Package: ganeti-2.15 / 2.15.2-15

Metadata

Package Version Patches format
ganeti-2.15 2.15.2-15 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 do not backup export dir.patch | (download)

lib/client/gnt_cluster.py | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 do not backup exported instance data on upgrade

gnt-cluster upgrade creates a configuration backup by tar'ing
/var/lib/ganeti. Unfortunately, this means that exported instance data
is also backed up during upgrade, which is clearly unwanted.

We have been using /var/lib/ganeti/export for exported instance data
since 2.0.1-1 and changing the location now will break imports in
existing setups, so it's best to just skip backing up DATADIR/export.

0002 Makefile.am use C.UTF 8 | (download)

Makefile.am | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 makefile.am: use c.utf-8

There is no need to use en_US.UTF-8 with newer libc versions. Use
C.UTF-8 to avoid an extra B-D on locales-all.

0003 relax deps | (download)

cabal/ganeti.template.cabal | 18 9 + 9 - 0 !
1 file changed, 9 insertions(+), 9 deletions(-)

 relax cabal build-dependencies

Drop upper version limits for json and utf8-string. Upstream uses known-good
version limits and sid currently has newer versions of json (0.9.1) and
utf8-string (1). Since ganeti builds successfully with sid's versions, we
remove the upper version limit.
0004 ghc 7.10 compatibility.patch | (download)

src/Ganeti/BasicTypes.hs | 33 17 + 16 - 0 !
src/Ganeti/Hypervisor/Xen/XmParser.hs | 4 2 + 2 - 0 !
src/Ganeti/OpParams.hs | 8 4 + 4 - 0 !
src/Ganeti/Query/Filter.hs | 4 2 + 2 - 0 !
src/Ganeti/Query/Language.hs | 3 2 + 1 - 0 !
src/Ganeti/THH.hs | 7 6 + 1 - 0 !
src/Ganeti/Utils.hs | 6 5 + 1 - 0 !
src/Ganeti/WConfd/ConfigModifications.hs | 2 1 + 1 - 0 !
test/hs/Test/Ganeti/Utils.hs | 4 4 + 0 - 0 !
9 files changed, 43 insertions(+), 28 deletions(-)

 ghc-7.10-compatibility

Define MonadPlus instance definitions using Alternative

This is a compatibility fix for base-4.8. All MonadPlus definitions
have Alternative as a prerequisite. Hence, instead of defining
Alternative in terms of MonadPlus, we define MonadPlus in terms of
Alternative.

Signed-off-by: Bhimanavajjula Aditya <bsrk@google.com>
Signed-off-by: Petr Pudlak <pudlak@google.com>
0005 zlib 0.6 compatibility | (download)

src/Ganeti/Codec.hs | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 haskell-zlib 0.6 compatibility

Based on a patch by Klaus Aehlig submitted to ganeti-devel, Message-Id:
<052c6c02393324a9403f4291c112c4689dc1c507.1453302634.git.aehlig@google.com>
0006 fix_FTBFS_with_sphinx 1.3.5 | (download)

doc/design-chained-jobs.rst | 12 6 + 6 - 0 !
doc/design-node-add.rst | 2 1 + 1 - 0 !
doc/design-ovf-support.rst | 2 1 + 1 - 0 !
doc/rapi.rst | 46 25 + 21 - 0 !
4 files changed, 33 insertions(+), 29 deletions(-)

 fix docs code errors to build with sphinx >= 1.3.5

Sphinx 1.3.5 enables pygments' parser warnings by default, and docs
builds fail if any code block is invalid.

Fixes issue 1174.

Signed-off-by: Brian Foley <bpfoley@google.com>
0007 fix_ftbfs_with_sphinx_1.4 | (download)

doc/conf.py | 5 5 + 0 - 0 !
doc/design-query2.rst | 8 4 + 4 - 0 !
2 files changed, 9 insertions(+), 4 deletions(-)

 fix ftbfs with sphinx 1.4

0008 use proper cabal dev.patch | (download)

Makefile.am | 15 13 + 2 - 0 !
1 file changed, 13 insertions(+), 2 deletions(-)

 force runhaskell to use the proper cabal-dev version

In Debian we have two versions of the cabal library:
 - The version shipped with GHC
 - The version shipped with libghc-cabal-dev
/usr/bin/cabal is /usually/ linked with the latter, but this may not be the
case (see Debian bug #832144). However, we need to make sure that we read
dist/setup-config with the same library as that used by the cabal binary that
created the file.
0009 Drop dependency on MonadCatchIO transformers.patch | (download)

cabal/ganeti.template.cabal | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 drop dependency on monadcatchio-transformers

MonadCatchIO-transformers is deprecated and has been removed from Debian
unstable. Replace it with Control.Exception.

0010 GHC 8 support.patch | (download)

src/Ganeti/Query/Filter.hs | 2 1 + 1 - 0 !
src/Ganeti/THH.hs | 4 2 + 2 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 ghc 8 support

commit 33259158fd5bee89c761d7475bf4fab173454d65
0011 ghc8 fixes | (download)

src/Ganeti/Metad/ConfigCore.hs | 2 1 + 1 - 0 !
src/Ganeti/Metad/WebServer.hs | 6 3 + 3 - 0 !
src/Ganeti/THH.hs | 59 31 + 28 - 0 !
src/Ganeti/THH/HsRPC.hs | 2 1 + 1 - 0 !
src/Ganeti/THH/Types.hs | 2 1 + 1 - 0 !
src/Ganeti/WConfd/Monad.hs | 2 1 + 1 - 0 !
6 files changed, 38 insertions(+), 35 deletions(-)

 fix compilation with ghc8 (part 1)

0012 snap server 1.0 compat | (download)

src/Ganeti/Metad/ConfigCore.hs | 3 2 + 1 - 0 !
src/Ganeti/Metad/WebServer.hs | 30 20 + 10 - 0 !
2 files changed, 22 insertions(+), 11 deletions(-)

 make metad build against snap-server 1.0

0013 non DSA SSH key support.patch | (download)

lib/backend.py | 86 52 + 34 - 0 !
lib/bootstrap.py | 27 15 + 12 - 0 !
lib/cli_opts.py | 13 13 + 0 - 0 !
lib/client/gnt_cluster.py | 55 42 + 13 - 0 !
lib/client/gnt_node.py | 11 8 + 3 - 0 !
lib/cmdlib/cluster/__init__.py | 49 36 + 13 - 0 !
lib/cmdlib/cluster/verify.py | 3 2 + 1 - 0 !
lib/ht.py | 1 1 + 0 - 0 !
lib/objects.py | 8 8 + 0 - 0 !
lib/rpc_defs.py | 5 4 + 1 - 0 !
lib/server/noded.py | 9 5 + 4 - 0 !
lib/ssh.py | 64 55 + 9 - 0 !
lib/tools/cfgupgrade.py | 51 50 + 1 - 0 !
lib/tools/common.py | 6 4 + 2 - 0 !
lib/tools/prepare_node_join.py | 9 7 + 2 - 0 !
lib/tools/ssh_update.py | 13 10 + 3 - 0 !
man/gnt-cluster.rst | 19 19 + 0 - 0 !
qa/qa_cluster.py | 64 60 + 4 - 0 !
qa/qa_utils.py | 28 21 + 7 - 0 !
src/Ganeti/Constants.hs | 21 18 + 3 - 0 !
src/Ganeti/Objects.hs | 2 2 + 0 - 0 !
src/Ganeti/OpCodes.hs | 4 3 + 1 - 0 !
src/Ganeti/OpParams.hs | 20 16 + 4 - 0 !
src/Ganeti/Query/Server.hs | 12 10 + 2 - 0 !
src/Ganeti/Rpc.hs | 12 6 + 6 - 0 !
src/Ganeti/Types.hs | 11 11 + 0 - 0 !
test/hs/Test/Ganeti/Objects.hs | 7 7 + 0 - 0 !
test/hs/Test/Ganeti/OpCodes.hs | 9 7 + 2 - 0 !
test/py/cfgupgrade_unittest.py | 2 2 + 0 - 0 !
test/py/ganeti.backend_unittest.py | 20 13 + 7 - 0 !
test/py/ganeti.client.gnt_cluster_unittest.py | 5 4 + 1 - 0 !
test/py/ganeti.ssh_unittest.py | 61 59 + 2 - 0 !
test/py/ganeti.tools.prepare_node_join_unittest.py | 6 5 + 1 - 0 !
33 files changed, 575 insertions(+), 138 deletions(-)

 backport non-dsa ssh key support

From 45a89715dea9a6e038103f01d024fe2b555061d2 Mon Sep 17 00:00:00 2001
Bug-Debian: https://bugs.debian.org/853129
0014 fix ssh key renewal on single node clusters.patch | (download)

lib/backend.py | 15 8 + 7 - 0 !
1 file changed, 8 insertions(+), 7 deletions(-)

 backend: make ssh key renewal work on single-node clusters

Currently gnt-cluster renew-crypt will unconditionally call
AddNodeSshKeyBulk() to replace non-master node keys, regardless of
whether there are non-master nodes or not. OTOH, AddNodeSshKeyBulk()
expects that at least one operation should be perfomed and dies with an
assertion error otherwise. Thus, on single node clusters, where there is
only a single master node, gnt-cluster renew-crypto --new-ssh-keys will
always fail.

Fix this by calling AddNodeSshKeyBulk only if node_keys_to_add is not
empty.

0015 set defaults for ssh type bits.patch | (download)

src/Ganeti/Objects.hs | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 use runtime defaults for ssh_key_type and ssh_key_bits

Since we are introducing config changes in a minor version, we need to
assume sane defaults.

0016 use hv class to check for migration.patch | (download)

lib/cmdlib/instance_migration.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 do not instantiate an hv object to query for migration safety

hv.VersionsSafeForMigration is a static method. There is no reason to
instatiate hypervisor objects to query for migration safety, just get
the class and call the static method. Without this change, hypervisors
are initialized on the master, causing side-effects (e.g. EnsureDirs)
that might fail on systems where jobs are not run as root.

0017 do not specify socat ssl method.patch | (download)

lib/impexpd/__init__.py | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 impexpd: do not specify ssl method

Recent versions of socat have changed the OpenSSL method name from TLSv1
to TLS1, making instance import/export fail. Since there is no reason to
force a specific (old) TLS version now that SSLv3 support has been removed
from OpenSSL, it makes sense to just let socat choose.

0018 fix ftbfs with sphinx 1.5.patch | (download)

doc/conf.py | 2 1 + 1 - 0 !
lib/build/sphinx_ext.py | 18 11 + 7 - 0 !
2 files changed, 12 insertions(+), 8 deletions(-)

 fix ftbfs with sphinx 1.5

Bug-Debian: https://bugs.debian.org/868601
0019 fix failover from dead node.patch | (download)

lib/cmdlib/instance_migration.py | 22 15 + 7 - 0 !
1 file changed, 15 insertions(+), 7 deletions(-)

 fix failover in case the source node is offline

Commit ff74b60 closes instance disks on the source node before
doing a failover. In case the node is offline this is not possible.
This patch proceeds with the failover in case the source node
is offline or the --ingore-consistency flag is set. Reduce also
some config lookups for the node's name.

This fixes Issue #1162.

Signed-off-by: Dimitris Aragiorgis <dimara@arrikto.com>
0020 fix cpu affinity.patch | (download)

lib/hypervisor/hv_kvm/__init__.py | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix cpu affinity setting with current psutil versions

Bug-Debian: https://bugs.debian.org/864754
0021 fix fcntl i386.patch | (download)

lib/utils/livelock.py | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 utils.livelock: use portable struct flock type

From fcntl(2):
 struct flock {
     ...
     short l_type;    /* Type of lock: F_RDLCK,
                         F_WRLCK, F_UNLCK */
     short l_whence;  /* How to interpret l_start:
                         SEEK_SET, SEEK_CUR, SEEK_END */
     off_t l_start;   /* Starting offset for lock */
     off_t l_len;     /* Number of bytes to lock */
     pid_t l_pid;     /* PID of process blocking our lock
                         (set by F_GETLK and F_OFD_GETLK) */
     ...
 };

On 64-bit systems, off_t is always 64 bits long ("long"/"long long"). On
32-bit systems however, depending on whether large file support is
enabled or not, it may be 64 bits ("long long") or 32 bits ("long")
long.

The code in LiveLock.__init__ would always assume off_t to be "long",
breaking on 32-bit systems with LFS support. Fix this by picking the
correct type to use depending on the existence of os.O_LARGEFILE.

Note that LFS is enabled almost universally these days and it would be
safe to just use "long long" unconditionally, but it doesn't harm to
make the actual check.

Signed-off-by: Apollon Oikonomopoulos <apoikos@debian.org>

0022 fix ovf test path.patch | (download)

test/py/ganeti.ovf_unittest.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix ovf test path

Have the OVF tests use a temporary directory, instead of requiring write access
to the build root.

0023 fix qa ssconf race.patch | (download)

qa/qa_instance_utils.py | 16 14 + 2 - 0 !
1 file changed, 14 insertions(+), 2 deletions(-)

 [qa] retry reading the ssconf instance list

0024 relax sphinx version check.patch | (download)

configure.ac | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 adjust sphinx version regex


0025 THH 2.12.patch | (download)

src/Ganeti/THH.hs | 24 13 + 11 - 0 !
1 file changed, 13 insertions(+), 11 deletions(-)

 template-haskell 2.12 compatibility changes

0026 sphinx 1.7.patch | (download)

lib/build/sphinx_ext.py | 13 6 + 7 - 0 !
1 file changed, 6 insertions(+), 7 deletions(-)

 sphinx 1.7 compatibility

0027 ca use sha256 md.patch | (download)

lib/utils/x509.py | 5 2 + 3 - 0 !
src/Ganeti/Constants.hs | 2 1 + 1 - 0 !
2 files changed, 3 insertions(+), 4 deletions(-)

 sign generated certs using sha256

0028 impexpd fix certificate verification with new socat.patch | (download)

lib/impexpd/__init__.py | 18 18 + 0 - 0 !
1 file changed, 18 insertions(+)

 impexpd: fix certificate verification with new socat versions

Socat versions after 1.7.3 verify the server certificate's subject
against either the hostname, or the openssl-commonname option. Since
ganeti uses 'ganeti.example.com' for all self-signed certs, certificate
verification will fail, as socat will be told to connect to the node
using its proper name.

Fix this by passing the openssl-commonname option. Since this option is
only available on newer socat versions and older socat versions will
break when passed the unknown option, we need to parse `socat -V` output
to check if we need to specify the option or not.

This fixes #1226.

Signed-off-by: Apollon Oikonomopoulos <apoikos@debian.org>

0029 impexpd fix certificate verification with new socat 2.patch | (download)

lib/impexpd/__init__.py | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix incorrect socat_path constant and match typo

This is a small fix to correct the previous socat change which broke
python and tests.

Signed-off-by: Federico Morg Pareschi <morg@google.com>

0030 Allow newer temporary versions.patch | (download)

cabal/ganeti.template.cabal | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 allow newer `temporary' versions


0031 Cabal 2.2 compatibility.patch | (download)

cabal/CabalDependenciesMacros.hs | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 cabal 2.2 compatibility

Cabal 2.0 (included in GHC 8.2) made various internal changes mandating
components to be passed in various places, Macros.generate being one of
them. In our case, it is okay to use the main library component for
dependency generation.

Additionally, in Cabal 2.2 Distribution.PackageDescription.Parse was
removed, so we switch to using .Parsec instead.

0032 base 4.11 compatibility.patch | (download)

src/Ganeti/JSON.hs | 6 5 + 1 - 0 !
src/Ganeti/Objects.hs | 6 5 + 1 - 0 !
src/Ganeti/THH.hs | 7 6 + 1 - 0 !
src/Ganeti/THH/PyRPC.hs | 1 1 + 0 - 0 !
src/Ganeti/Utils/MultiMap.hs | 6 5 + 1 - 0 !
src/Ganeti/WConfd/TempRes.hs | 6 5 + 1 - 0 !
6 files changed, 27 insertions(+), 5 deletions(-)

 base-4.11 compatibility

With GHC 8.4/base-4.11, Semigroup has become a superclass of Monoid.
Adjust the code to implement Semigroup's (<>) and define mappend in
terms of (<>).

Additionally, we make sure that all TH-generated partial types are
instances of Semigroup in addition to Monoid.

Finally, base-4.11's Prelude now exports <>, which conflicts with
Text.PrettyPrint as used in PyRPC.hs, so we need to hide the former.

0033 hinotify 0.3.10 changes.patch | (download)

cabal/ganeti.template.cabal | 2 1 + 1 - 0 !
src/Ganeti/ConfigReader.hs | 3 2 + 1 - 0 !
src/Ganeti/JQScheduler.hs | 5 3 + 2 - 0 !
src/Ganeti/Kvmd.hs | 26 15 + 11 - 0 !
src/Ganeti/Utils.hs | 4 2 + 2 - 0 !
5 files changed, 23 insertions(+), 17 deletions(-)

 hinotify 0.3.10 changes

Paths must now be ByteString's and not Strings. Since this breaks
compatibility, bump hinotify minimum version to 0.3.10.

0034 daemon util also match processes by name.patch | (download)

daemons/daemon-util.in | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 daemon-util: also match processes by name when using s-s-d

As of dpkg 1.19.4, start-stop-daemon will refuse to match a running
process by pidfile only, when the pidfile is not owned by root. It does
so on security grounds, as a user-controlled pidfile could be used to
kill any process on the system.

When running with user separation enabled, most Ganeti daemons write
their PID files as regular users, which means that process control with
s-s-d is currently broken. Fix this by also matching processes by name,
in addition to the PID file.

Signed-off-by: Apollon Oikonomopoulos <apoikos@debian.org>

0035 KVM replace localtime with rtc.patch | (download)

lib/hypervisor/hv_kvm/__init__.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 kvm: replace -localtime with -rtc

-localtime was removed in QEMU 3.1, superseded by `-rtc base=localtime`
which has been supported since QEMU 0.12.0.

This is part of #1338.

Signed-off-by: Apollon Oikonomopoulos <apoikos@dmesg.gr>

0036 KVM replace balloon with device virtio balloon.patch | (download)

lib/hypervisor/hv_kvm/__init__.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 kvm: replace -balloon with -device virtio-balloon

-balloon has been removed in QEMU 3.1, superseded by -device
virtio-balloon. The latter has been supported since QEMU 0.12.0, so it's
safe to use.

This is part of #1338.

Signed-off-by: Apollon Oikonomopoulos <apoikos@dmesg.gr>

0037 KVM fix VNC TLS handling for QEMU 3.1.patch | (download)

lib/hypervisor/hv_kvm/__init__.py | 18 13 + 5 - 0 !
1 file changed, 13 insertions(+), 5 deletions(-)

 kvm: fix vnc tls handling for qemu 3.1

Since QEMU 2.5, VNC TLS handling has been refactored using the `-object
tls-creds-*` parameters. QEMU 3.1 completely removed the support for
`-vnc tls`, so we need to switch to the new syntax.

Note that this places a lower bound on QEMU 2.5 for those wishing to use
VNC + TLS. 2.5.0 was released more than 3 years ago, so people should be
using it already and it doesn't make sense to try to be backwards
compatible here.

This is part of #1338.

Signed-off-by: Apollon Oikonomopoulos <apoikos@dmesg.gr>

0038 KVM replace unsupported arguments during migration.patch | (download)

lib/hypervisor/hv_kvm/__init__.py | 56 56 + 0 - 0 !
1 file changed, 56 insertions(+)

 kvm: replace unsupported arguments during migration

Use _UpgradeSerializedRuntime to replace the unsupported command line
arguments with their working counterparts. This will make
already-running instances migrateable to 3.1, cross-version migration
bugs aside.

This is part of #1338.

Signed-off-by: Apollon Oikonomopoulos <apoikos@dmesg.gr>