def test_inject_data_key(self):
vfs = vfsguestfs.VFSGuestFS("/some/file", "qcow2")
vfs.setup()
diskapi._inject_key_into_fs("mysshkey", vfs)
self.assertIn("/root/.ssh", vfs.handle.files)
self.assertEqual(vfs.handle.files["/root/.ssh"], {
'isdir': True,
'gid': 0,
'uid': 0,
'mode': 0o700
})
self.assertIn("/root/.ssh/authorized_keys", vfs.handle.files)
self.assertEqual(
vfs.handle.files["/root/.ssh/authorized_keys"], {
'isdir': False,
'content': "Hello World\n# The following ssh " +
"key was injected by Nova\nmysshkey\n",
'gid': 100,
'uid': 100,
'mode': 0o600
})
vfs.teardown()
def _do_test_appliance_setup_inspect(self, forcetcg):
if forcetcg:
vfsimpl.force_tcg()
else:
vfsimpl.force_tcg(False)
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2",
imgfmt="qcow2",
partition=-1)
vfs.setup()
if forcetcg:
self.assertEqual("force_tcg", vfs.handle.backend_settings)
vfsimpl.force_tcg(False)
else:
self.assertIsNone(vfs.handle.backend_settings)
self.assertTrue(vfs.handle.running)
self.assertEqual(3, len(vfs.handle.mounts))
self.assertEqual("/dev/mapper/guestvgf-lv_root",
vfs.handle.mounts[0][1])
self.assertEqual("/dev/vda1", vfs.handle.mounts[1][1])
self.assertEqual("/dev/mapper/guestvgf-lv_home",
vfs.handle.mounts[2][1])
self.assertEqual("/", vfs.handle.mounts[0][2])
self.assertEqual("/boot", vfs.handle.mounts[1][2])
self.assertEqual("/home", vfs.handle.mounts[2][2])
handle = vfs.handle
vfs.teardown()
self.assertIsNone(vfs.handle)
self.assertFalse(handle.running)
self.assertTrue(handle.closed)
self.assertEqual(0, len(handle.mounts))
def test_inject_files_into_fs(self):
vfs = vfsguestfs.VFSGuestFS(self.file)
vfs.setup()
diskapi._inject_files_into_fs(
[("/path/to/not/exists/file", "inject-file-contents")], vfs)
self.assertIn("/path/to/not/exists", vfs.handle.files)
shadow_dir = vfs.handle.files["/path/to/not/exists"]
self.assertEqual(shadow_dir, {
"isdir": True,
"gid": 0,
"uid": 0,
"mode": 0o744
})
shadow_file = vfs.handle.files["/path/to/not/exists/file"]
self.assertEqual(
shadow_file, {
"isdir": False,
"content": "inject-file-contents",
"gid": 100,
"uid": 100,
"mode": 0o700
})
vfs.teardown()
def test_setup_debug_enabled(self):
self.flags(debug=True, group='guestfs')
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
self.assertTrue(vfs.handle.trace_enabled)
self.assertTrue(vfs.handle.verbose_enabled)
self.assertIsNotNone(vfs.handle.event_callback)
def test_inject_data_key_with_selinux_append_with_newline(self):
vfs = vfsguestfs.VFSGuestFS("/some/file", "qcow2")
vfs.setup()
vfs.replace_file("/etc/rc.d/rc.local", "#!/bin/sh\necho done")
vfs.make_path("etc/selinux")
vfs.make_path("etc/rc.d")
diskapi._inject_key_into_fs("mysshkey", vfs)
self.assertIn("/etc/rc.d/rc.local", vfs.handle.files)
self.assertEqual(
vfs.handle.files["/etc/rc.d/rc.local"], {
'isdir':
False,
'content':
"#!/bin/sh\necho done\n# Added "
"by Nova to ensure injected ssh keys have "
"the right context\nrestorecon -RF "
"root/.ssh 2>/dev/null || :\n",
'gid':
100,
'uid':
100,
'mode':
0o700
})
vfs.teardown()
def test_inject_data_key_with_selinux(self):
vfs = vfsguestfs.VFSGuestFS("/some/file", "qcow2")
vfs.setup()
vfs.make_path("etc/selinux")
vfs.make_path("etc/rc.d")
diskapi._inject_key_into_fs("mysshkey", vfs)
self.assertTrue("/etc/rc.d/rc.local" in vfs.handle.files)
self.assertEquals(vfs.handle.files["/etc/rc.d/rc.local"],
{'isdir': False,
'content': "Hello World#!/bin/sh\n# Added by " +
"Nova to ensure injected ssh keys " +
"have the right context\nrestorecon " +
"-RF root/.ssh 2>/dev/null || :\n",
'gid': 100,
'uid': 100,
'mode': 0o700})
self.assertTrue("/root/.ssh" in vfs.handle.files)
self.assertEquals(vfs.handle.files["/root/.ssh"],
{'isdir': True, 'gid': 0, 'uid': 0, 'mode': 0o700})
self.assertTrue("/root/.ssh/authorized_keys" in vfs.handle.files)
self.assertEquals(vfs.handle.files["/root/.ssh/authorized_keys"],
{'isdir': False,
'content': "Hello World\n# The following ssh " +
"key was injected by Nova\nmysshkey\n",
'gid': 100,
'uid': 100,
'mode': 0o600})
vfs.teardown()
def test_inject_admin_password(self):
vfs = vfsguestfs.VFSGuestFS("/some/file", "qcow2")
vfs.setup()
def fake_salt():
return "1234567890abcdef"
self.stubs.Set(diskapi, '_generate_salt', fake_salt)
vfs.handle.write("/etc/shadow",
"root:$1$12345678$xxxxx:14917:0:99999:7:::\n" +
"bin:*:14495:0:99999:7:::\n" +
"daemon:*:14495:0:99999:7:::\n")
vfs.handle.write("/etc/passwd",
"root:x:0:0:root:/root:/bin/bash\n" +
"bin:x:1:1:bin:/bin:/sbin/nologin\n" +
"daemon:x:2:2:daemon:/sbin:/sbin/nologin\n")
diskapi._inject_admin_password_into_fs("123456", vfs)
self.assertEquals(vfs.handle.files["/etc/passwd"],
{'content': "root:x:0:0:root:/root:/bin/bash\n" +
"bin:x:1:1:bin:/bin:/sbin/nologin\n" +
"daemon:x:2:2:daemon:/sbin:" +
"/sbin/nologin\n",
'gid': 100,
'isdir': False,
'mode': 0700,
'uid': 100})
def test_replace_file(self):
vfs = vfsimpl.VFSGuestFS(self.qcowfile)
vfs.setup()
vfs.replace_file("/some/file", "Goodbye")
self.assertIn("/some/file", vfs.handle.files)
self.assertEqual("Goodbye", vfs.handle.files["/some/file"]["content"])
vfs.teardown()
def test_has_file(self):
vfs = vfsimpl.VFSGuestFS(self.qcowfile)
vfs.setup()
vfs.read_file("/some/file")
self.assertTrue(vfs.has_file("/some/file"))
self.assertFalse(vfs.has_file("/other/file"))
vfs.teardown()
def test_replace_file(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.replace_file("/some/file", "Goodbye")
self.assertTrue("/some/file" in vfs.handle.files)
self.assertEqual(vfs.handle.files["/some/file"]["content"], "Goodbye")
vfs.teardown()
def test_has_file(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.read_file("/some/file")
self.assertTrue(vfs.has_file("/some/file"))
self.assertFalse(vfs.has_file("/other/file"))
vfs.teardown()
def test_append_file(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.append_file("/some/file", " Goodbye")
self.assertIn("/some/file", vfs.handle.files)
self.assertEqual(vfs.handle.files["/some/file"]["content"],
"Hello World Goodbye")
vfs.teardown()
def test_appliance_setup_inspect_no_root_raises(self):
vfs = vfsimpl.VFSGuestFS(self.qcowfile, partition=-1)
# call setup to init the handle so we can stub it
vfs.setup()
self.assertIsNone(vfs.handle.backend_settings)
with mock.patch.object(vfs.handle, 'inspect_os',
return_value=[]) as mock_inspect_os:
self.assertRaises(exception.NovaException, vfs.setup_os_inspect)
mock_inspect_os.assert_called_once_with()
def test_inject_admin_password(self):
vfs = vfsguestfs.VFSGuestFS(self.file)
vfs.setup()
def fake_salt():
return "1234567890abcdef"
self.stubs.Set(diskapi, '_generate_salt', fake_salt)
vfs.handle.write("/etc/shadow",
"root:$1$12345678$xxxxx:14917:0:99999:7:::\n" +
"bin:*:14495:0:99999:7:::\n" +
"daemon:*:14495:0:99999:7:::\n")
vfs.handle.write("/etc/passwd",
"root:x:0:0:root:/root:/bin/bash\n" +
"bin:x:1:1:bin:/bin:/sbin/nologin\n" +
"daemon:x:2:2:daemon:/sbin:/sbin/nologin\n")
diskapi._inject_admin_password_into_fs("123456", vfs)
self.assertEqual(vfs.handle.files["/etc/passwd"],
{'content': "root:x:0:0:root:/root:/bin/bash\n" +
"bin:x:1:1:bin:/bin:/sbin/nologin\n" +
"daemon:x:2:2:daemon:/sbin:" +
"/sbin/nologin\n",
'gid': 100,
'isdir': False,
'mode': 0o700,
'uid': 100})
shadow = vfs.handle.files["/etc/shadow"]
# if the encrypted password is only 13 characters long, then
# nova.virt.disk.api:_set_password fell back to DES.
if len(shadow['content']) == 91:
self.assertEqual(shadow,
{'content': "root:12tir.zIbWQ3c" +
":14917:0:99999:7:::\n" +
"bin:*:14495:0:99999:7:::\n" +
"daemon:*:14495:0:99999:7:::\n",
'gid': 100,
'isdir': False,
'mode': 0o700,
'uid': 100})
else:
self.assertEqual(shadow,
{'content': "root:$1$12345678$a4ge4d5iJ5vw" +
"vbFS88TEN0:14917:0:99999:7:::\n" +
"bin:*:14495:0:99999:7:::\n" +
"daemon:*:14495:0:99999:7:::\n",
'gid': 100,
'isdir': False,
'mode': 0o700,
'uid': 100})
vfs.teardown()
def test_set_permissions(self):
vfs = vfsimpl.VFSGuestFS(self.qcowfile)
vfs.setup()
vfs.read_file("/some/file")
self.assertEqual(0o700, vfs.handle.files["/some/file"]["mode"])
vfs.set_permissions("/some/file", 0o7777)
self.assertEqual(0o7777, vfs.handle.files["/some/file"]["mode"])
vfs.teardown()
def test_set_permissions(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.read_file("/some/file")
self.assertEquals(vfs.handle.files["/some/file"]["mode"], 0o700)
vfs.set_permissions("/some/file", 0o7777)
self.assertEquals(vfs.handle.files["/some/file"]["mode"], 0o7777)
vfs.teardown()
def test_appliance_setup_inspect_capabilties_debug_mode(self):
"""Asserts that we do not use an eventlet thread pool when guestfs
debug logging is enabled.
"""
# We can't actually mock guestfs.GuestFS because it's an optional
# native package import. All we really care about here is that
# eventlet isn't used.
self.flags(debug=True, group='guestfs')
vfs = vfsimpl.VFSGuestFS(self.qcowfile)
with mock.patch('eventlet.tpool.Proxy',
new_callable=mock.NonCallableMock):
vfs.inspect_capabilities()
def test_appliance_setup_inspect_multi_boots_raises(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2",
imgfmt="qcow2",
partition=-1)
# call setup to init the handle so we can stub it
vfs.setup()
def fake_inspect_os():
return ['fake1', 'fake2']
self.stubs.Set(vfs.handle, 'inspect_os', fake_inspect_os)
self.assertRaises(exception.NovaException, vfs.setup_os_inspect)
def test_makepath(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2", imgfmt="qcow2")
vfs.setup()
vfs.make_path("/some/dir")
vfs.make_path("/other/dir")
self.assertTrue("/some/dir" in vfs.handle.files)
self.assertTrue("/other/dir" in vfs.handle.files)
self.assertTrue(vfs.handle.files["/some/dir"]["isdir"])
self.assertTrue(vfs.handle.files["/other/dir"]["isdir"])
vfs.teardown()
def test_makepath(self):
vfs = vfsimpl.VFSGuestFS(self.qcowfile)
vfs.setup()
vfs.make_path("/some/dir")
vfs.make_path("/other/dir")
self.assertIn("/some/dir", vfs.handle.files)
self.assertIn("/other/dir", vfs.handle.files)
self.assertTrue(vfs.handle.files["/some/dir"]["isdir"])
self.assertTrue(vfs.handle.files["/other/dir"]["isdir"])
vfs.teardown()
def test_appliance_setup_inspect_multi_boots_raises(self):
vfs = vfsimpl.VFSGuestFS(self.qcowfile, partition=-1)
# call setup to init the handle so we can stub it
vfs.setup()
self.assertIsNone(vfs.handle.backend_settings)
def fake_inspect_os():
return ['fake1', 'fake2']
self.stubs.Set(vfs.handle, 'inspect_os', fake_inspect_os)
self.assertRaises(exception.NovaException, vfs.setup_os_inspect)
def test_inject_net(self):
vfs = vfsguestfs.VFSGuestFS("/some/file", "qcow2")
vfs.setup()
diskapi._inject_net_into_fs("mynetconfig", vfs)
self.assertTrue("/etc/network/interfaces" in vfs.handle.files)
self.assertEquals(vfs.handle.files["/etc/network/interfaces"],
{'content': 'mynetconfig',
'gid': 100,
'isdir': False,
'mode': 0700,
'uid': 100})
def test_appliance_setup_inspect_capabilties_fail_with_ubuntu(
self, mock_uname, mock_access):
# In ubuntu os will default host kernel as 600 permission
m = mock.MagicMock()
m.launch.side_effect = Exception
vfs = vfsimpl.VFSGuestFS(self.qcowfile)
with mock.patch('eventlet.tpool.Proxy', return_value=m):
self.assertRaises(exception.LibguestfsCannotReadKernel,
vfs.inspect_capabilities)
m.add_drive.assert_called_once_with('/dev/null')
m.launch.assert_called_once_with()
mock_access.assert_called_once_with('/boot/vmlinuz-kernel_name',
mock.ANY)
mock_uname.assert_called_once_with()
def test_appliance_setup_inspect_no_root_raises(self):
vfs = vfsimpl.VFSGuestFS(imgfile="/dummy.qcow2",
imgfmt="qcow2",
partition=-1)
# call setup to init the handle so we can stub it
vfs.setup()
self.assertIsNone(vfs.handle.backend_settings)
def fake_inspect_os():
return []
self.stubs.Set(vfs.handle, 'inspect_os', fake_inspect_os)
self.assertRaises(exception.NovaException, vfs.setup_os_inspect)
def test_set_ownership_not_supported(self):
# NOTE(andreaf) Setting ownership relies on /etc/passwd and/or
# /etc/group being available in the image, which is not always the
# case - e.g. CirrOS image before boot.
vfs = vfsimpl.VFSGuestFS(self.qcowfile)
vfs.setup()
self.stub_out(
'nova.tests.unit.virt.disk.vfs.fakeguestfs.GuestFS.'
'CAN_SET_OWNERSHIP', False)
self.assertRaises(exception.NovaException, vfs.set_ownership,
"/some/file", "fred", None)
self.assertRaises(exception.NovaException, vfs.set_ownership,
"/some/file", None, "users")
def test_inject_net(self):
vfs = vfsguestfs.VFSGuestFS(self.file)
vfs.setup()
diskapi._inject_net_into_fs("mynetconfig", vfs)
self.assertIn("/etc/network/interfaces", vfs.handle.files)
self.assertEqual(vfs.handle.files["/etc/network/interfaces"],
{'content': 'mynetconfig',
'gid': 100,
'isdir': False,
'mode': 0o700,
'uid': 100})
vfs.teardown()
def test_inject_metadata(self):
vfs = vfsguestfs.VFSGuestFS("/some/file", "qcow2")
vfs.setup()
diskapi._inject_metadata_into_fs({"foo": "bar", "eek": "wizz"}, vfs)
self.assertIn("/meta.js", vfs.handle.files)
self.assertEqual({'content': '{"foo": "bar", ' +
'"eek": "wizz"}',
'gid': 100,
'isdir': False,
'mode': 0o700,
'uid': 100},
vfs.handle.files["/meta.js"])
vfs.teardown()
def test_inject_metadata(self):
vfs = vfsguestfs.VFSGuestFS(self.file)
vfs.setup()
metadata = {"foo": "bar", "eek": "wizz"}
metadata = OrderedDict(sorted(metadata.items()))
diskapi._inject_metadata_into_fs(metadata, vfs)
self.assertIn("/meta.js", vfs.handle.files)
self.assertEqual({'content': '{"eek": "wizz", ' +
'"foo": "bar"}',
'gid': 100,
'isdir': False,
'mode': 0o700,
'uid': 100},
vfs.handle.files["/meta.js"])
vfs.teardown()
def test_inject_metadata(self):
vfs = vfsguestfs.VFSGuestFS("/some/file", "qcow2")
vfs.setup()
diskapi._inject_metadata_into_fs([{"key": "foo",
"value": "bar"},
{"key": "eek",
"value": "wizz"}], vfs)
self.assertTrue("/meta.js" in vfs.handle.files)
self.assertEquals(vfs.handle.files["/meta.js"],
{'content': '{"foo": "bar", ' +
'"eek": "wizz"}',
'gid': 100,
'isdir': False,
'mode': 0700,
'uid': 100})
def test_appliance_setup_static_part(self):
vfs = vfsimpl.VFSGuestFS(self.qcowfile, partition=2)
vfs.setup()
self.assertIsNone(vfs.handle.backend_settings)
self.assertTrue(vfs.handle.running)
self.assertEqual(1, len(vfs.handle.mounts))
self.assertEqual("/dev/sda2", vfs.handle.mounts[0][1])
self.assertEqual("/", vfs.handle.mounts[0][2])
handle = vfs.handle
vfs.teardown()
self.assertIsNone(vfs.handle)
self.assertFalse(handle.running)
self.assertTrue(handle.closed)
self.assertEqual(0, len(handle.mounts))
