cmdlib.py 426 KB
Newer Older
Iustin Pop's avatar
Iustin Pop committed
1
#
Iustin Pop's avatar
Iustin Pop committed
2
3
#

4
# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Google Inc.
Iustin Pop's avatar
Iustin Pop committed
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.


22
"""Module implementing the master-side code."""
Iustin Pop's avatar
Iustin Pop committed
23

Iustin Pop's avatar
Iustin Pop committed
24
# pylint: disable-msg=W0201,C0302
25
26
27

# W0201 since most LU attributes are defined in CheckPrereq or similar
# functions
Iustin Pop's avatar
Iustin Pop committed
28

Iustin Pop's avatar
Iustin Pop committed
29
30
# C0302: since we have waaaay to many lines in this module

Iustin Pop's avatar
Iustin Pop committed
31
32
33
34
35
import os
import os.path
import time
import re
import platform
36
import logging
37
import copy
38
import OpenSSL
39
40
41
import socket
import tempfile
import shutil
42
import itertools
Iustin Pop's avatar
Iustin Pop committed
43
44
45
46
47

from ganeti import ssh
from ganeti import utils
from ganeti import errors
from ganeti import hypervisor
Guido Trotter's avatar
Guido Trotter committed
48
from ganeti import locking
Iustin Pop's avatar
Iustin Pop committed
49
50
from ganeti import constants
from ganeti import objects
51
from ganeti import serializer
52
from ganeti import ssconf
53
from ganeti import uidpool
54
from ganeti import compat
55
from ganeti import masterd
56
from ganeti import netutils
57
58
from ganeti import query
from ganeti import qlang
59
from ganeti import opcodes
60
61

import ganeti.masterd.instance # pylint: disable-msg=W0611
62

Iustin Pop's avatar
Iustin Pop committed
63

64
65
66
67
68
69
70
71
72
73
74
75
76
def _SupportsOob(cfg, node):
  """Tells if node supports OOB.

  @type cfg: L{config.ConfigWriter}
  @param cfg: The cluster configuration
  @type node: L{objects.Node}
  @param node: The node
  @return: The OOB script if supported or an empty string otherwise

  """
  return cfg.GetNdParams(node)[constants.ND_OOB_PROGRAM]


77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
class ResultWithJobs:
  """Data container for LU results with jobs.

  Instances of this class returned from L{LogicalUnit.Exec} will be recognized
  by L{mcpu.Processor._ProcessResult}. The latter will then submit the jobs
  contained in the C{jobs} attribute and include the job IDs in the opcode
  result.

  """
  def __init__(self, jobs, **kwargs):
    """Initializes this class.

    Additional return values can be specified as keyword arguments.

    @type jobs: list of lists of L{opcode.OpCode}
    @param jobs: A list of lists of opcode objects

    """
    self.jobs = jobs
    self.other = kwargs


Iustin Pop's avatar
Iustin Pop committed
99
class LogicalUnit(object):
100
  """Logical Unit base class.
Iustin Pop's avatar
Iustin Pop committed
101
102

  Subclasses must follow these rules:
103
    - implement ExpandNames
104
105
    - implement CheckPrereq (except when tasklets are used)
    - implement Exec (except when tasklets are used)
Iustin Pop's avatar
Iustin Pop committed
106
    - implement BuildHooksEnv
107
    - implement BuildHooksNodes
Iustin Pop's avatar
Iustin Pop committed
108
    - redefine HPATH and HTYPE
109
    - optionally redefine their run requirements:
110
        REQ_BGL: the LU needs to hold the Big Ganeti Lock exclusively
111
112

  Note that all commands require root permissions.
Iustin Pop's avatar
Iustin Pop committed
113

114
115
116
  @ivar dry_run_result: the value (if any) that will be returned to the caller
      in dry-run mode (signalled by opcode dry_run parameter)

Iustin Pop's avatar
Iustin Pop committed
117
118
119
  """
  HPATH = None
  HTYPE = None
120
  REQ_BGL = True
Iustin Pop's avatar
Iustin Pop committed
121

Iustin Pop's avatar
Iustin Pop committed
122
  def __init__(self, processor, op, context, rpc):
Iustin Pop's avatar
Iustin Pop committed
123
124
    """Constructor for LogicalUnit.

Michael Hanselmann's avatar
Michael Hanselmann committed
125
    This needs to be overridden in derived classes in order to check op
Iustin Pop's avatar
Iustin Pop committed
126
127
128
    validity.

    """
Iustin Pop's avatar
Iustin Pop committed
129
    self.proc = processor
Iustin Pop's avatar
Iustin Pop committed
130
    self.op = op
Guido Trotter's avatar
Guido Trotter committed
131
132
    self.cfg = context.cfg
    self.context = context
Iustin Pop's avatar
Iustin Pop committed
133
    self.rpc = rpc
134
    # Dicts used to declare locking needs to mcpu
135
    self.needed_locks = None
136
    self.acquired_locks = {}
137
    self.share_locks = dict.fromkeys(locking.LEVELS, 0)
138
139
    self.add_locks = {}
    self.remove_locks = {}
140
141
    # Used to force good behavior when calling helper functions
    self.recalculate_locks = {}
142
    # logging
143
    self.Log = processor.Log # pylint: disable-msg=C0103
Iustin Pop's avatar
Iustin Pop committed
144
145
    self.LogWarning = processor.LogWarning # pylint: disable-msg=C0103
    self.LogInfo = processor.LogInfo # pylint: disable-msg=C0103
146
    self.LogStep = processor.LogStep # pylint: disable-msg=C0103
147
148
    # support for dry-run
    self.dry_run_result = None
149
150
151
152
    # support for generic debug attribute
    if (not hasattr(self.op, "debug_level") or
        not isinstance(self.op.debug_level, int)):
      self.op.debug_level = 0
153

154
    # Tasklets
155
    self.tasklets = None
156

157
158
    # Validate opcode parameters and set defaults
    self.op.Validate(True)
159

160
    self.CheckArguments()
Iustin Pop's avatar
Iustin Pop committed
161

162
163
164
165
166
167
168
169
170
  def CheckArguments(self):
    """Check syntactic validity for the opcode arguments.

    This method is for doing a simple syntactic check and ensure
    validity of opcode parameters, without any cluster-related
    checks. While the same can be accomplished in ExpandNames and/or
    CheckPrereq, doing these separate is better because:

      - ExpandNames is left as as purely a lock-related function
Michael Hanselmann's avatar
Michael Hanselmann committed
171
      - CheckPrereq is run after we have acquired locks (and possible
172
173
174
175
176
177
178
179
        waited for them)

    The function is allowed to change the self.op attribute so that
    later methods can no longer worry about missing parameters.

    """
    pass

180
181
182
183
184
185
  def ExpandNames(self):
    """Expand names for this LU.

    This method is called before starting to execute the opcode, and it should
    update all the parameters of the opcode to their canonical form (e.g. a
    short node name must be fully expanded after this method has successfully
Adeodato Simo's avatar
Adeodato Simo committed
186
    completed). This way locking, hooks, logging, etc. can work correctly.
187
188
189
190

    LUs which implement this method must also populate the self.needed_locks
    member, as a dict with lock levels as keys, and a list of needed lock names
    as values. Rules:
191
192
193
194
195

      - use an empty dict if you don't need any lock
      - if you don't need any lock at a particular level omit that level
      - don't put anything for the BGL level
      - if you want all locks at a level use locking.ALL_SET as a value
196

Guido Trotter's avatar
Guido Trotter committed
197
198
199
200
    If you need to share locks (rather than acquire them exclusively) at one
    level you can modify self.share_locks, setting a true value (usually 1) for
    that level. By default locks are not shared.

201
202
203
204
    This function can also define a list of tasklets, which then will be
    executed in order instead of the usual LU-level CheckPrereq and Exec
    functions, if those are not defined by the LU.

205
206
207
208
209
    Examples::

      # Acquire all nodes and one instance
      self.needed_locks = {
        locking.LEVEL_NODE: locking.ALL_SET,
210
        locking.LEVEL_INSTANCE: ['instance1.example.com'],
211
212
213
      }
      # Acquire just two nodes
      self.needed_locks = {
214
        locking.LEVEL_NODE: ['node1.example.com', 'node2.example.com'],
215
216
217
      }
      # Acquire no locks
      self.needed_locks = {} # No, you can't leave it to the default value None
218
219
220
221
222
223
224
225
226
227

    """
    # The implementation of this method is mandatory only if the new LU is
    # concurrent, so that old LUs don't need to be changed all at the same
    # time.
    if self.REQ_BGL:
      self.needed_locks = {} # Exclusive LUs don't need locks.
    else:
      raise NotImplementedError

Guido Trotter's avatar
Guido Trotter committed
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
  def DeclareLocks(self, level):
    """Declare LU locking needs for a level

    While most LUs can just declare their locking needs at ExpandNames time,
    sometimes there's the need to calculate some locks after having acquired
    the ones before. This function is called just before acquiring locks at a
    particular level, but after acquiring the ones at lower levels, and permits
    such calculations. It can be used to modify self.needed_locks, and by
    default it does nothing.

    This function is only called if you have something already set in
    self.needed_locks for the level.

    @param level: Locking level which is going to be locked
    @type level: member of ganeti.locking.LEVELS

    """

Iustin Pop's avatar
Iustin Pop committed
246
247
248
249
250
251
252
253
254
255
256
257
  def CheckPrereq(self):
    """Check prerequisites for this LU.

    This method should check that the prerequisites for the execution
    of this LU are fulfilled. It can do internode communication, but
    it should be idempotent - no cluster or system changes are
    allowed.

    The method should raise errors.OpPrereqError in case something is
    not fulfilled. Its return value is ignored.

    This method should also update all the parameters of the opcode to
258
    their canonical form if it hasn't been done by ExpandNames before.
Iustin Pop's avatar
Iustin Pop committed
259
260

    """
261
    if self.tasklets is not None:
262
      for (idx, tl) in enumerate(self.tasklets):
263
264
        logging.debug("Checking prerequisites for tasklet %s/%s",
                      idx + 1, len(self.tasklets))
265
266
        tl.CheckPrereq()
    else:
267
      pass
Iustin Pop's avatar
Iustin Pop committed
268
269
270
271
272
273
274
275
276

  def Exec(self, feedback_fn):
    """Execute the LU.

    This method should implement the actual work. It should raise
    errors.OpExecError for failures that are somewhat dealt with in
    code, or expected.

    """
277
    if self.tasklets is not None:
278
      for (idx, tl) in enumerate(self.tasklets):
279
        logging.debug("Executing tasklet %s/%s", idx + 1, len(self.tasklets))
280
281
282
        tl.Exec(feedback_fn)
    else:
      raise NotImplementedError
Iustin Pop's avatar
Iustin Pop committed
283
284
285
286

  def BuildHooksEnv(self):
    """Build hooks environment for this LU.

287
288
289
290
291
292
293
294
    @rtype: dict
    @return: Dictionary containing the environment that will be used for
      running the hooks for this LU. The keys of the dict must not be prefixed
      with "GANETI_"--that'll be added by the hooks runner. The hooks runner
      will extend the environment with additional variables. If no environment
      should be defined, an empty dictionary should be returned (not C{None}).
    @note: If the C{HPATH} attribute of the LU class is C{None}, this function
      will not be called.
Iustin Pop's avatar
Iustin Pop committed
295

296
297
    """
    raise NotImplementedError
Iustin Pop's avatar
Iustin Pop committed
298

299
300
  def BuildHooksNodes(self):
    """Build list of nodes to run LU's hooks.
Iustin Pop's avatar
Iustin Pop committed
301

302
303
304
305
306
307
308
    @rtype: tuple; (list, list)
    @return: Tuple containing a list of node names on which the hook
      should run before the execution and a list of node names on which the
      hook should run after the execution. No nodes should be returned as an
      empty list (and not None).
    @note: If the C{HPATH} attribute of the LU class is C{None}, this function
      will not be called.
Iustin Pop's avatar
Iustin Pop committed
309
310
311
312

    """
    raise NotImplementedError

313
314
315
316
317
318
319
320
321
  def HooksCallBack(self, phase, hook_results, feedback_fn, lu_result):
    """Notify the LU about the results of its hooks.

    This method is called every time a hooks phase is executed, and notifies
    the Logical Unit about the hooks' result. The LU can then use it to alter
    its result based on the hooks.  By default the method does nothing and the
    previous result is passed back unchanged but any LU can define it if it
    wants to use the local cluster hook-scripts somehow.

322
323
324
325
326
327
328
329
    @param phase: one of L{constants.HOOKS_PHASE_POST} or
        L{constants.HOOKS_PHASE_PRE}; it denotes the hooks phase
    @param hook_results: the results of the multi-node hooks rpc call
    @param feedback_fn: function used send feedback back to the caller
    @param lu_result: the previous Exec result this LU had, or None
        in the PRE phase
    @return: the new Exec result, based on the previous result
        and hook results
330
331

    """
332
333
334
    # API must be kept, thus we ignore the unused argument and could
    # be a function warnings
    # pylint: disable-msg=W0613,R0201
335
336
    return lu_result

337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
  def _ExpandAndLockInstance(self):
    """Helper function to expand and lock an instance.

    Many LUs that work on an instance take its name in self.op.instance_name
    and need to expand it and then declare the expanded name for locking. This
    function does it, and then updates self.op.instance_name to the expanded
    name. It also initializes needed_locks as a dict, if this hasn't been done
    before.

    """
    if self.needed_locks is None:
      self.needed_locks = {}
    else:
      assert locking.LEVEL_INSTANCE not in self.needed_locks, \
        "_ExpandAndLockInstance called with instance-level locks set"
352
353
354
    self.op.instance_name = _ExpandInstanceName(self.cfg,
                                                self.op.instance_name)
    self.needed_locks[locking.LEVEL_INSTANCE] = self.op.instance_name
355

356
  def _LockInstancesNodes(self, primary_only=False):
357
358
359
360
361
362
363
364
365
366
367
368
369
    """Helper function to declare instances' nodes for locking.

    This function should be called after locking one or more instances to lock
    their nodes. Its effect is populating self.needed_locks[locking.LEVEL_NODE]
    with all primary or secondary nodes for instances already locked and
    present in self.needed_locks[locking.LEVEL_INSTANCE].

    It should be called from DeclareLocks, and for safety only works if
    self.recalculate_locks[locking.LEVEL_NODE] is set.

    In the future it may grow parameters to just lock some instance's nodes, or
    to just lock primaries or secondary nodes, if needed.

370
    If should be called in DeclareLocks in a way similar to::
371

372
373
      if level == locking.LEVEL_NODE:
        self._LockInstancesNodes()
374

375
376
377
    @type primary_only: boolean
    @param primary_only: only lock primary nodes of locked instances

378
379
380
381
382
383
384
385
386
387
    """
    assert locking.LEVEL_NODE in self.recalculate_locks, \
      "_LockInstancesNodes helper function called with no nodes to recalculate"

    # TODO: check if we're really been called with the instance locks held

    # For now we'll replace self.needed_locks[locking.LEVEL_NODE], but in the
    # future we might want to have different behaviors depending on the value
    # of self.recalculate_locks[locking.LEVEL_NODE]
    wanted_nodes = []
388
    for instance_name in self.acquired_locks[locking.LEVEL_INSTANCE]:
389
390
      instance = self.context.cfg.GetInstanceInfo(instance_name)
      wanted_nodes.append(instance.primary_node)
391
392
      if not primary_only:
        wanted_nodes.extend(instance.secondary_nodes)
393
394
395
396
397

    if self.recalculate_locks[locking.LEVEL_NODE] == constants.LOCKS_REPLACE:
      self.needed_locks[locking.LEVEL_NODE] = wanted_nodes
    elif self.recalculate_locks[locking.LEVEL_NODE] == constants.LOCKS_APPEND:
      self.needed_locks[locking.LEVEL_NODE].extend(wanted_nodes)
398
399
400

    del self.recalculate_locks[locking.LEVEL_NODE]

Iustin Pop's avatar
Iustin Pop committed
401

Iustin Pop's avatar
Iustin Pop committed
402
class NoHooksLU(LogicalUnit): # pylint: disable-msg=W0223
Iustin Pop's avatar
Iustin Pop committed
403
404
405
406
407
408
409
410
411
  """Simple LU which runs no hooks.

  This LU is intended as a parent for other LogicalUnits which will
  run no hooks, in order to reduce duplicate code.

  """
  HPATH = None
  HTYPE = None

412
413
414
415
416
417
  def BuildHooksEnv(self):
    """Empty BuildHooksEnv for NoHooksLu.

    This just raises an error.

    """
418
419
420
421
422
423
424
    raise AssertionError("BuildHooksEnv called for NoHooksLUs")

  def BuildHooksNodes(self):
    """Empty BuildHooksNodes for NoHooksLU.

    """
    raise AssertionError("BuildHooksNodes called for NoHooksLU")
425

Iustin Pop's avatar
Iustin Pop committed
426

427
428
429
430
431
432
433
434
435
436
437
438
class Tasklet:
  """Tasklet base class.

  Tasklets are subcomponents for LUs. LUs can consist entirely of tasklets or
  they can mix legacy code with tasklets. Locking needs to be done in the LU,
  tasklets know nothing about locks.

  Subclasses must follow these rules:
    - Implement CheckPrereq
    - Implement Exec

  """
439
440
441
442
443
444
445
  def __init__(self, lu):
    self.lu = lu

    # Shortcuts
    self.cfg = lu.cfg
    self.rpc = lu.rpc

446
447
448
449
450
451
452
453
454
455
456
457
458
459
  def CheckPrereq(self):
    """Check prerequisites for this tasklets.

    This method should check whether the prerequisites for the execution of
    this tasklet are fulfilled. It can do internode communication, but it
    should be idempotent - no cluster or system changes are allowed.

    The method should raise errors.OpPrereqError in case something is not
    fulfilled. Its return value is ignored.

    This method should also update all parameters to their canonical form if it
    hasn't been done before.

    """
460
    pass
461
462
463
464
465
466
467
468
469
470
471
472

  def Exec(self, feedback_fn):
    """Execute the tasklet.

    This method should implement the actual work. It should raise
    errors.OpExecError for failures that are somewhat dealt with in code, or
    expected.

    """
    raise NotImplementedError


473
474
475
476
477
478
479
class _QueryBase:
  """Base for query utility classes.

  """
  #: Attribute holding field definitions
  FIELDS = None

480
  def __init__(self, filter_, fields, use_locking):
481
482
483
484
485
    """Initializes this class.

    """
    self.use_locking = use_locking

486
487
    self.query = query.Query(self.FIELDS, fields, filter_=filter_,
                             namefield="name")
488
    self.requested_data = self.query.RequestedData()
489
    self.names = self.query.RequestedNames()
490

491
492
493
    # Sort only if no names were requested
    self.sort_by_name = not self.names

494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
    self.do_locking = None
    self.wanted = None

  def _GetNames(self, lu, all_names, lock_level):
    """Helper function to determine names asked for in the query.

    """
    if self.do_locking:
      names = lu.acquired_locks[lock_level]
    else:
      names = all_names

    if self.wanted == locking.ALL_SET:
      assert not self.names
      # caller didn't specify names, so ordering is not important
      return utils.NiceSort(names)

    # caller specified names and we must keep the same order
    assert self.names
    assert not self.do_locking or lu.acquired_locks[lock_level]

    missing = set(self.wanted).difference(names)
    if missing:
      raise errors.OpExecError("Some items were removed before retrieving"
                               " their data: %s" % missing)

    # Return expanded names
    return self.wanted

523
524
525
526
527
528
529
530
  def ExpandNames(self, lu):
    """Expand names for this query.

    See L{LogicalUnit.ExpandNames}.

    """
    raise NotImplementedError()

531
  def DeclareLocks(self, lu, level):
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
    """Declare locks for this query.

    See L{LogicalUnit.DeclareLocks}.

    """
    raise NotImplementedError()

  def _GetQueryData(self, lu):
    """Collects all data for this query.

    @return: Query data object

    """
    raise NotImplementedError()

  def NewStyleQuery(self, lu):
    """Collect data and execute query.

    """
551
552
    return query.GetQueryResponse(self.query, self._GetQueryData(lu),
                                  sort_by_name=self.sort_by_name)
553
554
555
556
557

  def OldStyleQuery(self, lu):
    """Collect data and execute query.

    """
558
559
    return self.query.OldStyleQuery(self._GetQueryData(lu),
                                    sort_by_name=self.sort_by_name)
560
561


562
def _GetWantedNodes(lu, nodes):
563
  """Returns list of checked and expanded node names.
564

565
566
567
568
569
570
  @type lu: L{LogicalUnit}
  @param lu: the logical unit on whose behalf we execute
  @type nodes: list
  @param nodes: list of node names or None for all nodes
  @rtype: list
  @return: the list of nodes, sorted
Iustin Pop's avatar
Iustin Pop committed
571
  @raise errors.ProgrammerError: if the nodes parameter is wrong type
572
573

  """
574
575
  if nodes:
    return [_ExpandNodeName(lu.cfg, name) for name in nodes]
576

577
  return utils.NiceSort(lu.cfg.GetNodeList())
578
579
580


def _GetWantedInstances(lu, instances):
581
  """Returns list of checked and expanded instance names.
582

583
584
585
586
587
588
589
590
  @type lu: L{LogicalUnit}
  @param lu: the logical unit on whose behalf we execute
  @type instances: list
  @param instances: list of instance names or None for all instances
  @rtype: list
  @return: the list of instances, sorted
  @raise errors.OpPrereqError: if the instances parameter is wrong type
  @raise errors.OpPrereqError: if any of the passed instances is not found
591
592
593

  """
  if instances:
594
    wanted = [_ExpandInstanceName(lu.cfg, name) for name in instances]
595
  else:
596
597
    wanted = utils.NiceSort(lu.cfg.GetInstanceList())
  return wanted
598
599


600
601
def _GetUpdatedParams(old_params, update_dict,
                      use_default=True, use_none=False):
602
603
604
605
606
607
608
609
  """Return the new version of a parameter dictionary.

  @type old_params: dict
  @param old_params: old parameters
  @type update_dict: dict
  @param update_dict: dict containing new parameter values, or
      constants.VALUE_DEFAULT to reset the parameter to its default
      value
610
611
612
613
614
615
  @param use_default: boolean
  @type use_default: whether to recognise L{constants.VALUE_DEFAULT}
      values as 'to be deleted' values
  @param use_none: boolean
  @type use_none: whether to recognise C{None} values as 'to be
      deleted' values
616
617
618
619
620
621
  @rtype: dict
  @return: the new parameter dictionary

  """
  params_copy = copy.deepcopy(old_params)
  for key, val in update_dict.iteritems():
622
623
    if ((use_default and val == constants.VALUE_DEFAULT) or
        (use_none and val is None)):
624
625
626
627
628
629
630
631
632
      try:
        del params_copy[key]
      except KeyError:
        pass
    else:
      params_copy[key] = val
  return params_copy


633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
def _ReleaseLocks(lu, level, names=None, keep=None):
  """Releases locks owned by an LU.

  @type lu: L{LogicalUnit}
  @param level: Lock level
  @type names: list or None
  @param names: Names of locks to release
  @type keep: list or None
  @param keep: Names of locks to retain

  """
  assert not (keep is not None and names is not None), \
         "Only one of the 'names' and the 'keep' parameters can be given"

  if names is not None:
    should_release = names.__contains__
  elif keep:
    should_release = lambda name: name not in keep
  else:
    should_release = None

  if should_release:
    retain = []
    release = []

    # Determine which locks to release
    for name in lu.acquired_locks[level]:
      if should_release(name):
        release.append(name)
      else:
        retain.append(name)

    assert len(lu.acquired_locks[level]) == (len(retain) + len(release))

    # Release just some locks
    lu.context.glm.release(level, names=release)
    lu.acquired_locks[level] = retain

    assert frozenset(lu.context.glm.list_owned(level)) == frozenset(retain)
  else:
    # Release everything
    lu.context.glm.release(level)
    del lu.acquired_locks[level]

    assert not lu.context.glm.list_owned(level), "No locks should be owned"


680
681
682
683
684
685
686
687
688
689
690
691
def _RunPostHook(lu, node_name):
  """Runs the post-hook for an opcode on a single node.

  """
  hm = lu.proc.hmclass(lu.rpc.call_hooks_runner, lu)
  try:
    hm.RunPhase(constants.HOOKS_PHASE_POST, nodes=[node_name])
  except:
    # pylint: disable-msg=W0702
    lu.LogWarning("Errors occurred running hooks on %s" % node_name)


692
def _CheckOutputFields(static, dynamic, selected):
693
694
  """Checks whether all selected fields are valid.

Iustin Pop's avatar
Iustin Pop committed
695
  @type static: L{utils.FieldSet}
Iustin Pop's avatar
Iustin Pop committed
696
  @param static: static fields set
Iustin Pop's avatar
Iustin Pop committed
697
  @type dynamic: L{utils.FieldSet}
Iustin Pop's avatar
Iustin Pop committed
698
  @param dynamic: dynamic fields set
699
700

  """
Iustin Pop's avatar
Iustin Pop committed
701
  f = utils.FieldSet()
Iustin Pop's avatar
Iustin Pop committed
702
703
  f.Extend(static)
  f.Extend(dynamic)
704

Iustin Pop's avatar
Iustin Pop committed
705
706
  delta = f.NonMatching(selected)
  if delta:
707
    raise errors.OpPrereqError("Unknown output fields selected: %s"
708
                               % ",".join(delta), errors.ECODE_INVAL)
709
710


711
712
713
714
715
716
717
718
719
720
721
def _CheckGlobalHvParams(params):
  """Validates that given hypervisor params are not global ones.

  This will ensure that instances don't get customised versions of
  global params.

  """
  used_globals = constants.HVC_GLOBALS.intersection(params)
  if used_globals:
    msg = ("The following hypervisor parameters are global and cannot"
           " be customized at instance level, please modify them at"
722
           " cluster level: %s" % utils.CommaJoin(used_globals))
723
724
725
    raise errors.OpPrereqError(msg, errors.ECODE_INVAL)


726
def _CheckNodeOnline(lu, node, msg=None):
727
728
729
730
  """Ensure that a given node is online.

  @param lu: the LU on behalf of which we make the check
  @param node: the node to check
731
  @param msg: if passed, should be a message to replace the default one
732
  @raise errors.OpPrereqError: if the node is offline
733
734

  """
735
736
  if msg is None:
    msg = "Can't use offline node"
737
  if lu.cfg.GetNodeInfo(node).offline:
738
    raise errors.OpPrereqError("%s: %s" % (msg, node), errors.ECODE_STATE)
739
740


741
742
743
744
745
746
747
748
749
def _CheckNodeNotDrained(lu, node):
  """Ensure that a given node is not drained.

  @param lu: the LU on behalf of which we make the check
  @param node: the node to check
  @raise errors.OpPrereqError: if the node is drained

  """
  if lu.cfg.GetNodeInfo(node).drained:
750
    raise errors.OpPrereqError("Can't use drained node %s" % node,
751
752
753
754
755
756
757
758
759
760
761
762
763
764
                               errors.ECODE_STATE)


def _CheckNodeVmCapable(lu, node):
  """Ensure that a given node is vm capable.

  @param lu: the LU on behalf of which we make the check
  @param node: the node to check
  @raise errors.OpPrereqError: if the node is not vm capable

  """
  if not lu.cfg.GetNodeInfo(node).vm_capable:
    raise errors.OpPrereqError("Can't use non-vm_capable node %s" % node,
                               errors.ECODE_STATE)
765
766


Iustin Pop's avatar
Iustin Pop committed
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
def _CheckNodeHasOS(lu, node, os_name, force_variant):
  """Ensure that a node supports a given OS.

  @param lu: the LU on behalf of which we make the check
  @param node: the node to check
  @param os_name: the OS to query about
  @param force_variant: whether to ignore variant errors
  @raise errors.OpPrereqError: if the node is not supporting the OS

  """
  result = lu.rpc.call_os_get(node, os_name)
  result.Raise("OS '%s' not in supported OS list for node %s" %
               (os_name, node),
               prereq=True, ecode=errors.ECODE_INVAL)
  if not force_variant:
    _CheckOSVariant(result.payload, os_name)


785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
def _CheckNodeHasSecondaryIP(lu, node, secondary_ip, prereq):
  """Ensure that a node has the given secondary ip.

  @type lu: L{LogicalUnit}
  @param lu: the LU on behalf of which we make the check
  @type node: string
  @param node: the node to check
  @type secondary_ip: string
  @param secondary_ip: the ip to check
  @type prereq: boolean
  @param prereq: whether to throw a prerequisite or an execute error
  @raise errors.OpPrereqError: if the node doesn't have the ip, and prereq=True
  @raise errors.OpExecError: if the node doesn't have the ip, and prereq=False

  """
  result = lu.rpc.call_node_has_ip_address(node, secondary_ip)
  result.Raise("Failure checking secondary ip on node %s" % node,
               prereq=prereq, ecode=errors.ECODE_ENVIRON)
  if not result.payload:
    msg = ("Node claims it doesn't have the secondary ip you gave (%s),"
           " please fix and re-run this command" % secondary_ip)
    if prereq:
      raise errors.OpPrereqError(msg, errors.ECODE_ENVIRON)
    else:
      raise errors.OpExecError(msg)


812
813
814
815
816
817
818
def _GetClusterDomainSecret():
  """Reads the cluster domain secret.

  """
  return utils.ReadOneLineFile(constants.CLUSTER_DOMAIN_SECRET_FILE,
                               strict=True)

819

820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
def _CheckInstanceDown(lu, instance, reason):
  """Ensure that an instance is not running."""
  if instance.admin_up:
    raise errors.OpPrereqError("Instance %s is marked to be up, %s" %
                               (instance.name, reason), errors.ECODE_STATE)

  pnode = instance.primary_node
  ins_l = lu.rpc.call_instance_list([pnode], [instance.hypervisor])[pnode]
  ins_l.Raise("Can't contact node %s for instance information" % pnode,
              prereq=True, ecode=errors.ECODE_ENVIRON)

  if instance.name in ins_l.payload:
    raise errors.OpPrereqError("Instance %s is running, %s" %
                               (instance.name, reason), errors.ECODE_STATE)


836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
def _ExpandItemName(fn, name, kind):
  """Expand an item name.

  @param fn: the function to use for expansion
  @param name: requested item name
  @param kind: text description ('Node' or 'Instance')
  @return: the resolved (full) name
  @raise errors.OpPrereqError: if the item is not found

  """
  full_name = fn(name)
  if full_name is None:
    raise errors.OpPrereqError("%s '%s' not known" % (kind, name),
                               errors.ECODE_NOENT)
  return full_name


def _ExpandNodeName(cfg, name):
  """Wrapper over L{_ExpandItemName} for nodes."""
  return _ExpandItemName(cfg.ExpandNodeName, name, "Node")


def _ExpandInstanceName(cfg, name):
  """Wrapper over L{_ExpandItemName} for instance."""
  return _ExpandItemName(cfg.ExpandInstanceName, name, "Instance")


863
def _BuildInstanceHookEnv(name, primary_node, secondary_nodes, os_type, status,
864
                          memory, vcpus, nics, disk_template, disks,
Michael Hanselmann's avatar
Michael Hanselmann committed
865
                          bep, hvp, hypervisor_name):
866
867
868
869
870
871
872
873
874
875
876
877
  """Builds instance related env variables for hooks

  This builds the hook environment from individual variables.

  @type name: string
  @param name: the name of the instance
  @type primary_node: string
  @param primary_node: the name of the instance's primary node
  @type secondary_nodes: list
  @param secondary_nodes: list of secondary nodes as strings
  @type os_type: string
  @param os_type: the name of the instance's OS
878
879
  @type status: boolean
  @param status: the should_run status of the instance
880
881
882
883
884
  @type memory: string
  @param memory: the memory size of the instance
  @type vcpus: string
  @param vcpus: the count of VCPUs the instance has
  @type nics: list
885
886
  @param nics: list of tuples (ip, mac, mode, link) representing
      the NICs the instance has
Iustin Pop's avatar
Iustin Pop committed
887
  @type disk_template: string
Michael Hanselmann's avatar
Michael Hanselmann committed
888
  @param disk_template: the disk template of the instance
Iustin Pop's avatar
Iustin Pop committed
889
890
  @type disks: list
  @param disks: the list of (size, mode) pairs
891
892
893
894
  @type bep: dict
  @param bep: the backend parameters for the instance
  @type hvp: dict
  @param hvp: the hypervisor parameters for the instance
Michael Hanselmann's avatar
Michael Hanselmann committed
895
896
  @type hypervisor_name: string
  @param hypervisor_name: the hypervisor for the instance
897
898
  @rtype: dict
  @return: the hook environment for this instance
899

900
  """
901
902
903
904
  if status:
    str_status = "up"
  else:
    str_status = "down"
905
  env = {
906
    "OP_TARGET": name,
907
908
909
    "INSTANCE_NAME": name,
    "INSTANCE_PRIMARY": primary_node,
    "INSTANCE_SECONDARIES": " ".join(secondary_nodes),
910
    "INSTANCE_OS_TYPE": os_type,
911
    "INSTANCE_STATUS": str_status,
912
913
    "INSTANCE_MEMORY": memory,
    "INSTANCE_VCPUS": vcpus,
Iustin Pop's avatar
Iustin Pop committed
914
    "INSTANCE_DISK_TEMPLATE": disk_template,
Michael Hanselmann's avatar
Michael Hanselmann committed
915
    "INSTANCE_HYPERVISOR": hypervisor_name,
916
917
918
919
  }

  if nics:
    nic_count = len(nics)
920
    for idx, (ip, mac, mode, link) in enumerate(nics):
921
922
923
      if ip is None:
        ip = ""
      env["INSTANCE_NIC%d_IP" % idx] = ip
Iustin Pop's avatar
Iustin Pop committed
924
      env["INSTANCE_NIC%d_MAC" % idx] = mac
925
926
927
928
      env["INSTANCE_NIC%d_MODE" % idx] = mode
      env["INSTANCE_NIC%d_LINK" % idx] = link
      if mode == constants.NIC_MODE_BRIDGED:
        env["INSTANCE_NIC%d_BRIDGE" % idx] = link
929
930
931
932
933
  else:
    nic_count = 0

  env["INSTANCE_NIC_COUNT"] = nic_count

Iustin Pop's avatar
Iustin Pop committed
934
935
936
937
938
939
940
941
942
943
  if disks:
    disk_count = len(disks)
    for idx, (size, mode) in enumerate(disks):
      env["INSTANCE_DISK%d_SIZE" % idx] = size
      env["INSTANCE_DISK%d_MODE" % idx] = mode
  else:
    disk_count = 0

  env["INSTANCE_DISK_COUNT"] = disk_count

944
945
946
947
  for source, kind in [(bep, "BE"), (hvp, "HV")]:
    for key, value in source.items():
      env["INSTANCE_%s_%s" % (kind, key)] = value

948
949
  return env

950

951
def _NICListToTuple(lu, nics):
952
953
  """Build a list of nic information tuples.

954
  This list is suitable to be passed to _BuildInstanceHookEnv or as a return
955
  value in LUInstanceQueryData.
956
957
958
959
960
961
962
963

  @type lu:  L{LogicalUnit}
  @param lu: the logical unit on whose behalf we execute
  @type nics: list of L{objects.NIC}
  @param nics: list of nics to convert to hooks tuples

  """
  hooks_nics = []
964
  cluster = lu.cfg.GetClusterInfo()
965
966
967
  for nic in nics:
    ip = nic.ip
    mac = nic.mac
968
    filled_params = cluster.SimpleFillNIC(nic.nicparams)
969
970
971
972
    mode = filled_params[constants.NIC_MODE]
    link = filled_params[constants.NIC_LINK]
    hooks_nics.append((ip, mac, mode, link))
  return hooks_nics
973

974

Iustin Pop's avatar
Iustin Pop committed
975
def _BuildInstanceHookEnvByObject(lu, instance, override=None):
976
977
  """Builds instance related env variables for hooks from an object.

978
979
980
981
982
983
984
985
986
987
988
  @type lu: L{LogicalUnit}
  @param lu: the logical unit on whose behalf we execute
  @type instance: L{objects.Instance}
  @param instance: the instance for which we should build the
      environment
  @type override: dict
  @param override: dictionary with key/values that will override
      our values
  @rtype: dict
  @return: the hook environment dictionary

989
  """
990
991
992
  cluster = lu.cfg.GetClusterInfo()
  bep = cluster.FillBE(instance)
  hvp = cluster.FillHV(instance)
993
994
995
996
  args = {
    'name': instance.name,
    'primary_node': instance.primary_node,
    'secondary_nodes': instance.secondary_nodes,
997
    'os_type': instance.os,
998
    'status': instance.admin_up,
Iustin Pop's avatar
Iustin Pop committed
999
1000
    'memory': bep[constants.BE_MEMORY],
    'vcpus': bep[constants.BE_VCPUS],
1001
    'nics': _NICListToTuple(lu, instance.nics),
Iustin Pop's avatar
Iustin Pop committed
1002
1003
    'disk_template': instance.disk_template,
    'disks': [(disk.size, disk.mode) for disk in instance.disks],
1004
1005
    'bep': bep,
    'hvp': hvp,
1006
    'hypervisor_name': instance.hypervisor,
1007
1008
1009
  }
  if override:
    args.update(override)
Iustin Pop's avatar
Iustin Pop committed
1010
  return _BuildInstanceHookEnv(**args) # pylint: disable-msg=W0142
1011
1012


Guido Trotter's avatar
Guido Trotter committed
1013
def _AdjustCandidatePool(lu, exceptions):
1014
1015
1016
  """Adjust the candidate pool after node operations.

  """
Guido Trotter's avatar
Guido Trotter committed
1017
  mod_list = lu.cfg.MaintainCandidatePool(exceptions)
1018
1019
  if mod_list:
    lu.LogInfo("Promoted nodes to master candidate role: %s",
1020
               utils.CommaJoin(node.name for node in mod_list))
1021
1022
    for name in mod_list:
      lu.context.ReaddNode(name)
Guido Trotter's avatar
Guido Trotter committed
1023
  mc_now, mc_max, _ = lu.cfg.GetMasterCandidateStats(exceptions)
1024
1025
1026
1027
1028
  if mc_now > mc_max:
    lu.LogInfo("Note: more nodes are candidates (%d) than desired (%d)" %
               (mc_now, mc_max))


1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
def _DecideSelfPromotion(lu, exceptions=None):
  """Decide whether I should promote myself as a master candidate.

  """
  cp_size = lu.cfg.GetClusterInfo().candidate_pool_size
  mc_now, mc_should, _ = lu.cfg.GetMasterCandidateStats(exceptions)
  # the new node will increase mc_max with one, so:
  mc_should = min(mc_should + 1, cp_size)
  return mc_now < mc_should


1040
def _CheckNicsBridgesExist(lu, target_nics, target_node):
1041
1042
1043
  """Check that the brigdes needed by a list of nics exist.

  """
1044
1045
  cluster = lu.cfg.GetClusterInfo()
  paramslist = [cluster.SimpleFillNIC(nic.nicparams) for nic in target_nics]
1046
1047
1048
1049
  brlist = [params[constants.NIC_LINK] for params in paramslist
            if params[constants.NIC_MODE] == constants.NIC_MODE_BRIDGED]
  if brlist:
    result = lu.rpc.call_bridges_exist(target_node, brlist)
1050
    result.Raise("Error checking bridges on destination node '%s'" %
1051
                 target_node, prereq=True, ecode=errors.ECODE_ENVIRON)
1052
1053
1054


def _CheckInstanceBridgesExist(lu, instance, node=None):
1055
1056
1057
  """Check that the brigdes needed by an instance exist.

  """
1058
  if node is None:
Iustin Pop's avatar
Iustin Pop committed
1059
    node = instance.primary_node
1060
  _CheckNicsBridgesExist(lu, instance.nics, node)
1061
1062


Iustin Pop's avatar
Iustin Pop committed
1063
def _CheckOSVariant(os_obj, name):
Guido Trotter's avatar
Guido Trotter committed
1064
1065
  """Check whether an OS name conforms to the os variants specification.

Iustin Pop's avatar
Iustin Pop committed
1066
1067
  @type os_obj: L{objects.OS}
  @param os_obj: OS object to check
Guido Trotter's avatar
Guido Trotter committed
1068
1069
1070
1071
  @type name: string
  @param name: OS name passed by the user, to check for validity

  """
Iustin Pop's avatar
Iustin Pop committed
1072
  if not os_obj.supported_variants:
Guido Trotter's avatar
Guido Trotter committed
1073
    return
1074
1075
  variant = objects.OS.GetVariant(name)
  if not variant:
1076
1077
    raise errors.OpPrereqError("OS name must include a variant",
                               errors.ECODE_INVAL)
Guido Trotter's avatar
Guido Trotter committed
1078

Iustin Pop's avatar
Iustin Pop committed
1079
  if variant not in os_obj.supported_variants:
1080
    raise errors.OpPrereqError("Unsupported OS variant", errors.ECODE_INVAL)
Guido Trotter's avatar
Guido Trotter committed
1081
1082


1083
1084
1085
1086
def _GetNodeInstancesInner(cfg, fn):
  return [i for i in cfg.GetAllInstancesInfo().values() if fn(i)]


1087
1088
1089
1090
1091
1092
1093
1094
def _GetNodeInstances(cfg, node_name):
  """Returns a list of all primary and secondary instances on a node.

  """

  return _GetNodeInstancesInner(cfg, lambda inst: node_name in inst.all_nodes)


1095
1096
1097
1098
def _GetNodePrimaryInstances(cfg, node_name):
  """Returns primary instances on a node.

  """
1099
1100
  return _GetNodeInstancesInner(cfg,
                                lambda inst: node_name == inst.primary_node)
1101
1102


1103
1104
1105
1106
def _GetNodeSecondaryInstances(cfg, node_name):
  """Returns secondary instances on a node.

  """
1107
1108
  return _GetNodeInstancesInner(cfg,
                                lambda inst: node_name in inst.secondary_nodes)
1109
1110


1111
1112
1113
1114
1115
1116
def _GetStorageTypeArgs(cfg, storage_type):
  """Returns the arguments for a storage type.

  """
  # Special case for file storage
  if storage_type == constants.ST_FILE:
1117
    # storage.FileStorage wants a list of storage directories
1118
    return [[cfg.GetFileStorageDir(), cfg.GetSharedFileStorageDir()]]
1119
1120
1121
1122

  return []


1123
1124
1125
1126
1127
1128
1129
1130
def _FindFaultyInstanceDisks(cfg, rpc, instance, node_name, prereq):
  faulty = []

  for dev in instance.disks:
    cfg.SetDiskID(dev, node_name)

  result = rpc.call_blockdev_getmirrorstatus(node_name, instance.disks)
  result.Raise("Failed to get disk status from node %s" % node_name,
1131
               prereq=prereq, ecode=errors.ECODE_ENVIRON)
1132
1133
1134
1135
1136
1137
1138
1139

  for idx, bdev_status in enumerate(result.payload):
    if bdev_status and bdev_status.ldisk_status == constants.LDS_FAULTY:
      faulty.append(idx)

  return faulty


1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
def _CheckIAllocatorOrNode(lu, iallocator_slot, node_slot):
  """Check the sanity of iallocator and node arguments and use the
  cluster-wide iallocator if appropriate.

  Check that at most one of (iallocator, node) is specified. If none is
  specified, then the LU's opcode's iallocator slot is filled with the
  cluster-wide default iallocator.

  @type iallocator_slot: string
  @param iallocator_slot: the name of the opcode iallocator slot
  @type node_slot: string
  @param node_slot: the name of the opcode target node slot

  """
  node = getattr(lu.op, node_slot, None)
  iallocator = getattr(lu.op, iallocator_slot, None)

  if node is not None and iallocator is not None:
    raise errors.OpPrereqError("Do not specify both, iallocator and node.",
                               errors.ECODE_INVAL)
  elif node is None and iallocator is None:
    default_iallocator = lu.cfg.GetDefaultIAllocator()
    if default_iallocator:
      setattr(lu.op, iallocator_slot, default_iallocator)
    else:
      raise errors.OpPrereqError("No iallocator or node given and no"
                                 " cluster-wide default iallocator found."
                                 " Please specify either an iallocator or a"
                                 " node, or set a cluster-wide default"
                                 " iallocator.")


1172
class LUClusterPostInit(LogicalUnit):
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
  """Logical unit for running hooks after cluster initialization.

  """
  HPATH = "cluster-init"
  HTYPE = constants.HTYPE_CLUSTER

  def BuildHooksEnv(self):
    """Build hooks env.

    """
1183
1184
1185
1186
1187
1188
1189
1190
1191
    return {
      "OP_TARGET": self.cfg.GetClusterName(),
      }

  def BuildHooksNodes(self):
    """Build hooks nodes.

    """
    return ([], [self.cfg.GetMasterNode()])
1192
1193
1194
1195
1196
1197
1198
1199

  def Exec(self, feedback_fn):
    """Nothing to do.

    """
    return True


1200
class LUClusterDestroy(LogicalUnit):
Iustin Pop's avatar
Iustin Pop committed
1201
1202
1203
  """Logical unit for destroying the cluster.

  """
1204
1205
  HPATH = "cluster-destroy"
  HTYPE = constants.HTYPE_CLUSTER
Iustin Pop's avatar
Iustin Pop committed
1206

1207
1208
1209
1210
  def BuildHooksEnv(self):
    """Build hooks env.

    """
1211
1212
1213
1214
1215
1216
1217
1218
1219
    return {
      "OP_TARGET": self.cfg.GetClusterName(),
      }

  def BuildHooksNodes(self):
    """Build hooks nodes.

    """
    return ([], [])
1220

Iustin Pop's avatar
Iustin Pop committed
1221
1222
1223
1224
1225
  def CheckPrereq(self):
    """Check prerequisites.

    This checks whether the cluster is empty.

Michael Hanselmann's avatar
Michael Hanselmann committed
1226
    Any errors are signaled by raising errors.OpPrereqError.
Iustin Pop's avatar
Iustin Pop committed
1227
1228

    """
Michael Hanselmann's avatar
Michael Hanselmann committed
1229
    master = self.cfg.GetMasterNode()
Iustin Pop's avatar
Iustin Pop committed
1230
1231

    nodelist = self.cfg.GetNodeList()
1232
    if len(nodelist) != 1 or nodelist[0] != master:
1233
      raise errors.OpPrereqError("There are still %d node(s) in"
1234
1235
                                 " this cluster." % (len(nodelist) - 1),
                                 errors.ECODE_INVAL)
1236
1237
    instancelist = self.cfg.GetInstanceList()
    if instancelist:
1238
      raise errors.OpPrereqError("There are still %d instance(s) in"
1239
1240
                                 " this cluster." % len(instancelist),
                                 errors.ECODE_INVAL)
Iustin Pop's avatar
Iustin Pop committed
1241
1242
1243
1244
1245

  def Exec(self, feedback_fn):
    """Destroys the cluster.

    """
Michael Hanselmann's avatar
Michael Hanselmann committed
1246
    master = self.cfg.GetMasterNode()
Luca Bigliardi's avatar
Luca Bigliardi committed
1247
1248

    # Run post hooks on master node before it's removed
1249
    _RunPostHook(self, master)
Luca Bigliardi's avatar
Luca Bigliardi committed
1250

1251
    result = self.rpc.call_node_stop_master(master, False)
1252
    result.Raise("Could not disable the master role")
1253

Iustin Pop's avatar
Iustin Pop committed
1254
    return master
Iustin Pop's avatar
Iustin Pop committed
1255
1256


1257
def _VerifyCertificate(filename):
1258
  """Verifies a certificate for LUClusterVerify.
1259
1260
1261
1262
1263
1264
1265
1266
1267

  @type filename: string
  @param filename: Path to PEM file

  """
  try:
    cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                           utils.ReadFile(filename))
  except Exception, err: # pylint: disable-msg=W0703
1268
    return (LUClusterVerify.ETYPE_ERROR,
1269
1270
            "Failed to load X509 certificate %s: %s" % (filename, err))

1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
  (errcode, msg) = \
    utils.VerifyX509Certificate(cert, constants.SSL_CERT_EXPIRATION_WARN,
                                constants.SSL_CERT_EXPIRATION_ERROR)

  if msg:
    fnamemsg = "While verifying %s: %s" % (filename, msg)
  else:
    fnamemsg = None

  if errcode is None:
    return (None, fnamemsg)
  elif errcode == utils.CERT_WARNING:
1283
    return (LUClusterVerify.ETYPE_WARNING, fnamemsg)
1284
  elif errcode == utils.CERT_ERROR:
1285
    return (LUClusterVerify.ETYPE_ERROR, fnamemsg)
1286

1287
  raise errors.ProgrammerError("Unhandled certificate error code %r" % errcode)
1288
1289


1290
class LUClusterVerify(LogicalUnit):
Iustin Pop's avatar
Iustin Pop committed
1291
1292
1293
  """Verifies the cluster status.

  """
Guido Trotter's avatar
Guido Trotter committed
1294
1295
  HPATH = "cluster-verify"
  HTYPE = constants.HTYPE_CLUSTER
1296
1297
  REQ_BGL = False

1298
1299
1300
1301
1302
  TCLUSTER = "cluster"
  TNODE = "node"
  TINSTANCE = "instance"

  ECLUSTERCFG = (TCLUSTER, "ECLUSTERCFG")
1303
  ECLUSTERCERT = (TCLUSTER, "ECLUSTERCERT")
1304
  ECLUSTERFILECHECK = (TCLUSTER, "ECLUSTERFILECHECK")
1305
1306
1307
1308
  EINSTANCEBADNODE = (TINSTANCE, "EINSTANCEBADNODE")
  EINSTANCEDOWN = (TINSTANCE, "EINSTANCEDOWN")
  EINSTANCELAYOUT = (TINSTANCE, "EINSTANCELAYOUT")
  EINSTANCEMISSINGDISK = (