Merge branch 'stable-2.12' into 'stable-2.13'

Thu, 23 Apr 2015 07:06:19 -0700 

commit 64a924d53c56fc659f32ba022ec69e2b6a660468
Merge: bacd275 0de1e68
Author: Helga Velroyen <[email protected]>
Date:   Thu Apr 23 15:59:50 2015 +0200

    Merge branch 'stable-2.12' into stable-2.13

    * stable-2.12
      When assigning UUIDs to disks, do so recursively
      Fix sample 2.11 configuration
      Include hypervisor parameters in SSConf
      Add SSConf keys for hypervisor parameters
      Use Hypervisor as the key in ClusterHvParams
      Re-remove final config update in renew-crypto
      Fix string formatting in private object representation
      Fix the computation of the list of reserved IP addresses

    * stable-2.11
      Update configure file to version 2.11.7
      Update NEWS file for 2.11.7 release
      Add logging to RenewCrypto
      Fix format string for gnt-network info
      Replace textwrapper.wrap by a custom version for networks
      Add SSL improvements to NEWS file

    * stable-2.10
      Update tag limitations
      Fix typos in doc/design-storagetypes.rst
      Make getFQDN prefer cluster protocol family
      Add version of getFQDN accepting preferences
      Make getFQDN honor vcluster

    Conflicts:
      lib/cmdlib/cluster.py

    Resolution:
      lib/cmdlib/cluster.py: take addition from 2.12

diff --cc lib/cmdlib/cluster.py
index b56ca61,ac3fa6d..f4bf913
--- a/lib/cmdlib/cluster.py
+++ b/lib/cmdlib/cluster.py
@@@ -107,39 -106,18 +107,43 @@@ def _UpdateMasterClientCert
  class LUClusterRenewCrypto(NoHooksLU):
    """Renew the cluster's crypto tokens.

 -  Note that most of this operation is done in gnt_cluster.py, this LU only
 -  takes care of the renewal of the client SSL certificates.
 -
    """
 +
    _MAX_NUM_RETRIES = 3
 +  REQ_BGL = False

 -  def Exec(self, feedback_fn):
 +  def ExpandNames(self):
 +    self.needed_locks = {
 +      locking.LEVEL_NODE: locking.ALL_SET,
 +      locking.LEVEL_NODE_ALLOC: locking.ALL_SET,
 +    }
 +    self.share_locks = ShareAll()
 +    self.share_locks[locking.LEVEL_NODE] = 0
 +    self.share_locks[locking.LEVEL_NODE_ALLOC] = 0
 +
 +  def CheckPrereq(self):
 +    """Check prerequisites.
 +
 +    This checks whether the cluster is empty.
 +
 +    Any errors are signaled by raising errors.OpPrereqError.
 +
 +    """
 +    self._ssh_renewal_suppressed = \
 +      not self.cfg.GetClusterInfo().modify_ssh_setup and self.op.ssh_keys
 +
 +  def _RenewNodeSslCertificates(self, feedback_fn):
 +    """Renews the nodes' SSL certificates.
 +
 +    Note that most of this operation is done in gnt_cluster.py, this LU
only
 +    takes care of the renewal of the client SSL certificates.
 +
 +    """
      master_uuid = self.cfg.GetMasterNode()
+     cluster = self.cfg.GetClusterInfo()
+
+     logging.debug("Renewing the master's SSL node certificate."
+                   " Master's UUID: %s.", master_uuid)

      server_digest = utils.GetCertificateDigest(
        cert_filename=pathutils.NODED_CERT_FILE)
@@@ -210,46 -216,10 +242,49 @@@

      self.cfg.RemoveNodeFromCandidateCerts("%s-SERVER" % master_uuid)
      self.cfg.RemoveNodeFromCandidateCerts("%s-OLDMASTER" % master_uuid)
+     logging.debug("Cleaned up *-SERVER and *-OLDMASTER certificate from"
+                   " master candidate cert list. Current state of the"
+                   " list: %s.", cluster.candidate_certs)

 +  def _RenewSshKeys(self, feedback_fn):
 +    """Renew all nodes' SSH keys.
 +
 +    """
 +    master_uuid = self.cfg.GetMasterNode()
 +
 +    nodes = self.cfg.GetAllNodesInfo()
 +    nodes_uuid_names = [(node_uuid, node_info.name) for (node_uuid,
node_info)
 +                        in nodes.items() if not node_info.offline]
 +    node_names = [name for (_, name) in nodes_uuid_names]
 +    node_uuids = [uuid for (uuid, _) in nodes_uuid_names]
 +    port_map = ssh.GetSshPortMap(node_names, self.cfg)
 +    potential_master_candidates = self.cfg.GetPotentialMasterCandidates()
 +    master_candidate_uuids = self.cfg.GetMasterCandidateUuids()
 +
 +    result = self.rpc.call_node_ssh_keys_renew(
 +      [master_uuid],
 +      node_uuids, node_names, port_map,
 +      master_candidate_uuids,
 +      potential_master_candidates)
 +
 +    # Check if there were serious errors (for example master key files not
 +    # writable).
 +    result[master_uuid].Raise("Could not renew the SSH keys of all nodes")
 +
 +    # Process any non-disruptive errors (a few nodes unreachable etc.)
 +    EvaluateSshUpdateRPC(result, master_uuid, feedback_fn)
 +
 +  def Exec(self, feedback_fn):
 +    if self.op.node_certificates:
 +      feedback_fn("Renewing Node SSL certificates")
 +      self._RenewNodeSslCertificates(feedback_fn)
 +    if self.op.ssh_keys and not self._ssh_renewal_suppressed:
 +      feedback_fn("Renewing SSH keys")
 +      self._RenewSshKeys(feedback_fn)
 +    elif self._ssh_renewal_suppressed:
 +      feedback_fn("Cannot renew SSH keys if the cluster is configured to
not"
 +                  " modify the SSH setup.")
 +

  class LUClusterActivateMasterIp(NoHooksLU):
    """Activate the master IP on the master node.

Reply via email to