- 13 Jul, 2015 4 commits
-
-
Petr Pudlak authored
Signed-off-by:
Petr Pudlak <pudlak@google.com> Reviewed-by:
Hrvoje Ribicic <riba@google.com>
-
Petr Pudlak authored
... mentioning all the changes. Signed-off-by:
Petr Pudlak <pudlak@google.com> Reviewed-by:
Hrvoje Ribicic <riba@google.com>
-
Hrvoje Ribicic authored
The Xen documentation in install.rst was out of date, describing xm-specific changes at the point where 2.12 is mostly used with xl. This patch removes xm-specific migration steps, references the official Xen wiki instead of replicating information from it, removes the VNC setup settings that are outdated for xl and probably for xm, and slightly rewrites the documentation. Signed-off-by:
Hrvoje Ribicic <riba@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Hrvoje Ribicic authored
... depending on which toolstack is used. Signed-off-by:
Hrvoje Ribicic <riba@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
- 08 Jul, 2015 2 commits
-
-
Klaus Aehlig authored
* stable-2.11 Fix capitalization of TestCase Trigger renew-crypto on downgrade to 2.11 Conflicts: tools/post-upgrade: use 2.12 condition on when to run the hook Signed-off-by:
Klaus Aehlig <aehlig@google.com> Reviewed-by:
Petr Pudlak <pudlak@google.com>
-
Klaus Aehlig authored
This tools was recently added, but not added to .gitignore. Do so now. Signed-off-by:
Klaus Aehlig <aehlig@google.com> Reviewed-by:
Helga Velroyen <helgav@google.com>
-
- 07 Jul, 2015 4 commits
-
-
Helga Velroyen authored
During 'gnt-cluster renew-crypto --new-cluster-certificate' or '... --new-node-certficates' all daemons are shutdown, except for wconfd and noded. So far, noded was not shutdown on all nodes, although it is only necessary on the master. This patch makes sure that the 'exclude_daemons' flag only applies to the master, as all interesting operations will only need them there. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Petr Pudlak <pudlak@google.com>
-
Helga Velroyen authored
This patch fixes a little glitch where the Ganeti daemons were stopped and started unnecessarily if only the cluster certficate was renewed but nothing else. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Petr Pudlak <pudlak@google.com>
-
Hrvoje Ribicic authored
This patch adds a few tests that make sure the state is handled properly, using examples taken from a running cluster. Signed-off-by:
Hrvoje Ribicic <riba@google.com> Reviewed-by:
Helga Velroyen <helgav@google.com>
-
Hrvoje Ribicic authored
Whenever an instance would enter the crashed state due to kernel issues or other horrible problems, Ganeti would not be able to interpret the data and would report strange and incomprehensible errors. This patch fixes this by adding proper handling for the "crashed" state. Signed-off-by:
Hrvoje Ribicic <riba@google.com> Reviewed-by:
Helga Velroyen <helgav@google.com>
-
- 06 Jul, 2015 30 commits
-
-
Helga Velroyen authored
This patch will handle the downgrade of the SSL setup from 2.12 to 2.11. Essentially, all client.pem and ssconf_master_candidates_certs files will be deleted. This will kick the cluster in a pre-2.11 mode wrt to SSL and result in a nagging message to re-run 'gnt-cluster renew-crypto' when as output of 'gnt-cluster verify'. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Petr Pudlak <pudlak@google.com>
-
Helga Velroyen authored
For the downgrading of the SSL setup from 2.12 to 2.11, we need to be able to SSH into machines while no daemons are running. Unfortunately currently the only way to obtain custom-configured SSH ports is by queries. In order to access this information with daemons being shutdown, this patch adds the SSH port information to an ssconf file. This will also be used to simplify some backend calls for the *SSH* handling in 2.13. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Petr Pudlak <pudlak@google.com>
-
Helga Velroyen authored
This patch significantly changes the callback that is called upon receiving an incoming SSL connection. Since this callback is called not only with the certificate that the client sends, but also (in some implementations) with the entire certificate chain of the client certificate. In our case, the certficate chain contains the client certificate and the server certificate as the one that signed the client certificate. This means that we have to accept the server certificate, but only if we receive it with the 'depth' greater than 0, meaning that this is part of the chain and not the actual certificate. If the depth value is 0, we can be sure to have received the actual certficate and match it against the list of master candidate certificates as before. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch updates the cluster-keys-replacement document which assists user about how to replace the crypto keys for their cluster. This now reflects the changes wrt server/client certificates. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
So far, all of Ganeti's server certificates had the serial number '1'. While this works, it makes it hard to distinguish situations where the certificate is renewed from those where it wasn't. This patch uses a timestamp as serial number. While this is still not stricly according to the SSL RFC, it is at least a number that is stricly growing and we can be sure that no two different server certificates will have the same serial number. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch adds comments to the upgrade documentation to advise users to rerun renew-crypto if they update to 2.12.5. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch updates the NEWS file to advise users to rerun renew-crypto after an update to 2.12.5. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This updates the gnt-cluster man page wrt to the changes about server and client certificates and how they affect the operation 'gnt-cluster renew-crypto'. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
Since from this patch series on, there should be no self-sigend certificates in a cluster anymore, add a warning to cluster-verify to nag people to renew their certificates. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch adds a few checks which ensure that all files necessary for proper SSL communication are in place before noded is started on the master node. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This is a small patch cleaning up some thing in the composition of the pycurl object for RPC calls. For example, it removes some superfluous 'str' and increases the logging level to warning when the server cert is used. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
Since now the server certificates are copied in their own dedicated function, remove adding their file name in the general function for renewing crypto tokens. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch enables the user to add --debug and/or --verbose to the call of 'renew-crypto'. This way, more output is shown to debug SSL problems easier. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch adds logging of the filename and the digest of the certificate which is loaded by noded on startup. This will help debugging SSL problems as it will make clear whether or not the noded is still using a stale/replaced/old server certificate after a renewal. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
When running the QA, we copy the rapi certficate to the machine which steers the QA to use it later in the QA for testing RAPI calls. However, before we get to that part of the QA, the rapi certificate is replaced when 'gnt-renew crypto' is called. This patch makes sure that the new rapi certificate is copied to the steering machine so that later RAPI calls do not fail. It remains mysterious how this worked before. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch makes prepare_node_join use some of the functions that were moved to tools/common.py. The respective unittests are removed, because they are already tested in common_unittest.py. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch removes the code for renewing the master nodes' client certificate using SSL. This is no longer needed, as the master nodes' certificate is created in gnt_cluster.py already. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch adds a few steps to bootstrap.py. After the creation of the server (cluster) certificate and the master node's client certificate, the digest of that client certificate is added to the configuration and by an update of the configuraiton written to the ssconf_master_candidates_certs file. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
During a renew-crypto operation, all nodes will create new client certificates. Afterwards, the fingerprints (digests) of the master candidate nodes needs to be collected and added to the configuration. This is done by an RPC call, which will succeed as the master node's certficate digest was propagated to the nodes before. This also removes two unittest which are no longer necessary, because there will be no RPC call from the master to itself anymore. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
Noded uses the constant "bootstrap" when starting without client certificates. This patch moves the constant to Constants.hs. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
So far, the client certificate of a node that is added to the cluster was created in LUNodeAdd using an RPC call. This is now simplified by creating the certificate already in tools/node_daemon_setup.py and only retrieving its fingerprint by RPC to add it to the configuration. This simplifies the backend function from only reading the fingerprint instead of creating the certificate. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
So far the generation of client certificates was only called from ssl_update.py used in when calling 'gnt-cluster renew-crypto'. This patch moves the function from ssl_update.py to tools/common.py, because it will also be needed by prepare_node_join.py when adding nodes (see next patch in the series). Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
So far, the cluster certificate and the individual node certificate could be renewed independent of each other. This is no longer possible, because when renewing the server certificate, all node certificates need to be renewed as well, because they are signed by the server certificate. This patch couples the two operations together. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch extends bootstrap.py to not only create the cluster certificate but also the master node's client certificate. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
This patch integrates renewing the client certificate of non-master nodes using the new ssl_update tool. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
For the new renew-crypto operation, we need to run functions while most of the daemons are stopped, except for WConfd. This refactors our code a bit and generalizes the method that runs functions while *all* daemons are stopped to one that accepts a list of daemons to not be stopped. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
For post-mortems, let's make a backup of the client certificate before renewing them. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
In order to renew client certificates via SSH (rather than on the fly via SSL as it was before), we need a new tool which can be called on remote nodes via SSH. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
So far, all our SSL certficates were self-signed. As from this patch series on client certificates will be signed by the cluster certificate, we need a utility function for creation of not self-signed certificates. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-
Helga Velroyen authored
We will need some functions from tools/common.py, which are only present from 2.13 on. Unfortunately there were not clear commits for that, so cherry-picking is not an option. This patch simply copies the file and one has to be careful with the next merge. Signed-off-by:
Helga Velroyen <helgav@google.com> Reviewed-by:
Klaus Aehlig <aehlig@google.com>
-