On Mon, 1 Jun 2015 at 11:24 'Klaus Aehlig' via ganeti-devel < [email protected]> wrote:
> > > commit 90b0453250669c0d429d25bdd6a4e3b91d18bebd > Merge: 39c54b8 3eec3aa > Author: Klaus Aehlig <[email protected]> > Date: Mon Jun 1 11:14:31 2015 +0200 > > Merge branch 'stable-2.12' into stable-2.13 > > * stable-2.12 > Make WConfD's updateLocksWaiting safe > Tests specifying safeUpdateLocksWaiting > Provide a repeatable version of updateLocksWaiting > Verify that updateLocks is idempotent > Always accept no-op requests > Allow unconditional failovers off offline nodes > Remove now unused variable > Fix bug in ssconf comparison, disable it for vcluster > QA: test renewing the cluster certificate only > QA: Assert equality of ssconf_master_candidate_certs > QA: Add more verify steps in renew crypto QA > > * stable-2.11 > (no changes) > > * stable-2.10 > Substitute 'suffix' for 'revision' > > Conflicts: > qa/qa_cluster.py > src/Ganeti/HTools/Cluster.hs > src/Ganeti/HTools/Node.hs > (All trivial by taking the union of the changes.) > > diff --cc qa/qa_cluster.py > index 166a5ee,138b5f9..14db293 > --- a/qa/qa_cluster.py > +++ b/qa/qa_cluster.py > @@@ -1234,17 -1236,22 +1266,27 @@@ def TestClusterRenewCrypto() > AssertCommand(["gnt-cluster", "renew-crypto", "--force", > "--new-cluster-certificate", "--new-confd-hmac-key", > "--new-rapi-certificate", > "--new-cluster-domain-secret", > - "--new-node-certificates"]) > + "--new-node-certificates", "--new-ssh-keys", > + "--no-ssh-key-check"]) > + _AssertSsconfCertFiles() > + AssertCommand(["gnt-cluster", "verify"]) > > # Only renew node certificates > AssertCommand(["gnt-cluster", "renew-crypto", "--force", > "--new-node-certificates"]) > + _AssertSsconfCertFiles() > + AssertCommand(["gnt-cluster", "verify"]) > + > + # Only renew cluster certificate > + AssertCommand(["gnt-cluster", "renew-crypto", "--force", > + "--new-cluster-certificate"]) > + _AssertSsconfCertFiles() > + AssertCommand(["gnt-cluster", "verify"]) > > + # Only renew SSH keys > + AssertCommand(["gnt-cluster", "renew-crypto", "--force", > + "--new-ssh-keys", "--no-ssh-key-check"]) > + > # Restore RAPI certificate > AssertCommand(["gnt-cluster", "renew-crypto", "--force", > "--rapi-certificate=%s" % rapi_cert_backup]) > diff --cc src/Ganeti/HTools/Cluster.hs > index d5367f6,f76a05b..2e8f0ca > --- a/src/Ganeti/HTools/Cluster.hs > +++ b/src/Ganeti/HTools/Cluster.hs > @@@ -468,10 -458,10 +468,11 @@@ applyMoveEx force nl inst Failover > let (old_pdx, old_sdx, old_p, old_s) = instanceNodes nl inst > int_p = Node.removePri old_p inst > int_s = Node.removeSec old_s inst > - new_nl = do -- Maybe monad > - new_p <- Node.addPriEx (Node.offline old_p) int_s inst > + new_nl = do -- OpResult > + Node.checkMigration old_p old_s > + new_p <- Node.addPriEx (Node.offline old_p || force) int_s inst > - new_s <- Node.addSec int_p inst old_sdx > + new_s <- Node.addSecExEx (Node.offline old_p) (Node.offline > old_p) > Is it correct that this is "ExEx" instead of just one "Ex"? > + int_p inst old_sdx > let new_inst = Instance.setBoth inst old_sdx old_pdx > return (Container.addTwo old_pdx new_s old_sdx new_p nl, > new_inst, old_sdx, old_pdx) > diff --cc src/Ganeti/HTools/Node.hs > index 616c4ee,fecc5fc..cb17f24 > --- a/src/Ganeti/HTools/Node.hs > +++ b/src/Ganeti/HTools/Node.hs > @@@ -70,7 -66,7 +70,8 @@@ module Ganeti.HTools.Nod > , addPriEx > , addSec > , addSecEx > + , addSecExEx > + , checkMigration > -- * Stats > , availDisk > , availMem > > LGTM, thanks Cheers, Helga > -- > Klaus Aehlig > Google Germany GmbH, Dienerstr. 12, 80331 Muenchen > Registergericht und -nummer: Hamburg, HRB 86891 > Sitz der Gesellschaft: Hamburg > Geschaeftsfuehrer: Graham Law, Christine Elizabeth Flores >
