From a62c9dfdd41ab0be8bedd99ca39b82701d73ef4f Mon Sep 17 00:00:00 2001 From: Charles Short Date: Fri, 11 Jan 2019 14:33:19 +0000 Subject: [PATCH] Remove truncate from rootwrap filters Use oslo.privsep for the truncate command. Change-Id: Ic287c64a4e0f663738e23d22e819b6ffee9c84c1 Signed-off-by: Charles Short --- cinder/privsep/fs.py | 5 ++++ .../drivers/nexenta/test_nexenta5_nfs.py | 23 ++++++++----------- cinder/tests/unit/volume/drivers/test_gpfs.py | 3 ++- cinder/tests/unit/volume/drivers/test_nfs.py | 8 ++++--- .../unit/volume/drivers/test_remotefs.py | 15 ++++++------ .../unit/volume/drivers/test_veritas_cnfs.py | 5 ++-- cinder/volume/drivers/ibm/gpfs.py | 3 ++- cinder/volume/drivers/nexenta/ns5/nfs.py | 10 ++++---- cinder/volume/drivers/remotefs.py | 7 +++--- cinder/volume/drivers/veritas_cnfs.py | 3 ++- etc/cinder/rootwrap.d/volume.filters | 1 - 11 files changed, 45 insertions(+), 38 deletions(-) diff --git a/cinder/privsep/fs.py b/cinder/privsep/fs.py index e788d4e6c11..f880a6d8c0e 100644 --- a/cinder/privsep/fs.py +++ b/cinder/privsep/fs.py @@ -27,3 +27,8 @@ import cinder.privsep @cinder.privsep.sys_admin_pctxt.entrypoint def umount(mountpoint): processutils.execute('umount', mountpoint, attempts=1, delay_on_retry=True) + + +@cinder.privsep.sys_admin_pctxt.entrypoint +def truncate(size, path): + processutils.execute('truncate', '-s', size, path) diff --git a/cinder/tests/unit/volume/drivers/nexenta/test_nexenta5_nfs.py b/cinder/tests/unit/volume/drivers/nexenta/test_nexenta5_nfs.py index 10d89cf70b3..550758aaf80 100644 --- a/cinder/tests/unit/volume/drivers/nexenta/test_nexenta5_nfs.py +++ b/cinder/tests/unit/volume/drivers/nexenta/test_nexenta5_nfs.py @@ -141,22 +141,22 @@ class TestNexentaNfsDriver(test.TestCase): self.nef_mock.get.return_value = {} self.drv.delete_volume(self.TEST_VOLUME) self.nef_mock.delete.assert_called_with( - 'storage/pools/pool/filesystems/share%2Fvolume-' + - fake.VOLUME_ID + '?snapshots=true') + 'storage/pools/pool/filesystems/share%2Fvolume-' + + fake.VOLUME_ID + '?snapshots=true') def test_create_snapshot(self): self._create_volume_db_entry() self.drv.create_snapshot(self.TEST_SNAPSHOT) - url = ('storage/pools/pool/filesystems/share%2Fvolume-' + - fake.VOLUME_ID + '/snapshots') + url = ('storage/pools/pool/filesystems/share%2Fvolume-' + + fake.VOLUME_ID + '/snapshots') data = {'name': self.TEST_SNAPSHOT['name']} self.nef_mock.post.assert_called_with(url, data) def test_delete_snapshot(self): self._create_volume_db_entry() self.drv.delete_snapshot(self.TEST_SNAPSHOT) - url = ('storage/pools/pool/filesystems/share%2Fvolume-' + - fake.VOLUME_ID + '/snapshots/snapshot1') + url = ('storage/pools/pool/filesystems/share%2Fvolume-' + + fake.VOLUME_ID + '/snapshots/snapshot1') self.drv.delete_snapshot(self.TEST_SNAPSHOT) self.nef_mock.delete.assert_called_with(url) @@ -185,18 +185,15 @@ class TestNexentaNfsDriver(test.TestCase): @patch('cinder.volume.drivers.nexenta.ns5.nfs.' 'NexentaNfsDriver.local_path') - @patch('oslo_concurrency.processutils.execute') - def test_extend_volume_sparsed(self, _execute, path): + @patch('cinder.privsep.fs.truncate') + def test_extend_volume_sparsed(self, mock_truncate, path): self._create_volume_db_entry() path.return_value = 'path' self.drv.extend_volume(self.TEST_VOLUME, 2) - _execute.assert_called_with( - 'truncate', '-s', '2G', - 'path', - root_helper='sudo cinder-rootwrap /etc/cinder/rootwrap.conf', - run_as_root=True) + mock_truncate.assert_called_once_with( + '2G', 'path') @patch('cinder.volume.drivers.nexenta.ns5.nfs.' 'NexentaNfsDriver.local_path') diff --git a/cinder/tests/unit/volume/drivers/test_gpfs.py b/cinder/tests/unit/volume/drivers/test_gpfs.py index 20a24f99e35..1089ae25cae 100644 --- a/cinder/tests/unit/volume/drivers/test_gpfs.py +++ b/cinder/tests/unit/volume/drivers/test_gpfs.py @@ -648,7 +648,8 @@ class GPFSDriverTestCase(test.TestCase): fake_fs_release = org_fake_fs_release @mock.patch('cinder.utils.execute') - def test_create_sparse_file(self, mock_exec): + @mock.patch('cinder.privsep.fs.truncate') + def test_create_sparse_file(self, mock_truncate, mock_exec): self.driver._create_sparse_file('', 100) @mock.patch('cinder.utils.execute') diff --git a/cinder/tests/unit/volume/drivers/test_nfs.py b/cinder/tests/unit/volume/drivers/test_nfs.py index 20ed172b424..f65419c04c8 100644 --- a/cinder/tests/unit/volume/drivers/test_nfs.py +++ b/cinder/tests/unit/volume/drivers/test_nfs.py @@ -27,6 +27,7 @@ from oslo_utils import units from cinder import context from cinder import exception from cinder.image import image_utils +import cinder.privsep.fs as privsep from cinder import test from cinder.tests.unit import fake_snapshot from cinder.tests.unit import fake_volume @@ -57,10 +58,10 @@ class RemoteFsDriverTestCase(test.TestCase): self._execute = mock_exc.start() self.addCleanup(mock_exc.stop) - def test_create_sparsed_file(self): + @mock.patch('cinder.privsep.fs.truncate') + def test_create_sparsed_file(self, mock_truncate): self._driver._create_sparsed_file('/path', 1) - self._execute.assert_called_once_with('truncate', '-s', '1G', - '/path', run_as_root=True) + mock_truncate.assert_called_with('1G', '/path') def test_create_regular_file(self): self._driver._create_regular_file('/path', 1) @@ -1275,6 +1276,7 @@ class NfsDriverTestCase(test.TestCase): self.mock_object(drv, '_create_regular_file') self.mock_object(drv, '_set_rw_permissions') self.mock_object(drv, '_read_file') + self.mock_object(privsep, 'truncate') ret = drv.create_volume_from_snapshot(new_volume, fake_snap) diff --git a/cinder/tests/unit/volume/drivers/test_remotefs.py b/cinder/tests/unit/volume/drivers/test_remotefs.py index 290e64949f3..1516e2b6d47 100644 --- a/cinder/tests/unit/volume/drivers/test_remotefs.py +++ b/cinder/tests/unit/volume/drivers/test_remotefs.py @@ -50,8 +50,8 @@ class RemoteFsSnapDriverTestCase(test.TestCase): self._fake_volume_path = os.path.join(self._FAKE_MNT_POINT, self._fake_volume.name) self._fake_snapshot = fake_snapshot.fake_snapshot_obj(self.context) - self._fake_snapshot_path = (self._fake_volume_path + '.' + - self._fake_snapshot.id) + self._fake_snapshot_path = (self._fake_volume_path + '.' + + self._fake_snapshot.id) self._fake_snapshot.volume = self._fake_volume @ddt.data({'current_state': 'in-use', @@ -718,7 +718,9 @@ class RemoteFsSnapDriverTestCase(test.TestCase): @mock.patch('json.dump') @mock.patch('cinder.volume.drivers.remotefs.open') @mock.patch('os.path.exists') + @mock.patch('cinder.privsep.fs.truncate') def test_write_info_file(self, + mock_truncate, mock_os_path_exists, mock_open, mock_json_dump, @@ -741,9 +743,8 @@ class RemoteFsSnapDriverTestCase(test.TestCase): self._driver._execute.assert_not_called() self._driver._set_rw_permissions.assert_not_called() else: - self._driver._execute.assert_called_once_with( - 'truncate', "-s0", fake_info_path, - run_as_root=self._driver._execute_as_root) + mock_truncate.assert_called_once_with( + 0, fake_info_path) self._driver._set_rw_permissions.assert_called_once_with( fake_info_path) @@ -868,8 +869,8 @@ class RevertToSnapshotMixinTestCase(test.TestCase): self._fake_volume_path = os.path.join(self._FAKE_MNT_POINT, self._fake_volume.name) self._fake_snapshot = fake_snapshot.fake_snapshot_obj(self.context) - self._fake_snapshot_path = (self._fake_volume_path + '.' + - self._fake_snapshot.id) + self._fake_snapshot_path = (self._fake_volume_path + '.' + + self._fake_snapshot.id) self._fake_snapshot_name = os.path.basename( self._fake_snapshot_path) self._fake_snapshot.volume = self._fake_volume diff --git a/cinder/tests/unit/volume/drivers/test_veritas_cnfs.py b/cinder/tests/unit/volume/drivers/test_veritas_cnfs.py index cefd7e15262..21eea606963 100644 --- a/cinder/tests/unit/volume/drivers/test_veritas_cnfs.py +++ b/cinder/tests/unit/volume/drivers/test_veritas_cnfs.py @@ -162,8 +162,9 @@ class VeritasCNFSDriverTestCase(test.TestCase): @mock.patch.object(cnfs.VeritasCNFSDriver, '_do_clone_volume') @mock.patch.object(cnfs.VeritasCNFSDriver, 'local_path') - def test_create_volume_from_snapshot_greater_size(self, m_local_path, - m_do_clone_volume): + @mock.patch('cinder.privsep.fs.truncate') + def test_create_volume_from_snapshot_greater_size( + self, mock_truncate, m_local_path, m_do_clone_volume): """test create volume from snapshot with greater volume size""" drv = self.driver volume = fake_volume.fake_volume_obj(self.context) diff --git a/cinder/volume/drivers/ibm/gpfs.py b/cinder/volume/drivers/ibm/gpfs.py index e363b27fa32..57c0ea7b544 100644 --- a/cinder/volume/drivers/ibm/gpfs.py +++ b/cinder/volume/drivers/ibm/gpfs.py @@ -34,6 +34,7 @@ from cinder.i18n import _ from cinder.image import image_utils from cinder import interface from cinder.objects import fields +import cinder.privsep.fs from cinder import utils from cinder.volume import configuration from cinder.volume import driver @@ -488,7 +489,7 @@ class GPFSDriver(driver.CloneableImageVD, """Creates file with 0 disk usage.""" sizestr = _sizestr(size) - self.gpfs_execute('truncate', '-s', sizestr, path) + cinder.privsep.fs.truncate(sizestr, path) def _allocate_file_blocks(self, path, size): """Preallocate file blocks by writing zeros.""" diff --git a/cinder/volume/drivers/nexenta/ns5/nfs.py b/cinder/volume/drivers/nexenta/ns5/nfs.py index bf225f02a28..143ab8ea111 100644 --- a/cinder/volume/drivers/nexenta/ns5/nfs.py +++ b/cinder/volume/drivers/nexenta/ns5/nfs.py @@ -24,6 +24,7 @@ from cinder import db from cinder import exception from cinder.i18n import _ from cinder import interface +import cinder.privsep.fs from cinder.volume.drivers.nexenta.ns5 import jsonrpc from cinder.volume.drivers.nexenta import options from cinder.volume.drivers.nexenta import utils @@ -241,13 +242,12 @@ class NexentaNfsDriver(nfs.NfsDriver): LOG.info('Extending volume: %(id)s New size: %(size)s GB', {'id': volume['id'], 'size': new_size}) if self.sparsed_volumes: - self._execute('truncate', '-s', '%sG' % new_size, - self.local_path(volume), - run_as_root=self._execute_as_root) + cinder.privsep.fs.truncate('%sG' % new_size, + self.local_path(volume)) else: block_size_mb = 1 - block_count = ((new_size - volume['size']) * units.Gi // - (block_size_mb * units.Mi)) + block_count = ((new_size - volume['size']) * units.Gi + // (block_size_mb * units.Mi)) self._execute( 'dd', 'if=/dev/zero', 'seek=%d' % (volume['size'] * units.Gi / block_size_mb), diff --git a/cinder/volume/drivers/remotefs.py b/cinder/volume/drivers/remotefs.py index b6128b71587..b0767172da1 100644 --- a/cinder/volume/drivers/remotefs.py +++ b/cinder/volume/drivers/remotefs.py @@ -38,6 +38,7 @@ from cinder import exception from cinder.i18n import _ from cinder.image import image_utils from cinder.objects import fields +import cinder.privsep.fs from cinder import utils from cinder.volume import configuration from cinder.volume import driver @@ -379,8 +380,7 @@ class RemoteFSDriver(driver.BaseVD): def _create_sparsed_file(self, path, size): """Creates a sparse file of a given size in GiB.""" - self._execute('truncate', '-s', '%sG' % size, - path, run_as_root=self._execute_as_root) + cinder.privsep.fs.truncate('%sG' % size, path) def _create_regular_file(self, path, size): """Creates a regular file of given size in GiB.""" @@ -753,8 +753,7 @@ class RemoteFSSnapDriverBase(RemoteFSDriver): if not (os.path.exists(info_path) or os.name == 'nt'): # We're not managing file permissions on Windows. # Plus, 'truncate' is not available. - self._execute('truncate', "-s0", info_path, - run_as_root=self._execute_as_root) + cinder.privsep.fs.truncate(0, info_path) self._set_rw_permissions(info_path) with open(info_path, 'w') as f: diff --git a/cinder/volume/drivers/veritas_cnfs.py b/cinder/volume/drivers/veritas_cnfs.py index 72697bb2c28..223d2b40653 100644 --- a/cinder/volume/drivers/veritas_cnfs.py +++ b/cinder/volume/drivers/veritas_cnfs.py @@ -21,6 +21,7 @@ from oslo_utils import excutils from cinder import exception from cinder.i18n import _ from cinder import interface +import cinder.privsep.fs import cinder.privsep.path from cinder.volume.drivers import nfs @@ -172,7 +173,7 @@ class VeritasCNFSDriver(nfs.NfsDriver): def extend_volume(self, volume, size): """Extend the volume to new size""" path = self.local_path(volume) - self._execute('truncate', '-s', '%sG' % size, path, run_as_root=True) + cinder.privsep.fs.truncate('%sG' % size, path) LOG.debug("VeritasNFSDriver: extend_volume volume_id = %s", volume.id) def _update_volume_stats(self): diff --git a/etc/cinder/rootwrap.d/volume.filters b/etc/cinder/rootwrap.d/volume.filters index 74498591b83..ec383c5322e 100644 --- a/etc/cinder/rootwrap.d/volume.filters +++ b/etc/cinder/rootwrap.d/volume.filters @@ -86,7 +86,6 @@ stat: CommandFilter, stat, root mount: CommandFilter, mount, root df: CommandFilter, df, root du: CommandFilter, du, root -truncate: CommandFilter, truncate, root chmod: CommandFilter, chmod, root rm: CommandFilter, rm, root