…und cruft so this will only work if it is run in the right order
Detect qcow2 images by reading the image file header. It contains the "QFI" string and the qcow version number. The libvirt template is configured to use the qcow2 driver when a qcow2 image is detected. The root partition is altered by attaching it to a host device using qemu-nbd. Since qemu-nbd can be named differently depending on the Linux distribution, it is configurable by mount.conf. Closes #105.
The destroy method in WorkspaceHomeImpl was taking a per-instance lock for the whole duration of an instance termination. This blocked the find method (called by --status queries) which tries to take the same lock. This commit changes the locking code of destroy so that it is released while making the lengthy call to the workspace control agent. We also add an additional instance-specific lock for destroy. This way, a second call to destroy will block at the beginning. When this second call eventually proceeds, it will not find the instance because it has been removed (which is the current behavior). It also prevents the remove handler to be called concurrently with a destroy from another workspace action (for instance at the end of a start). Closes #102.
Administrators can revert to the old behavior by setting CREATE_SSH_DIR to false. Closes #96.
After being daemonized for the propagate and unpropagate operations, workspace-control would write duplicate log entries. This happens because we don't remove the old log handler before adding a new one. We now remove the log handler when we are closing the log file before forking. Closes #103.
KVM can fail to reboot instances because reboot is not supported in versions prior to 0.9.3, or because some versions require the QEMU JSON monitor. We still log reboot failures but throw exceptions only if the VM is not running anymore. Closes #82.
Labels are extracted from the partition file name, and are named incrementally: blankpartition0, blankpartition1, etc. A label on the blankspace partition will allow mounting via label instead of device. This makes it easier in fstab where the device of the blankspace partition may not be known a priori. Thanks to Michael Paterson for the feature request and initial patch. Closes #88.
The CertDN class is used in the new user operation to obtain the Subject DN when only the CN has been provided, or when an existing certificate is used. This Subject DN is printed as the result of the nimbus-new-user call, and is also added to the gridmap and the group-authz files. A problem appeared when a CN was containing an equal sign, such as Bob Oblaw_97/Emailfirstname.lastname@example.org. The existing CertDN code would escape this equal sign and produce Bob Oblaw_97/Email\=email@example.com. The escaped string would be used for the gridmap and group-authz files. However, Globus does not use escaped strings internally, and would fail to match the DN of a service request against these files. Another bug appears for certificates with emailAddress fields, such as CN=Bob Oblaw_97/emailAddressfirstname.lastname@example.org. In this case, Globus will recognize it as CN=Bob Oblaw_97/Eemail@example.com, and fail to find the DN in gridmap and group-authz. Changing the CertDN code to be closer to existing Globus code, namely org.globus.tools.CertInfo, creates Subject DN strings that Globus can recognize. Closes #75.
We recently updated pyOpenSSL to version 0.13 in order to fix a build problem on recent Ubuntu releases. However, 0.13 does not compile on Centos 5 because is requires OpenSSL 0.9.8f or later. If the OLD_OPENSSL_VERSION environment variable is defined, use a different requirements.txt file which installs pyOpenSSL 0.10. The cumulus-deps tarball was updated to include both pyOpenSSL packages.
The latest Ubuntu releases do not include SSLv2 support in the OpenSSL libraries, because of security flaws in the protocol. This makes cumulus fail to install on a recent Ubuntu, because pyOpenSSL 0.10 tries to use the SSLv2 symbols. This commit updates the dependency to pyOpenSSL 0.13 which removes SSLv2 support if the underlying OpenSSL library does not provide it.
If downloading from the first URL failed, the script would exit rather than try the second one.