This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Ganeti core".
The branch, stable-2.13 has been updated
via 4cb0debb90ef3d80f7e6fe0a3848b6446f6bac37 (commit)
via 4924f13d4e222af269cb1434e9bd8542f5535a29 (commit)
via d1ba0655a7c54db7732bbe197673f0c511237b16 (commit)
via b105a8577d0dd098bf7b2b57afeace36b97a33e1 (commit)
via 038bc1f2d787f8197df81261d929b54c220844e6 (commit)
via b1357a1537cf5ee80a3703142bd2d1476ff4991e (commit)
via 723ded6cc687c3b9cffd2e4a955f06e7c6b6d26d (commit)
via 804ee5ff672f394509f082ff739289ff399471fc (commit)
via 1be25340fb19e67a62a4e65a156942ac7e665a6c (commit)
via ca044e7032f192f5f93ff19355f50ad03128fd39 (commit)
via 5ae4e7545ef1d0e29e58208f9506d086fecd0bcc (commit)
from d8982620a54fe39de85c29f08c461fa6dab177ac (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4cb0debb90ef3d80f7e6fe0a3848b6446f6bac37
Author: Helga Velroyen <[email protected]>
Date: Tue Oct 21 14:52:35 2014 +0200
RunNodeCmdWithStdin: convert flags to named parameters
This patch converts the boolean parameters of the function
'RunNodeCmdWithStdin' into named parameters to increase
readability. This fixes issue 975.
Note that it also changes the occurrences of the parameters
'verbose' and 'debug' to either 'False' or an option, because
'verbose' and 'debug' should not be 'True' on production
clusters to not leak security information. Ideally, all
occurences should be switchable as options on the commandline,
but which itself is out of the scope of this patch.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
commit 4924f13d4e222af269cb1434e9bd8542f5535a29
Author: Helga Velroyen <[email protected]>
Date: Tue Oct 21 14:52:48 2014 +0200
RemoveNodeSshKey: convert flags to named parameters
To increase readability, this patch converts the boolean
parameters of the RemoveNodeSshKey function into named
parameters. For that, we reorder some parameters and to
avoid confusion, this reordering is also done on cmdlib
level.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
commit d1ba0655a7c54db7732bbe197673f0c511237b16
Author: Helga Velroyen <[email protected]>
Date: Tue Oct 21 14:02:01 2014 +0200
AddNodeSshKey: Convert flags to named parameters
To increase readability, changes the three boolean
parameters of the AddNodeSshKey function to named
parameters. For that, we rearrange the parameters.
For consistency, we also do the reordering on cmdlib
level to avoid confusion.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
commit b105a8577d0dd098bf7b2b57afeace36b97a33e1
Author: Helga Velroyen <[email protected]>
Date: Thu Oct 16 16:46:00 2014 +0200
Respect --no-node-setup in LUNodeAdd
While gnt_node.py already correctly complied to the
'--no-node-setup' option, the corresponding LU did
use the cluster's init flag '--no-ssh-init'. While not
advisable to do so, this would result in an error if
the cluster is initialized without the '--no-ssh-init'
option, but the node is added with the '--no-node-setup'
option.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
commit 038bc1f2d787f8197df81261d929b54c220844e6
Author: Helga Velroyen <[email protected]>
Date: Thu Oct 16 16:07:34 2014 +0200
Add a note to 'design-node-add'
This patch adds a note to the rather old design doc
'design-node-add.rst' about being closely related
to the new SSH design described in the more recent
design doc 'design-node-security.rst'.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
commit b1357a1537cf5ee80a3703142bd2d1476ff4991e
Author: Helga Velroyen <[email protected]>
Date: Thu Oct 16 15:59:23 2014 +0200
Document --new-ssh-keys in man page
This patch documents the newly added '--new-ssh-keys'
option of 'gnt-cluster renew-crypto'.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
commit 723ded6cc687c3b9cffd2e4a955f06e7c6b6d26d
Author: Helga Velroyen <[email protected]>
Date: Thu Oct 16 15:47:59 2014 +0200
Update message when adding a node
When adding a node, Ganeti displays a warning about the
upcoming SSH manipulations. With the new SSH key handling,
this message is no longer correct and is updated in this
patch.
Besides that, this patch removes the restriction that
only SSH keys are generated when a node is not readded.
This makes sense from a security point of view, because
if a node comes back from repair one might not be sure
no untrusted personell was able to access the machine.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
commit 804ee5ff672f394509f082ff739289ff399471fc
Author: Helga Velroyen <[email protected]>
Date: Thu Oct 16 15:34:53 2014 +0200
Updates of design doc
With the progressing implementation of the design
'design-node-security.rst', some aspects of the design
were changed or detailed. This patch brings the
design back in sync with the implementation.
Changes cover:
- Cleanup of public keys and authorized keys of
nodes before they are readded.
- Fixing version number to 2.13, where the main
changes in the SSH implementation are made.
- Mention new --new-ssh-key option of
'gnt-cluster renew-crypto'.
- Mention compliance with options to suppress
SSH file manipulation.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
commit 1be25340fb19e67a62a4e65a156942ac7e665a6c
Author: Helga Velroyen <[email protected]>
Date: Thu Oct 16 15:28:18 2014 +0200
Document --no-node-setup option in man page
This patch documents the '--no-node-setup' option of
'gnt-node add', which prevents Ganeti from touching and
distributing the SSH keys of the new node. It also prevents
any manipulation of the 'authorized_keys' files of Ganeti.
This option has been around for some time, but was so far
not documented in the man page.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
commit ca044e7032f192f5f93ff19355f50ad03128fd39
Author: Helga Velroyen <[email protected]>
Date: Thu Oct 16 14:55:46 2014 +0200
Clear a node's 'authorized_keys' file before readding it
This patch makes sure that when a node is readded, it's
'authorized_keys' file is cleared from old Ganeti keys
before it is added again. Note that keys which were not
added by Ganeti before, will be left untouched.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
commit 5ae4e7545ef1d0e29e58208f9506d086fecd0bcc
Author: Helga Velroyen <[email protected]>
Date: Thu Oct 16 14:45:48 2014 +0200
Add option to NodeSshRemoveKey to clear public keys
This patch adds an option to the NodeSshRemoveKey function
of backend.py to clear a nodes' public_key_file. This
will be used when removing a node and later also when
making a master_capable node not master_capable anymore.
Signed-off-by: Helga Velroyen <[email protected]>
Reviewed-by: Klaus Aehlig <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
doc/design-node-add.rst | 10 +++
doc/design-node-security.rst | 34 ++++++++--
lib/backend.py | 137 +++++++++++++++++++++++------------
lib/bootstrap.py | 8 ++-
lib/client/gnt_node.py | 27 +++++---
lib/cmdlib/node.py | 30 ++++----
lib/rpc_defs.py | 14 ++--
lib/server/noded.py | 32 +++++----
lib/ssh.py | 13 ++--
man/gnt-cluster.rst | 5 ++
man/gnt-node.rst | 13 +++-
src/Ganeti/OpCodes.hs | 1 +
src/Ganeti/OpParams.hs | 7 ++
test/hs/Test/Ganeti/OpCodes.hs | 3 +-
test/py/ganeti.backend_unittest.py | 45 ++++++++----
15 files changed, 256 insertions(+), 123 deletions(-)
hooks/post-receive
--
Ganeti core
--
---
You received this message because you are subscribed to the Google Groups
"ganeti-commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
