1. 18 May, 2015 1 commit
  2. 02 Apr, 2015 3 commits
  3. 08 Jan, 2015 1 commit
  4. 15 Oct, 2014 1 commit
  5. 12 Sep, 2014 1 commit
  6. 20 Aug, 2014 1 commit
  7. 18 Aug, 2014 1 commit
    • Klaus Aehlig's avatar
      Verify clean DATA_DIR on cluster init · 3a805689
      Klaus Aehlig authored
      A new Ganeti cluster should not inherit state from a previously existing
      cluster. Therefore, on cluster initialization, verify that no dangerous
      left-overs are present in the DATA_DIR. We cannot, however, insist on
      the DATA_DIR being completely empty, as it is good practice to set up
      the rapi user file ahead of time. What we therefore do is to verify
      that
      - the DATA_DIR, if present, only contains directory entries, and
      - the QUEUE_DIR, if present, is empty.
      Signed-off-by: default avatarKlaus Aehlig <aehlig@google.com>
      Reviewed-by: default avatarPetr Pudlak <pudlak@google.com>
      3a805689
  8. 10 Jun, 2014 1 commit
  9. 03 Jun, 2014 1 commit
  10. 14 May, 2014 1 commit
  11. 13 May, 2014 1 commit
  12. 05 May, 2014 1 commit
  13. 29 Apr, 2014 1 commit
  14. 08 Apr, 2014 1 commit
  15. 27 Mar, 2014 2 commits
    • Petr Pudlak's avatar
      Move master failover code that uses ConfigWriter · ee115038
      Petr Pudlak authored
      .. so that it's in the scope of a running WConfd daemon. This is now
      required as read-only calls invoke WConfd as well.
      Signed-off-by: default avatarPetr Pudlak <pudlak@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      ee115038
    • Petr Pudlak's avatar
      Make configuration per job/thread · f47b32a8
      Petr Pudlak authored
      Previously there was one shared configuration object for all jobs,
      threads and other tasks. This patch creates separate ConfigWrite
      instances for distinct jobs/threads.
      
      All exported methods of ConfigWriter are now wrapped in calls that
      obtain the ConfigLock from WConfD, read the current configuration, and
      optionally write it back to WConfD.
      
      _OpenConfig is now called at each such request (instead of just once at
      the creation time of ConfigWriter). A new method _CloseConfig is added
      that performs the necessary cleanup (saving the configuration, releasing
      the lock).
      
      _UpgradeConfig needs to be called every time a configuration is received
      from WConfd, to fix parts that aren't persisted by the Python code. This
      requires that it doesn't use any methods that acquire locks, and it must
      not save the configuration at the end (unless it's called just after
      creating a ConfigWriter instance in "offline" mode).
      
      The semantics of Update changes slightly. Before it just checked its
      argument existed in the configuration. Now it also checks that the
      its serial number is the same as in the master configuration state, to
      avoid overwriting changes in other threads. This will require fixing all
      calls to Update, in particular to avoid interspersing calls to Update
      and other ConfigWriter methods. In the future, we should aim to
      eliminate Update completely.
      
      All LUs now carry their own instance of ConfigWriter, with their
      corresponding job ID. Other cide that uses ConfigWriter identifies with
      job ID 'None' and thread ID.
      Signed-off-by: default avatarPetr Pudlak <pudlak@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      f47b32a8
  16. 27 Feb, 2014 1 commit
  17. 24 Feb, 2014 1 commit
  18. 14 Feb, 2014 1 commit
    • Helga Velroyen's avatar
      Use node UUID as client certificate serial number · ab4b1cf2
      Helga Velroyen authored
      It turns out, that some implementations of OpenSSL are more
      pedantic in checking the certficates than others. In this
      particular case, the SSL connection could not be
      established when the serial number of the certificates
      was not unique.
      
      To avoid this problem, this patch extends Ganeti's X509
      infrastructure to set the certificate's serial
      number. In case of client certificates, we now use the
      node's UUID as serial number, because the UUIDs are
      assumed to be unique in a cluster. This is however still
      not complying to how SSL was designed to be used, but at
      least it is a lot better than setting every serial number
      to 1, which was used before and is still used for other
      certificates than the client certificate.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      ab4b1cf2
  19. 12 Feb, 2014 1 commit
  20. 07 Feb, 2014 1 commit
  21. 15 Jan, 2014 1 commit
    • Jose A. Lopes's avatar
      Simplify 'GetMasterInfo' RPC · cb8028f3
      Jose A. Lopes authored
      RPC 'GetMasterInfo' returns several fields, namely, 'master_netdev',
      'master_ip', 'master_netmask', 'master_node', and 'primary_ip_family',
      of which only the 'master_node' is actually used.
      
      In this patch:
      * remove all the other fields and keep only the 'master_node' field.
      * rename RPCs, helper functions (e.g., 'master_info' to 'master_node_name')
      * simplify the the voting algorithm code
      Signed-off-by: default avatarJose A. Lopes <jabolopes@google.com>
      Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
      cb8028f3
  22. 20 Dec, 2013 4 commits
    • Helga Velroyen's avatar
      Verify incoming RPCs against candidate map · b3cc1646
      Helga Velroyen authored
      From this patch on, incoming RPC calls are checked against
      the map of valid master candidate certificates. If no map
      is present, the cluster is assumed to be in
      bootstrap/upgrade mode and compares the incoming call
      against the server certificate. This is necessary, because
      neither at cluster initialization nor at upgrades from
      pre-2.11 versions a candidate map is established yet.
      
      After an upgrade, the cluster RPC communication continues
      to use the server certificate until the client certificates
      are created and the candidate map is populated using
      'gnt-cluster renew-crypto --new-node-certificates'.
      
      Note that for updating the master's certificate, a trick
      was necessary. The new certificate is first created under
      a temporary name, then it's digest is updated and
      distributed using the old certificate, because otherwise
      distribution will fail since the nodes don't know the
      new digest yet. Then the certificate is moved to its
      proper location.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      b3cc1646
    • Helga Velroyen's avatar
      Create client SSL certificates on cluster init · 60cc531d
      Helga Velroyen authored
      This patch makes Ganeti create a client SSL certificate for
      the master node on cluster initialization. Note that some of
      the code in this patch is later moved into an LU to serve
      requirements for crypto renewal and updates, but for this
      point in the patch series it makes sense to add it here.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      60cc531d
    • Helga Velroyen's avatar
      Add certificate for master node · 5b6f9e35
      Helga Velroyen authored
      On cluster initialization, the master node's
      SSL certificate digest is added to the list of master
      candidate certificates.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      5b6f9e35
    • Helga Velroyen's avatar
      Add candiate certificate map to configuration · 3bcf2140
      Helga Velroyen authored
      At the end of this patch series, incoming RPC calls are
      legitimized against a map of master candidate nodes'
      SSL certificate digests. This patch adds the map itself
      to the cluster's configuration.
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      3bcf2140
  23. 17 Dec, 2013 3 commits
  24. 29 Nov, 2013 1 commit
  25. 14 Nov, 2013 2 commits
  26. 30 Oct, 2013 1 commit
  27. 27 Aug, 2013 2 commits
  28. 08 Aug, 2013 1 commit
  29. 07 Aug, 2013 1 commit
  30. 29 Jul, 2013 1 commit