1. 12 May, 2014 1 commit
  2. 19 Mar, 2014 1 commit
  3. 14 Feb, 2014 2 commits
    • Helga Velroyen's avatar
      Test node certificate renewal in QA · e593c9c8
      Helga Velroyen authored
      
      
      This extends the QA by explicitely testing the renewal
      of SSL client certificates.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      e593c9c8
    • Helga Velroyen's avatar
      Use node UUID as client certificate serial number · ab4b1cf2
      Helga Velroyen authored
      
      
      It turns out, that some implementations of OpenSSL are more
      pedantic in checking the certficates than others. In this
      particular case, the SSL connection could not be
      established when the serial number of the certificates
      was not unique.
      
      To avoid this problem, this patch extends Ganeti's X509
      infrastructure to set the certificate's serial
      number. In case of client certificates, we now use the
      node's UUID as serial number, because the UUIDs are
      assumed to be unique in a cluster. This is however still
      not complying to how SSL was designed to be used, but at
      least it is a lot better than setting every serial number
      to 1, which was used before and is still used for other
      certificates than the client certificate.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      ab4b1cf2
  4. 17 Dec, 2013 2 commits
  5. 11 Nov, 2013 1 commit
  6. 22 Oct, 2013 1 commit
  7. 18 Oct, 2013 1 commit
  8. 17 Oct, 2013 2 commits
  9. 16 Oct, 2013 1 commit
  10. 11 Oct, 2013 1 commit
  11. 09 Oct, 2013 1 commit
  12. 27 Sep, 2013 1 commit
  13. 25 Sep, 2013 2 commits
  14. 23 Sep, 2013 1 commit
    • Klaus Aehlig's avatar
      Provide PYTHONPATH to burnin · 5d9d1aff
      Klaus Aehlig authored
      
      
      One feature of the new private-module layout is that a python
      script cannot simply 'import ganeti'. The reason is that the
      interfaces to these modules are not stable and hence should not
      be used outside Ganeti. However, this is what the burnin test
      in the qa does. The good news is that we know that the burnin
      script will always be from the same version of ganeti as the
      one we're testing against; so we can simply provide the appropriate
      PYTHONPATH.
      Signed-off-by: default avatarKlaus Aehlig <aehlig@google.com>
      Reviewed-by: default avatarJose Lopes <jabolopes@google.com>
      5d9d1aff
  15. 28 Aug, 2013 1 commit
  16. 27 Aug, 2013 3 commits
  17. 09 Aug, 2013 1 commit
  18. 08 Aug, 2013 1 commit
  19. 29 Jul, 2013 2 commits
  20. 23 Jul, 2013 1 commit
  21. 17 Jul, 2013 1 commit
  22. 15 Jul, 2013 1 commit
  23. 04 Jul, 2013 1 commit
  24. 02 Jul, 2013 1 commit
  25. 26 Jun, 2013 2 commits
  26. 03 May, 2013 1 commit
  27. 29 Apr, 2013 2 commits
  28. 26 Apr, 2013 1 commit
    • Helga Velroyen's avatar
      gnt-cluster modify/init: deprecate --no-lvm-storage · 912737ba
      Helga Velroyen authored
      
      
      This patch does three things:
      
      1. It deprecates the option '--no-lvm-storage' of 'gnt-cluster modify'
      and 'gnt-cluster init'. Technically, it is not fully removed, but kept in order
      to warn the user that it is no longer supported and that she should use
      --enabled-disk-templates instead.
      
      2. The consistency check between '--no-lvm-storage' and '--vg-name' is replaced
      by checks between '--enabled-disk-templates' and '--vg-name'. There are these
      cases:
      - vg name, lvm disk template enabled = ok
      - no vg name, lvm disk template enabled = error
      - vg name, no lvm enabled = warning
      - no vg name, no lvm enabled = ok
      I added quite a lot of tests for all these and the transitions from each case
      to another to the QA.
      
      3. The check whether or not the volume group is available on all nodes is now
      done only in these cases:
      - the volume group name gets set and lvm is already enabled
      - lvm is getting enabled and the volume group was set before
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
      912737ba
  29. 24 Apr, 2013 3 commits