Nitpicks, else LGTM.
On Fri, Jan 29, 2016 at 1:07 PM, 'Helga Velroyen' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> This patch updates the design doc of Ganeti's node
> security. It turned out that the solution of freezing
> master capability is not feasible. This patch explains
>
LGTM, thanks!
On Mon, Feb 1, 2016 at 1:03 PM, 'Klaus Aehlig' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
>
> commit 727bbeba35aeaf87804e3f78553e1eb8f5283459
> Merge: 05807f9 8e4b725
> Author: Klaus Aehlig
> Date: Mon Feb 1 12:59:37 2016 +0100
>
> Merge
Or just run 'autotools/check-news wrote:
>
>
> On Wed, 27 Jan 2016 at 17:23 'Viktor Bachraty' via ganeti-devel <
> ganeti-devel@googlegroups.com>
LGTM from my side as well.
On Thu, Jan 21, 2016 at 6:26 PM, 'Brian Foley' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> On Thu, Jan 21, 2016 at 06:12:03PM +0100, Klaus Aehlig wrote:
> >
> > Hi Brian,
> >
> > > I wonder is a 1MB buffer per socket a little aggressive?
> >
> > Note
commit 0943565956b20980fa56d40fd1e942de7588c4a0
Merge: 56ffa79 115325f
Author: Hrvoje Ribicic
Date: Fri Jan 22 12:26:07 2016 +0100
Merge branch 'stable-2.14' into stable-2.15
* stable-2.14
Fix failover in case the source node is offline
Signed-off-by:
commit 5bfbbd76a6810d035efb2ea2ad3ece74ea2f07df
Merge: dd6f11c 4b7cd46
Author: Hrvoje Ribicic
Date: Fri Jan 22 13:52:50 2016 +0100
Merge branch 'stable-2.15' into stable-2.16
* stable-2.15
(no changes)
* stable-2.14
Fix failover in case the source
LGTM, thanks
On Thu, Jan 21, 2016 at 2:30 PM, Klaus Aehlig wrote:
>
>
> commit b9f723c34d53a810834b0542e90efc96699b91bb
> Merge: 643c66b 5d93952
> Author: Klaus Aehlig
> Date: Thu Jan 21 13:53:36 2016 +0100
>
> Merge branch 'stable-2.17' into master
LGTM, thanks
On Wed, Jan 20, 2016 at 5:37 PM, Dimitris Aragiorgis
wrote:
> Commit ff74b60 closes instance disks on the source node before
> doing a failover. In case the node is offline this is not possible.
> This patch proceeds with the failover in case the source node
>
On Jan 21, 2016 2:05 PM, "'Klaus Aehlig' via ganeti-devel" <
ganeti-devel@googlegroups.com> wrote:
>
>
>
> commit 506c5b3a21a04f9e1c23bf4b1393153a5cfc3b25
> Merge: 643c66b 5d93952
> Author: Klaus Aehlig
> Date: Thu Jan 21 13:53:36 2016 +0100
>
> Merge branch 'stable-2.17'
On Thu, Jan 21, 2016 at 4:00 PM, 'Klaus Aehlig' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Commit b0a7e3771bfd changed sending of JSON-encoded answers
> to standard String sending. This was necessary as converting
> Strings to ByteStrings, even to lazy ones, fully enforced the
>
The patch description is lacking some explanation or reasoning about why
the logical IDs are being added to the query. It would be particularly
valuable to have an example of which use cases they are meant to serve.
This leads to my primary concern: that the logical IDs are an internal data
When multiple job cancel operations are executed at once, there is a
chance for the contention to result in a job still in the canceling
state at timeout time. Ganeti would emit a funny message:
"Job could not be canceled, status JOB_STATUS_CANCELING"
This patch explains what is happening,
LGTM, thanks
On Tue, Jan 12, 2016 at 6:06 PM, 'Klaus Aehlig' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> A lot of our tests work by generating a node and a
> strictly smaller instance and then continue under
> the assumption that the instance will fit on the node.
> To obtain a
As the name was a bit misleading.
Signed-off-by: Hrvoje Ribicic
---
src/Ganeti/JQueue.hs | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/Ganeti/JQueue.hs b/src/Ganeti/JQueue.hs
index a3f9da2..5c24d92 100644
--- a/src/Ganeti/JQueue.hs
+++
On Mon, Jan 11, 2016 at 8:08 PM, 'Viktor Bachraty' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Signed-off-by: Viktor Bachraty
> ---
> devel/build_chroot | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/devel/build_chroot
LGTM, thanks
On Tue, Jan 5, 2016 at 10:51 AM, 'Helga Velroyen' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Signed-off-by: Helga Velroyen
> ---
> NEWS | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/NEWS b/NEWS
> index 1bf7d93..a6c9803
LGTM, thanks
On Tue, Jan 5, 2016 at 11:51 AM, 'Helga Velroyen' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> commit 0d10936ea1741b381583dc1a03aac4816f3b6014
> Merge: cd0db80 23503ae
> Author: Helga Velroyen
> Date: Tue Jan 5 11:13:22 2016 +0100
>
> Merge
The gnt-cluster manual still specified that arguments should be passed
to the master daemon - one which no longer exists. This patch specifies
the two new daemons to which arguments should be passed instead.
Signed-off-by: Hrvoje Ribicic
---
man/gnt-cluster.rst | 7 ---
1
LGTM - the nit might be better removed in a separate patch though.
On Mon, Jan 4, 2016 at 5:11 PM, 'Helga Velroyen' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> commit 1f87aa036cd887e15240415d73c5ea5fc5b2e18a
> Merge: ceb09b5 625c8ea
> Author: Helga Velroyen
>
Hi Chencho,
Sorry for the delayed response. I believe you've been hit by the following
bug:
https://code.google.com/p/ganeti/issues/detail?id=1159
To prevent this problem from occurring repeatedly, you can manually apply
the attached patch (this is for 2.12, so you might have to fiddle around).
The core principle of Ganeti is that VMs will continue to function
regardless of Ganeti's behavior, so you do not have to worry about data
loss for the time being. Just do not issue instance-affecting commands.
Also, back up the /var/lib/ganeti/ directory in its entirety on all three
nodes - it
Signed-off-by: Hrvoje Ribicic
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 2548018..fe2fce3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
# Configure script for Ganeti
With the security issues text and a list of minor issues.
Signed-off-by: Hrvoje Ribicic
---
NEWS | 60
1 file changed, 60 insertions(+)
diff --git a/NEWS b/NEWS
index 7f70a85..efd7703 100644
--- a/NEWS
+++ b/NEWS
@@
Hrvoje Ribicic (2):
Update NEWS file for 2.11.8
Revision bump for 2.11.8
NEWS | 60
configure.ac | 2 +-
2 files changed, 61 insertions(+), 1 deletion(-)
--
2.6.0.rc2.230.g3dd15c0
On Mon, Dec 7, 2015 at 5:33 AM, Oleg Ponomarev
wrote:
> Fixed by the interdiff:
>
> --- a/src/Ganeti/Query/Exec.hs
> +++ b/src/Ganeti/Query/Exec.hs
> @@ -346,7 +346,7 @@ forkJobProcess job luxiLivelock update = do
>return fd
>
> -- | Forks the process and
LGTM, thanks
On Mon, Dec 7, 2015 at 6:37 AM, Oleg Ponomarev
wrote:
>
> On 12/04/2015 07:34 PM, Hrvoje Ribicic wrote:
>
>> Furthermore, why assign it a value of None instead of self._GetNodeId by
>> default?
>>
>> This way you do not have to check for the None value later
On Fri, Dec 4, 2015 at 11:04 AM, 'Lisa Velden' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> commit 8ee1eb8c1e9f691df2c3fa5eb0911d3e4602d46f
> Merge: fa6fd0f 713f1cf
> Author: Lisa Velden
> Date: Fri Dec 4 14:57:39 2015 +0100
>
> Merge branch 'stable-2.16'
On Wed, Nov 25, 2015 at 11:16 AM, Oleg Ponomarev
wrote:
> What do you think about this interdiff?
>
> diff --git a/lib/mcpu.py b/lib/mcpu.py
> index 28033d8..d807861 100644
> --- a/lib/mcpu.py
> +++ b/lib/mcpu.py
> @@ -721,7 +721,7 @@ class Processor(object):
>
> #
LGTM, thanks
On Wed, Nov 25, 2015 at 11:58 AM, Oleg Ponomarev
wrote:
> The interdiff again:
>
> --- a/lib/jqueue/post_hooks_exec.py
> +++ b/lib/jqueue/post_hooks_exec.py
> @@ -28,11 +28,11 @@
> # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
>
>
>
LGTM, thanks
On Wed, Nov 25, 2015 at 11:37 AM, Oleg Ponomarev
wrote:
> --- a/lib/hooksmaster.py
> +++ b/lib/hooksmaster.py
> @@ -340,7 +340,8 @@ class HooksMaster(object):
>
> def ExecGlobalPostHooks(opcode, master_name, rpc_runner, log_fn,
>
LGTM, thanks
On Wed, Nov 25, 2015 at 11:47 AM, Oleg Ponomarev
wrote:
> What do you thing about this interdiff? (commit message is also fixed)
>
> --- a/src/Ganeti/Query/Exec.hs
> +++ b/src/Ganeti/Query/Exec.hs
> @@ -136,7 +136,7 @@ runProcess :: JobId -- ^ a job to
LGTM still :)
On Wed, Nov 25, 2015 at 12:00 PM, Oleg Ponomarev
wrote:
> *Commit message fixed*
>
>
> On 11/24/2015 08:36 PM, Hrvoje Ribicic wrote:
>
> LGTM with a single nit.
>
> On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
>
LGTM with interdiff, thanks
On Wed, Nov 25, 2015 at 8:08 AM, Oleg Ponomarev
wrote:
> Remarks fixed.
> Finally, I decide to add assert and therefore fixed python tests. Here is
> the interdiff:
>
> diff --git a/lib/hooksmaster.py b/lib/hooksmaster.py
> index
LGTM with interdiffs
On Wed, Nov 25, 2015 at 11:24 AM, Oleg Ponomarev
wrote:
> And one more interdiff:
>
> --- a/lib/hooksmaster.py
> +++ b/lib/hooksmaster.py
> @@ -163,7 +163,7 @@ class HooksMaster(object):
>
> """
> if node_list is None or not node_list:
> -
LGTM, thanks
On Wed, Nov 25, 2015 at 12:07 PM, Oleg Ponomarev
wrote:
> The interdiff... ...and the other files fixed in the corresponding patches.
>
> --- a/doc/design-global-hooks.rst
> +++ b/doc/design-global-hooks.rst
> @@ -85,7 +85,7 @@ process has dead, a new
LGTM, thanks
On Thu, Nov 26, 2015 at 1:08 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Test 3 main cases of global post hooks usage:
> - successful LU execution;
> - LU with the prerequisites failed;
> - disappeared LU process.
> All the tests are
On Tue, Nov 24, 2015 at 3:15 PM, 'Helga Velroyen' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> This patch updates the SSH testutils to match reality better.
> So far, the test framework did not consider the fact that
> the key of each node should be added to it's own
>
LGTM with a few nits found upon rereading the text.
On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Make the design document consistent with the current global post hooks
> implementation.
>
> Signed-off-by: Oleg Ponomarev
s/successfull/successful/ in the title of the patch.
On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Run PRE and POST global hooks in case of succesful job execution on
>
successful
> the master node and on the node_list provided by
Looks a lot better, just a few more minor things!
On Tue, Nov 24, 2015 at 2:45 PM, Oleg Ponomarev
wrote:
> Interdiff for the hooksmaster:
>
> diff --git a/lib/hooksmaster.py b/lib/hooksmaster.py
> index d1b4adb..d2de4b8 100644
> --- a/lib/hooksmaster.py
> +++
On Tue, Nov 24, 2015 at 5:18 PM, Oleg Ponomarev
wrote:
> On 11/24/2015 05:06 PM, Hrvoje Ribicic wrote:
>
>> One possible improvement: we can consider asserting that all node_uuids
>> passed are truly uuids whenever RunPhase is invoked. Or do you think this
>> is too
LGTM with nitpick
On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> All the errors encountered during an opcode execution are reported via
> exceptions. Intercept all the exceptions and execute POST global hooks
> with ERROR status.
>
>
LGTM
On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> SafeLoadJobFromDisk will be used in further patches in order to load
> job files for jobs whose processes have disappeared. The functionality
> will be used to run global post hooks
On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> forkJobProcess implementation consist of several steps. Move each
> logical consistent step into the generalized function in order to reuse
>
Fix up nits pointed out in previous review.
LGTM with nit.
On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> forkPostHooksProcess function will be used to create process running
> global POST hooks for opcodes which job processes have disappeared.
>
> Signed-off-by: Oleg Ponomarev
LGTM with nits.
Fix patch title - executing.
On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Implement ppost_hooks_exec.py which has already been reffered to by
>
s/reffered/referred/
> forkPostHooksProcess. This python process
LGTM with a single nit.
On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Start execution of global POST hooks as soon as the scheduler
> finds out that job process has disappeared.
>
Sorry for missing this nit earlier: a job process
Fixing that - preferably in a patch before this one - would be great!
On Tue, Nov 24, 2015 at 11:46 AM, Oleg Ponomarev
wrote:
> OK, and also in the hooksmaster itself even before my changes.
>
> On 11/23/2015 06:21 PM, Hrvoje Ribicic wrote:
>
>>
>> How come? Where do the
On Tue, Nov 24, 2015 at 11:41 AM, Oleg Ponomarev
wrote:
>
>
> On 11/23/2015 06:21 PM, Hrvoje Ribicic wrote:
>
>
>
> On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
> ganeti-devel@googlegroups.com> wrote:
>
>> Add the
Minor nits, but the patch otherwise looks good.
One possible improvement: we can consider asserting that all node_uuids
passed are truly uuids whenever RunPhase is invoked. Or do you think this
is too paranoid?
Patch title change: uuids but not node names
On Tue, Nov 24, 2015 at 2:48 PM, 'Oleg
On Fri, Nov 20, 2015 at 5:11 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Add the *glob* argument to the RunPhase function. With *glob* set to
> True, HooksMaster runs global hooks instead of the opcode's hooks. The
> global hooks should be placed in the
LGTM, thanks
On Fri, Nov 20, 2015 at 2:08 PM, 'Helga Velroyen' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> commit 8337653769f617abfe39876d7cb794d68064ab13
> Merge: 2ebf4e8 598897c
> Author: Helga Velroyen
> Date: Fri Nov 20 11:34:44 2015 +0100
>
> Merge
As this will be necessary for checking whether to create the
ganeti_pub_keys file.
Signed-off-by: Hrvoje Ribicic
---
src/Ganeti/Query/Server.hs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/Ganeti/Query/Server.hs b/src/Ganeti/Query/Server.hs
index
With this patch, gnt-cluster info shows both the ssh key type and the
key length.
Signed-off-by: Hrvoje Ribicic
---
lib/client/gnt_cluster.py | 2 ++
src/Ganeti/Query/Server.hs | 2 ++
2 files changed, 4 insertions(+)
diff --git a/lib/client/gnt_cluster.py
This patch makes sure that the parameters introduced in previous
patches propagates wherever SSH keys are generated and used, allowing
Ganeti to use different types of SSH keys. With tis patch, the key type
can be set only at cluster initialization time.
Signed-off-by: Hrvoje Ribicic
> On Mon, 16 Nov 2015 at 10:09 Hrvoje Ribicic <r...@google.com> wrote:
>
>> On Fri, Nov 13, 2015 at 2:41 PM, Helga Velroyen <hel...@google.com>
>> wrote:
>>
>>>
>>>
>>> On Fri, 13 Nov 2015 at 11:18 'Hrvoje Ribicic' via ganeti-devel <
&g
USTER_NAME, self._MASTER_NODE_NAME, self._MODIFY_SSH_SETUP)
self._get_online_nodes_mock = mock.Mock()
self._get_online_nodes_mock.return_value = \
On Thu, Nov 19, 2015 at 2:47 PM, Helga Velroyen <hel...@google.com> wrote:
> LGTM, thanks
>
> On Thu, 19 Nov 2015 at 1
sa")
>> + _CheckLoginWithKey("/root/.ssh/id_rsa")
>># And check that we cannot log in with the old key
>>_CheckLoginWithKey(old_key_backup, fail=True)
>> finally:
>>
>>
>> On Tue, Nov 17, 2015 at 9:31 AM, Helga Velroy
NACK - the reason why optimization has been disabled should be added as a
comment in the code as well as the commit message.
On Thu, Nov 19, 2015 at 1:18 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> LGTM, thanks
>
>
> On 11/19/2015 01:04 PM, 'Klaus Aehlig' via
That's fine by me.
On Thu, Nov 19, 2015 at 2:31 PM, Klaus Aehlig <aeh...@google.com> wrote:
> On Thu, Nov 19, 2015 at 02:15:10PM +0100, 'Hrvoje Ribicic' via
> ganeti-devel wrote:
> > NACK - the reason why optimization has been disabled should be added as a
> > com
Prior to this patch, gnt-cluster renew-crypto still created the
ganeti_pub_keys file regardless of whether the cluster was initiated
with --no-ssh-init or not. Instead, query the matching config parameter
and build the file only if Ganeti manages SSH keys.
Signed-off-by: Hrvoje Ribicic
As more and more configuration values will have to be made available via
queries, this patch adds a small helper method for these.
Signed-off-by: Hrvoje Ribicic
---
src/Ganeti/Query/Server.hs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
As this will be necessary for checking whether to create the
ganeti_pub_keys file.
Signed-off-by: Hrvoje Ribicic
---
src/Ganeti/Query/Server.hs | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/Ganeti/Query/Server.hs b/src/Ganeti/Query/Server.hs
index e2d770a..aff1c44
To allow various command-line operations like renew-crypto and node
adds to know how to generate SSH keys, some config values need to be
queried outside of LUs. This patch adds the ssh_key_type and
ssh_key_bits to the config values that can be queried.
Signed-off-by: Hrvoje Ribicic
LGTM with nits
On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Make the design document consistent with the current global post hooks
> implementation.
>
> Signed-off-by: Oleg Ponomarev
> ---
>
LGTM with nits.
On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> forkPostHooksProcess function will be used to create process running
> global POST hooks for opcodes which job processes have disappeared.
>
> Signed-off-by: Oleg
On Tue, Nov 3, 2015 at 8:05 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Start execution of global POST hooks as soon as scheduler
>
the scheduler
> finds out that job process has disappeared.
>
> Signed-off-by: Oleg Ponomarev
> ---
>
Sorry for commenting on the first patch, more to follow:
On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Implement ppost_hooks_exec.py which has already been reffered from
> forkPostHooksProcess. This python process will be used in
Patch title: s/ececuting/executing/
On Tue, Nov 3, 2015 at 8:05 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Implement ppost_hooks_exec.py which has already been reffered from
>
referred to by
> forkPostHooksProcess. This python process will be used in order
On Tue, Nov 3, 2015 at 8:05 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> forkJobProcess implementation consist of several steps. Move each
>
The forkJobProcess ... consists ...
> logical consistent step into the generalized function in order to reuse
>
On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Add the *glob* argument to the RunPhase function. With *glob* set to
> True, HooksMaster runs global hooks instead of per-opcode's hooks. The
>
Additional nit: s/per-opcode's/the
LGTM, thanks
On Mon, Nov 16, 2015 at 3:57 PM, 'Klaus Aehlig' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> When sending an answer over a domain socket, the recipient
> won't process that answer anyway before it is complete. So
> we can as well assemble one ByteString first and send
General comment: since the word "glob" has a surprising number of meanings,
consider using "is_global" instead to make the code more readable.
On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Add the *glob* argument to the RunPhase
On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Run PRE and POST global hooks in case of succesfull job execution on
>
s/full/ful/, both here and in the commit title.
> the master node and on the node_list provided by the logical
General suggestion: this seems like the ideal bit of code to put in a
separate function and unit test, and writing it that way would have made it
very clear which corner cases you were trying to account for.
As-is, this LGTM with the nitpick. Should you have the time, a test or two
would be
On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> All the errors during an opcode execution are reported via exceptions.
>
errors encountered?
> Except all the exceptions and execute POST global hooks with FAILED
>
Intercept all the
LGTM with nit, thanks!
On Tue, Nov 10, 2015 at 3:56 PM, 'Oleg Ponomarev' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> SafeLoadJobFromDisk will be used in further patches in order to load
> job files for jobs which processes are disappeared. That will be
>
Nit: whose processes have
On Fri, Nov 13, 2015 at 2:26 PM, Helga Velroyen <hel...@google.com> wrote:
>
>
> On Fri, 13 Nov 2015 at 11:18 'Hrvoje Ribicic' via ganeti-devel <
> ganeti-devel@googlegroups.com> wrote:
>
>> When performing an upgrade of an old cluster, it is necessary
On Fri, Nov 13, 2015 at 2:21 PM, Helga Velroyen <hel...@google.com> wrote:
>
>
> On Fri, 13 Nov 2015 at 11:18 'Hrvoje Ribicic' via ganeti-devel <
> ganeti-devel@googlegroups.com> wrote:
>
>> By explicitly specifying the old and new SSH key type in various
>&
On Fri, Nov 13, 2015 at 2:41 PM, Helga Velroyen <hel...@google.com> wrote:
>
>
> On Fri, 13 Nov 2015 at 11:18 'Hrvoje Ribicic' via ganeti-devel <
> ganeti-devel@googlegroups.com> wrote:
>
>> This patch expands the testing of SSH key renewal by changing the key
>
This patch makes sure that the parameters introduced in previous
patches propagates wherever SSH keys are generated and used, allowing
Ganeti to use different types of SSH keys. With tis patch, the key type
can be set only at cluster initialization time.
Signed-off-by: Hrvoje Ribicic
This patch uses the previously added CLI options to allow the key
parameters to be specified at initialization time and saved in the
configuration.
Signed-off-by: Hrvoje Ribicic
---
lib/bootstrap.py | 23 +--
lib/client/gnt_cluster.py | 12
And also sprinkle reminders of when to update them across the codebase.
Signed-off-by: Hrvoje Ribicic
---
lib/ssh.py | 1 +
man/gnt-cluster.rst | 19 +++
src/Ganeti/Constants.hs | 1 +
3 files changed, 21 insertions(+)
diff --git a/lib/ssh.py
By explicitly specifying the old and new SSH key type in various
renew-crypto operations, this patch allows the switching of SSH key
types to take place during a SSH key renewal operation.
Signed-off-by: Hrvoje Ribicic
---
lib/backend.py | 28
This patch expands the testing of SSH key renewal by changing the key
type existing on a cluster during the QA.
Signed-off-by: Hrvoje Ribicic
---
qa/qa_cluster.py | 55 ---
1 file changed, 52 insertions(+), 3 deletions(-)
When performing an upgrade of an old cluster, it is necessary to set
the SSH key parameters to the exact same values earlier versions
implicitly used - DSA with 1024 bits.
In the other direction, we simply do not permit downgrades if keys
other than DSA are being used. Triggering a gnt-cluster
These tests deal with large configuration files, and without the
changes present in this patch, instead of a pretty git-style diff of
two configurations, we get nothing.
Signed-off-by: Hrvoje Ribicic
---
test/py/cfgupgrade_unittest.py | 4
1 file changed, 4 insertions(+)
The downgrade/upgrade QA test starts from a freshly-built cluster which
would have RSA keys in 2.16. Downgrading such a cluster is prevented by
one of the preceding patches, for good reason, so this patch makes sure
to switch to DSA keys before running the upgrade test.
As this code is meant to
When testing SSH-related behavior in Ganeti, having the SSH agent
forwarded in all the command-running utilities can produce spurious
errors, or worse yet, allow real ones to sneak by. In this patch, the
AssertCommand function is extended to allow disabling of agent
forwarding. This also switches
Signed-off-by: Hrvoje Ribicic
---
qa/qa_cluster.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/qa/qa_cluster.py b/qa/qa_cluster.py
index ac1d3a8..a0b553e 100644
--- a/qa/qa_cluster.py
+++ b/qa/qa_cluster.py
@@ -1371,7 +1371,7 @@ def TestUpgrade():
The ssh-keygen utility permits only some combinations of key types and
bit sizes. As many more things can go wrong late in the renewal
process, this patch introduces prerequisite checks mimicking those of
ssh-keygen.
Signed-off-by: Hrvoje Ribicic
---
lib/client/gnt_cluster.py
On Fri, Nov 13, 2015 at 10:32 AM, Klaus Aehlig wrote:
> > Optional suggestions present, else LGTM.
>
> > > @@ -216,8 +218,9 @@ getOnlineNodes = filter (not . nodeOffline) .
> F.toList
> > > . configNodes
> > > -- | Returns the default cluster link.
> > > getDefaultNicLink ::
The two options added in this patch are ssh-key-bits and
ssh-key-type, which will control the length and type of key later.
They are added to the gnt-cluster init and renew-crypto submethods.
Signed-off-by: Hrvoje Ribicic
---
lib/cli_opts.py | 13 +
This will allow us to perform validation of opcode params that are SSH
key types.
Signed-off-by: Hrvoje Ribicic
---
src/Ganeti/Constants.hs | 6 +++---
src/Ganeti/Types.hs | 11 +++
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git
This patch addresses the need to improve the SSH security of Ganeti by
allowing different types and sizes of SSH keys - notably DSA, RSA, and
ECDSA.
Additional configuration parameters are added, and in a slight but
practical departure from conventions so far, after initialization they
can only
With this patch, gnt-cluster info shows both the ssh key type and the
key length.
Signed-off-by: Hrvoje Ribicic
---
lib/client/gnt_cluster.py | 2 ++
src/Ganeti/Query/Server.hs | 2 ++
2 files changed, 4 insertions(+)
diff --git a/lib/client/gnt_cluster.py
To allow various command-line operations like renew-crypto and node
adds to know how to generate SSH keys, some config values need to be
queried outside of LUs. This patch adds the ssh_key_type and
ssh_key_bits to the config values that can be queried.
Signed-off-by: Hrvoje Ribicic
Optional suggestions present, else LGTM.
On Thu, Nov 12, 2015 at 5:46 PM, 'Klaus Aehlig' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> Keys to maps are only used to look up values, so
> a compact representation does impact flexibility.
> However, it does save on memory usage; having
LGTM, thanks
On Wed, Nov 11, 2015 at 5:27 PM, 'Klaus Aehlig' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> The UuidObject type class provides a clean interface to
> obtain the UUID of an object. Prefer this interface over
> hard-coding the specific functions all over the place.
>
>
LGTM, thanks.
As discussed, we still have to see if we'll submit this or not after
additional testing - let's see what is the lesser evil!
On Tue, Nov 10, 2015 at 6:08 PM, 'Klaus Aehlig' via ganeti-devel <
ganeti-devel@googlegroups.com> wrote:
> This reverts commit
1 - 100 of 893 matches
Mail list logo