1. 11 Jul, 2014 1 commit
  2. 10 Jun, 2014 1 commit
  3. 14 Feb, 2014 1 commit
  4. 24 Jan, 2014 1 commit
    • Helga Velroyen's avatar
      Disabling client certificate usage · 45f75526
      Helga Velroyen authored
      This patch temporarily disables the usage of the client
      SSL certificates. The handling of RPC connections had a
      conceptional flaw, because the certificates lack a proper
      signature. For this, Ganeti needs to implement a CA,
      which is already designed (see design-x509-ca.rst) but
      not implemented yet. This patch keeps most of the
      client certificate infrastructure intact which was already
      created and and can be reused, but just disables the
      actual usage of the certificates in RPC calls till the CA
      is in place.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      45f75526
  5. 20 Dec, 2013 1 commit
    • Helga Velroyen's avatar
      Verify incoming RPCs against candidate map · b3cc1646
      Helga Velroyen authored
      From this patch on, incoming RPC calls are checked against
      the map of valid master candidate certificates. If no map
      is present, the cluster is assumed to be in
      bootstrap/upgrade mode and compares the incoming call
      against the server certificate. This is necessary, because
      neither at cluster initialization nor at upgrades from
      pre-2.11 versions a candidate map is established yet.
      
      After an upgrade, the cluster RPC communication continues
      to use the server certificate until the client certificates
      are created and the candidate map is populated using
      'gnt-cluster renew-crypto --new-node-certificates'.
      
      Note that for updating the master's certificate, a trick
      was necessary. The new certificate is first created under
      a temporary name, then it's digest is updated and
      distributed using the old certificate, because otherwise
      distribution will fail since the nodes don't know the
      new digest yet. Then the certificate is moved to its
      proper location.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      b3cc1646
  6. 17 Dec, 2013 1 commit
  7. 29 Nov, 2013 1 commit
  8. 09 Oct, 2013 1 commit
  9. 04 Oct, 2013 1 commit
  10. 02 Oct, 2013 1 commit
  11. 08 Aug, 2013 1 commit
  12. 29 Jul, 2013 2 commits
  13. 23 Jul, 2013 1 commit
  14. 15 Jul, 2013 1 commit
  15. 03 Jul, 2013 2 commits
  16. 11 Jun, 2013 1 commit
  17. 04 Jun, 2013 1 commit
  18. 28 May, 2013 1 commit
  19. 29 Apr, 2013 1 commit
  20. 26 Apr, 2013 2 commits
  21. 24 Apr, 2013 4 commits
  22. 23 Apr, 2013 1 commit
  23. 18 Apr, 2013 2 commits
  24. 11 Apr, 2013 1 commit
  25. 18 Jan, 2013 1 commit
  26. 10 Jan, 2013 1 commit
  27. 09 Jan, 2013 1 commit
  28. 08 Jan, 2013 1 commit
  29. 20 Dec, 2012 1 commit
  30. 14 Dec, 2012 2 commits
  31. 05 Dec, 2012 1 commit
  32. 04 Dec, 2012 1 commit