storage' use default storage type
Currently, when no explicit storage type is given, the'gnt-node list-storage' command defaults to file storagewhether or not file storage is enabled on the clusteror not. This patch fixes it by defaulting to the default...
Make 'gnt-cluster modify' respect the order of templates
This fixes a bug where the order of enabled disk templateswas not respected when manipulating it with 'gnt-clustermodify'.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>
Streamlining handling of spindles and default templates
This rather lenghy patch comprises a couple of refactoringsto achieve the following goals:- 'gnt-node info' should only report space information about spindles, when exclusive storage is enabled on the node...
Fix typos and indentation for cluster.py
This patches fixes a typo and some indentation errorsthat were accidentally introduced by premature pushingof the patch series "Improvements on disk templates, inparticular file storage".
Make GetDiskTemplateSets output disabled disk templates
This patch extends the 'GetDiskTemplateSets' function toalso output the list of disk templates that were enabledbefore this operation, but will be disabled afterwards.This patch also includes code to check for instances using...
Rename GetEnabledDiskTemplates to include disabled ones
This patch solely renames the functions_GetEnabledDiskTemplates* to _GetDiskTemplateSets, becausein later patches, we will refactor it to not only outputdisk templates that are or get enabled, but also the ones...
Check for running instances when disabling templates
This patch introduces a function to be used in'gnt-cluster modify' when disabling a couple of disktemplates. It checks whether there are still instancesrunning that use these templates.
Merge branch 'stable-2.9' into master
Use 'DTS_LVM' when possible
This patch replaces all usages of the utility function'GetLvmDiskTemplate' by the new 'DTS_LVM' constantto make it consistant with the usage of other DTS_*constants.
Additionally, it provides a unit tests to ensureconsistancy between DTS_LVM and the mapping of disk...
Rename LDS_DRBD to DTS_DRBD
This patch renames the constant 'LDS_DRBD' to 'DTS_DRBD'to make it consistent with the renaming of LD_* constantsto DT_* constants.
Signed-off-by: Helga Velroyen <helgav@google.com>Reviewed-by: Thomas Thrainer <thomasth@google.com>
Check validity of the access protocol parameter
Replace 'IALLOCATOR_NEVAC_*' with 'NODE_EVAC_*'
Replace uses of 'IALLOCATOR_NEVAC_PRI', 'IALLOCATOR_NEVAC_SEC','IALLOCATOR_NEVAC_ALL', and 'IALLOCATOR_NEVAC_MODES', with'NODE_EVAC_PRI', 'NODE_EVAC_SEC', 'NODE_EVAC_ALL', and'NODE_EVAC_MODES', given that these constants are repeated....
Use secondary IP when moving instances
All data traffic usually goes over the secondary network, butgnt-instance move didn't. This patch corrects this problem by using thetarget nodes secondary IP as move target.
Honor disks_active of instance when adding disks
Adding a disk to an instance used to leave the disk behind activated, nomatter how the disks_active flag of the instance was. This changes makesure that new disks are only active if the other disks of the instance...
Wait for disk sync when adding a disk
When creating an instance, gnt-instance waits for instance disks tosync. Inconsistently, this was not the case for adding a disk to aninstance. This patch changes the default behavior to wait for sync whenadding a disk, but honor the --no-wait-for-sync option which...
Fix some wrong indentations in the code
Fix all instances of pep8's error: "E128 continuation line under-indented forvisual indent".
Signed-off-by: Michele Tartara <mtartara@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Fix RPC call to blockdev_getdimensions
The parameter format for call_blockdev_getdimensions has changed in aprevious patch. Here, the correct parameter format is used for the RPCcall.
Signed-off-by: Thomas Thrainer <thomasth@google.com>Reviewed-by: Jose A. Lopes <jabolopes@google.com>
Remove physical_id field from disk object
The 'physical_id' field of disk objects is no longer used, so remove it.Also, all references are removed together with the code which made surethat the physical_id is up to date when transmitted over RPC.
Replace physical_id with dynamic_params
The disk field 'physical_id' has to be kept up to date whenever a diskobject is sent to a node via RPC. This is done with the SetDiskID methodmanually, which is a source of bugs.
This patch replaces the use of 'physical_id' with a new field names...
Fix incorrect conflict resolution in lib/cmdlib/instance.py
Between the last two merges, nothing happened on stable-2.9. Theonly change on stable-2.8 that touched lib/cmdlib/instance.py isff34fb97. So make sure, the net change since the last merge tothis file is that of the said commit. This also fixes the doclint...
Add a default to file-driver when unspecified over RAPI
The file-driver value, used by file-based instances, had a default value whenan instance was being created over the CLI, but not when the instance wascreated through the RAPI.
This patch introduces a default value for the remote API and, while doing so,...
Fix lint errors in fix keyerrors patch
This patch fixes one lint error introduced by my recent patch tofix keyerrors in lib/cmdlib/node.py.
Signed-off-by: Sebastian Gebhard <sege@fs.ei.tum.de>Signed-off-by: Klaus Aehlig <aehlig@google.com>Reviewed-by: Klaus Aehlig <aehlig@google.com>