Merge branch 'stable-2.10' into stable-2.11

Conflicts: NEWS configure.ac Resolutions: NEWS: add NEWS entry for 2.10.7 configure.ac: keep 2.11.4 as version number Signed-off-by: Helga Velroyen <helgav@google.com> Reviewed-by: Guido Trotter <ultrotter@google.com>

Merge branch 'stable-2.10' into stable-2.11
Conflicts: NEWS configure.ac Resolutions: NEWS: add NEWS entry for 2.10.7 configure.ac: keep 2.11.4 as version number Signed-off-by: Helga Velroyen <helgav@google.com> Reviewed-by: Guido Trotter <ultrotter@google.com>
f5656cd7 · Helga Velroyen · 537126fc · e4b27f2d · f5656cd7 · f5656cd7
Commit f5656cd7 authored Aug 07, 2014 by Helga Velroyen
--- a/NEWS
+++ b/NEWS
@@ -284,6 +284,47 @@ This was the first beta release of the 2.11 series. All important changes
 are listed in the latest 2.11 entry.


+Version 2.10.7
+--------------
+
+*(Released Thu, 7 Aug 2014)*
+
+Important security release. In 2.10.0, the
+'gnt-cluster upgrade' command was introduced. Before
+performing an upgrade, the configuration directory of
+the cluster is backed up. Unfortunately, the archive was
+written with permissions that make it possible for
+non-privileged users to read the archive and thus have
+access to cluster and RAPI keys. After this release,
+the archive will be created with privileged access only.
+
+We strongly advise you to restrict the permissions of
+previously created archives. The archives are found in
+/var/lib/ganeti*.tar (unless otherwise configured with
+--localstatedir or --with-backup-dir).
+
+If you suspect that non-privileged users have accessed
+your archives already, we advise you to renew the
+cluster's crypto keys using 'gnt-cluster renew-crypto'
+and to reset the RAPI credentials by editing
+/var/lib/ganeti/rapi_users (respectively under a
+different path if configured differently with
+--localstatedir).
+
+Other changes included in this release:
+
+- Fix handling of Xen instance states.
+- Fix NIC configuration with absent NIC VLAN
+- Adapt relative path expansion in PATH to new environment
+- Exclude archived jobs from configuration backups
+- Fix RAPI for split query setup
+- Allow disk hot-remove even with chroot or SM
+
+Inherited from the 2.9 branch:
+
+- Make htools tolerate missing 'spfree' on luxi
+
+
 Version 2.10.6
 --------------


--- a/lib/client/gnt_cluster.py
+++ b/lib/client/gnt_cluster.py
@@ -30,6 +30,7 @@ from cStringIO import StringIO
 import os
 import time
 import OpenSSL
+import tempfile
 import itertools

 from ganeti.cli import *
@@ -1881,11 +1882,16 @@ def _UpgradeBeforeConfigurationChange(versionstring):
  ToStdout("Backing up configuration as %s" % backuptar)
  if not _RunCommandAndReport(["mkdir", "-p", pathutils.BACKUP_DIR]):
    return (False, rollback)
-  if not _RunCommandAndReport(["tar", "-cf", backuptar,
+
+  # Create the archive in a safe manner, as it contains sensitive
+  # information.
+  (_, tmp_name) = tempfile.mkstemp(prefix=backuptar, dir=pathutils.BACKUP_DIR)
+  if not _RunCommandAndReport(["tar", "-cf", tmp_name,
                               "--exclude=queue/archive",
                               pathutils.DATA_DIR]):
    return (False, rollback)

+  os.rename(tmp_name, backuptar)
  return (True, rollback)