def unget_dev(self):
if not self.linked:
return
utils.execute('qemu-nbd', '-d', self.device, run_as_root=True)
self._free_nbd(self.device)
self.linked = False
self.device = None
def chown(path, owner):
"""Change ownership of file or directory
:param path: File or directory whose ownership to change
:param owner: Desired new owner (given as uid or username)
"""
utils.execute("chown", owner, path, run_as_root=True)
def test_check_exit_code_boolean(self):
utils.execute('/usr/bin/env', 'false', check_exit_code=False)
self.assertRaises(exception.ProcessExecutionError,
utils.execute,
'/usr/bin/env',
'false',
check_exit_code=True)
def unmnt_dev(self):
if not self.mounted:
return
# root users don't need a specific unmnt_dev()
# but ordinary users do
utils.execute('fusermount', '-u', self.mount_dir, run_as_root=True)
self.mounted = False
def unmap_dev(self):
"""Remove partitions of the device from the file system namespace."""
if not self.mapped:
return
if self.partition:
utils.execute('kpartx', '-d', self.device, run_as_root=True)
self.mapped = False
def chown(path, owner):
"""Change ownership of file or directory
:param path: File or directory whose ownership to change
:param owner: Desired new owner (given as uid or username)
"""
utils.execute('chown', owner, path, run_as_root=True)
def unget_dev(self):
if not self.linked:
return
utils.execute('qemu-nbd', '-d', self.device, run_as_root=True)
self._free_nbd(self.device)
self.linked = False
self.device = None
def unmap_dev(self):
"""Remove partitions of the device from the file system namespace."""
if not self.mapped:
return
if self.partition:
utils.execute('kpartx', '-d', self.device, run_as_root=True)
self.mapped = False
def _decrypt_image(encrypted_filename, encrypted_key, encrypted_iv,
cloud_private_key, decrypted_filename):
key, err = utils.execute('openssl',
'rsautl',
'-decrypt',
'-inkey', '%s' % cloud_private_key,
process_input=encrypted_key,
check_exit_code=False)
if err:
raise exception.Error(_('Failed to decrypt private key: %s')
% err)
iv, err = utils.execute('openssl',
'rsautl',
'-decrypt',
'-inkey', '%s' % cloud_private_key,
process_input=encrypted_iv,
check_exit_code=False)
if err:
raise exception.Error(_('Failed to decrypt initialization '
'vector: %s') % err)
_out, err = utils.execute('openssl', 'enc',
'-d', '-aes-128-cbc',
'-in', '%s' % (encrypted_filename,),
'-K', '%s' % (key,),
'-iv', '%s' % (iv,),
'-out', '%s' % (decrypted_filename,),
check_exit_code=False)
if err:
raise exception.Error(_('Failed to decrypt image file '
'%(image_file)s: %(err)s') %
{'image_file': encrypted_filename,
'err': err})
def unmnt_dev(self):
if not self.mounted:
return
# root users don't need a specific unmnt_dev()
# but ordinary users do
utils.execute('fusermount', '-u', self.mount_dir, run_as_root=True)
self.mounted = False
def _inject_metadata_into_fs(metadata, fs, execute=None):
metadata_path = os.path.join(fs, "meta.js")
metadata = dict([(m.key, m.value) for m in metadata])
utils.execute('tee',
metadata_path,
process_input=json.dumps(metadata),
run_as_root=True)
def _xvp_start(self):
if self._xvp_check_running():
return
logging.debug(_('Starting xvp'))
try:
utils.execute('xvp', '-p', FLAGS.console_xvp_pid, '-c',
FLAGS.console_xvp_conf, '-l', FLAGS.console_xvp_log)
except exception.ProcessExecutionError, err:
logging.error(_('Error starting xvp: %s') % err)
def _xvp_start(self):
if self._xvp_check_running():
return
logging.debug(_('Starting xvp'))
try:
utils.execute('xvp',
'-p', FLAGS.console_xvp_pid,
'-c', FLAGS.console_xvp_conf,
'-l', FLAGS.console_xvp_log)
except exception.ProcessExecutionError, err:
logging.error(_('Error starting xvp: %s') % err)
def unplug(self, instance, network, mapping):
"""Unplug the VIF from the network by deleting the port from
the bridge."""
dev = self.get_dev_name(mapping['vif_uuid'])
try:
utils.execute('ovs-vsctl', 'del-port',
FLAGS.libvirt_ovs_bridge, dev, run_as_root=True)
utils.execute('ip', 'link', 'delete', dev, run_as_root=True)
except exception.ProcessExecutionError:
LOG.warning(_("Failed while unplugging vif of instance '%s'"),
instance['name'])
raise
def plug(self, instance, network, mapping):
iface_id = mapping['vif_uuid']
dev = self.get_dev_name(iface_id)
if not linux_net._device_exists(dev):
# Older version of the command 'ip' from the iproute2 package
# don't have support for the tuntap option (lp:882568). If it
# turns out we're on an old version we work around this by using
# tunctl.
try:
# First, try with 'ip'
utils.execute('ip', 'tuntap', 'add', dev, 'mode', 'tap',
run_as_root=True)
except exception.ProcessExecutionError:
# Second option: tunctl
utils.execute('tunctl', '-b', '-t', dev, run_as_root=True)
utils.execute('ip', 'link', 'set', dev, 'up', run_as_root=True)
utils.execute('ovs-vsctl', '--', '--may-exist', 'add-port',
FLAGS.libvirt_ovs_bridge, dev,
'--', 'set', 'Interface', dev,
"external-ids:iface-id=%s" % iface_id,
'--', 'set', 'Interface', dev,
"external-ids:iface-status=active",
'--', 'set', 'Interface', dev,
"external-ids:attached-mac=%s" % mapping['mac'],
run_as_root=True)
result = {
'script': '',
'name': dev,
'mac_address': mapping['mac']}
return result
def unplug(self, instance, network, mapping):
"""Unplug the VIF from the network by deleting the port from
the bridge."""
dev = self.get_dev_name(mapping['vif_uuid'])
try:
utils.execute('ovs-vsctl',
'del-port',
FLAGS.libvirt_ovs_bridge,
dev,
run_as_root=True)
utils.execute('ip', 'link', 'delete', dev, run_as_root=True)
except exception.ProcessExecutionError:
LOG.warning(_("Failed while unplugging vif of instance '%s'"),
instance['name'])
raise
def _execute(self, *cmd, **kwargs):
if self.run_local:
return utils.execute(*cmd, **kwargs)
else:
check_exit_code = kwargs.pop('check_exit_code', None)
command = ' '.join(*cmd)
return self._run_ssh(command, check_exit_code)
def _execute(self, *cmd, **kwargs):
if self.run_local:
return utils.execute(*cmd, **kwargs)
else:
check_exit_code = kwargs.pop('check_exit_code', None)
command = ' '.join(*cmd)
return self._run_ssh(command, check_exit_code)
def _xvp_encrypt(self, password, is_pool_password=False):
"""Call xvp to obfuscate passwords for config file.
Args:
- password: the password to encode, max 8 char for vm passwords,
and 16 chars for pool passwords. passwords will
be trimmed to max len before encoding.
- is_pool_password: True if this this is the XenServer api password
False if it's a VM console password
(xvp uses different keys and max lengths for pool passwords)
Note that xvp's obfuscation should not be considered 'real' encryption.
It simply DES encrypts the passwords with static keys plainly viewable
in the xvp source code.
"""
maxlen = 8
flag = '-e'
if is_pool_password:
maxlen = 16
flag = '-x'
#xvp will blow up on passwords that are too long (mdragon)
password = password[:maxlen]
out, err = utils.execute('xvp', flag, process_input=password)
return out.strip()
def _xvp_encrypt(self, password, is_pool_password=False):
"""Call xvp to obfuscate passwords for config file.
Args:
- password: the password to encode, max 8 char for vm passwords,
and 16 chars for pool passwords. passwords will
be trimmed to max len before encoding.
- is_pool_password: True if this this is the XenServer api password
False if it's a VM console password
(xvp uses different keys and max lengths for pool passwords)
Note that xvp's obfuscation should not be considered 'real' encryption.
It simply DES encrypts the passwords with static keys plainly viewable
in the xvp source code.
"""
maxlen = 8
flag = '-e'
if is_pool_password:
maxlen = 16
flag = '-x'
#xvp will blow up on passwords that are too long (mdragon)
password = password[:maxlen]
out, err = utils.execute('xvp', flag, process_input=password)
return out.strip()
def _execute(*cmd, **kwargs):
"""Wrapper around utils._execute for fake_network."""
if FLAGS.fake_network:
LOG.debug('FAKE NET: %s', ' '.join(map(str, cmd)))
return 'fake', 0
else:
return utils.execute(*cmd, **kwargs)
def _inject_net_into_fs(net, fs, execute=None):
"""Inject /etc/network/interfaces into the filesystem rooted at fs.
net is the contents of /etc/network/interfaces.
"""
netdir = os.path.join(os.path.join(fs, 'etc'), 'network')
utils.execute('mkdir', '-p', netdir, run_as_root=True)
utils.execute('chown', 'root:root', netdir, run_as_root=True)
utils.execute('chmod', 755, netdir, run_as_root=True)
netfile = os.path.join(netdir, 'interfaces')
utils.execute('tee', netfile, process_input=net, run_as_root=True)
def _decrypt_image(encrypted_filename, encrypted_key, encrypted_iv, cloud_private_key, decrypted_filename):
key, err = utils.execute(
"openssl",
"rsautl",
"-decrypt",
"-inkey",
"%s" % cloud_private_key,
process_input=encrypted_key,
check_exit_code=False,
)
if err:
raise exception.Error(_("Failed to decrypt private key: %s") % err)
iv, err = utils.execute(
"openssl",
"rsautl",
"-decrypt",
"-inkey",
"%s" % cloud_private_key,
process_input=encrypted_iv,
check_exit_code=False,
)
if err:
raise exception.Error(_("Failed to decrypt initialization " "vector: %s") % err)
_out, err = utils.execute(
"openssl",
"enc",
"-d",
"-aes-128-cbc",
"-in",
"%s" % (encrypted_filename,),
"-K",
"%s" % (key,),
"-iv",
"%s" % (iv,),
"-out",
"%s" % (decrypted_filename,),
check_exit_code=False,
)
if err:
raise exception.Error(
_("Failed to decrypt image file " "%(image_file)s: %(err)s")
% {"image_file": encrypted_filename, "err": err}
)
def _inject_net_into_fs(net, fs, execute=None):
"""Inject /etc/network/interfaces into the filesystem rooted at fs.
net is the contents of /etc/network/interfaces.
"""
netdir = os.path.join(os.path.join(fs, 'etc'), 'network')
utils.execute('mkdir', '-p', netdir, run_as_root=True)
utils.execute('chown', 'root:root', netdir, run_as_root=True)
utils.execute('chmod', 755, netdir, run_as_root=True)
netfile = os.path.join(netdir, 'interfaces')
utils.execute('tee', netfile, process_input=net, run_as_root=True)
def _run_iscsiadm(self, iscsi_properties, iscsi_command, **kwargs):
check_exit_code = kwargs.pop('check_exit_code', 0)
(out, err) = utils.execute('iscsiadm', '-m', 'node', '-T',
iscsi_properties['target_iqn'],
'-p', iscsi_properties['target_portal'],
*iscsi_command, run_as_root=True,
check_exit_code=check_exit_code)
LOG.debug("iscsiadm %s: stdout=%s stderr=%s" %
(iscsi_command, out, err))
return (out, err)
def fetch_to_raw(context, image_href, path, user_id, project_id):
path_tmp = "%s.part" % path
metadata = fetch(context, image_href, path_tmp, user_id, project_id)
def _qemu_img_info(path):
out, err = utils.execute('env', 'LC_ALL=C', 'LANG=C',
'qemu-img', 'info', path)
# output of qemu-img is 'field: value'
# the fields of interest are 'file format' and 'backing file'
data = {}
for line in out.splitlines():
(field, val) = line.split(':', 1)
if val[0] == " ":
val = val[1:]
data[field] = val
return(data)
data = _qemu_img_info(path_tmp)
fmt = data.get("file format", None)
if fmt is None:
os.unlink(path_tmp)
raise exception.ImageUnacceptable(
reason=_("'qemu-img info' parsing failed."), image_id=image_href)
if fmt != "raw":
staged = "%s.converted" % path
if "backing file" in data:
backing_file = data['backing file']
os.unlink(path_tmp)
raise exception.ImageUnacceptable(image_id=image_href,
reason=_("fmt=%(fmt)s backed by: %(backing_file)s") % locals())
LOG.debug("%s was %s, converting to raw" % (image_href, fmt))
out, err = utils.execute('qemu-img', 'convert', '-O', 'raw',
path_tmp, staged)
os.unlink(path_tmp)
data = _qemu_img_info(staged)
if data.get('file format', None) != "raw":
os.unlink(staged)
raise exception.ImageUnacceptable(image_id=image_href,
reason=_("Converted to raw, but format is now %s") %
data.get('file format', None))
os.rename(staged, path)
else:
os.rename(path_tmp, path)
return metadata
def _inject_key_into_fs(key, fs, execute=None):
"""Add the given public ssh key to root's authorized_keys.
key is an ssh key string.
fs is the path to the base of the filesystem into which to inject the key.
"""
sshdir = os.path.join(fs, 'root', '.ssh')
utils.execute('mkdir', '-p', sshdir, run_as_root=True)
utils.execute('chown', 'root', sshdir, run_as_root=True)
utils.execute('chmod', '700', sshdir, run_as_root=True)
keyfile = os.path.join(sshdir, 'authorized_keys')
utils.execute('tee', '-a', keyfile,
process_input='\n' + key.strip() + '\n', run_as_root=True)
def test_no_retry_on_success(self):
fd, tmpfilename = tempfile.mkstemp()
_, tmpfilename2 = tempfile.mkstemp()
try:
fp = os.fdopen(fd, 'w+')
fp.write('''#!/bin/sh
# If we've already run, bail out.
grep -q foo "$1" && exit 1
# Mark that we've run before.
echo foo > "$1"
# Check that stdin gets passed correctly.
grep foo
''')
fp.close()
os.chmod(tmpfilename, 0755)
utils.execute(tmpfilename,
tmpfilename2,
process_input='foo',
attempts=2)
finally:
os.unlink(tmpfilename)
os.unlink(tmpfilename2)
def test_no_retry_on_success(self):
fd, tmpfilename = tempfile.mkstemp()
_, tmpfilename2 = tempfile.mkstemp()
try:
fp = os.fdopen(fd, 'w+')
fp.write('''#!/bin/sh
# If we've already run, bail out.
grep -q foo "$1" && exit 1
# Mark that we've run before.
echo foo > "$1"
# Check that stdin gets passed correctly.
grep foo
''')
fp.close()
os.chmod(tmpfilename, 0755)
utils.execute(tmpfilename,
tmpfilename2,
process_input='foo',
attempts=2)
finally:
os.unlink(tmpfilename)
os.unlink(tmpfilename2)
def _inject_key_into_fs(key, fs, execute=None):
"""Add the given public ssh key to root's authorized_keys.
key is an ssh key string.
fs is the path to the base of the filesystem into which to inject the key.
"""
sshdir = os.path.join(fs, 'root', '.ssh')
utils.execute('mkdir', '-p', sshdir, run_as_root=True)
utils.execute('chown', 'root', sshdir, run_as_root=True)
utils.execute('chmod', '700', sshdir, run_as_root=True)
keyfile = os.path.join(sshdir, 'authorized_keys')
utils.execute('tee',
'-a',
keyfile,
process_input='\n' + key.strip() + '\n',
run_as_root=True)
def extend(image, size):
"""Increase image to size"""
file_size = os.path.getsize(image)
if file_size >= size:
return
utils.execute('qemu-img', 'resize', image, size)
# NOTE(vish): attempts to resize filesystem
utils.execute('e2fsck', '-fp', image, check_exit_code=False)
utils.execute('resize2fs', image, check_exit_code=False)
def extend(image, size):
"""Increase image to size"""
file_size = os.path.getsize(image)
if file_size >= size:
return
utils.execute('qemu-img', 'resize', image, size)
# NOTE(vish): attempts to resize filesystem
utils.execute('e2fsck', '-fp', image, check_exit_code=False)
utils.execute('resize2fs', image, check_exit_code=False)
def _qemu_img_info(path):
out, err = utils.execute('env', 'LC_ALL=C', 'LANG=C',
'qemu-img', 'info', path)
# output of qemu-img is 'field: value'
# the fields of interest are 'file format' and 'backing file'
data = {}
for line in out.splitlines():
(field, val) = line.split(':', 1)
if val[0] == " ":
val = val[1:]
data[field] = val
return(data)
def _run_iscsiadm(self, iscsi_properties, iscsi_command, **kwargs):
check_exit_code = kwargs.pop('check_exit_code', 0)
(out, err) = utils.execute('iscsiadm',
'-m',
'node',
'-T',
iscsi_properties['target_iqn'],
'-p',
iscsi_properties['target_portal'],
*iscsi_command,
run_as_root=True,
check_exit_code=check_exit_code)
LOG.debug("iscsiadm %s: stdout=%s stderr=%s" %
(iscsi_command, out, err))
return (out, err)
def plug(self, instance, network, mapping):
iface_id = mapping['vif_uuid']
dev = self.get_dev_name(iface_id)
if not linux_net._device_exists(dev):
# Older version of the command 'ip' from the iproute2 package
# don't have support for the tuntap option (lp:882568). If it
# turns out we're on an old version we work around this by using
# tunctl.
try:
# First, try with 'ip'
utils.execute('ip',
'tuntap',
'add',
dev,
'mode',
'tap',
run_as_root=True)
except exception.ProcessExecutionError:
# Second option: tunctl
utils.execute('tunctl', '-b', '-t', dev, run_as_root=True)
utils.execute('ip', 'link', 'set', dev, 'up', run_as_root=True)
utils.execute('ovs-vsctl',
'--',
'--may-exist',
'add-port',
FLAGS.libvirt_ovs_bridge,
dev,
'--',
'set',
'Interface',
dev,
"external-ids:iface-id=%s" % iface_id,
'--',
'set',
'Interface',
dev,
"external-ids:iface-status=active",
'--',
'set',
'Interface',
dev,
"external-ids:attached-mac=%s" % mapping['mac'],
run_as_root=True)
result = {'script': '', 'name': dev, 'mac_address': mapping['mac']}
return result
def _get_target(volume_id):
"""
Gets iscsi name and portal from volume name and host.
For this method to work the following are needed:
1) volume_ref['host'] must resolve to something rather than loopback
"""
volume_ref = db.volume_get(context.get_admin_context(),
volume_id)
result = (None, None)
try:
(r, _e) = utils.execute('iscsiadm',
'-m', 'discovery',
'-t', 'sendtargets',
'-p', volume_ref['host'], run_as_root=True)
except exception.ProcessExecutionError, exc:
LOG.exception(exc)
def setup(app):
rootdir = os.path.abspath(app.srcdir + '/..')
print "**Autodocumenting from %s" % rootdir
os.chdir(rootdir)
rv = utils.execute('./generate_autodoc_index.sh')
print rv[0]
def unget_dev(self):
if not self.linked:
return
utils.execute('losetup', '--detach', self.device, run_as_root=True)
self.linked = False
def unmnt_dev(self):
"""Unmount the device from the file system."""
if not self.mounted:
return
utils.execute('umount', self.mapped_device, run_as_root=True)
self.mounted = False
def mkfs(os_type, fs_label, target):
mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND)
or '') % locals()
if mkfs_command:
utils.execute(*mkfs_command.split())
def release_dhcp(dev, address, mac_address):
utils.execute('dhcp_release', dev, address, mac_address, run_as_root=True)
def setup(app):
rootdir = os.path.abspath(app.srcdir + '/..')
print "**Autodocumenting from %s" % rootdir
os.chdir(rootdir)
rv = utils.execute('./generate_autodoc_index.sh')
print rv[0]
def execute(*args, **kwargs):
return utils.execute(*args, **kwargs)
def unget_dev(self):
if not self.linked:
return
utils.execute('losetup', '--detach', self.device, run_as_root=True)
self.linked = False
def execute(*args, **kwargs):
return utils.execute(*args, **kwargs)
def test_check_exit_code_boolean(self):
utils.execute('/usr/bin/env', 'false', check_exit_code=False)
self.assertRaises(exception.ProcessExecutionError,
utils.execute,
'/usr/bin/env', 'false', check_exit_code=True)
def mkfs(os_type, fs_label, target):
mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or
'') % locals()
if mkfs_command:
utils.execute(*mkfs_command.split())
def unmnt_dev(self):
"""Unmount the device from the file system."""
if not self.mounted:
return
utils.execute('umount', self.mapped_device, run_as_root=True)
self.mounted = False
def _inject_metadata_into_fs(metadata, fs, execute=None):
metadata_path = os.path.join(fs, "meta.js")
metadata = dict([(m.key, m.value) for m in metadata])
utils.execute('tee', metadata_path,
process_input=json.dumps(metadata), run_as_root=True)
