Use os-xenapi for neutron when XenServer as hypervisor
We have made os-xenapi repository to deal with XenServer Dom0 specific functions, this patch is to change neutron to use os-xenapi when XenServer is hypervisor and move the building RPM scripts into os-xenapi repo Depends-On: I8a31c81d9475387fe4ed7030b70b26098e588771 Change-Id: Ia958c366189386b1b5abbadbb4d74950aaa23bb2
This commit is contained in:
parent
3d5d9e8957
commit
bc23e29423
|
@ -30,7 +30,7 @@ import os
|
||||||
import select
|
import select
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
import XenAPI
|
from os_xenapi.client import XenAPI
|
||||||
|
|
||||||
|
|
||||||
RC_UNAUTHORIZED = 99
|
RC_UNAUTHORIZED = 99
|
||||||
|
@ -116,7 +116,7 @@ def run_command(url, username, password, user_args, cmd_input):
|
||||||
try:
|
try:
|
||||||
host = session.xenapi.session.get_this_host(session.handle)
|
host = session.xenapi.session.get_this_host(session.handle)
|
||||||
result = session.xenapi.host.call_plugin(
|
result = session.xenapi.host.call_plugin(
|
||||||
host, 'netwrap', 'run_command',
|
host, 'netwrap.py', 'run_command',
|
||||||
{'cmd': json.dumps(user_args), 'cmd_input': json.dumps(cmd_input)})
|
{'cmd': json.dumps(user_args), 'cmd_input': json.dumps(cmd_input)})
|
||||||
result_dict = json.loads(result)
|
result_dict = json.loads(result)
|
||||||
returncode = result_dict.get('returncode')
|
returncode = result_dict.get('returncode')
|
||||||
|
@ -133,6 +133,9 @@ def run_command(url, username, password, user_args, cmd_input):
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
# Deprecated: This script is deprecated and will be deleted in next release
|
||||||
|
sys.stderr.write("Deprecated: neutron-rootwrap-xen-dom0 is deprecated, "
|
||||||
|
"will be deleted in next release.")
|
||||||
exec_name, config_file, user_args = parse_args()
|
exec_name, config_file, user_args = parse_args()
|
||||||
config = load_configuration(exec_name, config_file)
|
config = load_configuration(exec_name, config_file)
|
||||||
filter_command(exec_name, config['filters_path'], user_args, config['exec_dirs'])
|
filter_command(exec_name, config['filters_path'], user_args, config['exec_dirs'])
|
||||||
|
|
|
@ -22,6 +22,8 @@ in dom0 via calling XenAPI plugin. The XenAPI plugin is responsible to
|
||||||
determine whether a command is safe to execute.
|
determine whether a command is safe to execute.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
from os_xenapi.client import session
|
||||||
|
from os_xenapi.client import XenAPI
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
from oslo_rootwrap import cmd as oslo_rootwrap_cmd
|
from oslo_rootwrap import cmd as oslo_rootwrap_cmd
|
||||||
|
@ -44,19 +46,17 @@ xenapi_conf.register_xenapi_opts(cfg.CONF)
|
||||||
|
|
||||||
class XenAPIClient(object):
|
class XenAPIClient(object):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self._session = None
|
self._session = self._create_session(
|
||||||
self._host = None
|
cfg.CONF.xenapi.connection_url,
|
||||||
self._XenAPI = None
|
cfg.CONF.xenapi.connection_username,
|
||||||
|
cfg.CONF.xenapi.connection_password)
|
||||||
|
|
||||||
def _call_plugin(self, plugin, fn, args):
|
def _call_plugin(self, plugin, fn, args):
|
||||||
host = self._this_host()
|
return self._session.call_plugin(plugin, fn, args)
|
||||||
return self.get_session().xenapi.host.call_plugin(
|
|
||||||
host, plugin, fn, args)
|
|
||||||
|
|
||||||
def _create_session(self, url, username, password):
|
def _create_session(self, url, username, password):
|
||||||
session = self._get_XenAPI().Session(url)
|
return session.XenAPISession(url, username, password,
|
||||||
session.login_with_password(username, password)
|
originator="neutron")
|
||||||
return session
|
|
||||||
|
|
||||||
def _get_return_code(self, failure_details):
|
def _get_return_code(self, failure_details):
|
||||||
# The details will be as:
|
# The details will be as:
|
||||||
|
@ -71,20 +71,6 @@ class XenAPIClient(object):
|
||||||
# otherwise we get unexpected exception.
|
# otherwise we get unexpected exception.
|
||||||
return RC_UNKNOWN_XENAPI_ERROR
|
return RC_UNKNOWN_XENAPI_ERROR
|
||||||
|
|
||||||
def _get_XenAPI(self):
|
|
||||||
# Delay importing XenAPI as this module may not exist
|
|
||||||
# for non-XenServer hypervisors.
|
|
||||||
if self._XenAPI is None:
|
|
||||||
import XenAPI
|
|
||||||
self._XenAPI = XenAPI
|
|
||||||
return self._XenAPI
|
|
||||||
|
|
||||||
def _this_host(self):
|
|
||||||
if not self._host:
|
|
||||||
session = self.get_session()
|
|
||||||
self._host = session.xenapi.session.get_this_host(session.handle)
|
|
||||||
return self._host
|
|
||||||
|
|
||||||
def execute(self, cmd, stdin=None):
|
def execute(self, cmd, stdin=None):
|
||||||
out = ""
|
out = ""
|
||||||
err = ""
|
err = ""
|
||||||
|
@ -93,7 +79,7 @@ class XenAPIClient(object):
|
||||||
return oslo_rootwrap_cmd.RC_NOCOMMAND, out, err
|
return oslo_rootwrap_cmd.RC_NOCOMMAND, out, err
|
||||||
try:
|
try:
|
||||||
result_raw = self._call_plugin(
|
result_raw = self._call_plugin(
|
||||||
'netwrap', 'run_command',
|
'netwrap.py', 'run_command',
|
||||||
{'cmd': jsonutils.dumps(cmd),
|
{'cmd': jsonutils.dumps(cmd),
|
||||||
'cmd_input': jsonutils.dumps(stdin)})
|
'cmd_input': jsonutils.dumps(stdin)})
|
||||||
result = jsonutils.loads(result_raw)
|
result = jsonutils.loads(result_raw)
|
||||||
|
@ -101,20 +87,7 @@ class XenAPIClient(object):
|
||||||
out = result['out']
|
out = result['out']
|
||||||
err = result['err']
|
err = result['err']
|
||||||
return returncode, out, err
|
return returncode, out, err
|
||||||
except self._get_XenAPI().Failure as failure:
|
except XenAPI.Failure as failure:
|
||||||
LOG.exception(_LE('Failed to execute command: %s'), cmd)
|
LOG.exception(_LE('Failed to execute command: %s'), cmd)
|
||||||
returncode = self._get_return_code(failure.details)
|
returncode = self._get_return_code(failure.details)
|
||||||
return returncode, out, err
|
return returncode, out, err
|
||||||
|
|
||||||
def get_session(self):
|
|
||||||
if self._session is None:
|
|
||||||
url = cfg.CONF.xenapi.connection_url
|
|
||||||
username = cfg.CONF.xenapi.connection_username
|
|
||||||
password = cfg.CONF.xenapi.connection_password
|
|
||||||
try:
|
|
||||||
self._session = self._create_session(url, username, password)
|
|
||||||
except Exception:
|
|
||||||
# Shouldn't reach here, otherwise it's a fatal error.
|
|
||||||
LOG.exception(_LE("Failed to initiate XenAPI session"))
|
|
||||||
raise SystemExit(1)
|
|
||||||
return self._session
|
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
This directory contains files that are required for the XenAPI support.
|
|
||||||
They should be installed in the XenServer / Xen Cloud Platform dom0.
|
|
||||||
|
|
||||||
If you install them manually, you will need to ensure that the newly
|
|
||||||
added files are executable. You can do this by running the following
|
|
||||||
command (from dom0):
|
|
||||||
|
|
||||||
chmod a+x /etc/xapi.d/plugins/*
|
|
||||||
|
|
||||||
Otherwise, you can build an rpm by running the following command:
|
|
||||||
|
|
||||||
./contrib/build-rpm.sh
|
|
||||||
|
|
||||||
and install the rpm by running the following command (from dom0):
|
|
||||||
|
|
||||||
rpm -i openstack-neutron-xen-plugins.rpm
|
|
|
@ -1,34 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
set -eux
|
|
||||||
|
|
||||||
thisdir=$(dirname $(readlink -f "$0"))
|
|
||||||
export NEUTRON_ROOT="$thisdir/../../../../../../"
|
|
||||||
export PYTHONPATH=$NEUTRON_ROOT
|
|
||||||
|
|
||||||
cd $NEUTRON_ROOT
|
|
||||||
VERSION=$(sh -c "(cat $NEUTRON_ROOT/neutron/version.py; \
|
|
||||||
echo 'print version_info.release_string()') | \
|
|
||||||
python")
|
|
||||||
cd -
|
|
||||||
|
|
||||||
PACKAGE=openstack-neutron-xen-plugins
|
|
||||||
RPMBUILD_DIR=$PWD/rpmbuild
|
|
||||||
if [ ! -d $RPMBUILD_DIR ]; then
|
|
||||||
echo $RPMBUILD_DIR is missing
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
for dir in BUILD BUILDROOT SRPMS RPMS SOURCES; do
|
|
||||||
rm -rf $RPMBUILD_DIR/$dir
|
|
||||||
mkdir -p $RPMBUILD_DIR/$dir
|
|
||||||
done
|
|
||||||
|
|
||||||
rm -rf /tmp/$PACKAGE
|
|
||||||
mkdir /tmp/$PACKAGE
|
|
||||||
cp -r ../etc/xapi.d /tmp/$PACKAGE
|
|
||||||
tar czf $RPMBUILD_DIR/SOURCES/$PACKAGE.tar.gz -C /tmp $PACKAGE
|
|
||||||
|
|
||||||
rpmbuild -ba --nodeps --define "_topdir $RPMBUILD_DIR" \
|
|
||||||
--define "version $VERSION" \
|
|
||||||
$RPMBUILD_DIR/SPECS/$PACKAGE.spec
|
|
|
@ -1,30 +0,0 @@
|
||||||
Name: openstack-neutron-xen-plugins
|
|
||||||
Version: %{version}
|
|
||||||
Release: 1
|
|
||||||
Summary: Files for XenAPI support.
|
|
||||||
License: ASL 2.0
|
|
||||||
Group: Applications/Utilities
|
|
||||||
Source0: openstack-neutron-xen-plugins.tar.gz
|
|
||||||
BuildArch: noarch
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
||||||
|
|
||||||
%define debug_package %{nil}
|
|
||||||
|
|
||||||
%description
|
|
||||||
This package contains files that are required for XenAPI support for Neutron.
|
|
||||||
|
|
||||||
%prep
|
|
||||||
%setup -q -n openstack-neutron-xen-plugins
|
|
||||||
|
|
||||||
%install
|
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/etc
|
|
||||||
cp -r xapi.d $RPM_BUILD_ROOT/etc
|
|
||||||
chmod a+x $RPM_BUILD_ROOT/etc/xapi.d/plugins/*
|
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
%files
|
|
||||||
%defattr(-,root,root,-)
|
|
||||||
/etc/xapi.d/plugins/*
|
|
|
@ -1,94 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
|
|
||||||
# Copyright 2012 OpenStack Foundation
|
|
||||||
# Copyright 2012 United States Government as represented by the
|
|
||||||
# Administrator of the National Aeronautics and Space Administration.
|
|
||||||
# All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
#
|
|
||||||
# XenAPI plugin for executing network commands (ovs, iptables, etc) on dom0
|
|
||||||
#
|
|
||||||
|
|
||||||
import errno
|
|
||||||
import gettext
|
|
||||||
gettext.install('neutron', unicode=1)
|
|
||||||
try:
|
|
||||||
import json
|
|
||||||
except ImportError:
|
|
||||||
import simplejson as json
|
|
||||||
import subprocess
|
|
||||||
|
|
||||||
import XenAPIPlugin
|
|
||||||
|
|
||||||
|
|
||||||
MSG_UNAUTHORIZED = "Unauthorized command"
|
|
||||||
MSG_NOT_FOUND = "Executable not found"
|
|
||||||
|
|
||||||
ALLOWED_CMDS = [
|
|
||||||
'ip',
|
|
||||||
'ipset',
|
|
||||||
'iptables-save',
|
|
||||||
'iptables-restore',
|
|
||||||
'ip6tables-save',
|
|
||||||
'ip6tables-restore',
|
|
||||||
'sysctl',
|
|
||||||
# NOTE(yamamoto): of_interface=native doesn't use ovs-ofctl
|
|
||||||
'ovs-ofctl',
|
|
||||||
'ovs-vsctl',
|
|
||||||
'ovsdb-client',
|
|
||||||
'conntrack',
|
|
||||||
]
|
|
||||||
|
|
||||||
|
|
||||||
class PluginError(Exception):
|
|
||||||
"""Base Exception class for all plugin errors."""
|
|
||||||
def __init__(self, *args):
|
|
||||||
Exception.__init__(self, *args)
|
|
||||||
|
|
||||||
def _run_command(cmd, cmd_input):
|
|
||||||
"""Abstracts out the basics of issuing system commands. If the command
|
|
||||||
returns anything in stderr, a PluginError is raised with that information.
|
|
||||||
Otherwise, the output from stdout is returned.
|
|
||||||
"""
|
|
||||||
try:
|
|
||||||
pipe = subprocess.PIPE
|
|
||||||
proc = subprocess.Popen(cmd, shell=False, stdin=pipe, stdout=pipe,
|
|
||||||
stderr=pipe, close_fds=True)
|
|
||||||
except OSError, e:
|
|
||||||
if e.errno == errno.ENOENT:
|
|
||||||
raise PluginError(MSG_NOT_FOUND)
|
|
||||||
(out, err) = proc.communicate(cmd_input)
|
|
||||||
return proc.returncode, out, err
|
|
||||||
|
|
||||||
|
|
||||||
def run_command(session, args):
|
|
||||||
cmd = json.loads(args.get('cmd'))
|
|
||||||
if cmd and cmd[0] not in ALLOWED_CMDS:
|
|
||||||
raise PluginError(MSG_UNAUTHORIZED)
|
|
||||||
returncode, out, err = _run_command(
|
|
||||||
cmd, json.loads(args.get('cmd_input', 'null')))
|
|
||||||
if not err:
|
|
||||||
err = ""
|
|
||||||
if not out:
|
|
||||||
out = ""
|
|
||||||
# This runs in Dom0, will return to neutron-ovs-agent in compute node
|
|
||||||
result = {'returncode': returncode,
|
|
||||||
'out': out,
|
|
||||||
'err': err}
|
|
||||||
return json.dumps(result)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
XenAPIPlugin.dispatch({"run_command": run_command})
|
|
|
@ -41,9 +41,12 @@ class AgentUtilsExecuteTest(base.BaseTestCase):
|
||||||
def test_xenapi_root_helper(self):
|
def test_xenapi_root_helper(self):
|
||||||
token = utils.xenapi_root_helper.ROOT_HELPER_DAEMON_TOKEN
|
token = utils.xenapi_root_helper.ROOT_HELPER_DAEMON_TOKEN
|
||||||
self.config(group='AGENT', root_helper_daemon=token)
|
self.config(group='AGENT', root_helper_daemon=token)
|
||||||
cmd_client = utils.RootwrapDaemonHelper.get_client()
|
with mock.patch(
|
||||||
self.assertIsInstance(cmd_client,
|
'neutron.agent.linux.utils.xenapi_root_helper.XenAPIClient')\
|
||||||
utils.xenapi_root_helper.XenAPIClient)
|
as mock_xenapi_class:
|
||||||
|
mock_client = mock_xenapi_class.return_value
|
||||||
|
cmd_client = utils.RootwrapDaemonHelper.get_client()
|
||||||
|
self.assertEqual(cmd_client, mock_client)
|
||||||
|
|
||||||
def test_without_helper(self):
|
def test_without_helper(self):
|
||||||
expected = "%s\n" % self.test_file
|
expected = "%s\n" % self.test_file
|
||||||
|
|
|
@ -25,9 +25,7 @@ class TestXenapiRootHelper(base.BaseTestCase):
|
||||||
def _get_fake_xenapi_client(self):
|
def _get_fake_xenapi_client(self):
|
||||||
class FakeXenapiClient(helper.XenAPIClient):
|
class FakeXenapiClient(helper.XenAPIClient):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(FakeXenapiClient, self).__init__()
|
self._session = mock.MagicMock()
|
||||||
# Mock XenAPI which may not exist in the unit test env.
|
|
||||||
self.XenAPI = mock.MagicMock()
|
|
||||||
|
|
||||||
return FakeXenapiClient()
|
return FakeXenapiClient()
|
||||||
|
|
||||||
|
@ -75,7 +73,7 @@ class TestXenapiRootHelper(base.BaseTestCase):
|
||||||
rc, out, err = xenapi_client.execute(cmd)
|
rc, out, err = xenapi_client.execute(cmd)
|
||||||
|
|
||||||
mock_call_plugin.assert_called_once_with(
|
mock_call_plugin.assert_called_once_with(
|
||||||
'netwrap', 'run_command', expect_cmd_args)
|
'netwrap.py', 'run_command', expect_cmd_args)
|
||||||
self.assertEqual(0, rc)
|
self.assertEqual(0, rc)
|
||||||
self.assertEqual("vif158.2", out)
|
self.assertEqual("vif158.2", out)
|
||||||
self.assertEqual("", err)
|
self.assertEqual("", err)
|
||||||
|
@ -85,9 +83,3 @@ class TestXenapiRootHelper(base.BaseTestCase):
|
||||||
xenapi_client = self._get_fake_xenapi_client()
|
xenapi_client = self._get_fake_xenapi_client()
|
||||||
rc, out, err = xenapi_client.execute(cmd)
|
rc, out, err = xenapi_client.execute(cmd)
|
||||||
self.assertEqual(oslo_rootwrap_cmd.RC_NOCOMMAND, rc)
|
self.assertEqual(oslo_rootwrap_cmd.RC_NOCOMMAND, rc)
|
||||||
|
|
||||||
def test_get_session_except(self):
|
|
||||||
xenapi_client = self._get_fake_xenapi_client()
|
|
||||||
with mock.patch.object(helper.XenAPIClient, "_create_session",
|
|
||||||
side_effect=Exception()):
|
|
||||||
self.assertRaises(SystemExit, xenapi_client.get_session)
|
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
deprecations:
|
||||||
|
- Now that rootwrap daemon mode is supported for XenServer, the
|
||||||
|
``neutron-rootwrap-xen-dom0`` script is deprecated and will be removed
|
||||||
|
in a next release.
|
|
@ -50,3 +50,4 @@ weakrefmethod>=1.0.2;python_version=='2.7' # PSF
|
||||||
|
|
||||||
python-novaclient>=7.1.0 # Apache-2.0
|
python-novaclient>=7.1.0 # Apache-2.0
|
||||||
python-designateclient>=1.5.0 # Apache-2.0
|
python-designateclient>=1.5.0 # Apache-2.0
|
||||||
|
os-xenapi>=0.1.1 # Apache-2.0
|
||||||
|
|
Loading…
Reference in New Issue