Statistics
| Branch: | Tag: | Revision:

root / lib @ fc6ccde4

Name Size
  build
  client
  cmdlib
  confd
  http
  hypervisor
  impexpd
  masterd
  rapi
  rpc
  server
  storage
  tools
  utils
  watcher
__init__.py 1.2 kB
_constants.py.in 285 Bytes
asyncnotifier.py 6.1 kB
backend.py 145.5 kB
bootstrap.py 42 kB
cli.py 137.9 kB
compat.py 4.3 kB
config.py 97.4 kB
constants.py 2.9 kB
daemon.py 27.6 kB
errors.py 10.9 kB
hooksmaster.py 9.6 kB
ht.py 17.1 kB
jqueue.py 75.4 kB
jstore.py 6.1 kB
locking.py 60.9 kB
luxi.py 7.2 kB
mcpu.py 18.3 kB
netutils.py 19.7 kB
network.py 7.7 kB
objects.py 65.7 kB
opcodes.py.in_after 391 Bytes
opcodes.py.in_before 6.9 kB
opcodes_base.py 7.7 kB
outils.py 4.3 kB
ovf.py 66 kB
pathutils.py 6.2 kB
qlang.py 9.5 kB
query.py 86.3 kB
rpc_defs.py 26 kB
runtime.py 8.4 kB
serializer.py 4.5 kB
ssconf.py 13.5 kB
ssh.py 10.7 kB
uidpool.py 11.7 kB
vcluster.py 7.4 kB
workerpool.py 18.3 kB

Latest revisions

# Date Author Comment
fc6ccde4 01/08/2014 03:01 pm Helga Velroyen

Create client certificate for normal nodes

The vcluster QA revealed a bug in the SSL certificate
handling code, where certificates were only created
when the node is a master-candidate. However, every node
should have a certificate, but only the digests of the...

a6c43c02 12/20/2013 03:15 pm Helga Velroyen

Verify client certificates

This patch adds a step to 'gnt-cluster verify' to verify
the existence and validity of the nodes' client
certificates. Since this is a crucial point of the
security concept, the verification is very detailed with
expressive error messages and well tested by unit tests....

b3cc1646 12/20/2013 03:15 pm Helga Velroyen

Verify incoming RPCs against candidate map

From this patch on, incoming RPC calls are checked against
the map of valid master candidate certificates. If no map
is present, the cluster is assumed to be in
bootstrap/upgrade mode and compares the incoming call...

28756f80 12/20/2013 03:15 pm Helga Velroyen

Handle promoting/demoting nodes wrt to client certificates

This patch makes Ganeti correctly handle the client
certificates when nodes get promoted to master candidates
or demoted to normal nodes.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

d722af8b 12/20/2013 03:15 pm Helga Velroyen

Extend RPC call to create SSL certificates

So far the RPC call 'node_crypto_tokens' did only retrieve
the certificate digest of an existing certificate. This
call is now enhanced to also create a new certificate and
return the respective digest. This will be used in various...

60cc531d 12/20/2013 03:15 pm Helga Velroyen

Create client SSL certificates on cluster init

This patch makes Ganeti create a client SSL certificate for
the master node on cluster initialization. Note that some of
the code in this patch is later moved into an LU to serve
requirements for crypto renewal and updates, but for this...

1059337d 12/20/2013 03:15 pm Helga Velroyen

Store candidate certificates in ssconf

This patch enables Ganeti to store the candidate
certificate map in ssconf. A utility function to
read it is provided as well.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

840ad2ab 12/20/2013 03:15 pm Helga Velroyen

Handle client certificates on node add/remove

This patch adds the certificate of a newly added or
readded master candidate node to the map of master candidate
certificates. It removes a master candidate node's certificate
digest from the candidate certificate map if the node is...

5b6f9e35 12/20/2013 03:15 pm Helga Velroyen

Add certificate for master node

On cluster initialization, the master node's
SSL certificate digest is added to the list of master
candidate certificates.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

3bcf2140 12/20/2013 03:15 pm Helga Velroyen

Add candiate certificate map to configuration

At the end of this patch series, incoming RPC calls are
legitimized against a map of master candidate nodes'
SSL certificate digests. This patch adds the map itself
to the cluster's configuration.

Signed-off-by: Helga Velroyen <>...

View revisions

Also available in: Atom