def __init__(self, metadata):
self.name = metadata.package.name
self._domain_name = 'vmnetx-%d-%s' % (os.getpid(), uuid.uuid4())
self._vnc_socket_dir = tempfile.mkdtemp(dir=get_temp_dir(),
prefix='vmnetx-socket-')
self.vnc_listen_address = os.path.join(self._vnc_socket_dir, 'vnc')
# Fix socket dir SELinux context
try:
chcon(self._vnc_socket_dir, SOCKET_DIR_CONTEXT)
except OSError:
pass
# Start vmnetfs
self._fs = VMNetFS(metadata.vmnetfs_config)
self._fs.start()
self.log_path = os.path.join(self._fs.mountpoint, 'log')
self.disk_path = os.path.join(self._fs.mountpoint, 'disk')
disk_image_path = os.path.join(self.disk_path, 'image')
if metadata.package.memory:
self.memory_path = os.path.join(self._fs.mountpoint, 'memory')
self._memory_image_path = os.path.join(self.memory_path, 'image')
else:
self.memory_path = self._memory_image_path = None
# Set up libvirt connection
self._conn = libvirt.open('qemu:///session')
# Get execution domain XML
self._domain_xml = metadata.domain_xml.get_for_execution(
self._conn, self._domain_name, disk_image_path,
self.vnc_listen_address).xml
def extractUrl(url: str, target: Path) -> None:
log.info(f"Downloading {url} to memory...")
req = urllib.request.urlopen(url)
target.mkdir(parents=True, exist_ok=True)
if isSelinux():
selinux.chcon(str(target), "system_u:object_r:container_file_t:s0")
pwrite(["tar", "-C",
str(target), "--exclude", "dev/*", "-xJf", "-"], req.read())
def setupRunDir(env: Env) -> None:
path = env.runDir
if path and not path.exists():
if not path.parent.exists():
path.parent.mkdir(mode=0o700)
path.mkdir(mode=0o700)
if isSelinux():
selinux.chcon(str(path), getSelinuxLabel(env))
def getMounts(self, mountsDict: Dict[str, str]) -> ExecArgs:
mounts = []
for containerDir, hostDir in mountsDict.items():
hostPath = Path(hostDir).expanduser().resolve()
if not hostPath.exists():
hostPath.mkdir(parents=True, exist_ok=True)
if isSelinux():
selinux.chcon(str(hostPath),
"system_u:object_r:container_file_t:s0")
mounts.extend(["-v", "%s:%s" % (hostPath, containerDir)])
return mounts
def setup_transient_repository(*args):
"""
Prepare the transient disks repository
"""
_, _, vdsm_uid, vdsm_gid, _, _, _ = pwd.getpwnam(constants.VDSM_USER)
try:
os.makedirs(TRANSIENT_DISKS_REPO)
except OSError as e:
if e.errno != os.errno.EEXIST:
raise
os.chown(TRANSIENT_DISKS_REPO, vdsm_uid, vdsm_gid)
os.chmod(TRANSIENT_DISKS_REPO, 0750)
selinux.chcon(TRANSIENT_DISKS_REPO, SELINUX_VIRT_IMAGE_LABEL)
def chcon(self, abspath, context):
""" Change selinux security context """
try:
return selinux.chcon(abspath.encode("utf-8"), context)
except OSError:
self._logger.warning('Cannot change selinux context: "%s" "%s"',
(abspath, context))
def chcon(self, abspath, context):
""" Change selinux security context """
try:
return selinux.chcon(abspath.encode("utf-8"), context)
except OSError:
self._logger.warning('Cannot change selinux context: "%s" "%s"',
(abspath, context))
def setup_transient_repository(*args):
"""
setup-transient-repository
Prepare the transient disks repository
"""
if len(args) > 1:
raise ExtraArgsError()
_, _, vdsm_uid, vdsm_gid, _, _, _ = pwd.getpwnam(constants.VDSM_USER)
try:
os.makedirs(TRANSIENT_DISKS_REPO)
except OSError as e:
if e.errno != os.errno.EEXIST:
raise
os.chown(TRANSIENT_DISKS_REPO, vdsm_uid, vdsm_gid)
os.chmod(TRANSIENT_DISKS_REPO, 0o750)
selinux.chcon(TRANSIENT_DISKS_REPO, SELINUX_VIRT_IMAGE_LABEL)
def setupPod(
env: Env,
packages: List[str],
cacheDir: Path = Path("~/.cache/podenv")) -> str:
imageName = setupRuntime(env, cacheDir)
configureRuntime(env, imageName, packages)
if env.provides.get("network"):
setupInfraNetwork(env.provides["network"], imageName, env)
for containerPath, hostPath in sorted(env.ctx.mounts.items()):
if not hostPath.exists() and str(hostPath).startswith(str(env.runDir)):
setupRunDir(env)
if hostPath.name == "tmp":
hostPath.mkdir(mode=0o1777)
# TODO: check why mkdir mode results in 1774
hostPath.chmod(0o1777)
else:
hostPath.mkdir(mode=0o755, parents=True)
elif not hostPath.exists():
hostPath.mkdir(mode=0o755, parents=True)
if isSelinux():
selinux.chcon(str(hostPath), getSelinuxLabel(env))
if env.runDir and env.runDir.exists() and \
str(containerPath).startswith(str(env.ctx.home) + "/"):
# Need to create parent dir, otherwise podman creates them as root
tmpPath = env.runDir / "home" / str(containerPath).replace(
str(env.ctx.home) + "/", "")
tmpPath.mkdir(parents=True, exist_ok=True)
if env.overlaysDir:
for overlay in env.overlays:
overlayDir = env.overlaysDir / overlay
if not overlayDir.exists():
raise RuntimeError(f"{overlay} does not exists")
homeDir = env.ctx.mounts.get(env.ctx.home)
if not homeDir:
raise RuntimeError(
"Overlays without home mount isn't supported")
execute(["rsync", "--copy-links", "-a", str(overlayDir) + "/",
str(homeDir)])
return imageName
def _attach_loopback_device(self):
if not self._fake_file:
self._fake_file = tempfile.mkstemp(
dir=constants.OVIRT_HOSTED_ENGINE_LB_DIR)[1]
os.chown(
self._fake_file,
constants.VDSMEnv.VDSM_UID,
constants.VDSMEnv.KVM_GID,
)
self._execute(args=('truncate', '--size=%s' % self._fake_sd_size,
self._fake_file),
raiseOnError=True)
rc, stdout, stderr = self._execute(args=(
'sudo',
'-n',
'losetup',
'--find',
'--show',
'--sizelimit=%s' % self._fake_sd_size,
self._fake_file,
),
raiseOnError=True)
if rc == 0:
for line in stdout.split('\n'):
if len(line) > 1:
self._fake_SD_path = line
if not self._fake_SD_path:
raise RuntimeError(
'Unable to find an available loopback device path ')
if self._fake_SD_path[:9] != '/dev/loop':
raise RuntimeError(
"Invalid loopback device path name: '{path}'".format(
path=self._fake_SD_path, ))
self._log.debug('Found a available loopback device on %s' %
self._fake_SD_path)
self._execute(args=(
'sudo',
'-n',
'mkfs',
'-t',
self._vfstype,
self._fake_SD_path,
),
raiseOnError=True)
mntpoint = tempfile.mkdtemp(dir=constants.OVIRT_HOSTED_ENGINE_LB_DIR)
self._execute(args=('sudo', '-n', 'mount', self._fake_SD_path,
mntpoint),
raiseOnError=True)
self._execute(args=(
'sudo',
'-n',
'chown',
'-R',
'vdsm',
mntpoint,
),
raiseOnError=True)
if self._selinux_enabled:
con = "system_u:object_r:virt_var_lib_t:s0"
selinux.chcon(path=mntpoint, context=con, recursive=True)
self._execute(args=(
'sudo',
'-n',
'umount',
mntpoint,
),
raiseOnError=True)
os.rmdir(mntpoint)
start = (int(time.time()) / INTERVAL - 1) * INTERVAL
dataDefs = [
rrdFile, '--start',
str(start), '--step',
str(INTERVAL)
]
for c in JOB_COUNTERS:
dataDefs.append('DS:' + c + ':GAUGE:600:0:U')
dataDefs.append('RRA:LAST:0:1:' + str(3600 / INTERVAL * 24 * 7))
rrdtool.create(*tuple(dataDefs))
try:
# change selinux context of the RRD so that it can be read by a apache-invoked PHP script
selinux.chcon(rrdFile,
'unconfined_u:object_r:httpd_var_run_t:s0')
except:
pass
try:
rrdtool.update(rrdFile, str(timestamp) + ':' + str(counts))
except:
pass
if args.graphDir:
if ADD_MAX_SLOTS:
maxSlots = len(
collector.query(htcondor.AdTypes.Startd, STARTD_CONSTRAINTS,
['Machine']))
for user, counts in dataForRRD:
def _attach_loopback_device(self):
if not self._fake_file:
self._fake_file = tempfile.mkstemp(
dir=ohostedcons.FileLocations.OVIRT_HOSTED_ENGINE_LB_DIR
)[1]
os.chown(
self._fake_file,
self.environment[ohostedcons.VDSMEnv.VDSM_UID],
self.environment[ohostedcons.VDSMEnv.KVM_GID],
)
self.execute(
args=(
self.command.get('truncate'),
'--size=%s' % self.SIZE,
self._fake_file
),
raiseOnError=True
)
losetup = self.command.get('losetup')
rc, stdout, stderr = self.execute(
args=(
losetup,
'--find',
'--show',
'--sizelimit=%s' % self.SIZE,
self._fake_file,
),
raiseOnError=True
)
if rc == 0:
for line in stdout:
self._fake_SD_path = line
if self._fake_SD_path[:9] != '/dev/loop':
raise RuntimeError(
-("Invalid loopback device path name: '{path}'").format(
path=self._fake_SD_path,
)
)
self.logger.debug(
'Found a available loopback device on %s' % self._fake_SD_path
)
if not self._fake_SD_path:
raise RuntimeError(
_('Unable to find an available loopback device path ')
)
self.execute(
args=(
self.command.get('mkfs'),
'-t',
self.VFSTYPE,
self._fake_SD_path,
),
raiseOnError=True
)
mntpoint = tempfile.mkdtemp(
dir=ohostedcons.FileLocations.OVIRT_HOSTED_ENGINE_LB_DIR
)
self.execute(
args=(
self.command.get('mount'),
self._fake_SD_path,
mntpoint
),
raiseOnError=True
)
self.execute(
args=(
self.command.get('chown'),
'-R',
'{u}:{g}'.format(
u=self.environment[ohostedcons.VDSMEnv.VDSM_UID],
g=self.environment[ohostedcons.VDSMEnv.KVM_GID],
),
mntpoint,
),
raiseOnError=True
)
if self._selinux_enabled:
con = "system_u:object_r:virt_var_lib_t:s0"
selinux.chcon(path=mntpoint, context=con, recursive=True)
self.execute(
args=(
self.command.get('umount'),
mntpoint,
),
raiseOnError=True
)
os.rmdir(mntpoint)
def _attach_loopback_device(self):
if not self._fake_file:
self._fake_file = tempfile.mkstemp(
dir=constants.OVIRT_HOSTED_ENGINE_LB_DIR
)[1]
os.chown(
self._fake_file,
constants.VDSMEnv.VDSM_UID,
constants.VDSMEnv.KVM_GID,
)
self._execute(
args=(
'truncate',
'--size=%s' % self._fake_sd_size,
self._fake_file
),
raiseOnError=True
)
rc, stdout, stderr = self._execute(
args=(
'sudo',
'-n',
'losetup',
'--find',
'--show',
'--sizelimit=%s' % self._fake_sd_size,
self._fake_file,
),
raiseOnError=True
)
if rc == 0:
for line in stdout.split('\n'):
if len(line) > 1:
self._fake_SD_path = line
if not self._fake_SD_path:
raise RuntimeError(
'Unable to find an available loopback device path '
)
if self._fake_SD_path[:9] != '/dev/loop':
raise RuntimeError(
"Invalid loopback device path name: '{path}'".format(
path=self._fake_SD_path,
)
)
self._log.debug(
'Found a available loopback device on %s' % self._fake_SD_path
)
self._execute(
args=(
'sudo',
'-n',
'mkfs',
'-t',
self._vfstype,
self._fake_SD_path,
),
raiseOnError=True
)
mntpoint = tempfile.mkdtemp(
dir=constants.OVIRT_HOSTED_ENGINE_LB_DIR
)
self._execute(
args=(
'sudo',
'-n',
'mount',
self._fake_SD_path,
mntpoint
),
raiseOnError=True
)
self._execute(
args=(
'sudo',
'-n',
'chown',
'-R',
'vdsm',
mntpoint,
),
raiseOnError=True
)
if self._selinux_enabled:
con = "system_u:object_r:virt_var_lib_t:s0"
selinux.chcon(path=mntpoint, context=con, recursive=True)
self._execute(
args=(
'sudo',
'-n',
'umount',
mntpoint,
),
raiseOnError=True
)
os.rmdir(mntpoint)
def setupPod(userNotif: UserNotif,
env: Env,
cacheDir: Path = Path("~/.cache/podenv")) -> ExecArgs:
imageName = setupRuntime(userNotif, env, cacheDir)
configureRuntime(userNotif, env)
if env.network:
setupInfraNetwork(env.network, imageName, env)
# TODO: check for environment requires list
if not env.runtime:
raise RuntimeError("Env has no runtime")
imageName = env.runtime.getRuntimeArgs() + imageName
if env.capabilities.get("mount-cache"):
# Inject runtime volumes
imageName = env.runtime.getSystemMounts(withTmp=False) + imageName
if env.desktop:
setupDesktopFile(env.desktop)
for containerPath, hostPath in sorted(env.ctx.mounts.items()):
hostPath = hostPath.expanduser().resolve()
if not hostPath.exists() and str(hostPath).startswith(str(env.runDir)):
setupRunDir(env)
if hostPath.name == "tmp":
hostPath.mkdir(mode=0o1777)
# TODO: check why mkdir mode results in 1774
hostPath.chmod(0o1777)
else:
hostPath.mkdir(mode=0o755, parents=True)
elif not hostPath.exists():
hostPath.mkdir(mode=0o755, parents=True)
if isSelinux():
selinux.chcon(str(hostPath), getSelinuxLabel(env))
if env.runDir and env.runDir.exists() and \
str(containerPath).startswith(str(env.ctx.home) + "/") and \
hostPath.is_dir():
# Need to create parent dir, otherwise podman creates them as root
tmpPath = env.runDir / "home" / str(containerPath).replace(
str(env.ctx.home) + "/", "")
tmpPath.mkdir(parents=True, exist_ok=True)
if env.overlaysDir:
for overlay in env.overlays:
homeDir = env.ctx.mounts.get(env.ctx.home)
if not homeDir:
raise RuntimeError(
"Overlays without home mount isn't supported")
if isinstance(overlay, str):
overlayDir = env.overlaysDir / overlay
if not overlayDir.exists():
raise RuntimeError(f"{overlay} does not exists")
execute([
"rsync", "--copy-links", "-a",
str(overlayDir) + "/",
str(homeDir) + "/"
])
else:
for containerHomePath, content in overlay.items():
hostPath = homeDir / containerHomePath
if not hostPath.exists():
hostPath.write_text(content)
elif hostPath.read_text() != content:
log.info(
f"Overlay skipped for {hostPath}: already exists")
return imageName
def createContainerDir(path: Path) -> None:
path.mkdir(parents=True, exist_ok=True)
if isSelinux():
selinux.chcon(str(path), "system_u:object_r:container_file_t:s0")
def _attach_loopback_device(self):
if not self._fake_file:
self._fake_file = tempfile.mkstemp(
dir=ohostedcons.FileLocations.OVIRT_HOSTED_ENGINE_LB_DIR)[1]
os.chown(
self._fake_file,
self.environment[ohostedcons.VDSMEnv.VDSM_UID],
self.environment[ohostedcons.VDSMEnv.KVM_GID],
)
self.execute(args=(self.command.get('truncate'),
'--size=%s' % self.SIZE, self._fake_file),
raiseOnError=True)
losetup = self.command.get('losetup')
rc, stdout, stderr = self.execute(args=(
losetup,
'--find',
'--show',
'--sizelimit=%s' % self.SIZE,
self._fake_file,
),
raiseOnError=True)
if rc == 0:
for line in stdout:
self._fake_SD_path = line
if self._fake_SD_path[:9] != '/dev/loop':
raise RuntimeError(
-("Invalid loopback device path name: '{path}'"
).format(path=self._fake_SD_path, ))
self.logger.debug('Found a available loopback device on %s' %
self._fake_SD_path)
if not self._fake_SD_path:
raise RuntimeError(
_('Unable to find an available loopback device path '))
self.execute(args=(
self.command.get('mkfs'),
'-t',
self.VFSTYPE,
self._fake_SD_path,
),
raiseOnError=True)
mntpoint = tempfile.mkdtemp(
dir=ohostedcons.FileLocations.OVIRT_HOSTED_ENGINE_LB_DIR)
self.execute(args=(self.command.get('mount'), self._fake_SD_path,
mntpoint),
raiseOnError=True)
self.execute(args=(
self.command.get('chown'),
'-R',
'{u}:{g}'.format(
u=self.environment[ohostedcons.VDSMEnv.VDSM_UID],
g=self.environment[ohostedcons.VDSMEnv.KVM_GID],
),
mntpoint,
),
raiseOnError=True)
if self._selinux_enabled:
con = "system_u:object_r:virt_var_lib_t:s0"
selinux.chcon(path=mntpoint, context=con, recursive=True)
self.execute(args=(
self.command.get('umount'),
mntpoint,
),
raiseOnError=True)
os.rmdir(mntpoint)