ganeti.server.noded

module documentation

Ganeti node daemon

Class	`MlockallRequestExecutor`	Subclass ensuring request handlers are locked in RAM.
Class	`NodeRequestHandler`	The server implementation.
Function	`CheckNoded`	Initial checks whether to run or exit with a failure.
Function	`ExecNoded`	Main node daemon function, executed with the PID file held.
Function	`Main`	Main function for the node daemon.
Function	`PrepNoded`	Preparation node daemon function, executed with the PID file held.
Function	`SSLVerifyPeer`	Callback function to verify a peer against the candidate cert map.
Variable	`queue_lock`	Undocumented
Function	`_DecodeImportExportIO`	Decodes import/export I/O information.
Function	`_DefaultAlternative`	Returns value or, if evaluating to False, a default value.
Function	`_extendReasonTrail`	Extend the reason trail with noded information
Function	`_PrepareQueueLock`	Try to prepare the queue lock.
Function	`_RequireJobQueueLock`	Decorator for job queue manipulating functions.

def CheckNoded(options, args): ¶

Initial checks whether to run or exit with a failure.

def ExecNoded(options, args, prep_data): ¶

Main node daemon function, executed with the PID file held.

def Main(): ¶

Main function for the node daemon.

def PrepNoded(options, _): ¶

Preparation node daemon function, executed with the PID file held.

def SSLVerifyPeer(conn, cert, errnum, errdepth, ok): ¶

Callback function to verify a peer against the candidate cert map.

Note that we have a chicken-and-egg problem during cluster init and upgrade. This method checks whether the incoming connection comes from a master candidate by comparing it to the master certificate map in the cluster configuration. However, during cluster init and cluster upgrade there are various RPC calls done to the master node itself, before the candidate certificate list is established and the cluster configuration is written. In this case, we cannot check against the master candidate map.

This problem is solved by checking whether the candidate map is empty. An initialized 2.11 or higher cluster has at least one entry for the master node in the candidate map. If the map is empty, we know that we are still in the bootstrap/upgrade phase. In this case, we read the server certificate digest and compare it to the incoming request.

This means that after an upgrade of Ganeti, the system continues to operate like before, using server certificates only. After the client certificates are generated with ``gnt-cluster renew-crypto --new-node-certificates``, RPC communication is switched to using client certificates and the trick of using server certificates does not work anymore.

Parameters
conn:`OpenSSL.SSL.Connection`	the OpenSSL connection object
cert:`OpenSSL.X509`	the peer's SSL certificate
errnum	Undocumented
errdepth:integer	number of the step in the certificate chain starting at 0 for the actual client certificate.
ok	Undocumented

queue_lock = ¶

Undocumented

def _DecodeImportExportIO(ieio, ieioargs): ¶

Decodes import/export I/O information.

def _DefaultAlternative(value, default): ¶

Returns value or, if evaluating to False, a default value.

Returns the given value, unless it evaluates to False. In the latter case the default value is returned.

Parameters
value	Value to return if it doesn't evaluate to False
default	Default value
Returns
Given value or the default

def _extendReasonTrail(trail, source, reason=''): ¶

Extend the reason trail with noded information

The trail is extended by appending the name of the noded functionality

def _PrepareQueueLock(): ¶

Try to prepare the queue lock.

Returns
None for success, otherwise an exception object

def _RequireJobQueueLock(fn): ¶

Decorator for job queue manipulating functions.