Skip to content
Snippets Groups Projects
Select Git revision
  • debian-jessie-2.10-bpo2
  • debian-2.10-bpo2
  • stable-2.10-bpo2
  • master default
  • stable-2.10-grnet-rebased
  • stable-2.10-bpo
  • stable-2.8-grnet
  • debian-2.6
  • stable-2.6-ippool-hotplug-esi-nolvm-netxen
  • stable-2.6-debian
  • grnet-2.4-ippool-devel
  • v2.12.5
  • v2.13.2
  • v2.14.1
  • v2.13.1
  • v2.15.0rc1
  • v2.14.0
  • v2.14.0rc2
  • v2.12.4
  • v2.15.0beta1
  • v2.14.0rc1
  • v2.12.3
  • v2.13.0
  • v2.11.7
  • v2.14.0beta2
  • v2.13.0rc1
  • v2.12.2
  • debian/2.10.7.1+grnet1+bpo2+rmext-1
  • v2.14.0beta1
  • v2.12.1
  • v2.13.0beta1
31 results
Search by author
  • Any Author
  • Dimitris Tsakalis Dimitris Tsakalis tsakalis
  • Panagiotis Giannitsaros Panagiotis Giannitsaros pgiannitsaros
  • Αλέξανδρος Γιοχάλας Αλέξανδρος Γιοχάλας agio
  • Αντώνης Μπόγρης Αντώνης Μπόγρης abogris
  • Ασπασία Κατσή Ασπασία Κατσή akatsi
  • Αφροδίτη Παπαγιαννοπούλου Αφροδίτη Παπαγιαννοπούλου afpapag
  • Αχιλλέας Κατσαρός Αχιλλέας Κατσαρός ackatsaros
  • Βαμβακάρης Μιχάλης Βαμβακάρης Μιχάλης simfun
  • Βάσω Ηλιάδου Βάσω Ηλιάδου viliadou
  • Γαλάκος Μιχάλης Γαλάκος Μιχάλης mgalakos
  • Γεώργιος Κοτσιμπός Γεώργιος Κοτσιμπός kotsimp
  • Γεωργούλας Κώστας Γεωργούλας Κώστας kgeorgou
  • Γιάννης Δαγκουλής Γιάννης Δαγκουλής giannisdagk
  • Γιάννης Μαρινίδης Γιάννης Μαρινίδης imarin
  • Γιάννης Ταμπάκης Γιάννης Ταμπάκης yiannistampakis
  • Δάρα Κατερίνα Δάρα Κατερίνα kdara
  • Διονύσης Θωμάς Διονύσης Θωμάς dthomas
  • Ειρήνη Λουκιανού Ειρήνη Λουκιανού loukir
  • Ζαμπέτα Χωριανοπούλου Ζαμπέτα Χωριανοπούλου bchorian
  • Ζήβελδης Απόστολος Ζήβελδης Απόστολος aziveld
20 authors
  1. Oct 22, 2010
  3. Oct 21, 2010
  5. Oct 20, 2010
  7. Oct 19, 2010
  9. Oct 15, 2010
  11. Oct 14, 2010
    • Iustin Pop's avatar
      Merge branch 'stable-2.2' · 744061f3
      Iustin Pop authored 
      
* stable-2.2:
  Release 2.2.1~rc1
  Require aclocal 1.11.1 or above for devel/release
  Revert "Require aclocal 1.11.1 or above for autogen.sh"
  Add mising --units in gnt-instance list man page
  Set list of trusted SSL CAs for client to verify
  Require aclocal 1.11.1 or above for autogen.sh

Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      744061f3
    • Iustin Pop's avatar
      Brown-bag fix for leftover comment · 76917d97
      Iustin Pop authored 
      
I did forgot this in the original patch. Sorry!!!!

Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
      76917d97
    • Iustin Pop's avatar
      Rework QA interaction with the watcher · 8201b996
      Iustin Pop authored 
      
The interaction with cron-launched watcher is a well-known failure mode of QA:

---- 2010-10-14 06:54:55.464839 time=0:00:56.764827 Test tools/move-instance

For the following tests it's recommended to turn off the ganeti-watcher cronjob.

---- 2010-10-14 06:54:55.465255 start Test automatic restart of instance by ganeti-watcher
…
Error: Domain 'instance1' does not exist.
Command: ssh -oEscapeChar=none -oBatchMode=yes -l root -t -oStrictHostKeyChecking=yes
  -oClearAllForwardings=yes -oForwardAgent=yes node2 'ganeti-watcher -d'
2010-10-13 23:55:04,479:  pid=1659 ganeti-watcher:626
 ERROR Can't acquire lock on state file /var/lib/ganeti/watcher.data: File already locked
---- 2010-10-14 06:55:04.513948 time=0:00:09.048693 Test automatic restart of instance by ganeti-watcher

In order to fix this, we disable the watcher during these tests, and
re-enable it afterwards. To protect against watcher being disabled, we
enable it unconditionally at the start of the QA (we do want it enabled,
in order to see the interaction between the watcher and many
creation/disk replace jobs, etc.).

Note: even after this patch, if a cron-watcher was started and is still
running during the test, we'll have locking issues. I think for now this
is OK, we'll have to see how often that happens.

Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      8201b996
    • Iustin Pop's avatar
      Add a new watcher option --ignore-pause · 46c8a6ab
      Iustin Pop authored 
      
During cluster maintenance, when the watcher is disabled, it's useful to
run it just once. This is incovenient to do currently, as the watcher
needs to be unpaused, then run, then paused again.

This patch adds an option “--ignore-pause” that can be used to ignore
the cluster-level setting. Also the man page is updated as it was
missing the options available.

Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      46c8a6ab
    • Iustin Pop's avatar
      Release 2.2.1~rc1 · 24440be4
      Iustin Pop authored 
      
Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      v2.2.1rc1
      24440be4
    • Iustin Pop's avatar
      Merge branch 'stable-2.2' into devel-2.2 · 7dcadb74
      Iustin Pop authored 
      
* stable-2.2:
  Require aclocal 1.11.1 or above for devel/release
  Revert "Require aclocal 1.11.1 or above for autogen.sh"
  Set list of trusted SSL CAs for client to verify
  Require aclocal 1.11.1 or above for autogen.sh

Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      7dcadb74
  13. Oct 13, 2010
  15. Oct 12, 2010
    • Apollon Oikonomopoulos's avatar
      Set list of trusted SSL CAs for client to verify · 2d93a6a7
      Apollon Oikonomopoulos authored 
      As per SSL_CTX_set_client_CA_list(3SSL), set the list of acceptable CAs
advertised to SSL clients to include the server's own certificate. This
evidently fixes the pycurl/gnutls RPC client.

During the TLS Handshake, when client verification is requested, the
Server sends a CertificateRequest message which states that the client
should send a valid certificate as a response. The CertificateRequest
message contains a section called "certificate_authorities", which,
according to the standard, is a list of the Distinguished Names (DNs) of
acceptable certification authorities. The client uses this list to send
a certificate signed by one of the acceptable CAs.

Under OpenSSL's server implementation, this list must be set manually
using some appropriate call, otherwise the list is empty. TLS 1.0[1]
does not state whether the list may be left blank, whereas TLS 1.1[2]
and 1.2[3] state that in case the list is blank, then the client *may*
send any certificate of a valid type (valid types are specified
elsewhere in the handshake).

OpenSSL clients seem to obey the behaviour specified in TLS 1.1+,
whereas at least curl+GnuTLS does not send any certificates if the list
is empty (which is not wrong per the spec, but also evidently not
configurable).

[1] http://tools.ietf.org/html/rfc2246
[2] http://tools.ietf.org/html/rfc4346
[3] http://tools.ietf.org/html/rfc5246



Signed-off-by: default avatarApollon Oikonomopoulos <apollon@noc.grnet.gr>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
      2d93a6a7
    • Guido Trotter's avatar
      Require aclocal 1.11.1 or above for autogen.sh · dbc4dda7
      Guido Trotter authored 
      
1.11.1 is the version in squeeze and lucid, and we know it works. We
also know that 1.10.1 in hardy and lenny doesn't, nor do 1.10 in etch
and 1.9.6 in dapper. We haven't tested any other version.

With older versions python.m4 is buggy, and results in the package being
built not working on python 2.6 (which uses dist-packages rather than
site-packages as a module directory).

The autogen.sh interpreter is changed to bash, as we need to use the [[
builtin to compare versions with "<". [ doesn't have that functionality,
and we can't of course rely on dpkg, which won't be installed on all
distributions.

Signed-off-by: default avatarGuido Trotter <ultrotter@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
      dbc4dda7