- 17 Feb, 2014 4 commits
-
-
Klaus Aehlig authored
Add the pure part of the mechanism of updating locks. To allow for efficient waiting on locks, return the set of owners of the locks on which the operation is blocked. Signed-off-by:
Klaus Aehlig <aehlig@google.com> Reviewed-by:
Petr Pudlak <pudlak@google.com>
-
Klaus Aehlig authored
The list monad provides convenient syntax for non-deterministic algorithms. Add a function leaving that monad with this intuition in mind. Signed-off-by:
-
Klaus Aehlig authored
To allow for jobs as processes, a central daemon (wconfd) will handle allocation and release of locks. Add an appropriate data structure to describe the current status of the locks. Signed-off-by:
-
Jose A. Lopes authored
This patch fixes the warnings produced by ./autogen.sh Makefile.am:310: variable `BUILT_PYTHON_SOURCES' is defined but no program or Makefile.am:310: library has `BUILT_PYTHON' as canonical name (possible typo) For some reason, autotools started looking at the target 'BUILT_PYTHON_SOURCES' as if it contained the sources to build a target 'BUILT_PYTHON'. Fixes issue 719. Signed-off-by:
Jose A. Lopes <jabolopes@google.com> Reviewed-by:
Hrvoje Ribicic <riba@google.com>
-
- 14 Feb, 2014 32 commits
-
-
Klaus Aehlig authored
* stable-2.11 Update design doc wrt to improved SSL design Test node certificate renewal in QA Use node UUID as client certificate serial number Revert "Temporarily remove SSL changes from NEWS file" Revert "Disabling client certificate usage" Fix watcher tampering with instance userdown QA Conflicts: qa/qa_instance.py (trivial) Signed-off-by:
-
Helga Velroyen authored
This patch updates the design document of Ganeti's node security to make it consistent with the implementation and to extend it with a couple of suggestions to improve the SSL security even more. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
-
Helga Velroyen authored
This extends the QA by explicitely testing the renewal of SSL client certificates. Signed-off-by:
-
Helga Velroyen authored
It turns out, that some implementations of OpenSSL are more pedantic in checking the certficates than others. In this particular case, the SSL connection could not be established when the serial number of the certificates was not unique. To avoid this problem, this patch extends Ganeti's X509 infrastructure to set the certificate's serial number. In case of client certificates, we now use the node's UUID as serial number, because the UUIDs are assumed to be unique in a cluster. This is however still not complying to how SSL was designed to be used, but at least it is a lot better than setting every serial number to 1, which was used before and is still used for other certificates than the client certificate. Signed-off-by:
-
Helga Velroyen authored
This reverts commit 89671df1, which temporarily removed the announcement of improved SSL security in the NEWS file. As this patch series fixes the SSL problem that caused the disabling of the features, we are adding back the announcement. Signed-off-by:
-
Helga Velroyen authored
This reverts commit 45f75526, which was introduced to temporarily disable the implementation of SSL client certificates. As this patch series fixes the reason for the disabling, we are rolling back the patch. Signed-off-by:
-
Petr Pudlak authored
Function 'atomicUpdateFile' extends 'atomicWriteFile' that allows any action to be run on a temporary file. Function 'atomicUpdateLockedFile' additionally locks the original file using flock and checks if its state conforms to the last one. Signed-off-by:
-
Petr Pudlak authored
It's used on the Python side, it's been missing on the Haskell side. Signed-off-by:
-
Petr Pudlak authored
This makes usage of ReaderT's liftIO more convenient. Signed-off-by:
-
Petr Pudlak authored
All stubs are generated from Haskell during compilation. Also ignore the executable of the new daemon. Signed-off-by:
-
Petr Pudlak authored
This ambiguity was introduced by adding the WConfd client. Signed-off-by:
-
Petr Pudlak authored
The client combines the abstract client class and the WConfD stub to provide a Python interface to WConfD. Signed-off-by:
-
Petr Pudlak authored
The generation is included in hs2py.hs, together with other Haskell to Python code generators. Signed-off-by:
-
Petr Pudlak authored
The client provides _GenericInvoke(...) for a stub and uses its _GetSocketPath() for opening a Transport. Signed-off-by:
-
Petr Pudlak authored
The names of the arguments of generated Python methods are derived from Haskell types to be as descriptive as possible. Signed-off-by:
-
Petr Pudlak authored
This involves adding a new sets of variables for the directory. Signed-off-by:
-
Petr Pudlak authored
Directory "lib/rpc/stubs" will contains RPC stubs generated from Haskell. Signed-off-by:
-
Petr Pudlak authored
.. instead of AbstractClient itself. Also let every client call _InitTransport() as needed. This allows to determine socket addresses later than during the initialization of a class. Signed-off-by:
-
Petr Pudlak authored
The daemon exposes the declared functions in Ganeti.WConfd.Core to RPC clients (currently just 'echo'). Signed-off-by:
-
Petr Pudlak authored
Also list it in the Haskell datatype, constants, Python constants and test configuration. Signed-off-by:
-
Petr Pudlak authored
There are no exported functions yet, except for `echo`, which just returns its argument back to a client. Signed-off-by:
-
Petr Pudlak authored
This allows to log in monad stacks containing RWS. Signed-off-by:
-
Petr Pudlak authored
This monad encapsulates working with the daemon and client state, as well as failures and IO operations. Signed-off-by:
-
Petr Pudlak authored
The main function in this module takes a list of names of functions and uses TH to create an RPC server, represented as a value of type Handler (from Ganeti.UDSServer). This can be readily used to create a daemon that dispatches RPC requests to the given functions. Signed-off-by:
-
Petr Pudlak authored
In particular, test (de)serialization of "OneTuple". Signed-off-by:
-
Petr Pudlak authored
It tests if a deserialization method fails properly when an invalid input is given. Signed-off-by:
-
Petr Pudlak authored
In particular, functions for extracting types of arguments from a function type, and for uncurrying functions with an arbitrary number of arguments. Signed-off-by:
-
Petr Pudlak authored
This error appears after adding the dependency to lifted-base. See also #683 and ee7caf27. I surmise that something like this is happening: Some code, that uses the library, is only referenced through Template Haskell. A probable bug in GHC linker fails to notice it and doesn't include the library when linking, causing the error. Referencing the library explicitly in THH.hs solves the problem. Signed-off-by:
-
Petr Pudlak authored
This allows to use lifted operations like 'fork' or 'bracket' inside ResultT. Signed-off-by:
-
Petr Pudlak authored
.. as long as they're instances of "MonadBaseControl IO" and "MonadLog". This allows the UDSServer to call functions like "fork" within monads such as "ResultT e IO" or "ReaderT IO". Signed-off-by:
-
Petr Pudlak authored
This includes NEWS and INSTALL Signed-off-by:
-
Petr Pudlak authored
.. for both Debian distribution. Also check that the library is present during the configuration step. Signed-off-by:
-
- 13 Feb, 2014 4 commits
-
-
Jose A. Lopes authored
The watcher was tampering with the instance user down QA because, when the watcher sees an instance marked an 'USER_down', it will cleanup the instance, that is it will stop the instance, thus marking it as 'ADMIN_down'. The change in instance status was causing the instance user down QA to fail sporadically. This patch pauses the watcher during this test. Signed-off-by:
-
Jose A. Lopes authored
Rename some functions related to instance communication not to collide with the naming convention used in the opcodes. Signed-off-by:
-
Jose A. Lopes authored
Factor out the opcodes 'OpNetworkAdd' and 'OpNetworkConnect' used in 'LUClusterSetParams' and 'LUGroupAdd' in order to reduce code duplication and keep the configuration of the instance communication in one place. Signed-off-by:
-
Jose A. Lopes authored
Extend QA with tests for the instance communication mechanism. These tests cover only the cluster creating the instance communication network and connecting it to the existing node group, and also if new groups are added they are also connected to the instance communication network. Signed-off-by:
-
