Re: [PATCH stable-2.17] Update design doc of node security

Nitpicks, else LGTM. On Fri, Jan 29, 2016 at 1:07 PM, 'Helga Velroyen' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > This patch updates the design doc of Ganeti's node > security. It turned out that the solution of freezing > master capability is not feasible. This patch explains >

Re: Merge branch 'stable-2.15' into stable-2.16

LGTM, thanks! On Mon, Feb 1, 2016 at 1:03 PM, 'Klaus Aehlig' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > > commit 727bbeba35aeaf87804e3f78553e1eb8f5283459 > Merge: 05807f9 8e4b725 > Author: Klaus Aehlig > Date: Mon Feb 1 12:59:37 2016 +0100 > > Merge

Re: [PATCH stable-2.16] Update NEWS file for 2.16.0~beta2

Or just run 'autotools/check-news wrote: > > > On Wed, 27 Jan 2016 at 17:23 'Viktor Bachraty' via ganeti-devel < > ganeti-devel@googlegroups.com>

Re: [PATCH stable-2.16] Set block buffering for UDSServer

LGTM from my side as well. On Thu, Jan 21, 2016 at 6:26 PM, 'Brian Foley' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > On Thu, Jan 21, 2016 at 06:12:03PM +0100, Klaus Aehlig wrote: > > > > Hi Brian, > > > > > I wonder is a 1MB buffer per socket a little aggressive? > > > > Note

[MERGE] Merge branch 'stable-2.14' into stable-2.15

commit 0943565956b20980fa56d40fd1e942de7588c4a0 Merge: 56ffa79 115325f Author: Hrvoje Ribicic Date: Fri Jan 22 12:26:07 2016 +0100 Merge branch 'stable-2.14' into stable-2.15 * stable-2.14 Fix failover in case the source node is offline Signed-off-by:

[MERGE] Merge branch 'stable-2.15' into stable-2.16

commit 5bfbbd76a6810d035efb2ea2ad3ece74ea2f07df Merge: dd6f11c 4b7cd46 Author: Hrvoje Ribicic Date: Fri Jan 22 13:52:50 2016 +0100 Merge branch 'stable-2.15' into stable-2.16 * stable-2.15 (no changes) * stable-2.14 Fix failover in case the source

Re: Merge branch 'stable-2.17' into master

LGTM, thanks On Thu, Jan 21, 2016 at 2:30 PM, Klaus Aehlig wrote: > > > commit b9f723c34d53a810834b0542e90efc96699b91bb > Merge: 643c66b 5d93952 > Author: Klaus Aehlig > Date: Thu Jan 21 13:53:36 2016 +0100 > > Merge branch 'stable-2.17' into master

Re: [PATCH stable-2.14] Fix failover in case the source node is offline

LGTM, thanks On Wed, Jan 20, 2016 at 5:37 PM, Dimitris Aragiorgis wrote: > Commit ff74b60 closes instance disks on the source node before > doing a failover. In case the node is offline this is not possible. > This patch proceeds with the failover in case the source node >

Re: Merge branch 'stable-2.17' into master

On Jan 21, 2016 2:05 PM, "'Klaus Aehlig' via ganeti-devel" < ganeti-devel@googlegroups.com> wrote: > > > > commit 506c5b3a21a04f9e1c23bf4b1393153a5cfc3b25 > Merge: 643c66b 5d93952 > Author: Klaus Aehlig > Date: Thu Jan 21 13:53:36 2016 +0100 > > Merge branch 'stable-2.17'

Re: [PATCH stable-2.16] Set block buffering for UDSServer

On Thu, Jan 21, 2016 at 4:00 PM, 'Klaus Aehlig' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Commit b0a7e3771bfd changed sending of JSON-encoded answers > to standard String sending. This was necessary as converting > Strings to ByteStrings, even to lazy ones, fully enforced the >

Re: [PATCH master] Make logical_id available through basic RAPI call

The patch description is lacking some explanation or reasoning about why the logical IDs are being added to the query. It would be particularly valuable to have an example of which use cases they are meant to serve. This leads to my primary concern: that the logical IDs are an internal data

[PATCH master 2/2] Inform users of timed out cancelations

When multiple job cancel operations are executed at once, there is a chance for the contention to result in a job still in the canceling state at timeout time. Ganeti would emit a funny message: "Job could not be canceled, status JOB_STATUS_CANCELING" This patch explains what is happening,

Re: [PATCH stable-2.12] Increase minimal sizes of test online nodes

LGTM, thanks On Tue, Jan 12, 2016 at 6:06 PM, 'Klaus Aehlig' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > A lot of our tests work by generating a node and a > strictly smaller instance and then continue under > the assumption that the instance will fit on the node. > To obtain a

[PATCH master 1/2] Fix helper function name and documentation

As the name was a bit misleading. Signed-off-by: Hrvoje Ribicic --- src/Ganeti/JQueue.hs | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/Ganeti/JQueue.hs b/src/Ganeti/JQueue.hs index a3f9da2..5c24d92 100644 --- a/src/Ganeti/JQueue.hs +++

Re: [PATCH master] Fix happy version dependency for haskell-src-ext in precise.

On Mon, Jan 11, 2016 at 8:08 PM, 'Viktor Bachraty' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Signed-off-by: Viktor Bachraty > --- > devel/build_chroot | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/devel/build_chroot

Re: [PATCH stable-2.16] Fix typo 'option' instead of 'options'

LGTM, thanks On Tue, Jan 5, 2016 at 10:51 AM, 'Helga Velroyen' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Signed-off-by: Helga Velroyen > --- > NEWS | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/NEWS b/NEWS > index 1bf7d93..a6c9803

Re: Merge 'stable-2.16' to 'stable-2.17'

LGTM, thanks On Tue, Jan 5, 2016 at 11:51 AM, 'Helga Velroyen' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > commit 0d10936ea1741b381583dc1a03aac4816f3b6014 > Merge: cd0db80 23503ae > Author: Helga Velroyen > Date: Tue Jan 5 11:13:22 2016 +0100 > > Merge

[PATCH stable-2.12] Fix documentation for master-failover

The gnt-cluster manual still specified that arguments should be passed to the master daemon - one which no longer exists. This patch specifies the two new daemons to which arguments should be passed instead. Signed-off-by: Hrvoje Ribicic --- man/gnt-cluster.rst | 7 --- 1

Re: Merge 'stable-2.15' into 'stable-2.16'

LGTM - the nit might be better removed in a separate patch though. On Mon, Jan 4, 2016 at 5:11 PM, 'Helga Velroyen' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > commit 1f87aa036cd887e15240415d73c5ea5fc5b2e18a > Merge: ceb09b5 625c8ea > Author: Helga Velroyen >

Re: Urgent!!! Ganeti Verify couldn't be done

Hi Chencho, Sorry for the delayed response. I believe you've been hit by the following bug: https://code.google.com/p/ganeti/issues/detail?id=1159 To prevent this problem from occurring repeatedly, you can manually apply the attached patch (this is for 2.12, so you might have to fiddle around).

Re: Urgent!!! Ganeti Verify couldn't be done

The core principle of Ganeti is that VMs will continue to function regardless of Ganeti's behavior, so you do not have to worry about data loss for the time being. Just do not issue instance-affecting commands. Also, back up the /var/lib/ganeti/ directory in its entirety on all three nodes - it

[PATCH stable-2.11 2/2] Revision bump for 2.11.8

Signed-off-by: Hrvoje Ribicic --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 2548018..fe2fce3 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # Configure script for Ganeti

[PATCH stable-2.11 1/2] Update NEWS file for 2.11.8

With the security issues text and a list of minor issues. Signed-off-by: Hrvoje Ribicic --- NEWS | 60 1 file changed, 60 insertions(+) diff --git a/NEWS b/NEWS index 7f70a85..efd7703 100644 --- a/NEWS +++ b/NEWS @@

[PATCH stable-2.11 0/2] Release patches for 2.11.8

Hrvoje Ribicic (2): Update NEWS file for 2.11.8 Revision bump for 2.11.8 NEWS | 60 configure.ac | 2 +- 2 files changed, 61 insertions(+), 1 deletion(-) -- 2.6.0.rc2.230.g3dd15c0

Re: [PATCH master 06/10] Implement forkPostHooksProcess function

On Mon, Dec 7, 2015 at 5:33 AM, Oleg Ponomarev wrote: > Fixed by the interdiff: > > --- a/src/Ganeti/Query/Exec.hs > +++ b/src/Ganeti/Query/Exec.hs > @@ -346,7 +346,7 @@ forkJobProcess job luxiLivelock update = do >return fd > > -- | Forks the process and

Re: [PATCH master 02/10] Run global hooks in case of succesfull opcode execution

LGTM, thanks On Mon, Dec 7, 2015 at 6:37 AM, Oleg Ponomarev wrote: > > On 12/04/2015 07:34 PM, Hrvoje Ribicic wrote: > >> Furthermore, why assign it a value of None instead of self._GetNodeId by >> default? >> >> This way you do not have to check for the None value later

Re: Merge branch 'stable-2.16' into stable-2.17 (v2)

On Fri, Dec 4, 2015 at 11:04 AM, 'Lisa Velden' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > commit 8ee1eb8c1e9f691df2c3fa5eb0911d3e4602d46f > Merge: fa6fd0f 713f1cf > Author: Lisa Velden > Date: Fri Dec 4 14:57:39 2015 +0100 > > Merge branch 'stable-2.16'

Re: [PATCH master 02/10] Run global hooks in case of succesfull opcode execution

On Wed, Nov 25, 2015 at 11:16 AM, Oleg Ponomarev wrote: > What do you think about this interdiff? > > diff --git a/lib/mcpu.py b/lib/mcpu.py > index 28033d8..d807861 100644 > --- a/lib/mcpu.py > +++ b/lib/mcpu.py > @@ -721,7 +721,7 @@ class Processor(object): > > #

Re: [PATCH master 07/10] Implement python process ececuting global POST hooks

LGTM, thanks On Wed, Nov 25, 2015 at 11:58 AM, Oleg Ponomarev wrote: > The interdiff again: > > --- a/lib/jqueue/post_hooks_exec.py > +++ b/lib/jqueue/post_hooks_exec.py > @@ -28,11 +28,11 @@ > # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > > >

Re: [PATCH master 03/10] Execute POST-phase global hooks in case of failure

LGTM, thanks On Wed, Nov 25, 2015 at 11:37 AM, Oleg Ponomarev wrote: > --- a/lib/hooksmaster.py > +++ b/lib/hooksmaster.py > @@ -340,7 +340,8 @@ class HooksMaster(object): > > def ExecGlobalPostHooks(opcode, master_name, rpc_runner, log_fn, >

Re: [PATCH master 05/10] Divide forkJobProcess into several functions

LGTM, thanks On Wed, Nov 25, 2015 at 11:47 AM, Oleg Ponomarev wrote: > What do you thing about this interdiff? (commit message is also fixed) > > --- a/src/Ganeti/Query/Exec.hs > +++ b/src/Ganeti/Query/Exec.hs > @@ -136,7 +136,7 @@ runProcess :: JobId -- ^ a job to

Re: [PATCH master 08/10] Execute global POST hooks for disappeared job processes

LGTM still :) On Wed, Nov 25, 2015 at 12:00 PM, Oleg Ponomarev wrote: > *Commit message fixed* > > > On 11/24/2015 08:36 PM, Hrvoje Ribicic wrote: > > LGTM with a single nit. > > On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < >

Re: [PATCH master 01/11] Always pass node uuid's but not node name's to hooksmaster

LGTM with interdiff, thanks On Wed, Nov 25, 2015 at 8:08 AM, Oleg Ponomarev wrote: > Remarks fixed. > Finally, I decide to add assert and therefore fixed python tests. Here is > the interdiff: > > diff --git a/lib/hooksmaster.py b/lib/hooksmaster.py > index

Re: [PATCH master 01/10] Add global hooks support to the HooksMaster

LGTM with interdiffs On Wed, Nov 25, 2015 at 11:24 AM, Oleg Ponomarev wrote: > And one more interdiff: > > --- a/lib/hooksmaster.py > +++ b/lib/hooksmaster.py > @@ -163,7 +163,7 @@ class HooksMaster(object): > > """ > if node_list is None or not node_list: > -

Re: [PATCH master 09/10] Update design document for global hooks

LGTM, thanks On Wed, Nov 25, 2015 at 12:07 PM, Oleg Ponomarev wrote: > The interdiff... ...and the other files fixed in the corresponding patches. > > --- a/doc/design-global-hooks.rst > +++ b/doc/design-global-hooks.rst > @@ -85,7 +85,7 @@ process has dead, a new

Re: [PATCH master 11/11] Add QA tests for global hooks

LGTM, thanks On Thu, Nov 26, 2015 at 1:08 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Test 3 main cases of global post hooks usage: > - successful LU execution; > - LU with the prerequisites failed; > - disappeared LU process. > All the tests are

Re: [PATCH stable-2.15 2/8] testutils: add keys to own 'authorized_keys' file

On Tue, Nov 24, 2015 at 3:15 PM, 'Helga Velroyen' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > This patch updates the SSH testutils to match reality better. > So far, the test framework did not consider the fact that > the key of each node should be added to it's own >

Re: [PATCH master 09/10] Update design document for global hooks

LGTM with a few nits found upon rereading the text. On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Make the design document consistent with the current global post hooks > implementation. > > Signed-off-by: Oleg Ponomarev

Re: [PATCH master 02/10] Run global hooks in case of succesfull opcode execution

s/successfull/successful/ in the title of the patch. On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Run PRE and POST global hooks in case of succesful job execution on > successful > the master node and on the node_list provided by

Re: [PATCH master 01/10] Add global hooks support to the HooksMaster

Looks a lot better, just a few more minor things! On Tue, Nov 24, 2015 at 2:45 PM, Oleg Ponomarev wrote: > Interdiff for the hooksmaster: > > diff --git a/lib/hooksmaster.py b/lib/hooksmaster.py > index d1b4adb..d2de4b8 100644 > --- a/lib/hooksmaster.py > +++

Re: [PATCH master 01/11] Always pass node uuid's but not node name's to hooksmaster

On Tue, Nov 24, 2015 at 5:18 PM, Oleg Ponomarev wrote: > On 11/24/2015 05:06 PM, Hrvoje Ribicic wrote: > >> One possible improvement: we can consider asserting that all node_uuids >> passed are truly uuids whenever RunPhase is invoked. Or do you think this >> is too

Re: [PATCH master 03/10] Execute POST-phase global hooks in case of failure

LGTM with nitpick On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > All the errors encountered during an opcode execution are reported via > exceptions. Intercept all the exceptions and execute POST global hooks > with ERROR status. > >

Re: [PATCH master 04/10] Make SafeLoadJobFromDisk a @staticmethod

LGTM On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > SafeLoadJobFromDisk will be used in further patches in order to load > job files for jobs whose processes have disappeared. The functionality > will be used to run global post hooks

Re: [PATCH master 05/10] Divide forkJobProcess into several functions

On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > forkJobProcess implementation consist of several steps. Move each > logical consistent step into the generalized function in order to reuse > Fix up nits pointed out in previous review.

Re: [PATCH master 06/10] Implement forkPostHooksProcess function

LGTM with nit. On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > forkPostHooksProcess function will be used to create process running > global POST hooks for opcodes which job processes have disappeared. > > Signed-off-by: Oleg Ponomarev

Re: [PATCH master 07/10] Implement python process ececuting global POST hooks

LGTM with nits. Fix patch title - executing. On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Implement ppost_hooks_exec.py which has already been reffered to by > s/reffered/referred/ > forkPostHooksProcess. This python process

Re: [PATCH master 08/10] Execute global POST hooks for disappeared job processes

LGTM with a single nit. On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Start execution of global POST hooks as soon as the scheduler > finds out that job process has disappeared. > Sorry for missing this nit earlier: a job process

Re: [PATCH master 01/10] Add global hooks support to the HooksMaster

Fixing that - preferably in a patch before this one - would be great! On Tue, Nov 24, 2015 at 11:46 AM, Oleg Ponomarev wrote: > OK, and also in the hooksmaster itself even before my changes. > > On 11/23/2015 06:21 PM, Hrvoje Ribicic wrote: > >> >> How come? Where do the

Re: [PATCH master 01/10] Add global hooks support to the HooksMaster

On Tue, Nov 24, 2015 at 11:41 AM, Oleg Ponomarev wrote: > > > On 11/23/2015 06:21 PM, Hrvoje Ribicic wrote: > > > > On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < > ganeti-devel@googlegroups.com> wrote: > >> Add the

Re: [PATCH master 01/11] Always pass node uuid's but not node name's to hooksmaster

Minor nits, but the patch otherwise looks good. One possible improvement: we can consider asserting that all node_uuids passed are truly uuids whenever RunPhase is invoked. Or do you think this is too paranoid? Patch title change: uuids but not node names On Tue, Nov 24, 2015 at 2:48 PM, 'Oleg

Re: [PATCH master 01/10] Add global hooks support to the HooksMaster

On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Add the *glob* argument to the RunPhase function. With *glob* set to > True, HooksMaster runs global hooks instead of the opcode's hooks. The > global hooks should be placed in the

Re: Merge 'stable-2.15' to 'stable-2.16' (2nd try)

LGTM, thanks On Fri, Nov 20, 2015 at 2:08 PM, 'Helga Velroyen' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > commit 8337653769f617abfe39876d7cb794d68064ab13 > Merge: 2ebf4e8 598897c > Author: Helga Velroyen > Date: Fri Nov 20 11:34:44 2015 +0100 > > Merge

[PATCH stable-2.16 06/18] Add modify_ssh_setup to queryable config params

As this will be necessary for checking whether to create the ganeti_pub_keys file. Signed-off-by: Hrvoje Ribicic --- src/Ganeti/Query/Server.hs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Ganeti/Query/Server.hs b/src/Ganeti/Query/Server.hs index

[PATCH stable-2.16 04/18] Show info about new params in gnt-cluster info

With this patch, gnt-cluster info shows both the ssh key type and the key length. Signed-off-by: Hrvoje Ribicic --- lib/client/gnt_cluster.py | 2 ++ src/Ganeti/Query/Server.hs | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lib/client/gnt_cluster.py

[PATCH stable-2.16 09/18] Use the SSH key parameters when generating keys

This patch makes sure that the parameters introduced in previous patches propagates wherever SSH keys are generated and used, allowing Ganeti to use different types of SSH keys. With tis patch, the key type can be set only at cluster initialization time. Signed-off-by: Hrvoje Ribicic

Re: [PATCH stable-2.16 14/15] QA: Add ssh-key-type and -bits tests

> On Mon, 16 Nov 2015 at 10:09 Hrvoje Ribicic <r...@google.com> wrote: > >> On Fri, Nov 13, 2015 at 2:41 PM, Helga Velroyen <hel...@google.com> >> wrote: >> >>> >>> >>> On Fri, 13 Nov 2015 at 11:18 'Hrvoje Ribicic' via ganeti-devel < &g

Re: [PATCH stable-2.16 08/21] Do not generate the ganeti_pub_keys file with --no-ssh-init

USTER_NAME, self._MASTER_NODE_NAME, self._MODIFY_SSH_SETUP) self._get_online_nodes_mock = mock.Mock() self._get_online_nodes_mock.return_value = \ On Thu, Nov 19, 2015 at 2:47 PM, Helga Velroyen <hel...@google.com> wrote: > LGTM, thanks > > On Thu, 19 Nov 2015 at 1

Re: [PATCH stable-2.16 14/15] QA: Add ssh-key-type and -bits tests

sa") >> + _CheckLoginWithKey("/root/.ssh/id_rsa") >># And check that we cannot log in with the old key >>_CheckLoginWithKey(old_key_backup, fail=True) >> finally: >> >> >> On Tue, Nov 17, 2015 at 9:31 AM, Helga Velroy

Re: [PATCH stable-2.15] Don't keep input for error messages

NACK - the reason why optimization has been disabled should be added as a comment in the code as well as the commit message. On Thu, Nov 19, 2015 at 1:18 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > LGTM, thanks > > > On 11/19/2015 01:04 PM, 'Klaus Aehlig' via

Re: [PATCH stable-2.15] Don't keep input for error messages

That's fine by me. On Thu, Nov 19, 2015 at 2:31 PM, Klaus Aehlig <aeh...@google.com> wrote: > On Thu, Nov 19, 2015 at 02:15:10PM +0100, 'Hrvoje Ribicic' via > ganeti-devel wrote: > > NACK - the reason why optimization has been disabled should be added as a > > com

[PATCH stable-2.16 08/21] Do not generate the ganeti_pub_keys file with --no-ssh-init

Prior to this patch, gnt-cluster renew-crypto still created the ganeti_pub_keys file regardless of whether the cluster was initiated with --no-ssh-init or not. Instead, query the matching config parameter and build the file only if Ganeti manages SSH keys. Signed-off-by: Hrvoje Ribicic

[PATCH stable-2.16 05/21] Add helper function for querying cluster properties

As more and more configuration values will have to be made available via queries, this patch adds a small helper method for these. Signed-off-by: Hrvoje Ribicic --- src/Ganeti/Query/Server.hs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git

[PATCH stable-2.16 06/21] Add modify_ssh_setup to queryable config params

As this will be necessary for checking whether to create the ganeti_pub_keys file. Signed-off-by: Hrvoje Ribicic --- src/Ganeti/Query/Server.hs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Ganeti/Query/Server.hs b/src/Ganeti/Query/Server.hs index e2d770a..aff1c44

[PATCH stable-2.16 07/21] Add querying of ssh-related config values

To allow various command-line operations like renew-crypto and node adds to know how to generate SSH keys, some config values need to be queried outside of LUs. This patch adds the ssh_key_type and ssh_key_bits to the config values that can be queried. Signed-off-by: Hrvoje Ribicic

Re: [PATCH master 11/11] Update design document for global hooks

LGTM with nits On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Make the design document consistent with the current global post hooks > implementation. > > Signed-off-by: Oleg Ponomarev > --- >

Re: [PATCH master 07/11] Implement forkPostHooksProcess function

LGTM with nits. On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > forkPostHooksProcess function will be used to create process running > global POST hooks for opcodes which job processes have disappeared. > > Signed-off-by: Oleg

Re: [PATCH master 9/9] Execute global POST hooks for disappeared job processes

On Tue, Nov 3, 2015 at 8:05 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Start execution of global POST hooks as soon as scheduler > the scheduler > finds out that job process has disappeared. > > Signed-off-by: Oleg Ponomarev > --- >

Re: [PATCH master 09/11] Implement python process ececuting global POST hooks

Sorry for commenting on the first patch, more to follow: On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Implement ppost_hooks_exec.py which has already been reffered from > forkPostHooksProcess. This python process will be used in

Re: [PATCH master 8/9] Implement python process ececuting global POST hooks

Patch title: s/ececuting/executing/ On Tue, Nov 3, 2015 at 8:05 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Implement ppost_hooks_exec.py which has already been reffered from > referred to by > forkPostHooksProcess. This python process will be used in order

Re: [PATCH master 6/9] Divide forkJobProcess into several functions

On Tue, Nov 3, 2015 at 8:05 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > forkJobProcess implementation consist of several steps. Move each > The forkJobProcess ... consists ... > logical consistent step into the generalized function in order to reuse >

Re: [PATCH master 01/11] Add global hooks support to the HooksMaster

On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Add the *glob* argument to the RunPhase function. With *glob* set to > True, HooksMaster runs global hooks instead of per-opcode's hooks. The > Additional nit: s/per-opcode's/the

Re: [PATCH stable-2.15] Send answers strictly

LGTM, thanks On Mon, Nov 16, 2015 at 3:57 PM, 'Klaus Aehlig' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > When sending an answer over a domain socket, the recipient > won't process that answer anyway before it is complete. So > we can as well assemble one ByteString first and send

Re: [PATCH master 01/11] Add global hooks support to the HooksMaster

General comment: since the word "glob" has a surprising number of meanings, consider using "is_global" instead to make the code more readable. On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Add the *glob* argument to the RunPhase

Re: [PATCH master 02/11] Run global hooks in case of succesfull opcode execution

On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Run PRE and POST global hooks in case of succesfull job execution on > s/full/ful/, both here and in the commit title. > the master node and on the node_list provided by the logical

Re: [PATCH master 04/11] Always execute global hooks at least on the master node

General suggestion: this seems like the ideal bit of code to put in a separate function and unit test, and writing it that way would have made it very clear which corner cases you were trying to account for. As-is, this LGTM with the nitpick. Should you have the time, a test or two would be

Re: [PATCH master 03/11] Execute POST-phase global hooks in case of failure

On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > All the errors during an opcode execution are reported via exceptions. > errors encountered? > Except all the exceptions and execute POST global hooks with FAILED > Intercept all the

Re: [PATCH master 05/11] Make SafeLoadJobFromDisk a @staticmethod

LGTM with nit, thanks! On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > SafeLoadJobFromDisk will be used in further patches in order to load > job files for jobs which processes are disappeared. That will be > Nit: whose processes have

Re: [PATCH stable-2.16 08/15] Handle SSH key changes in upgrades and downgrades

On Fri, Nov 13, 2015 at 2:26 PM, Helga Velroyen <hel...@google.com> wrote: > > > On Fri, 13 Nov 2015 at 11:18 'Hrvoje Ribicic' via ganeti-devel < > ganeti-devel@googlegroups.com> wrote: > >> When performing an upgrade of an old cluster, it is necessary

Re: [PATCH stable-2.16 07/15] Allow SSH key property changes

On Fri, Nov 13, 2015 at 2:21 PM, Helga Velroyen <hel...@google.com> wrote: > > > On Fri, 13 Nov 2015 at 11:18 'Hrvoje Ribicic' via ganeti-devel < > ganeti-devel@googlegroups.com> wrote: > >> By explicitly specifying the old and new SSH key type in various >&

Re: [PATCH stable-2.16 14/15] QA: Add ssh-key-type and -bits tests

On Fri, Nov 13, 2015 at 2:41 PM, Helga Velroyen <hel...@google.com> wrote: > > > On Fri, 13 Nov 2015 at 11:18 'Hrvoje Ribicic' via ganeti-devel < > ganeti-devel@googlegroups.com> wrote: > >> This patch expands the testing of SSH key renewal by changing the key >

[PATCH stable-2.16 06/15] Use the SSH key parameters when generating keys

This patch makes sure that the parameters introduced in previous patches propagates wherever SSH keys are generated and used, allowing Ganeti to use different types of SSH keys. With tis patch, the key type can be set only at cluster initialization time. Signed-off-by: Hrvoje Ribicic

[PATCH stable-2.16 03/15] Add the SSH key type and length to the config, and set them

This patch uses the previously added CLI options to allow the key parameters to be specified at initialization time and saved in the configuration. Signed-off-by: Hrvoje Ribicic --- lib/bootstrap.py | 23 +-- lib/client/gnt_cluster.py | 12

[PATCH stable-2.16 15/15] Add entries describing new gnt-cluster params to manpage

And also sprinkle reminders of when to update them across the codebase. Signed-off-by: Hrvoje Ribicic --- lib/ssh.py | 1 + man/gnt-cluster.rst | 19 +++ src/Ganeti/Constants.hs | 1 + 3 files changed, 21 insertions(+) diff --git a/lib/ssh.py

[PATCH stable-2.16 07/15] Allow SSH key property changes

By explicitly specifying the old and new SSH key type in various renew-crypto operations, this patch allows the switching of SSH key types to take place during a SSH key renewal operation. Signed-off-by: Hrvoje Ribicic --- lib/backend.py | 28

[PATCH stable-2.16 14/15] QA: Add ssh-key-type and -bits tests

This patch expands the testing of SSH key renewal by changing the key type existing on a cluster during the QA. Signed-off-by: Hrvoje Ribicic --- qa/qa_cluster.py | 55 --- 1 file changed, 52 insertions(+), 3 deletions(-)

[PATCH stable-2.16 08/15] Handle SSH key changes in upgrades and downgrades

When performing an upgrade of an old cluster, it is necessary to set the SSH key parameters to the exact same values earlier versions implicitly used - DSA with 1024 bits. In the other direction, we simply do not permit downgrades if keys other than DSA are being used. Triggering a gnt-cluster

[PATCH stable-2.16 12/15] Remove default limit on diffs in cfgupgrade tests

These tests deal with large configuration files, and without the changes present in this patch, instead of a pretty git-style diff of two configurations, we get nothing. Signed-off-by: Hrvoje Ribicic --- test/py/cfgupgrade_unittest.py | 4 1 file changed, 4 insertions(+)

[PATCH stable-2.16 11/15] QA: Downgrade the cluster key type in 2.16

The downgrade/upgrade QA test starts from a freshly-built cluster which would have RSA keys in 2.16. Downgrading such a cluster is prevented by one of the preceding patches, for good reason, so this patch makes sure to switch to DSA keys before running the upgrade test. As this code is meant to

[PATCH stable-2.16 13/15] QA: Extend AssertCommand to allow not forwarding the agent

When testing SSH-related behavior in Ganeti, having the SSH agent forwarded in all the command-running utilities can produce spurious errors, or worse yet, allow real ones to sneak by. In this patch, the AssertCommand function is extended to allow disabling of agent forwarding. This also switches

[PATCH stable-2.16 10/15] Fix typo

Signed-off-by: Hrvoje Ribicic --- qa/qa_cluster.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qa/qa_cluster.py b/qa/qa_cluster.py index ac1d3a8..a0b553e 100644 --- a/qa/qa_cluster.py +++ b/qa/qa_cluster.py @@ -1371,7 +1371,7 @@ def TestUpgrade():

[PATCH stable-2.16 09/15] Fail early for invalid key type and size combinations

The ssh-keygen utility permits only some combinations of key types and bit sizes. As many more things can go wrong late in the renewal process, this patch introduces prerequisite checks mimicking those of ssh-keygen. Signed-off-by: Hrvoje Ribicic --- lib/client/gnt_cluster.py

Re: [PATCH stable-2.15] Store keys as ByteStrings

On Fri, Nov 13, 2015 at 10:32 AM, Klaus Aehlig wrote: > > Optional suggestions present, else LGTM. > > > > @@ -216,8 +218,9 @@ getOnlineNodes = filter (not . nodeOffline) . > F.toList > > > . configNodes > > > -- | Returns the default cluster link. > > > getDefaultNicLink ::

[PATCH stable-2.16 01/15] Add the SSH key options

The two options added in this patch are ssh-key-bits and ssh-key-type, which will control the length and type of key later. They are added to the gnt-cluster init and renew-crypto submethods. Signed-off-by: Hrvoje Ribicic --- lib/cli_opts.py | 13 +

[PATCH stable-2.16 02/15] Change SSH key types to a proper Haskell sum type

This will allow us to perform validation of opcode params that are SSH key types. Signed-off-by: Hrvoje Ribicic --- src/Ganeti/Constants.hs | 6 +++--- src/Ganeti/Types.hs | 11 +++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git

[PATCH stable-2.16 00/15] Add support for different SSH key types in Ganeti

This patch addresses the need to improve the SSH security of Ganeti by allowing different types and sizes of SSH keys - notably DSA, RSA, and ECDSA. Additional configuration parameters are added, and in a slight but practical departure from conventions so far, after initialization they can only

[PATCH stable-2.16 04/15] Show info about new params in gnt-cluster info

With this patch, gnt-cluster info shows both the ssh key type and the key length. Signed-off-by: Hrvoje Ribicic --- lib/client/gnt_cluster.py | 2 ++ src/Ganeti/Query/Server.hs | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lib/client/gnt_cluster.py

[PATCH stable-2.16 05/15] Add querying of ssh-related config values

To allow various command-line operations like renew-crypto and node adds to know how to generate SSH keys, some config values need to be queried outside of LUs. This patch adds the ssh_key_type and ssh_key_bits to the config values that can be queried. Signed-off-by: Hrvoje Ribicic

Re: [PATCH stable-2.15] Store keys as ByteStrings

Optional suggestions present, else LGTM. On Thu, Nov 12, 2015 at 5:46 PM, 'Klaus Aehlig' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > Keys to maps are only used to look up values, so > a compact representation does impact flexibility. > However, it does save on memory usage; having

Re: [PATCH stable-2.15 1/2] Prefer the UuidObject type class over specific functions

LGTM, thanks On Wed, Nov 11, 2015 at 5:27 PM, 'Klaus Aehlig' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > The UuidObject type class provides a clean interface to > obtain the UUID of an object. Prefer this interface over > hard-coding the specific functions all over the place. > >

Re: [PATCH stable-2.12] Revert "Also consider connection time out a network error"

LGTM, thanks. As discussed, we still have to see if we'll submit this or not after additional testing - let's see what is the lesser evil! On Tue, Nov 10, 2015 at 6:08 PM, 'Klaus Aehlig' via ganeti-devel < ganeti-devel@googlegroups.com> wrote: > This reverts commit

  1   2   3   4   5   6   7   8   9   >