Skip to content
  • Helga Velroyen's avatar
    Merge branch 'stable-2.12' into stable-2.13 · 7f1ac87a
    Helga Velroyen authored
    
    
    * stable-2.12
      Handle SSL setup when downgrading
      Write SSH ports to ssconf files
      Noded: Consider certificate chain in callback
      Cluster-keys-replacement: update documentation
      Backend: Use timestamp as serial no for server cert
      UPGRADE: add note about 2.12.5
      NEWS: Mention issue 1094
      man: mention changes in renew-crypto
      Verify: warn about self-signed client certs
      Bootstrap: validate SSL setup before starting noded
      Clean up configuration of curl request
      Renew-crypto: remove superflous copying of node certs
      Renew-crypto: propagate verbose and debug option
      Noded: log the certificate and digest on noded startup
      QA: reload rapi cert after renew crypto
      Prepare-node-join: use common functions
      Renew-crypto: remove dead code
      Init: add master client certificate to configuration
      Renew-crypto: rebuild digest map of all nodes
      Noded: make "bootstrap" a constant
      node-daemon-setup: generate client certificate
      tools: Move (Re)GenerateClientCert to common
      Renew cluster and client certificates together
      Init: create the master's client cert in bootstrap
      Renew client certs using ssl_update tool
      Run functions while (some) daemons are stopped
      Back up old client.pem files
      Introduce ssl_update tool
      x509 function for creating signed certs
      Add tools/common.py from 2.13
      Consider ECDSA in SSH setup
      Update documentation of watcher and RAPI daemon
      Watcher: add option for setting RAPI IP
      When connecting to Metad fails, log the full stack trace
      Set up the Metad client with allow_non_master
      Set up the configuration client properly on non-masters
      Add the 'allow_non_master' option to the WConfd RPC client
      Add the option to disable master checks to the RPC client
      Add 'allow_non_master' to the Luxi test transport class too
      Add 'allow_non_master' to FdTransport for compatibility
      Properly document all constructor arguments of Transport
      Allow the Transport class to be used for non-master nodes
      Don't define the set of all daemons twice
    
    Conflicts:
      Makefile.am
      NEWS
      UPGRADE
      lib/client/gnt_cluster.py
      lib/cmdlib/cluster.py
      lib/tools/common.py
      lib/tools/prepare_node_join.py
      lib/watcher/__init__.py
      man/ganeti-watcher.rst
      src/Ganeti/OpCodes.hs
      test/hs/Test/Ganeti/OpCodes.hs
      test/py/cmdlib/cluster_unittest.py
      test/py/ganeti.tools.prepare_node_join_unittest.py
      tools/cfgupgrade
    
    Resolutions:
      Makefile.am:
        add ssl_update and ssh_update
      NEWS:
        add new sections from 2.12 and 2.13
      UPGRADE:
        add notes for both 2.12 and 2.13
      lib/client/gnt_cluster.py:
        add all new options to RenewCluster, remove version-specific
        downgrade code
      lib/tools/common.py:
        split the two mismatching versions of _VerifyCertificate
        and VerifyCertificate up into [_]VerifyCertifcate{Soft,Strong}
        and update usages accordingly
      lib/tools/prepare_node_join.py
        update usage of correct VerifyCertificate function
      lib/watcher/__init__.py
        add both new options, --rapi-ip and --no-verify-disks
      man/ganeti-watcher.rst
        update docs for both new options (see above)
      src/Ganeti/OpCodes.hs
        add all new options to OpRenewCrypto
      test/hs/Test/Ganeti/OpCodes.hs
        add enough 'arbitrary' for all new options of OpRenewCrypto
      test/py/cmdlib/cluster_unittest.py
        use changes from 2.12
      test/py/ganeti.tools.prepare_node_join_unittest.py
        remove tests that were moved to common_unittest.py
      tools/cfgupgrade
        use only downgrade code of 2.13
    
    Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
    Reviewed-by: default avatarPetr Pudlak <pudlak@google.com>
    7f1ac87a