commit 497a63845db1fec2b0949d1bf0e2367c0bcca028
Merge: 4975195 991eb59
Author: Klaus Aehlig <[email protected]>
Date: Thu Jul 16 11:07:44 2015 +0200
Merge branch 'stable-2.12' into stable-2.13
* stable-2.12
Bugfix in checkInstanceMove function in Cluster.hs
Revision bump for 2.12.5
Update the NEWS file for 2.12.5
Update Xen documentation in install.rst
Clarify need for the migration_port Xen param
Conflicts:
NEWS: take both new entries
configure.ac: keep version and revision of stable-2.13
diff --cc NEWS
index 9b0fa37,859afd8..f78db4f
--- a/NEWS
+++ b/NEWS
@@@ -2,153 -2,50 +2,197 @@@ New
====
+Version 2.13.2
+--------------
+
+*(Released Mon, 13 Jul 2015)*
+
+Incompatible/important changes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- This release contains a fix for the problem that different encodings in
+ SSL certificates can break RPC communication (issue 1094). The fix makes
+ it necessary to rerun 'gnt-cluster renew-crypto --new-node-certificates'
+ after the cluster is fully upgraded to 2.13.2
+
+Other fixes and known issues
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Inherited from 2.12:
+
+- Fixed Issue #1115: Race between starting WConfD and updating the config
+- Fixed Issue #1114: Binding RAPI to a specific IP makes the watcher
+ restart the RAPI
+- Fixed Issue #1100: Filter-evaluation for run-time data filter
+- Better handling of the "crashed" Xen state
+- The watcher can be instructed to skip disk verification
+- Reduce amount of logging on successful requests
+- Prevent multiple communication NICs being created for instances
+- The ``htools`` now properly work also on shared-storage clusters
+- Instance moves now work properly also for the plain disk template
+- Various improvements to the documentation have been added
+
+Known issues:
+- Issue #1104: gnt-backup: dh key too small
+
+
+Version 2.13.1
+--------------
+
+*(Released Tue, 16 Jun 2015)*
+
+Incompatible/important changes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- The SSH security changes reduced the number of nodes which can SSH into
+ other nodes. Unfortunately enough, the Ganeti implementation of migration
+ for the xl stack of Xen required SSH to be able to migrate the instance,
+ leading to a situation where full movement of an instance around the cluster
+ was not possible. This version fixes the issue by using socat to transfer
+ instance data. While socat is less secure than SSH, it is about as secure as
+ xm migrations, and occurs over the secondary network if present. As a
+ consequence of this change, Xen instance migrations using xl cannot occur
+ between nodes running 2.13.0 and 2.13.1.
+
+Other fixes and known issues
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Inherited from 2.12:
+
+- Fixed Issue #1082: RAPI is unresponsive after master-failover
+- Fixed Issue #1083: Cluster verify reports existing instance disks on
+ non-default VGs as missing
+- Fixed Issue #1101: Modifying the storage directory for the shared-file disk
+ template doesn't work
+- Fixed a possible file descriptor leak when forking jobs
+- Fixed missing private parameters in the environment for OS scripts
+- Fixed a performance regression when handling configuration
+ (only upgrade it if it changes)
+- Adapt for compilation with GHC7.8 (compiles with warnings;
+ cherrypicked from 2.14)
+
+Known issues:
+- Issue #1094: Mismatch in SSL encodings breaks RPC communication
+- Issue #1104: Export fails: key is too small
+
+
+Version 2.13.0
+--------------
+
+*(Released Tue, 28 Apr 2015)*
+
+Incompatible/important changes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Ganeti now internally retries the instance creation opcode if opportunistic
+ locking did not acquire nodes with enough free resources. The internal retry
+ will not use opportunistic locking. In particular, instance creation, even
+ if opportunistic locking is set, will never fail with ECODE_TEMP_NORES.
+- The handling of SSH security had undergone a significant change. From
+ this version on, each node has an individual SSH key pair instead of
+ sharing one with all nodes of the cluster. From now on, we also
+ restrict SSH access to master candidates. This means that only master
+ candidates can ssh into other cluster nodes and all
+ non-master-candidates cannot. Refer to the UPGRADE notes
+ for further instructions on the creation and distribution of the keys.
+- Ganeti now checks hypervisor version compatibility before trying an instance
+ migration. It errors out if the versions are not compatible. Add the option
+ --ignore-hvversions to restore the old behavior of only warning.
+- Node tags starting with htools:migration: or htools:allowmigration: now have
+ a special meaning to htools(1). See hbal(1) for details.
+- The LXC hypervisor code has been repaired and improved. Instances cannot be
+ migrated and cannot have more than one disk, but should otherwise work as
with
+ other hypervisors. OS script changes should not be necessary. LXC version
+ 1.0.0 or higher required.
+
+New features
+~~~~~~~~~~~~
+
+- A new job filter rules system allows to define iptables-like rules for the
+ job scheduler, making it easier to (soft-)drain the job queue, perform
+ maintenance, and rate-limit selected job types. See gnt-filter(8) for
+ details.
+- Ganeti jobs can now be ad-hoc rate limited via the reason trail.
+ For a set of jobs queued with "--reason=rate-limit:n:label", the job
+ scheduler ensures that not more than n will be scheduled to run at the same
+ time. See ganeti(7), section "Options", for details.
+- The monitoring daemon has now variable sleep times for the data
+ collectors. This currently means that the granularity of cpu-avg-load
+ can be configured.
+- The 'gnt-cluster verify' command now has the option
+ '--verify-ssh-clutter', which verifies whether Ganeti (accidentally)
+ cluttered up the 'authorized_keys' file.
+- Instance disks can now be converted from one disk template to another for
many
+ different template combinations. When available, more efficient conversions
+ will be used, otherwise the disks are simply copied over.
+
+New dependencies
+~~~~~~~~~~~~~~~~
+
+- The monitoring daemon uses the PSQueue library. Be sure to install it
+ if you use Mond.
+- The formerly optional regex-pcre is now an unconditional dependency because
+ the new job filter rules have regular expressions as a core feature.
+
+Since 2.13.0 rc1
+~~~~~~~~~~~~~~~~~~
+
+The following issues have been fixed:
+
+- Bugs related to ssh-key handling of master candidates (issues 1045,
+ 1046, 1047)
+
+Fixes inherited from the 2.12 branch:
+
+- Upgrade from old versions (2.5 and 2.6) was failing (issues 1070, 1019).
+- gnt-network info outputs wrong external reservations (issue 1068)
+- Refuse to demote master from master capability (issue 1023)
+
+
+ Version 2.12.5
+ --------------
+
+ *(Released Mon, 13 Jul 2015)*
+
+ Incompatible/important changes
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ - This release contains a fix for the problem that different encodings in
+ SSL certificates can break RPC communication (issue 1094). The fix makes
+ it necessary to rerun 'gnt-cluster renew-crypto --new-node-certificates'
+ after the cluster is fully upgraded to 2.12.5.
+
+ Fixed and improvements
+ ~~~~~~~~~~~~~~~~~~~~~~
+
+ - Fixed Issue #1030: GlusterFS support breaks at upgrade to 2.12 -
+ switches back to shared-file
+ - Fixed Issue #1094 (see the notice in Incompatible/important changes):
+ Differences in encodings of SSL certificates can render a cluster
+ uncommunicative after a master-failover
+ - Fixed Issue #1098: Support for ECDSA SSH keys
+ - Fixed Issue #1100: Filter-evaluation for run-time data filter
+ - Fixed Issue #1101: Modifying the storage directory for the shared-file
+ disk template doesn't work
+ - Fixed Issue #1108: Spurious "NIC name already used" errors during
+ instance creation
+ - Fixed Issue #1114: Binding RAPI to a specific IP makes the watcher
+ restart the RAPI
+ - Fixed Issue #1115: Race between starting WConfD and updating the config
+ - Better handling of the "crashed" Xen state
+ - The ``htools`` now properly work also on shared-storage clusters
+ - Various improvements to the documentation have been added
+
+ Inherited from the 2.11 branch:
+
+ - Fixed Issue #1113: Reduce amount of logging on successful requests
+
+ Known issues
+ ~~~~~~~~~~~~
+
+ - Issue #1104: gnt-backup: dh key too small
+
+
Version 2.12.4
--------------
diff --cc src/Ganeti/HTools/Cluster.hs
index 2e8f0ca,787d100..bdf40a3
--- a/src/Ganeti/HTools/Cluster.hs
+++ b/src/Ganeti/HTools/Cluster.hs
@@@ -685,23 -665,21 +688,19 @@@ checkInstanceMove opts nodes_idx ini_tb
primary_drained = Node.offline
. flip Container.find nl
$ Instance.pNode target
- all_moves =
- if disk_moves
- then concatMap (possibleMoves mir_type use_secondary inst_moves
- (rest_mig, primary_drained))
- nodes
- else []
+ all_moves = concatMap (possibleMoves mir_type use_secondary inst_moves
+ disk_moves (rest_mig, primary_drained)) nodes
in
-- iterate over the possible nodes for this instance
- foldl' (checkSingleStep ini_tbl target) aft_failover all_moves
+ foldl' (checkSingleStep force ini_tbl target) aft_failover all_moves
-- | Compute the best next move.
-checkMove :: [Ndx] -- ^ Allowed target node indices
- -> Bool -- ^ Whether disk moves are allowed
- -> Bool -- ^ Whether instance moves are allowed
- -> Bool -- ^ Whether migration is restricted
- -> Table -- ^ The current solution
- -> [Instance.Instance] -- ^ List of instances still to move
- -> Table -- ^ The new solution
-checkMove nodes_idx disk_moves inst_moves rest_mig ini_tbl victims =
+checkMove :: AlgorithmOptions -- ^ Algorithmic options for balancing
+ -> [Ndx] -- ^ Allowed target node indices
+ -> Table -- ^ The current solution
+ -> [Instance.Instance] -- ^ List of instances still to move
+ -> Table -- ^ The new solution
+checkMove opts nodes_idx ini_tbl victims =
let Table _ _ _ ini_plc = ini_tbl
-- we're using rwhnf from the Control.Parallel.Strategies
-- package; we don't need to use rnf as that would force too
--
Klaus Aehlig
Google Germany GmbH, Dienerstr. 12, 80331 Muenchen
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschaeftsfuehrer: Graham Law, Christine Elizabeth Flores
