NetApp cDot: Fix manage volumes

When running NetApp cDot driver using nas_secure_files_operation=false, managing a volume will always fail if the files permissions are not set to 0777. This patch changes the python call from shutil.move to _execute() which is run using elevated permissions. Change-Id: I41484ced6269d0d4b7553e84c734ef22ab46fcd9 Closes-bug: #1691771
2017-10-20 10:39:59 -02:00 · 2017-10-20 10:39:59 -02:00 · 4b874c5ddc
parent 5e2062ceaf
commit 4b874c5ddc
4 changed files with 13 additions and 10 deletions
--- a/cinder/tests/unit/volume/drivers/netapp/dataontap/test_nfs_base.py
+++ b/cinder/tests/unit/volume/drivers/netapp/dataontap/test_nfs_base.py
@ -26,7 +26,6 @@ import mock
 from os_brick.remotefs import remotefs as remotefs_brick
 from oslo_concurrency import processutils
 from oslo_utils import units
-import shutil

 from cinder import context
 from cinder import exception
@ -802,7 +801,6 @@ class NetAppNfsDriverTestCase(test.TestCase):
        vol_path = "%s/%s" % (self.fake_nfs_export_1, test_file)
        vol_ref = {'source-name': vol_path}
        self.driver._check_volume_type = mock.Mock()
-        shutil.move = mock.Mock()
        self.mock_object(self.driver, '_execute')
        self.driver._ensure_shares_mounted = mock.Mock()
        self.driver._get_mount_point_for_share = mock.Mock(
@ -835,14 +833,15 @@ class NetAppNfsDriverTestCase(test.TestCase):
        volume = fake.FAKE_MANAGE_VOLUME
        vol_path = "%s/%s" % (self.fake_nfs_export_1, test_file)
        vol_ref = {'source-name': vol_path}
-        mock_check_volume_type = self.driver._check_volume_type = mock.Mock()
+        self.driver._check_volume_type = mock.Mock()
        self.driver._ensure_shares_mounted = mock.Mock()
        self.driver._get_mount_point_for_share = mock.Mock(
            return_value=self.fake_mount_point)
        self.driver._get_share_mount_and_vol_from_vol_ref = mock.Mock(
            return_value=(self.fake_nfs_export_1, self.fake_mount_point,
                          test_file))
-        self.driver._execute = mock.Mock(side_effect=OSError)
+        self.driver._execute = mock.Mock(
+            side_effect=processutils.ProcessExecutionError)
        mock_get_specs = self.mock_object(na_utils, 'get_volume_extra_specs')
        mock_get_specs.return_value = {}
        self.mock_object(self.driver, '_do_qos_for_volume')
@ -850,9 +849,6 @@ class NetAppNfsDriverTestCase(test.TestCase):
        self.assertRaises(exception.VolumeBackendAPIException,
                          self.driver.manage_existing, volume, vol_ref)

-        mock_check_volume_type.assert_called_once_with(
-            volume, self.fake_nfs_export_1, test_file, {})
-
    def test_unmanage(self):
        mock_log = self.mock_object(nfs_base, 'LOG')
        volume = {'id': '123', 'provider_location': '/share'}
--- a/cinder/volume/drivers/netapp/dataontap/nfs_base.py
+++ b/cinder/volume/drivers/netapp/dataontap/nfs_base.py
@ -25,7 +25,6 @@ import copy
 import math
 import os
 import re
-import shutil
 import threading
 import time

@ -1001,11 +1000,13 @@ class NetAppNfsDriver(driver.ManageableVD,
            src_vol = os.path.join(nfs_mount, vol_path)
            dst_vol = os.path.join(nfs_mount, volume['name'])
            try:
-                shutil.move(src_vol, dst_vol)
+                self._execute("mv", src_vol, dst_vol,
+                              run_as_root=self._execute_as_root,
+                              check_exit_code=True)
                LOG.debug("Setting newly managed Cinder volume name to %s",
                          volume['name'])
                self._set_rw_permissions_for_all(dst_vol)
-            except (OSError, IOError) as err:
+            except processutils.ProcessExecutionError as err:
                exception_msg = (_("Failed to manage existing volume %(name)s,"
                                   " because rename operation failed:"
                                   " Error msg: %(msg)s."),
--- a/etc/cinder/rootwrap.d/volume.filters
+++ b/etc/cinder/rootwrap.d/volume.filters
@ -149,6 +149,7 @@ blockdev: CommandFilter, blockdev, root

 # cinder/volume/drivers/ibm/gpfs.py
 # cinder/volume/drivers/tintri.py
+# cinder/volume/drivers/netapp/dataontap/nfs_base.py
 mv: CommandFilter, mv, root

 # cinder/volume/drivers/ibm/gpfs.py
--- a/releasenotes/notes/bug-1691771-fix-netapp-manage-volumes-62bec192a08b3ceb.yaml
+++ b/releasenotes/notes/bug-1691771-fix-netapp-manage-volumes-62bec192a08b3ceb.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - The NetApp cDOT driver operating with NFS protocol has been fixed to
+    manage volumes correctly when ``nas_secure_file_operations`` option has
+    been set to False.