- 07 Oct, 2014 1 commit
-
-
Niklas Hambuechen authored
Just a few wording and consistency improvements. Signed-off-by:
Niklas Hambuechen <niklash@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
- 02 Oct, 2014 35 commits
-
-
Klaus Aehlig authored
The hypervisor-version check introduced an incompatible change: Ganeti now errors out in situations where it used to warn and then try and hope for the best. So add a not in the section on incompatible changes. Signed-off-by:
Petr Pudlak <pudlak@google.com>
-
Klaus Aehlig authored
Describe the new option and the changed default behaviour in the man page. Signed-off-by:
-
Klaus Aehlig authored
...which simply passes on the option. Signed-off-by:
-
Klaus Aehlig authored
This option will be used to tell Ganeti to not error out if a migration between nodes with incompatible hypervisor versions is attempted. Signed-off-by:
-
Klaus Aehlig authored
...by passing the parameter also to the tasklet. Signed-off-by:
-
Klaus Aehlig authored
As a parameter with default value, it will be backwards compatible on the wire. Inside our code, however, we have to adapt the various calls to the constructor. Signed-off-by:
-
Klaus Aehlig authored
This parameter will instruct instance migration to proceed in the presence of incompatible hypervisor versions. Signed-off-by:
-
Klaus Aehlig authored
...unless force is used. This will prevent accidentally crashing instances. Signed-off-by:
-
Klaus Aehlig authored
...by looking at the results of a few typical examples. Signed-off-by:
-
Klaus Aehlig authored
The relevance of a warning about migrating between hypervisors of different versions depends on whether the migration is likely to succeed or not. While it is hard to predict this in general, this function follows best practices for Xen's current numbering scheme. Signed-off-by:
-
Helga Velroyen authored
This is an additional patch to the SSH patch series which simplifies the handling of public SSH keys by using the utility function WriteFile as often as possible. As it is a mess to merge it back into the series, I am sending this as an additional patch at the end of the series. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
-
Helga Velroyen authored
Mention the changes in the SSH handling in the NEWS file. Signed-off-by:
-
Helga Velroyen authored
This patch adds the '--new-ssh-keys' option to 'gnt-cluster renew-crypto'. In the client, it retrieves all current ssh keys and (re-)writes the 'ganeti_pub_key' file with it, then in the backend, the new keys are generated and distributed. Signed-off-by:
-
Helga Velroyen authored
Both prepare_node_join and soon ssh_update will need the function "GenerateRootSshKeys". This patch moves the function to the common directory. No functional changes otherwise. Signed-off-by:
-
Helga Velroyen authored
This moves the function to read public keys from a node to the ssh module. So far it was only used by 'gnt_node', but it will soon be reused by 'gnt_cluster' as well. No functional changes in this patch. Signed-off-by:
-
Helga Velroyen authored
This adds an option to 'InitSSHSetup' to not override the SSH key, but create an additional one with a suffix. This will be used to replace the master node's SSH key, but keeping the old one a little longer to distribute the new one. Signed-off-by:
-
Helga Velroyen authored
This patch adds a unit test for InitSSHSetup before we start extending it in the next patch. Signed-off-by:
-
Helga Velroyen authored
In order to be enable to extend the renew-crypto opcode, we are adding a parameter for renewing the node SSL certificates. This way, it can easily be broadened to renew SSH keys as well, which is done in the following patch. Signed-off-by:
-
Helga Velroyen authored
... to make lint shut up. Signed-off-by:
-
Helga Velroyen authored
This patch implements the removal of a node's SSH key from all nodes' "authorized_keys" files when it is demoted from being master candidate to being a normal node. It also adds the adding of a node's SSH key when it is promoted from normal node to master candidate. Signed-off-by:
-
Helga Velroyen authored
This patch adjusts the SSH connectivity test that 'gnt-cluster verify' does and introduces a couple of sanity checks for the new SSH setup with individual keys. Note that it won't be possible for this to always hold through the entire patch series. I decided to put it in anyway, because it a great debugging tool during the development itself as keeping track of the states of various key files is tedious manual work. Signed-off-by:
-
Helga Velroyen authored
This patch adapts the 'prepare_node_join' tool so that instead of copying the cluster SSH key to the new node, an individual SSH key pair is generated for that node. Signed-off-by:
-
Helga Velroyen authored
If a node is readded to the cluster, it might or might not have an old SSH key distributed on the nodes. In order to make a clean add, the old key is removed first. Signed-off-by:
-
Helga Velroyen authored
This patch implements the handling of SSH keys when a node is removed from the cluster. It covers the implementation in the backend, the introduction and calling of a new RPC call for that purpose. Signed-off-by:
-
Helga Velroyen authored
This patch prepares the ssh utility library ssh.py and the ssh update tool with the ability to remove SSH keys from the 'authorized_keys' and the 'ganeti_pub_keys' files. Signed-off-by:
-
Helga Velroyen authored
This patch implements the handling of SSH keys, when a new node is added. It introduces the new RPC call 'ssh_add_key', which is called to the master's noded when a new node is added. In the backend implementation, noded takes care of distributing the new node's SSH key information to all other nodes in the cluster which are supposed to have this information. Note: It was rather tedious to test the backend function, because it was calling many other functions which would have needed to be mocked. Instead I added the public key file as a parameter, because this way I could at least reduce the complexity of the test setup and at the same time have direct access to the file that gets manipulated. Also Note: Up till now, there is still only the common cluster SSH key around. I wanted to have some infrastructure in place, before actually individual keys are generated. Signed-off-by:
-
Helga Velroyen authored
This patch adds a function to retrieve a map of group UUIDs to SSH ports to the configuration module. Fixes Issue 773. Besides that, this patch adds another function to retrieve the list of potential master candidates. Signed-off-by:
-
Helga Velroyen authored
In order to update the 'ganeti_pub_keys' and the 'authorized_keys' files of various nodes via SSH, we introduce the tool 'ssh_update'. It works similar to the tool 'prepare_node_join', which is also a tool invoked via SSH on a remote note. This patch includes some refactoring to reuse code from the 'prepare_node_join' tool and provides unit tests as well. Note that the actual invocation of the 'ssh_update' tool will be done in later patches of this series. Signed-off-by:
-
Helga Velroyen authored
This patch add a couple of new SSH utility functions to the ssh module: - clearing the whole 'ganeti_pub_keys' file - overriding the whole 'ganeti_pub_keys' file - retrieving all keys from the file at once Those functions will be used in later patches. Unit tests are provided. Signed-off-by:
-
Helga Velroyen authored
On adding a new node, a new public/private SSH key pair will be generated. The public key pair needs (possibly) to be added to the 'ganeti_pub_keys' file and the 'authorized_keys' file of other cluster nodes. This patch provides the mechanism to fetch the new node's public SSH key via ssh. Node that at this point, no new public/private key pair is generated yet. This will come in a later patch of this series as we first want to have all infrastructure in place. Signed-off-by:
-
Helga Velroyen authored
This patch initializes the "ganeti_pub_keys" file on cluster initialization and adds the master's key to it. On node-add, the key file is queried for the keys of the master candidates and those are transferred to the new node and added to its "authorized_keys" file. Signed-off-by:
-
Helga Velroyen authored
This patch introduced infrastructure to handle the newly introduced file of public SSH keys of potential master candidates (as described in "design-node-security.rst"). It supports the operation to add and remove keys and to query the file for a set of keys. In this patch it does not get called by any code yet; this will be done in the next patches. Unit tests are included. Signed-off-by:
-
Helga Velroyen authored
There were a couple of ssh-related utility functions scattered in io.py. We are moving them to ssh.py to keep all ssh-related code together. Signed-off-by:
-
Helga Velroyen authored
Since the generation of SSH keys will no longer only happen at cluster init, but every time a node is added, we move the "InitSSH" method from bootstrap to the ssh module to be able to reuse it. No functional changes otherwise. Signed-off-by:
-
Helga Velroyen authored
Signed-off-by:
-
- 01 Oct, 2014 2 commits
-
-
Hrvoje Ribicic authored
The wheezy chroot relied on the pylint and pep8 packages supplied by wheezy, which do not match the ones stated in our developer notes. This patch fixes this by specifying the versions explicitly. Signed-off-by:
Hrvoje Ribicic <riba@google.com> Reviewed-by:
-
Hrvoje Ribicic authored
We are moving away from squeeze on all fronts, and we should do the same in the build_chroot script. Signed-off-by:
-
- 30 Sep, 2014 2 commits
-
-
Niklas Hambuechen authored
We already did this for the Haskell part; this fixes the Python query implementation and tests. Signed-off-by:
-
Niklas Hambuechen authored
This is the same we do for all tests starting with "case_". Signed-off-by:
-
