Use os-xenapi for neutron when XenServer as hypervisor

We have made os-xenapi repository to deal with XenServer Dom0 specific functions, this patch is to change neutron to use os-xenapi when XenServer is hypervisor and move the building RPM scripts into os-xenapi repo Depends-On: I8a31c81d9475387fe4ed7030b70b26098e588771 Change-Id: Ia958c366189386b1b5abbadbb4d74950aaa23bb2
5 years ago · bc23e29423
--- a/bin/neutron-rootwrap-xen-dom0
+++ b/bin/neutron-rootwrap-xen-dom0
@ -30,7 +30,7 @@ import os
 import select
 import sys

 import XenAPI
 from os_xenapi.client import XenAPI


 RC_UNAUTHORIZED = 99
@ -116,7 +116,7 @@ def run_command(url, username, password, user_args, cmd_input):
        try:
            host = session.xenapi.session.get_this_host(session.handle)
            result = session.xenapi.host.call_plugin(
                host, 'netwrap', 'run_command',
                host, 'netwrap.py', 'run_command',
                {'cmd': json.dumps(user_args), 'cmd_input': json.dumps(cmd_input)})
            result_dict = json.loads(result)
            returncode = result_dict.get('returncode')
@ -133,6 +133,9 @@ def run_command(url, username, password, user_args, cmd_input):


 def main():
    # Deprecated: This script is deprecated and will be deleted in next release
    sys.stderr.write("Deprecated: neutron-rootwrap-xen-dom0 is deprecated, "
                     "will be deleted in next release.")
    exec_name, config_file, user_args = parse_args()
    config = load_configuration(exec_name, config_file)
    filter_command(exec_name, config['filters_path'], user_args, config['exec_dirs'])
--- a/neutron/agent/linux/xenapi_root_helper.py
+++ b/neutron/agent/linux/xenapi_root_helper.py
@ -22,6 +22,8 @@ in dom0 via calling XenAPI plugin. The XenAPI plugin is responsible to
 determine whether a command is safe to execute.
 """

 from os_xenapi.client import session
 from os_xenapi.client import XenAPI
 from oslo_config import cfg
 from oslo_log import log as logging
 from oslo_rootwrap import cmd as oslo_rootwrap_cmd
@ -44,19 +46,17 @@ xenapi_conf.register_xenapi_opts(cfg.CONF)

 class XenAPIClient(object):
    def __init__(self):
        self._session = None
        self._host = None
        self._XenAPI = None
        self._session = self._create_session(
            cfg.CONF.xenapi.connection_url,
            cfg.CONF.xenapi.connection_username,
            cfg.CONF.xenapi.connection_password)

    def _call_plugin(self, plugin, fn, args):
        host = self._this_host()
        return self.get_session().xenapi.host.call_plugin(
            host, plugin, fn, args)
        return self._session.call_plugin(plugin, fn, args)

    def _create_session(self, url, username, password):
        session = self._get_XenAPI().Session(url)
        session.login_with_password(username, password)
        return session
        return session.XenAPISession(url, username, password,
                                     originator="neutron")

    def _get_return_code(self, failure_details):
        # The details will be as:
@ -71,20 +71,6 @@ class XenAPIClient(object):
        # otherwise we get unexpected exception.
        return RC_UNKNOWN_XENAPI_ERROR

    def _get_XenAPI(self):
        # Delay importing XenAPI as this module may not exist
        # for non-XenServer hypervisors.
        if self._XenAPI is None:
            import XenAPI
            self._XenAPI = XenAPI
        return self._XenAPI

    def _this_host(self):
        if not self._host:
            session = self.get_session()
            self._host = session.xenapi.session.get_this_host(session.handle)
        return self._host

    def execute(self, cmd, stdin=None):
        out = ""
        err = ""
@ -93,7 +79,7 @@ class XenAPIClient(object):
            return oslo_rootwrap_cmd.RC_NOCOMMAND, out, err
        try:
            result_raw = self._call_plugin(
                'netwrap', 'run_command',
                'netwrap.py', 'run_command',
                {'cmd': jsonutils.dumps(cmd),
                 'cmd_input': jsonutils.dumps(stdin)})
            result = jsonutils.loads(result_raw)
@ -101,20 +87,7 @@ class XenAPIClient(object):
            out = result['out']
            err = result['err']
            return returncode, out, err
        except self._get_XenAPI().Failure as failure:
        except XenAPI.Failure as failure:
            LOG.exception(_LE('Failed to execute command: %s'), cmd)
            returncode = self._get_return_code(failure.details)
            return returncode, out, err

    def get_session(self):
        if self._session is None:
            url = cfg.CONF.xenapi.connection_url
            username = cfg.CONF.xenapi.connection_username
            password = cfg.CONF.xenapi.connection_password
            try:
                self._session = self._create_session(url, username, password)
            except Exception:
                # Shouldn't reach here, otherwise it's a fatal error.
                LOG.exception(_LE("Failed to initiate XenAPI session"))
                raise SystemExit(1)
        return self._session
--- a/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/README
+++ b/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/README
@ -1,16 +0,0 @@
 This directory contains files that are required for the XenAPI support.
 They should be installed in the XenServer / Xen Cloud Platform dom0.

 If you install them manually, you will need to ensure that the newly
 added files are executable. You can do this by running the following
 command (from dom0):

    chmod a+x /etc/xapi.d/plugins/*

 Otherwise, you can build an rpm by running the following command:

    ./contrib/build-rpm.sh

 and install the rpm by running the following command (from dom0):

    rpm -i openstack-neutron-xen-plugins.rpm
--- a/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/contrib/build-rpm.sh
+++ b/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/contrib/build-rpm.sh
@ -1,34 +0,0 @@
 #!/usr/bin/env bash

 set -eux

 thisdir=$(dirname $(readlink -f "$0"))
 export NEUTRON_ROOT="$thisdir/../../../../../../"
 export PYTHONPATH=$NEUTRON_ROOT

 cd $NEUTRON_ROOT
 VERSION=$(sh -c "(cat $NEUTRON_ROOT/neutron/version.py; \
    echo 'print version_info.release_string()') | \
    python")
 cd -

 PACKAGE=openstack-neutron-xen-plugins
 RPMBUILD_DIR=$PWD/rpmbuild
 if [ ! -d $RPMBUILD_DIR ]; then
    echo $RPMBUILD_DIR is missing
    exit 1
 fi

 for dir in BUILD BUILDROOT SRPMS RPMS SOURCES; do
    rm -rf $RPMBUILD_DIR/$dir
    mkdir -p $RPMBUILD_DIR/$dir
 done

 rm -rf /tmp/$PACKAGE
 mkdir /tmp/$PACKAGE
 cp -r ../etc/xapi.d /tmp/$PACKAGE
 tar czf $RPMBUILD_DIR/SOURCES/$PACKAGE.tar.gz -C /tmp $PACKAGE

 rpmbuild -ba --nodeps --define "_topdir $RPMBUILD_DIR"  \
    --define "version $VERSION" \
    $RPMBUILD_DIR/SPECS/$PACKAGE.spec
--- a/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/contrib/rpmbuild/SPECS/openstack-quantum-xen-plugins.spec
+++ b/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/contrib/rpmbuild/SPECS/openstack-quantum-xen-plugins.spec
@ -1,30 +0,0 @@
 Name:           openstack-neutron-xen-plugins
 Version:        %{version}
 Release:        1
 Summary:        Files for XenAPI support.
 License:        ASL 2.0
 Group:          Applications/Utilities
 Source0:        openstack-neutron-xen-plugins.tar.gz
 BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

 %define debug_package %{nil}

 %description
 This package contains files that are required for XenAPI support for Neutron.

 %prep
 %setup -q -n openstack-neutron-xen-plugins

 %install
 rm -rf $RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT/etc
 cp -r xapi.d $RPM_BUILD_ROOT/etc
 chmod a+x $RPM_BUILD_ROOT/etc/xapi.d/plugins/*

 %clean
 rm -rf $RPM_BUILD_ROOT

 %files
 %defattr(-,root,root,-)
 /etc/xapi.d/plugins/*
--- a/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap
+++ b/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap
@ -1,94 +0,0 @@
 #!/usr/bin/env python

 # Copyright 2012 OpenStack Foundation
 # Copyright 2012 United States Government as represented by the
 # Administrator of the National Aeronautics and Space Administration.
 # All Rights Reserved.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
 #    not use this file except in compliance with the License. You may obtain
 #    a copy of the License at
 #
 #         http://www.apache.org/licenses/LICENSE-2.0
 #
 #    Unless required by applicable law or agreed to in writing, software
 #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.

 #
 # XenAPI plugin for executing network commands (ovs, iptables, etc) on dom0
 #

 import errno
 import gettext
 gettext.install('neutron', unicode=1)
 try:
    import json
 except ImportError:
    import simplejson as json
 import subprocess

 import XenAPIPlugin


 MSG_UNAUTHORIZED = "Unauthorized command"
 MSG_NOT_FOUND = "Executable not found"

 ALLOWED_CMDS = [
    'ip',
    'ipset',
    'iptables-save',
    'iptables-restore',
    'ip6tables-save',
    'ip6tables-restore',
    'sysctl',
    # NOTE(yamamoto): of_interface=native doesn't use ovs-ofctl
    'ovs-ofctl',
    'ovs-vsctl',
    'ovsdb-client',
    'conntrack',
    ]


 class PluginError(Exception):
    """Base Exception class for all plugin errors."""
    def __init__(self, *args):
        Exception.__init__(self, *args)

 def _run_command(cmd, cmd_input):
    """Abstracts out the basics of issuing system commands. If the command
    returns anything in stderr, a PluginError is raised with that information.
    Otherwise, the output from stdout is returned.
    """
    try:
        pipe = subprocess.PIPE
        proc = subprocess.Popen(cmd, shell=False, stdin=pipe, stdout=pipe,
                                stderr=pipe, close_fds=True)
    except OSError, e:
        if e.errno == errno.ENOENT:
             raise PluginError(MSG_NOT_FOUND)
    (out, err) = proc.communicate(cmd_input)
    return proc.returncode, out, err


 def run_command(session, args):
    cmd = json.loads(args.get('cmd'))
    if cmd and cmd[0] not in ALLOWED_CMDS:
        raise PluginError(MSG_UNAUTHORIZED)
    returncode, out, err = _run_command(
                                cmd, json.loads(args.get('cmd_input', 'null')))
    if not err:
        err = ""
    if not out:
        out = ""
    # This runs in Dom0, will return to neutron-ovs-agent in compute node
    result = {'returncode': returncode,
              'out': out,
              'err': err}
    return json.dumps(result)


 if __name__ == "__main__":
    XenAPIPlugin.dispatch({"run_command": run_command})
--- a/neutron/tests/unit/agent/linux/test_utils.py
+++ b/neutron/tests/unit/agent/linux/test_utils.py
@ -41,9 +41,12 @@ class AgentUtilsExecuteTest(base.BaseTestCase):
    def test_xenapi_root_helper(self):
        token = utils.xenapi_root_helper.ROOT_HELPER_DAEMON_TOKEN
        self.config(group='AGENT', root_helper_daemon=token)
        cmd_client = utils.RootwrapDaemonHelper.get_client()
        self.assertIsInstance(cmd_client,
                              utils.xenapi_root_helper.XenAPIClient)
        with mock.patch(
                'neutron.agent.linux.utils.xenapi_root_helper.XenAPIClient')\
                as mock_xenapi_class:
            mock_client = mock_xenapi_class.return_value
            cmd_client = utils.RootwrapDaemonHelper.get_client()
            self.assertEqual(cmd_client, mock_client)

    def test_without_helper(self):
        expected = "%s\n" % self.test_file
--- a/neutron/tests/unit/agent/linux/test_xenapi_root_helper.py
+++ b/neutron/tests/unit/agent/linux/test_xenapi_root_helper.py
@ -25,9 +25,7 @@ class TestXenapiRootHelper(base.BaseTestCase):
    def _get_fake_xenapi_client(self):
        class FakeXenapiClient(helper.XenAPIClient):
            def __init__(self):
                super(FakeXenapiClient, self).__init__()
                # Mock XenAPI which may not exist in the unit test env.
                self.XenAPI = mock.MagicMock()
                self._session = mock.MagicMock()

        return FakeXenapiClient()

@ -75,7 +73,7 @@ class TestXenapiRootHelper(base.BaseTestCase):
            rc, out, err = xenapi_client.execute(cmd)

            mock_call_plugin.assert_called_once_with(
                'netwrap', 'run_command', expect_cmd_args)
                'netwrap.py', 'run_command', expect_cmd_args)
            self.assertEqual(0, rc)
            self.assertEqual("vif158.2", out)
            self.assertEqual("", err)
@ -85,9 +83,3 @@ class TestXenapiRootHelper(base.BaseTestCase):
        xenapi_client = self._get_fake_xenapi_client()
        rc, out, err = xenapi_client.execute(cmd)
        self.assertEqual(oslo_rootwrap_cmd.RC_NOCOMMAND, rc)

    def test_get_session_except(self):
        xenapi_client = self._get_fake_xenapi_client()
        with mock.patch.object(helper.XenAPIClient, "_create_session",
                               side_effect=Exception()):
            self.assertRaises(SystemExit, xenapi_client.get_session)
--- a/releasenotes/notes/deprecate-neutron-rootwrap-xen-dom0-124ee3647beecc17.yaml
+++ b/releasenotes/notes/deprecate-neutron-rootwrap-xen-dom0-124ee3647beecc17.yaml
@ -0,0 +1,5 @@
 ---
 deprecations:
  - Now that rootwrap daemon mode is supported for XenServer, the
    ``neutron-rootwrap-xen-dom0`` script is deprecated and will be removed
    in a next release.
--- a/requirements.txt
+++ b/requirements.txt
@ -50,3 +50,4 @@ weakrefmethod>=1.0.2;python_version=='2.7' # PSF

 python-novaclient>=7.1.0 # Apache-2.0
 python-designateclient>=1.5.0 # Apache-2.0
 os-xenapi>=0.1.1 # Apache-2.0