Revision fdd9ac5b
b/NEWS | ||
---|---|---|
1 | 1 |
News |
2 | 2 |
==== |
3 | 3 |
|
4 |
Version 2.4.0 rc1 |
|
5 |
----------------- |
|
6 |
|
|
7 |
*(unreleased)* |
|
8 |
|
|
9 |
- Moved ``rapi_users`` file into separate directory, now named |
|
10 |
``…/ganeti/rapi/users`` |
|
11 |
|
|
12 |
|
|
4 | 13 |
Version 2.3.0 rc1 |
5 | 14 |
----------------- |
6 | 15 |
|
b/daemons/ensure-dirs.in | ||
---|---|---|
80 | 80 |
_ensure_dir ${DATADIR}/queue 0700 "$(_fileset_owner masterd)" |
81 | 81 |
_ensure_dir ${DATADIR}/queue/archive 0700 "$(_fileset_owner masterd)" |
82 | 82 |
_ensure_dir ${DATADIR}/uidpool 0750 "$(_fileset_owner noded)" |
83 |
_ensure_dir ${DATADIR}/rapi 0750 "$(_fileset_owner rapi)" |
|
83 | 84 |
|
84 | 85 |
# We ignore these files if they don't exists (incomplete setup) |
85 | 86 |
_ensure_file ${DATADIR}/cluster-domain-secret 0640 \ |
... | ... | |
88 | 89 |
_ensure_file ${DATADIR}/hmac.key 0440 "$(_fileset_owner confd)" || : |
89 | 90 |
_ensure_file ${DATADIR}/known_hosts 0644 "$(_fileset_owner masterd)" || : |
90 | 91 |
_ensure_file ${DATADIR}/rapi.pem 0440 "$(_fileset_owner rapi)" || : |
91 |
_ensure_file ${DATADIR}/rapi_users 0640 "$(_fileset_owner rapi)" || :
|
|
92 |
_ensure_file ${DATADIR}/rapi/users 0640 "$(_fileset_owner rapi)" || :
|
|
92 | 93 |
_ensure_file ${DATADIR}/server.pem 0440 "$(_fileset_owner masterd)" || : |
93 | 94 |
_ensure_file ${DATADIR}/queue/serial 0600 "$(_fileset_owner masterd)" || : |
94 | 95 |
|
b/doc/rapi.rst | ||
---|---|---|
21 | 21 |
------------------- |
22 | 22 |
|
23 | 23 |
``ganeti-rapi`` reads users and passwords from a file (usually |
24 |
``/var/lib/ganeti/rapi_users``) on startup. Changes to the file will be
|
|
24 |
``/var/lib/ganeti/rapi/users``) on startup. Changes to the file will be
|
|
25 | 25 |
read automatically. |
26 | 26 |
|
27 | 27 |
Each line consists of two or three fields separated by whitespace. The |
b/lib/constants.py | ||
---|---|---|
135 | 135 |
WATCHER_PAUSEFILE = DATA_DIR + "/watcher.pause" |
136 | 136 |
INSTANCE_UPFILE = RUN_GANETI_DIR + "/instance-status" |
137 | 137 |
SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts" |
138 |
RAPI_USERS_FILE = DATA_DIR + "/rapi_users"
|
|
138 |
RAPI_USERS_FILE = DATA_DIR + "/rapi/users"
|
|
139 | 139 |
QUEUE_DIR = DATA_DIR + "/queue" |
140 | 140 |
DAEMON_UTIL = _autoconf.PKGLIBDIR + "/daemon-util" |
141 | 141 |
SETUP_SSH = _autoconf.TOOLSDIR + "/setup-ssh" |
b/man/ganeti-rapi.rst | ||
---|---|---|
38 | 38 |
modification operations require authentication, in the form of basic |
39 | 39 |
authentication. |
40 | 40 |
|
41 |
The users and their rights are defined in a file named rapi_users,
|
|
42 |
located in the ``@LOCALSTATEDIR@/lib/ganeti`` directory. The users
|
|
41 |
The users and their rights are defined in the
|
|
42 |
``@LOCALSTATEDIR@/lib/ganeti/rapi/users`` file. The users
|
|
43 | 43 |
should be listed one per line, in the following format:: |
44 | 44 |
|
45 | 45 |
username password options |
b/test/cfgupgrade_unittest.py | ||
---|---|---|
57 | 57 |
self.config_path = utils.PathJoin(self.tmpdir, "config.data") |
58 | 58 |
self.noded_cert_path = utils.PathJoin(self.tmpdir, "server.pem") |
59 | 59 |
self.rapi_cert_path = utils.PathJoin(self.tmpdir, "rapi.pem") |
60 |
self.rapi_users_path = utils.PathJoin(self.tmpdir, "rapi", "users") |
|
61 |
self.rapi_users_path_pre24 = utils.PathJoin(self.tmpdir, "rapi_users") |
|
60 | 62 |
self.known_hosts_path = utils.PathJoin(self.tmpdir, "known_hosts") |
61 | 63 |
self.confd_hmac_path = utils.PathJoin(self.tmpdir, "hmac.key") |
62 | 64 |
self.cds_path = utils.PathJoin(self.tmpdir, "cluster-domain-secret") |
... | ... | |
122 | 124 |
newcfg = self._LoadConfig() |
123 | 125 |
self.assertEqual(newcfg["version"], expversion) |
124 | 126 |
|
127 |
def testRapiUsers(self): |
|
128 |
self.assertFalse(os.path.exists(self.rapi_users_path)) |
|
129 |
self.assertFalse(os.path.exists(self.rapi_users_path_pre24)) |
|
130 |
|
|
131 |
utils.WriteFile(self.rapi_users_path_pre24, data="some user\n") |
|
132 |
self._TestSimpleUpgrade(constants.BuildVersion(2, 3, 0), False) |
|
133 |
|
|
134 |
self.assert_(os.path.islink(self.rapi_users_path_pre24)) |
|
135 |
self.assert_(os.path.isfile(self.rapi_users_path)) |
|
136 |
for path in [self.rapi_users_path, self.rapi_users_path_pre24]: |
|
137 |
self.assertEqual(utils.ReadFile(path), "some user\n") |
|
138 |
|
|
139 |
def testRapiUsers24AndAbove(self): |
|
140 |
self.assertFalse(os.path.exists(self.rapi_users_path)) |
|
141 |
self.assertFalse(os.path.exists(self.rapi_users_path_pre24)) |
|
142 |
|
|
143 |
os.mkdir(os.path.dirname(self.rapi_users_path)) |
|
144 |
utils.WriteFile(self.rapi_users_path, data="other user\n") |
|
145 |
self._TestSimpleUpgrade(constants.BuildVersion(2, 3, 0), False) |
|
146 |
|
|
147 |
self.assert_(os.path.islink(self.rapi_users_path_pre24)) |
|
148 |
self.assert_(os.path.isfile(self.rapi_users_path)) |
|
149 |
for path in [self.rapi_users_path, self.rapi_users_path_pre24]: |
|
150 |
self.assertEqual(utils.ReadFile(path), "other user\n") |
|
151 |
|
|
152 |
def testRapiUsersExistingSymlink(self): |
|
153 |
self.assertFalse(os.path.exists(self.rapi_users_path)) |
|
154 |
self.assertFalse(os.path.exists(self.rapi_users_path_pre24)) |
|
155 |
|
|
156 |
os.symlink(self.rapi_users_path, self.rapi_users_path_pre24) |
|
157 |
utils.WriteFile(self.rapi_users_path_pre24, data="hello world\n") |
|
158 |
|
|
159 |
self._TestSimpleUpgrade(constants.BuildVersion(2, 2, 0), False) |
|
160 |
|
|
161 |
self.assert_(os.path.isfile(self.rapi_users_path)) |
|
162 |
self.assert_(os.path.islink(self.rapi_users_path_pre24)) |
|
163 |
for path in [self.rapi_users_path, self.rapi_users_path_pre24]: |
|
164 |
self.assertEqual(utils.ReadFile(path), "hello world\n") |
|
165 |
|
|
125 | 166 |
def testUpgradeFrom_2_0(self): |
126 | 167 |
self._TestSimpleUpgrade(constants.BuildVersion(2, 0, 0), False) |
127 | 168 |
|
128 | 169 |
def testUpgradeFrom_2_1(self): |
129 | 170 |
self._TestSimpleUpgrade(constants.BuildVersion(2, 1, 0), False) |
130 | 171 |
|
172 |
def testUpgradeFrom_2_2(self): |
|
173 |
self._TestSimpleUpgrade(constants.BuildVersion(2, 2, 0), False) |
|
174 |
|
|
175 |
def testUpgradeFrom_2_3(self): |
|
176 |
self._TestSimpleUpgrade(constants.BuildVersion(2, 3, 0), False) |
|
177 |
|
|
131 | 178 |
def testUpgradeCurrent(self): |
132 | 179 |
self._TestSimpleUpgrade(constants.CONFIG_VERSION, False) |
133 | 180 |
|
... | ... | |
137 | 184 |
def testUpgradeDryRunFrom_2_1(self): |
138 | 185 |
self._TestSimpleUpgrade(constants.BuildVersion(2, 1, 0), True) |
139 | 186 |
|
187 |
def testUpgradeDryRunFrom_2_2(self): |
|
188 |
self._TestSimpleUpgrade(constants.BuildVersion(2, 2, 0), True) |
|
189 |
|
|
190 |
def testUpgradeDryRunFrom_2_3(self): |
|
191 |
self._TestSimpleUpgrade(constants.BuildVersion(2, 3, 0), True) |
|
192 |
|
|
140 | 193 |
def testUpgradeCurrentDryRun(self): |
141 | 194 |
self._TestSimpleUpgrade(constants.CONFIG_VERSION, True) |
142 | 195 |
|
b/tools/cfgupgrade | ||
---|---|---|
102 | 102 |
options.SERVER_PEM_PATH = options.data_dir + "/server.pem" |
103 | 103 |
options.KNOWN_HOSTS_PATH = options.data_dir + "/known_hosts" |
104 | 104 |
options.RAPI_CERT_FILE = options.data_dir + "/rapi.pem" |
105 |
options.RAPI_USERS_FILE = options.data_dir + "/rapi/users" |
|
106 |
options.RAPI_USERS_FILE_PRE24 = options.data_dir + "/rapi_users" |
|
105 | 107 |
options.CONFD_HMAC_KEY = options.data_dir + "/hmac.key" |
106 | 108 |
options.CDS_FILE = options.data_dir + "/cluster-domain-secret" |
107 | 109 |
|
... | ... | |
155 | 157 |
raise Error("Configuration version %d.%d.%d not supported by this tool" % |
156 | 158 |
(config_major, config_minor, config_revision)) |
157 | 159 |
|
160 |
if os.path.isfile(options.RAPI_USERS_FILE_PRE24): |
|
161 |
logging.info("Found pre-2.4 RAPI users file at %s, renaming to %s", |
|
162 |
options.RAPI_USERS_FILE_PRE24, options.RAPI_USERS_FILE) |
|
163 |
utils.RenameFile(options.RAPI_USERS_FILE_PRE24, options.RAPI_USERS_FILE, |
|
164 |
mkdir=True, mkdir_mode=0750) |
|
165 |
|
|
166 |
# Create a symlink for RAPI users file |
|
167 |
if not os.path.islink(options.RAPI_USERS_FILE_PRE24): |
|
168 |
logging.info("Creating symlink from %s to %s", |
|
169 |
options.RAPI_USERS_FILE_PRE24, options.RAPI_USERS_FILE) |
|
170 |
os.symlink(options.RAPI_USERS_FILE, options.RAPI_USERS_FILE_PRE24) |
|
171 |
|
|
158 | 172 |
try: |
159 | 173 |
logging.info("Writing configuration file to %s", options.CONFIG_DATA_PATH) |
160 | 174 |
utils.WriteFile(file_name=options.CONFIG_DATA_PATH, |
Also available in: Unified diff