Re: Merge branch 'stable-2.12' into 'stable-2.13'

['Petr Pudlak' via ganeti-devel]

On Thu, Apr 23, 2015 at 02:05:13PM +0000, 'Helga Velroyen' via ganeti-devel 
wrote:

commit 64a924d53c56fc659f32ba022ec69e2b6a660468
Merge: bacd275 0de1e68
Author: Helga Velroyen <hel...@google.com>
Date:   Thu Apr 23 15:59:50 2015 +0200

   Merge branch 'stable-2.12' into stable-2.13

   * stable-2.12
     When assigning UUIDs to disks, do so recursively
     Fix sample 2.11 configuration
     Include hypervisor parameters in SSConf
     Add SSConf keys for hypervisor parameters
     Use Hypervisor as the key in ClusterHvParams
     Re-remove final config update in renew-crypto
     Fix string formatting in private object representation
     Fix the computation of the list of reserved IP addresses

   * stable-2.11
     Update configure file to version 2.11.7
     Update NEWS file for 2.11.7 release
     Add logging to RenewCrypto
     Fix format string for gnt-network info
     Replace textwrapper.wrap by a custom version for networks
     Add SSL improvements to NEWS file

   * stable-2.10
     Update tag limitations
     Fix typos in doc/design-storagetypes.rst
     Make getFQDN prefer cluster protocol family
     Add version of getFQDN accepting preferences
     Make getFQDN honor vcluster

   Conflicts:
     lib/cmdlib/cluster.py

   Resolution:
     lib/cmdlib/cluster.py: take addition from 2.12

diff --cc lib/cmdlib/cluster.py
index b56ca61,ac3fa6d..f4bf913
--- a/lib/cmdlib/cluster.py
+++ b/lib/cmdlib/cluster.py
@@@ -107,39 -106,18 +107,43 @@@ def _UpdateMasterClientCert
 class LUClusterRenewCrypto(NoHooksLU):
   """Renew the cluster's crypto tokens.

-  Note that most of this operation is done in gnt_cluster.py, this LU only
-  takes care of the renewal of the client SSL certificates.
-
   """
+
   _MAX_NUM_RETRIES = 3
+  REQ_BGL = False

-  def Exec(self, feedback_fn):
+  def ExpandNames(self):
+    self.needed_locks = {
+      locking.LEVEL_NODE: locking.ALL_SET,
+      locking.LEVEL_NODE_ALLOC: locking.ALL_SET,
+    }
+    self.share_locks = ShareAll()
+    self.share_locks[locking.LEVEL_NODE] = 0
+    self.share_locks[locking.LEVEL_NODE_ALLOC] = 0
+
+  def CheckPrereq(self):
+    """Check prerequisites.
+
+    This checks whether the cluster is empty.
+
+    Any errors are signaled by raising errors.OpPrereqError.
+
+    """
+    self._ssh_renewal_suppressed = \
+      not self.cfg.GetClusterInfo().modify_ssh_setup and self.op.ssh_keys
+
+  def _RenewNodeSslCertificates(self, feedback_fn):
+    """Renews the nodes' SSL certificates.
+
+    Note that most of this operation is done in gnt_cluster.py, this LU
only
+    takes care of the renewal of the client SSL certificates.
+
+    """
     master_uuid = self.cfg.GetMasterNode()
+     cluster = self.cfg.GetClusterInfo()
+
+     logging.debug("Renewing the master's SSL node certificate."
+                   " Master's UUID: %s.", master_uuid)

     server_digest = utils.GetCertificateDigest(
       cert_filename=pathutils.NODED_CERT_FILE)
@@@ -210,46 -216,10 +242,49 @@@

     self.cfg.RemoveNodeFromCandidateCerts("%s-SERVER" % master_uuid)
     self.cfg.RemoveNodeFromCandidateCerts("%s-OLDMASTER" % master_uuid)
+     logging.debug("Cleaned up *-SERVER and *-OLDMASTER certificate from"
+                   " master candidate cert list. Current state of the"
+                   " list: %s.", cluster.candidate_certs)

+  def _RenewSshKeys(self, feedback_fn):
+    """Renew all nodes' SSH keys.
+
+    """
+    master_uuid = self.cfg.GetMasterNode()
+
+    nodes = self.cfg.GetAllNodesInfo()
+    nodes_uuid_names = [(node_uuid, node_info.name) for (node_uuid,
node_info)
+                        in nodes.items() if not node_info.offline]
+    node_names = [name for (_, name) in nodes_uuid_names]
+    node_uuids = [uuid for (uuid, _) in nodes_uuid_names]
+    port_map = ssh.GetSshPortMap(node_names, self.cfg)
+    potential_master_candidates = self.cfg.GetPotentialMasterCandidates()
+    master_candidate_uuids = self.cfg.GetMasterCandidateUuids()
+
+    result = self.rpc.call_node_ssh_keys_renew(
+      [master_uuid],
+      node_uuids, node_names, port_map,
+      master_candidate_uuids,
+      potential_master_candidates)
+
+    # Check if there were serious errors (for example master key files not
+    # writable).
+    result[master_uuid].Raise("Could not renew the SSH keys of all nodes")
+
+    # Process any non-disruptive errors (a few nodes unreachable etc.)
+    EvaluateSshUpdateRPC(result, master_uuid, feedback_fn)
+
+  def Exec(self, feedback_fn):
+    if self.op.node_certificates:
+      feedback_fn("Renewing Node SSL certificates")
+      self._RenewNodeSslCertificates(feedback_fn)
+    if self.op.ssh_keys and not self._ssh_renewal_suppressed:
+      feedback_fn("Renewing SSH keys")
+      self._RenewSshKeys(feedback_fn)
+    elif self._ssh_renewal_suppressed:
+      feedback_fn("Cannot renew SSH keys if the cluster is configured to
not"
+                  " modify the SSH setup.")
+

 class LUClusterActivateMasterIp(NoHooksLU):
   """Activate the master IP on the master node.

LGTM, thanks