Beispiel #1
0
 def unget_dev(self):
     if not self.linked:
         return
     utils.execute('qemu-nbd', '-d', self.device, run_as_root=True)
     self._free_nbd(self.device)
     self.linked = False
     self.device = None
Beispiel #2
0
def chown(path, owner):
    """Change ownership of file or directory

    :param path: File or directory whose ownership to change
    :param owner: Desired new owner (given as uid or username)
    """
    utils.execute("chown", owner, path, run_as_root=True)
Beispiel #3
0
 def test_check_exit_code_boolean(self):
     utils.execute('/usr/bin/env', 'false', check_exit_code=False)
     self.assertRaises(exception.ProcessExecutionError,
                       utils.execute,
                       '/usr/bin/env',
                       'false',
                       check_exit_code=True)
Beispiel #4
0
 def unmnt_dev(self):
     if not self.mounted:
         return
     # root users don't need a specific unmnt_dev()
     # but ordinary users do
     utils.execute('fusermount', '-u', self.mount_dir, run_as_root=True)
     self.mounted = False
Beispiel #5
0
 def unmap_dev(self):
     """Remove partitions of the device from the file system namespace."""
     if not self.mapped:
         return
     if self.partition:
         utils.execute('kpartx', '-d', self.device, run_as_root=True)
     self.mapped = False
Beispiel #6
0
def chown(path, owner):
    """Change ownership of file or directory

    :param path: File or directory whose ownership to change
    :param owner: Desired new owner (given as uid or username)
    """
    utils.execute('chown', owner, path, run_as_root=True)
Beispiel #7
0
 def unget_dev(self):
     if not self.linked:
         return
     utils.execute('qemu-nbd', '-d', self.device, run_as_root=True)
     self._free_nbd(self.device)
     self.linked = False
     self.device = None
Beispiel #8
0
 def unmap_dev(self):
     """Remove partitions of the device from the file system namespace."""
     if not self.mapped:
         return
     if self.partition:
         utils.execute('kpartx', '-d', self.device, run_as_root=True)
     self.mapped = False
Beispiel #9
0
    def _decrypt_image(encrypted_filename, encrypted_key, encrypted_iv,
                       cloud_private_key, decrypted_filename):
        key, err = utils.execute('openssl',
                                 'rsautl',
                                 '-decrypt',
                                 '-inkey', '%s' % cloud_private_key,
                                 process_input=encrypted_key,
                                 check_exit_code=False)
        if err:
            raise exception.Error(_('Failed to decrypt private key: %s')
                                  % err)
        iv, err = utils.execute('openssl',
                                'rsautl',
                                '-decrypt',
                                '-inkey', '%s' % cloud_private_key,
                                process_input=encrypted_iv,
                                check_exit_code=False)
        if err:
            raise exception.Error(_('Failed to decrypt initialization '
                                    'vector: %s') % err)

        _out, err = utils.execute('openssl', 'enc',
                                  '-d', '-aes-128-cbc',
                                  '-in', '%s' % (encrypted_filename,),
                                  '-K', '%s' % (key,),
                                  '-iv', '%s' % (iv,),
                                  '-out', '%s' % (decrypted_filename,),
                                  check_exit_code=False)
        if err:
            raise exception.Error(_('Failed to decrypt image file '
                                    '%(image_file)s: %(err)s') %
                                    {'image_file': encrypted_filename,
                                     'err': err})
Beispiel #10
0
 def unmnt_dev(self):
     if not self.mounted:
         return
     # root users don't need a specific unmnt_dev()
     # but ordinary users do
     utils.execute('fusermount', '-u', self.mount_dir, run_as_root=True)
     self.mounted = False
Beispiel #11
0
def _inject_metadata_into_fs(metadata, fs, execute=None):
    metadata_path = os.path.join(fs, "meta.js")
    metadata = dict([(m.key, m.value) for m in metadata])

    utils.execute('tee',
                  metadata_path,
                  process_input=json.dumps(metadata),
                  run_as_root=True)
Beispiel #12
0
 def _xvp_start(self):
     if self._xvp_check_running():
         return
     logging.debug(_('Starting xvp'))
     try:
         utils.execute('xvp', '-p', FLAGS.console_xvp_pid, '-c',
                       FLAGS.console_xvp_conf, '-l', FLAGS.console_xvp_log)
     except exception.ProcessExecutionError, err:
         logging.error(_('Error starting xvp: %s') % err)
Beispiel #13
0
 def _xvp_start(self):
     if self._xvp_check_running():
         return
     logging.debug(_('Starting xvp'))
     try:
         utils.execute('xvp',
                       '-p', FLAGS.console_xvp_pid,
                       '-c', FLAGS.console_xvp_conf,
                       '-l', FLAGS.console_xvp_log)
     except exception.ProcessExecutionError, err:
         logging.error(_('Error starting xvp: %s') % err)
Beispiel #14
0
 def unplug(self, instance, network, mapping):
     """Unplug the VIF from the network by deleting the port from
     the bridge."""
     dev = self.get_dev_name(mapping['vif_uuid'])
     try:
         utils.execute('ovs-vsctl', 'del-port',
                       FLAGS.libvirt_ovs_bridge, dev, run_as_root=True)
         utils.execute('ip', 'link', 'delete', dev, run_as_root=True)
     except exception.ProcessExecutionError:
         LOG.warning(_("Failed while unplugging vif of instance '%s'"),
                     instance['name'])
         raise
Beispiel #15
0
    def plug(self, instance, network, mapping):
        iface_id = mapping['vif_uuid']
        dev = self.get_dev_name(iface_id)
        if not linux_net._device_exists(dev):
            # Older version of the command 'ip' from the iproute2 package
            # don't have support for the tuntap option (lp:882568).  If it
            # turns out we're on an old version we work around this by using
            # tunctl.
            try:
                # First, try with 'ip'
                utils.execute('ip', 'tuntap', 'add', dev, 'mode', 'tap',
                          run_as_root=True)
            except exception.ProcessExecutionError:
                # Second option: tunctl
                utils.execute('tunctl', '-b', '-t', dev, run_as_root=True)
            utils.execute('ip', 'link', 'set', dev, 'up', run_as_root=True)
        utils.execute('ovs-vsctl', '--', '--may-exist', 'add-port',
                FLAGS.libvirt_ovs_bridge, dev,
                '--', 'set', 'Interface', dev,
                "external-ids:iface-id=%s" % iface_id,
                '--', 'set', 'Interface', dev,
                "external-ids:iface-status=active",
                '--', 'set', 'Interface', dev,
                "external-ids:attached-mac=%s" % mapping['mac'],
                run_as_root=True)

        result = {
            'script': '',
            'name': dev,
            'mac_address': mapping['mac']}
        return result
Beispiel #16
0
 def unplug(self, instance, network, mapping):
     """Unplug the VIF from the network by deleting the port from
     the bridge."""
     dev = self.get_dev_name(mapping['vif_uuid'])
     try:
         utils.execute('ovs-vsctl',
                       'del-port',
                       FLAGS.libvirt_ovs_bridge,
                       dev,
                       run_as_root=True)
         utils.execute('ip', 'link', 'delete', dev, run_as_root=True)
     except exception.ProcessExecutionError:
         LOG.warning(_("Failed while unplugging vif of instance '%s'"),
                     instance['name'])
         raise
Beispiel #17
0
 def _execute(self, *cmd, **kwargs):
     if self.run_local:
         return utils.execute(*cmd, **kwargs)
     else:
         check_exit_code = kwargs.pop('check_exit_code', None)
         command = ' '.join(*cmd)
         return self._run_ssh(command, check_exit_code)
Beispiel #18
0
 def _execute(self, *cmd, **kwargs):
     if self.run_local:
         return utils.execute(*cmd, **kwargs)
     else:
         check_exit_code = kwargs.pop('check_exit_code', None)
         command = ' '.join(*cmd)
         return self._run_ssh(command, check_exit_code)
Beispiel #19
0
    def _xvp_encrypt(self, password, is_pool_password=False):
        """Call xvp to obfuscate passwords for config file.

        Args:
            - password: the password to encode, max 8 char for vm passwords,
                        and 16 chars for pool passwords. passwords will
                        be trimmed to max len before encoding.
            - is_pool_password: True if this this is the XenServer api password
                                False if it's a VM console password
              (xvp uses different keys and max lengths for pool passwords)

        Note that xvp's obfuscation should not be considered 'real' encryption.
        It simply DES encrypts the passwords with static keys plainly viewable
        in the xvp source code.

        """
        maxlen = 8
        flag = '-e'
        if is_pool_password:
            maxlen = 16
            flag = '-x'
        #xvp will blow up on passwords that are too long (mdragon)
        password = password[:maxlen]
        out, err = utils.execute('xvp', flag, process_input=password)
        return out.strip()
Beispiel #20
0
    def _xvp_encrypt(self, password, is_pool_password=False):
        """Call xvp to obfuscate passwords for config file.

        Args:
            - password: the password to encode, max 8 char for vm passwords,
                        and 16 chars for pool passwords. passwords will
                        be trimmed to max len before encoding.
            - is_pool_password: True if this this is the XenServer api password
                                False if it's a VM console password
              (xvp uses different keys and max lengths for pool passwords)

        Note that xvp's obfuscation should not be considered 'real' encryption.
        It simply DES encrypts the passwords with static keys plainly viewable
        in the xvp source code.

        """
        maxlen = 8
        flag = '-e'
        if is_pool_password:
            maxlen = 16
            flag = '-x'
        #xvp will blow up on passwords that are too long (mdragon)
        password = password[:maxlen]
        out, err = utils.execute('xvp', flag, process_input=password)
        return out.strip()
Beispiel #21
0
def _execute(*cmd, **kwargs):
    """Wrapper around utils._execute for fake_network."""
    if FLAGS.fake_network:
        LOG.debug('FAKE NET: %s', ' '.join(map(str, cmd)))
        return 'fake', 0
    else:
        return utils.execute(*cmd, **kwargs)
Beispiel #22
0
def _inject_net_into_fs(net, fs, execute=None):
    """Inject /etc/network/interfaces into the filesystem rooted at fs.

    net is the contents of /etc/network/interfaces.
    """
    netdir = os.path.join(os.path.join(fs, 'etc'), 'network')
    utils.execute('mkdir', '-p', netdir, run_as_root=True)
    utils.execute('chown', 'root:root', netdir, run_as_root=True)
    utils.execute('chmod', 755, netdir, run_as_root=True)
    netfile = os.path.join(netdir, 'interfaces')
    utils.execute('tee', netfile, process_input=net, run_as_root=True)
Beispiel #23
0
    def _decrypt_image(encrypted_filename, encrypted_key, encrypted_iv, cloud_private_key, decrypted_filename):
        key, err = utils.execute(
            "openssl",
            "rsautl",
            "-decrypt",
            "-inkey",
            "%s" % cloud_private_key,
            process_input=encrypted_key,
            check_exit_code=False,
        )
        if err:
            raise exception.Error(_("Failed to decrypt private key: %s") % err)
        iv, err = utils.execute(
            "openssl",
            "rsautl",
            "-decrypt",
            "-inkey",
            "%s" % cloud_private_key,
            process_input=encrypted_iv,
            check_exit_code=False,
        )
        if err:
            raise exception.Error(_("Failed to decrypt initialization " "vector: %s") % err)

        _out, err = utils.execute(
            "openssl",
            "enc",
            "-d",
            "-aes-128-cbc",
            "-in",
            "%s" % (encrypted_filename,),
            "-K",
            "%s" % (key,),
            "-iv",
            "%s" % (iv,),
            "-out",
            "%s" % (decrypted_filename,),
            check_exit_code=False,
        )
        if err:
            raise exception.Error(
                _("Failed to decrypt image file " "%(image_file)s: %(err)s")
                % {"image_file": encrypted_filename, "err": err}
            )
Beispiel #24
0
def _inject_net_into_fs(net, fs, execute=None):
    """Inject /etc/network/interfaces into the filesystem rooted at fs.

    net is the contents of /etc/network/interfaces.
    """
    netdir = os.path.join(os.path.join(fs, 'etc'), 'network')
    utils.execute('mkdir', '-p', netdir, run_as_root=True)
    utils.execute('chown', 'root:root', netdir, run_as_root=True)
    utils.execute('chmod', 755, netdir, run_as_root=True)
    netfile = os.path.join(netdir, 'interfaces')
    utils.execute('tee', netfile, process_input=net, run_as_root=True)
Beispiel #25
0
 def _run_iscsiadm(self, iscsi_properties, iscsi_command, **kwargs):
     check_exit_code = kwargs.pop('check_exit_code', 0)
     (out, err) = utils.execute('iscsiadm', '-m', 'node', '-T',
                                iscsi_properties['target_iqn'],
                                '-p', iscsi_properties['target_portal'],
                                *iscsi_command, run_as_root=True,
                                check_exit_code=check_exit_code)
     LOG.debug("iscsiadm %s: stdout=%s stderr=%s" %
               (iscsi_command, out, err))
     return (out, err)
Beispiel #26
0
def fetch_to_raw(context, image_href, path, user_id, project_id):
    path_tmp = "%s.part" % path
    metadata = fetch(context, image_href, path_tmp, user_id, project_id)

    def _qemu_img_info(path):

        out, err = utils.execute('env', 'LC_ALL=C', 'LANG=C',
            'qemu-img', 'info', path)

        # output of qemu-img is 'field: value'
        # the fields of interest are 'file format' and 'backing file'
        data = {}
        for line in out.splitlines():
            (field, val) = line.split(':', 1)
            if val[0] == " ":
                val = val[1:]
            data[field] = val

        return(data)

    data = _qemu_img_info(path_tmp)

    fmt = data.get("file format", None)
    if fmt is None:
        os.unlink(path_tmp)
        raise exception.ImageUnacceptable(
            reason=_("'qemu-img info' parsing failed."), image_id=image_href)

    if fmt != "raw":
        staged = "%s.converted" % path
        if "backing file" in data:
            backing_file = data['backing file']
            os.unlink(path_tmp)
            raise exception.ImageUnacceptable(image_id=image_href,
                reason=_("fmt=%(fmt)s backed by: %(backing_file)s") % locals())

        LOG.debug("%s was %s, converting to raw" % (image_href, fmt))
        out, err = utils.execute('qemu-img', 'convert', '-O', 'raw',
                                 path_tmp, staged)
        os.unlink(path_tmp)

        data = _qemu_img_info(staged)
        if data.get('file format', None) != "raw":
            os.unlink(staged)
            raise exception.ImageUnacceptable(image_id=image_href,
                reason=_("Converted to raw, but format is now %s") %
                data.get('file format', None))

        os.rename(staged, path)

    else:
        os.rename(path_tmp, path)

    return metadata
Beispiel #27
0
def _inject_key_into_fs(key, fs, execute=None):
    """Add the given public ssh key to root's authorized_keys.

    key is an ssh key string.
    fs is the path to the base of the filesystem into which to inject the key.
    """
    sshdir = os.path.join(fs, 'root', '.ssh')
    utils.execute('mkdir', '-p', sshdir, run_as_root=True)
    utils.execute('chown', 'root', sshdir, run_as_root=True)
    utils.execute('chmod', '700', sshdir, run_as_root=True)
    keyfile = os.path.join(sshdir, 'authorized_keys')
    utils.execute('tee', '-a', keyfile,
                  process_input='\n' + key.strip() + '\n', run_as_root=True)
Beispiel #28
0
    def test_no_retry_on_success(self):
        fd, tmpfilename = tempfile.mkstemp()
        _, tmpfilename2 = tempfile.mkstemp()
        try:
            fp = os.fdopen(fd, 'w+')
            fp.write('''#!/bin/sh
# If we've already run, bail out.
grep -q foo "$1" && exit 1
# Mark that we've run before.
echo foo > "$1"
# Check that stdin gets passed correctly.
grep foo
''')
            fp.close()
            os.chmod(tmpfilename, 0755)
            utils.execute(tmpfilename,
                          tmpfilename2,
                          process_input='foo',
                          attempts=2)
        finally:
            os.unlink(tmpfilename)
            os.unlink(tmpfilename2)
    def test_no_retry_on_success(self):
        fd, tmpfilename = tempfile.mkstemp()
        _, tmpfilename2 = tempfile.mkstemp()
        try:
            fp = os.fdopen(fd, 'w+')
            fp.write('''#!/bin/sh
# If we've already run, bail out.
grep -q foo "$1" && exit 1
# Mark that we've run before.
echo foo > "$1"
# Check that stdin gets passed correctly.
grep foo
''')
            fp.close()
            os.chmod(tmpfilename, 0755)
            utils.execute(tmpfilename,
                          tmpfilename2,
                          process_input='foo',
                          attempts=2)
        finally:
            os.unlink(tmpfilename)
            os.unlink(tmpfilename2)
Beispiel #30
0
def _inject_key_into_fs(key, fs, execute=None):
    """Add the given public ssh key to root's authorized_keys.

    key is an ssh key string.
    fs is the path to the base of the filesystem into which to inject the key.
    """
    sshdir = os.path.join(fs, 'root', '.ssh')
    utils.execute('mkdir', '-p', sshdir, run_as_root=True)
    utils.execute('chown', 'root', sshdir, run_as_root=True)
    utils.execute('chmod', '700', sshdir, run_as_root=True)
    keyfile = os.path.join(sshdir, 'authorized_keys')
    utils.execute('tee',
                  '-a',
                  keyfile,
                  process_input='\n' + key.strip() + '\n',
                  run_as_root=True)
Beispiel #31
0
def extend(image, size):
    """Increase image to size"""
    file_size = os.path.getsize(image)
    if file_size >= size:
        return
    utils.execute('qemu-img', 'resize', image, size)
    # NOTE(vish): attempts to resize filesystem
    utils.execute('e2fsck', '-fp', image, check_exit_code=False)
    utils.execute('resize2fs', image, check_exit_code=False)
Beispiel #32
0
def extend(image, size):
    """Increase image to size"""
    file_size = os.path.getsize(image)
    if file_size >= size:
        return
    utils.execute('qemu-img', 'resize', image, size)
    # NOTE(vish): attempts to resize filesystem
    utils.execute('e2fsck', '-fp', image, check_exit_code=False)
    utils.execute('resize2fs', image, check_exit_code=False)
Beispiel #33
0
    def _qemu_img_info(path):

        out, err = utils.execute('env', 'LC_ALL=C', 'LANG=C',
            'qemu-img', 'info', path)

        # output of qemu-img is 'field: value'
        # the fields of interest are 'file format' and 'backing file'
        data = {}
        for line in out.splitlines():
            (field, val) = line.split(':', 1)
            if val[0] == " ":
                val = val[1:]
            data[field] = val

        return(data)
Beispiel #34
0
 def _run_iscsiadm(self, iscsi_properties, iscsi_command, **kwargs):
     check_exit_code = kwargs.pop('check_exit_code', 0)
     (out, err) = utils.execute('iscsiadm',
                                '-m',
                                'node',
                                '-T',
                                iscsi_properties['target_iqn'],
                                '-p',
                                iscsi_properties['target_portal'],
                                *iscsi_command,
                                run_as_root=True,
                                check_exit_code=check_exit_code)
     LOG.debug("iscsiadm %s: stdout=%s stderr=%s" %
               (iscsi_command, out, err))
     return (out, err)
Beispiel #35
0
    def plug(self, instance, network, mapping):
        iface_id = mapping['vif_uuid']
        dev = self.get_dev_name(iface_id)
        if not linux_net._device_exists(dev):
            # Older version of the command 'ip' from the iproute2 package
            # don't have support for the tuntap option (lp:882568).  If it
            # turns out we're on an old version we work around this by using
            # tunctl.
            try:
                # First, try with 'ip'
                utils.execute('ip',
                              'tuntap',
                              'add',
                              dev,
                              'mode',
                              'tap',
                              run_as_root=True)
            except exception.ProcessExecutionError:
                # Second option: tunctl
                utils.execute('tunctl', '-b', '-t', dev, run_as_root=True)
            utils.execute('ip', 'link', 'set', dev, 'up', run_as_root=True)
        utils.execute('ovs-vsctl',
                      '--',
                      '--may-exist',
                      'add-port',
                      FLAGS.libvirt_ovs_bridge,
                      dev,
                      '--',
                      'set',
                      'Interface',
                      dev,
                      "external-ids:iface-id=%s" % iface_id,
                      '--',
                      'set',
                      'Interface',
                      dev,
                      "external-ids:iface-status=active",
                      '--',
                      'set',
                      'Interface',
                      dev,
                      "external-ids:attached-mac=%s" % mapping['mac'],
                      run_as_root=True)

        result = {'script': '', 'name': dev, 'mac_address': mapping['mac']}
        return result
def _get_target(volume_id):
    """
    Gets iscsi name and portal from volume name and host.
    For this method to work the following are needed:
    1) volume_ref['host'] must resolve to something rather than loopback
    """
    volume_ref = db.volume_get(context.get_admin_context(),
                               volume_id)
    result = (None, None)
    try:
        (r, _e) = utils.execute('iscsiadm',
                                '-m', 'discovery',
                                '-t', 'sendtargets',
                                '-p', volume_ref['host'], run_as_root=True)
    except exception.ProcessExecutionError, exc:
        LOG.exception(exc)
Beispiel #37
0
def setup(app):
    rootdir = os.path.abspath(app.srcdir + '/..')
    print "**Autodocumenting from %s" % rootdir
    os.chdir(rootdir)
    rv = utils.execute('./generate_autodoc_index.sh')
    print rv[0]
Beispiel #38
0
 def unget_dev(self):
     if not self.linked:
         return
     utils.execute('losetup', '--detach', self.device, run_as_root=True)
     self.linked = False
Beispiel #39
0
 def unmnt_dev(self):
     """Unmount the device from the file system."""
     if not self.mounted:
         return
     utils.execute('umount', self.mapped_device, run_as_root=True)
     self.mounted = False
Beispiel #40
0
def mkfs(os_type, fs_label, target):
    mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND)
                    or '') % locals()
    if mkfs_command:
        utils.execute(*mkfs_command.split())
Beispiel #41
0
def release_dhcp(dev, address, mac_address):
    utils.execute('dhcp_release', dev, address, mac_address, run_as_root=True)
def setup(app):
    rootdir = os.path.abspath(app.srcdir + '/..')
    print "**Autodocumenting from %s" % rootdir
    os.chdir(rootdir)
    rv = utils.execute('./generate_autodoc_index.sh')
    print rv[0]
Beispiel #43
0
def execute(*args, **kwargs):
    return utils.execute(*args, **kwargs)
Beispiel #44
0
 def unget_dev(self):
     if not self.linked:
         return
     utils.execute('losetup', '--detach', self.device, run_as_root=True)
     self.linked = False
Beispiel #45
0
def execute(*args, **kwargs):
    return utils.execute(*args, **kwargs)
 def test_check_exit_code_boolean(self):
     utils.execute('/usr/bin/env', 'false', check_exit_code=False)
     self.assertRaises(exception.ProcessExecutionError,
                       utils.execute,
                       '/usr/bin/env', 'false', check_exit_code=True)
Beispiel #47
0
def mkfs(os_type, fs_label, target):
    mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or
                    '') % locals()
    if mkfs_command:
        utils.execute(*mkfs_command.split())
Beispiel #48
0
 def unmnt_dev(self):
     """Unmount the device from the file system."""
     if not self.mounted:
         return
     utils.execute('umount', self.mapped_device, run_as_root=True)
     self.mounted = False
Beispiel #49
0
def _inject_metadata_into_fs(metadata, fs, execute=None):
    metadata_path = os.path.join(fs, "meta.js")
    metadata = dict([(m.key, m.value) for m in metadata])

    utils.execute('tee', metadata_path,
                  process_input=json.dumps(metadata), run_as_root=True)