Package ganeti :: Package server :: Module noded
[hide private]
[frames] | no frames]

Module noded

source code

Ganeti node daemon

Classes [hide private]
  MlockallRequestExecutor
Subclass ensuring request handlers are locked in RAM.
  NodeRequestHandler
The server implementation.
Functions [hide private]
 
_extendReasonTrail(trail, source, reason="")
Extend the reason trail with noded information
source code
 
_PrepareQueueLock()
Try to prepare the queue lock.
source code
 
_RequireJobQueueLock(fn)
Decorator for job queue manipulating functions.
source code
 
_DecodeImportExportIO(ieio, ieioargs)
Decodes import/export I/O information.
source code
 
_DefaultAlternative(value, default)
Returns value or, if evaluating to False, a default value.
source code
 
CheckNoded(_, args)
Initial checks whether to run or exit with a failure.
source code
 
SSLVerifyPeer(conn, cert, errnum, errdepth, ok)
Callback function to verify a peer against the candidate cert map.
source code
 
PrepNoded(options, _)
Preparation node daemon function, executed with the PID file held.
source code
 
ExecNoded(options, args, prep_data)
Main node daemon function, executed with the PID file held.
source code
 
Main()
Main function for the node daemon.
source code
Variables [hide private]
  queue_lock = None
hash(x)

Imports: os, sys, logging, signal, codecs, OptionParser, backend, constants, objects, errors, jstore, daemon, http, utils, container, serializer, netutils, pathutils, ssconf, ganeti


Function Details [hide private]

_extendReasonTrail(trail, source, reason="")

source code 

Extend the reason trail with noded information

The trail is extended by appending the name of the noded functionality

_PrepareQueueLock()

source code 

Try to prepare the queue lock.

Returns:
None for success, otherwise an exception object

_DefaultAlternative(value, default)

source code 

Returns value or, if evaluating to False, a default value.

Returns the given value, unless it evaluates to False. In the latter case the default value is returned.

Parameters:
  • value - Value to return if it doesn't evaluate to False
  • default - Default value
Returns:
Given value or the default

SSLVerifyPeer(conn, cert, errnum, errdepth, ok)

source code 

Callback function to verify a peer against the candidate cert map.

Note that we have a chicken-and-egg problem during cluster init and upgrade. This method checks whether the incoming connection comes from a master candidate by comparing it to the master certificate map in the cluster configuration. However, during cluster init and cluster upgrade there are various RPC calls done to the master node itself, before the candidate certificate list is established and the cluster configuration is written. In this case, we cannot check against the master candidate map.

This problem is solved by checking whether the candidate map is empty. An initialized 2.11 or higher cluster has at least one entry for the master node in the candidate map. If the map is empty, we know that we are still in the bootstrap/upgrade phase. In this case, we read the server certificate digest and compare it to the incoming request.

This means that after an upgrade of Ganeti, the system continues to operate like before, using server certificates only. After the client certificates are generated with ``gnt-cluster renew-crypto --new-node-certificates``, RPC communication is switched to using client certificates and the trick of using server certificates does not work anymore.

Parameters:
  • conn (OpenSSL.SSL.Connection) - the OpenSSL connection object
  • cert (OpenSSL.X509) - the peer's SSL certificate
  • errdepth (integer) - number of the step in the certificate chain starting at 0 for the actual client certificate.