openstack/nova
Code Issues Proposed changes

Merge "Move xend existence probes to privsep."

Browse Source
This commit is contained in:
Zuul 2017-10-23 15:04:33 +00:00 committed by Gerrit Code Review
commit a067f8c646
5 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/nova/rootwrap.d/compute.filters
View File

@ -188,8 +188,5 @@ cp: CommandFilter, cp, root
# nova/virt/xenapi/vm_utils.py: # nova/virt/xenapi/vm_utils.py:
sync: CommandFilter, sync, root sync: CommandFilter, sync, root
# nova/virt/libvirt/utils.py: 'xend', 'status'
xend: CommandFilter, xend, root
# nova/virt/libvirt/volume/vzstorage.py # nova/virt/libvirt/volume/vzstorage.py
pstorage-mount: CommandFilter, pstorage-mount, root pstorage-mount: CommandFilter, pstorage-mount, root

5
nova/privsep/libvirt.py
View File

@ -210,3 +210,8 @@ def readpty(path):
LOG.info(_('Ignored error while reading from instance console ' LOG.info(_('Ignored error while reading from instance console '
'pty: %s'), e) 'pty: %s'), e)
return '' return ''
@nova.privsep.sys_admin_pctxt.entrypoint
def xend_probe():
processutils.execute('xend', 'status', check_exit_code=True)

23
nova/tests/unit/virt/libvirt/test_utils.py
View File

@ -403,10 +403,11 @@ ID TAG VM SIZE DATE VM CLOCK
is_block_dev) is_block_dev)
self.assertEqual(result, expected_result) self.assertEqual(result, expected_result)
@mock.patch('nova.privsep.libvirt.xend_probe')
@mock.patch('nova.utils.execute') @mock.patch('nova.utils.execute')
def test_pick_disk_driver_name_xen(self, mock_execute): def test_pick_disk_driver_name_xen(self, mock_execute, mock_xend_probe):
def side_effect(*args, **kwargs): def execute_side_effect(*args, **kwargs):
if args == ('tap-ctl', 'check'): if args == ('tap-ctl', 'check'):
if mock_execute.blktap is True: if mock_execute.blktap is True:
return ('ok\n', '') return ('ok\n', '')
@ -414,15 +415,17 @@ ID TAG VM SIZE DATE VM CLOCK
return ('some error\n', '') return ('some error\n', '')
else: else:
raise OSError(2, "No such file or directory") raise OSError(2, "No such file or directory")
elif args == ('xend', 'status'):
if mock_execute.xend is True:
return ('', '')
elif mock_execute.xend is False:
raise processutils.ProcessExecutionError("error")
else:
raise OSError(2, "No such file or directory")
raise Exception('Unexpected call') raise Exception('Unexpected call')
mock_execute.side_effect = side_effect mock_execute.side_effect = execute_side_effect
def xend_probe_side_effect():
if mock_execute.xend is True:
return ('', '')
elif mock_execute.xend is False:
raise processutils.ProcessExecutionError("error")
else:
raise OSError(2, "No such file or directory")
mock_xend_probe.side_effect = xend_probe_side_effect
self.flags(virt_type="xen", group='libvirt') self.flags(virt_type="xen", group='libvirt')
versions = [4000000, 4001000, 4002000, 4003000, 4005000] versions = [4000000, 4001000, 4002000, 4003000, 4005000]

3
nova/virt/libvirt/utils.py
View File

@ -129,8 +129,7 @@ def pick_disk_driver_name(hypervisor_version, is_block_dev=False):
# 4002000 == 4.2.0 # 4002000 == 4.2.0
if hypervisor_version >= 4002000: if hypervisor_version >= 4002000:
try: try:
utils.execute('xend', 'status', nova.privsep.libvirt.xend_probe()
run_as_root=True, check_exit_code=True)
except OSError as exc: except OSError as exc:
if exc.errno == errno.ENOENT: if exc.errno == errno.ENOENT:
LOG.debug("xend is not found") LOG.debug("xend is not found")

3
releasenotes/notes/privsep-queens-rootwrap-adds-907aa1bc8e3eb2ca.yaml
View File

@ -8,4 +8,5 @@ upgrade:
- | - |
The following commands are no longer required to be listed in your rootwrap The following commands are no longer required to be listed in your rootwrap
configuration: cat; chown; cryptsetup; dd; lvcreate; lvremove; lvs; mkdir; configuration: cat; chown; cryptsetup; dd; lvcreate; lvremove; lvs; mkdir;
mount; ploop; prl_disk_tool; readlink; shred; tee; touch; umount; and vgs. mount; ploop; prl_disk_tool; readlink; shred; tee; touch; umount; vgs;
and xend.