This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Ganeti core".
The branch, master has been updated
via c66efa4d9ed096fc9ea479b974451c387784a1aa (commit)
via d4c0225c36de371371ebefb92eb340be3acb1767 (commit)
via 02719348339f8ab4c443d00b1826071ce59f697e (commit)
via e3deb8d0e0f28ce57d7140841e1dbc06d3ef583f (commit)
via 957ccf5c5a9af4fb4a3ebd330cf852ca4fe53982 (commit)
via 0a56f9a593f4aa704d385315424c87c4109a679b (commit)
via 512e42f9e1d03b3665b34eb9ea81b844b4030113 (commit)
via 68d95fb831dd26e92de586f1e7a9c6336691e515 (commit)
via 4ccea62ca94c877eee121b4e6efafa30fc0e04f2 (commit)
via 7ccca246e4b23db660d93b6e21e73209d0a3a094 (commit)
via 60d4a4ac036eae6114c8f24a98e56043294f3dfc (commit)
via e07859ddebd59d406a9d9f1a901bcc0b492df932 (commit)
via 224c028aed54d2796ec643daa10d7525af6e9614 (commit)
via c7017baead4f1cfbe80270d0410f767d1c08c364 (commit)
via ca5cb2c9268e7f0cc539b1213afe011f9579df61 (commit)
via 49493f3371f2e883d8f5d98c9f4c0069a01ca0e3 (commit)
via 0bad265b41c2918522fed4b15b376b9dc996b665 (commit)
via 2be567318f2ffc324db28976f328ad0ca6c72860 (commit)
via f1193a873577981e96d60be12c13d51ae321cff0 (commit)
via 185742ec0422638c1bafcf323ed8b6f024a8f492 (commit)
via c17839691c1a01a510627dee3d26c41efc28147d (commit)
via 6cec2093bb8db5f69bed2c715a857767ef5facc5 (commit)
via 0cfe3fb79530238a18a40946fe6930fe11def786 (commit)
via 986bcbee3353a863001a33c0e23f9247d2563394 (commit)
via 2b6cdc9ba7e943fc7a4917e7afd921be5526551f (commit)
from e17541b7e5586ddf6bd360d8630982150cc999e9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c66efa4d9ed096fc9ea479b974451c387784a1aa
Author: Helga Velroyen <[email protected]>
Date: Wed Aug 6 16:44:24 2014 +0200
Use WriteFile when possible in ssh.py
This is an additional patch to the SSH patch series
which simplifies the handling of public SSH keys by using
the utility function WriteFile as often as possible.
As it is a mess to merge it back into the series,
I am sending this as an additional patch at the end of the
series.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit d4c0225c36de371371ebefb92eb340be3acb1767
Author: Helga Velroyen <[email protected]>
Date: Fri Jul 18 10:36:26 2014 +0200
Mention SSH changes in NEWS file
Mention the changes in the SSH handling in the NEWS
file.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 02719348339f8ab4c443d00b1826071ce59f697e
Author: Helga Velroyen <[email protected]>
Date: Tue Jul 1 11:29:51 2014 +0200
Renew SSH keys and upgrade
This patch adds the '--new-ssh-keys' option
to 'gnt-cluster renew-crypto'. In the client, it retrieves
all current ssh keys and (re-)writes the 'ganeti_pub_key'
file with it, then in the backend, the new keys are
generated and distributed.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit e3deb8d0e0f28ce57d7140841e1dbc06d3ef583f
Author: Helga Velroyen <[email protected]>
Date: Tue Jul 1 17:00:24 2014 +0200
Move GenerateRootSshKeys to tools/common
Both prepare_node_join and soon ssh_update will
need the function "GenerateRootSshKeys". This patch
moves the function to the common directory.
No functional changes otherwise.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 957ccf5c5a9af4fb4a3ebd330cf852ca4fe53982
Author: Helga Velroyen <[email protected]>
Date: Tue Jul 1 11:42:03 2014 +0200
Move function to fetch public keys to ssh
This moves the function to read public keys from a node
to the ssh module. So far it was only used by
'gnt_node', but it will soon be reused by 'gnt_cluster'
as well. No functional changes in this patch.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 0a56f9a593f4aa704d385315424c87c4109a679b
Author: Helga Velroyen <[email protected]>
Date: Tue Jul 1 11:17:18 2014 +0200
Add option to "InitSSHSetup" to create additional keys
This adds an option to 'InitSSHSetup' to not override
the SSH key, but create an additional one with a suffix.
This will be used to replace the master node's SSH key,
but keeping the old one a little longer to distribute the
new one.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 512e42f9e1d03b3665b34eb9ea81b844b4030113
Author: Helga Velroyen <[email protected]>
Date: Tue Jul 1 10:54:55 2014 +0200
Unit test for InitSSHSetup
This patch adds a unit test for InitSSHSetup before
we start extending it in the next patch.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 68d95fb831dd26e92de586f1e7a9c6336691e515
Author: Helga Velroyen <[email protected]>
Date: Mon Jun 30 16:33:39 2014 +0200
Add key parameter to renew crypto opcode
In order to be enable to extend the renew-crypto opcode,
we are adding a parameter for renewing the node SSL
certificates. This way, it can easily be broadened to
renew SSH keys as well, which is done in the following
patch.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 4ccea62ca94c877eee121b4e6efafa30fc0e04f2
Author: Helga Velroyen <[email protected]>
Date: Thu Jun 26 19:27:25 2014 +0200
Reduce number of statements in ClusterVerifyGroup
... to make lint shut up.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 7ccca246e4b23db660d93b6e21e73209d0a3a094
Author: Helga Velroyen <[email protected]>
Date: Fri May 16 16:59:27 2014 +0200
Handle SSH keys on node promotion and demotion
This patch implements the removal of a node's SSH key
from all nodes' "authorized_keys" files when it is
demoted from being master candidate to being a normal
node. It also adds the adding of a node's SSH key
when it is promoted from normal node to master
candidate.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 60d4a4ac036eae6114c8f24a98e56043294f3dfc
Author: Helga Velroyen <[email protected]>
Date: Thu Mar 27 13:37:25 2014 +0100
Verify SSH setup
This patch adjusts the SSH connectivity test that
'gnt-cluster verify' does and introduces a couple of
sanity checks for the new SSH setup with individual
keys.
Note that it won't be possible for this to always hold
through the entire patch series. I decided to put it in
anyway, because it a great debugging tool during the
development itself as keeping track of the states of
various key files is tedious manual work.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit e07859ddebd59d406a9d9f1a901bcc0b492df932
Author: Helga Velroyen <[email protected]>
Date: Thu Mar 27 10:38:57 2014 +0100
Generate individual SSH keys
This patch adapts the 'prepare_node_join' tool so
that instead of copying the cluster SSH key to the new
node, an individual SSH key pair is generated for that
node.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 224c028aed54d2796ec643daa10d7525af6e9614
Author: Helga Velroyen <[email protected]>
Date: Fri Jun 13 16:41:43 2014 +0200
Removing old SSH key when readding a node
If a node is readded to the cluster, it might or might
not have an old SSH key distributed on the nodes. In order
to make a clean add, the old key is removed first.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit c7017baead4f1cfbe80270d0410f767d1c08c364
Author: Helga Velroyen <[email protected]>
Date: Tue Mar 25 11:03:40 2014 +0100
Handling SSH keys on node removal
This patch implements the handling of SSH keys when a node
is removed from the cluster. It covers the implementation
in the backend, the introduction and calling of a new RPC
call for that purpose.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit ca5cb2c9268e7f0cc539b1213afe011f9579df61
Author: Helga Velroyen <[email protected]>
Date: Tue Mar 25 16:24:35 2014 +0100
Key removal in ssh.py and ssh_update.py
This patch prepares the ssh utility library ssh.py and
the ssh update tool with the ability to remove SSH keys
from the 'authorized_keys' and the 'ganeti_pub_keys'
files.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 49493f3371f2e883d8f5d98c9f4c0069a01ca0e3
Author: Helga Velroyen <[email protected]>
Date: Fri Mar 21 14:11:03 2014 +0100
Key handling when adding a node
This patch implements the handling of SSH keys, when a new
node is added. It introduces the new RPC call 'ssh_add_key',
which is called to the master's noded when a new node is
added. In the backend implementation, noded takes care of
distributing the new node's SSH key information to all
other nodes in the cluster which are supposed to have
this information.
Note: It was rather tedious to test the backend function,
because it was calling many other functions which would
have needed to be mocked. Instead I added the public key
file as a parameter, because this way I could at least
reduce the complexity of the test setup and at the same
time have direct access to the file that gets manipulated.
Also Note: Up till now, there is still only the common
cluster SSH key around. I wanted to have some
infrastructure in place, before actually individual keys
are generated.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 0bad265b41c2918522fed4b15b376b9dc996b665
Author: Helga Velroyen <[email protected]>
Date: Tue Mar 25 10:11:02 2014 +0100
Config: retrieve SSH ports and potential master candidates
This patch adds a function to retrieve a map of group UUIDs
to SSH ports to the configuration module. Fixes Issue 773.
Besides that, this patch adds another function to retrieve
the list of potential master candidates.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 2be567318f2ffc324db28976f328ad0ca6c72860
Author: Helga Velroyen <[email protected]>
Date: Thu Mar 20 11:15:36 2014 +0100
Introducing the 'ssh_update' tool
In order to update the 'ganeti_pub_keys' and the
'authorized_keys' files of various nodes via SSH, we
introduce the tool 'ssh_update'. It works similar to the
tool 'prepare_node_join', which is also a tool invoked
via SSH on a remote note.
This patch includes some refactoring to reuse code from
the 'prepare_node_join' tool and provides unit tests as
well. Note that the actual invocation of the 'ssh_update'
tool will be done in later patches of this series.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit f1193a873577981e96d60be12c13d51ae321cff0
Author: Helga Velroyen <[email protected]>
Date: Wed Mar 19 17:09:30 2014 +0100
ssh.py: clear + overide pubkey + query all
This patch add a couple of new SSH utility functions to
the ssh module:
- clearing the whole 'ganeti_pub_keys' file
- overriding the whole 'ganeti_pub_keys' file
- retrieving all keys from the file at once
Those functions will be used in later patches. Unit tests
are provided.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 185742ec0422638c1bafcf323ed8b6f024a8f492
Author: Helga Velroyen <[email protected]>
Date: Tue Mar 18 13:27:54 2014 +0100
Retrieve public SSH key from new node
On adding a new node, a new public/private SSH key pair
will be generated. The public key pair needs (possibly)
to be added to the 'ganeti_pub_keys' file and the
'authorized_keys' file of other cluster nodes. This patch
provides the mechanism to fetch the new node's public
SSH key via ssh. Node that at this point, no new
public/private key pair is generated yet. This will come
in a later patch of this series as we first want to have
all infrastructure in place.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit c17839691c1a01a510627dee3d26c41efc28147d
Author: Helga Velroyen <[email protected]>
Date: Tue Mar 11 16:29:58 2014 +0100
Init pubkey file and transfer authorized keys on node join
This patch initializes the "ganeti_pub_keys" file on
cluster initialization and adds the master's key to it.
On node-add, the key file is queried for the keys of
the master candidates and those are transferred to the
new node and added to its "authorized_keys" file.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 6cec2093bb8db5f69bed2c715a857767ef5facc5
Author: Helga Velroyen <[email protected]>
Date: Tue Mar 11 13:06:01 2014 +0100
Infrastructure to manage public key file
This patch introduced infrastructure to handle the
newly introduced file of public SSH keys of potential
master candidates (as described in
"design-node-security.rst"). It supports the operation
to add and remove keys and to query the file for a set of
keys. In this patch it does not get called by any code yet;
this will be done in the next patches. Unit tests are
included.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 0cfe3fb79530238a18a40946fe6930fe11def786
Author: Helga Velroyen <[email protected]>
Date: Tue Mar 11 13:16:58 2014 +0100
Move Ssh related code to ssh.py
There were a couple of ssh-related utility functions
scattered in io.py. We are moving them to ssh.py to
keep all ssh-related code together.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 986bcbee3353a863001a33c0e23f9247d2563394
Author: Helga Velroyen <[email protected]>
Date: Mon Mar 10 16:15:08 2014 +0100
Move InitSSH from bootstrap.py to ssh.py
Since the generation of SSH keys will no longer only
happen at cluster init, but every time a node is added,
we move the "InitSSH" method from bootstrap to the
ssh module to be able to reuse it. No functional
changes otherwise.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
commit 2b6cdc9ba7e943fc7a4917e7afd921be5526551f
Author: Helga Velroyen <[email protected]>
Date: Wed Mar 12 13:24:21 2014 +0100
Removing unused imports from watcher
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Petr Pudlak <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 +
Makefile.am | 13 +-
NEWS | 7 +
UPGRADE | 21 +
lib/backend.py | 458 ++++++++++++-
lib/bootstrap.py | 130 +----
lib/cli.py | 24 +
lib/client/gnt_cluster.py | 72 ++-
lib/client/gnt_node.py | 32 +-
lib/cmdlib/cluster.py | 157 ++++-
lib/cmdlib/node.py | 95 +++-
lib/config.py | 62 ++-
lib/errors.py | 6 +
lib/pathutils.py | 2 +
lib/rpc_defs.py | 32 +
lib/server/noded.py | 38 +
lib/ssh.py | 728 +++++++++++++++++++-
lib/tools/common.py | 117 ++++
lib/tools/prepare_node_join.py | 101 +---
lib/tools/ssh_update.py | 228 ++++++
lib/utils/io.py | 89 ---
lib/watcher/__init__.py | 2 -
qa/qa_cluster.py | 7 +-
src/Ganeti/Constants.hs | 34 +
src/Ganeti/OpCodes.hs | 4 +-
src/Ganeti/OpParams.hs | 14 +
test/hs/Test/Ganeti/OpCodes.hs | 3 +-
test/py/cmdlib/cluster_unittest.py | 67 ++-
test/py/ganeti.backend_unittest.py | 441 ++++++++++++
test/py/ganeti.client.gnt_cluster_unittest.py | 102 +++
test/py/ganeti.mcpu_unittest.py | 1 -
test/py/ganeti.ssh_unittest.py | 303 ++++++++
test/py/ganeti.tools.prepare_node_join_unittest.py | 75 +-
test/py/ganeti.tools.ssh_update_unittest.py | 172 +++++
test/py/ganeti.utils.io_unittest.py | 68 --
test/py/testutils.py | 15 +
tools/post-upgrade | 8 +
37 files changed, 3255 insertions(+), 474 deletions(-)
create mode 100644 lib/tools/common.py
create mode 100644 lib/tools/ssh_update.py
create mode 100755 test/py/ganeti.tools.ssh_update_unittest.py
hooks/post-receive
--
Ganeti core
--
---
You received this message because you are subscribed to the Google Groups
"ganeti-commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
