Commit f5656cd7 authored by Helga Velroyen's avatar Helga Velroyen
Browse files

Merge branch 'stable-2.10' into stable-2.11


  NEWS: add NEWS entry for 2.10.7 keep 2.11.4 as version number
Signed-off-by: default avatarHelga Velroyen <>
Reviewed-by: default avatarGuido Trotter <>
parents 537126fc e4b27f2d
......@@ -284,6 +284,47 @@ This was the first beta release of the 2.11 series. All important changes
are listed in the latest 2.11 entry.
Version 2.10.7
*(Released Thu, 7 Aug 2014)*
Important security release. In 2.10.0, the
'gnt-cluster upgrade' command was introduced. Before
performing an upgrade, the configuration directory of
the cluster is backed up. Unfortunately, the archive was
written with permissions that make it possible for
non-privileged users to read the archive and thus have
access to cluster and RAPI keys. After this release,
the archive will be created with privileged access only.
We strongly advise you to restrict the permissions of
previously created archives. The archives are found in
/var/lib/ganeti*.tar (unless otherwise configured with
--localstatedir or --with-backup-dir).
If you suspect that non-privileged users have accessed
your archives already, we advise you to renew the
cluster's crypto keys using 'gnt-cluster renew-crypto'
and to reset the RAPI credentials by editing
/var/lib/ganeti/rapi_users (respectively under a
different path if configured differently with
Other changes included in this release:
- Fix handling of Xen instance states.
- Fix NIC configuration with absent NIC VLAN
- Adapt relative path expansion in PATH to new environment
- Exclude archived jobs from configuration backups
- Fix RAPI for split query setup
- Allow disk hot-remove even with chroot or SM
Inherited from the 2.9 branch:
- Make htools tolerate missing 'spfree' on luxi
Version 2.10.6
......@@ -30,6 +30,7 @@ from cStringIO import StringIO
import os
import time
import OpenSSL
import tempfile
import itertools
from ganeti.cli import *
......@@ -1881,11 +1882,16 @@ def _UpgradeBeforeConfigurationChange(versionstring):
ToStdout("Backing up configuration as %s" % backuptar)
if not _RunCommandAndReport(["mkdir", "-p", pathutils.BACKUP_DIR]):
return (False, rollback)
if not _RunCommandAndReport(["tar", "-cf", backuptar,
# Create the archive in a safe manner, as it contains sensitive
# information.
(_, tmp_name) = tempfile.mkstemp(prefix=backuptar, dir=pathutils.BACKUP_DIR)
if not _RunCommandAndReport(["tar", "-cf", tmp_name,
return (False, rollback)
os.rename(tmp_name, backuptar)
return (True, rollback)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment