1. 09 Jul, 2015 2 commits
    • Petr Pudlak's avatar
      Move _ValidateConfig to the verify.py submodule · 9ac307a6
      Petr Pudlak authored
      .. in order to get the size of config/__init__ under 3600 lines again.
      Signed-off-by: default avatarPetr Pudlak <pudlak@google.com>
      Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
      9ac307a6
    • Petr Pudlak's avatar
      Merge branch 'stable-2.13' into stable-2.14 · 6d9446fa
      Petr Pudlak authored
      * stable-2.13
        Describe --no-verify-disks option in watcher man page
        Make disk verification optional
      
      * stable-2.12
        Handle SSL setup when downgrading
        Write SSH ports to ssconf files
        Noded: Consider certificate chain in callback
        Cluster-keys-replacement: update documentation
        Backend: Use timestamp as serial no for server cert
        UPGRADE: add note about 2.12.5
        NEWS: Mention issue 1094
        man: mention changes in renew-crypto
        Verify: warn about self-signed client certs
        Bootstrap: validate SSL setup before starting noded
        Clean up configuration of curl request
        Renew-crypto: remove superflous copying of node certs
        Renew-crypto: propagate verbose and debug option
        Noded: log the certificate and digest on noded startup
        QA: reload rapi cert after renew crypto
        Prepare-node-join: use common functions
        Renew-crypto: remove dead code
        Init: add master client certificate to configuration
        Renew-crypto: rebuild digest map of all nodes
        Noded: make "bootstrap" a constant
        node-daemon-setup: generate client certificate
        tools: Move (Re)GenerateClientCert to common
        Renew cluster and client certificates together
        Init: create the master's client cert in bootstrap
        Renew client certs using ssl_update tool
        Run functions while (some) daemons are stopped
        Back up old client.pem files
        Introduce ssl_update tool
        x509 function for creating signed certs
        Add tools/common.py from 2.13
        Consider ECDSA in SSH setup
        Update documentation of watcher and RAPI daemon
        Watcher: add option for setting RAPI IP
        When connecting to Metad fails, log the full stack trace
        Set up the Metad client with allow_non_master
        Set up the configuration client properly on non-masters
        Add the 'allow_non_master' option to the WConfd RPC client
        Add the option to disable master checks to the RPC client
        Add 'allow_non_master' to the Luxi test transport class too
        Add 'allow_non_master' to FdTransport for compatibility
        Properly document all constructor arguments of Transport
        Allow the Transport class to be used for non-master nodes
        Don't define the set of all daemons twice
      
      Conflicts:
      	Makefile.am
      	lib/cmdlib/cluster/verify.py
      	lib/config/__init__.py
      	tools/cfgupgrade
      
      Resolution:
      	Makefile.am
                - keep newly added files from both branches
      	lib/cmdlib/cluster/verify.py
                - propagate relevant changes from/lib/cmdlib/cluster.py to
                  lib/cmdlib/cluster/__init__.py
      	lib/config/__init__.py
                - include methods added in stable-2.13
                - temporarily disable the warning for too many lines
      	tools/cfgupgrade
                - propagate changes to lib/tools/cfgupgrade.py
      Signed-off-by: default avatarPetr Pudlak <pudlak@google.com>
      Reviewed-by: default avatarHelga Velroyen <helgav@google.com>
      6d9446fa
  2. 07 Jul, 2015 2 commits
    • Klaus Aehlig's avatar
      Fix building of shell command in export · e86e6b3e
      Klaus Aehlig authored
      Commit 3d835f7d made two incorrect assumptions that
      lead to instance moves failing for plain instances.
      - The Import/Export interface is available at the level
        of block devices, not (as was assumed in the said
        commit) at the level of configuration objects.
      - The Import/Export functions provide an argv vector
        not a single string; also the quoted version thereof
        is not a parameter so be substituted into a shell
        template (the quoted string does contain several
        characters with special meaning to the shell, e.g.,
        spaces).
      Fix this now.
      Signed-off-by: default avatarKlaus Aehlig <aehlig@google.com>
      Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
      e86e6b3e
    • Helga Velroyen's avatar
      Merge branch 'stable-2.12' into stable-2.13 · 7f1ac87a
      Helga Velroyen authored
      * stable-2.12
        Handle SSL setup when downgrading
        Write SSH ports to ssconf files
        Noded: Consider certificate chain in callback
        Cluster-keys-replacement: update documentation
        Backend: Use timestamp as serial no for server cert
        UPGRADE: add note about 2.12.5
        NEWS: Mention issue 1094
        man: mention changes in renew-crypto
        Verify: warn about self-signed client certs
        Bootstrap: validate SSL setup before starting noded
        Clean up configuration of curl request
        Renew-crypto: remove superflous copying of node certs
        Renew-crypto: propagate verbose and debug option
        Noded: log the certificate and digest on noded startup
        QA: reload rapi cert after renew crypto
        Prepare-node-join: use common functions
        Renew-crypto: remove dead code
        Init: add master client certificate to configuration
        Renew-crypto: rebuild digest map of all nodes
        Noded: make "bootstrap" a constant
        node-daemon-setup: generate client certificate
        tools: Move (Re)GenerateClientCert to common
        Renew cluster and client certificates together
        Init: create the master's client cert in bootstrap
        Renew client certs using ssl_update tool
        Run functions while (some) daemons are stopped
        Back up old client.pem files
        Introduce ssl_update tool
        x509 function for creating signed certs
        Add tools/common.py from 2.13
        Consider ECDSA in SSH setup
        Update documentation of watcher and RAPI daemon
        Watcher: add option for setting RAPI IP
        When connecting to Metad fails, log the full stack trace
        Set up the Metad client with allow_non_master
        Set up the configuration client properly on non-masters
        Add the 'allow_non_master' option to the WConfd RPC client
        Add the option to disable master checks to the RPC client
        Add 'allow_non_master' to the Luxi test transport class too
        Add 'allow_non_master' to FdTransport for compatibility
        Properly document all constructor arguments of Transport
        Allow the Transport class to be used for non-master nodes
        Don't define the set of all daemons twice
      
      Conflicts:
        Makefile.am
        NEWS
        UPGRADE
        lib/client/gnt_cluster.py
        lib/cmdlib/cluster.py
        lib/tools/common.py
        lib/tools/prepare_node_join.py
        lib/watcher/__init__.py
        man/ganeti-watcher.rst
        src/Ganeti/OpCodes.hs
        test/hs/Test/Ganeti/OpCodes.hs
        test/py/cmdlib/cluster_unittest.py
        test/py/ganeti.tools.prepare_node_join_unittest.py
        tools/cfgupgrade
      
      Resolutions:
        Makefile.am:
          add ssl_update and ssh_update
        NEWS:
          add new sections from 2.12 and 2.13
        UPGRADE:
          add notes for both 2.12 and 2.13
        lib/client/gnt_cluster.py:
          add all new options to RenewCluster, remove version-specific
          downgrade code
        lib/tools/common.py:
          split the two mismatching versions of _VerifyCertificate
          and VerifyCertificate up into [_]VerifyCertifcate{Soft,Strong}
          and update usages accordingly
        lib/tools/prepare_node_join.py
          update usage of correct VerifyCertificate function
        lib/watcher/__init__.py
          add both new options, --rapi-ip and --no-verify-disks
        man/ganeti-watcher.rst
          update docs for both new options (see above)
        src/Ganeti/OpCodes.hs
          add all new options to OpRenewCrypto
        test/hs/Test/Ganeti/OpCodes.hs
          add enough 'arbitrary' for all new options of OpRenewCrypto
        test/py/cmdlib/cluster_unittest.py
          use changes from 2.12
        test/py/ganeti.tools.prepare_node_join_unittest.py
          remove tests that were moved to common_unittest.py
        tools/cfgupgrade
          use only downgrade code of 2.13
      Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
      Reviewed-by: default avatarPetr Pudlak <pudlak@google.com>
      7f1ac87a
  3. 06 Jul, 2015 32 commits
  4. 03 Jul, 2015 4 commits