-
Helga Velroyen authored
* stable-2.12 Handle SSL setup when downgrading Write SSH ports to ssconf files Noded: Consider certificate chain in callback Cluster-keys-replacement: update documentation Backend: Use timestamp as serial no for server cert UPGRADE: add note about 2.12.5 NEWS: Mention issue 1094 man: mention changes in renew-crypto Verify: warn about self-signed client certs Bootstrap: validate SSL setup before starting noded Clean up configuration of curl request Renew-crypto: remove superflous copying of node certs Renew-crypto: propagate verbose and debug option Noded: log the certificate and digest on noded startup QA: reload rapi cert after renew crypto Prepare-node-join: use common functions Renew-crypto: remove dead code Init: add master client certificate to configuration Renew-crypto: rebuild digest map of all nodes Noded: make "bootstrap" a constant node-daemon-setup: generate client certificate tools: Move (Re)GenerateClientCert to common Renew cluster and client certificates together Init: create the master's client cert in bootstrap Renew client certs using ssl_update tool Run functions while (some) daemons are stopped Back up old client.pem files Introduce ssl_update tool x509 function for creating signed certs Add tools/common.py from 2.13 Consider ECDSA in SSH setup Update documentation of watcher and RAPI daemon Watcher: add option for setting RAPI IP When connecting to Metad fails, log the full stack trace Set up the Metad client with allow_non_master Set up the configuration client properly on non-masters Add the 'allow_non_master' option to the WConfd RPC client Add the option to disable master checks to the RPC client Add 'allow_non_master' to the Luxi test transport class too Add 'allow_non_master' to FdTransport for compatibility Properly document all constructor arguments of Transport Allow the Transport class to be used for non-master nodes Don't define the set of all daemons twice Conflicts: Makefile.am NEWS UPGRADE lib/client/gnt_cluster.py lib/cmdlib/cluster.py lib/tools/common.py lib/tools/prepare_node_join.py lib/watcher/__init__.py man/ganeti-watcher.rst src/Ganeti/OpCodes.hs test/hs/Test/Ganeti/OpCodes.hs test/py/cmdlib/cluster_unittest.py test/py/ganeti.tools.prepare_node_join_unittest.py tools/cfgupgrade Resolutions: Makefile.am: add ssl_update and ssh_update NEWS: add new sections from 2.12 and 2.13 UPGRADE: add notes for both 2.12 and 2.13 lib/client/gnt_cluster.py: add all new options to RenewCluster, remove version-specific downgrade code lib/tools/common.py: split the two mismatching versions of _VerifyCertificate and VerifyCertificate up into [_]VerifyCertifcate{Soft,Strong} and update usages accordingly lib/tools/prepare_node_join.py update usage of correct VerifyCertificate function lib/watcher/__init__.py add both new options, --rapi-ip and --no-verify-disks man/ganeti-watcher.rst update docs for both new options (see above) src/Ganeti/OpCodes.hs add all new options to OpRenewCrypto test/hs/Test/Ganeti/OpCodes.hs add enough 'arbitrary' for all new options of OpRenewCrypto test/py/cmdlib/cluster_unittest.py use changes from 2.12 test/py/ganeti.tools.prepare_node_join_unittest.py remove tests that were moved to common_unittest.py tools/cfgupgrade use only downgrade code of 2.13 Signed-off-by: Helga Velroyen <helgav@google.com> Reviewed-by: Petr Pudlak <pudlak@google.com>
7f1ac87a