Commit 073864cb authored by Klaus Aehlig's avatar Klaus Aehlig

Merge branch 'stable-2.11' into stable-2.12

* stable-2.11
  Update configure file to version 2.11.7
  Update NEWS file for 2.11.7 release
  Add logging to RenewCrypto
  Fix format string for gnt-network info
  Replace textwrapper.wrap by a custom version for networks
  Add SSL improvements to NEWS file

* stable-2.10
  Update tag limitations
  Fix typos in doc/design-storagetypes.rst
  Make getFQDN prefer cluster protocol family
  Add version of getFQDN accepting preferences
  Make getFQDN honor vcluster

Conflicts:
	NEWS: take all release entries
	configure.ac: ignore revision bump
	lib/cmdlib/cluster.py: manually apply 2.11 changes to 2.12
	src/Ganeti/Daemon.hs: trivial
Signed-off-by: default avatarKlaus Aehlig <aehlig@google.com>
Reviewed-by: default avatarPetr Pudlak <pudlak@google.com>
parents 20d94d3b 94d7ecdd
......@@ -246,6 +246,17 @@ This was the first beta release of the 2.12 series. All important changes
are listed in the latest 2.12 entry.
Version 2.11.7
--------------
*(Released Fri, 17 Apr 2015)*
- The operation 'gnt-cluster renew-crypto --new-node-certificates' is
now more robust against intermitten reachability errors. Nodes that
are temporarily not reachable, are contacted with several retries.
Nodes which are marked as offline are omitted right away.
Version 2.11.6
--------------
......
......@@ -1555,7 +1555,7 @@ Limitations
Note that the set of characters present in a tag and the maximum tag
length are restricted. Currently the maximum length is 128 characters,
there can be at most 4096 tags per object, and the set of characters is
comprised by alphanumeric characters and additionally ``.+*/:@-``.
comprised by alphanumeric characters and additionally ``.+*/:@-_``.
Operations
++++++++++
......
......@@ -9,7 +9,7 @@ Background
Currently, there is no consistent management of different variants of storage
in Ganeti. One direct consequence is that storage space reporting is currently
broken for all storage that is not based on lvm technolgy. This design looks at
broken for all storage that is not based on lvm technology. This design looks at
the root causes and proposes a way to fix it.
Proposed changes
......@@ -233,7 +233,7 @@ displayed in ``gnt-node list-storage``. This will also adapt to the
extended storage reporting capabilities. The user can specify a storage
type using ``--storage-type``. If he requests storage information about
a storage type which does not support space reporting, a warning is
emitted. If no storage type is specified explicitely, ``gnt-node
emitted. If no storage type is specified explicitly, ``gnt-node
list-storage`` will try to report storage on the storage type of the
default disk template. If the default disk template's storage type does
not support space reporting, an error message is emitted.
......
......@@ -241,9 +241,11 @@ def ShowNetworkConfig(_, args):
ToStdout(" Free: %d (%.2f%%)", free_count,
100 * float(free_count) / float(size))
ToStdout(" Usage map:")
lenmapping = len(mapping)
idx = 0
for line in textwrap.wrap(mapping, width=64):
ToStdout(" %s %s %d", str(idx).rjust(3), line.ljust(64), idx + 63)
while idx < lenmapping:
line = mapping[idx: idx + 64]
ToStdout(" %s %s %d", str(idx).rjust(4), line.ljust(64), idx + 63)
idx += 64
ToStdout(" (X) used (.) free")
......
......@@ -114,21 +114,34 @@ class LUClusterRenewCrypto(NoHooksLU):
def Exec(self, feedback_fn):
master_uuid = self.cfg.GetMasterNode()
cluster = self.cfg.GetClusterInfo()
logging.debug("Renewing the master's SSL node certificate."
" Master's UUID: %s.", master_uuid)
server_digest = utils.GetCertificateDigest(
cert_filename=pathutils.NODED_CERT_FILE)
logging.debug("SSL digest of the node certificate: %s.", server_digest)
self.cfg.AddNodeToCandidateCerts("%s-SERVER" % master_uuid,
server_digest)
logging.debug("Added master's digest as *-SERVER entry to configuration."
" Current list of candidate certificates: %s.",
str(cluster.candidate_certs))
try:
old_master_digest = utils.GetCertificateDigest(
cert_filename=pathutils.NODED_CLIENT_CERT_FILE)
logging.debug("SSL digest of old master's SSL node certificate: %s.",
old_master_digest)
self.cfg.AddNodeToCandidateCerts("%s-OLDMASTER" % master_uuid,
old_master_digest)
logging.debug("Added old master's node certificate digest to config"
" as *-OLDMASTER. Current list of candidate certificates:"
" %s.", str(cluster.candidate_certs))
except IOError:
logging.info("No old certificate available.")
logging.info("No old master certificate available.")
last_exception = None
for _ in range(self._MAX_NUM_RETRIES):
for i in range(self._MAX_NUM_RETRIES):
try:
# Technically it should not be necessary to set the cert
# paths. However, due to a bug in the mock library, we
......@@ -137,39 +150,58 @@ class LUClusterRenewCrypto(NoHooksLU):
self, self.cfg, master_uuid,
client_cert=pathutils.NODED_CLIENT_CERT_FILE,
client_cert_tmp=pathutils.NODED_CLIENT_CERT_FILE_TMP)
logging.debug("Successfully renewed the master's node certificate.")
break
except errors.OpExecError as e:
logging.error("Renewing the master's SSL node certificate failed"
" at attempt no. %s with error '%s'", str(i), e)
last_exception = e
else:
if last_exception:
feedback_fn("Could not renew the master's client SSL certificate."
" Cleaning up. Error: %s." % last_exception)
" Cleaning up. Error: %s." % last_exception)
# Cleaning up temporary certificates
self.cfg.RemoveNodeFromCandidateCerts("%s-SERVER" % master_uuid)
self.cfg.RemoveNodeFromCandidateCerts("%s-OLDMASTER" % master_uuid)
logging.debug("Cleaned up *-SERVER and *-OLDMASTER certificate from"
" master candidate cert list. Current state of the"
" list: %s.", str(cluster.candidate_certs))
try:
utils.RemoveFile(pathutils.NODED_CLIENT_CERT_FILE_TMP)
except IOError:
pass
except IOError as e:
logging.debug("Could not clean up temporary node certificate of the"
" master node. (Possibly because it was already removed"
" properly.) Error: %s.", e)
return
node_errors = {}
nodes = self.cfg.GetAllNodesInfo()
logging.debug("Renewing non-master nodes' node certificates.")
for (node_uuid, node_info) in nodes.items():
if node_info.offline:
feedback_fn("* Skipping offline node %s" % node_info.name)
logging.debug("Skipping offline node %s (UUID: %s).",
node_info.name, node_uuid)
continue
if node_uuid != master_uuid:
logging.debug("Renewing node certificate of node '%s'.", node_uuid)
last_exception = None
for _ in range(self._MAX_NUM_RETRIES):
for i in range(self._MAX_NUM_RETRIES):
try:
new_digest = CreateNewClientCert(self, node_uuid)
if node_info.master_candidate:
self.cfg.AddNodeToCandidateCerts(node_uuid,
new_digest)
logging.debug("Added the node's certificate to candidate"
" certificate list. Current list: %s.",
str(cluster.candidate_certs))
break
except errors.OpExecError as e:
last_exception = e
logging.error("Could not renew a non-master node's SSL node"
" certificate at attempt no. %s. The node's UUID"
" is %s, and the error was: %s.",
str(i), node_uuid, e)
else:
if last_exception:
node_errors[node_uuid] = last_exception
......@@ -184,6 +216,13 @@ class LUClusterRenewCrypto(NoHooksLU):
self.cfg.RemoveNodeFromCandidateCerts("%s-SERVER" % master_uuid)
self.cfg.RemoveNodeFromCandidateCerts("%s-OLDMASTER" % master_uuid)
logging.debug("Cleaned up *-SERVER and *-OLDMASTER certificate from"
" master candidate cert list. Current state of the"
" list: %s.", cluster.candidate_certs)
# Trigger another update of the config now with the new master cert
logging.debug("Trigger an update of the configuration on all nodes.")
self.cfg.Update(cluster, feedback_fn)
class LUClusterActivateMasterIp(NoHooksLU):
......
......@@ -340,10 +340,10 @@ vClusterHostNameEnvVar :: String
vClusterHostNameEnvVar = "GANETI_HOSTNAME"
-- | Get the real full qualified host name.
getFQDN' :: IO String
getFQDN' = do
getFQDN' :: Maybe Socket.AddrInfo -> IO String
getFQDN' hints = do
hostname <- getHostName
addrInfos <- Socket.getAddrInfo Nothing (Just hostname) Nothing
addrInfos <- Socket.getAddrInfo hints (Just hostname) Nothing
let address = listToMaybe addrInfos >>= (Just . Socket.addrAddress)
case address of
Just a -> do
......@@ -351,9 +351,10 @@ getFQDN' = do
return (fromMaybe hostname fqdn)
Nothing -> return hostname
-- | Return the full qualified host name, honoring the vcluster setup.
getFQDN :: IO String
getFQDN = do
-- | Return the full qualified host name, honoring the vcluster setup
-- and hints on the preferred socket type or protocol.
getFQDNwithHints :: Maybe Socket.AddrInfo -> IO String
getFQDNwithHints hints = do
let ioErrorToNothing :: IOError -> IO (Maybe String)
ioErrorToNothing _ = return Nothing
vcluster_node <- Control.Exception.catch
......@@ -361,7 +362,16 @@ getFQDN = do
ioErrorToNothing
case vcluster_node of
Just node_name -> return node_name
Nothing -> getFQDN'
Nothing -> getFQDN' hints
-- | Return the full qualified host name, honoring the vcluster setup.
getFQDN :: IO String
getFQDN = do
familyresult <- Ssconf.getPrimaryIPFamily Nothing
getFQDNwithHints
$ genericResult (const Nothing)
(\family -> Just $ Socket.defaultHints { Socket.addrFamily = family })
familyresult
-- | Returns if the current node is the master node.
isMaster :: IO Bool
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment