Commit 12f7d6e1 authored by Klaus Aehlig's avatar Klaus Aehlig

Merge branch 'stable-2.15' into stable-2.16

* stable-2.15
  (no changes)

* stable-2.14
  Do not version generate file tools/ssl-update
  Revision bump for 2.14.1
  Update NEWS for 2.14.1

* stable-2.13
  NEWS: move 2.13.0 beta/rc to their place
  Document data collector options
  Correct NEWS file entry
  Revision bump for 2.13.2
  Update the NEWS file for 2.13.2

* stable-2.12
  Bugfix in checkInstanceMove function in Cluster.hs
  Revision bump for 2.12.5
  Update the NEWS file for 2.12.5
  Update Xen documentation in install.rst
  Clarify need for the migration_port Xen param
Signed-off-by: 's avatarKlaus Aehlig <aehlig@google.com>
Reviewed-by: 's avatarHelga Velroyen <helgav@google.com>
parents b5b33f94 f616b879
......@@ -70,6 +70,37 @@ This was the second beta release in the 2.15 series. All important changes
are listed in the latest 2.15 entry.
Version 2.14.1
--------------
*(Released Fri, 10 Jul 2015)*
Incompatible/important changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- The SSH security changes reduced the number of nodes which can SSH into
other nodes. Unfortunately enough, the Ganeti implementation of migration
for the xl stack of Xen required SSH to be able to migrate the instance,
leading to a situation where full movement of an instance around the cluster
was not possible. This version fixes the issue by using socat to transfer
instance data. While socat is less secure than SSH, it is about as secure as
xm migrations, and occurs over the secondary network if present. As a
consequence of this change, Xen instance migrations using xl cannot occur
between nodes running 2.14.0 and 2.14.1.
- This release contains a fix for the problem that different encodings in
SSL certificates can break RPC communication (issue 1094). The fix makes
it necessary to rerun 'gnt-cluster renew-crypto --new-node-certificates'
after the cluster is fully upgraded to 2.14.1
Other Changes
~~~~~~~~~~~~~
- The ``htools`` now properly work also on shared-storage clusters.
- Instance moves now work properly also for the plain disk template.
- Filter-evaluation for run-time data filter was fixed (issue 1100).
- Various improvements to the documentation have been added.
Version 2.14.0
--------------
......@@ -187,6 +218,40 @@ This was the first beta release of the 2.14 series. All important changes
are listed in the latest 2.14 entry.
Version 2.13.2
--------------
*(Released Mon, 13 Jul 2015)*
Incompatible/important changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- This release contains a fix for the problem that different encodings in
SSL certificates can break RPC communication (issue 1094). The fix makes
it necessary to rerun 'gnt-cluster renew-crypto --new-node-certificates'
after the cluster is fully upgraded to 2.13.2
Other fixes and known issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Inherited from 2.12:
- Fixed Issue #1115: Race between starting WConfD and updating the config
- Fixed Issue #1114: Binding RAPI to a specific IP makes the watcher
restart the RAPI
- Fixed Issue #1100: Filter-evaluation for run-time data filter
- Better handling of the "crashed" Xen state
- The watcher can be instructed to skip disk verification
- Reduce amount of logging on successful requests
- Prevent multiple communication NICs being created for instances
- The ``htools`` now properly work also on shared-storage clusters
- Instance moves now work properly also for the plain disk template
- Various improvements to the documentation have been added
Known issues:
- Issue #1104: gnt-backup: dh key too small
Version 2.13.1
--------------
......@@ -300,6 +365,75 @@ Fixes inherited from the 2.12 branch:
- Refuse to demote master from master capability (issue 1023)
Version 2.13.0 rc1
------------------
*(Released Wed, 25 Mar 2015)*
This was the first release candidate of the 2.13 series.
All important changes are listed in the latest 2.13 entry.
Since 2.13.0 beta1
~~~~~~~~~~~~~~~~~~
The following issues have been fixed:
- Issue 1018: Cluster init (and possibly other jobs) occasionally fail to start
Version 2.13.0 beta1
--------------------
*(Released Wed, 14 Jan 2015)*
This was the first beta release of the 2.13 series. All important changes
are listed in the latest 2.13 entry.
Version 2.12.5
--------------
*(Released Mon, 13 Jul 2015)*
Incompatible/important changes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- This release contains a fix for the problem that different encodings in
SSL certificates can break RPC communication (issue 1094). The fix makes
it necessary to rerun 'gnt-cluster renew-crypto --new-node-certificates'
after the cluster is fully upgraded to 2.12.5.
Fixed and improvements
~~~~~~~~~~~~~~~~~~~~~~
- Fixed Issue #1030: GlusterFS support breaks at upgrade to 2.12 -
switches back to shared-file
- Fixed Issue #1094 (see the notice in Incompatible/important changes):
Differences in encodings of SSL certificates can render a cluster
uncommunicative after a master-failover
- Fixed Issue #1098: Support for ECDSA SSH keys
- Fixed Issue #1100: Filter-evaluation for run-time data filter
- Fixed Issue #1101: Modifying the storage directory for the shared-file
disk template doesn't work
- Fixed Issue #1108: Spurious "NIC name already used" errors during
instance creation
- Fixed Issue #1114: Binding RAPI to a specific IP makes the watcher
restart the RAPI
- Fixed Issue #1115: Race between starting WConfD and updating the config
- Better handling of the "crashed" Xen state
- The ``htools`` now properly work also on shared-storage clusters
- Various improvements to the documentation have been added
Inherited from the 2.11 branch:
- Fixed Issue #1113: Reduce amount of logging on successful requests
Known issues
~~~~~~~~~~~~
- Issue #1104: gnt-backup: dh key too small
Version 2.12.4
--------------
......@@ -326,31 +460,6 @@ Pending since 2.12.2:
shared-file (issue #1030)
Version 2.13.0 rc1
------------------
*(Released Wed, 25 Mar 2015)*
This was the first release candidate of the 2.13 series.
All important changes are listed in the latest 2.13 entry.
Since 2.13.0 beta1
~~~~~~~~~~~~~~~~~~
The following issues have been fixed:
- Issue 1018: Cluster init (and possibly other jobs) occasionally fail to start
Version 2.13.0 beta1
--------------------
*(Released Wed, 14 Jan 2015)*
This was the first beta release of the 2.13 series. All important changes
are listed in the latest 2.13 entry.
Version 2.12.3
--------------
......
......@@ -162,54 +162,24 @@ kernels. For KVM no reboot should be necessary.
Xen settings
~~~~~~~~~~~~
It's recommended that dom0 is restricted to a low amount of memory
(512MiB or 1GiB is reasonable) and that memory ballooning is disabled in
the file ``/etc/xen/xend-config.sxp`` by setting the value
``dom0-min-mem`` to 0, like this::
Depending on which toolstack you are using, the hypervisor parameter
``xen_cmd`` has to be set to the matching value, either ``xm`` or
``xl``.
(dom0-min-mem 0)
Some useful best practices for Xen are to restrict the amount of memory
dom0 has available, and pin the dom0 to a limited number of CPUs.
Instructions for how to achieve this for various toolstacks can be found
on the Xen wiki_.
For optimum performance when running both CPU and I/O intensive
instances, it's also recommended that the dom0 is restricted to one CPU
only. For example you can add ``dom0_max_vcpus=1,dom0_vcpus_pin`` to your
kernels boot command line and set ``dom0-cpus`` in
``/etc/xen/xend-config.sxp`` like this::
.. _wiki: http://wiki.xenproject.org/wiki/Xen_Project_Best_Practices
(dom0-cpus 1)
It is recommended that you disable xen's automatic save of virtual
It is recommended that you disable Xen's automatic save of virtual
machines at system shutdown and subsequent restore of them at reboot.
To obtain this make sure the variable ``XENDOMAINS_SAVE`` in the file
``/etc/default/xendomains`` is set to an empty value.
If you want to use live migration make sure you have, in the xen config
file, something that allows the nodes to migrate instances between each
other. For example:
.. code-block:: text
(xend-relocation-server yes)
(xend-relocation-port 8002)
(xend-relocation-address '')
(xend-relocation-hosts-allow '^192\\.0\\.2\\.[0-9]+$')
The second line assumes that the hypervisor parameter
``migration_port`` is set 8002, otherwise modify it to match. The last
line assumes that all your nodes have secondary IPs in the
192.0.2.0/24 network, adjust it accordingly to your setup.
If you want to run HVM instances too with Ganeti and want VNC access to
the console of your instances, set the following two entries in
``/etc/xen/xend-config.sxp``:
.. code-block:: text
(vnc-listen '0.0.0.0') (vncpasswd '')
You need to restart the Xen daemon for these settings to take effect::
$ /etc/init.d/xend restart
You may need to restart the Xen daemon for some of these settings to
take effect. The best way to do this depends on your distribution.
Selecting the instance kernel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
......@@ -334,10 +334,10 @@ configurable globally (at cluster level):
migration\_port
Valid for the Xen PVM and KVM hypervisors.
This options specifies the TCP port to use for live-migration. For
Xen, the same port should be configured on all nodes in the
``@XEN_CONFIG_DIR@/xend-config.sxp`` file, under the key
"xend-relocation-port".
This options specifies the TCP port to use for live-migration when
using the xm toolstack. The same port should be configured on all
nodes in the ``@XEN_CONFIG_DIR@/xend-config.sxp`` file, under the
key "xend-relocation-port".
migration\_bandwidth
Valid for the KVM hypervisor.
......@@ -710,6 +710,8 @@ MODIFY
| [\--install-image *image*]
| [\--zeroing-image *image*]
| [\--user-shutdown {yes \| no}]
| [\--enabled-data-collectors *collectors*]
| [\--data-collector-interval *intervals*]
Modify the options for the cluster.
......@@ -774,6 +776,13 @@ parameters for instance communication. If the supplied network exists,
Ganeti will check its parameters and warn about unusual configurations,
but it will still use that network for instance communication.
The ``--enabled-data-collectors`` and ``--data-collector-interval``
options are to control the behavior of the **ganeti-mond**\(8). The
first expects a list name=bool pairs to activate or decative the mentioned
data collector. The second option expects similar pairs of collector name
and number of seconds specifying the interval at which the collector
shall be collected.
See **gnt-cluster init** for a description of ``--install-image`` and
``--zeroing-image``.
......
......@@ -340,39 +340,42 @@ checkSingleStep force ini_tbl target cur_tbl move =
possibleMoves :: MirrorType -- ^ The mirroring type of the instance
-> Bool -- ^ Whether the secondary node is a valid new node
-> Bool -- ^ Whether we can change the primary node
-> Bool -- ^ Whether we alowed to move disks
-> (Bool, Bool) -- ^ Whether migration is restricted and whether
-- the instance primary is offline
-> Ndx -- ^ Target node candidate
-> [IMove] -- ^ List of valid result moves
possibleMoves MirrorNone _ _ _ _ = []
possibleMoves MirrorNone _ _ _ _ _ = []
possibleMoves MirrorExternal _ False _ _ = []
possibleMoves MirrorExternal _ False _ _ _ = []
possibleMoves MirrorExternal _ True _ tdx =
possibleMoves MirrorExternal _ True _ _ tdx =
[ FailoverToAny tdx ]
possibleMoves MirrorInternal _ False _ tdx =
possibleMoves MirrorInternal _ _ False _ _ = []
possibleMoves MirrorInternal _ False True _ tdx =
[ ReplaceSecondary tdx ]
possibleMoves MirrorInternal _ _ (True, False) tdx =
possibleMoves MirrorInternal _ _ True (True, False) tdx =
[ ReplaceSecondary tdx
]
possibleMoves MirrorInternal True True (False, _) tdx =
possibleMoves MirrorInternal True True True (False, _) tdx =
[ ReplaceSecondary tdx
, ReplaceAndFailover tdx
, ReplacePrimary tdx
, FailoverAndReplace tdx
]
possibleMoves MirrorInternal True True (True, True) tdx =
possibleMoves MirrorInternal True True True (True, True) tdx =
[ ReplaceSecondary tdx
, ReplaceAndFailover tdx
, FailoverAndReplace tdx
]
possibleMoves MirrorInternal False True _ tdx =
possibleMoves MirrorInternal False True True _ tdx =
[ ReplaceSecondary tdx
, ReplaceAndFailover tdx
]
......@@ -402,12 +405,8 @@ checkInstanceMove opts nodes_idx ini_tbl@(Table nl _ _ _) target =
primary_drained = Node.offline
. flip Container.find nl
$ Instance.pNode target
all_moves =
if disk_moves
then concatMap (possibleMoves mir_type use_secondary inst_moves
(rest_mig, primary_drained))
nodes
else []
all_moves = concatMap (possibleMoves mir_type use_secondary inst_moves
disk_moves (rest_mig, primary_drained)) nodes
in
-- iterate over the possible nodes for this instance
foldl' (checkSingleStep force ini_tbl target) aft_failover all_moves
......
#!/usr/bin/python
# This file is automatically generated, do not edit!
# Edit ganeti.tools.ssl_update instead.
"""Bootstrap script for L{ganeti.tools.ssl_update}"""
# pylint: disable=C0103
# C0103: Invalid name
import sys
import ganeti.tools.ssl_update as main
# Temporarily alias commands until bash completion
# generator is changed
if hasattr(main, "commands"):
commands = main.commands # pylint: disable=E1101
if hasattr(main, "aliases"):
aliases = main.aliases # pylint: disable=E1101
if __name__ == "__main__":
sys.exit(main.Main())
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment