1. 13 Feb, 2014 1 commit
  2. 12 Feb, 2014 3 commits
  3. 06 Feb, 2014 1 commit
  4. 24 Jan, 2014 1 commit
    • Helga Velroyen's avatar
      Disabling client certificate usage · 45f75526
      Helga Velroyen authored
      
      
      This patch temporarily disables the usage of the client
      SSL certificates. The handling of RPC connections had a
      conceptional flaw, because the certificates lack a proper
      signature. For this, Ganeti needs to implement a CA,
      which is already designed (see design-x509-ca.rst) but
      not implemented yet. This patch keeps most of the
      client certificate infrastructure intact which was already
      created and and can be reused, but just disables the
      actual usage of the certificates in RPC calls till the CA
      is in place.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      45f75526
  5. 16 Jan, 2014 2 commits
  6. 13 Jan, 2014 1 commit
  7. 10 Jan, 2014 1 commit
  8. 09 Jan, 2014 1 commit
  9. 08 Jan, 2014 1 commit
  10. 20 Dec, 2013 2 commits
    • Helga Velroyen's avatar
      Verify incoming RPCs against candidate map · b3cc1646
      Helga Velroyen authored
      
      
      From this patch on, incoming RPC calls are checked against
      the map of valid master candidate certificates. If no map
      is present, the cluster is assumed to be in
      bootstrap/upgrade mode and compares the incoming call
      against the server certificate. This is necessary, because
      neither at cluster initialization nor at upgrades from
      pre-2.11 versions a candidate map is established yet.
      
      After an upgrade, the cluster RPC communication continues
      to use the server certificate until the client certificates
      are created and the candidate map is populated using
      'gnt-cluster renew-crypto --new-node-certificates'.
      
      Note that for updating the master's certificate, a trick
      was necessary. The new certificate is first created under
      a temporary name, then it's digest is updated and
      distributed using the old certificate, because otherwise
      distribution will fail since the nodes don't know the
      new digest yet. Then the certificate is moved to its
      proper location.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      b3cc1646
    • Helga Velroyen's avatar
      Create client SSL certificates on cluster init · 60cc531d
      Helga Velroyen authored
      
      
      This patch makes Ganeti create a client SSL certificate for
      the master node on cluster initialization. Note that some of
      the code in this patch is later moved into an LU to serve
      requirements for crypto renewal and updates, but for this
      point in the patch series it makes sense to add it here.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      60cc531d
  11. 03 Dec, 2013 1 commit
  12. 02 Dec, 2013 1 commit
  13. 29 Nov, 2013 1 commit
  14. 25 Nov, 2013 1 commit
  15. 18 Nov, 2013 2 commits
  16. 14 Nov, 2013 2 commits
  17. 11 Nov, 2013 1 commit
  18. 04 Nov, 2013 1 commit
    • Jose A. Lopes's avatar
      Prepare constants for automatic reexport · ba174485
      Jose A. Lopes authored
      
      
      * separate constants and non-constants in 'lib/constants.py' to make
        it simple to replace their re-export definitions with a single
        re-export statement at the begining of the module
      
      * fix access 'CONFD_REQFIELD_*' related constants in
        'tools/confd-client' to convert them to 'String', rather then doing
        it in 'lib/constants.py' in order to allow the replacement of the
        re-export definitions with a single re-export statement
      Signed-off-by: default avatarJose A. Lopes <jabolopes@google.com>
      Reviewed-by: default avatarMichele Tartara <mtartara@google.com>
      ba174485
  19. 29 Oct, 2013 1 commit
  20. 16 Oct, 2013 1 commit
  21. 15 Oct, 2013 1 commit
  22. 08 Oct, 2013 2 commits
  23. 07 Oct, 2013 3 commits
  24. 25 Sep, 2013 1 commit
    • Jose A. Lopes's avatar
      Move 'BuildVersion' to 'lib/utils/version.py' · effc1b86
      Jose A. Lopes authored
      
      
      Functions 'BuildVersion' and 'SplitVersion' are no longer needed by
      the constants and, given that they are not constants, they should be
      moved elsewhere.  Since they are only used by 'cfgupgrade' and tests,
      these functions are moved to 'lib/utils/version.py' and references to
      them updated.  Note that in 'lib/server/masterd.py', local variable
      'version' is renamed 'ver' to avoid redefining the import
      'ganeti.utils.version'.
      Signed-off-by: default avatarJose A. Lopes <jabolopes@google.com>
      Reviewed-by: default avatarThomas Thrainer <thomasth@google.com>
      effc1b86
  25. 24 Sep, 2013 2 commits
  26. 20 Sep, 2013 2 commits
  27. 18 Sep, 2013 1 commit
  28. 11 Sep, 2013 1 commit
  29. 09 Sep, 2013 1 commit