1. 08 Jul, 2015 40 commits
  2. 07 Jul, 2015 40 commits
    • Helga Velroyen's avatar
      Use 'exclude_daemons' option for master only · 7f744f12
      Helga Velroyen authored
      During 'gnt-cluster renew-crypto --new-cluster-certificate'
      or '... --new-node-certficates' all daemons are shutdown,
      except for wconfd and noded. So far, noded was not shutdown
      on all nodes, although it is only necessary on the master.
      This patch makes sure that the 'exclude_daemons' flag only
      applies to the master, as all interesting operations will
      only need them there.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarPetr Pudlak <pudlak@google.com>
      7f744f12
    • Helga Velroyen's avatar
      Disable superfluous restarting of daemons · 61746d7c
      Helga Velroyen authored
      This patch fixes a little glitch where the Ganeti
      daemons were stopped and started unnecessarily if
      only the cluster certficate was renewed but nothing
      else.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarPetr Pudlak <pudlak@google.com>
      61746d7c
    • Hrvoje Ribicic's avatar
      Add tests exercising the "crashed" state handling · be352629
      Hrvoje Ribicic authored
      This patch adds a few tests that make sure the state is handled
      properly, using examples taken from a running cluster.
      Signed-off-by: default avatarHrvoje Ribicic <riba@google.com>
      Reviewed-by: default avatarHelga Velroyen <helgav@google.com>
      be352629
    • Hrvoje Ribicic's avatar
      Add proper handling of the "crashed" Xen state · 6611a81a
      Hrvoje Ribicic authored
      Whenever an instance would enter the crashed state due to kernel issues
      or other horrible problems, Ganeti would not be able to interpret the
      data and would report strange and incomprehensible errors. This patch
      fixes this by adding proper handling for the "crashed" state.
      Signed-off-by: default avatarHrvoje Ribicic <riba@google.com>
      Reviewed-by: default avatarHelga Velroyen <helgav@google.com>
      6611a81a
    • Helga Velroyen's avatar
      Merge branch 'stable-2.12' into stable-2.13 · 7f1ac87a
      Helga Velroyen authored
      * stable-2.12
        Handle SSL setup when downgrading
        Write SSH ports to ssconf files
        Noded: Consider certificate chain in callback
        Cluster-keys-replacement: update documentation
        Backend: Use timestamp as serial no for server cert
        UPGRADE: add note about 2.12.5
        NEWS: Mention issue 1094
        man: mention changes in renew-crypto
        Verify: warn about self-signed client certs
        Bootstrap: validate SSL setup before starting noded
        Clean up configuration of curl request
        Renew-crypto: remove superflous copying of node certs
        Renew-crypto: propagate verbose and debug option
        Noded: log the certificate and digest on noded startup
        QA: reload rapi cert after renew crypto
        Prepare-node-join: use common functions
        Renew-crypto: remove dead code
        Init: add master client certificate to configuration
        Renew-crypto: rebuild digest map of all nodes
        Noded: make "bootstrap" a constant
        node-daemon-setup: generate client certificate
        tools: Move (Re)GenerateClientCert to common
        Renew cluster and client certificates together
        Init: create the master's client cert in bootstrap
        Renew client certs using ssl_update tool
        Run functions while (some) daemons are stopped
        Back up old client.pem files
        Introduce ssl_update tool
        x509 function for creating signed certs
        Add tools/common.py from 2.13
        Consider ECDSA in SSH setup
        Update documentation of watcher and RAPI daemon
        Watcher: add option for setting RAPI IP
        When connecting to Metad fails, log the full stack trace
        Set up the Metad client with allow_non_master
        Set up the configuration client properly on non-masters
        Add the 'allow_non_master' option to the WConfd RPC client
        Add the option to disable master checks to the RPC client
        Add 'allow_non_master' to the Luxi test transport class too
        Add 'allow_non_master' to FdTransport for compatibility
        Properly document all constructor arguments of Transport
        Allow the Transport class to be used for non-master nodes
        Don't define the set of all daemons twice
      
      Conflicts:
        Makefile.am
        NEWS
        UPGRADE
        lib/client/gnt_cluster.py
        lib/cmdlib/cluster.py
        lib/tools/common.py
        lib/tools/prepare_node_join.py
        lib/watcher/__init__.py
        man/ganeti-watcher.rst
        src/Ganeti/OpCodes.hs
        test/hs/Test/Ganeti/OpCodes.hs
        test/py/cmdlib/cluster_unittest.py
        test/py/ganeti.tools.prepare_node_join_unittest.py
        tools/cfgupgrade
      
      Resolutions:
        Makefile.am:
          add ssl_update and ssh_update
        NEWS:
          add new sections from 2.12 and 2.13
        UPGRADE:
          add notes for both 2.12 and 2.13
        lib/client/gnt_cluster.py:
          add all new options to RenewCluster, remove version-specific
          downgrade code
        lib/tools/common.py:
          split the two mismatching versions of _VerifyCertificate
          and VerifyCertificate up into [_]VerifyCertifcate{Soft,Strong}
          and update usages accordingly
        lib/tools/prepare_node_join.py
          update usage of correct VerifyCertificate function
        lib/watcher/__init__.py
          add both new options, --rapi-ip and --no-verify-disks
        man/ganeti-watcher.rst
          update docs for both new options (see above)
        src/Ganeti/OpCodes.hs
          add all new options to OpRenewCrypto
        test/hs/Test/Ganeti/OpCodes.hs
          add enough 'arbitrary' for all new options of OpRenewCrypto
        test/py/cmdlib/cluster_unittest.py
          use changes from 2.12
        test/py/ganeti.tools.prepare_node_join_unittest.py
          remove tests that were moved to common_unittest.py
        tools/cfgupgrade
          use only downgrade code of 2.13
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarPetr Pudlak <pudlak@google.com>
      7f1ac87a
  3. 06 Jul, 2015 40 commits