On Thu, Jul 16, 2015 at 11:12:45AM +0200, 'Klaus Aehlig' via ganeti-devel wrote:
commit 497a63845db1fec2b0949d1bf0e2367c0bcca028 Merge: 4975195 991eb59 Author: Klaus Aehlig <[email protected]> Date: Thu Jul 16 11:07:44 2015 +0200 Merge branch 'stable-2.12' into stable-2.13 * stable-2.12 Bugfix in checkInstanceMove function in Cluster.hs Revision bump for 2.12.5 Update the NEWS file for 2.12.5 Update Xen documentation in install.rst Clarify need for the migration_port Xen param Conflicts: NEWS: take both new entries configure.ac: keep version and revision of stable-2.13 diff --cc NEWS index 9b0fa37,859afd8..f78db4f --- a/NEWS +++ b/NEWS @@@ -2,153 -2,50 +2,197 @@@ New ==== +Version 2.13.2 +-------------- + +*(Released Mon, 13 Jul 2015)* + +Incompatible/important changes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- This release contains a fix for the problem that different encodings in + SSL certificates can break RPC communication (issue 1094). The fix makes + it necessary to rerun 'gnt-cluster renew-crypto --new-node-certificates' + after the cluster is fully upgraded to 2.13.2 + +Other fixes and known issues +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Inherited from 2.12: + +- Fixed Issue #1115: Race between starting WConfD and updating the config +- Fixed Issue #1114: Binding RAPI to a specific IP makes the watcher + restart the RAPI +- Fixed Issue #1100: Filter-evaluation for run-time data filter +- Better handling of the "crashed" Xen state +- The watcher can be instructed to skip disk verification +- Reduce amount of logging on successful requests +- Prevent multiple communication NICs being created for instances +- The ``htools`` now properly work also on shared-storage clusters +- Instance moves now work properly also for the plain disk template +- Various improvements to the documentation have been added + +Known issues: +- Issue #1104: gnt-backup: dh key too small + + +Version 2.13.1 +-------------- + +*(Released Tue, 16 Jun 2015)* + +Incompatible/important changes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- The SSH security changes reduced the number of nodes which can SSH into + other nodes. Unfortunately enough, the Ganeti implementation of migration + for the xl stack of Xen required SSH to be able to migrate the instance, + leading to a situation where full movement of an instance around the cluster + was not possible. This version fixes the issue by using socat to transfer + instance data. While socat is less secure than SSH, it is about as secure as + xm migrations, and occurs over the secondary network if present. As a + consequence of this change, Xen instance migrations using xl cannot occur + between nodes running 2.13.0 and 2.13.1. + +Other fixes and known issues +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Inherited from 2.12: + +- Fixed Issue #1082: RAPI is unresponsive after master-failover +- Fixed Issue #1083: Cluster verify reports existing instance disks on + non-default VGs as missing +- Fixed Issue #1101: Modifying the storage directory for the shared-file disk + template doesn't work +- Fixed a possible file descriptor leak when forking jobs +- Fixed missing private parameters in the environment for OS scripts +- Fixed a performance regression when handling configuration + (only upgrade it if it changes) +- Adapt for compilation with GHC7.8 (compiles with warnings; + cherrypicked from 2.14) + +Known issues: +- Issue #1094: Mismatch in SSL encodings breaks RPC communication +- Issue #1104: Export fails: key is too small + + +Version 2.13.0 +-------------- + +*(Released Tue, 28 Apr 2015)* + +Incompatible/important changes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Ganeti now internally retries the instance creation opcode if opportunistic + locking did not acquire nodes with enough free resources. The internal retry + will not use opportunistic locking. In particular, instance creation, even + if opportunistic locking is set, will never fail with ECODE_TEMP_NORES. +- The handling of SSH security had undergone a significant change. From + this version on, each node has an individual SSH key pair instead of + sharing one with all nodes of the cluster. From now on, we also + restrict SSH access to master candidates. This means that only master + candidates can ssh into other cluster nodes and all + non-master-candidates cannot. Refer to the UPGRADE notes + for further instructions on the creation and distribution of the keys. +- Ganeti now checks hypervisor version compatibility before trying an instance + migration. It errors out if the versions are not compatible. Add the option + --ignore-hvversions to restore the old behavior of only warning. +- Node tags starting with htools:migration: or htools:allowmigration: now have + a special meaning to htools(1). See hbal(1) for details. +- The LXC hypervisor code has been repaired and improved. Instances cannot be + migrated and cannot have more than one disk, but should otherwise work as with + other hypervisors. OS script changes should not be necessary. LXC version + 1.0.0 or higher required. + +New features +~~~~~~~~~~~~ + +- A new job filter rules system allows to define iptables-like rules for the + job scheduler, making it easier to (soft-)drain the job queue, perform + maintenance, and rate-limit selected job types. See gnt-filter(8) for + details. +- Ganeti jobs can now be ad-hoc rate limited via the reason trail. + For a set of jobs queued with "--reason=rate-limit:n:label", the job + scheduler ensures that not more than n will be scheduled to run at the same + time. See ganeti(7), section "Options", for details. +- The monitoring daemon has now variable sleep times for the data + collectors. This currently means that the granularity of cpu-avg-load + can be configured. +- The 'gnt-cluster verify' command now has the option + '--verify-ssh-clutter', which verifies whether Ganeti (accidentally) + cluttered up the 'authorized_keys' file. +- Instance disks can now be converted from one disk template to another for many + different template combinations. When available, more efficient conversions + will be used, otherwise the disks are simply copied over. + +New dependencies +~~~~~~~~~~~~~~~~ + +- The monitoring daemon uses the PSQueue library. Be sure to install it + if you use Mond. +- The formerly optional regex-pcre is now an unconditional dependency because + the new job filter rules have regular expressions as a core feature. + +Since 2.13.0 rc1 +~~~~~~~~~~~~~~~~~~ + +The following issues have been fixed: + +- Bugs related to ssh-key handling of master candidates (issues 1045, + 1046, 1047) + +Fixes inherited from the 2.12 branch: + +- Upgrade from old versions (2.5 and 2.6) was failing (issues 1070, 1019). +- gnt-network info outputs wrong external reservations (issue 1068) +- Refuse to demote master from master capability (issue 1023) + + + Version 2.12.5 + -------------- + + *(Released Mon, 13 Jul 2015)* + + Incompatible/important changes + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + - This release contains a fix for the problem that different encodings in + SSL certificates can break RPC communication (issue 1094). The fix makes + it necessary to rerun 'gnt-cluster renew-crypto --new-node-certificates' + after the cluster is fully upgraded to 2.12.5. + + Fixed and improvements + ~~~~~~~~~~~~~~~~~~~~~~ + + - Fixed Issue #1030: GlusterFS support breaks at upgrade to 2.12 - + switches back to shared-file + - Fixed Issue #1094 (see the notice in Incompatible/important changes): + Differences in encodings of SSL certificates can render a cluster + uncommunicative after a master-failover + - Fixed Issue #1098: Support for ECDSA SSH keys + - Fixed Issue #1100: Filter-evaluation for run-time data filter + - Fixed Issue #1101: Modifying the storage directory for the shared-file + disk template doesn't work + - Fixed Issue #1108: Spurious "NIC name already used" errors during + instance creation + - Fixed Issue #1114: Binding RAPI to a specific IP makes the watcher + restart the RAPI + - Fixed Issue #1115: Race between starting WConfD and updating the config + - Better handling of the "crashed" Xen state + - The ``htools`` now properly work also on shared-storage clusters + - Various improvements to the documentation have been added + + Inherited from the 2.11 branch: + + - Fixed Issue #1113: Reduce amount of logging on successful requests + + Known issues + ~~~~~~~~~~~~ + + - Issue #1104: gnt-backup: dh key too small + + Version 2.12.4 -------------- diff --cc src/Ganeti/HTools/Cluster.hs index 2e8f0ca,787d100..bdf40a3 --- a/src/Ganeti/HTools/Cluster.hs +++ b/src/Ganeti/HTools/Cluster.hs @@@ -685,23 -665,21 +688,19 @@@ checkInstanceMove opts nodes_idx ini_tb primary_drained = Node.offline . flip Container.find nl $ Instance.pNode target - all_moves = - if disk_moves - then concatMap (possibleMoves mir_type use_secondary inst_moves - (rest_mig, primary_drained)) - nodes - else [] + all_moves = concatMap (possibleMoves mir_type use_secondary inst_moves + disk_moves (rest_mig, primary_drained)) nodes in -- iterate over the possible nodes for this instance - foldl' (checkSingleStep ini_tbl target) aft_failover all_moves + foldl' (checkSingleStep force ini_tbl target) aft_failover all_moves -- | Compute the best next move. -checkMove :: [Ndx] -- ^ Allowed target node indices - -> Bool -- ^ Whether disk moves are allowed - -> Bool -- ^ Whether instance moves are allowed - -> Bool -- ^ Whether migration is restricted - -> Table -- ^ The current solution - -> [Instance.Instance] -- ^ List of instances still to move - -> Table -- ^ The new solution -checkMove nodes_idx disk_moves inst_moves rest_mig ini_tbl victims = +checkMove :: AlgorithmOptions -- ^ Algorithmic options for balancing + -> [Ndx] -- ^ Allowed target node indices + -> Table -- ^ The current solution + -> [Instance.Instance] -- ^ List of instances still to move + -> Table -- ^ The new solution +checkMove opts nodes_idx ini_tbl victims = let Table _ _ _ ini_plc = ini_tbl -- we're using rwhnf from the Control.Parallel.Strategies -- package; we don't need to use rnf as that would force too -- Klaus Aehlig Google Germany GmbH, Dienerstr. 12, 80331 Muenchen Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschaeftsfuehrer: Graham Law, Christine Elizabeth Flores
LGTM, thanks
