Adding sudo permissions to SSH Driver commands
Added 'sudo' to 'rm', 'mkdir', and 'kill' commands throughout the driver. Co-Authored-By: Brandon Logan <brandon.logan@rackspace.com> Change-Id: Id53490b50ff122b7a95ba5b0182714ab918a4705
This commit is contained in:
Trevor Vardeman
Brandon Logan
parent
0b7f10c84c
commit
0a8f3de403
|
|
@ -65,13 +65,13 @@ class HaproxyManager(driver_base.AmphoraLoadBalancerDriver):
|
||||||
|
|
||||||
# Build a list of commands to send to the exec method
|
# Build a list of commands to send to the exec method
|
||||||
commands = ['chmod 600 {0}/haproxy.cfg'.format(conf_path),
|
commands = ['chmod 600 {0}/haproxy.cfg'.format(conf_path),
|
||||||
'sudo haproxy -f {0}/haproxy.cfg -p {0}/{1}.pid -sf '
|
'haproxy -f {0}/haproxy.cfg -p {0}/{1}.pid -sf '
|
||||||
'$(cat {0}/{1}.pid)'.format(conf_path, listener.id)]
|
'$(cat {0}/{1}.pid)'.format(conf_path, listener.id)]
|
||||||
|
|
||||||
# Exec appropriate commands on all amphorae
|
# Exec appropriate commands on all amphorae
|
||||||
self._exec_on_amphorae(
|
self._exec_on_amphorae(
|
||||||
listener.load_balancer.amphorae, commands,
|
listener.load_balancer.amphorae, commands,
|
||||||
make_dir='mkdir -p {0}'.format(conf_path), data=[config],
|
make_dir=conf_path, data=[config],
|
||||||
upload_dir='{0}/haproxy.cfg'.format(conf_path))
|
upload_dir='{0}/haproxy.cfg'.format(conf_path))
|
||||||
|
|
||||||
def stop(self, listener, vip):
|
def stop(self, listener, vip):
|
||||||
|
|
@ -105,7 +105,7 @@ class HaproxyManager(driver_base.AmphoraLoadBalancerDriver):
|
||||||
|
|
||||||
# Define commands to execute on the amphorae
|
# Define commands to execute on the amphorae
|
||||||
commands = [
|
commands = [
|
||||||
'sudo haproxy -f {0}/{1}/haproxy.cfg -p {0}/{1}/{1}.pid'.format(
|
'haproxy -f {0}/{1}/haproxy.cfg -p {0}/{1}/{1}.pid'.format(
|
||||||
self.amp_config.base_path, listener.id)]
|
self.amp_config.base_path, listener.id)]
|
||||||
|
|
||||||
# Exec appropriate commands on all amphorae
|
# Exec appropriate commands on all amphorae
|
||||||
|
|
@ -136,12 +136,12 @@ class HaproxyManager(driver_base.AmphoraLoadBalancerDriver):
|
||||||
self._connect(hostname=amp.lb_network_ip)
|
self._connect(hostname=amp.lb_network_ip)
|
||||||
|
|
||||||
stdout, _ = self._execute_command(
|
stdout, _ = self._execute_command(
|
||||||
"ip link | grep DOWN -m 1 | awk '{print $2}'",
|
"ip link | grep DOWN -m 1 | awk '{print $2}'")
|
||||||
run_as_root=False)
|
|
||||||
iface = stdout[:-2]
|
iface = stdout[:-2]
|
||||||
if not iface:
|
if not iface:
|
||||||
self.client.close()
|
self.client.close()
|
||||||
continue
|
continue
|
||||||
|
|
||||||
vip = load_balancer.vip.ip_address
|
vip = load_balancer.vip.ip_address
|
||||||
sections = vip.split('.')[:3]
|
sections = vip.split('.')[:3]
|
||||||
sections.append('255')
|
sections.append('255')
|
||||||
|
|
@ -151,25 +151,25 @@ class HaproxyManager(driver_base.AmphoraLoadBalancerDriver):
|
||||||
"address {1}\nbroadcast {2}\nnetmask {3}\" "
|
"address {1}\nbroadcast {2}\nnetmask {3}\" "
|
||||||
">> /etc/network/interfaces'".format(
|
">> /etc/network/interfaces'".format(
|
||||||
iface, vip, broadcast, '255.255.255.0'))
|
iface, vip, broadcast, '255.255.255.0'))
|
||||||
self._execute_command(command)
|
self._execute_command(command, run_as_root=True)
|
||||||
# sanity ifdown for interface
|
# sanity ifdown for interface
|
||||||
command = "ifdown {0}".format(iface)
|
command = "ifdown {0}".format(iface)
|
||||||
self._execute_command(command)
|
self._execute_command(command, run_as_root=True)
|
||||||
# sanity ifdown for static ip
|
# sanity ifdown for static ip
|
||||||
command = "ifdown {0}:0".format(iface)
|
command = "ifdown {0}:0".format(iface)
|
||||||
self._execute_command(command)
|
self._execute_command(command, run_as_root=True)
|
||||||
# ifup for interface
|
# ifup for interface
|
||||||
command = "ifup {0}".format(iface)
|
command = "ifup {0}".format(iface)
|
||||||
self._execute_command(command)
|
self._execute_command(command, run_as_root=True)
|
||||||
# ifup for static ip
|
# ifup for static ip
|
||||||
command = "ifup {0}:0".format(iface)
|
command = "ifup {0}:0".format(iface)
|
||||||
self._execute_command(command)
|
self._execute_command(command, run_as_root=True)
|
||||||
self.client.close()
|
self.client.close()
|
||||||
|
|
||||||
def post_network_plug(self, amphora):
|
def post_network_plug(self, amphora):
|
||||||
self._connect(hostname=amphora.lb_network_ip)
|
self._connect(hostname=amphora.lb_network_ip)
|
||||||
stdout, _ = self._execute_command(
|
stdout, _ = self._execute_command(
|
||||||
"ip link | grep DOWN -m 1 | awk '{print $2}'", run_as_root=False)
|
"ip link | grep DOWN -m 1 | awk '{print $2}'")
|
||||||
iface = stdout[:-2]
|
iface = stdout[:-2]
|
||||||
if not iface:
|
if not iface:
|
||||||
self.client.close()
|
self.client.close()
|
||||||
|
|
@ -177,16 +177,16 @@ class HaproxyManager(driver_base.AmphoraLoadBalancerDriver):
|
||||||
# make interface come up on boot
|
# make interface come up on boot
|
||||||
command = ("sh -c 'echo \"\nauto {0}\niface {0} inet dhcp\" "
|
command = ("sh -c 'echo \"\nauto {0}\niface {0} inet dhcp\" "
|
||||||
">> /etc/network/interfaces'".format(iface))
|
">> /etc/network/interfaces'".format(iface))
|
||||||
self._execute_command(command)
|
self._execute_command(command, run_as_root=True)
|
||||||
# ifdown for sanity
|
# ifdown for sanity
|
||||||
command = "ifdown {0}".format(iface)
|
command = "ifdown {0}".format(iface)
|
||||||
self._execute_command(command)
|
self._execute_command(command, run_as_root=True)
|
||||||
# ifup to bring it up
|
# ifup to bring it up
|
||||||
command = "ifup {0}".format(iface)
|
command = "ifup {0}".format(iface)
|
||||||
self._execute_command(command)
|
self._execute_command(command, run_as_root=True)
|
||||||
self.client.close()
|
self.client.close()
|
||||||
|
|
||||||
def _execute_command(self, command, run_as_root=True):
|
def _execute_command(self, command, run_as_root=False):
|
||||||
if run_as_root:
|
if run_as_root:
|
||||||
command = "sudo {0}".format(command)
|
command = "sudo {0}".format(command)
|
||||||
_, stdout, stderr = self.client.exec_command(command)
|
_, stdout, stderr = self.client.exec_command(command)
|
||||||
|
|
@ -238,10 +238,10 @@ class HaproxyManager(driver_base.AmphoraLoadBalancerDriver):
|
||||||
data.append(self._build_pem(bbq_container))
|
data.append(self._build_pem(bbq_container))
|
||||||
|
|
||||||
if data:
|
if data:
|
||||||
self._exec_on_amphorae(listener.load_balancer.amphorae,
|
self._exec_on_amphorae(
|
||||||
['chmod 600 {0}/*.pem'.format(cert_dir)],
|
listener.load_balancer.amphorae, [
|
||||||
make_dir=cert_dir, data=data,
|
'chmod 600 {0}/*.pem'.format(cert_dir)],
|
||||||
upload_dir=cert_dir)
|
make_dir=cert_dir, data=data, upload_dir=cert_dir)
|
||||||
|
|
||||||
return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
|
return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
|
||||||
|
|
||||||
|
|
@ -284,7 +284,11 @@ class HaproxyManager(driver_base.AmphoraLoadBalancerDriver):
|
||||||
|
|
||||||
# Setup for file upload
|
# Setup for file upload
|
||||||
if make_dir:
|
if make_dir:
|
||||||
self.client.exec_command(make_dir)
|
mkdir_cmd = 'mkdir -p {0}'.format(make_dir)
|
||||||
|
self._execute_command(mkdir_cmd, run_as_root=True)
|
||||||
|
chown_cmd = 'chown -R {0} {1}'.format(
|
||||||
|
self.amp_config.username, make_dir)
|
||||||
|
self._execute_command(chown_cmd, run_as_root=True)
|
||||||
|
|
||||||
# Upload files to location
|
# Upload files to location
|
||||||
if temps:
|
if temps:
|
||||||
|
|
@ -294,7 +298,7 @@ class HaproxyManager(driver_base.AmphoraLoadBalancerDriver):
|
||||||
|
|
||||||
# Execute remaining commands
|
# Execute remaining commands
|
||||||
for command in commands:
|
for command in commands:
|
||||||
self.client.exec_command(command)
|
self._execute_command(command, run_as_root=True)
|
||||||
self.client.close()
|
self.client.close()
|
||||||
|
|
||||||
# Close the temp file
|
# Close the temp file
|
||||||
|
|
|
||||||
|
|
@ -41,12 +41,10 @@ class TestSshDriver(base.TestCase):
|
||||||
self.driver.barbican_client = mock.Mock(
|
self.driver.barbican_client = mock.Mock(
|
||||||
spec=barbican.BarbicanCertManager)
|
spec=barbican.BarbicanCertManager)
|
||||||
self.driver.client = mock.Mock(spec=paramiko.SSHClient)
|
self.driver.client = mock.Mock(spec=paramiko.SSHClient)
|
||||||
|
self.driver.client.exec_command.return_value = (
|
||||||
|
mock.Mock(), mock.Mock(), mock.Mock())
|
||||||
self.driver.amp_config = mock.MagicMock()
|
self.driver.amp_config = mock.MagicMock()
|
||||||
|
|
||||||
def test_get_logger(self):
|
|
||||||
self.skip('Will complete later')
|
|
||||||
self.assertEqual(LOG, self.driver.get_logger)
|
|
||||||
|
|
||||||
def test_update(self):
|
def test_update(self):
|
||||||
with mock.patch.object(
|
with mock.patch.object(
|
||||||
self.driver, '_process_tls_certificates') as process_tls_patch:
|
self.driver, '_process_tls_certificates') as process_tls_patch:
|
||||||
|
|
@ -71,12 +69,11 @@ class TestSshDriver(base.TestCase):
|
||||||
build_conf.assert_called_once_with(
|
build_conf.assert_called_once_with(
|
||||||
listener, listener.default_tls_container,
|
listener, listener.default_tls_container,
|
||||||
listener.sni_containers)
|
listener.sni_containers)
|
||||||
self.driver.client.connect(
|
self.driver.client.connect.assert_called_once()
|
||||||
mock.ANY, mock.ANY).assert_called_once()
|
|
||||||
self.driver.client.open_sftp().assert_called_once()
|
self.driver.client.open_sftp().assert_called_once()
|
||||||
self.driver.client.open_sftp().put().assert_called_once()
|
self.driver.client.open_sftp().put().assert_called_once()
|
||||||
self.driver.client.exec_command(mock.ANY).assert_called_once()
|
self.driver.client.exec_command.assert_called_once()
|
||||||
self.driver.client.close().assert_called_once()
|
self.driver.client.close.assert_called_once()
|
||||||
|
|
||||||
def test_stop(self):
|
def test_stop(self):
|
||||||
# Build sample Listener and VIP configs
|
# Build sample Listener and VIP configs
|
||||||
|
|
@ -86,9 +83,9 @@ class TestSshDriver(base.TestCase):
|
||||||
|
|
||||||
# Execute driver method
|
# Execute driver method
|
||||||
self.driver.start(listener, vip)
|
self.driver.start(listener, vip)
|
||||||
self.driver.client.connect(mock.ANY).assert_called_once()
|
self.driver.client.connect.assert_called_once()
|
||||||
self.driver.client.exec_command(mock.ANY).assert_called_once()
|
self.driver.client.exec_command.assert_called_once()
|
||||||
self.driver.client.close().assert_called_once()
|
self.driver.client.close.assert_called_once()
|
||||||
|
|
||||||
def test_start(self):
|
def test_start(self):
|
||||||
# Build sample Listener and VIP configs
|
# Build sample Listener and VIP configs
|
||||||
|
|
@ -98,9 +95,9 @@ class TestSshDriver(base.TestCase):
|
||||||
|
|
||||||
# Execute driver method
|
# Execute driver method
|
||||||
self.driver.start(listener, vip)
|
self.driver.start(listener, vip)
|
||||||
self.driver.client.connect(mock.ANY).assert_called_once()
|
self.driver.client.connect.assert_called_once()
|
||||||
self.driver.client.exec_command(mock.ANY).assert_called_once()
|
self.driver.client.exec_command.assert_called_once()
|
||||||
self.driver.client.close().assert_called_once()
|
self.driver.client.close.assert_called_once()
|
||||||
|
|
||||||
def test_delete(self):
|
def test_delete(self):
|
||||||
# Build sample Listener and VIP configs
|
# Build sample Listener and VIP configs
|
||||||
|
|
@ -112,9 +109,9 @@ class TestSshDriver(base.TestCase):
|
||||||
self.driver.delete(listener, vip)
|
self.driver.delete(listener, vip)
|
||||||
|
|
||||||
# Verify call
|
# Verify call
|
||||||
self.driver.client.connect(mock.ANY, mock.ANY).assert_called_once()
|
self.driver.client.connect.assert_called_once()
|
||||||
self.driver.client.exec_command(mock.ANY).assert_called_once()
|
self.driver.client.exec_command.assert_called_once()
|
||||||
self.driver.client.close().assert_called_once()
|
self.driver.client.close.assert_called_once()
|
||||||
|
|
||||||
def test_get_info(self):
|
def test_get_info(self):
|
||||||
pass
|
pass
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue