Currently, the ganeti-confd's HMAC key is called “cluster HMAC key” or
simply “HMAC key” everywhere. With the implementation of inter-cluster
instance moves, another HMAC key will be introduced for signing critical
data. They can not be the same, so this patch clarifies the purpose of the
“cluster HMAC key” by renaming it. The actual file name is not changed.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

To be consistent with RAPI_CERT_FILE, the rather generic named
“SSL_CERT_FILE” constant is renamed to “NODED_CERT_FILE”. The actual file
name is not changed.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

When using pyOpenSSL 0.7 or above, LUClusterVerify will start to show a
warning 30 days before a certificate expires. 7 days before the
certificate expires, the warning becomes an error. Once expired,
LUVerifyCluster will always report an error. The latter is also supported
with pyOpenSSL 0.6.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

Initially we only support the "user" model (in which the user running
the virtual machine can be specified as an additional parameter).

We use usernames rather than uids in this mode, because the kvm -runas
flag doesn't support uids anyway, and we check the passed username for
validity.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

These constants add two new kvm hypervisor parameters, specifying the
security model (user/pool) and the security domain, within that model.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

Rationale: the file-based storage backend can add/remove files under a
certain directory. However, the master node is also controlling the
setting of the file-based root directory, so basically it means we can't
prevent arbitrary modifications by the master of the node's filesystem.

In order to mitigate this for setups where the file-based storage is not
used, we introduce a new setting at ./configure time, that controls the
enable/disable of file-based storage. Since this is not modifiable by
the master (over RPC), it is now possible in this case to prevent
unintended modifications of the node's filesystem from the master.

The new setting is used in bdev.py to not expose the file-based storage
at all, and in cmdlib.py to prevent attempts at creation of such
instances.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

This patch adds ability to customize ssh config directory with --with-ssh-config-dir
(instead of hardcoded /etc/ssh value). This is useful in Linux distributions with
custom ssh config directories (/etc/openssh in ALTLinux, for example).

Signed-off-by: Vitaly Kuznetsov <vitty@altlinux.ru>
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

This avoids the need for them to be injected in the nbma repository.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

These hooks are run on all nodes, after the "base" daemons are started.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

This function is a generic pythonic version of runparts. We currently
use it in the backend HooksRunner, but we'll use it for running
different directories as well.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

This is a new mode that request a solution for the evacuation of
multiple nodes. The external script will be fed a list of names, and is
expected to return a list of [instance, new_node(s)] lists, detailing
the evacuation path of each instance.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

This patch adds a configure-time parameter that will set the defaults
used by all programs, and command-line parameters in the daemons that
allow overriding it.

Syslog 'yes' enables syslog in addition to file-based logging, 'only'
enables syslog and disables file-based syslog.

The log entries will be of the form:
Jan 27 08:45:04 node2 ganeti-noded[14504]: INFO 172.24.227.5:50850 PUT
/jobqueue_update HTTP/1.0 200
Jan 27 08:45:05 node2 ganeti-noded[14505]: INFO 172.24.227.5:50853 PUT
/lv_list HTTP/1.0 200

and (for a multi-threaded program):
Jan 27 08:51:48 node1 ganeti-masterd[15491]: (MainThread) INFO
ganeti-masterd daemon startup
Jan 27 08:51:49 node1 ganeti-masterd[15491]: (MainThread) INFO
Inspecting job queue

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

Ideally we want to/will have per-device DRBD controls of disk/metadata
flushes. In the meantime, we want at least a disable of the barrier
functionality for cases where one has battery-backed caches.

Background: DRBD has four mechanism of handling ordered disk-writes.
From the drbdsetup man-page, these are: barrier, flush, drain and none.
DRBD prior to 8.2 only has drain and none. This patch makes all 8.x
versions of DRBD disable all methods, and revert to none, in case one
fully trusts batteries (either UPS for the whole system or battery for
NVRAM).

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

This will allow reuse of the same mask for multiple validations.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

This patch adds the 'cache' parameter for KVM; currently this is only
customisable at the hypervisor level, so it's the same for all drives
(except any CDROM image, which gets the default).

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

By allowing also the primary ip field to be fetched directly, we avoid
one more confd lookup, or dns request, to find out which address the
master node lives at.

Signed-off-by: Guido Trotter <ultrotter@google.com>

Change the ClusterMasterQuery to allow a query, and if present accept a
list of fields to be returned. Currently only name and ip are accepted.

This feature will be used by NLD to route the cluster ip over the nbma.

Backwards compatibility is preserved.

Signed-off-by: Guido Trotter <ultrotter@google.com>

The warning will be generated if the clocks diverge by more
than 150 seconds. Due to the way the RPC system works, we
cannot get exact time differences, e.g. if one of the
queried nodes is broken. The comparision is done using a
time window.

Confd queries will fail if the clock on the client and server
are more than 300 seconds from each other. This check helps
keeping at least the nodes of a cluster in sync.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

- Program paths should not be --with-… options (see
  Autoconf docs)
- Simplify checks for escape functionality
- Make SOCAT_USE_ESCAPE variable a bool

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

Currently xen-hvm and kvm use different real time clock by default. To
reduce confusion, this patch adds an optional use_localtime parameter.

If the real time clock on the instance is set to local time, the
parameter use_localtime should be True. The default is False. Note that
the real time clock changes from local to UTC in xen-hvm with the
default parameter.

Signed-off-by: Jun Futagawa <jfut@integ.jp>
Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

Since this is easily configurable at run-time, we remove the
configure-time parameter. If anyone is building custom packages, then
the default can be tweaked by a one-line patch to constants.py.

Note that this also fixes the type of parameter, the default from
_autoconf.py is a string parameter. Shouldn't matter except if a cluster
run code between commit 78411c60 and this one.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

This patch adds support for global hypervisor parameters in instance
creation, instance modification, instance query and at instance load
time.

We basically prevent any query on these parameters, discard them at load
time, and do not allow their modification. Together, this should make
any such parameters go away if existing and not allowed to be added.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

Until now, Ganeti started and stopped its own daemons using custom functions.
To start, the daemon was just executed and then sent the appropriate signals to
stop it again. Init scripts would have to pay attention to the PID file and
other things.

With this patch, a new script is added (“daemon-util”, installed in
$prefix/lib/ganeti/), centralizing the starting and stopping of daemons. The
provided example init script is adjusted to use this new script. Ganeti's code
no longer calls its own init script.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

If this is enabled at configure time, we pass in different parameters to
the socat console, making it a lot more manageable.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

This changes KVM to use HV_MIGRATION_PORT instead of KVM_MIGRATION_PORT
and enables passing the port for Xen migrations.

Since KVM_MIGRATION_PORT is not used anymore, we stop exporting it from
constants.py.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

This parameter will replace the direct use of KVM_MIGRATION_PORT and the
implicit use of the Xen migration port.

While it doesn't make sense to change this at instance level, we don't
have any other infrastructure for cluster-wide hypervisor parameters, so
we add it here (and document that it usually shouldn't be changed on a
per-instance basis).

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

This reverts commit ce0eb669, since it depends
on 37fc2cf5 which will be reverted too.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

If this is enabled at configure time, we pass in different parameters to
the socat console, making it a lot more manageable.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

Since ':' is not a valid character in PV names (for the way Ganeti uses
LVM), we need to check this and warn the user. This patch adds a new
NV_PVLIST cluster verify check and verifies the PV names returned from
the nodes.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

This patch unifies the query fields in the storage framework for all
types. Note that the information is still computed on-demand, so if e.g.
the used disk space is not requested for the ‘file’ type, it won't be
computed on nodes.

Summary of changes:
- improve the LVM storage type to support multiple lvm fields in the
  LIST_FIELDS declaration and constant (not-computed via lvm commands)
  fields
- rename utils.GetFilesystemFreeSpace to utils.GetFilesystemStats
  returning tuple of (total, free)
- add used and free as valid fields for lvm-vg (use being computed as
  vg_size-vg_free)
- make allocatable accepted for all types (ones which are always
  allocatable always return True)
- add a new list field ‘type’ that gives the current selected type; not
  much useful today (except for understanding what the default output
  is) but in the future might help if we want to list multiple types
- add type, size and allocatable to the default output field list
- update the man page with details on how, for file storage, size ≠ used
  + free for non-mountpoint cases

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

In 95b487bb we changed InstanceIpToNodePrimaryIpQuery to be able to query
multiple instances at once. We also need to be able to query ips
belonging to a specific nic link, so what we do is:

1) Move the "query" argument to a dict, containing different fields
2) Explicit the "query for a single ip" or "query for a list" options.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

This patch adds checks for /proc and /sys in cluster verify, since
Ganeti relies on these special filesystems to be mounted.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

It reflects the "current" two minutes we give to the instance.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Olivier Tharan <olive@google.com>

The slot will contain a list of variants, and the variants file constant
contains the file in the os dir which is supposed to hold the list.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Olivier Tharan <olive@google.com>

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Olivier Tharan <olive@google.com>

This patch adds three optional parameters:
  - 'use_bootloader', whether use or not the bootloader
  - 'bootloader_path', absolute path to the bootloader
  - 'bootloader_args', extra arguments to the bootloader

Syntax:
  gnt-cluster modify --hypervisor-parameters \
    xen-pvm:bootloader_path=/usr/bin/pygrub,use_bootloader=False
  gnt-instance modify -H use_bootloader=True instance1.example.com

If use_bootloader is True, each domU can boot with its own kernel
instead of using the dom0 kernel.

Signed-off-by: Jun Futagawa <jfut@integ.jp>
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: ultortter