cmdlib.py 444 KB
Newer Older
Iustin Pop's avatar
Iustin Pop committed
1
#
Iustin Pop's avatar
Iustin Pop committed
2
3
#

4
# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Google Inc.
Iustin Pop's avatar
Iustin Pop committed
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.


22
"""Module implementing the master-side code."""
Iustin Pop's avatar
Iustin Pop committed
23

Iustin Pop's avatar
Iustin Pop committed
24
# pylint: disable-msg=W0201,C0302
25
26
27

# W0201 since most LU attributes are defined in CheckPrereq or similar
# functions
Iustin Pop's avatar
Iustin Pop committed
28

Iustin Pop's avatar
Iustin Pop committed
29
30
# C0302: since we have waaaay to many lines in this module

Iustin Pop's avatar
Iustin Pop committed
31
32
33
34
35
import os
import os.path
import time
import re
import platform
36
import logging
37
import copy
38
import OpenSSL
39
40
41
import socket
import tempfile
import shutil
42
import itertools
Iustin Pop's avatar
Iustin Pop committed
43
44
45
46
47

from ganeti import ssh
from ganeti import utils
from ganeti import errors
from ganeti import hypervisor
Guido Trotter's avatar
Guido Trotter committed
48
from ganeti import locking
Iustin Pop's avatar
Iustin Pop committed
49
50
from ganeti import constants
from ganeti import objects
51
from ganeti import serializer
52
from ganeti import ssconf
53
from ganeti import uidpool
54
from ganeti import compat
55
from ganeti import masterd
56
from ganeti import netutils
57
58
from ganeti import query
from ganeti import qlang
59
from ganeti import opcodes
60
from ganeti import ht
61
62

import ganeti.masterd.instance # pylint: disable-msg=W0611
63

Iustin Pop's avatar
Iustin Pop committed
64

65
66
67
68
69
70
71
72
73
74
75
76
77
def _SupportsOob(cfg, node):
  """Tells if node supports OOB.

  @type cfg: L{config.ConfigWriter}
  @param cfg: The cluster configuration
  @type node: L{objects.Node}
  @param node: The node
  @return: The OOB script if supported or an empty string otherwise

  """
  return cfg.GetNdParams(node)[constants.ND_OOB_PROGRAM]


78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
class ResultWithJobs:
  """Data container for LU results with jobs.

  Instances of this class returned from L{LogicalUnit.Exec} will be recognized
  by L{mcpu.Processor._ProcessResult}. The latter will then submit the jobs
  contained in the C{jobs} attribute and include the job IDs in the opcode
  result.

  """
  def __init__(self, jobs, **kwargs):
    """Initializes this class.

    Additional return values can be specified as keyword arguments.

    @type jobs: list of lists of L{opcode.OpCode}
    @param jobs: A list of lists of opcode objects

    """
    self.jobs = jobs
    self.other = kwargs


Iustin Pop's avatar
Iustin Pop committed
100
class LogicalUnit(object):
101
  """Logical Unit base class.
Iustin Pop's avatar
Iustin Pop committed
102
103

  Subclasses must follow these rules:
104
    - implement ExpandNames
105
106
    - implement CheckPrereq (except when tasklets are used)
    - implement Exec (except when tasklets are used)
Iustin Pop's avatar
Iustin Pop committed
107
    - implement BuildHooksEnv
108
    - implement BuildHooksNodes
Iustin Pop's avatar
Iustin Pop committed
109
    - redefine HPATH and HTYPE
110
    - optionally redefine their run requirements:
111
        REQ_BGL: the LU needs to hold the Big Ganeti Lock exclusively
112
113

  Note that all commands require root permissions.
Iustin Pop's avatar
Iustin Pop committed
114

115
116
117
  @ivar dry_run_result: the value (if any) that will be returned to the caller
      in dry-run mode (signalled by opcode dry_run parameter)

Iustin Pop's avatar
Iustin Pop committed
118
119
120
  """
  HPATH = None
  HTYPE = None
121
  REQ_BGL = True
Iustin Pop's avatar
Iustin Pop committed
122

Iustin Pop's avatar
Iustin Pop committed
123
  def __init__(self, processor, op, context, rpc):
Iustin Pop's avatar
Iustin Pop committed
124
125
    """Constructor for LogicalUnit.

Michael Hanselmann's avatar
Michael Hanselmann committed
126
    This needs to be overridden in derived classes in order to check op
Iustin Pop's avatar
Iustin Pop committed
127
128
129
    validity.

    """
Iustin Pop's avatar
Iustin Pop committed
130
    self.proc = processor
Iustin Pop's avatar
Iustin Pop committed
131
    self.op = op
Guido Trotter's avatar
Guido Trotter committed
132
    self.cfg = context.cfg
133
    self.glm = context.glm
Guido Trotter's avatar
Guido Trotter committed
134
    self.context = context
Iustin Pop's avatar
Iustin Pop committed
135
    self.rpc = rpc
136
    # Dicts used to declare locking needs to mcpu
137
    self.needed_locks = None
138
    self.share_locks = dict.fromkeys(locking.LEVELS, 0)
139
140
    self.add_locks = {}
    self.remove_locks = {}
141
142
    # Used to force good behavior when calling helper functions
    self.recalculate_locks = {}
143
    # logging
144
    self.Log = processor.Log # pylint: disable-msg=C0103
Iustin Pop's avatar
Iustin Pop committed
145
146
    self.LogWarning = processor.LogWarning # pylint: disable-msg=C0103
    self.LogInfo = processor.LogInfo # pylint: disable-msg=C0103
147
    self.LogStep = processor.LogStep # pylint: disable-msg=C0103
148
149
    # support for dry-run
    self.dry_run_result = None
150
151
152
153
    # support for generic debug attribute
    if (not hasattr(self.op, "debug_level") or
        not isinstance(self.op.debug_level, int)):
      self.op.debug_level = 0
154

155
    # Tasklets
156
    self.tasklets = None
157

158
159
    # Validate opcode parameters and set defaults
    self.op.Validate(True)
160

161
    self.CheckArguments()
Iustin Pop's avatar
Iustin Pop committed
162

163
164
165
166
167
168
169
170
171
  def CheckArguments(self):
    """Check syntactic validity for the opcode arguments.

    This method is for doing a simple syntactic check and ensure
    validity of opcode parameters, without any cluster-related
    checks. While the same can be accomplished in ExpandNames and/or
    CheckPrereq, doing these separate is better because:

      - ExpandNames is left as as purely a lock-related function
Michael Hanselmann's avatar
Michael Hanselmann committed
172
      - CheckPrereq is run after we have acquired locks (and possible
173
174
175
176
177
178
179
180
        waited for them)

    The function is allowed to change the self.op attribute so that
    later methods can no longer worry about missing parameters.

    """
    pass

181
182
183
184
185
186
  def ExpandNames(self):
    """Expand names for this LU.

    This method is called before starting to execute the opcode, and it should
    update all the parameters of the opcode to their canonical form (e.g. a
    short node name must be fully expanded after this method has successfully
Adeodato Simo's avatar
Adeodato Simo committed
187
    completed). This way locking, hooks, logging, etc. can work correctly.
188
189
190
191

    LUs which implement this method must also populate the self.needed_locks
    member, as a dict with lock levels as keys, and a list of needed lock names
    as values. Rules:
192
193
194
195
196

      - use an empty dict if you don't need any lock
      - if you don't need any lock at a particular level omit that level
      - don't put anything for the BGL level
      - if you want all locks at a level use locking.ALL_SET as a value
197

Guido Trotter's avatar
Guido Trotter committed
198
199
200
201
    If you need to share locks (rather than acquire them exclusively) at one
    level you can modify self.share_locks, setting a true value (usually 1) for
    that level. By default locks are not shared.

202
203
204
205
    This function can also define a list of tasklets, which then will be
    executed in order instead of the usual LU-level CheckPrereq and Exec
    functions, if those are not defined by the LU.

206
207
208
209
210
    Examples::

      # Acquire all nodes and one instance
      self.needed_locks = {
        locking.LEVEL_NODE: locking.ALL_SET,
211
        locking.LEVEL_INSTANCE: ['instance1.example.com'],
212
213
214
      }
      # Acquire just two nodes
      self.needed_locks = {
215
        locking.LEVEL_NODE: ['node1.example.com', 'node2.example.com'],
216
217
218
      }
      # Acquire no locks
      self.needed_locks = {} # No, you can't leave it to the default value None
219
220
221
222
223
224
225
226
227
228

    """
    # The implementation of this method is mandatory only if the new LU is
    # concurrent, so that old LUs don't need to be changed all at the same
    # time.
    if self.REQ_BGL:
      self.needed_locks = {} # Exclusive LUs don't need locks.
    else:
      raise NotImplementedError

Guido Trotter's avatar
Guido Trotter committed
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
  def DeclareLocks(self, level):
    """Declare LU locking needs for a level

    While most LUs can just declare their locking needs at ExpandNames time,
    sometimes there's the need to calculate some locks after having acquired
    the ones before. This function is called just before acquiring locks at a
    particular level, but after acquiring the ones at lower levels, and permits
    such calculations. It can be used to modify self.needed_locks, and by
    default it does nothing.

    This function is only called if you have something already set in
    self.needed_locks for the level.

    @param level: Locking level which is going to be locked
    @type level: member of ganeti.locking.LEVELS

    """

Iustin Pop's avatar
Iustin Pop committed
247
248
249
250
251
252
253
254
255
256
257
258
  def CheckPrereq(self):
    """Check prerequisites for this LU.

    This method should check that the prerequisites for the execution
    of this LU are fulfilled. It can do internode communication, but
    it should be idempotent - no cluster or system changes are
    allowed.

    The method should raise errors.OpPrereqError in case something is
    not fulfilled. Its return value is ignored.

    This method should also update all the parameters of the opcode to
259
    their canonical form if it hasn't been done by ExpandNames before.
Iustin Pop's avatar
Iustin Pop committed
260
261

    """
262
    if self.tasklets is not None:
263
      for (idx, tl) in enumerate(self.tasklets):
264
265
        logging.debug("Checking prerequisites for tasklet %s/%s",
                      idx + 1, len(self.tasklets))
266
267
        tl.CheckPrereq()
    else:
268
      pass
Iustin Pop's avatar
Iustin Pop committed
269
270
271
272
273
274
275
276
277

  def Exec(self, feedback_fn):
    """Execute the LU.

    This method should implement the actual work. It should raise
    errors.OpExecError for failures that are somewhat dealt with in
    code, or expected.

    """
278
    if self.tasklets is not None:
279
      for (idx, tl) in enumerate(self.tasklets):
280
        logging.debug("Executing tasklet %s/%s", idx + 1, len(self.tasklets))
281
282
283
        tl.Exec(feedback_fn)
    else:
      raise NotImplementedError
Iustin Pop's avatar
Iustin Pop committed
284
285
286
287

  def BuildHooksEnv(self):
    """Build hooks environment for this LU.

288
289
290
291
292
293
294
295
    @rtype: dict
    @return: Dictionary containing the environment that will be used for
      running the hooks for this LU. The keys of the dict must not be prefixed
      with "GANETI_"--that'll be added by the hooks runner. The hooks runner
      will extend the environment with additional variables. If no environment
      should be defined, an empty dictionary should be returned (not C{None}).
    @note: If the C{HPATH} attribute of the LU class is C{None}, this function
      will not be called.
Iustin Pop's avatar
Iustin Pop committed
296

297
298
    """
    raise NotImplementedError
Iustin Pop's avatar
Iustin Pop committed
299

300
301
  def BuildHooksNodes(self):
    """Build list of nodes to run LU's hooks.
Iustin Pop's avatar
Iustin Pop committed
302

303
304
305
306
307
308
309
    @rtype: tuple; (list, list)
    @return: Tuple containing a list of node names on which the hook
      should run before the execution and a list of node names on which the
      hook should run after the execution. No nodes should be returned as an
      empty list (and not None).
    @note: If the C{HPATH} attribute of the LU class is C{None}, this function
      will not be called.
Iustin Pop's avatar
Iustin Pop committed
310
311
312
313

    """
    raise NotImplementedError

314
315
316
317
318
319
320
321
322
  def HooksCallBack(self, phase, hook_results, feedback_fn, lu_result):
    """Notify the LU about the results of its hooks.

    This method is called every time a hooks phase is executed, and notifies
    the Logical Unit about the hooks' result. The LU can then use it to alter
    its result based on the hooks.  By default the method does nothing and the
    previous result is passed back unchanged but any LU can define it if it
    wants to use the local cluster hook-scripts somehow.

323
324
325
326
327
328
329
330
    @param phase: one of L{constants.HOOKS_PHASE_POST} or
        L{constants.HOOKS_PHASE_PRE}; it denotes the hooks phase
    @param hook_results: the results of the multi-node hooks rpc call
    @param feedback_fn: function used send feedback back to the caller
    @param lu_result: the previous Exec result this LU had, or None
        in the PRE phase
    @return: the new Exec result, based on the previous result
        and hook results
331
332

    """
333
334
335
    # API must be kept, thus we ignore the unused argument and could
    # be a function warnings
    # pylint: disable-msg=W0613,R0201
336
337
    return lu_result

338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
  def _ExpandAndLockInstance(self):
    """Helper function to expand and lock an instance.

    Many LUs that work on an instance take its name in self.op.instance_name
    and need to expand it and then declare the expanded name for locking. This
    function does it, and then updates self.op.instance_name to the expanded
    name. It also initializes needed_locks as a dict, if this hasn't been done
    before.

    """
    if self.needed_locks is None:
      self.needed_locks = {}
    else:
      assert locking.LEVEL_INSTANCE not in self.needed_locks, \
        "_ExpandAndLockInstance called with instance-level locks set"
353
354
355
    self.op.instance_name = _ExpandInstanceName(self.cfg,
                                                self.op.instance_name)
    self.needed_locks[locking.LEVEL_INSTANCE] = self.op.instance_name
356

357
  def _LockInstancesNodes(self, primary_only=False):
358
359
360
361
362
363
364
365
366
367
368
369
370
    """Helper function to declare instances' nodes for locking.

    This function should be called after locking one or more instances to lock
    their nodes. Its effect is populating self.needed_locks[locking.LEVEL_NODE]
    with all primary or secondary nodes for instances already locked and
    present in self.needed_locks[locking.LEVEL_INSTANCE].

    It should be called from DeclareLocks, and for safety only works if
    self.recalculate_locks[locking.LEVEL_NODE] is set.

    In the future it may grow parameters to just lock some instance's nodes, or
    to just lock primaries or secondary nodes, if needed.

371
    If should be called in DeclareLocks in a way similar to::
372

373
374
      if level == locking.LEVEL_NODE:
        self._LockInstancesNodes()
375

376
377
378
    @type primary_only: boolean
    @param primary_only: only lock primary nodes of locked instances

379
380
381
382
383
384
385
386
387
388
    """
    assert locking.LEVEL_NODE in self.recalculate_locks, \
      "_LockInstancesNodes helper function called with no nodes to recalculate"

    # TODO: check if we're really been called with the instance locks held

    # For now we'll replace self.needed_locks[locking.LEVEL_NODE], but in the
    # future we might want to have different behaviors depending on the value
    # of self.recalculate_locks[locking.LEVEL_NODE]
    wanted_nodes = []
389
    for instance_name in self.glm.list_owned(locking.LEVEL_INSTANCE):
390
391
      instance = self.context.cfg.GetInstanceInfo(instance_name)
      wanted_nodes.append(instance.primary_node)
392
393
      if not primary_only:
        wanted_nodes.extend(instance.secondary_nodes)
394
395
396
397
398

    if self.recalculate_locks[locking.LEVEL_NODE] == constants.LOCKS_REPLACE:
      self.needed_locks[locking.LEVEL_NODE] = wanted_nodes
    elif self.recalculate_locks[locking.LEVEL_NODE] == constants.LOCKS_APPEND:
      self.needed_locks[locking.LEVEL_NODE].extend(wanted_nodes)
399
400
401

    del self.recalculate_locks[locking.LEVEL_NODE]

Iustin Pop's avatar
Iustin Pop committed
402

Iustin Pop's avatar
Iustin Pop committed
403
class NoHooksLU(LogicalUnit): # pylint: disable-msg=W0223
Iustin Pop's avatar
Iustin Pop committed
404
405
406
407
408
409
410
411
412
  """Simple LU which runs no hooks.

  This LU is intended as a parent for other LogicalUnits which will
  run no hooks, in order to reduce duplicate code.

  """
  HPATH = None
  HTYPE = None

413
414
415
416
417
418
  def BuildHooksEnv(self):
    """Empty BuildHooksEnv for NoHooksLu.

    This just raises an error.

    """
419
420
421
422
423
424
425
    raise AssertionError("BuildHooksEnv called for NoHooksLUs")

  def BuildHooksNodes(self):
    """Empty BuildHooksNodes for NoHooksLU.

    """
    raise AssertionError("BuildHooksNodes called for NoHooksLU")
426

Iustin Pop's avatar
Iustin Pop committed
427

428
429
430
431
432
433
434
435
436
437
438
439
class Tasklet:
  """Tasklet base class.

  Tasklets are subcomponents for LUs. LUs can consist entirely of tasklets or
  they can mix legacy code with tasklets. Locking needs to be done in the LU,
  tasklets know nothing about locks.

  Subclasses must follow these rules:
    - Implement CheckPrereq
    - Implement Exec

  """
440
441
442
443
444
445
446
  def __init__(self, lu):
    self.lu = lu

    # Shortcuts
    self.cfg = lu.cfg
    self.rpc = lu.rpc

447
448
449
450
451
452
453
454
455
456
457
458
459
460
  def CheckPrereq(self):
    """Check prerequisites for this tasklets.

    This method should check whether the prerequisites for the execution of
    this tasklet are fulfilled. It can do internode communication, but it
    should be idempotent - no cluster or system changes are allowed.

    The method should raise errors.OpPrereqError in case something is not
    fulfilled. Its return value is ignored.

    This method should also update all parameters to their canonical form if it
    hasn't been done before.

    """
461
    pass
462
463
464
465
466
467
468
469
470
471
472
473

  def Exec(self, feedback_fn):
    """Execute the tasklet.

    This method should implement the actual work. It should raise
    errors.OpExecError for failures that are somewhat dealt with in code, or
    expected.

    """
    raise NotImplementedError


474
475
476
477
478
479
480
class _QueryBase:
  """Base for query utility classes.

  """
  #: Attribute holding field definitions
  FIELDS = None

481
  def __init__(self, filter_, fields, use_locking):
482
483
484
485
486
    """Initializes this class.

    """
    self.use_locking = use_locking

487
488
    self.query = query.Query(self.FIELDS, fields, filter_=filter_,
                             namefield="name")
489
    self.requested_data = self.query.RequestedData()
490
    self.names = self.query.RequestedNames()
491

492
493
494
    # Sort only if no names were requested
    self.sort_by_name = not self.names

495
496
497
498
499
500
501
502
    self.do_locking = None
    self.wanted = None

  def _GetNames(self, lu, all_names, lock_level):
    """Helper function to determine names asked for in the query.

    """
    if self.do_locking:
503
      names = lu.glm.list_owned(lock_level)
504
505
506
507
508
509
510
511
512
513
    else:
      names = all_names

    if self.wanted == locking.ALL_SET:
      assert not self.names
      # caller didn't specify names, so ordering is not important
      return utils.NiceSort(names)

    # caller specified names and we must keep the same order
    assert self.names
514
    assert not self.do_locking or lu.glm.is_owned(lock_level)
515
516
517
518
519
520
521
522
523

    missing = set(self.wanted).difference(names)
    if missing:
      raise errors.OpExecError("Some items were removed before retrieving"
                               " their data: %s" % missing)

    # Return expanded names
    return self.wanted

524
525
526
527
528
529
530
531
  def ExpandNames(self, lu):
    """Expand names for this query.

    See L{LogicalUnit.ExpandNames}.

    """
    raise NotImplementedError()

532
  def DeclareLocks(self, lu, level):
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
    """Declare locks for this query.

    See L{LogicalUnit.DeclareLocks}.

    """
    raise NotImplementedError()

  def _GetQueryData(self, lu):
    """Collects all data for this query.

    @return: Query data object

    """
    raise NotImplementedError()

  def NewStyleQuery(self, lu):
    """Collect data and execute query.

    """
552
553
    return query.GetQueryResponse(self.query, self._GetQueryData(lu),
                                  sort_by_name=self.sort_by_name)
554
555
556
557
558

  def OldStyleQuery(self, lu):
    """Collect data and execute query.

    """
559
560
    return self.query.OldStyleQuery(self._GetQueryData(lu),
                                    sort_by_name=self.sort_by_name)
561
562


563
def _GetWantedNodes(lu, nodes):
564
  """Returns list of checked and expanded node names.
565

566
567
568
569
570
571
  @type lu: L{LogicalUnit}
  @param lu: the logical unit on whose behalf we execute
  @type nodes: list
  @param nodes: list of node names or None for all nodes
  @rtype: list
  @return: the list of nodes, sorted
Iustin Pop's avatar
Iustin Pop committed
572
  @raise errors.ProgrammerError: if the nodes parameter is wrong type
573
574

  """
575
576
  if nodes:
    return [_ExpandNodeName(lu.cfg, name) for name in nodes]
577

578
  return utils.NiceSort(lu.cfg.GetNodeList())
579
580
581


def _GetWantedInstances(lu, instances):
582
  """Returns list of checked and expanded instance names.
583

584
585
586
587
588
589
590
591
  @type lu: L{LogicalUnit}
  @param lu: the logical unit on whose behalf we execute
  @type instances: list
  @param instances: list of instance names or None for all instances
  @rtype: list
  @return: the list of instances, sorted
  @raise errors.OpPrereqError: if the instances parameter is wrong type
  @raise errors.OpPrereqError: if any of the passed instances is not found
592
593
594

  """
  if instances:
595
    wanted = [_ExpandInstanceName(lu.cfg, name) for name in instances]
596
  else:
597
598
    wanted = utils.NiceSort(lu.cfg.GetInstanceList())
  return wanted
599
600


601
602
def _GetUpdatedParams(old_params, update_dict,
                      use_default=True, use_none=False):
603
604
605
606
607
608
609
610
  """Return the new version of a parameter dictionary.

  @type old_params: dict
  @param old_params: old parameters
  @type update_dict: dict
  @param update_dict: dict containing new parameter values, or
      constants.VALUE_DEFAULT to reset the parameter to its default
      value
611
612
613
614
615
616
  @param use_default: boolean
  @type use_default: whether to recognise L{constants.VALUE_DEFAULT}
      values as 'to be deleted' values
  @param use_none: boolean
  @type use_none: whether to recognise C{None} values as 'to be
      deleted' values
617
618
619
620
621
622
  @rtype: dict
  @return: the new parameter dictionary

  """
  params_copy = copy.deepcopy(old_params)
  for key, val in update_dict.iteritems():
623
624
    if ((use_default and val == constants.VALUE_DEFAULT) or
        (use_none and val is None)):
625
626
627
628
629
630
631
632
633
      try:
        del params_copy[key]
      except KeyError:
        pass
    else:
      params_copy[key] = val
  return params_copy


634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
def _ReleaseLocks(lu, level, names=None, keep=None):
  """Releases locks owned by an LU.

  @type lu: L{LogicalUnit}
  @param level: Lock level
  @type names: list or None
  @param names: Names of locks to release
  @type keep: list or None
  @param keep: Names of locks to retain

  """
  assert not (keep is not None and names is not None), \
         "Only one of the 'names' and the 'keep' parameters can be given"

  if names is not None:
    should_release = names.__contains__
  elif keep:
    should_release = lambda name: name not in keep
  else:
    should_release = None

  if should_release:
    retain = []
    release = []

    # Determine which locks to release
660
    for name in lu.glm.list_owned(level):
661
662
663
664
665
      if should_release(name):
        release.append(name)
      else:
        retain.append(name)

666
    assert len(lu.glm.list_owned(level)) == (len(retain) + len(release))
667
668

    # Release just some locks
669
    lu.glm.release(level, names=release)
670

671
    assert frozenset(lu.glm.list_owned(level)) == frozenset(retain)
672
673
  else:
    # Release everything
674
    lu.glm.release(level)
675

676
    assert not lu.glm.is_owned(level), "No locks should be owned"
677
678


679
680
681
682
683
684
685
686
687
688
689
690
def _RunPostHook(lu, node_name):
  """Runs the post-hook for an opcode on a single node.

  """
  hm = lu.proc.hmclass(lu.rpc.call_hooks_runner, lu)
  try:
    hm.RunPhase(constants.HOOKS_PHASE_POST, nodes=[node_name])
  except:
    # pylint: disable-msg=W0702
    lu.LogWarning("Errors occurred running hooks on %s" % node_name)


691
def _CheckOutputFields(static, dynamic, selected):
692
693
  """Checks whether all selected fields are valid.

Iustin Pop's avatar
Iustin Pop committed
694
  @type static: L{utils.FieldSet}
Iustin Pop's avatar
Iustin Pop committed
695
  @param static: static fields set
Iustin Pop's avatar
Iustin Pop committed
696
  @type dynamic: L{utils.FieldSet}
Iustin Pop's avatar
Iustin Pop committed
697
  @param dynamic: dynamic fields set
698
699

  """
Iustin Pop's avatar
Iustin Pop committed
700
  f = utils.FieldSet()
Iustin Pop's avatar
Iustin Pop committed
701
702
  f.Extend(static)
  f.Extend(dynamic)
703

Iustin Pop's avatar
Iustin Pop committed
704
705
  delta = f.NonMatching(selected)
  if delta:
706
    raise errors.OpPrereqError("Unknown output fields selected: %s"
707
                               % ",".join(delta), errors.ECODE_INVAL)
708
709


710
711
712
713
714
715
716
717
718
719
720
def _CheckGlobalHvParams(params):
  """Validates that given hypervisor params are not global ones.

  This will ensure that instances don't get customised versions of
  global params.

  """
  used_globals = constants.HVC_GLOBALS.intersection(params)
  if used_globals:
    msg = ("The following hypervisor parameters are global and cannot"
           " be customized at instance level, please modify them at"
721
           " cluster level: %s" % utils.CommaJoin(used_globals))
722
723
724
    raise errors.OpPrereqError(msg, errors.ECODE_INVAL)


725
def _CheckNodeOnline(lu, node, msg=None):
726
727
728
729
  """Ensure that a given node is online.

  @param lu: the LU on behalf of which we make the check
  @param node: the node to check
730
  @param msg: if passed, should be a message to replace the default one
731
  @raise errors.OpPrereqError: if the node is offline
732
733

  """
734
735
  if msg is None:
    msg = "Can't use offline node"
736
  if lu.cfg.GetNodeInfo(node).offline:
737
    raise errors.OpPrereqError("%s: %s" % (msg, node), errors.ECODE_STATE)
738
739


740
741
742
743
744
745
746
747
748
def _CheckNodeNotDrained(lu, node):
  """Ensure that a given node is not drained.

  @param lu: the LU on behalf of which we make the check
  @param node: the node to check
  @raise errors.OpPrereqError: if the node is drained

  """
  if lu.cfg.GetNodeInfo(node).drained:
749
    raise errors.OpPrereqError("Can't use drained node %s" % node,
750
751
752
753
754
755
756
757
758
759
760
761
762
763
                               errors.ECODE_STATE)


def _CheckNodeVmCapable(lu, node):
  """Ensure that a given node is vm capable.

  @param lu: the LU on behalf of which we make the check
  @param node: the node to check
  @raise errors.OpPrereqError: if the node is not vm capable

  """
  if not lu.cfg.GetNodeInfo(node).vm_capable:
    raise errors.OpPrereqError("Can't use non-vm_capable node %s" % node,
                               errors.ECODE_STATE)
764
765


Iustin Pop's avatar
Iustin Pop committed
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
def _CheckNodeHasOS(lu, node, os_name, force_variant):
  """Ensure that a node supports a given OS.

  @param lu: the LU on behalf of which we make the check
  @param node: the node to check
  @param os_name: the OS to query about
  @param force_variant: whether to ignore variant errors
  @raise errors.OpPrereqError: if the node is not supporting the OS

  """
  result = lu.rpc.call_os_get(node, os_name)
  result.Raise("OS '%s' not in supported OS list for node %s" %
               (os_name, node),
               prereq=True, ecode=errors.ECODE_INVAL)
  if not force_variant:
    _CheckOSVariant(result.payload, os_name)


784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
def _CheckNodeHasSecondaryIP(lu, node, secondary_ip, prereq):
  """Ensure that a node has the given secondary ip.

  @type lu: L{LogicalUnit}
  @param lu: the LU on behalf of which we make the check
  @type node: string
  @param node: the node to check
  @type secondary_ip: string
  @param secondary_ip: the ip to check
  @type prereq: boolean
  @param prereq: whether to throw a prerequisite or an execute error
  @raise errors.OpPrereqError: if the node doesn't have the ip, and prereq=True
  @raise errors.OpExecError: if the node doesn't have the ip, and prereq=False

  """
  result = lu.rpc.call_node_has_ip_address(node, secondary_ip)
  result.Raise("Failure checking secondary ip on node %s" % node,
               prereq=prereq, ecode=errors.ECODE_ENVIRON)
  if not result.payload:
    msg = ("Node claims it doesn't have the secondary ip you gave (%s),"
           " please fix and re-run this command" % secondary_ip)
    if prereq:
      raise errors.OpPrereqError(msg, errors.ECODE_ENVIRON)
    else:
      raise errors.OpExecError(msg)


811
812
813
814
815
816
817
def _GetClusterDomainSecret():
  """Reads the cluster domain secret.

  """
  return utils.ReadOneLineFile(constants.CLUSTER_DOMAIN_SECRET_FILE,
                               strict=True)

818

819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
def _CheckInstanceDown(lu, instance, reason):
  """Ensure that an instance is not running."""
  if instance.admin_up:
    raise errors.OpPrereqError("Instance %s is marked to be up, %s" %
                               (instance.name, reason), errors.ECODE_STATE)

  pnode = instance.primary_node
  ins_l = lu.rpc.call_instance_list([pnode], [instance.hypervisor])[pnode]
  ins_l.Raise("Can't contact node %s for instance information" % pnode,
              prereq=True, ecode=errors.ECODE_ENVIRON)

  if instance.name in ins_l.payload:
    raise errors.OpPrereqError("Instance %s is running, %s" %
                               (instance.name, reason), errors.ECODE_STATE)


835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
def _ExpandItemName(fn, name, kind):
  """Expand an item name.

  @param fn: the function to use for expansion
  @param name: requested item name
  @param kind: text description ('Node' or 'Instance')
  @return: the resolved (full) name
  @raise errors.OpPrereqError: if the item is not found

  """
  full_name = fn(name)
  if full_name is None:
    raise errors.OpPrereqError("%s '%s' not known" % (kind, name),
                               errors.ECODE_NOENT)
  return full_name


def _ExpandNodeName(cfg, name):
  """Wrapper over L{_ExpandItemName} for nodes."""
  return _ExpandItemName(cfg.ExpandNodeName, name, "Node")


def _ExpandInstanceName(cfg, name):
  """Wrapper over L{_ExpandItemName} for instance."""
  return _ExpandItemName(cfg.ExpandInstanceName, name, "Instance")


862
def _BuildInstanceHookEnv(name, primary_node, secondary_nodes, os_type, status,
863
                          memory, vcpus, nics, disk_template, disks,
864
                          bep, hvp, hypervisor_name, tags):
865
866
867
868
869
870
871
872
873
874
875
876
  """Builds instance related env variables for hooks

  This builds the hook environment from individual variables.

  @type name: string
  @param name: the name of the instance
  @type primary_node: string
  @param primary_node: the name of the instance's primary node
  @type secondary_nodes: list
  @param secondary_nodes: list of secondary nodes as strings
  @type os_type: string
  @param os_type: the name of the instance's OS
877
878
  @type status: boolean
  @param status: the should_run status of the instance
879
880
881
882
883
  @type memory: string
  @param memory: the memory size of the instance
  @type vcpus: string
  @param vcpus: the count of VCPUs the instance has
  @type nics: list
884
885
  @param nics: list of tuples (ip, mac, mode, link) representing
      the NICs the instance has
Iustin Pop's avatar
Iustin Pop committed
886
  @type disk_template: string
Michael Hanselmann's avatar
Michael Hanselmann committed
887
  @param disk_template: the disk template of the instance
Iustin Pop's avatar
Iustin Pop committed
888
889
  @type disks: list
  @param disks: the list of (size, mode) pairs
890
891
892
893
  @type bep: dict
  @param bep: the backend parameters for the instance
  @type hvp: dict
  @param hvp: the hypervisor parameters for the instance
Michael Hanselmann's avatar
Michael Hanselmann committed
894
895
  @type hypervisor_name: string
  @param hypervisor_name: the hypervisor for the instance
896
897
  @type tags: list
  @param tags: list of instance tags as strings
898
899
  @rtype: dict
  @return: the hook environment for this instance
900

901
  """
902
903
904
905
  if status:
    str_status = "up"
  else:
    str_status = "down"
906
  env = {
907
    "OP_TARGET": name,
908
909
910
    "INSTANCE_NAME": name,
    "INSTANCE_PRIMARY": primary_node,
    "INSTANCE_SECONDARIES": " ".join(secondary_nodes),
911
    "INSTANCE_OS_TYPE": os_type,
912
    "INSTANCE_STATUS": str_status,
913
914
    "INSTANCE_MEMORY": memory,
    "INSTANCE_VCPUS": vcpus,
Iustin Pop's avatar
Iustin Pop committed
915
    "INSTANCE_DISK_TEMPLATE": disk_template,
Michael Hanselmann's avatar
Michael Hanselmann committed
916
    "INSTANCE_HYPERVISOR": hypervisor_name,
917
918
919
920
  }

  if nics:
    nic_count = len(nics)
921
    for idx, (ip, mac, mode, link) in enumerate(nics):
922
923
924
      if ip is None:
        ip = ""
      env["INSTANCE_NIC%d_IP" % idx] = ip
Iustin Pop's avatar
Iustin Pop committed
925
      env["INSTANCE_NIC%d_MAC" % idx] = mac
926
927
928
929
      env["INSTANCE_NIC%d_MODE" % idx] = mode
      env["INSTANCE_NIC%d_LINK" % idx] = link
      if mode == constants.NIC_MODE_BRIDGED:
        env["INSTANCE_NIC%d_BRIDGE" % idx] = link
930
931
932
933
934
  else:
    nic_count = 0

  env["INSTANCE_NIC_COUNT"] = nic_count

Iustin Pop's avatar
Iustin Pop committed
935
936
937
938
939
940
941
942
943
944
  if disks:
    disk_count = len(disks)
    for idx, (size, mode) in enumerate(disks):
      env["INSTANCE_DISK%d_SIZE" % idx] = size
      env["INSTANCE_DISK%d_MODE" % idx] = mode
  else:
    disk_count = 0

  env["INSTANCE_DISK_COUNT"] = disk_count

945
946
947
948
949
  if not tags:
    tags = []

  env["INSTANCE_TAGS"] = " ".join(tags)

950
951
952
953
  for source, kind in [(bep, "BE"), (hvp, "HV")]:
    for key, value in source.items():
      env["INSTANCE_%s_%s" % (kind, key)] = value

954
955
  return env

956

957
def _NICListToTuple(lu, nics):
958
959
  """Build a list of nic information tuples.

960
  This list is suitable to be passed to _BuildInstanceHookEnv or as a return
961
  value in LUInstanceQueryData.
962
963
964
965
966
967
968
969

  @type lu:  L{LogicalUnit}
  @param lu: the logical unit on whose behalf we execute
  @type nics: list of L{objects.NIC}
  @param nics: list of nics to convert to hooks tuples

  """
  hooks_nics = []
970
  cluster = lu.cfg.GetClusterInfo()
971
972
973
  for nic in nics:
    ip = nic.ip
    mac = nic.mac
974
    filled_params = cluster.SimpleFillNIC(nic.nicparams)
975
976
977
978
    mode = filled_params[constants.NIC_MODE]
    link = filled_params[constants.NIC_LINK]
    hooks_nics.append((ip, mac, mode, link))
  return hooks_nics
979

980

Iustin Pop's avatar
Iustin Pop committed
981
def _BuildInstanceHookEnvByObject(lu, instance, override=None):
982
983
  """Builds instance related env variables for hooks from an object.

984
985
986
987
988
989
990
991
992
993
994
  @type lu: L{LogicalUnit}
  @param lu: the logical unit on whose behalf we execute
  @type instance: L{objects.Instance}
  @param instance: the instance for which we should build the
      environment
  @type override: dict
  @param override: dictionary with key/values that will override
      our values
  @rtype: dict
  @return: the hook environment dictionary

995
  """
996
997
998
  cluster = lu.cfg.GetClusterInfo()
  bep = cluster.FillBE(instance)
  hvp = cluster.FillHV(instance)
999
1000
1001
1002
  args = {
    'name': instance.name,
    'primary_node': instance.primary_node,
    'secondary_nodes': instance.secondary_nodes,
1003
    'os_type': instance.os,
1004
    'status': instance.admin_up,
Iustin Pop's avatar
Iustin Pop committed
1005
1006
    'memory': bep[constants.BE_MEMORY],
    'vcpus': bep[constants.BE_VCPUS],
1007
    'nics': _NICListToTuple(lu, instance.nics),
Iustin Pop's avatar
Iustin Pop committed
1008
1009
    'disk_template': instance.disk_template,
    'disks': [(disk.size, disk.mode) for disk in instance.disks],
1010
1011
    'bep': bep,
    'hvp': hvp,
1012
    'hypervisor_name': instance.hypervisor,
1013
    'tags': instance.tags,
1014
1015
1016
  }
  if override:
    args.update(override)
Iustin Pop's avatar
Iustin Pop committed
1017
  return _BuildInstanceHookEnv(**args) # pylint: disable-msg=W0142
1018
1019


Guido Trotter's avatar
Guido Trotter committed
1020
def _AdjustCandidatePool(lu, exceptions):
1021
1022
1023
  """Adjust the candidate pool after node operations.

  """
Guido Trotter's avatar
Guido Trotter committed
1024
  mod_list = lu.cfg.MaintainCandidatePool(exceptions)
1025
1026
  if mod_list:
    lu.LogInfo("Promoted nodes to master candidate role: %s",
1027
               utils.CommaJoin(node.name for node in mod_list))
1028
1029
    for name in mod_list:
      lu.context.ReaddNode(name)
Guido Trotter's avatar
Guido Trotter committed
1030
  mc_now, mc_max, _ = lu.cfg.GetMasterCandidateStats(exceptions)
1031
1032
1033
1034
1035
  if mc_now > mc_max:
    lu.LogInfo("Note: more nodes are candidates (%d) than desired (%d)" %
               (mc_now, mc_max))


1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
def _DecideSelfPromotion(lu, exceptions=None):
  """Decide whether I should promote myself as a master candidate.

  """
  cp_size = lu.cfg.GetClusterInfo().candidate_pool_size
  mc_now, mc_should, _ = lu.cfg.GetMasterCandidateStats(exceptions)
  # the new node will increase mc_max with one, so:
  mc_should = min(mc_should + 1, cp_size)
  return mc_now < mc_should


1047
def _CheckNicsBridgesExist(lu, target_nics, target_node):
1048
1049
1050
  """Check that the brigdes needed by a list of nics exist.

  """
1051
1052
  cluster = lu.cfg.GetClusterInfo()
  paramslist = [cluster.SimpleFillNIC(nic.nicparams) for nic in target_nics]
1053
1054
1055
1056
  brlist = [params[constants.NIC_LINK] for params in paramslist
            if params[constants.NIC_MODE] == constants.NIC_MODE_BRIDGED]
  if brlist:
    result = lu.rpc.call_bridges_exist(target_node, brlist)
1057
    result.Raise("Error checking bridges on destination node '%s'" %
1058
                 target_node, prereq=True, ecode=errors.ECODE_ENVIRON)
1059
1060
1061


def _CheckInstanceBridgesExist(lu, instance, node=None):
1062
1063
1064
  """Check that the brigdes needed by an instance exist.

  """
1065
  if node is None:
Iustin Pop's avatar
Iustin Pop committed
1066
    node = instance.primary_node
1067
  _CheckNicsBridgesExist(lu, instance.nics, node)
1068
1069


Iustin Pop's avatar
Iustin Pop committed
1070
def _CheckOSVariant(os_obj, name):
Guido Trotter's avatar
Guido Trotter committed
1071
1072
  """Check whether an OS name conforms to the os variants specification.

Iustin Pop's avatar
Iustin Pop committed
1073
1074
  @type os_obj: L{objects.OS}
  @param os_obj: OS object to check
Guido Trotter's avatar
Guido Trotter committed
1075
1076
1077
1078
  @type name: string
  @param name: OS name passed by the user, to check for validity

  """
Iustin Pop's avatar
Iustin Pop committed
1079
  if not os_obj.supported_variants:
Guido Trotter's avatar
Guido Trotter committed
1080
    return
1081
1082
  variant = objects.OS.GetVariant(name)
  if not variant:
1083
1084
    raise errors.OpPrereqError("OS name must include a variant",
                               errors.ECODE_INVAL)
Guido Trotter's avatar
Guido Trotter committed
1085

Iustin Pop's avatar
Iustin Pop committed
1086
  if variant not in os_obj.supported_variants:
1087
    raise errors.OpPrereqError("Unsupported OS variant", errors.ECODE_INVAL)
Guido Trotter's avatar
Guido Trotter committed
1088
1089


1090
1091
1092
1093
def _GetNodeInstancesInner(cfg, fn):
  return [i for i in cfg.GetAllInstancesInfo().values() if fn(i)]


1094
1095
1096
1097
1098
1099
1100
1101
def _GetNodeInstances(cfg, node_name):
  """Returns a list of all primary and secondary instances on a node.

  """

  return _GetNodeInstancesInner(cfg, lambda inst: node_name in inst.all_nodes)


1102
1103
1104
1105
def _GetNodePrimaryInstances(cfg, node_name):
  """Returns primary instances on a node.

  """
1106
1107
  return _GetNodeInstancesInner(cfg,
                                lambda inst: node_name == inst.primary_node)
1108
1109


1110
1111
1112
1113
def _GetNodeSecondaryInstances(cfg, node_name):
  """Returns secondary instances on a node.

  """
1114
1115
  return _GetNodeInstancesInner(cfg,
                                lambda inst: node_name in inst.secondary_nodes)
1116
1117


1118
1119
1120
1121
1122
1123
def _GetStorageTypeArgs(cfg, storage_type):
  """Returns the arguments for a storage type.

  """
  # Special case for file storage
  if storage_type == constants.ST_FILE:
1124
    # storage.FileStorage wants a list of storage directories
1125
    return [[cfg.GetFileStorageDir(), cfg.GetSharedFileStorageDir()]]
1126
1127
1128
1129

  return []


1130
1131
1132
1133
1134
1135
1136
1137
def _FindFaultyInstanceDisks(cfg, rpc, instance, node_name, prereq):
  faulty = []

  for dev in instance.disks:
    cfg.SetDiskID(dev, node_name)

  result = rpc.call_blockdev_getmirrorstatus(node_name, instance.disks)
  result.Raise("Failed to get disk status from node %s" % node_name,
1138
               prereq=prereq, ecode=errors.ECODE_ENVIRON)
1139
1140
1141
1142
1143
1144
1145
1146

  for idx, bdev_status in enumerate(result.payload):
    if bdev_status and bdev_status.ldisk_status == constants.LDS_FAULTY:
      faulty.append(idx)

  return faulty


1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
def _CheckIAllocatorOrNode(lu, iallocator_slot, node_slot):
  """Check the sanity of iallocator and node arguments and use the
  cluster-wide iallocator if appropriate.

  Check that at most one of (iallocator, node) is specified. If none is
  specified, then the LU's opcode's iallocator slot is filled with the
  cluster-wide default iallocator.

  @type iallocator_slot: string
  @param iallocator_slot: the name of the opcode iallocator slot
  @type node_slot: string
  @param node_slot: the name of the opcode target node slot

  """
  node = getattr(lu.op, node_slot, None)
  iallocator = getattr(lu.op, iallocator_slot, None)

  if node is not None and iallocator is not None:
1165
    raise errors.OpPrereqError("Do not specify both, iallocator and node",
1166
1167
1168
1169
1170
1171
1172
                               errors.ECODE_INVAL)
  elif node is None and iallocator is None:
    default_iallocator = lu.cfg.GetDefaultIAllocator()
    if default_iallocator:
      setattr(lu.op, iallocator_slot, default_iallocator)
    else:
      raise errors.OpPrereqError("No iallocator or node given and no"
1173
1174
                                 " cluster-wide default iallocator found;"
                                 " please specify either an iallocator or a"
1175
                                 " node, or set a cluster-wide default"
1176
                                 " iallocator")
1177
1178


1179
class LUClusterPostInit(LogicalUnit):
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
  """Logical unit for running hooks after cluster initialization.

  """
  HPATH = "cluster-init"
  HTYPE = constants.HTYPE_CLUSTER

  def BuildHooksEnv(self):
    """Build hooks env.

    """
1190
1191
1192
1193
1194
1195
1196
1197
1198
    return {
      "OP_TARGET": self.cfg.GetClusterName(),
      }

  def BuildHooksNodes(self):
    """Build hooks nodes.

    """
    return ([], [self.cfg.GetMasterNode()])
1199
1200
1201
1202
1203
1204
1205
1206

  def Exec(self, feedback_fn):
    """Nothing to do.

    """
    return True


1207
class LUClusterDestroy(LogicalUnit):
Iustin Pop's avatar
Iustin Pop committed
1208
1209
1210
  """Logical unit for destroying the cluster.

  """
1211
1212
  HPATH = "cluster-destroy"
  HTYPE = constants.HTYPE_CLUSTER
Iustin Pop's avatar
Iustin Pop committed
1213

1214
1215
1216
1217
  def BuildHooksEnv(self):
    """Build hooks env.

    """
1218
1219
1220
1221
1222
1223
1224
1225
1226
    return {
      "OP_TARGET": self.cfg.GetClusterName(),
      }

  def BuildHooksNodes(self):
    """Build hooks nodes.

    """
    return ([], [])
1227

Iustin Pop's avatar
Iustin Pop committed
1228
1229
1230
1231
1232
  def CheckPrereq(self):
    """Check prerequisites.

    This checks whether the cluster is empty.

Michael Hanselmann's avatar
Michael Hanselmann committed
1233
    Any errors are signaled by raising errors.OpPrereqError.
Iustin Pop's avatar
Iustin Pop committed
1234
1235

    """
Michael Hanselmann's avatar
Michael Hanselmann committed
1236
    master = self.cfg.GetMasterNode()
Iustin Pop's avatar
Iustin Pop committed
1237
1238

    nodelist = self.cfg.GetNodeList()
1239
    if len(nodelist) != 1 or nodelist[0] != master:
1240
      raise errors.OpPrereqError("There are still %d node(s) in"
1241
1242
                                 " this cluster." % (len(nodelist) - 1),
                                 errors.ECODE_INVAL)
1243
1244
    instancelist = self.cfg.GetInstanceList()
    if instancelist:
1245
      raise errors.OpPrereqError("There are still %d instance(s) in"
1246
1247
                                 " this cluster." % len(instancelist),
                                 errors.ECODE_INVAL)
Iustin Pop's avatar
Iustin Pop committed
1248
1249
1250
1251
1252

  def Exec(self, feedback_fn):
    """Destroys the cluster.

    """
Michael Hanselmann's avatar
Michael Hanselmann committed
1253
    master = self.cfg.GetMasterNode()
Luca Bigliardi's avatar
Luca Bigliardi committed
1254
1255

    # Run post hooks on master node before it's removed
1256
    _RunPostHook(self, master)
Luca Bigliardi's avatar
Luca Bigliardi committed
1257

1258
    result = self.rpc.call_node_stop_master(master, False)
1259
    result.Raise("Could not disable the master role")
1260

Iustin Pop's avatar
Iustin Pop committed
1261
    return master
Iustin Pop's avatar
Iustin Pop committed
1262
1263


1264
def _VerifyCertificate(filename):
1265
  """Verifies a certificate for LUClusterVerifyConfig.
1266
1267
1268
1269
1270
1271
1272
1273
1274

  @type filename: string
  @param filename: Path to PEM file

  """
  try:
    cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                           utils.ReadFile(filename))
  except Exception, err: # pylint: disable-msg=W0703
1275
    return (LUClusterVerifyConfig.ETYPE_ERROR,
1276
1277
            "Failed to load X509 certificate %s: %s" % (filename, err))

1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
  (errcode, msg) = \
    utils.VerifyX509Certificate(cert, constants.SSL_CERT_EXPIRATION_WARN,
                                constants.SSL_CERT_EXPIRATION_ERROR)

  if msg:
    fnamemsg = "While verifying %s: %s" % (filename, msg)
  else:
    fnamemsg = None

  if errcode is None:
    return (None, fnamemsg)
  elif errcode == utils.CERT_WARNING:
1290
    return (LUClusterVerifyConfig.ETYPE_WARNING, fnamemsg)
1291
  elif errcode == utils.CERT_ERROR:
1292
    return (LUClusterVerifyConfig.ETYPE_ERROR, fnamemsg)
1293

1294
  raise errors.ProgrammerError("Unhandled certificate error code %r" % errcode)
1295
1296


1297
1298
1299
1300
1301
1302
1303
1304