1. 13 Feb, 2014 2 commits
    • Jose A. Lopes's avatar
      Check prereq instance communication network in 'SetParams' · 11eeb1b9
      Jose A. Lopes authored
      
      
      Later, the logical unit for 'OpClusterSetParams' will be responsible
      for creating the instance communication network in case it does not
      exist.  For now, it is important to check whether the network the user
      is requesting to become assigned to instance communication has the
      right configuration and otherwise warn about potential security risks.
      
      * Add a new static method
        'LUClusterSetParams._CheckInstanceCommunicationNetwork' which checks
        if the user-supplied network is configured correctly and issues
        security warnings otherwise.  A correctly configured instance
        communication network is link-local (i.e., 169.254.0.0/16 for IPv4
        and fe80::/64 for IPv6), has no gateways, and has a specific MAC
        prefix.
      
      * Extend 'LUClusterSetParams.CheckPrereq' to call the above method to
        check whether the user supplied network matches the intended
        configuration.
      Signed-off-by: default avatarJose A. Lopes <jabolopes@google.com>
      Reviewed-by: default avatarHelga Velroyen <helgav@google.com>
      11eeb1b9
    • Jose A. Lopes's avatar
      Add 'instance_communication_parameter' to 'Cluster' · 8a5d326f
      Jose A. Lopes authored
      
      
      * Add parameter 'instance_communication_parameter' to the Python
        'ganeti.objects.Cluster' and the Haskell 'Ganeti.Objects.Cluster'.
      
      * Update Haskell 'QueryClusterInfo' to return also the
        'instance_communication_network' parameter.
      
      * Update Python 'LUClusterQuery' to return also the
        'instance_communication_network' parameter.
      
      * Update Python 'ShowClusterConfig' to include information about the
        'instance_commuication_network' parameter
      
      * Update 'ganeti.objects.Cluster.UpgradeConfig' to ugprade also
        'instance_communication_network' parameter to the empty string, if
        unspecified.
      
      * Update the configuration upgrade tool (i.e., 'tools/cfgupgrade') to
        handle upgrading of the 'instance_communication_network' parameter
        as well as downgrading.
      Signed-off-by: default avatarJose A. Lopes <jabolopes@google.com>
      Reviewed-by: default avatarHelga Velroyen <helgav@google.com>
      8a5d326f
  2. 07 Feb, 2014 1 commit
  3. 30 Jan, 2014 1 commit
  4. 24 Jan, 2014 1 commit
    • Helga Velroyen's avatar
      Disabling client certificate usage · 45f75526
      Helga Velroyen authored
      
      
      This patch temporarily disables the usage of the client
      SSL certificates. The handling of RPC connections had a
      conceptional flaw, because the certificates lack a proper
      signature. For this, Ganeti needs to implement a CA,
      which is already designed (see design-x509-ca.rst) but
      not implemented yet. This patch keeps most of the
      client certificate infrastructure intact which was already
      created and and can be reused, but just disables the
      actual usage of the certificates in RPC calls till the CA
      is in place.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      45f75526
  5. 16 Jan, 2014 2 commits
  6. 15 Jan, 2014 1 commit
  7. 20 Dec, 2013 3 commits
    • Helga Velroyen's avatar
      Verify client certificates · a6c43c02
      Helga Velroyen authored
      
      
      This patch adds a step to 'gnt-cluster verify' to verify
      the existence and validity of the nodes' client
      certificates. Since this is a crucial point of the
      security concept, the verification is very detailed with
      expressive error messages and well tested by unit tests.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      a6c43c02
    • Helga Velroyen's avatar
      Verify incoming RPCs against candidate map · b3cc1646
      Helga Velroyen authored
      
      
      From this patch on, incoming RPC calls are checked against
      the map of valid master candidate certificates. If no map
      is present, the cluster is assumed to be in
      bootstrap/upgrade mode and compares the incoming call
      against the server certificate. This is necessary, because
      neither at cluster initialization nor at upgrades from
      pre-2.11 versions a candidate map is established yet.
      
      After an upgrade, the cluster RPC communication continues
      to use the server certificate until the client certificates
      are created and the candidate map is populated using
      'gnt-cluster renew-crypto --new-node-certificates'.
      
      Note that for updating the master's certificate, a trick
      was necessary. The new certificate is first created under
      a temporary name, then it's digest is updated and
      distributed using the old certificate, because otherwise
      distribution will fail since the nodes don't know the
      new digest yet. Then the certificate is moved to its
      proper location.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      b3cc1646
    • Helga Velroyen's avatar
      Add certificate for master node · 5b6f9e35
      Helga Velroyen authored
      
      
      On cluster initialization, the master node's
      SSL certificate digest is added to the list of master
      candidate certificates.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      5b6f9e35
  8. 17 Dec, 2013 3 commits
  9. 29 Nov, 2013 1 commit
  10. 14 Nov, 2013 2 commits
    • Petr Pudlak's avatar
      Use custom SSH ports in node groups when working with nodes · a9f33339
      Petr Pudlak authored
      
      
      Calling `gnt-instance console` with a custom SSH port doesn't work yet.
      Signed-off-by: default avatarPetr Pudlak <pudlak@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      a9f33339
    • Thomas Thrainer's avatar
      Don't allow optional node parameters · 07e68848
      Thomas Thrainer authored
      
      
      Ganeti does not support optional fields in parameters
      (hypervisor-params, disk-params, etc.). OpenVSwitch related node
      parameters were the exception to this rule, which caused numerous
      problems related to import/export and (de-)serialization.
      
      The reason for making those parameters optional in the first place was to
      disallow them when OpenVSwitch is not used. This was not consistent with
      other parts of Ganeti, where we allow parameters to be set even though they
      are not actively used.
      
      This patch makes all node parameters mandatory and provides sensible
      defaults for them. Checks which make sure that certain parameters are
      not set in some cases were removed, and the tests adapted. Also, the
      inheritance logic from cluster -> node group -> node was implemented, as
      it was missing previously.
      Signed-off-by: default avatarThomas Thrainer <thomasth@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      07e68848
  11. 07 Nov, 2013 1 commit
  12. 30 Oct, 2013 1 commit
  13. 15 Oct, 2013 1 commit
  14. 11 Oct, 2013 4 commits
  15. 02 Oct, 2013 1 commit
  16. 24 Sep, 2013 3 commits
  17. 28 Aug, 2013 1 commit
  18. 27 Aug, 2013 3 commits
  19. 13 Aug, 2013 3 commits
  20. 08 Aug, 2013 4 commits
  21. 07 Aug, 2013 1 commit