-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade: forbid upgrading with a key XAPI will reject #40
Conversation
5657964
to
3e34037
Compare
See remark at xenserver#167 (review) |
XAPI now rejects the default keysize of 7.x era, which must be regenerated before upgrading to 8.3. Let the installer refuse to initiate a situation where a Rolling Pool Upgrade would be unable to proceed, with not-yet-updated slaves holding the running VMs getting refused connection to the updated part of the pool. Signed-off-by: Yann Dirson <yann.dirson@vates.tech>
3e34037
to
6265ada
Compare
applied remarks from upstream PR |
upgrade.py
Outdated
primary_fs.unmount() | ||
|
||
def testUpgradeForbidden(self, tool): | ||
utilparts = tool.utilityPartitions() | ||
if tool.partTableType == constants.PARTITION_DOS and utilparts is not None: | ||
raise RuntimeError("Util partition detected on DOS partition type, upgrade forbidden.") | ||
if self.key_size < constants.MIN_KEY_SIZE: | ||
raise RuntimeError("Current server certificate is too small (%s bits), please regenerate with at least %s bits." % (self.key_size, constants.MIN_KEY_SIZE)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add "(see the Release Notes for XCP-ng 8.3)" ? This will likely remain accurate even if people upgrade to a later release.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added, in a separate XCP-ng-specific patch.
Signed-off-by: Yann Dirson <yann.dirson@vates.tech>
d54d508
to
5c8d6a7
Compare
XAPI now rejects the default keysize of 7.x era, which must be regenerated before upgrading to 8.3. Let the installer refuse to initiate a situation where a Rolling Pool Upgrade would be unable to proceed, with not-yet-updated slaves holding the running VMs getting refused connection to the updated part of the pool.
Results in this failure, but only after the user gave authorization to write the backup:
Submitted upstream as xenserver#167