1. 10 Jul, 2014 1 commit
  2. 10 Jun, 2014 1 commit
  3. 22 May, 2014 1 commit
  4. 22 Apr, 2014 1 commit
  5. 07 Mar, 2014 1 commit
  6. 31 Jan, 2014 1 commit
  7. 16 Jan, 2014 2 commits
  8. 10 Jan, 2014 2 commits
  9. 09 Jan, 2014 2 commits
  10. 20 Dec, 2013 2 commits
    • Helga Velroyen's avatar
      Verify incoming RPCs against candidate map · b3cc1646
      Helga Velroyen authored
      
      
      From this patch on, incoming RPC calls are checked against
      the map of valid master candidate certificates. If no map
      is present, the cluster is assumed to be in
      bootstrap/upgrade mode and compares the incoming call
      against the server certificate. This is necessary, because
      neither at cluster initialization nor at upgrades from
      pre-2.11 versions a candidate map is established yet.
      
      After an upgrade, the cluster RPC communication continues
      to use the server certificate until the client certificates
      are created and the candidate map is populated using
      'gnt-cluster renew-crypto --new-node-certificates'.
      
      Note that for updating the master's certificate, a trick
      was necessary. The new certificate is first created under
      a temporary name, then it's digest is updated and
      distributed using the old certificate, because otherwise
      distribution will fail since the nodes don't know the
      new digest yet. Then the certificate is moved to its
      proper location.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      b3cc1646
    • Helga Velroyen's avatar
      Create client SSL certificates on cluster init · 60cc531d
      Helga Velroyen authored
      
      
      This patch makes Ganeti create a client SSL certificate for
      the master node on cluster initialization. Note that some of
      the code in this patch is later moved into an LU to serve
      requirements for crypto renewal and updates, but for this
      point in the patch series it makes sense to add it here.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      60cc531d
  11. 17 Dec, 2013 1 commit
  12. 29 Nov, 2013 1 commit
  13. 26 Nov, 2013 2 commits
  14. 14 Nov, 2013 1 commit
  15. 17 Oct, 2013 1 commit
  16. 09 Oct, 2013 2 commits
    • Helga Velroyen's avatar
      Use 'DTS_LVM' when possible · d48c944b
      Helga Velroyen authored
      
      
      This patch replaces all usages of the utility function
      'GetLvmDiskTemplate' by the new 'DTS_LVM' constant
      to make it consistant with the usage of other DTS_*
      constants.
      
      Additionally, it provides a unit tests to ensure
      consistancy between DTS_LVM and the mapping of disk
      templates and storage types.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      d48c944b
    • Klaus Aehlig's avatar
      If possible, replace symbolic links in place · 645bba3a
      Klaus Aehlig authored
      
      
      Naive 'ln -s -f a b' will put the link inside 'b', if
      'b' is (a symlink to) a directory; so, during upgrades,
      the links in $(sysconfdir) cannot be updated this way.
      Removing and readding works, however leaves the risk
      of the upgrade process dying in that very moment, thus
      leaving 'gnt-cluster' a dangling link, so that the --resume
      option is of no help. On GNU systems, avoid this problem
      by using the -T option of GNU ln.
      Signed-off-by: default avatarKlaus Aehlig <aehlig@google.com>
      Reviewed-by: default avatarHelga Velroyen <helgav@google.com>
      645bba3a
  17. 08 Oct, 2013 3 commits
  18. 07 Oct, 2013 1 commit
  19. 04 Oct, 2013 2 commits
  20. 27 Aug, 2013 5 commits
  21. 06 Aug, 2013 1 commit
  22. 23 Jul, 2013 1 commit
  23. 22 Jul, 2013 1 commit
  24. 18 Jul, 2013 1 commit
  25. 15 Jul, 2013 1 commit
  26. 13 Jun, 2013 1 commit
    • Thomas Thrainer's avatar
      Index nodes by their UUID · 1c3231aa
      Thomas Thrainer authored
      
      
      No longer index nodes by their name but by their UUID in the cluster
      config. This change changes large parts of the code, as the following
      adjustments were necessary:
       * Change the index key to UUID in the configuration and the
         ConfigWriter, including all methods.
       * Change all cross-references to nodes to use UUID's.
       * External interfaces (command line interface, IAllocator interface,
         hook scripts, etc.) are kept stable.
       * RPC-calls can resolve UUID's as target node arguments, if the RPC
         runner is based on a ConfigWriter instance. The result dictionary is
         presented in the form the nodes are addressed: by UUID if UUID's were
         given, or by name if names were given.
       * Node UUID's are resolved in ExpandNames and then stored in the
         OpCode. This allows to check for node renames if the OpCode is
         reloaded after a cluster restart. This check is currently only done
         for single node parameters.
       * Variable names are renamed to follow the following pattern:
         - Suffix is 'node' or 'nodes': Variable holds Node objects
         - Suffix is 'name' or 'names': Variable holds node names
         - Suffix is 'uuid' or 'uuids': Variable holds node UUID's
       * Tests are adapted.
      Signed-off-by: default avatarThomas Thrainer <thomasth@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      1c3231aa
  27. 11 Jun, 2013 1 commit