1. 28 Aug, 2014 1 commit
  2. 02 Jul, 2014 1 commit
  3. 10 Jun, 2014 2 commits
  4. 03 Jun, 2014 1 commit
  5. 30 May, 2014 1 commit
  6. 23 May, 2014 3 commits
  7. 22 May, 2014 8 commits
  8. 16 May, 2014 1 commit
  9. 14 May, 2014 1 commit
  10. 13 May, 2014 1 commit
  11. 06 May, 2014 3 commits
  12. 05 May, 2014 1 commit
  13. 24 Apr, 2014 1 commit
  14. 15 Apr, 2014 1 commit
  15. 08 Apr, 2014 1 commit
  16. 26 Mar, 2014 1 commit
  17. 20 Mar, 2014 1 commit
  18. 05 Mar, 2014 3 commits
  19. 26 Feb, 2014 1 commit
  20. 24 Feb, 2014 1 commit
  21. 14 Feb, 2014 2 commits
    • Helga Velroyen's avatar
      Use node UUID as client certificate serial number · ab4b1cf2
      Helga Velroyen authored
      
      
      It turns out, that some implementations of OpenSSL are more
      pedantic in checking the certficates than others. In this
      particular case, the SSL connection could not be
      established when the serial number of the certificates
      was not unique.
      
      To avoid this problem, this patch extends Ganeti's X509
      infrastructure to set the certificate's serial
      number. In case of client certificates, we now use the
      node's UUID as serial number, because the UUIDs are
      assumed to be unique in a cluster. This is however still
      not complying to how SSL was designed to be used, but at
      least it is a lot better than setting every serial number
      to 1, which was used before and is still used for other
      certificates than the client certificate.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      ab4b1cf2
    • Helga Velroyen's avatar
      Revert "Disabling client certificate usage" · d5104ca4
      Helga Velroyen authored
      This reverts commit 45f75526
      
      , which was introduced to
      temporarily disable the implementation of SSL client
      certificates. As this patch series fixes the reason for
      the disabling, we are rolling back the patch.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      d5104ca4
  22. 13 Feb, 2014 2 commits
    • Jose A. Lopes's avatar
      Add 'instance_communication_parameter' to 'Cluster' · 8a5d326f
      Jose A. Lopes authored
      
      
      * Add parameter 'instance_communication_parameter' to the Python
        'ganeti.objects.Cluster' and the Haskell 'Ganeti.Objects.Cluster'.
      
      * Update Haskell 'QueryClusterInfo' to return also the
        'instance_communication_network' parameter.
      
      * Update Python 'LUClusterQuery' to return also the
        'instance_communication_network' parameter.
      
      * Update Python 'ShowClusterConfig' to include information about the
        'instance_commuication_network' parameter
      
      * Update 'ganeti.objects.Cluster.UpgradeConfig' to ugprade also
        'instance_communication_network' parameter to the empty string, if
        unspecified.
      
      * Update the configuration upgrade tool (i.e., 'tools/cfgupgrade') to
        handle upgrading of the 'instance_communication_network' parameter
        as well as downgrading.
      Signed-off-by: default avatarJose A. Lopes <jabolopes@google.com>
      Reviewed-by: default avatarHelga Velroyen <helgav@google.com>
      8a5d326f
    • Helga Velroyen's avatar
      Correct test for existance of instances · a21440d8
      Helga Velroyen authored
      
      
      Since python interprets an empty dictionary as 'False',
      testing for the existance of the 'instances' field in
      the configuration has to be done by explicitely testing
      for 'None'.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      a21440d8
  23. 12 Feb, 2014 2 commits