Replace rootwrap_config and rootwrap_helper_cmd with root_helper
ironic-lib will use the command set in the new 'root_helper' conf parameter to execute commands as root user. If this configuration paramter is not specified, ironic-lib will execute commands with run_as_root=False. This configuration is not set by default. 'rootwrap_config' and 'rootwrap_helper_cmd' configs are deleted, since they are replaced by the new 'root_helper' config. This fix also delivers a sample ironic-lib.filters file, which should be used with rootwrap command. Change-Id: I61ef7c15237c995e9d4cc85095ac48a30a8f6c7d Closes-bug: #1515943
This commit is contained in:
parent
8fee6398ec
commit
6c273960d5
|
@ -0,0 +1,19 @@
|
||||||
|
# An ironic-lib.filters to be used with rootwrap command.
|
||||||
|
# The following commands should be used in filters for disk manipulation.
|
||||||
|
# This file should be owned by (and only-writeable by) the root user.
|
||||||
|
|
||||||
|
[Filters]
|
||||||
|
# ironic_lib/disk_utils.py
|
||||||
|
blkid: CommandFilter, blkid, root
|
||||||
|
blockdev: CommandFilter, blockdev, root
|
||||||
|
hexdump: CommandFilter, hexdump, root
|
||||||
|
qemu-img: CommandFilter, qemu-img, root
|
||||||
|
|
||||||
|
# ironic_lib/utils.py
|
||||||
|
mkswap: CommandFilter, mkswap, root
|
||||||
|
mkfs: CommandFilter, mkfs, root
|
||||||
|
dd: CommandFilter, dd, root
|
||||||
|
|
||||||
|
# ironic_lib/disk_partitioner.py
|
||||||
|
fuser: CommandFilter, fuser, root
|
||||||
|
parted: CommandFilter, parted, root
|
|
@ -146,7 +146,8 @@ grep foo
|
||||||
execute_mock):
|
execute_mock):
|
||||||
utils.execute('foo', use_standard_locale=True)
|
utils.execute('foo', use_standard_locale=True)
|
||||||
execute_mock.assert_called_once_with('foo',
|
execute_mock.assert_called_once_with('foo',
|
||||||
env_variables={'LC_ALL': 'C'})
|
env_variables={'LC_ALL': 'C'},
|
||||||
|
run_as_root=False)
|
||||||
|
|
||||||
@mock.patch.object(processutils, 'execute')
|
@mock.patch.object(processutils, 'execute')
|
||||||
def test_execute_use_standard_locale_with_env_variables(self,
|
def test_execute_use_standard_locale_with_env_variables(self,
|
||||||
|
@ -155,27 +156,36 @@ grep foo
|
||||||
env_variables={'foo': 'bar'})
|
env_variables={'foo': 'bar'})
|
||||||
execute_mock.assert_called_once_with('foo',
|
execute_mock.assert_called_once_with('foo',
|
||||||
env_variables={'LC_ALL': 'C',
|
env_variables={'LC_ALL': 'C',
|
||||||
'foo': 'bar'})
|
'foo': 'bar'},
|
||||||
|
run_as_root=False)
|
||||||
|
|
||||||
@mock.patch.object(processutils, 'execute')
|
@mock.patch.object(processutils, 'execute')
|
||||||
def test_execute_not_use_standard_locale(self, execute_mock):
|
def test_execute_not_use_standard_locale(self, execute_mock):
|
||||||
utils.execute('foo', use_standard_locale=False,
|
utils.execute('foo', use_standard_locale=False,
|
||||||
env_variables={'foo': 'bar'})
|
env_variables={'foo': 'bar'})
|
||||||
execute_mock.assert_called_once_with('foo',
|
execute_mock.assert_called_once_with('foo',
|
||||||
env_variables={'foo': 'bar'})
|
env_variables={'foo': 'bar'},
|
||||||
|
run_as_root=False)
|
||||||
def test_execute_get_root_helper(self):
|
|
||||||
with mock.patch.object(processutils, 'execute') as execute_mock:
|
|
||||||
helper = utils._get_root_helper()
|
|
||||||
utils.execute('foo', run_as_root=True)
|
|
||||||
execute_mock.assert_called_once_with('foo', run_as_root=True,
|
|
||||||
root_helper=helper)
|
|
||||||
|
|
||||||
def test_execute_without_root_helper(self):
|
def test_execute_without_root_helper(self):
|
||||||
|
CONF.set_override('root_helper', None, group='ironic_lib')
|
||||||
with mock.patch.object(processutils, 'execute') as execute_mock:
|
with mock.patch.object(processutils, 'execute') as execute_mock:
|
||||||
utils.execute('foo', run_as_root=False)
|
utils.execute('foo', run_as_root=False)
|
||||||
execute_mock.assert_called_once_with('foo', run_as_root=False)
|
execute_mock.assert_called_once_with('foo', run_as_root=False)
|
||||||
|
|
||||||
|
def test_execute_without_root_helper_run_as_root(self):
|
||||||
|
CONF.set_override('root_helper', None, group='ironic_lib')
|
||||||
|
with mock.patch.object(processutils, 'execute') as execute_mock:
|
||||||
|
utils.execute('foo', run_as_root=True)
|
||||||
|
execute_mock.assert_called_once_with('foo', run_as_root=False)
|
||||||
|
|
||||||
|
def test_execute_with_root_helper(self):
|
||||||
|
CONF.set_override('root_helper', 'sudo', group='ironic_lib')
|
||||||
|
with mock.patch.object(processutils, 'execute') as execute_mock:
|
||||||
|
utils.execute('foo', run_as_root=True)
|
||||||
|
execute_mock.assert_called_once_with('foo', run_as_root=True,
|
||||||
|
root_helper='sudo')
|
||||||
|
|
||||||
|
|
||||||
class MkfsTestCase(test_base.BaseTestCase):
|
class MkfsTestCase(test_base.BaseTestCase):
|
||||||
|
|
||||||
|
|
|
@ -31,15 +31,10 @@ from ironic_lib.common.i18n import _LW
|
||||||
from ironic_lib import exception
|
from ironic_lib import exception
|
||||||
|
|
||||||
utils_opts = [
|
utils_opts = [
|
||||||
cfg.StrOpt('rootwrap_config',
|
cfg.StrOpt('root_helper',
|
||||||
default="",
|
default=None,
|
||||||
help='Path to the rootwrap configuration file to use for '
|
help='Command that is prefixed to commands that are run as '
|
||||||
'running commands as root.',
|
'root. If not specified, no commands are run as root.'),
|
||||||
deprecated_group='DEFAULT'),
|
|
||||||
cfg.StrOpt('rootwrap_helper_cmd',
|
|
||||||
default="",
|
|
||||||
help='Command that is used with the path to the rootwrap '
|
|
||||||
'configuration file, when running commands as root.'),
|
|
||||||
]
|
]
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
|
@ -48,12 +43,6 @@ CONF.register_opts(utils_opts, group='ironic_lib')
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
def _get_root_helper():
|
|
||||||
root_helper = '%s %s' % (CONF.ironic_lib.rootwrap_helper_cmd,
|
|
||||||
CONF.ironic_lib.rootwrap_config)
|
|
||||||
return root_helper
|
|
||||||
|
|
||||||
|
|
||||||
def execute(*cmd, **kwargs):
|
def execute(*cmd, **kwargs):
|
||||||
"""Convenience wrapper around oslo's execute() method.
|
"""Convenience wrapper around oslo's execute() method.
|
||||||
|
|
||||||
|
@ -71,8 +60,13 @@ def execute(*cmd, **kwargs):
|
||||||
env = kwargs.pop('env_variables', os.environ.copy())
|
env = kwargs.pop('env_variables', os.environ.copy())
|
||||||
env['LC_ALL'] = 'C'
|
env['LC_ALL'] = 'C'
|
||||||
kwargs['env_variables'] = env
|
kwargs['env_variables'] = env
|
||||||
if kwargs.get('run_as_root') and 'root_helper' not in kwargs:
|
|
||||||
kwargs['root_helper'] = _get_root_helper()
|
# If root_helper config is not specified, no commands are run as root.
|
||||||
|
if not CONF.ironic_lib.root_helper:
|
||||||
|
kwargs['run_as_root'] = False
|
||||||
|
else:
|
||||||
|
kwargs['root_helper'] = CONF.ironic_lib.root_helper
|
||||||
|
|
||||||
result = processutils.execute(*cmd, **kwargs)
|
result = processutils.execute(*cmd, **kwargs)
|
||||||
LOG.debug('Execution completed, command line is "%s"',
|
LOG.debug('Execution completed, command line is "%s"',
|
||||||
' '.join(map(str, cmd)))
|
' '.join(map(str, cmd)))
|
||||||
|
|
Loading…
Reference in New Issue