Skip to content
Snippets Groups Projects
Select Git revision
  • debian-jessie-2.10-bpo2
  • debian-2.10-bpo2
  • stable-2.10-bpo2
  • master default
  • stable-2.10-grnet-rebased
  • stable-2.10-bpo
  • stable-2.8-grnet
  • debian-2.6
  • stable-2.6-ippool-hotplug-esi-nolvm-netxen
  • stable-2.6-debian
  • grnet-2.4-ippool-devel
  • v2.12.5
  • v2.13.2
  • v2.14.1
  • v2.13.1
  • v2.15.0rc1
  • v2.14.0
  • v2.14.0rc2
  • v2.12.4
  • v2.15.0beta1
  • v2.14.0rc1
  • v2.12.3
  • v2.13.0
  • v2.11.7
  • v2.14.0beta2
  • v2.13.0rc1
  • v2.12.2
  • debian/2.10.7.1+grnet1+bpo2+rmext-1
  • v2.14.0beta1
  • v2.12.1
  • v2.13.0beta1
31 results
Search by author
  • Any Author
  • Dimitris Tsakalis Dimitris Tsakalis tsakalis
  • Panagiotis Giannitsaros Panagiotis Giannitsaros pgiannitsaros
  • Αλέξανδρος Γιοχάλας Αλέξανδρος Γιοχάλας agio
  • Αντώνης Μπόγρης Αντώνης Μπόγρης abogris
  • Ασπασία Κατσή Ασπασία Κατσή akatsi
  • Αφροδίτη Παπαγιαννοπούλου Αφροδίτη Παπαγιαννοπούλου afpapag
  • Αχιλλέας Κατσαρός Αχιλλέας Κατσαρός ackatsaros
  • Βαμβακάρης Μιχάλης Βαμβακάρης Μιχάλης simfun
  • Βάσω Ηλιάδου Βάσω Ηλιάδου viliadou
  • Γαλάκος Μιχάλης Γαλάκος Μιχάλης mgalakos
  • Γεώργιος Κοτσιμπός Γεώργιος Κοτσιμπός kotsimp
  • Γεωργούλας Κώστας Γεωργούλας Κώστας kgeorgou
  • Γιάννης Δαγκουλής Γιάννης Δαγκουλής giannisdagk
  • Γιάννης Μαρινίδης Γιάννης Μαρινίδης imarin
  • Γιάννης Ταμπάκης Γιάννης Ταμπάκης yiannistampakis
  • Δάρα Κατερίνα Δάρα Κατερίνα kdara
  • Διονύσης Θωμάς Διονύσης Θωμάς dthomas
  • Ειρήνη Λουκιανού Ειρήνη Λουκιανού loukir
  • Ζαμπέτα Χωριανοπούλου Ζαμπέτα Χωριανοπούλου bchorian
  • Ζήβελδης Απόστολος Ζήβελδης Απόστολος aziveld
20 authors
  1. Nov 25, 2010
  3. Nov 24, 2010
  5. Nov 19, 2010
  7. Nov 17, 2010
  9. Nov 09, 2010
  11. Oct 27, 2010
  13. Oct 26, 2010
    • Michael Hanselmann's avatar
      Allow remote imports without checked names · 3f2ad566
      Michael Hanselmann authored 
      
By default all names are checked (LUCreateInstance, name_check). In some
cases it can be useful to disable this check, but doing so was not
allowed for remote imports. One should be aware, however, that using
this feature can lead to rename script failures when importing a remote
instance without the proper name, e.g.:

“Failed to run rename script for inst1 on node node3.example.com: OS
rename script failed (exited with exit code 1), last lines in the log
file:\nCannot rename from inst2.example.com to inst1:\nInstance has a
different hostname (inst2)”

Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
      3f2ad566
  15. Oct 25, 2010
  17. Oct 22, 2010
  19. Oct 19, 2010
  21. Oct 15, 2010
    • Apollon Oikonomopoulos's avatar
      http.client: Disable SSL session ID cache · 4ba4fe14
      Apollon Oikonomopoulos authored 
      
This patch disables the SSL session ID cache for all cURL operations.
This is needed because http.HttpBase's PyOpenSSL implementation does not
currently set a context using SSL_set_session_id_context(3SSL), cURL
tries to re-use the session ID and, according to
SSL_set_session_id_context(3SSL):

 If the session id context is not set on an SSL/TLS server and client
 certificates are used, stored sessions will not be reused but a fatal
 error will be flagged and the handshake will fail.

Ideally, session caching should be either controlled, or disabled in
HttpBase, however PyOpenSSL does not seem to implement
SSL_CTX_set_session_cache_mode nor SSL_CTX_set_session_id_context which
are used for these purposes (it seems that only M2Crypto's SSL module
supports these).

Signed-off-by: default avatarApollon Oikonomopoulos <apollon@noc.grnet.gr>
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      4ba4fe14
    • Iustin Pop's avatar
      Crude workaround for pylint breakage · f1763373
      Iustin Pop authored 
      
The way we currently call pylint, the exact order it inspect modules in
lib/http/ depends on the filesystem order. This is not good, and if
lib/http/server.py is loaded before lib/http/__init__.py, it will throw
a "R0921:763:HttpMessageReader: Abstract class not referenced" (as that
class is used in server.py).

For the short-term fix, we just add server.py after "ganeti", so that
it gets parsed (again?) and pylint sees the usage of the class.

Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      f1763373
  23. Oct 14, 2010
  25. Oct 13, 2010
  27. Oct 12, 2010
    • Apollon Oikonomopoulos's avatar
      Set list of trusted SSL CAs for client to verify · 2d93a6a7
      Apollon Oikonomopoulos authored 
      As per SSL_CTX_set_client_CA_list(3SSL), set the list of acceptable CAs
advertised to SSL clients to include the server's own certificate. This
evidently fixes the pycurl/gnutls RPC client.

During the TLS Handshake, when client verification is requested, the
Server sends a CertificateRequest message which states that the client
should send a valid certificate as a response. The CertificateRequest
message contains a section called "certificate_authorities", which,
according to the standard, is a list of the Distinguished Names (DNs) of
acceptable certification authorities. The client uses this list to send
a certificate signed by one of the acceptable CAs.

Under OpenSSL's server implementation, this list must be set manually
using some appropriate call, otherwise the list is empty. TLS 1.0[1]
does not state whether the list may be left blank, whereas TLS 1.1[2]
and 1.2[3] state that in case the list is blank, then the client *may*
send any certificate of a valid type (valid types are specified
elsewhere in the handshake).

OpenSSL clients seem to obey the behaviour specified in TLS 1.1+,
whereas at least curl+GnuTLS does not send any certificates if the list
is empty (which is not wrong per the spec, but also evidently not
configurable).

[1] http://tools.ietf.org/html/rfc2246
[2] http://tools.ietf.org/html/rfc4346
[3] http://tools.ietf.org/html/rfc5246



Signed-off-by: default avatarApollon Oikonomopoulos <apollon@noc.grnet.gr>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
      2d93a6a7
    • Guido Trotter's avatar
      Require aclocal 1.11.1 or above for autogen.sh · dbc4dda7
      Guido Trotter authored 
      
1.11.1 is the version in squeeze and lucid, and we know it works. We
also know that 1.10.1 in hardy and lenny doesn't, nor do 1.10 in etch
and 1.9.6 in dapper. We haven't tested any other version.

With older versions python.m4 is buggy, and results in the package being
built not working on python 2.6 (which uses dist-packages rather than
site-packages as a module directory).

The autogen.sh interpreter is changed to bash, as we need to use the [[
builtin to compare versions with "<". [ doesn't have that functionality,
and we can't of course rely on dpkg, which won't be installed on all
distributions.

Signed-off-by: default avatarGuido Trotter <ultrotter@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
      dbc4dda7
  29. Oct 11, 2010
    • Iustin Pop's avatar
      RPC: disable curl's Expect header · 8e29563f
      Iustin Pop authored 
      
This patch solves the very slow (~8-9 seconds) gnt-instance modify
behaviour. Well, it solves in general the slow RPC behaviour, but it was
most visible in that LU.

It seems that curl's behaviour with regard to file uploads (via PUT) and
the 'Expect' header are interacting badly with our http server.

First, our http server doesn't properly handle this header. According to
RFC 2616:

  Requirements for HTTP/1.1 origin servers: Upon receiving a request
  which includes an Expect request-header field with the "100-continue"
  expectation, an origin server MUST either respond with 100 (Continue)
  status and continue to read from the input stream, or respond with a
  final status code.

Our server doesn't do this, and hence it triggers this behaviour in curl
(from the curl FAQ):

  4.16 My HTTP POST or PUT requests are slow!

  libcurl makes all POST and PUT requests (except for POST requests with a
  very tiny request body) use the "Expect: 100-continue" header. This header
  allows the server to deny the operation early so that libcurl can bail out
  already before having to send any data. This is useful in authentication
  cases and others.

  However, many servers don't implement the Expect: stuff properly and if the
  server doesn't respond (positively) within 1 second libcurl will continue
  and send off the data anyway.

  You can disable libcurl's use of the Expect: header the same way you disable
  any header, using -H / CURLOPT_HTTPHEADER, or by forcing it to use HTTP 1.0.

This behaviour was detected by watching the captured traffic (in non-SSL
mode), where between the initial HTTP headers (ending with the Expect
one), there was a ~1-2 second pause until curl was sending the body.
Properly RTFM-ing would have saved ~1 day of digging around, but hey…

Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      8e29563f
  31. Oct 08, 2010
  33. Oct 07, 2010
  35. Oct 06, 2010
    • Iustin Pop's avatar
      QA: Fix instance move tests · 677e16eb
      Iustin Pop authored 
      
The instance move tests were moving the instance from node pair (A,_) to
(B, A), and left it there. This patch makes sure that the first step
moves the instance to (B,A) but the second one back to (A,B), so that
the instance is left on the same primary node.

The original secondary node is lost though, if I read the code
correctly.

Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      677e16eb
  37. Oct 05, 2010