* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/nova/files/, sys-cluster/nova/
@ 2015-09-02 3:18 Matt Thode
0 siblings, 0 replies; 6+ messages in thread
From: Matt Thode @ 2015-09-02 3:18 UTC (permalink / raw
To: gentoo-commits
commit: 13c07b3b3a2769ef42a7fb73a2d0e43ccc2cb37b
Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 2 03:18:09 2015 +0000
Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Wed Sep 2 03:18:09 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13c07b3b
sys-cluster/nova: fixing cve-2015-3280
Package-Manager: portage-2.2.20.1
.../nova/files/CVE-2015-3280_2015.1.1.patch.patch | 210 +++++++++++++++++
sys-cluster/nova/nova-2015.1.1-r3.ebuild | 254 +++++++++++++++++++++
2 files changed, 464 insertions(+)
diff --git a/sys-cluster/nova/files/CVE-2015-3280_2015.1.1.patch.patch b/sys-cluster/nova/files/CVE-2015-3280_2015.1.1.patch.patch
new file mode 100644
index 0000000..ff3b3ee
--- /dev/null
+++ b/sys-cluster/nova/files/CVE-2015-3280_2015.1.1.patch.patch
@@ -0,0 +1,210 @@
+From 690c05ca495f1d55a469724c94e1551cbfa836f2 Mon Sep 17 00:00:00 2001
+From: Rajesh Tailor <rajesh.tailor@nttdata.com>
+Date: Wed, 4 Mar 2015 05:05:19 -0800
+Subject: [PATCH] Delete orphaned instance files from compute nodes
+
+While resizing/revert-resizing instance, if instance gets deleted
+in between, then instance files remains either on the source or
+destination compute node.
+
+To address this issue, added a new periodic task
+'_cleanup_incomplete_migrations' which takes care of deleting
+instance files from source/destination compute nodes and then
+mark migration record as failed so that it doesn't appear again
+in the next periodic task run.
+
+SecurityImpact
+
+Closes-Bug: 1392527
+Change-Id: I9866d8e32e99b9f907921f4b226edf7b62bd83a7
+(cherry picked from commit 4655751cdd97a4b527a25c7c0a96044ba212cd19)
+---
+ nova/compute/manager.py | 61 ++++++++++++++++++++++--
+ nova/tests/unit/compute/test_compute_mgr.py | 72 +++++++++++++++++++++++++++++
+ 2 files changed, 129 insertions(+), 4 deletions(-)
+
+diff --git a/nova/compute/manager.py b/nova/compute/manager.py
+index bf5585e..24a5811 100644
+--- a/nova/compute/manager.py
++++ b/nova/compute/manager.py
+@@ -267,15 +267,21 @@ def errors_out_migration(function):
+ def decorated_function(self, context, *args, **kwargs):
+ try:
+ return function(self, context, *args, **kwargs)
+- except Exception:
++ except Exception as ex:
+ with excutils.save_and_reraise_exception():
+ wrapped_func = utils.get_wrapped_function(function)
+ keyed_args = safe_utils.getcallargs(wrapped_func, context,
+ *args, **kwargs)
+ migration = keyed_args['migration']
+- status = migration.status
+- if status not in ['migrating', 'post-migrating']:
+- return
++
++ # NOTE(rajesht): If InstanceNotFound error is thrown from
++ # decorated function, migration status should be set to
++ # 'error', without checking current migration status.
++ if not isinstance(ex, exception.InstanceNotFound):
++ status = migration.status
++ if status not in ['migrating', 'post-migrating']:
++ return
++
+ migration.status = 'error'
+ try:
+ with migration.obj_as_admin():
+@@ -3727,6 +3733,7 @@ class ComputeManager(manager.Manager):
+ @wrap_exception()
+ @reverts_task_state
+ @wrap_instance_event
++ @errors_out_migration
+ @wrap_instance_fault
+ def revert_resize(self, context, instance, migration, reservations):
+ """Destroys the new instance on the destination machine.
+@@ -3783,6 +3790,7 @@ class ComputeManager(manager.Manager):
+ @wrap_exception()
+ @reverts_task_state
+ @wrap_instance_event
++ @errors_out_migration
+ @wrap_instance_fault
+ def finish_revert_resize(self, context, instance, reservations, migration):
+ """Finishes the second half of reverting a resize.
+@@ -6578,6 +6586,51 @@ class ComputeManager(manager.Manager):
+ with utils.temporary_mutation(context, read_deleted='yes'):
+ instance.save()
+
++ @periodic_task.periodic_task(spacing=CONF.instance_delete_interval)
++ def _cleanup_incomplete_migrations(self, context):
++ """Delete instance files on failed resize/revert-resize operation
++
++ During resize/revert-resize operation, if that instance gets deleted
++ in-between then instance files might remain either on source or
++ destination compute node because of race condition.
++ """
++ LOG.debug('Cleaning up deleted instances with incomplete migration ')
++ migration_filters = {'host': CONF.host,
++ 'status': 'error'}
++ migrations = objects.MigrationList.get_by_filters(context,
++ migration_filters)
++
++ if not migrations:
++ return
++
++ inst_uuid_from_migrations = set([migration.instance_uuid for migration
++ in migrations])
++
++ inst_filters = {'deleted': True, 'soft_deleted': False,
++ 'uuid': inst_uuid_from_migrations}
++ attrs = ['info_cache', 'security_groups', 'system_metadata']
++ with utils.temporary_mutation(context, read_deleted='yes'):
++ instances = objects.InstanceList.get_by_filters(
++ context, inst_filters, expected_attrs=attrs, use_slave=True)
++
++ for instance in instances:
++ if instance.host != CONF.host:
++ for migration in migrations:
++ if instance.uuid == migration.instance_uuid:
++ # Delete instance files if not cleanup properly either
++ # from the source or destination compute nodes when
++ # the instance is deleted during resizing.
++ self.driver.delete_instance_files(instance)
++ try:
++ migration.status = 'failed'
++ with migration.obj_as_admin():
++ migration.save()
++ except exception.MigrationNotFound:
++ LOG.warning(_LW("Migration %s is not found."),
++ migration.id, context=context,
++ instance=instance)
++ break
++
+ @messaging.expected_exceptions(exception.InstanceQuiesceNotSupported,
+ exception.NovaException,
+ NotImplementedError)
+diff --git a/nova/tests/unit/compute/test_compute_mgr.py b/nova/tests/unit/compute/test_compute_mgr.py
+index 4b7234e..ee1ab47 100644
+--- a/nova/tests/unit/compute/test_compute_mgr.py
++++ b/nova/tests/unit/compute/test_compute_mgr.py
+@@ -1374,6 +1374,78 @@ class ComputeManagerUnitTestCase(test.NoDBTestCase):
+ self.assertFalse(c.cleaned)
+ self.assertEqual('1', c.system_metadata['clean_attempts'])
+
++ @mock.patch.object(objects.Migration, 'obj_as_admin')
++ @mock.patch.object(objects.Migration, 'save')
++ @mock.patch.object(objects.MigrationList, 'get_by_filters')
++ @mock.patch.object(objects.InstanceList, 'get_by_filters')
++ def _test_cleanup_incomplete_migrations(self, inst_host,
++ mock_inst_get_by_filters,
++ mock_migration_get_by_filters,
++ mock_save, mock_obj_as_admin):
++ def fake_inst(context, uuid, host):
++ inst = objects.Instance(context)
++ inst.uuid = uuid
++ inst.host = host
++ return inst
++
++ def fake_migration(uuid, status, inst_uuid, src_host, dest_host):
++ migration = objects.Migration()
++ migration.uuid = uuid
++ migration.status = status
++ migration.instance_uuid = inst_uuid
++ migration.source_compute = src_host
++ migration.dest_compute = dest_host
++ return migration
++
++ fake_instances = [fake_inst(self.context, '111', inst_host),
++ fake_inst(self.context, '222', inst_host)]
++
++ fake_migrations = [fake_migration('123', 'error', '111',
++ 'fake-host', 'fake-mini'),
++ fake_migration('456', 'error', '222',
++ 'fake-host', 'fake-mini')]
++
++ mock_migration_get_by_filters.return_value = fake_migrations
++ mock_inst_get_by_filters.return_value = fake_instances
++
++ with mock.patch.object(self.compute.driver, 'delete_instance_files'):
++ self.compute._cleanup_incomplete_migrations(self.context)
++
++ # Ensure that migration status is set to 'failed' after instance
++ # files deletion for those instances whose instance.host is not
++ # same as compute host where periodic task is running.
++ for inst in fake_instances:
++ if inst.host != CONF.host:
++ for mig in fake_migrations:
++ if inst.uuid == mig.instance_uuid:
++ self.assertEqual('failed', mig.status)
++
++ def test_cleanup_incomplete_migrations_dest_node(self):
++ """Test to ensure instance files are deleted from destination node.
++
++ If instance gets deleted during resizing/revert-resizing operation,
++ in that case instance files gets deleted from instance.host (source
++ host here), but there is possibility that instance files could be
++ present on destination node.
++ This test ensures that `_cleanup_incomplete_migration` periodic
++ task deletes orphaned instance files from destination compute node.
++ """
++ self.flags(host='fake-mini')
++ self._test_cleanup_incomplete_migrations('fake-host')
++
++ def test_cleanup_incomplete_migrations_source_node(self):
++ """Test to ensure instance files are deleted from source node.
++
++ If instance gets deleted during resizing/revert-resizing operation,
++ in that case instance files gets deleted from instance.host (dest
++ host here), but there is possibility that instance files could be
++ present on source node.
++ This test ensures that `_cleanup_incomplete_migration` periodic
++ task deletes orphaned instance files from source compute node.
++ """
++ self.flags(host='fake-host')
++ self._test_cleanup_incomplete_migrations('fake-mini')
++
+ def test_attach_interface_failure(self):
+ # Test that the fault methods are invoked when an attach fails
+ db_instance = fake_instance.fake_db_instance()
+--
+2.4.5
+
+
diff --git a/sys-cluster/nova/nova-2015.1.1-r3.ebuild b/sys-cluster/nova/nova-2015.1.1-r3.ebuild
new file mode 100644
index 0000000..fadb780
--- /dev/null
+++ b/sys-cluster/nova/nova-2015.1.1-r3.ebuild
@@ -0,0 +1,254 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 eutils linux-info multilib user
+
+DESCRIPTION="A cloud computing fabric controller (main part of an IaaS system) written in Python"
+HOMEPAGE="https://launchpad.net/nova"
+SRC_URI="https://launchpad.net/${PN}/kilo/${PV}/+download/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+compute compute-only iscsi +kvm +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test xen"
+REQUIRED_USE="!compute-only? ( || ( mysql postgres sqlite ) )
+ compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )
+ compute? ( ^^ ( kvm xen ) )"
+
+DEPEND="
+ dev-python/setuptools[${PYTHON_USEDEP}]
+ >=dev-python/pbr-0.8[${PYTHON_USEDEP}]
+ <dev-python/pbr-1.0[${PYTHON_USEDEP}]
+ app-admin/sudo
+ test? (
+ ${RDEPEND}
+ >=dev-python/hacking-0.10.0[${PYTHON_USEDEP}]
+ <dev-python/hacking-0.11[${PYTHON_USEDEP}]
+ >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+ >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
+ <dev-python/fixtures-1.3.0[${PYTHON_USEDEP}]
+ >=dev-python/mock-1.0[${PYTHON_USEDEP}]
+ <dev-python/mock-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/mox3-0.7.0[${PYTHON_USEDEP}]
+ <dev-python/mox3-0.8.0[${PYTHON_USEDEP}]
+ dev-python/mysql-python[${PYTHON_USEDEP}]
+ dev-python/psycopg[${PYTHON_USEDEP}]
+ >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
+ <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}]
+ >=dev-python/python-ironicclient-0.4.1[${PYTHON_USEDEP}]
+ <dev-python/python-ironicclient-0.6.0[${PYTHON_USEDEP}]
+ >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
+ >=dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}]
+ >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+ !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
+ <dev-python/sphinx-1.3[${PYTHON_USEDEP}]
+ >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-sphinx-2.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslotest-1.5.1[${PYTHON_USEDEP}]
+ <dev-python/oslotest-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
+ >=dev-python/testtools-0.9.36[${PYTHON_USEDEP}]
+ !~dev-python/testtools-1.2.0[${PYTHON_USEDEP}]
+ >=dev-python/tempest-lib-0.4.0[${PYTHON_USEDEP}]
+ <dev-python/tempest-lib-0.5.0[${PYTHON_USEDEP}]
+ >=dev-python/suds-0.4[${PYTHON_USEDEP}]
+ >=dev-python/oslo-vmware-0.11.1[${PYTHON_USEDEP}]
+ <dev-python/oslo-vmware-0.12.0[${PYTHON_USEDEP}]
+ )"
+
+# barbicanclient is in here for doc generation
+RDEPEND="
+ compute-only? (
+ >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+ )
+ sqlite? (
+ >=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}]
+ )
+ mysql? (
+ dev-python/mysql-python
+ >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+ )
+ postgres? (
+ dev-python/psycopg:2
+ >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+ )
+ >=dev-python/boto-2.32.1[${PYTHON_USEDEP}]
+ >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}]
+ >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}]
+ !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}]
+ >=dev-python/jinja-2.6[${PYTHON_USEDEP}]
+ >=dev-python/keystonemiddleware-1.5.0[${PYTHON_USEDEP}]
+ <dev-python/keystonemiddleware-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
+ >=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}]
+ !~dev-python/routes-2.0[${PYTHON_USEDEP}]
+ >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
+ >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
+ >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
+ dev-python/paste[${PYTHON_USEDEP}]
+ ~dev-python/sqlalchemy-migrate-0.9.5[${PYTHON_USEDEP}]
+ >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
+ >=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}]
+ dev-python/pyasn1[${PYTHON_USEDEP}]
+ >=dev-python/Babel-1.3[${PYTHON_USEDEP}]
+ >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
+ >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
+ <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
+ >=dev-python/python-cinderclient-1.1.0[${PYTHON_USEDEP}]
+ <dev-python/python-cinderclient-1.2.0[${PYTHON_USEDEP}]
+ >=dev-python/python-neutronclient-2.3.11[${PYTHON_USEDEP}]
+ <dev-python/python-neutronclient-2.5.0[${PYTHON_USEDEP}]
+ >=dev-python/python-glanceclient-0.15.0[${PYTHON_USEDEP}]
+ <dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}]
+ >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
+ <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}]
+ >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/stevedore-1.3.0[${PYTHON_USEDEP}]
+ <dev-python/stevedore-1.4.0[${PYTHON_USEDEP}]
+ >=dev-python/websockify-0.6.0[${PYTHON_USEDEP}]
+ <dev-python/websockify-0.7.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-concurrency-1.8.2[${PYTHON_USEDEP}]
+ <dev-python/oslo-concurrency-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-config-1.9.3[${PYTHON_USEDEP}]
+ <dev-python/oslo-config-1.10.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-context-0.3.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-log-1.0.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-log-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-serialization-1.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-utils-1.4.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-utils-1.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-db-1.7.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-db-1.8.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-rootwrap-1.6.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-rootwrap-1.7.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-messaging-1.8.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-messaging-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-i18n-1.6.0[${PYTHON_USEDEP}]
+ >=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-middleware-1.0.0[${PYTHON_USEDEP}]
+ <dev-python/oslo-middleware-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/psutil-1.1.1[${PYTHON_USEDEP}]
+ <dev-python/psutil-2.0.0[${PYTHON_USEDEP}]
+ dev-python/libvirt-python[${PYTHON_USEDEP}]
+ app-emulation/libvirt[iscsi?]
+ novncproxy? ( www-apps/novnc )
+ sys-apps/iproute2
+ openvswitch? ( net-misc/openvswitch )
+ rabbitmq? ( net-misc/rabbitmq-server )
+ memcached? ( net-misc/memcached
+ dev-python/python-memcached )
+ sys-fs/sysfsutils
+ sys-fs/multipath-tools
+ net-misc/bridge-utils
+ compute? (
+ app-cdr/cdrkit
+ kvm? ( app-emulation/qemu )
+ xen? ( app-emulation/xen
+ app-emulation/xen-tools )
+ )
+ iscsi? (
+ sys-fs/lsscsi
+ >=sys-block/open-iscsi-2.0.872-r3
+ )"
+
+PATCHES=(
+ "${FILESDIR}/CVE-2015-3241-kilo.patch"
+ "${FILESDIR}/CVE-2015-3280_2015.1.1.patch.patch"
+)
+
+pkg_setup() {
+ linux-info_pkg_setup
+ CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \
+ IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \
+ NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \
+ ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT"
+ if linux_config_exists; then
+ for module in ${CONFIG_CHECK_MODULES}; do
+ linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel"
+ done
+ fi
+ enewgroup nova
+ enewuser nova -1 -1 /var/lib/nova nova
+}
+
+python_prepare() {
+ distutils-r1_python_prepare
+ sed -i 's/python/python2\.7/g' tools/config/generate_sample.sh || die
+}
+
+python_compile() {
+ distutils-r1_python_compile
+ ./tools/config/generate_sample.sh -b ./ -p nova -o etc/nova || die
+}
+
+python_test() {
+ # turn multiprocessing off, testr will use it --parallel
+ local DISTUTILS_NO_PARALLEL_BUILD=1
+ testr init
+ testr run --parallel || die "failed testsuite under python2.7"
+}
+
+python_install() {
+ distutils-r1_python_install
+
+ if use !compute-only; then
+ for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
+ newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
+ done
+ fi
+ use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
+ use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
+
+ diropts -m 0750 -o nova -g qemu
+ dodir /var/log/nova /var/lib/nova/instances
+ diropts -m 0750 -o nova -g nova
+
+ insinto /etc/nova
+ insopts -m 0640 -o nova -g nova
+ newins "etc/nova/nova.conf.sample" "nova.conf"
+ doins "etc/nova/api-paste.ini"
+ doins "etc/nova/logging_sample.conf"
+ doins "etc/nova/policy.json"
+ doins "etc/nova/rootwrap.conf"
+ #rootwrap filters
+ insinto /etc/nova/rootwrap.d
+ doins "etc/nova/rootwrap.d/api-metadata.filters"
+ doins "etc/nova/rootwrap.d/compute.filters"
+ doins "etc/nova/rootwrap.d/network.filters"
+ #copy migration conf file (not coppied on install via setup.py script)
+ insopts -m 0644
+ insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
+ doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
+ #copy the CA cert dir (not coppied on install via setup.py script)
+ cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed"
+
+ #add sudoers definitions for user nova
+ insinto /etc/sudoers.d/
+ insopts -m 0600 -o root -g root
+ doins "${FILESDIR}/nova-sudoers"
+
+ if use iscsi ; then
+ # Install udev rules for handle iscsi disk with right links under /dev
+ udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules
+
+ insinto /etc/nova/
+ doins "${FILESDIR}/scsi-openscsi-link.sh"
+ fi
+}
+
+pkg_postinst() {
+ if use iscsi ; then
+ elog "iscsid needs to be running if you want cinder to connect"
+ fi
+}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/nova/files/, sys-cluster/nova/
@ 2016-02-10 1:16 Matt Thode
0 siblings, 0 replies; 6+ messages in thread
From: Matt Thode @ 2016-02-10 1:16 UTC (permalink / raw
To: gentoo-commits
commit: b0f835980e4771c9b75b43d787181d41c4dc2c57
Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 10 01:08:11 2016 +0000
Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Wed Feb 10 01:08:11 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0f83598
sys-cluster/nova: cleanup
Package-Manager: portage-2.2.26
sys-cluster/nova/files/CVE-2015-3241-kilo.patch | 351 ---------------------
.../nova/files/CVE-2015-3280_2015.1.1.patch.patch | 210 ------------
.../files/cve-2015-7548-stable-liberty-0001.patch | 267 ----------------
.../files/cve-2015-7548-stable-liberty-0002.patch | 168 ----------
.../files/cve-2015-7548-stable-liberty-0003.patch | 171 ----------
.../files/cve-2015-7548-stable-liberty-0004.patch | 132 --------
sys-cluster/nova/nova-2015.1.9999.ebuild | 251 ---------------
7 files changed, 1550 deletions(-)
diff --git a/sys-cluster/nova/files/CVE-2015-3241-kilo.patch b/sys-cluster/nova/files/CVE-2015-3241-kilo.patch
deleted file mode 100644
index 24835e0..0000000
--- a/sys-cluster/nova/files/CVE-2015-3241-kilo.patch
+++ /dev/null
@@ -1,351 +0,0 @@
-From b5020a047fc487f35b76fc05f31e52665a1afda1 Mon Sep 17 00:00:00 2001
-From: abhishekkekane <abhishek.kekane@nttdata.com>
-Date: Mon, 6 Jul 2015 01:51:26 -0700
-Subject: [PATCH] libvirt: Kill rsync/scp processes before deleting instance
-
-In the resize operation, during copying files from source to
-destination compute node scp/rsync processes are not aborted after
-the instance is deleted because linux kernel doesn't delete instance
-files physically until all processes using the file handle is closed
-completely. Hence rsync/scp process keeps on running until it
-transfers 100% of file data.
-
-Added new module instancejobtracker to libvirt driver which will add,
-remove or terminate the processes running against particular instances.
-Added callback methods to execute call which will store the pid of
-scp/rsync process in cache as a key: value pair and to remove the
-pid from the cache after process completion. Process id will be used to
-kill the process if it is running while deleting the instance. Instance
-uuid is used as a key in the cache and pid will be the value.
-
-Conflicts:
- nova/virt/libvirt/driver.py
-
-SecurityImpact
-
-Closes-bug: #1387543
-Change-Id: Ie03acc00a7c904aec13c90ae6a53938d08e5e0c9
-(cherry picked from commit 7ab75d5b0b75fc3426323bef19bf436a258b9707)
----
- nova/tests/unit/virt/libvirt/test_driver.py | 38 +++++++++++
- nova/tests/unit/virt/libvirt/test_utils.py | 9 ++-
- nova/virt/libvirt/driver.py | 18 +++++-
- nova/virt/libvirt/instancejobtracker.py | 98 +++++++++++++++++++++++++++++
- nova/virt/libvirt/utils.py | 14 +++--
- 5 files changed, 168 insertions(+), 9 deletions(-)
- create mode 100644 nova/virt/libvirt/instancejobtracker.py
-
-diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
-index 859df95..5ff978a 100644
---- a/nova/tests/unit/virt/libvirt/test_driver.py
-+++ b/nova/tests/unit/virt/libvirt/test_driver.py
-@@ -23,6 +23,7 @@
- import random
- import re
- import shutil
-+import signal
- import threading
- import time
- import uuid
-@@ -9817,6 +9818,15 @@ def test_shared_storage_detection_easy(self):
- self.mox.ReplayAll()
- self.assertTrue(drvr._is_storage_shared_with('foo', '/path'))
-
-+ def test_store_pid_remove_pid(self):
-+ instance = objects.Instance(**self.test_instance)
-+ drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-+ popen = mock.Mock(pid=3)
-+ drvr.job_tracker.add_job(instance, popen.pid)
-+ self.assertIn(3, drvr.job_tracker.jobs[instance.uuid])
-+ drvr.job_tracker.remove_job(instance, popen.pid)
-+ self.assertNotIn(instance.uuid, drvr.job_tracker.jobs)
-+
- @mock.patch('nova.virt.libvirt.host.Host.get_domain')
- def test_get_domain_info_with_more_return(self, mock_get_domain):
- instance = objects.Instance(**self.test_instance)
-@@ -11316,12 +11326,18 @@ def fake_get_host_ip_addr():
- def fake_execute(*args, **kwargs):
- pass
-
-+ def fake_copy_image(src, dest, host=None, receive=False,
-+ on_execute=None, on_completion=None):
-+ self.assertIsNotNone(on_execute)
-+ self.assertIsNotNone(on_completion)
-+
- self.stubs.Set(self.drvr, 'get_instance_disk_info',
- fake_get_instance_disk_info)
- self.stubs.Set(self.drvr, '_destroy', fake_destroy)
- self.stubs.Set(self.drvr, 'get_host_ip_addr',
- fake_get_host_ip_addr)
- self.stubs.Set(utils, 'execute', fake_execute)
-+ self.stubs.Set(libvirt_utils, 'copy_image', fake_copy_image)
-
- ins_ref = self._create_instance(params=params_for_instance)
-
-@@ -12428,6 +12444,28 @@ def test_delete_instance_files(self, get_instance_path, exists, exe,
- @mock.patch('shutil.rmtree')
- @mock.patch('nova.utils.execute')
- @mock.patch('os.path.exists')
-+ @mock.patch('os.kill')
-+ @mock.patch('nova.virt.libvirt.utils.get_instance_path')
-+ def test_delete_instance_files_kill_running(
-+ self, get_instance_path, kill, exists, exe, shutil):
-+ get_instance_path.return_value = '/path'
-+ instance = objects.Instance(uuid='fake-uuid', id=1)
-+ self.drvr.job_tracker.jobs[instance.uuid] = [3, 4]
-+
-+ exists.side_effect = [False, False, True, False]
-+
-+ result = self.drvr.delete_instance_files(instance)
-+ get_instance_path.assert_called_with(instance)
-+ exe.assert_called_with('mv', '/path', '/path_del')
-+ kill.assert_has_calls([mock.call(3, signal.SIGKILL), mock.call(3, 0),
-+ mock.call(4, signal.SIGKILL), mock.call(4, 0)])
-+ shutil.assert_called_with('/path_del')
-+ self.assertTrue(result)
-+ self.assertNotIn(instance.uuid, self.drvr.job_tracker.jobs)
-+
-+ @mock.patch('shutil.rmtree')
-+ @mock.patch('nova.utils.execute')
-+ @mock.patch('os.path.exists')
- @mock.patch('nova.virt.libvirt.utils.get_instance_path')
- def test_delete_instance_files_resize(self, get_instance_path, exists,
- exe, shutil):
-diff --git a/nova/tests/unit/virt/libvirt/test_utils.py b/nova/tests/unit/virt/libvirt/test_utils.py
-index 7fa0326..14bf822 100644
---- a/nova/tests/unit/virt/libvirt/test_utils.py
-+++ b/nova/tests/unit/virt/libvirt/test_utils.py
-@@ -62,7 +62,8 @@ def test_copy_image_local_cp(self, mock_execute):
- mock_execute.assert_called_once_with('cp', 'src', 'dest')
-
- _rsync_call = functools.partial(mock.call,
-- 'rsync', '--sparse', '--compress')
-+ 'rsync', '--sparse', '--compress',
-+ on_execute=None, on_completion=None)
-
- @mock.patch('nova.utils.execute')
- def test_copy_image_rsync(self, mock_execute):
-@@ -85,7 +86,8 @@ def test_copy_image_scp(self, mock_execute):
-
- mock_execute.assert_has_calls([
- self._rsync_call('--dry-run', 'src', 'host:dest'),
-- mock.call('scp', 'src', 'host:dest'),
-+ mock.call('scp', 'src', 'host:dest',
-+ on_execute=None, on_completion=None),
- ])
- self.assertEqual(2, mock_execute.call_count)
-
-@@ -110,7 +112,8 @@ def test_copy_image_scp_ipv6(self, mock_execute):
-
- mock_execute.assert_has_calls([
- self._rsync_call('--dry-run', 'src', '[2600::]:dest'),
-- mock.call('scp', 'src', '[2600::]:dest'),
-+ mock.call('scp', 'src', '[2600::]:dest',
-+ on_execute=None, on_completion=None),
- ])
- self.assertEqual(2, mock_execute.call_count)
-
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index 40ee080..0a94d5a 100644
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -95,6 +95,7 @@
- from nova.virt.libvirt import host
- from nova.virt.libvirt import imagebackend
- from nova.virt.libvirt import imagecache
-+from nova.virt.libvirt import instancejobtracker
- from nova.virt.libvirt import lvm
- from nova.virt.libvirt import rbd_utils
- from nova.virt.libvirt import utils as libvirt_utils
-@@ -465,6 +466,8 @@ def __init__(self, virtapi, read_only=False):
- 'expect': ', '.join("'%s'" % k for k in
- sysinfo_serial_funcs.keys())})
-
-+ self.job_tracker = instancejobtracker.InstanceJobTracker()
-+
- def _get_volume_drivers(self):
- return libvirt_volume_drivers
-
-@@ -6301,6 +6304,11 @@ def migrate_disk_and_power_off(self, context, instance, dest,
- # finish_migration/_create_image to re-create it for us.
- continue
-
-+ on_execute = lambda process: self.job_tracker.add_job(
-+ instance, process.pid)
-+ on_completion = lambda process: self.job_tracker.remove_job(
-+ instance, process.pid)
-+
- if info['type'] == 'qcow2' and info['backing_file']:
- tmp_path = from_path + "_rbase"
- # merge backing file
-@@ -6310,11 +6318,15 @@ def migrate_disk_and_power_off(self, context, instance, dest,
- if shared_storage:
- utils.execute('mv', tmp_path, img_path)
- else:
-- libvirt_utils.copy_image(tmp_path, img_path, host=dest)
-+ libvirt_utils.copy_image(tmp_path, img_path, host=dest,
-+ on_execute=on_execute,
-+ on_completion=on_completion)
- utils.execute('rm', '-f', tmp_path)
-
- else: # raw or qcow2 with no backing file
-- libvirt_utils.copy_image(from_path, img_path, host=dest)
-+ libvirt_utils.copy_image(from_path, img_path, host=dest,
-+ on_execute=on_execute,
-+ on_completion=on_completion)
- except Exception:
- with excutils.save_and_reraise_exception():
- self._cleanup_remote_migration(dest, inst_base,
-@@ -6683,6 +6695,8 @@ def delete_instance_files(self, instance):
- # invocation failed due to the absence of both target and
- # target_resize.
- if not remaining_path and os.path.exists(target_del):
-+ self.job_tracker.terminate_jobs(instance)
-+
- LOG.info(_LI('Deleting instance files %s'), target_del,
- instance=instance)
- remaining_path = target_del
-diff --git a/nova/virt/libvirt/instancejobtracker.py b/nova/virt/libvirt/instancejobtracker.py
-new file mode 100644
-index 0000000..d47fb45
---- /dev/null
-+++ b/nova/virt/libvirt/instancejobtracker.py
-@@ -0,0 +1,98 @@
-+# Copyright 2015 NTT corp.
-+# All Rights Reserved.
-+# Licensed under the Apache License, Version 2.0 (the "License"); you may
-+# not use this file except in compliance with the License. You may obtain
-+# a copy of the License at
-+#
-+# http://www.apache.org/licenses/LICENSE-2.0
-+#
-+# Unless required by applicable law or agreed to in writing, software
-+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-+# License for the specific language governing permissions and limitations
-+# under the License.
-+
-+
-+import collections
-+import errno
-+import os
-+import signal
-+
-+from oslo_log import log as logging
-+
-+from nova.i18n import _LE
-+from nova.i18n import _LW
-+
-+
-+LOG = logging.getLogger(__name__)
-+
-+
-+class InstanceJobTracker(object):
-+ def __init__(self):
-+ self.jobs = collections.defaultdict(list)
-+
-+ def add_job(self, instance, pid):
-+ """Appends process_id of instance to cache.
-+
-+ This method will store the pid of a process in cache as
-+ a key: value pair which will be used to kill the process if it
-+ is running while deleting the instance. Instance uuid is used as
-+ a key in the cache and pid will be the value.
-+
-+ :param instance: Object of instance
-+ :param pid: Id of the process
-+ """
-+ self.jobs[instance.uuid].append(pid)
-+
-+ def remove_job(self, instance, pid):
-+ """Removes pid of process from cache.
-+
-+ This method will remove the pid of a process from the cache.
-+
-+ :param instance: Object of instance
-+ :param pid: Id of the process
-+ """
-+ uuid = instance.uuid
-+ if uuid in self.jobs and pid in self.jobs[uuid]:
-+ self.jobs[uuid].remove(pid)
-+
-+ # remove instance.uuid if no pid's remaining
-+ if not self.jobs[uuid]:
-+ self.jobs.pop(uuid, None)
-+
-+ def terminate_jobs(self, instance):
-+ """Kills the running processes for given instance.
-+
-+ This method is used to kill all running processes of the instance if
-+ it is deleted in between.
-+
-+ :param instance: Object of instance
-+ """
-+ pids_to_remove = list(self.jobs.get(instance.uuid, []))
-+ for pid in pids_to_remove:
-+ try:
-+ # Try to kill the process
-+ os.kill(pid, signal.SIGKILL)
-+ except OSError as exc:
-+ if exc.errno != errno.ESRCH:
-+ LOG.error(_LE('Failed to kill process %(pid)s '
-+ 'due to %(reason)s, while deleting the '
-+ 'instance.'), {'pid': pid, 'reason': exc},
-+ instance=instance)
-+
-+ try:
-+ # Check if the process is still alive.
-+ os.kill(pid, 0)
-+ except OSError as exc:
-+ if exc.errno != errno.ESRCH:
-+ LOG.error(_LE('Unexpected error while checking process '
-+ '%(pid)s.'), {'pid': pid},
-+ instance=instance)
-+ else:
-+ # The process is still around
-+ LOG.warn(_LW("Failed to kill a long running process "
-+ "%(pid)s related to the instance when "
-+ "deleting it."), {'pid': pid},
-+ instance=instance)
-+
-+ self.remove_job(instance, pid)
-diff --git a/nova/virt/libvirt/utils.py b/nova/virt/libvirt/utils.py
-index 7b80464..83d5ba3 100644
---- a/nova/virt/libvirt/utils.py
-+++ b/nova/virt/libvirt/utils.py
-@@ -294,13 +294,16 @@ def get_disk_backing_file(path, basename=True):
- return backing_file
-
-
--def copy_image(src, dest, host=None, receive=False):
-+def copy_image(src, dest, host=None, receive=False,
-+ on_execute=None, on_completion=None):
- """Copy a disk image to an existing directory
-
- :param src: Source image
- :param dest: Destination path
- :param host: Remote host
- :param receive: Reverse the rsync direction
-+ :param on_execute: Callback method to store pid of process in cache
-+ :param on_completion: Callback method to remove pid of process from cache
- """
-
- if not host:
-@@ -322,11 +325,14 @@ def copy_image(src, dest, host=None, receive=False):
- # Do a relatively light weight test first, so that we
- # can fall back to scp, without having run out of space
- # on the destination for example.
-- execute('rsync', '--sparse', '--compress', '--dry-run', src, dest)
-+ execute('rsync', '--sparse', '--compress', '--dry-run', src, dest,
-+ on_execute=on_execute, on_completion=on_completion)
- except processutils.ProcessExecutionError:
-- execute('scp', src, dest)
-+ execute('scp', src, dest, on_execute=on_execute,
-+ on_completion=on_completion)
- else:
-- execute('rsync', '--sparse', '--compress', src, dest)
-+ execute('rsync', '--sparse', '--compress', src, dest,
-+ on_execute=on_execute, on_completion=on_completion)
-
-
- def write_to_file(path, contents, umask=None):
diff --git a/sys-cluster/nova/files/CVE-2015-3280_2015.1.1.patch.patch b/sys-cluster/nova/files/CVE-2015-3280_2015.1.1.patch.patch
deleted file mode 100644
index ff3b3ee..0000000
--- a/sys-cluster/nova/files/CVE-2015-3280_2015.1.1.patch.patch
+++ /dev/null
@@ -1,210 +0,0 @@
-From 690c05ca495f1d55a469724c94e1551cbfa836f2 Mon Sep 17 00:00:00 2001
-From: Rajesh Tailor <rajesh.tailor@nttdata.com>
-Date: Wed, 4 Mar 2015 05:05:19 -0800
-Subject: [PATCH] Delete orphaned instance files from compute nodes
-
-While resizing/revert-resizing instance, if instance gets deleted
-in between, then instance files remains either on the source or
-destination compute node.
-
-To address this issue, added a new periodic task
-'_cleanup_incomplete_migrations' which takes care of deleting
-instance files from source/destination compute nodes and then
-mark migration record as failed so that it doesn't appear again
-in the next periodic task run.
-
-SecurityImpact
-
-Closes-Bug: 1392527
-Change-Id: I9866d8e32e99b9f907921f4b226edf7b62bd83a7
-(cherry picked from commit 4655751cdd97a4b527a25c7c0a96044ba212cd19)
----
- nova/compute/manager.py | 61 ++++++++++++++++++++++--
- nova/tests/unit/compute/test_compute_mgr.py | 72 +++++++++++++++++++++++++++++
- 2 files changed, 129 insertions(+), 4 deletions(-)
-
-diff --git a/nova/compute/manager.py b/nova/compute/manager.py
-index bf5585e..24a5811 100644
---- a/nova/compute/manager.py
-+++ b/nova/compute/manager.py
-@@ -267,15 +267,21 @@ def errors_out_migration(function):
- def decorated_function(self, context, *args, **kwargs):
- try:
- return function(self, context, *args, **kwargs)
-- except Exception:
-+ except Exception as ex:
- with excutils.save_and_reraise_exception():
- wrapped_func = utils.get_wrapped_function(function)
- keyed_args = safe_utils.getcallargs(wrapped_func, context,
- *args, **kwargs)
- migration = keyed_args['migration']
-- status = migration.status
-- if status not in ['migrating', 'post-migrating']:
-- return
-+
-+ # NOTE(rajesht): If InstanceNotFound error is thrown from
-+ # decorated function, migration status should be set to
-+ # 'error', without checking current migration status.
-+ if not isinstance(ex, exception.InstanceNotFound):
-+ status = migration.status
-+ if status not in ['migrating', 'post-migrating']:
-+ return
-+
- migration.status = 'error'
- try:
- with migration.obj_as_admin():
-@@ -3727,6 +3733,7 @@ class ComputeManager(manager.Manager):
- @wrap_exception()
- @reverts_task_state
- @wrap_instance_event
-+ @errors_out_migration
- @wrap_instance_fault
- def revert_resize(self, context, instance, migration, reservations):
- """Destroys the new instance on the destination machine.
-@@ -3783,6 +3790,7 @@ class ComputeManager(manager.Manager):
- @wrap_exception()
- @reverts_task_state
- @wrap_instance_event
-+ @errors_out_migration
- @wrap_instance_fault
- def finish_revert_resize(self, context, instance, reservations, migration):
- """Finishes the second half of reverting a resize.
-@@ -6578,6 +6586,51 @@ class ComputeManager(manager.Manager):
- with utils.temporary_mutation(context, read_deleted='yes'):
- instance.save()
-
-+ @periodic_task.periodic_task(spacing=CONF.instance_delete_interval)
-+ def _cleanup_incomplete_migrations(self, context):
-+ """Delete instance files on failed resize/revert-resize operation
-+
-+ During resize/revert-resize operation, if that instance gets deleted
-+ in-between then instance files might remain either on source or
-+ destination compute node because of race condition.
-+ """
-+ LOG.debug('Cleaning up deleted instances with incomplete migration ')
-+ migration_filters = {'host': CONF.host,
-+ 'status': 'error'}
-+ migrations = objects.MigrationList.get_by_filters(context,
-+ migration_filters)
-+
-+ if not migrations:
-+ return
-+
-+ inst_uuid_from_migrations = set([migration.instance_uuid for migration
-+ in migrations])
-+
-+ inst_filters = {'deleted': True, 'soft_deleted': False,
-+ 'uuid': inst_uuid_from_migrations}
-+ attrs = ['info_cache', 'security_groups', 'system_metadata']
-+ with utils.temporary_mutation(context, read_deleted='yes'):
-+ instances = objects.InstanceList.get_by_filters(
-+ context, inst_filters, expected_attrs=attrs, use_slave=True)
-+
-+ for instance in instances:
-+ if instance.host != CONF.host:
-+ for migration in migrations:
-+ if instance.uuid == migration.instance_uuid:
-+ # Delete instance files if not cleanup properly either
-+ # from the source or destination compute nodes when
-+ # the instance is deleted during resizing.
-+ self.driver.delete_instance_files(instance)
-+ try:
-+ migration.status = 'failed'
-+ with migration.obj_as_admin():
-+ migration.save()
-+ except exception.MigrationNotFound:
-+ LOG.warning(_LW("Migration %s is not found."),
-+ migration.id, context=context,
-+ instance=instance)
-+ break
-+
- @messaging.expected_exceptions(exception.InstanceQuiesceNotSupported,
- exception.NovaException,
- NotImplementedError)
-diff --git a/nova/tests/unit/compute/test_compute_mgr.py b/nova/tests/unit/compute/test_compute_mgr.py
-index 4b7234e..ee1ab47 100644
---- a/nova/tests/unit/compute/test_compute_mgr.py
-+++ b/nova/tests/unit/compute/test_compute_mgr.py
-@@ -1374,6 +1374,78 @@ class ComputeManagerUnitTestCase(test.NoDBTestCase):
- self.assertFalse(c.cleaned)
- self.assertEqual('1', c.system_metadata['clean_attempts'])
-
-+ @mock.patch.object(objects.Migration, 'obj_as_admin')
-+ @mock.patch.object(objects.Migration, 'save')
-+ @mock.patch.object(objects.MigrationList, 'get_by_filters')
-+ @mock.patch.object(objects.InstanceList, 'get_by_filters')
-+ def _test_cleanup_incomplete_migrations(self, inst_host,
-+ mock_inst_get_by_filters,
-+ mock_migration_get_by_filters,
-+ mock_save, mock_obj_as_admin):
-+ def fake_inst(context, uuid, host):
-+ inst = objects.Instance(context)
-+ inst.uuid = uuid
-+ inst.host = host
-+ return inst
-+
-+ def fake_migration(uuid, status, inst_uuid, src_host, dest_host):
-+ migration = objects.Migration()
-+ migration.uuid = uuid
-+ migration.status = status
-+ migration.instance_uuid = inst_uuid
-+ migration.source_compute = src_host
-+ migration.dest_compute = dest_host
-+ return migration
-+
-+ fake_instances = [fake_inst(self.context, '111', inst_host),
-+ fake_inst(self.context, '222', inst_host)]
-+
-+ fake_migrations = [fake_migration('123', 'error', '111',
-+ 'fake-host', 'fake-mini'),
-+ fake_migration('456', 'error', '222',
-+ 'fake-host', 'fake-mini')]
-+
-+ mock_migration_get_by_filters.return_value = fake_migrations
-+ mock_inst_get_by_filters.return_value = fake_instances
-+
-+ with mock.patch.object(self.compute.driver, 'delete_instance_files'):
-+ self.compute._cleanup_incomplete_migrations(self.context)
-+
-+ # Ensure that migration status is set to 'failed' after instance
-+ # files deletion for those instances whose instance.host is not
-+ # same as compute host where periodic task is running.
-+ for inst in fake_instances:
-+ if inst.host != CONF.host:
-+ for mig in fake_migrations:
-+ if inst.uuid == mig.instance_uuid:
-+ self.assertEqual('failed', mig.status)
-+
-+ def test_cleanup_incomplete_migrations_dest_node(self):
-+ """Test to ensure instance files are deleted from destination node.
-+
-+ If instance gets deleted during resizing/revert-resizing operation,
-+ in that case instance files gets deleted from instance.host (source
-+ host here), but there is possibility that instance files could be
-+ present on destination node.
-+ This test ensures that `_cleanup_incomplete_migration` periodic
-+ task deletes orphaned instance files from destination compute node.
-+ """
-+ self.flags(host='fake-mini')
-+ self._test_cleanup_incomplete_migrations('fake-host')
-+
-+ def test_cleanup_incomplete_migrations_source_node(self):
-+ """Test to ensure instance files are deleted from source node.
-+
-+ If instance gets deleted during resizing/revert-resizing operation,
-+ in that case instance files gets deleted from instance.host (dest
-+ host here), but there is possibility that instance files could be
-+ present on source node.
-+ This test ensures that `_cleanup_incomplete_migration` periodic
-+ task deletes orphaned instance files from source compute node.
-+ """
-+ self.flags(host='fake-host')
-+ self._test_cleanup_incomplete_migrations('fake-mini')
-+
- def test_attach_interface_failure(self):
- # Test that the fault methods are invoked when an attach fails
- db_instance = fake_instance.fake_db_instance()
---
-2.4.5
-
-
diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch
deleted file mode 100644
index 9f2429d..0000000
--- a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-From f41488f828fda1370e1b017503711248a810d432 Mon Sep 17 00:00:00 2001
-From: Matthew Booth <mbooth@redhat.com>
-Date: Wed, 9 Dec 2015 15:36:32 +0000
-Subject: [PATCH 1/3] Fix format detection in libvirt snapshot
-
-The libvirt driver was using automatic format detection during
-snapshot for disks stored on the local filesystem. This opened an
-exploit if nova was configured to use local file storage, and
-additionally to store those files in raw format by specifying
-use_cow_images = False in nova.conf. An authenticated user could write
-a qcow2 header to their guest image with a backing file on the host.
-libvirt.utils.get_disk_type() would then misdetect the type of this
-image as qcow2 and pass this to the Qcow2 image backend, whose
-snapshot_extract method interprets the image as qcow2 and writes the
-backing file to glance. The authenticated user can then download the
-host file from glance.
-
-This patch makes 2 principal changes. libvirt.utils.get_disk_type,
-which ought to be removed entirely as soon as possible, is updated to
-no longer do format detection if the format can't be determined from
-the path. Its name is changed to get_disk_type_from_path to reflect
-its actual function.
-
-libvirt.utils.find_disk is updated to return both the path and format
-of the root disk, rather than just the path. This is the most reliable
-source of this information, as it reflects the actual format in use.
-The previous format detection function of get_disk_type is replaced by
-the format taken from libvirt.
-
-We replace a call to get_disk_type in _rebase_with_qemu_img with an
-explicit call to qemu_img_info, as the other behaviour of
-get_disk_type was not relevant in this context. qemu_img_info is safe
-from the backing file exploit when called on a file known to be a
-qcow2 image. As the file in this context is a volume snapshot, this is
-a safe use.
-
-(cherry picked from commit c69fbad4860a1ce931d80f3f0ce0f90da29e8e5f)
-
- Conflicts:
- nova/tests/unit/virt/libvirt/test_driver.py
- nova/tests/unit/virt/libvirt/test_utils.py
- nova/virt/libvirt/driver.py
- nova/virt/libvirt/utils.py
-
- Most about method _rebase_with_qemu_img which does not exist.
-
-Partial-Bug: #1524274
-Change-Id: I94c1c0d26215c061f71c3f95e1a6bf3a58fa19ea
----
- nova/tests/unit/virt/libvirt/fake_libvirt_utils.py | 10 +++--
- nova/tests/unit/virt/libvirt/test_utils.py | 44 +++-------------------
- nova/virt/libvirt/driver.py | 25 +++++++++---
- nova/virt/libvirt/utils.py | 26 ++++++++++---
- 4 files changed, 51 insertions(+), 54 deletions(-)
-
-diff --git a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
-index 302ccee..52d1e85 100644
---- a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
-+++ b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
-@@ -40,7 +40,9 @@ def get_disk_backing_file(path):
- return disk_backing_files.get(path, None)
-
-
--def get_disk_type(path):
-+def get_disk_type_from_path(path):
-+ if disk_type in ('raw', 'qcow2'):
-+ return None
- return disk_type
-
-
-@@ -99,11 +101,11 @@ def file_open(path, mode=None):
-
- def find_disk(virt_dom):
- if disk_type == 'lvm':
-- return "/dev/nova-vg/lv"
-+ return ("/dev/nova-vg/lv", "raw")
- elif disk_type in ['raw', 'qcow2']:
-- return "filename"
-+ return ("filename", disk_type)
- else:
-- return "unknown_type_disk"
-+ return ("unknown_type_disk", None)
-
-
- def load_file(path):
-diff --git a/nova/tests/unit/virt/libvirt/test_utils.py b/nova/tests/unit/virt/libvirt/test_utils.py
-index ac7ea8d..6773bea 100644
---- a/nova/tests/unit/virt/libvirt/test_utils.py
-+++ b/nova/tests/unit/virt/libvirt/test_utils.py
-@@ -39,24 +39,6 @@ CONF = cfg.CONF
-
- class LibvirtUtilsTestCase(test.NoDBTestCase):
-
-- @mock.patch('os.path.exists', return_value=True)
-- @mock.patch('nova.utils.execute')
-- def test_get_disk_type(self, mock_execute, mock_exists):
-- path = "disk.config"
-- example_output = """image: disk.config
--file format: raw
--virtual size: 64M (67108864 bytes)
--cluster_size: 65536
--disk size: 96K
--blah BLAH: bb
--"""
-- mock_execute.return_value = (example_output, '')
-- disk_type = libvirt_utils.get_disk_type(path)
-- mock_execute.assert_called_once_with('env', 'LC_ALL=C', 'LANG=C',
-- 'qemu-img', 'info', path)
-- mock_exists.assert_called_once_with(path)
-- self.assertEqual('raw', disk_type)
--
- @mock.patch('nova.utils.execute')
- def test_copy_image_local(self, mock_execute):
- libvirt_utils.copy_image('src', 'dest')
-@@ -77,37 +59,21 @@ blah BLAH: bb
- on_completion=None, on_execute=None, compression=True)
-
- @mock.patch('os.path.exists', return_value=True)
-- def test_disk_type(self, mock_exists):
-+ def test_disk_type_from_path(self, mock_exists):
- # Seems like lvm detection
- # if its in /dev ??
- for p in ['/dev/b', '/dev/blah/blah']:
-- d_type = libvirt_utils.get_disk_type(p)
-+ d_type = libvirt_utils.get_disk_type_from_path(p)
- self.assertEqual('lvm', d_type)
-
- # Try rbd detection
-- d_type = libvirt_utils.get_disk_type('rbd:pool/instance')
-+ d_type = libvirt_utils.get_disk_type_from_path('rbd:pool/instance')
- self.assertEqual('rbd', d_type)
-
- # Try the other types
-- template_output = """image: %(path)s
--file format: %(format)s
--virtual size: 64M (67108864 bytes)
--cluster_size: 65536
--disk size: 96K
--"""
- path = '/myhome/disk.config'
-- for f in ['raw', 'qcow2']:
-- output = template_output % ({
-- 'format': f,
-- 'path': path,
-- })
-- with mock.patch('nova.utils.execute',
-- return_value=(output, '')) as mock_execute:
-- d_type = libvirt_utils.get_disk_type(path)
-- mock_execute.assert_called_once_with(
-- 'env', 'LC_ALL=C', 'LANG=C',
-- 'qemu-img', 'info', path)
-- self.assertEqual(f, d_type)
-+ d_type = libvirt_utils.get_disk_type_from_path(path)
-+ self.assertIsNone(d_type)
-
- @mock.patch('os.path.exists', return_value=True)
- @mock.patch('nova.utils.execute')
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index fc1c909..51b1e4b 100644
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -1338,10 +1338,23 @@ class LibvirtDriver(driver.ComputeDriver):
-
- snapshot = self._image_api.get(context, image_id)
-
-- disk_path = libvirt_utils.find_disk(virt_dom)
-- source_format = libvirt_utils.get_disk_type(disk_path)
--
-- image_format = CONF.libvirt.snapshot_image_format or source_format
-+ # source_format is an on-disk format
-+ # source_type is a backend type
-+ disk_path, source_format = libvirt_utils.find_disk(virt_dom)
-+ source_type = libvirt_utils.get_disk_type_from_path(disk_path)
-+
-+ # We won't have source_type for raw or qcow2 disks, because we can't
-+ # determine that from the path. We should have it from the libvirt
-+ # xml, though.
-+ if source_type is None:
-+ source_type = source_format
-+ # For lxc instances we won't have it either from libvirt xml
-+ # (because we just gave libvirt the mounted filesystem), or the path,
-+ # so source_type is still going to be None. In this case,
-+ # snapshot_backend is going to default to CONF.libvirt.images_type
-+ # below, which is still safe.
-+
-+ image_format = CONF.libvirt.snapshot_image_format or source_type
-
- # NOTE(bfilippov): save lvm and rbd as raw
- if image_format == 'lvm' or image_format == 'rbd':
-@@ -1367,7 +1380,7 @@ class LibvirtDriver(driver.ComputeDriver):
- if (self._host.has_min_version(MIN_LIBVIRT_LIVESNAPSHOT_VERSION,
- MIN_QEMU_LIVESNAPSHOT_VERSION,
- host.HV_DRIVER_QEMU)
-- and source_format not in ('lvm', 'rbd')
-+ and source_type not in ('lvm', 'rbd')
- and not CONF.ephemeral_storage_encryption.enabled
- and not CONF.workarounds.disable_libvirt_livesnapshot):
- live_snapshot = True
-@@ -1402,7 +1415,7 @@ class LibvirtDriver(driver.ComputeDriver):
-
- snapshot_backend = self.image_backend.snapshot(instance,
- disk_path,
-- image_type=source_format)
-+ image_type=source_type)
-
- if live_snapshot:
- LOG.info(_LI("Beginning live snapshot process"),
-diff --git a/nova/virt/libvirt/utils.py b/nova/virt/libvirt/utils.py
-index 5573927..062b2fb 100644
---- a/nova/virt/libvirt/utils.py
-+++ b/nova/virt/libvirt/utils.py
-@@ -334,13 +334,20 @@ def find_disk(virt_dom):
- """
- xml_desc = virt_dom.XMLDesc(0)
- domain = etree.fromstring(xml_desc)
-+ driver = None
- if CONF.libvirt.virt_type == 'lxc':
-- source = domain.find('devices/filesystem/source')
-+ filesystem = domain.find('devices/filesystem')
-+ driver = filesystem.find('driver')
-+
-+ source = filesystem.find('source')
- disk_path = source.get('dir')
- disk_path = disk_path[0:disk_path.rfind('rootfs')]
- disk_path = os.path.join(disk_path, 'disk')
- else:
-- source = domain.find('devices/disk/source')
-+ disk = domain.find('devices/disk')
-+ driver = disk.find('driver')
-+
-+ source = disk.find('source')
- disk_path = source.get('file') or source.get('dev')
- if not disk_path and CONF.libvirt.images_type == 'rbd':
- disk_path = source.get('name')
-@@ -351,17 +358,26 @@ def find_disk(virt_dom):
- raise RuntimeError(_("Can't retrieve root device path "
- "from instance libvirt configuration"))
-
-- return disk_path
-+ if driver is not None:
-+ format = driver.get('type')
-+ # This is a legacy quirk of libvirt/xen. Everything else should
-+ # report the on-disk format in type.
-+ if format == 'aio':
-+ format = 'raw'
-+ else:
-+ format = None
-+ return (disk_path, format)
-
-
--def get_disk_type(path):
-+def get_disk_type_from_path(path):
- """Retrieve disk type (raw, qcow2, lvm) for given file."""
- if path.startswith('/dev'):
- return 'lvm'
- elif path.startswith('rbd:'):
- return 'rbd'
-
-- return images.qemu_img_info(path).file_format
-+ # We can't reliably determine the type from this path
-+ return None
-
-
- def get_fs_info(path):
---
-2.5.0
-
diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch
deleted file mode 100644
index 2ffca9f..0000000
--- a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-From 0e6b4a06ad72ac68ec41bab2063f8d167e8e277e Mon Sep 17 00:00:00 2001
-From: Matthew Booth <mbooth@redhat.com>
-Date: Thu, 10 Dec 2015 16:34:19 +0000
-Subject: [PATCH 2/3] Fix format conversion in libvirt snapshot
-
-The libvirt driver was calling images.convert_image during snapshot to
-convert snapshots to the intended output format. However, this
-function does not take the input format as an argument, meaning it
-implicitly does format detection. This opened an exploit for setups
-using raw storage on the backend, including raw on filesystem, LVM,
-and RBD (Ceph). An authenticated user could write a qcow2 header to
-their instance's disk which specified an arbitrary backing file on the
-host. When convert_image ran during snapshot, this would then write
-the contents of the backing file to glance, which is then available to
-the user. If the setup uses an LVM backend this conversion runs as
-root, meaning the user can exfiltrate any file on the host, including
-raw disks.
-
-This change adds an input format to convert_image.
-
-Partial-Bug: #1524274
-
-Change-Id: If73e73718ecd5db262ed9904091024238f98dbc0
-(cherry picked from commit 840644d619e9560f205016eafc8799565ffd6d8c)
----
- nova/tests/unit/virt/libvirt/test_driver.py | 5 +++--
- nova/tests/unit/virt/libvirt/test_utils.py | 3 ++-
- nova/virt/images.py | 26 ++++++++++++++++++++++++--
- nova/virt/libvirt/imagebackend.py | 19 ++++++++++++++-----
- 4 files changed, 43 insertions(+), 10 deletions(-)
-
-diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
-index 22ef56d..6fd8728 100644
---- a/nova/tests/unit/virt/libvirt/test_driver.py
-+++ b/nova/tests/unit/virt/libvirt/test_driver.py
-@@ -14985,7 +14985,7 @@ class LibvirtVolumeSnapshotTestCase(test.NoDBTestCase):
- self.mox.VerifyAll()
-
-
--def _fake_convert_image(source, dest, out_format,
-+def _fake_convert_image(source, dest, in_format, out_format,
- run_as_root=True):
- libvirt_driver.libvirt_utils.files[dest] = ''
-
-@@ -15127,7 +15127,8 @@ class LVMSnapshotTests(_BaseSnapshotTests):
-
- mock_volume_info.assert_has_calls([mock.call('/dev/nova-vg/lv')])
- mock_convert_image.assert_called_once_with(
-- '/dev/nova-vg/lv', mock.ANY, disk_format, run_as_root=True)
-+ '/dev/nova-vg/lv', mock.ANY, 'raw', disk_format,
-+ run_as_root=True)
-
- def test_raw(self):
- self._test_lvm_snapshot('raw')
-diff --git a/nova/tests/unit/virt/libvirt/test_utils.py b/nova/tests/unit/virt/libvirt/test_utils.py
-index 6773bea..6f75a92 100644
---- a/nova/tests/unit/virt/libvirt/test_utils.py
-+++ b/nova/tests/unit/virt/libvirt/test_utils.py
-@@ -594,7 +594,8 @@ disk size: 4.4M
- target = 't.qcow2'
- self.executes = []
- expected_commands = [('qemu-img', 'convert', '-O', 'raw',
-- 't.qcow2.part', 't.qcow2.converted'),
-+ 't.qcow2.part', 't.qcow2.converted',
-+ '-f', 'qcow2'),
- ('rm', 't.qcow2.part'),
- ('mv', 't.qcow2.converted', 't.qcow2')]
- images.fetch_to_raw(context, image_id, target, user_id, project_id,
-diff --git a/nova/virt/images.py b/nova/virt/images.py
-index 5b9374b..e2b5b91 100644
---- a/nova/virt/images.py
-+++ b/nova/virt/images.py
-@@ -66,9 +66,31 @@ def qemu_img_info(path):
- return imageutils.QemuImgInfo(out)
-
-
--def convert_image(source, dest, out_format, run_as_root=False):
-+def convert_image(source, dest, in_format, out_format, run_as_root=False):
- """Convert image to other format."""
-+ if in_format is None:
-+ raise RuntimeError("convert_image without input format is a security"
-+ "risk")
-+ _convert_image(source, dest, in_format, out_format, run_as_root)
-+
-+
-+def convert_image_unsafe(source, dest, out_format, run_as_root=False):
-+ """Convert image to other format, doing unsafe automatic input format
-+ detection. Do not call this function.
-+ """
-+
-+ # NOTE: there is only 1 caller of this function:
-+ # imagebackend.Lvm.create_image. It is not easy to fix that without a
-+ # larger refactor, so for the moment it has been manually audited and
-+ # allowed to continue. Remove this function when Lvm.create_image has
-+ # been fixed.
-+ _convert_image(source, dest, None, out_format, run_as_root)
-+
-+
-+def _convert_image(source, dest, in_format, out_format, run_as_root):
- cmd = ('qemu-img', 'convert', '-O', out_format, source, dest)
-+ if in_format is not None:
-+ cmd = cmd + ('-f', in_format)
- utils.execute(*cmd, run_as_root=run_as_root)
-
-
-@@ -123,7 +145,7 @@ def fetch_to_raw(context, image_href, path, user_id, project_id, max_size=0):
- staged = "%s.converted" % path
- LOG.debug("%s was %s, converting to raw" % (image_href, fmt))
- with fileutils.remove_path_on_error(staged):
-- convert_image(path_tmp, staged, 'raw')
-+ convert_image(path_tmp, staged, fmt, 'raw')
- os.unlink(path_tmp)
-
- data = qemu_img_info(staged)
-diff --git a/nova/virt/libvirt/imagebackend.py b/nova/virt/libvirt/imagebackend.py
-index 5e14f61..151ebc4 100644
---- a/nova/virt/libvirt/imagebackend.py
-+++ b/nova/virt/libvirt/imagebackend.py
-@@ -477,7 +477,7 @@ class Raw(Image):
- self.correct_format()
-
- def snapshot_extract(self, target, out_format):
-- images.convert_image(self.path, target, out_format)
-+ images.convert_image(self.path, target, self.driver_format, out_format)
-
- @staticmethod
- def is_file_in_instance_path():
-@@ -631,7 +631,16 @@ class Lvm(Image):
- size, sparse=self.sparse)
- if self.ephemeral_key_uuid is not None:
- encrypt_lvm_image()
-- images.convert_image(base, self.path, 'raw', run_as_root=True)
-+ # NOTE: by calling convert_image_unsafe here we're
-+ # telling qemu-img convert to do format detection on the input,
-+ # because we don't know what the format is. For example,
-+ # we might have downloaded a qcow2 image, or created an
-+ # ephemeral filesystem locally, we just don't know here. Having
-+ # audited this, all current sources have been sanity checked,
-+ # either because they're locally generated, or because they have
-+ # come from images.fetch_to_raw. However, this is major code smell.
-+ images.convert_image_unsafe(base, self.path, self.driver_format,
-+ run_as_root=True)
- if resize:
- disk.resize2fs(self.path, run_as_root=True)
-
-@@ -678,8 +687,8 @@ class Lvm(Image):
- lvm.remove_volumes([self.lv_path])
-
- def snapshot_extract(self, target, out_format):
-- images.convert_image(self.path, target, out_format,
-- run_as_root=True)
-+ images.convert_image(self.path, target, self.driver_format,
-+ out_format, run_as_root=True)
-
- def get_model(self, connection):
- return imgmodel.LocalBlockImage(self.path)
-@@ -786,7 +795,7 @@ class Rbd(Image):
- self.driver.resize(self.rbd_name, size)
-
- def snapshot_extract(self, target, out_format):
-- images.convert_image(self.path, target, out_format)
-+ images.convert_image(self.path, target, 'raw', out_format)
-
- @staticmethod
- def is_shared_block_storage():
---
-2.5.0
-
diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch
deleted file mode 100644
index b542041..0000000
--- a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch
+++ /dev/null
@@ -1,171 +0,0 @@
-From 62516194c424abad3bec12ea360dde06617fe97d Mon Sep 17 00:00:00 2001
-From: Matthew Booth <mbooth@redhat.com>
-Date: Fri, 11 Dec 2015 13:40:54 +0000
-Subject: [PATCH 3/3] Fix backing file detection in libvirt live snapshot
-
-When doing a live snapshot, the libvirt driver creates an intermediate
-qcow2 file with the same backing file as the original disk. However,
-it calls qemu-img info without specifying the input format explicitly.
-An authenticated user can write data to a raw disk which will cause
-this code to misinterpret the disk as a qcow2 file with a
-user-specified backing file on the host, and return an arbitrary host
-file as the backing file.
-
-This bug does not appear to result in a data leak in this case, but
-this is hard to verify. It certainly results in corrupt output.
-
-Closes-Bug: #1524274
-
-Change-Id: I11485f077d28f4e97529a691e55e3e3c0bea8872
-(cherry picked from commit ccea9095d9fb5bcdcb61ee5e352c4a8163754b9d)
----
- nova/tests/unit/virt/libvirt/fake_libvirt_utils.py | 4 ++--
- nova/tests/unit/virt/libvirt/test_driver.py | 7 ++++---
- nova/virt/images.py | 8 +++++---
- nova/virt/libvirt/driver.py | 11 +++++++----
- nova/virt/libvirt/utils.py | 9 +++++----
- 5 files changed, 23 insertions(+), 16 deletions(-)
-
-diff --git a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
-index 52d1e85..b474687 100644
---- a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
-+++ b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
-@@ -32,11 +32,11 @@ def create_cow_image(backing_file, path):
- pass
-
-
--def get_disk_size(path):
-+def get_disk_size(path, format=None):
- return 0
-
-
--def get_disk_backing_file(path):
-+def get_disk_backing_file(path, format=None):
- return disk_backing_files.get(path, None)
-
-
-diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
-index 6fd8728..6d0afdf 100644
---- a/nova/tests/unit/virt/libvirt/test_driver.py
-+++ b/nova/tests/unit/virt/libvirt/test_driver.py
-@@ -12018,7 +12018,7 @@ class LibvirtConnTestCase(test.NoDBTestCase):
-
- image_meta = objects.ImageMeta.from_dict(self.test_image_meta)
- drvr._live_snapshot(self.context, self.test_instance, guest,
-- srcfile, dstfile, "qcow2", image_meta)
-+ srcfile, dstfile, "qcow2", "qcow2", image_meta)
-
- mock_dom.XMLDesc.assert_called_once_with(flags=(
- fakelibvirt.VIR_DOMAIN_XML_INACTIVE |
-@@ -12029,8 +12029,9 @@ class LibvirtConnTestCase(test.NoDBTestCase):
- fakelibvirt.VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT |
- fakelibvirt.VIR_DOMAIN_BLOCK_REBASE_SHALLOW))
-
-- mock_size.assert_called_once_with(srcfile)
-- mock_backing.assert_called_once_with(srcfile, basename=False)
-+ mock_size.assert_called_once_with(srcfile, format="qcow2")
-+ mock_backing.assert_called_once_with(srcfile, basename=False,
-+ format="qcow2")
- mock_create_cow.assert_called_once_with(bckfile, dltfile, 1004009)
- mock_chown.assert_called_once_with(dltfile, os.getuid())
- mock_snapshot.assert_called_once_with(dltfile, "qcow2",
-diff --git a/nova/virt/images.py b/nova/virt/images.py
-index e2b5b91..6f3e487 100644
---- a/nova/virt/images.py
-+++ b/nova/virt/images.py
-@@ -44,7 +44,7 @@ CONF.register_opts(image_opts)
- IMAGE_API = image.API()
-
-
--def qemu_img_info(path):
-+def qemu_img_info(path, format=None):
- """Return an object containing the parsed output from qemu-img info."""
- # TODO(mikal): this code should not be referring to a libvirt specific
- # flag.
-@@ -56,8 +56,10 @@ def qemu_img_info(path):
- msg = (_("Path does not exist %(path)s") % {'path': path})
- raise exception.InvalidDiskInfo(reason=msg)
-
-- out, err = utils.execute('env', 'LC_ALL=C', 'LANG=C',
-- 'qemu-img', 'info', path)
-+ cmd = ('env', 'LC_ALL=C', 'LANG=C', 'qemu-img', 'info', path)
-+ if format is not None:
-+ cmd = cmd + ('-f', format)
-+ out, err = utils.execute(*cmd)
- if not out:
- msg = (_("Failed to run qemu-img info on %(path)s : %(error)s") %
- {'path': path, 'error': err})
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index 51b1e4b..53a27b2 100644
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -1434,7 +1434,8 @@ class LibvirtDriver(driver.ComputeDriver):
- # NOTE(xqueralt): libvirt needs o+x in the temp directory
- os.chmod(tmpdir, 0o701)
- self._live_snapshot(context, instance, guest, disk_path,
-- out_path, image_format, image_meta)
-+ out_path, source_format, image_format,
-+ image_meta)
- else:
- snapshot_backend.snapshot_extract(out_path, image_format)
- finally:
-@@ -1540,7 +1541,7 @@ class LibvirtDriver(driver.ComputeDriver):
- self._set_quiesced(context, instance, image_meta, False)
-
- def _live_snapshot(self, context, instance, guest, disk_path, out_path,
-- image_format, image_meta):
-+ source_format, image_format, image_meta):
- """Snapshot an instance without downtime."""
- dev = guest.get_block_device(disk_path)
-
-@@ -1558,9 +1559,11 @@ class LibvirtDriver(driver.ComputeDriver):
- # in QEMU 1.3. In order to do this, we need to create
- # a destination image with the original backing file
- # and matching size of the instance root disk.
-- src_disk_size = libvirt_utils.get_disk_size(disk_path)
-+ src_disk_size = libvirt_utils.get_disk_size(disk_path,
-+ format=source_format)
- src_back_path = libvirt_utils.get_disk_backing_file(disk_path,
-- basename=False)
-+ format=source_format,
-+ basename=False)
- disk_delta = out_path + '.delta'
- libvirt_utils.create_cow_image(src_back_path, disk_delta,
- src_disk_size)
-diff --git a/nova/virt/libvirt/utils.py b/nova/virt/libvirt/utils.py
-index 062b2fb..7b0cf42 100644
---- a/nova/virt/libvirt/utils.py
-+++ b/nova/virt/libvirt/utils.py
-@@ -160,24 +160,25 @@ def pick_disk_driver_name(hypervisor_version, is_block_dev=False):
- return None
-
-
--def get_disk_size(path):
-+def get_disk_size(path, format=None):
- """Get the (virtual) size of a disk image
-
- :param path: Path to the disk image
-+ :param format: the on-disk format of path
- :returns: Size (in bytes) of the given disk image as it would be seen
- by a virtual machine.
- """
-- size = images.qemu_img_info(path).virtual_size
-+ size = images.qemu_img_info(path, format).virtual_size
- return int(size)
-
-
--def get_disk_backing_file(path, basename=True):
-+def get_disk_backing_file(path, basename=True, format=None):
- """Get the backing file of a disk image
-
- :param path: Path to the disk image
- :returns: a path to the image's backing store
- """
-- backing_file = images.qemu_img_info(path).backing_file
-+ backing_file = images.qemu_img_info(path, format).backing_file
- if backing_file and basename:
- backing_file = os.path.basename(backing_file)
-
---
-2.5.0
-
diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0004.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0004.patch
deleted file mode 100644
index 113e9f4..0000000
--- a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0004.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From cf197ec2d682fb4da777df2291ca7ef101f73b77 Mon Sep 17 00:00:00 2001
-From: Matt Riedemann <mriedem@us.ibm.com>
-Date: Mon, 16 Nov 2015 13:11:09 -0800
-Subject: xen: mask passwords in volume connection_data dict
-
-The connection_data dict can have credentials in it, so we need to scrub
-those before putting the stringified dict into the StorageError message
-and raising that up and when logging the dict.
-
-Note that strutils.mask_password converts the dict to a string using
-six.text_type so we don't have to do that conversion first.
-
-SecurityImpact
-
-Change-Id: Ic5f4d4c26794550a92481bf2b725ef5eafa581b2
-Closes-Bug: #1516765
-(cherry picked from commit 8b289237ed6d53738c22878decf0c429301cf3d0)
----
- nova/tests/unit/virt/xenapi/test_volume_utils.py | 16 ++++++++++++++--
- nova/tests/unit/virt/xenapi/test_volumeops.py | 16 ++++++++++++++++
- nova/virt/xenapi/volume_utils.py | 3 ++-
- nova/virt/xenapi/volumeops.py | 6 +++++-
- 4 files changed, 37 insertions(+), 4 deletions(-)
-
-diff --git a/nova/tests/unit/virt/xenapi/test_volume_utils.py b/nova/tests/unit/virt/xenapi/test_volume_utils.py
-index 6bd80b0..d08eede 100644
---- a/nova/tests/unit/virt/xenapi/test_volume_utils.py
-+++ b/nova/tests/unit/virt/xenapi/test_volume_utils.py
-@@ -165,14 +165,26 @@ class ParseVolumeInfoTestCase(stubs.XenAPITestBaseNoDB):
- 'target_lun': None,
- 'auth_method': 'CHAP',
- 'auth_username': 'username',
-- 'auth_password': 'password'}}
-+ 'auth_password': 'verybadpass'}}
-
- def test_parse_volume_info_parsing_auth_details(self):
- conn_info = self._make_connection_info()
- result = volume_utils._parse_volume_info(conn_info['data'])
-
- self.assertEqual('username', result['chapuser'])
-- self.assertEqual('password', result['chappassword'])
-+ self.assertEqual('verybadpass', result['chappassword'])
-+
-+ def test_parse_volume_info_missing_details(self):
-+ # Tests that a StorageError is raised if volume_id, target_host, or
-+ # target_ign is missing from connection_data. Also ensures that the
-+ # auth_password value is not present in the StorageError message.
-+ for data_key_to_null in ('volume_id', 'target_portal', 'target_iqn'):
-+ conn_info = self._make_connection_info()
-+ conn_info['data'][data_key_to_null] = None
-+ ex = self.assertRaises(exception.StorageError,
-+ volume_utils._parse_volume_info,
-+ conn_info['data'])
-+ self.assertNotIn('verybadpass', six.text_type(ex))
-
- def test_get_device_number_raise_exception_on_wrong_mountpoint(self):
- self.assertRaises(
-diff --git a/nova/tests/unit/virt/xenapi/test_volumeops.py b/nova/tests/unit/virt/xenapi/test_volumeops.py
-index 0e840bb..58c3fa5 100644
---- a/nova/tests/unit/virt/xenapi/test_volumeops.py
-+++ b/nova/tests/unit/virt/xenapi/test_volumeops.py
-@@ -381,6 +381,22 @@ class AttachVolumeTestCase(VolumeOpsTestBase):
- mock_intro.assert_called_once_with(self.session, "sr",
- target_lun="lun")
-
-+ @mock.patch.object(volume_utils, "introduce_vdi")
-+ @mock.patch.object(volumeops.LOG, 'debug')
-+ def test_connect_hypervisor_to_volume_mask_password(self, mock_debug,
-+ mock_intro):
-+ # Tests that the connection_data is scrubbed before logging.
-+ data = {'auth_password': 'verybadpass'}
-+ self.ops._connect_hypervisor_to_volume("sr", data)
-+ self.assertTrue(mock_debug.called, 'LOG.debug was not called')
-+ password_logged = False
-+ for call in mock_debug.call_args_list:
-+ # The call object is a tuple of (args, kwargs)
-+ if 'verybadpass' in call[0]:
-+ password_logged = True
-+ break
-+ self.assertFalse(password_logged, 'connection_data was not scrubbed')
-+
- @mock.patch.object(vm_utils, "is_vm_shutdown")
- @mock.patch.object(vm_utils, "create_vbd")
- def test_attach_volume_to_vm_plug(self, mock_vbd, mock_shutdown):
-diff --git a/nova/virt/xenapi/volume_utils.py b/nova/virt/xenapi/volume_utils.py
-index c7bfe32..af47e26 100644
---- a/nova/virt/xenapi/volume_utils.py
-+++ b/nova/virt/xenapi/volume_utils.py
-@@ -24,6 +24,7 @@ import string
- from eventlet import greenthread
- from oslo_config import cfg
- from oslo_log import log as logging
-+from oslo_utils import strutils
-
- from nova import exception
- from nova.i18n import _, _LE, _LW
-@@ -84,7 +85,7 @@ def _parse_volume_info(connection_data):
- target_iqn is None):
- raise exception.StorageError(
- reason=_('Unable to obtain target information %s') %
-- connection_data)
-+ strutils.mask_password(connection_data))
- volume_info = {}
- volume_info['id'] = volume_id
- volume_info['target'] = target_host
-diff --git a/nova/virt/xenapi/volumeops.py b/nova/virt/xenapi/volumeops.py
-index f816853..b9e73e2 100644
---- a/nova/virt/xenapi/volumeops.py
-+++ b/nova/virt/xenapi/volumeops.py
-@@ -19,6 +19,7 @@ Management class for Storage-related functions (attach, detach, etc).
-
- from oslo_log import log as logging
- from oslo_utils import excutils
-+from oslo_utils import strutils
-
- from nova import exception
- from nova.i18n import _LI, _LW
-@@ -91,7 +92,10 @@ class VolumeOps(object):
- return (sr_ref, sr_uuid)
-
- def _connect_hypervisor_to_volume(self, sr_ref, connection_data):
-- LOG.debug("Connect volume to hypervisor: %s", connection_data)
-+ # connection_data can have credentials in it so make sure to scrub
-+ # those before logging.
-+ LOG.debug("Connect volume to hypervisor: %s",
-+ strutils.mask_password(connection_data))
- if 'vdi_uuid' in connection_data:
- vdi_ref = volume_utils.introduce_vdi(
- self._session, sr_ref,
---
-cgit v0.11.2
-
diff --git a/sys-cluster/nova/nova-2015.1.9999.ebuild b/sys-cluster/nova/nova-2015.1.9999.ebuild
deleted file mode 100644
index 517c097..0000000
--- a/sys-cluster/nova/nova-2015.1.9999.ebuild
+++ /dev/null
@@ -1,251 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit distutils-r1 eutils git-r3 linux-info multilib user
-
-DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python"
-HOMEPAGE="https://launchpad.net/nova"
-EGIT_REPO_URI="https://github.com/openstack/nova.git"
-EGIT_BRANCH="stable/kilo"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS=""
-IUSE="+compute compute-only iscsi +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test"
-REQUIRED_USE="
- !compute-only? ( || ( mysql postgres sqlite ) )
- compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )"
-
-DEPEND="
- dev-python/setuptools[${PYTHON_USEDEP}]
- >=dev-python/pbr-0.8[${PYTHON_USEDEP}]
- <dev-python/pbr-1.0[${PYTHON_USEDEP}]
- app-admin/sudo
- test? (
- ${RDEPEND}
- >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
- >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
- <dev-python/fixtures-1.3.0[${PYTHON_USEDEP}]
- >=dev-python/mock-1.0[${PYTHON_USEDEP}]
- <dev-python/mock-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/mox3-0.7.0[${PYTHON_USEDEP}]
- <dev-python/mox3-0.8.0[${PYTHON_USEDEP}]
- dev-python/mysql-python[${PYTHON_USEDEP}]
- dev-python/psycopg[${PYTHON_USEDEP}]
- >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
- <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/python-ironicclient-0.4.1[${PYTHON_USEDEP}]
- <dev-python/python-ironicclient-0.6.0[${PYTHON_USEDEP}]
- >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
- >=dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}]
- >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
- !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
- <dev-python/sphinx-1.3[${PYTHON_USEDEP}]
- >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
- <dev-python/oslo-sphinx-2.6.0[${PYTHON_USEDEP}]
- >=dev-python/oslotest-1.5.1[${PYTHON_USEDEP}]
- <dev-python/oslotest-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
- >=dev-python/testtools-0.9.36[${PYTHON_USEDEP}]
- !~dev-python/testtools-1.2.0[${PYTHON_USEDEP}]
- >=dev-python/tempest-lib-0.4.0[${PYTHON_USEDEP}]
- <dev-python/tempest-lib-0.5.0[${PYTHON_USEDEP}]
- >=dev-python/suds-0.4[${PYTHON_USEDEP}]
- >=dev-python/oslo-vmware-0.11.1[${PYTHON_USEDEP}]
- <dev-python/oslo-vmware-0.12.0[${PYTHON_USEDEP}]
- )"
-
-# barbicanclient is in here for doc generation
-RDEPEND="
- compute-only? (
- >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
- )
- sqlite? (
- >=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}]
- )
- mysql? (
- dev-python/mysql-python
- >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
- )
- postgres? (
- dev-python/psycopg:2
- >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
- )
- >=dev-python/boto-2.32.1[${PYTHON_USEDEP}]
- >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}]
- >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}]
- !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}]
- >=dev-python/jinja-2.6[${PYTHON_USEDEP}]
- >=dev-python/keystonemiddleware-1.5.0[${PYTHON_USEDEP}]
- <dev-python/keystonemiddleware-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
- >=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}]
- !~dev-python/routes-2.0[${PYTHON_USEDEP}]
- >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
- >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
- >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
- dev-python/paste[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-migrate-0.9.5[${PYTHON_USEDEP}]
- !~dev-python/sqlalchemy-migrate-0.9.8[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-migrate-0.10.0[${PYTHON_USEDEP}]
- >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
- >=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}]
- dev-python/pyasn1[${PYTHON_USEDEP}]
- >=dev-python/Babel-1.3[${PYTHON_USEDEP}]
- >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
- >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
- <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/python-cinderclient-1.1.0[${PYTHON_USEDEP}]
- <dev-python/python-cinderclient-1.2.0[${PYTHON_USEDEP}]
- >=dev-python/python-neutronclient-2.4.0[${PYTHON_USEDEP}]
- <dev-python/python-neutronclient-2.5.0[${PYTHON_USEDEP}]
- >=dev-python/python-glanceclient-0.15.0[${PYTHON_USEDEP}]
- <dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}]
- >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
- <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/stevedore-1.3.0[${PYTHON_USEDEP}]
- <dev-python/stevedore-1.4.0[${PYTHON_USEDEP}]
- >=dev-python/websockify-0.6.0[${PYTHON_USEDEP}]
- <dev-python/websockify-0.7.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-concurrency-1.8.2[${PYTHON_USEDEP}]
- <dev-python/oslo-concurrency-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-1.9.3[${PYTHON_USEDEP}]
- <dev-python/oslo-config-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
- <dev-python/oslo-context-0.3.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-log-1.0.0[${PYTHON_USEDEP}]
- <dev-python/oslo-log-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
- <dev-python/oslo-serialization-1.5.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-utils-1.4.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-utils-1.4.1[${PYTHON_USEDEP}]
- <dev-python/oslo-utils-1.5.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-db-1.7.0[${PYTHON_USEDEP}]
- <dev-python/oslo-db-1.8.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-rootwrap-1.6.0[${PYTHON_USEDEP}]
- <dev-python/oslo-rootwrap-1.7.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-messaging-1.8.0[${PYTHON_USEDEP}]
- <dev-python/oslo-messaging-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
- <dev-python/oslo-i18n-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-middleware-1.0.0[${PYTHON_USEDEP}]
- <dev-python/oslo-middleware-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/psutil-1.1.1[${PYTHON_USEDEP}]
- <dev-python/psutil-2.0.0[${PYTHON_USEDEP}]
- dev-python/libvirt-python[${PYTHON_USEDEP}]
- app-emulation/libvirt[iscsi?]
- novncproxy? ( www-apps/novnc )
- sys-apps/iproute2
- openvswitch? ( net-misc/openvswitch )
- rabbitmq? ( net-misc/rabbitmq-server )
- memcached? ( net-misc/memcached
- dev-python/python-memcached )
- sys-fs/sysfsutils
- sys-fs/multipath-tools
- net-misc/bridge-utils
- compute? (
- app-cdr/cdrkit
- app-emulation/qemu
- )
- iscsi? (
- sys-fs/lsscsi
- >=sys-block/open-iscsi-2.0.872-r3
- )"
-
-PATCHES=(
-)
-
-pkg_setup() {
- linux-info_pkg_setup
- CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \
- IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \
- NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \
- ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT"
- if linux_config_exists; then
- for module in ${CONFIG_CHECK_MODULES}; do
- linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel"
- done
- fi
- enewgroup nova
- enewuser nova -1 -1 /var/lib/nova nova
-}
-
-python_prepare_all() {
- sed -i '/^hacking/d' test-requirements.txt || die
- sed -i 's/python/python2\.7/g' tools/config/generate_sample.sh || die
- distutils-r1_python_prepare_all
-}
-
-python_compile() {
- distutils-r1_python_compile
- ./tools/config/generate_sample.sh -b ./ -p nova -o etc/nova || die
-}
-
-python_test() {
- testr init
- testr run --parallel || die "failed testsuite under python2.7"
-}
-
-python_install() {
- distutils-r1_python_install
-
- if use !compute-only; then
- for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
- newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
- done
- fi
- use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
- use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
-
- diropts -m 0750 -o nova -g qemu
- dodir /var/log/nova /var/lib/nova/instances
- diropts -m 0750 -o nova -g nova
-
- insinto /etc/nova
- insopts -m 0640 -o nova -g nova
- newins "etc/nova/nova.conf.sample" "nova.conf"
- doins "etc/nova/api-paste.ini"
- doins "etc/nova/logging_sample.conf"
- doins "etc/nova/policy.json"
- doins "etc/nova/rootwrap.conf"
- #rootwrap filters
- insinto /etc/nova/rootwrap.d
- doins "etc/nova/rootwrap.d/api-metadata.filters"
- doins "etc/nova/rootwrap.d/compute.filters"
- doins "etc/nova/rootwrap.d/network.filters"
- #copy migration conf file (not coppied on install via setup.py script)
- insopts -m 0644
- insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
- doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
- #copy the CA cert dir (not coppied on install via setup.py script)
- cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed"
-
- #add sudoers definitions for user nova
- insinto /etc/sudoers.d/
- insopts -m 0600 -o root -g root
- doins "${FILESDIR}/nova-sudoers"
-
- if use iscsi ; then
- # Install udev rules for handle iscsi disk with right links under /dev
- udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules
-
- insinto /etc/nova/
- doins "${FILESDIR}/scsi-openscsi-link.sh"
- fi
-}
-
-pkg_postinst() {
- if use iscsi ; then
- elog "iscsid needs to be running if you want cinder to connect"
- fi
-}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/nova/files/, sys-cluster/nova/
@ 2016-03-08 20:11 Matt Thode
0 siblings, 0 replies; 6+ messages in thread
From: Matt Thode @ 2016-03-08 20:11 UTC (permalink / raw
To: gentoo-commits
commit: d68cf8abe61faac28a5b87dc0c2b6d6fd669dd4e
Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 8 20:10:39 2016 +0000
Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Tue Mar 8 20:10:39 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d68cf8ab
sys-cluster/nova: fix CVE-2016-2140
Package-Manager: portage-2.2.26
sys-cluster/nova/files/12.0.2-CVE-2016-2140.patch | 165 +++++++++++++++++++++
.../{nova-12.0.2.ebuild => nova-12.0.2-r1.ebuild} | 1 +
2 files changed, 166 insertions(+)
diff --git a/sys-cluster/nova/files/12.0.2-CVE-2016-2140.patch b/sys-cluster/nova/files/12.0.2-CVE-2016-2140.patch
new file mode 100644
index 0000000..20b35b7
--- /dev/null
+++ b/sys-cluster/nova/files/12.0.2-CVE-2016-2140.patch
@@ -0,0 +1,165 @@
+From 8d5ba34751c0ae8093f987d74348dffd8ca0b61c Mon Sep 17 00:00:00 2001
+From: Lee Yarwood <lyarwood@redhat.com>
+Date: Wed, 24 Feb 2016 11:23:22 +0000
+Subject: [PATCH] libvirt: Always copy or recreate disk.info during a migration
+
+The disk.info file contains the path and format of any image, config or
+ephermal disk associated with an instance. When using RAW images and migrating
+an instance this file should always be copied or recreated. This avoids the Raw
+imagebackend reinspecting the format of these disks when spawning the instance
+on the destination host.
+
+By not copying or recreating this disk.info file, a malicious image written to
+an instance disk on the source host will cause Nova to reinspect and record a
+different format for the disk on the destination. This format then being used
+incorrectly when finally spawning the instance on the destination.
+
+SecurityImpact
+Closes-bug: #1548450
+Change-Id: Idfc16f54049aaeab31ac1c1d8d79a129acc9fb87
+---
+ nova/tests/unit/virt/libvirt/test_driver.py | 75 +++++++++++++++++++++++++++++
+ nova/virt/libvirt/driver.py | 27 +++++++++++
+ 2 files changed, 102 insertions(+)
+
+diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
+index 572facd..55051f1 100644
+--- a/nova/tests/unit/virt/libvirt/test_driver.py
++++ b/nova/tests/unit/virt/libvirt/test_driver.py
+@@ -7631,6 +7631,43 @@ class LibvirtConnTestCase(test.NoDBTestCase):
+ fallback_from_host=instance.host)])
+ self.assertIsInstance(res, dict)
+
++ def test_pre_live_migration_recreate_disk_info(self):
++
++ migrate_data = {'is_shared_block_storage': False,
++ 'is_shared_instance_path': False,
++ 'block_migration': True,
++ 'instance_relative_path': '/some/path/'}
++ disk_info = [{'disk_size': 5368709120, 'type': 'raw',
++ 'virt_disk_size': 5368709120,
++ 'path': '/some/path/disk',
++ 'backing_file': '', 'over_committed_disk_size': 0},
++ {'disk_size': 1073741824, 'type': 'raw',
++ 'virt_disk_size': 1073741824,
++ 'path': '/some/path/disk.eph0',
++ 'backing_file': '', 'over_committed_disk_size': 0}]
++ image_disk_info = {'/some/path/disk': 'raw',
++ '/some/path/disk.eph0': 'raw'}
++
++ drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
++ instance = objects.Instance(**self.test_instance)
++ instance_path = os.path.dirname(disk_info[0]['path'])
++ disk_info_path = os.path.join(instance_path, 'disk.info')
++
++ with test.nested(
++ mock.patch.object(os, 'mkdir'),
++ mock.patch.object(fake_libvirt_utils, 'write_to_file'),
++ mock.patch.object(drvr, '_create_images_and_backing')
++ ) as (
++ mkdir, write_to_file, create_images_and_backing
++ ):
++ drvr.pre_live_migration(self.context, instance,
++ block_device_info=None,
++ network_info=[],
++ disk_info=jsonutils.dumps(disk_info),
++ migrate_data=migrate_data)
++ write_to_file.assert_called_with(disk_info_path,
++ jsonutils.dumps(image_disk_info))
++
+ def test_get_instance_disk_info_works_correctly(self):
+ # Test data
+ instance = objects.Instance(**self.test_instance)
+@@ -12823,6 +12860,44 @@ class LibvirtDriverTestCase(test.NoDBTestCase):
+ flavor_obj = objects.Flavor(**flavor)
+ self._test_migrate_disk_and_power_off(flavor_obj)
+
++ @mock.patch('nova.utils.execute')
++ @mock.patch('nova.virt.libvirt.utils.copy_image')
++ @mock.patch('nova.virt.libvirt.driver.LibvirtDriver._destroy')
++ @mock.patch('nova.virt.libvirt.utils.get_instance_path')
++ @mock.patch('nova.virt.libvirt.driver.LibvirtDriver'
++ '._is_storage_shared_with')
++ @mock.patch('nova.virt.libvirt.driver.LibvirtDriver'
++ '.get_instance_disk_info')
++ def test_migrate_disk_and_power_off_resize_copy_disk_info(self,
++ mock_disk_info,
++ mock_shared,
++ mock_path,
++ mock_destroy,
++ mock_copy,
++ mock_execuate):
++
++ instance = self._create_instance()
++ disk_info = self._disk_info()
++ disk_info_text = jsonutils.loads(disk_info)
++ instance_base = os.path.dirname(disk_info_text[0]['path'])
++ flavor = {'root_gb': 10, 'ephemeral_gb': 25}
++ flavor_obj = objects.Flavor(**flavor)
++
++ mock_disk_info.return_value = disk_info
++ mock_path.return_value = instance_base
++ mock_shared.return_value = False
++
++ self.drvr.migrate_disk_and_power_off(context.get_admin_context(),
++ instance, mock.sentinel,
++ flavor_obj, None)
++
++ src_disk_info_path = os.path.join(instance_base + '_resize',
++ 'disk.info')
++ dst_disk_info_path = os.path.join(instance_base, 'disk.info')
++ mock_copy.assert_any_call(src_disk_info_path, dst_disk_info_path,
++ host=mock.sentinel, on_execute=mock.ANY,
++ on_completion=mock.ANY, compression=mock.ANY)
++
+ def test_wait_for_running(self):
+ def fake_get_info(instance):
+ if instance['name'] == "not_found":
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index 6328d05..fb53eee 100644
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -6279,6 +6279,24 @@ class LibvirtDriver(driver.ComputeDriver):
+ instance=instance)
+ os.mkdir(instance_dir)
+
++ # Recreate the disk.info file and in doing so stop the
++ # imagebackend from recreating it incorrectly by inspecting the
++ # contents of each file when using the Raw backend.
++ if disk_info:
++ image_disk_info = {}
++ for info in disk_info:
++ image_file = os.path.basename(info['path'])
++ image_path = os.path.join(instance_dir, image_file)
++ image_disk_info[image_path] = info['type']
++
++ LOG.debug('Creating disk.info with the contents: %s',
++ image_disk_info, instance=instance)
++
++ image_disk_info_path = os.path.join(instance_dir,
++ 'disk.info')
++ libvirt_utils.write_to_file(image_disk_info_path,
++ jsonutils.dumps(image_disk_info))
++
+ if not is_shared_block_storage:
+ # Ensure images and backing files are present.
+ LOG.debug('Checking to make sure images and backing files are '
+@@ -6823,6 +6841,15 @@ class LibvirtDriver(driver.ComputeDriver):
+ on_execute=on_execute,
+ on_completion=on_completion,
+ compression=compression)
++
++ # Ensure disk.info is written to the new path to avoid disks being
++ # reinspected and potentially changing format.
++ src_disk_info_path = os.path.join(inst_base_resize, 'disk.info')
++ dst_disk_info_path = os.path.join(inst_base, 'disk.info')
++ libvirt_utils.copy_image(src_disk_info_path, dst_disk_info_path,
++ host=dest, on_execute=on_execute,
++ on_completion=on_completion,
++ compression=compression)
+ except Exception:
+ with excutils.save_and_reraise_exception():
+ self._cleanup_remote_migration(dest, inst_base,
+--
+1.9.1
+
diff --git a/sys-cluster/nova/nova-12.0.2.ebuild b/sys-cluster/nova/nova-12.0.2-r1.ebuild
similarity index 99%
rename from sys-cluster/nova/nova-12.0.2.ebuild
rename to sys-cluster/nova/nova-12.0.2-r1.ebuild
index 7fb35af..7b04386 100644
--- a/sys-cluster/nova/nova-12.0.2.ebuild
+++ b/sys-cluster/nova/nova-12.0.2-r1.ebuild
@@ -229,6 +229,7 @@ RDEPEND="
)"
PATCHES=(
+ "${PV}-CVE-2016-2140.patch"
)
pkg_setup() {
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/nova/files/, sys-cluster/nova/
@ 2016-05-16 19:00 Matt Thode
0 siblings, 0 replies; 6+ messages in thread
From: Matt Thode @ 2016-05-16 19:00 UTC (permalink / raw
To: gentoo-commits
commit: 0d78d93072fe5e33cad6548418d6291fffbafed7
Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Mon May 16 18:57:11 2016 +0000
Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Mon May 16 18:59:38 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d78d930
sys-cluster/nova: remove old
Package-Manager: portage-2.2.28
sys-cluster/nova/Manifest | 1 -
sys-cluster/nova/files/12.0.2-CVE-2016-2140.patch | 165 ------------
sys-cluster/nova/nova-12.0.2-r1.ebuild | 313 ----------------------
3 files changed, 479 deletions(-)
diff --git a/sys-cluster/nova/Manifest b/sys-cluster/nova/Manifest
index 3d9b928..d5a101f 100644
--- a/sys-cluster/nova/Manifest
+++ b/sys-cluster/nova/Manifest
@@ -1,5 +1,4 @@
DIST liberty-nova.conf.sample 134201 SHA256 32752212c571c4a1473c3fa8bbd197a658ee54e233b4d46a157807be42997e42 SHA512 5325a31a0fccb9898bec0a022f5430dcc1729615c8eac88a4261c403f9ecd8ce2b07d73b52f3bc2c5cbe681234b30b923adb94385aac28e08d982a8f8bfef350 WHIRLPOOL 6d2894160a96742551777ce397b67f332c4f2793402f4634a2cfd0005ba99fb077cf0d0306a59e4b8c7f689914860e5d7f45d838c845d6a896a66c24f0f141c0
DIST mitaka-nova.conf.sample 36427 SHA256 dd4c3ccab89fbe9f69df520f47d439c7ffa440d3f8b288b0ab99ac328a02ec75 SHA512 169671bde5cb5bb89065d801f80aa0d3c664af652d9ddb0c409ed3e0af2c0b94f1dbd0ebf834849e3e75dc38972935ec65a6e533d86148a7315839597d577cad WHIRLPOOL 20f95a296c3d112a532c9c5cc911d30b67472868d94bcfd52fadfd7105f9095a6b77020ca1caa6a70319548239358868d809feed363a82e4d574aceb6e5f016d
-DIST nova-12.0.2.tar.gz 5243206 SHA256 4b15dcf88f39c5b71b8a31f678844d55b7dbe05aac49e1a8b6cebcf75fff61f7 SHA512 f906cdbce0ca68e056237b3b151a7d665d7dc8ffdd6b2fe6d0aeda271cc8b682891360b3c425d39d5b04cbfe73cdde9a3e2a9a8c28dab06a527557afdc446ef1 WHIRLPOOL 422545f6e326235ebb8493621d46bc12d83c4b20ecd02252addc7d68de7a3ac9e82e6ade40001f19548e4c4b39867078e72c62b2bd0649bad1bdc8336dd35490
DIST nova-12.0.3.tar.gz 5254275 SHA256 663810ec70613cfdae01d7253a56b5ea8014a78f67a65b5e662840122faa139d SHA512 4ab65e347cd0e05d48c5dc1501dd6142f0fb28e84334b8812e838e3a79d206f932b0319346f0e1adba42521a8b8b1c2e781e05b69711ba55b1bd9e11e947ef64 WHIRLPOOL d37b767656cd9755017e195cda823ec7514933f1e13650d4fa6f797981776dcf6438dd7e5f2e9948f762241416abf6f8ec78b61033e1cecfb9e6f750108f8199
DIST nova-13.0.0.tar.gz 5455425 SHA256 3506c63ae3ab6331d51b47759d55999efebf4ea25575bb3ce27e10422220a073 SHA512 653507ac6afae86f46b47bb22592d92cf40acd03cf8aa2449dfbbdf2d5e1b01709f3f78d23d429fcb35daf162a8ee1ddb91c35e4f0aa32f30572d92d8cdaf876 WHIRLPOOL 1a85a9bff9e7fa89d41610f74e149238275c54c4f19972efc647dda0cdcb866a840017810e6aaba71f94b99bbf0a4523fdc64fb613ec2ecf452d5beef0806ce1
diff --git a/sys-cluster/nova/files/12.0.2-CVE-2016-2140.patch b/sys-cluster/nova/files/12.0.2-CVE-2016-2140.patch
deleted file mode 100644
index 20b35b7..0000000
--- a/sys-cluster/nova/files/12.0.2-CVE-2016-2140.patch
+++ /dev/null
@@ -1,165 +0,0 @@
-From 8d5ba34751c0ae8093f987d74348dffd8ca0b61c Mon Sep 17 00:00:00 2001
-From: Lee Yarwood <lyarwood@redhat.com>
-Date: Wed, 24 Feb 2016 11:23:22 +0000
-Subject: [PATCH] libvirt: Always copy or recreate disk.info during a migration
-
-The disk.info file contains the path and format of any image, config or
-ephermal disk associated with an instance. When using RAW images and migrating
-an instance this file should always be copied or recreated. This avoids the Raw
-imagebackend reinspecting the format of these disks when spawning the instance
-on the destination host.
-
-By not copying or recreating this disk.info file, a malicious image written to
-an instance disk on the source host will cause Nova to reinspect and record a
-different format for the disk on the destination. This format then being used
-incorrectly when finally spawning the instance on the destination.
-
-SecurityImpact
-Closes-bug: #1548450
-Change-Id: Idfc16f54049aaeab31ac1c1d8d79a129acc9fb87
----
- nova/tests/unit/virt/libvirt/test_driver.py | 75 +++++++++++++++++++++++++++++
- nova/virt/libvirt/driver.py | 27 +++++++++++
- 2 files changed, 102 insertions(+)
-
-diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
-index 572facd..55051f1 100644
---- a/nova/tests/unit/virt/libvirt/test_driver.py
-+++ b/nova/tests/unit/virt/libvirt/test_driver.py
-@@ -7631,6 +7631,43 @@ class LibvirtConnTestCase(test.NoDBTestCase):
- fallback_from_host=instance.host)])
- self.assertIsInstance(res, dict)
-
-+ def test_pre_live_migration_recreate_disk_info(self):
-+
-+ migrate_data = {'is_shared_block_storage': False,
-+ 'is_shared_instance_path': False,
-+ 'block_migration': True,
-+ 'instance_relative_path': '/some/path/'}
-+ disk_info = [{'disk_size': 5368709120, 'type': 'raw',
-+ 'virt_disk_size': 5368709120,
-+ 'path': '/some/path/disk',
-+ 'backing_file': '', 'over_committed_disk_size': 0},
-+ {'disk_size': 1073741824, 'type': 'raw',
-+ 'virt_disk_size': 1073741824,
-+ 'path': '/some/path/disk.eph0',
-+ 'backing_file': '', 'over_committed_disk_size': 0}]
-+ image_disk_info = {'/some/path/disk': 'raw',
-+ '/some/path/disk.eph0': 'raw'}
-+
-+ drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-+ instance = objects.Instance(**self.test_instance)
-+ instance_path = os.path.dirname(disk_info[0]['path'])
-+ disk_info_path = os.path.join(instance_path, 'disk.info')
-+
-+ with test.nested(
-+ mock.patch.object(os, 'mkdir'),
-+ mock.patch.object(fake_libvirt_utils, 'write_to_file'),
-+ mock.patch.object(drvr, '_create_images_and_backing')
-+ ) as (
-+ mkdir, write_to_file, create_images_and_backing
-+ ):
-+ drvr.pre_live_migration(self.context, instance,
-+ block_device_info=None,
-+ network_info=[],
-+ disk_info=jsonutils.dumps(disk_info),
-+ migrate_data=migrate_data)
-+ write_to_file.assert_called_with(disk_info_path,
-+ jsonutils.dumps(image_disk_info))
-+
- def test_get_instance_disk_info_works_correctly(self):
- # Test data
- instance = objects.Instance(**self.test_instance)
-@@ -12823,6 +12860,44 @@ class LibvirtDriverTestCase(test.NoDBTestCase):
- flavor_obj = objects.Flavor(**flavor)
- self._test_migrate_disk_and_power_off(flavor_obj)
-
-+ @mock.patch('nova.utils.execute')
-+ @mock.patch('nova.virt.libvirt.utils.copy_image')
-+ @mock.patch('nova.virt.libvirt.driver.LibvirtDriver._destroy')
-+ @mock.patch('nova.virt.libvirt.utils.get_instance_path')
-+ @mock.patch('nova.virt.libvirt.driver.LibvirtDriver'
-+ '._is_storage_shared_with')
-+ @mock.patch('nova.virt.libvirt.driver.LibvirtDriver'
-+ '.get_instance_disk_info')
-+ def test_migrate_disk_and_power_off_resize_copy_disk_info(self,
-+ mock_disk_info,
-+ mock_shared,
-+ mock_path,
-+ mock_destroy,
-+ mock_copy,
-+ mock_execuate):
-+
-+ instance = self._create_instance()
-+ disk_info = self._disk_info()
-+ disk_info_text = jsonutils.loads(disk_info)
-+ instance_base = os.path.dirname(disk_info_text[0]['path'])
-+ flavor = {'root_gb': 10, 'ephemeral_gb': 25}
-+ flavor_obj = objects.Flavor(**flavor)
-+
-+ mock_disk_info.return_value = disk_info
-+ mock_path.return_value = instance_base
-+ mock_shared.return_value = False
-+
-+ self.drvr.migrate_disk_and_power_off(context.get_admin_context(),
-+ instance, mock.sentinel,
-+ flavor_obj, None)
-+
-+ src_disk_info_path = os.path.join(instance_base + '_resize',
-+ 'disk.info')
-+ dst_disk_info_path = os.path.join(instance_base, 'disk.info')
-+ mock_copy.assert_any_call(src_disk_info_path, dst_disk_info_path,
-+ host=mock.sentinel, on_execute=mock.ANY,
-+ on_completion=mock.ANY, compression=mock.ANY)
-+
- def test_wait_for_running(self):
- def fake_get_info(instance):
- if instance['name'] == "not_found":
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index 6328d05..fb53eee 100644
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -6279,6 +6279,24 @@ class LibvirtDriver(driver.ComputeDriver):
- instance=instance)
- os.mkdir(instance_dir)
-
-+ # Recreate the disk.info file and in doing so stop the
-+ # imagebackend from recreating it incorrectly by inspecting the
-+ # contents of each file when using the Raw backend.
-+ if disk_info:
-+ image_disk_info = {}
-+ for info in disk_info:
-+ image_file = os.path.basename(info['path'])
-+ image_path = os.path.join(instance_dir, image_file)
-+ image_disk_info[image_path] = info['type']
-+
-+ LOG.debug('Creating disk.info with the contents: %s',
-+ image_disk_info, instance=instance)
-+
-+ image_disk_info_path = os.path.join(instance_dir,
-+ 'disk.info')
-+ libvirt_utils.write_to_file(image_disk_info_path,
-+ jsonutils.dumps(image_disk_info))
-+
- if not is_shared_block_storage:
- # Ensure images and backing files are present.
- LOG.debug('Checking to make sure images and backing files are '
-@@ -6823,6 +6841,15 @@ class LibvirtDriver(driver.ComputeDriver):
- on_execute=on_execute,
- on_completion=on_completion,
- compression=compression)
-+
-+ # Ensure disk.info is written to the new path to avoid disks being
-+ # reinspected and potentially changing format.
-+ src_disk_info_path = os.path.join(inst_base_resize, 'disk.info')
-+ dst_disk_info_path = os.path.join(inst_base, 'disk.info')
-+ libvirt_utils.copy_image(src_disk_info_path, dst_disk_info_path,
-+ host=dest, on_execute=on_execute,
-+ on_completion=on_completion,
-+ compression=compression)
- except Exception:
- with excutils.save_and_reraise_exception():
- self._cleanup_remote_migration(dest, inst_base,
---
-1.9.1
-
diff --git a/sys-cluster/nova/nova-12.0.2-r1.ebuild b/sys-cluster/nova/nova-12.0.2-r1.ebuild
deleted file mode 100644
index 841de6e..0000000
--- a/sys-cluster/nova/nova-12.0.2-r1.ebuild
+++ /dev/null
@@ -1,313 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit distutils-r1 eutils linux-info multilib user
-
-DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python"
-HOMEPAGE="https://launchpad.net/nova"
-SRC_URI="
- https://tarballs.openstack.org/${PN}/${P}.tar.gz
- https://dev.gentoo.org/~prometheanfire/dist/nova/liberty/nova.conf.sample -> liberty-nova.conf.sample"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64 ~arm64 x86"
-IUSE="+compute compute-only iscsi +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test"
-REQUIRED_USE="
- !compute-only? ( || ( mysql postgres sqlite ) )
- compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )"
-
-CDEPEND=">=dev-python/pbr-1.8[${PYTHON_USEDEP}]"
-# need to package dev-python/sphinxcontrib-seqdiag
-DEPEND="
- >=dev-python/setuptools-16.0[${PYTHON_USEDEP}]
- ${CDEPEND}
- app-admin/sudo
- test? (
- ${RDEPEND}
- >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
- <=dev-python/coverage-4.0.3[${PYTHON_USEDEP}]
- >=dev-python/fixtures-1.3.1[${PYTHON_USEDEP}]
- <=dev-python/fixtures-1.4.0-r9999[${PYTHON_USEDEP}]
- >=dev-python/mock-1.2[${PYTHON_USEDEP}]
- <=dev-python/mock-1.3.0[${PYTHON_USEDEP}]
- >=dev-python/mox3-0.7.0[${PYTHON_USEDEP}]
- <=dev-python/mox3-0.12.0[${PYTHON_USEDEP}]
- >=dev-python/psycopg-2.5[${PYTHON_USEDEP}]
- <=dev-python/psycopg-2.6.1[${PYTHON_USEDEP}]
- >=dev-python/pymysql-0.6.2[${PYTHON_USEDEP}]
- <=dev-python/pymysql-0.6.7[${PYTHON_USEDEP}]
- ~dev-python/python-barbicanclient-3.3.0[${PYTHON_USEDEP}]
- >=dev-python/python-ironicclient-0.8.0[${PYTHON_USEDEP}]
- <=dev-python/python-ironicclient-1.0.0[${PYTHON_USEDEP}]
- >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
- <=dev-python/subunit-1.2.0[${PYTHON_USEDEP}]
- >=dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}]
- <=dev-python/requests-mock-0.7.0[${PYTHON_USEDEP}]
- >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
- !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
- <dev-python/sphinx-1.3[${PYTHON_USEDEP}]
- >=dev-python/pillow-2.4.0[${PYTHON_USEDEP}]
- <dev-python/pillow-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-sphinx-4.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
- <=dev-python/oslotest-2.0.0[${PYTHON_USEDEP}]
- >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
- <=dev-python/testrepository-0.0.20[${PYTHON_USEDEP}]
- >=dev-python/testresources-0.2.4[${PYTHON_USEDEP}]
- <=dev-python/testresources-1.0.0-r9999[${PYTHON_USEDEP}]
- >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
- <=dev-python/testtools-1.8.1[${PYTHON_USEDEP}]
- >=dev-python/tempest-lib-0.8.0[${PYTHON_USEDEP}]
- <=dev-python/tempest-lib-0.11.0[${PYTHON_USEDEP}]
- >=dev-python/bandit-0.13.2[${PYTHON_USEDEP}]
- <=dev-python/bandit-0.16.2[${PYTHON_USEDEP}]
- >=dev-python/oslo-vmware-0.16.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-vmware-2.1.0[${PYTHON_USEDEP}]
- >=dev-python/reno-0.1.1[${PYTHON_USEDEP}]
- )"
-
-# barbicanclient is in here for doc generation
-RDEPEND="
- ${CDEPEND}
- compute-only? (
- >=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}]
- )
- sqlite? (
- >=dev-python/sqlalchemy-0.9.9[sqlite,${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.0.10[sqlite,${PYTHON_USEDEP}]
- )
- mysql? (
- dev-python/mysql-python
- >=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}]
- )
- postgres? (
- dev-python/psycopg:2
- >=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}]
- )
- >=dev-python/boto-2.32.1[${PYTHON_USEDEP}]
- <=dev-python/boto-2.38.0[${PYTHON_USEDEP}]
- >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}]
- <=dev-python/decorator-4.0.6[${PYTHON_USEDEP}]
- ~dev-python/eventlet-0.17.4[${PYTHON_USEDEP}]
- >=dev-python/jinja-2.6[${PYTHON_USEDEP}]
- <=dev-python/jinja-2.8[${PYTHON_USEDEP}]
- >=dev-python/keystonemiddleware-2.0.0[${PYTHON_USEDEP}]
- !~dev-python/keystonemiddleware-2.4.0[${PYTHON_USEDEP}]
- <=dev-python/keystonemiddleware-4.0.0[${PYTHON_USEDEP}]
- >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
- <=dev-python/lxml-3.5.0[${PYTHON_USEDEP}]
- >=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
- !~dev-python/routes-2.0[${PYTHON_USEDEP}]
- !~dev-python/routes-2.1[$(python_gen_usedep 'python2_7')]
- <=dev-python/routes-2.2[${PYTHON_USEDEP}]
- >=dev-python/cryptography-1.0[${PYTHON_USEDEP}]
- <=dev-python/cryptography-1.1.2-r9999[${PYTHON_USEDEP}]
- >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
- <=dev-python/webob-1.5.1[${PYTHON_USEDEP}]
- >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
- <=dev-python/greenlet-0.4.9[${PYTHON_USEDEP}]
- >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
- <=dev-python/pastedeploy-1.5.2[${PYTHON_USEDEP}]
- <=dev-python/paste-2.0.2[${PYTHON_USEDEP}]
- >=dev-python/prettytable-0.7[${PYTHON_USEDEP}]
- <dev-python/prettytable-0.8[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-migrate-0.9.6[${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-migrate-0.10.0[${PYTHON_USEDEP}]
- >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
- !~dev-python/netaddr-0.7.16[${PYTHON_USEDEP}]
- <=dev-python/netaddr-0.7.18[${PYTHON_USEDEP}]
- ~dev-python/netifaces-0.10.4[${PYTHON_USEDEP}]
- >=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}]
- <=dev-python/paramiko-1.16.0[${PYTHON_USEDEP}]
- >=dev-python/Babel-1.3[${PYTHON_USEDEP}]
- <=dev-python/Babel-2.1.1[${PYTHON_USEDEP}]
- >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
- <=dev-python/iso8601-0.1.11[${PYTHON_USEDEP}]
- >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
- !~dev-python/jsonschema-2.5.0[${PYTHON_USEDEP}]
- <dev-python/jsonschema-2.5.1-r9999[${PYTHON_USEDEP}]
- >=dev-python/python-cinderclient-1.3.1[${PYTHON_USEDEP}]
- <=dev-python/python-cinderclient-1.5.0[${PYTHON_USEDEP}]
- >=dev-python/python-keystoneclient-1.6.0[${PYTHON_USEDEP}]
- !~dev-python/python-keystoneclient-1.8.0[${PYTHON_USEDEP}]
- <=dev-python/python-keystoneclient-2.0.0-r9999[${PYTHON_USEDEP}]
- >=dev-python/python-neutronclient-2.6.0[${PYTHON_USEDEP}]
- <=dev-python/python-neutronclient-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}]
- <=dev-python/python-glanceclient-1.2.0[${PYTHON_USEDEP}]
- >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
- <=dev-python/python-barbicanclient-3.3.0[${PYTHON_USEDEP}]
- >=dev-python/requests-2.5.2[${PYTHON_USEDEP}]
- !~dev-python/requests-2.8.0[${PYTHON_USEDEP}]
- !~dev-python/requests-2.9.0[${PYTHON_USEDEP}]
- <=dev-python/requests-2.8.1[${PYTHON_USEDEP}]
- >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
- <=dev-python/six-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/stevedore-1.5.0[${PYTHON_USEDEP}]
- <=dev-python/stevedore-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/setuptools-16.0[${PYTHON_USEDEP}]
- >=dev-python/websockify-0.6.1[${PYTHON_USEDEP}]
- >=dev-python/websockify-0.6.1[${PYTHON_USEDEP}]
- <=dev-python/websockify-0.7.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-concurrency-2.3.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-concurrency-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-2.3.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-config-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-context-1.0.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-log-1.8.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-log-2.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-reports-0.1.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-reports-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-serialization-2.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-utils-2.0.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-utils-2.6.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-utils-3.2.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-db-2.4.1[${PYTHON_USEDEP}]
- <=dev-python/oslo-db-4.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-rootwrap-2.0.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-rootwrap-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-messaging-1.16.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-messaging-1.17.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-messaging-1.17.1[${PYTHON_USEDEP}]
- !~dev-python/oslo-messaging-2.6.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-messaging-2.6.1[${PYTHON_USEDEP}]
- !~dev-python/oslo-messaging-2.7.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-messaging-2.8.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-messaging-2.8.1[${PYTHON_USEDEP}]
- !~dev-python/oslo-messaging-2.9.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-messaging-3.1.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-messaging-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-i18n-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-service-0.7.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-service-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}]
- <=dev-python/rfc3986-0.3.1[${PYTHON_USEDEP}]
- >=dev-python/oslo-middleware-2.8.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-middleware-3.0.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-middleware-3.1.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-middleware-3.2.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-middleware-3.3.0[${PYTHON_USEDEP}]
- >=dev-python/psutil-1.1.1[${PYTHON_USEDEP}]
- <dev-python/psutil-2.0.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-versionedobjects-0.9.0[${PYTHON_USEDEP}]
- <=dev-python/oslo-versionedobjects-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/alembic-0.8.0[${PYTHON_USEDEP}]
- <=dev-python/alembic-0.8.3[${PYTHON_USEDEP}]
- >=dev-python/os-brick-0.4.0[${PYTHON_USEDEP}]
- <=dev-python/os-brick-0.6.0[${PYTHON_USEDEP}]
- <=dev-python/libvirt-python-1.3.0[${PYTHON_USEDEP}]
- app-emulation/libvirt[iscsi?]
- novncproxy? ( www-apps/novnc )
- sys-apps/iproute2
- openvswitch? ( <=net-misc/openvswitch-2.5.9999 )
- rabbitmq? ( net-misc/rabbitmq-server )
- memcached? ( net-misc/memcached
- <=dev-python/python-memcached-1.57 )
- sys-fs/sysfsutils
- sys-fs/multipath-tools
- net-misc/bridge-utils
- compute? (
- app-cdr/cdrkit
- sys-fs/dosfstools
- app-emulation/qemu
- )
- iscsi? (
- sys-fs/lsscsi
- >=sys-block/open-iscsi-2.0.872-r3
- )"
-
-PATCHES=(
- "${FILESDIR}/${PV}-CVE-2016-2140.patch"
-)
-
-pkg_setup() {
- linux-info_pkg_setup
- CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \
- IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \
- NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \
- ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT"
- if linux_config_exists; then
- for module in ${CONFIG_CHECK_MODULES}; do
- linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel"
- done
- fi
- enewgroup nova
- enewuser nova -1 -1 /var/lib/nova nova
-}
-
-python_prepare_all() {
- sed -i '/^hacking/d' test-requirements.txt || die
- distutils-r1_python_prepare_all
-}
-
-python_test() {
- testr init
- testr run --parallel || die "failed testsuite under python2.7"
-}
-
-python_install() {
- distutils-r1_python_install
-
- if use !compute-only; then
- for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
- newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
- done
- fi
- use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
- use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
-
- diropts -m 0750 -o nova -g qemu
- dodir /var/log/nova /var/lib/nova/instances
- diropts -m 0750 -o nova -g nova
-
- insinto /etc/nova
- insopts -m 0640 -o nova -g nova
- newins "${FILESDIR}/etc.liberty/api-paste.ini" "api-paste.ini"
- newins "${FILESDIR}/etc.liberty/cells.json" "cells.json"
- newins "${FILESDIR}/etc.liberty/logging_sample.conf" "logging_sample.conf"
- newins "${DISTDIR}/liberty-nova.conf.sample" "nova.conf.sample"
- newins "${FILESDIR}/etc.liberty/policy.json" "policy.json"
- newins "${FILESDIR}/etc.liberty/rootwrap.conf" "rootwrap.conf"
- #rootwrap filters
- insinto /etc/nova/rootwrap.d
- newins "${FILESDIR}/etc.liberty/rootwrap.d/api-metadata.filters" "api-metadata.filters"
- newins "${FILESDIR}/etc.liberty/rootwrap.d/compute.filters" "compute.filters"
- newins "${FILESDIR}/etc.liberty/rootwrap.d/network.filters" "network.filters"
- #copy migration conf file (not coppied on install via setup.py script)
- insopts -m 0644
- insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
- doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
- #copy the CA cert dir (not coppied on install via setup.py script)
- cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed"
-
- #add sudoers definitions for user nova
- insinto /etc/sudoers.d/
- insopts -m 0600 -o root -g root
- doins "${FILESDIR}/nova-sudoers"
-
- if use iscsi ; then
- # Install udev rules for handle iscsi disk with right links under /dev
- udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules
-
- insinto /etc/nova/
- doins "${FILESDIR}/scsi-openscsi-link.sh"
- fi
-}
-
-pkg_postinst() {
- if use iscsi ; then
- elog "iscsid needs to be running if you want cinder to connect"
- fi
-}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/nova/files/, sys-cluster/nova/
@ 2018-01-28 4:13 Matt Thode
0 siblings, 0 replies; 6+ messages in thread
From: Matt Thode @ 2018-01-28 4:13 UTC (permalink / raw
To: gentoo-commits
commit: d9b57bc67eefacce442cb56874e1f5cad5ada35e
Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 28 03:44:25 2018 +0000
Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Sun Jan 28 04:13:02 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9b57bc6
sys-cluster/nova: remove ocata
Package-Manager: Portage-2.3.19, Repoman-2.3.6
sys-cluster/nova/Manifest | 3 -
sys-cluster/nova/files/nova.initd | 21 ++-
sys-cluster/nova/files/nova.initd-2 | 25 ----
sys-cluster/nova/nova-15.1.0.ebuild | 232 -------------------------------
sys-cluster/nova/nova-16.0.4.ebuild | 6 +-
sys-cluster/nova/nova-2017.1.9999.ebuild | 232 -------------------------------
sys-cluster/nova/nova-2017.2.9999.ebuild | 8 +-
7 files changed, 15 insertions(+), 512 deletions(-)
diff --git a/sys-cluster/nova/Manifest b/sys-cluster/nova/Manifest
index d7e3583ed3c..da1cfb44b38 100644
--- a/sys-cluster/nova/Manifest
+++ b/sys-cluster/nova/Manifest
@@ -1,6 +1,3 @@
-DIST nova-15.1.0.tar.gz 5774942 BLAKE2B 6507658dabf1cc9da34c40bf3c5fb77c9e5692ceeea6fe4b38cca8be3cf532db6bbdd14dd71c78e1545791eaf26f60bd9337fca4561d811d1116a32458a86c6d SHA512 a35cc1a1891f0440470cb31cd23f835190d5961a962afc308f54ffe1bb0e47eb0e411915b47e8b89e7f76a2b3c348997848d86fd10123a375c7fbb8c118f66b0
DIST nova-16.0.4.tar.gz 10922054 BLAKE2B 1fb76f0a06149cb67543921cc9f49cd869ebcb85a813079cdde7ed38aded81d0ec5f157b7d031a9269c3df66081cac1d0732286356dc9f8af58de02ba688a9c9 SHA512 8841faca0d3864a7f63f4c6eec637e6676df2b1473dacd0265a34ce4cf8e50bc587892de2f3d54d1e7a499adb8e9c06aca6d7956d010ddabae1ea61c7c5b0581
-DIST nova.conf.sample-15.1.0 344760 BLAKE2B 0c227259325b201740a6a6e0f9a174b8a463ad30b9b09ca819ba23d85ba5471c4e958e23cf96bc8b2dab358521dfc52c216dffc110b46338e80b1821face84e4 SHA512 5c55c752c8752876acbd8d2348abb39d6a8449f637ad2a6515f5c9f4619dbad73c4ae7a6ac4cd164656a0c466ed000a4d68a291050a03a5641fe96b3dd7f732d
DIST nova.conf.sample-16.0.4 360926 BLAKE2B 0cdfcff1d5faf5803de72b8113085591df4d1c7feb0591df786a5bf0e13ff133c1fcc4a2c3ebfdadf2a60943a7810e18813a00f5f78987daf3c271e3ba627911 SHA512 68f548e998396c7b18692fb3b1e9bf267f9bc06d73f602bb8f20bba426b6ede01e270447906f1685133cdbfd43b76ed5a9913b0167ce70f1ff3debd1ca11d378
-DIST nova.conf.sample-2017.1.9999 344760 BLAKE2B 0c227259325b201740a6a6e0f9a174b8a463ad30b9b09ca819ba23d85ba5471c4e958e23cf96bc8b2dab358521dfc52c216dffc110b46338e80b1821face84e4 SHA512 5c55c752c8752876acbd8d2348abb39d6a8449f637ad2a6515f5c9f4619dbad73c4ae7a6ac4cd164656a0c466ed000a4d68a291050a03a5641fe96b3dd7f732d
DIST nova.conf.sample-2017.2.9999 360926 BLAKE2B 0cdfcff1d5faf5803de72b8113085591df4d1c7feb0591df786a5bf0e13ff133c1fcc4a2c3ebfdadf2a60943a7810e18813a00f5f78987daf3c271e3ba627911 SHA512 68f548e998396c7b18692fb3b1e9bf267f9bc06d73f602bb8f20bba426b6ede01e270447906f1685133cdbfd43b76ed5a9913b0167ce70f1ff3debd1ca11d378
diff --git a/sys-cluster/nova/files/nova.initd b/sys-cluster/nova/files/nova.initd
index 7d679ed95fc..ba722949182 100644
--- a/sys-cluster/nova/files/nova.initd
+++ b/sys-cluster/nova/files/nova.initd
@@ -1,30 +1,25 @@
#!/sbin/openrc-run
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
description="Starts ${SVCNAME} service for OpenStack"
-command="/usr/bin/${SVCNAME} -- --config-file /etc/nova/nova.conf"
-pidfile=/var/run/nova/${SVCNAME}.pid
+command="/usr/bin/${SVCNAME}"
+command_args="--config-file /etc/nova/nova.conf"
+pidfile=/run/${SVCNAME}.pid
+command_background=true
required_files=/etc/nova/nova.conf
-start_stop_daemon_args="--quiet --user ${NOVA_USER:-nova}"
if [ "$SVCNAME" == nova-compute ]; then
required_files="${required_files} /etc/nova/nova-compute.conf"
- command="${command} --config-file /etc/nova/nova-compute.conf"
+ command_args="${command_args} --config-file /etc/nova/nova-compute.conf"
fi
-
+start_stop_daemon_args="-u ${NOVA_USER:-nova}"
+retry="SIGTERM/15"
depend() {
use net
}
start_pre() {
- checkpath --directory --owner ${NOVA_USER:-nova}:${NOVA_GROUP:-nova} --mode 0775 ${NOVA_RUN:-/var/run/nova}
checkpath --directory --owner ${NOVA_USER:-nova}:${NOVA_GROUP:-nova} --mode 0775 ${NOVA_RUN:-/var/lock/nova}
}
-
-start() {
- ebegin "Starting ${SVCNAME}"
- start-stop-daemon -S -b -m -p ${pidfile} -q -u ${NOVA_USER:-nova} -x ${command}
- eend $?
-}
diff --git a/sys-cluster/nova/files/nova.initd-2 b/sys-cluster/nova/files/nova.initd-2
deleted file mode 100644
index cb82c947ddf..00000000000
--- a/sys-cluster/nova/files/nova.initd-2
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-description="Starts ${SVCNAME} service for OpenStack"
-
-command="/usr/bin/${SVCNAME}"
-command_args="--config-file /etc/nova/nova.conf"
-pidfile=/run/${SVCNAME}.pid
-command_background=true
-required_files=/etc/nova/nova.conf
-if [ "$SVCNAME" == nova-compute ]; then
- required_files="${required_files} /etc/nova/nova-compute.conf"
- command_args="${command_args} --config-file /etc/nova/nova-compute.conf"
-fi
-start_stop_daemon_args="-u ${NOVA_USER:-nova}"
-retry="SIGTERM/15"
-
-depend() {
- use net
-}
-
-start_pre() {
- checkpath --directory --owner ${NOVA_USER:-nova}:${NOVA_GROUP:-nova} --mode 0775 ${NOVA_RUN:-/var/lock/nova}
-}
diff --git a/sys-cluster/nova/nova-15.1.0.ebuild b/sys-cluster/nova/nova-15.1.0.ebuild
deleted file mode 100644
index 51f6f6060bf..00000000000
--- a/sys-cluster/nova/nova-15.1.0.ebuild
+++ /dev/null
@@ -1,232 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python2_7 python3_{4,5} )
-
-inherit distutils-r1 eutils linux-info multilib user
-
-DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python"
-HOMEPAGE="https://launchpad.net/nova"
-SRC_URI="https://dev.gentoo.org/~prometheanfire/dist/openstack/nova/ocata/nova.conf.sample -> nova.conf.sample-${PV}
- https://tarballs.openstack.org/${PN}/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64 ~arm64 x86"
-IUSE="+compute compute-only iscsi +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite"
-REQUIRED_USE="
- !compute-only? ( || ( mysql postgres sqlite ) )
- compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )"
-
-CDEPEND="
- >=dev-python/setuptools-16.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-24.0.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.0.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.0.1[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.0.2[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.0.3[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.1.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.1.1[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.2.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.3.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.3.1[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.3.2[${PYTHON_USEDEP}]
- !~dev-python/setuptools-36.2.0[${PYTHON_USEDEP}]
- >=dev-python/pbr-1.8[${PYTHON_USEDEP}]"
-DEPEND="
- ${CDEPEND}
- app-admin/sudo"
-
-RDEPEND="
- ${CDEPEND}
- compute-only? (
- >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
- )
- sqlite? (
- >=dev-python/sqlalchemy-1.0.10[sqlite,${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.1.0[sqlite,${PYTHON_USEDEP}]
- )
- mysql? (
- >=dev-python/pymysql-0.7.6[${PYTHON_USEDEP}]
- !~dev-python/pymysql-0.7.7[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
- )
- postgres? (
- >=dev-python/psycopg-2.5.0[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
- )
- >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}]
- >=dev-python/eventlet-0.18.4[${PYTHON_USEDEP}]
- >=dev-python/jinja-2.8[${PYTHON_USEDEP}]
- !~dev-python/jinja-2.9.0[${PYTHON_USEDEP}]
- !~dev-python/jinja-2.9.1[${PYTHON_USEDEP}]
- !~dev-python/jinja-2.9.2[${PYTHON_USEDEP}]
- !~dev-python/jinja-2.9.3[${PYTHON_USEDEP}]
- !~dev-python/jinja-2.9.4[${PYTHON_USEDEP}]
- >=dev-python/keystonemiddleware-4.12.0[${PYTHON_USEDEP}]
- >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
- !~dev-python/lxml-3.7.0[${PYTHON_USEDEP}]
- >=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
- !~dev-python/routes-2.0[${PYTHON_USEDEP}]
- !~dev-python/routes-2.1[$(python_gen_usedep 'python2_7')]
- !~dev-python/routes-2.3[${PYTHON_USEDEP}]
- >=dev-python/cryptography-1.0[${PYTHON_USEDEP}]
- !~dev-python/cryptography-1.3.0[${PYTHON_USEDEP}]
- >=dev-python/webob-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
- >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
- dev-python/paste[${PYTHON_USEDEP}]
- >=dev-python/prettytable-0.7.1[${PYTHON_USEDEP}]
- <dev-python/prettytable-0.8[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-migrate-0.9.6[${PYTHON_USEDEP}]
- >=dev-python/netaddr-0.7.13[${PYTHON_USEDEP}]
- !~dev-python/netaddr-0.7.16[${PYTHON_USEDEP}]
- >=dev-python/netifaces-0.10.4[${PYTHON_USEDEP}]
- >=dev-python/paramiko-2.0[${PYTHON_USEDEP}]
- >=dev-python/Babel-2.3.4[${PYTHON_USEDEP}]
- >=dev-python/iso8601-0.1.11[${PYTHON_USEDEP}]
- >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
- !~dev-python/jsonschema-2.5.0[${PYTHON_USEDEP}]
- <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/python-cinderclient-1.6.0[${PYTHON_USEDEP}]
- !~dev-python/python-cinderclient-1.7.0[${PYTHON_USEDEP}]
- !~dev-python/python-cinderclient-1.7.1[${PYTHON_USEDEP}]
- >=dev-python/keystoneauth-2.18.0[${PYTHON_USEDEP}]
- >=dev-python/python-neutronclient-5.1.0[${PYTHON_USEDEP}]
- >=dev-python/python-glanceclient-2.5.0[${PYTHON_USEDEP}]
- >=dev-python/requests-2.10.0[${PYTHON_USEDEP}]
- !~dev-python/requests-2.12.2[${PYTHON_USEDEP}]
- >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/stevedore-1.17.1[${PYTHON_USEDEP}]
- >=dev-python/websockify-0.8.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-cache-1.5.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-concurrency-3.8.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-3.14.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-config-3.18.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-context-2.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-log-3.11.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-reports-0.6.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-serialization-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-utils-3.18.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-db-4.15.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-rootwrap-5.0.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-messaging-5.14.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-policy-1.17.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-privsep-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-i18n-2.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-service-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/rfc3986-0.3.1[${PYTHON_USEDEP}]
- >=dev-python/oslo-middleware-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/psutil-3.0.1[${PYTHON_USEDEP}]
- >=dev-python/oslo-versionedobjects-1.17.0[${PYTHON_USEDEP}]
- >=dev-python/os-brick-1.8.0[${PYTHON_USEDEP}]
- >=dev-python/os-vif-1.4.0[${PYTHON_USEDEP}]
- >=dev-python/os-win-1.4.0[${PYTHON_USEDEP}]
- >=dev-python/castellan-0.4.0[${PYTHON_USEDEP}]
- >=dev-python/microversion-parse-0.1.2[${PYTHON_USEDEP}]
- >=dev-python/os-xenapi-0.1.1[${PYTHON_USEDEP}]
- dev-python/libvirt-python[${PYTHON_USEDEP}]
- app-emulation/libvirt[iscsi?]
- novncproxy? ( www-apps/novnc )
- sys-apps/iproute2
- openvswitch? ( net-misc/openvswitch )
- rabbitmq? ( net-misc/rabbitmq-server )
- memcached? (
- net-misc/memcached
- >=dev-python/python-memcached-1.58
- )
- sys-fs/sysfsutils
- sys-fs/multipath-tools
- net-misc/bridge-utils
- compute? (
- app-cdr/cdrtools
- sys-fs/dosfstools
- app-emulation/qemu
- )
- iscsi? (
- sys-fs/lsscsi
- >=sys-block/open-iscsi-2.0.873-r1
- )"
-
-#PATCHES=(
-#)
-
-pkg_setup() {
- linux-info_pkg_setup
- CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \
- IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \
- NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \
- ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT"
- if linux_config_exists; then
- for module in ${CONFIG_CHECK_MODULES}; do
- linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel"
- done
- fi
- enewgroup nova
- enewuser nova -1 -1 /var/lib/nova nova
-}
-
-python_prepare_all() {
- sed -i '/^hacking/d' test-requirements.txt || die
- distutils-r1_python_prepare_all
-}
-
-python_install_all() {
- distutils-r1_python_install_all
-
- if use !compute-only; then
- for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
- newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
- done
- fi
- use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
- use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
-
- diropts -m 0750 -o nova -g qemu
- dodir /var/log/nova /var/lib/nova/instances
- diropts -m 0750 -o nova -g nova
-
- insinto /etc/nova
- insopts -m 0640 -o nova -g nova
- newins "${DISTDIR}/nova.conf.sample-${PV}" "nova.conf.sample"
- doins "${FILESDIR}/nova-compute.conf"
- doins "${S}/etc/nova/"*
- # rootwrap filters
- insopts -m 0644
- insinto /etc/nova/rootwrap.d
- doins "etc/nova/rootwrap.d/api-metadata.filters"
- doins "etc/nova/rootwrap.d/compute.filters"
- doins "etc/nova/rootwrap.d/network.filters"
-
- # add sudoers definitions for user nova
- insinto /etc/sudoers.d/
- insopts -m 0600 -o root -g root
- doins "${FILESDIR}/nova-sudoers"
-
- if use iscsi ; then
- # Install udev rules for handle iscsi disk with right links under /dev
- udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules
-
- insinto /etc/nova/
- doins "${FILESDIR}/scsi-openscsi-link.sh"
- fi
-}
-
-python_install() {
- distutils-r1_python_install
- # copy migration conf file (not coppied on install via setup.py script)
- insinto "$(python_get_sitedir)/db/sqlalchemy/migrate_repo/"
- doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
- # copy the CA cert dir (not coppied on install via setup.py script)
- cp -R "${S}/nova/CA" "${D}/$(python_get_sitedir)/nova/" || die "installing CA files failed"
-}
-
-pkg_postinst() {
- if use iscsi ; then
- elog "iscsid needs to be running if you want cinder to connect"
- fi
-}
diff --git a/sys-cluster/nova/nova-16.0.4.ebuild b/sys-cluster/nova/nova-16.0.4.ebuild
index 7fe984e7df0..8856721e03f 100644
--- a/sys-cluster/nova/nova-16.0.4.ebuild
+++ b/sys-cluster/nova/nova-16.0.4.ebuild
@@ -199,11 +199,11 @@ python_install_all() {
if use !compute-only; then
for svc in api conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
- newinitd "${FILESDIR}/nova.initd-2" "nova-${svc}"
+ newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
done
fi
- use compute && newinitd "${FILESDIR}/nova.initd-2" "nova-compute"
- use novncproxy && newinitd "${FILESDIR}/nova.initd-2" "nova-novncproxy"
+ use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
+ use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
diropts -m 0750 -o nova -g qemu
dodir /var/log/nova /var/lib/nova/instances
diff --git a/sys-cluster/nova/nova-2017.1.9999.ebuild b/sys-cluster/nova/nova-2017.1.9999.ebuild
deleted file mode 100644
index fa38dc98720..00000000000
--- a/sys-cluster/nova/nova-2017.1.9999.ebuild
+++ /dev/null
@@ -1,232 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python2_7 python3_{4,5} )
-
-inherit distutils-r1 eutils git-r3 linux-info multilib user
-
-DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python"
-HOMEPAGE="https://launchpad.net/nova"
-SRC_URI="https://dev.gentoo.org/~prometheanfire/dist/openstack/nova/ocata/nova.conf.sample -> nova.conf.sample-${PV}"
-EGIT_REPO_URI="https://github.com/openstack/nova.git"
-EGIT_BRANCH="stable/ocata"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS=""
-IUSE="+compute compute-only iscsi +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite"
-REQUIRED_USE="
- !compute-only? ( || ( mysql postgres sqlite ) )
- compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )"
-
-CDEPEND="
- >=dev-python/setuptools-16.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-24.0.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.0.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.0.1[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.0.2[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.0.3[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.1.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.1.1[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.2.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.3.0[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.3.1[${PYTHON_USEDEP}]
- !~dev-python/setuptools-34.3.2[${PYTHON_USEDEP}]
- >=dev-python/pbr-1.8[${PYTHON_USEDEP}]"
-DEPEND="
- ${CDEPEND}
- app-admin/sudo"
-
-RDEPEND="
- ${CDEPEND}
- compute-only? (
- >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
- )
- sqlite? (
- >=dev-python/sqlalchemy-1.0.10[sqlite,${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.1.0[sqlite,${PYTHON_USEDEP}]
- )
- mysql? (
- >=dev-python/pymysql-0.7.6[${PYTHON_USEDEP}]
- !~dev-python/pymysql-0.7.7[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
- )
- postgres? (
- >=dev-python/psycopg-2.5.0[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
- )
- >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}]
- >=dev-python/eventlet-0.18.4[${PYTHON_USEDEP}]
- >=dev-python/jinja-2.8[${PYTHON_USEDEP}]
- !~dev-python/jinja-2.9.0[${PYTHON_USEDEP}]
- !~dev-python/jinja-2.9.1[${PYTHON_USEDEP}]
- !~dev-python/jinja-2.9.2[${PYTHON_USEDEP}]
- !~dev-python/jinja-2.9.3[${PYTHON_USEDEP}]
- !~dev-python/jinja-2.9.4[${PYTHON_USEDEP}]
- >=dev-python/keystonemiddleware-4.12.0[${PYTHON_USEDEP}]
- >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
- !~dev-python/lxml-3.7.0[${PYTHON_USEDEP}]
- >=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
- !~dev-python/routes-2.0[${PYTHON_USEDEP}]
- !~dev-python/routes-2.1[$(python_gen_usedep 'python2_7')]
- !~dev-python/routes-2.3[${PYTHON_USEDEP}]
- >=dev-python/cryptography-1.0[${PYTHON_USEDEP}]
- !~dev-python/cryptography-1.3.0[${PYTHON_USEDEP}]
- >=dev-python/webob-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
- >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
- dev-python/paste[${PYTHON_USEDEP}]
- >=dev-python/prettytable-0.7.1[${PYTHON_USEDEP}]
- <dev-python/prettytable-0.8[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-migrate-0.9.6[${PYTHON_USEDEP}]
- >=dev-python/netaddr-0.7.13[${PYTHON_USEDEP}]
- !~dev-python/netaddr-0.7.16[${PYTHON_USEDEP}]
- >=dev-python/netifaces-0.10.4[${PYTHON_USEDEP}]
- >=dev-python/paramiko-2.0[${PYTHON_USEDEP}]
- >=dev-python/Babel-2.3.4[${PYTHON_USEDEP}]
- >=dev-python/iso8601-0.1.11[${PYTHON_USEDEP}]
- >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
- !~dev-python/jsonschema-2.5.0[${PYTHON_USEDEP}]
- <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/python-cinderclient-1.6.0[${PYTHON_USEDEP}]
- !~dev-python/python-cinderclient-1.7.0[${PYTHON_USEDEP}]
- !~dev-python/python-cinderclient-1.7.1[${PYTHON_USEDEP}]
- >=dev-python/keystoneauth-2.18.0[${PYTHON_USEDEP}]
- >=dev-python/python-neutronclient-5.1.0[${PYTHON_USEDEP}]
- >=dev-python/python-glanceclient-2.5.0[${PYTHON_USEDEP}]
- >=dev-python/requests-2.10.0[${PYTHON_USEDEP}]
- !~dev-python/requests-2.12.2[${PYTHON_USEDEP}]
- >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/stevedore-1.17.1[${PYTHON_USEDEP}]
- >=dev-python/websockify-0.8.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-cache-1.5.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-concurrency-3.8.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-3.14.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-config-3.18.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-context-2.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-log-3.11.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-reports-0.6.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-serialization-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-utils-3.18.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-db-4.15.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-rootwrap-5.0.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-messaging-5.14.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-policy-1.17.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-privsep-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-i18n-2.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-service-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/rfc3986-0.3.1[${PYTHON_USEDEP}]
- >=dev-python/oslo-middleware-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/psutil-3.0.1[${PYTHON_USEDEP}]
- >=dev-python/oslo-versionedobjects-1.17.0[${PYTHON_USEDEP}]
- >=dev-python/os-brick-1.8.0[${PYTHON_USEDEP}]
- >=dev-python/os-vif-1.4.0[${PYTHON_USEDEP}]
- >=dev-python/os-win-1.4.0[${PYTHON_USEDEP}]
- >=dev-python/castellan-0.4.0[${PYTHON_USEDEP}]
- >=dev-python/microversion-parse-0.1.2[${PYTHON_USEDEP}]
- >=dev-python/os-xenapi-0.1.1[${PYTHON_USEDEP}]
- dev-python/libvirt-python[${PYTHON_USEDEP}]
- app-emulation/libvirt[iscsi?]
- novncproxy? ( www-apps/novnc )
- sys-apps/iproute2
- openvswitch? ( net-misc/openvswitch )
- rabbitmq? ( net-misc/rabbitmq-server )
- memcached? (
- net-misc/memcached
- >=dev-python/python-memcached-1.58
- )
- sys-fs/sysfsutils
- sys-fs/multipath-tools
- net-misc/bridge-utils
- compute? (
- app-cdr/cdrtools
- sys-fs/dosfstools
- app-emulation/qemu
- )
- iscsi? (
- sys-fs/lsscsi
- >=sys-block/open-iscsi-2.0.873-r1
- )"
-
-#PATCHES=(
-#)
-
-pkg_setup() {
- linux-info_pkg_setup
- CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \
- IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \
- NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \
- ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT"
- if linux_config_exists; then
- for module in ${CONFIG_CHECK_MODULES}; do
- linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel"
- done
- fi
- enewgroup nova
- enewuser nova -1 -1 /var/lib/nova nova
-}
-
-python_prepare_all() {
- sed -i '/^hacking/d' test-requirements.txt || die
- distutils-r1_python_prepare_all
-}
-
-python_install_all() {
- distutils-r1_python_install_all
-
- if use !compute-only; then
- for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
- newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
- done
- fi
- use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
- use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
-
- diropts -m 0750 -o nova -g qemu
- dodir /var/log/nova /var/lib/nova/instances
- diropts -m 0750 -o nova -g nova
-
- insinto /etc/nova
- insopts -m 0640 -o nova -g nova
- newins "${DISTDIR}/nova.conf.sample-${PV}" "nova.conf.sample"
- doins "${FILESDIR}/nova-compute.conf"
- doins "${S}/etc/nova/"*
- # rootwrap filters
- insopts -m 0644
- insinto /etc/nova/rootwrap.d
- doins "etc/nova/rootwrap.d/api-metadata.filters"
- doins "etc/nova/rootwrap.d/compute.filters"
- doins "etc/nova/rootwrap.d/network.filters"
-
- # add sudoers definitions for user nova
- insinto /etc/sudoers.d/
- insopts -m 0600 -o root -g root
- doins "${FILESDIR}/nova-sudoers"
-
- if use iscsi ; then
- # Install udev rules for handle iscsi disk with right links under /dev
- udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules
-
- insinto /etc/nova/
- doins "${FILESDIR}/scsi-openscsi-link.sh"
- fi
-}
-
-python_install() {
- distutils-r1_python_install
- # copy migration conf file (not coppied on install via setup.py script)
- insinto "$(python_get_sitedir)/db/sqlalchemy/migrate_repo/"
- doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
- # copy the CA cert dir (not coppied on install via setup.py script)
- cp -R "${S}/nova/CA" "${D}/$(python_get_sitedir)/nova/" || die "installing CA files failed"
-}
-
-pkg_postinst() {
- if use iscsi ; then
- elog "iscsid needs to be running if you want cinder to connect"
- fi
-}
diff --git a/sys-cluster/nova/nova-2017.2.9999.ebuild b/sys-cluster/nova/nova-2017.2.9999.ebuild
index 4bc17bcde84..b3bfe7036df 100644
--- a/sys-cluster/nova/nova-2017.2.9999.ebuild
+++ b/sys-cluster/nova/nova-2017.2.9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
@@ -200,11 +200,11 @@ python_install_all() {
if use !compute-only; then
for svc in api conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
- newinitd "${FILESDIR}/nova.initd-2" "nova-${svc}"
+ newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
done
fi
- use compute && newinitd "${FILESDIR}/nova.initd-2" "nova-compute"
- use novncproxy && newinitd "${FILESDIR}/nova.initd-2" "nova-novncproxy"
+ use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
+ use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
diropts -m 0750 -o nova -g qemu
dodir /var/log/nova /var/lib/nova/instances
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-cluster/nova/files/, sys-cluster/nova/
@ 2020-08-25 16:53 Matthew Thode
0 siblings, 0 replies; 6+ messages in thread
From: Matthew Thode @ 2020-08-25 16:53 UTC (permalink / raw
To: gentoo-commits
commit: 440c9286ac4b1d2e10c25cb883250bc497611159
Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 25 16:53:37 2020 +0000
Commit: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Tue Aug 25 16:53:53 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=440c9286
sys-cluster/nova: fix CVE-2020-17376 (live migration data leak)
Package-Manager: Portage-3.0.4, Repoman-2.3.23
RepoMan-Options: --force
Signed-off-by: Matthew Thode <prometheanfire <AT> gentoo.org>
sys-cluster/nova/files/CVE-2020-17376.patch | 141 +++++++++++++++++++++
.../{nova-21.0.0.ebuild => nova-21.0.0-r1.ebuild} | 5 +-
2 files changed, 144 insertions(+), 2 deletions(-)
diff --git a/sys-cluster/nova/files/CVE-2020-17376.patch b/sys-cluster/nova/files/CVE-2020-17376.patch
new file mode 100644
index 00000000000..8cb2d4423f7
--- /dev/null
+++ b/sys-cluster/nova/files/CVE-2020-17376.patch
@@ -0,0 +1,141 @@
+From bbf9d1de06e9991acd968fceee899a8df3776d60 Mon Sep 17 00:00:00 2001
+From: Lee Yarwood <lyarwood@redhat.com>
+Date: Wed, 5 Aug 2020 23:00:06 +0100
+Subject: [PATCH] libvirt: Provide VIR_MIGRATE_PARAM_PERSIST_XML during live
+ migration
+
+The VIR_MIGRATE_PARAM_PERSIST_XML parameter was introduced in libvirt
+v1.3.4 and is used to provide the new persistent configuration for the
+destination during a live migration:
+
+https://libvirt.org/html/libvirt-libvirt-domain.html#VIR_MIGRATE_PARAM_PERSIST_XML
+
+Without this parameter the persistent configuration on the destination
+will be the same as the original persistent configuration on the source
+when the VIR_MIGRATE_PERSIST_DEST flag is provided.
+
+As Nova does not currently provide the VIR_MIGRATE_PARAM_PERSIST_XML
+param but does provide the VIR_MIGRATE_PERSIST_DEST flag this means that
+a soft reboot by Nova of the instance after a live migration can revert
+the domain back to the original persistent configuration from the
+source.
+
+Note that this is only possible in Nova as a soft reboot actually
+results in the virDomainShutdown and virDomainLaunch libvirt APIs being
+called that recreate the domain using the persistent configuration.
+virDomainReboot does not result in this but is not called at this time.
+
+The impact of this on the instance after the soft reboot is pretty
+severe, host devices referenced in the original persistent configuration
+on the source may not exist or could even be used by other users on the
+destination. CPU and NUMA affinity could also differ drastically between
+the two hosts resulting in the instance being unable to start etc.
+
+As MIN_LIBVIRT_VERSION is now > v1.3.4 this change simply includes the
+VIR_MIGRATE_PARAM_PERSIST_XML param using the same updated XML for the
+destination as is already provided to VIR_MIGRATE_PARAM_DEST_XML.
+
+NOTE(lyarwood): A simple change to test_migrate_v3_unicode is included
+as Iccce0ab50eee515e533ab36c8e7adc10cb3f7019 had removed this from
+master.
+
+Co-authored-by: Tadayoshi Hosoya <tad-hosoya@wr.jp.nec.com>
+Closes-Bug: #1890501
+Change-Id: Ia3f1d8e83cbc574ce5cb440032e12bbcb1e10e98
+(cherry picked from commit 1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff)
+Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>
+---
+ nova/tests/unit/virt/libvirt/test_driver.py | 8 +++++++-
+ nova/tests/unit/virt/libvirt/test_guest.py | 2 ++
+ nova/virt/libvirt/guest.py | 1 +
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
+index b416641d362..99ce85a870b 100644
+--- a/nova/tests/unit/virt/libvirt/test_driver.py
++++ b/nova/tests/unit/virt/libvirt/test_driver.py
+@@ -11196,6 +11196,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_disks': disk_paths,
+ 'bandwidth': _bandwidth,
+ 'destination_xml': target_xml,
++ 'persistent_xml': target_xml,
+ }
+
+ # start test
+@@ -11303,7 +11304,8 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_disks': disk_paths,
+ 'migrate_uri': 'tcp://127.0.0.2',
+ 'bandwidth': CONF.libvirt.live_migration_bandwidth,
+- 'destination_xml': target_xml
++ 'destination_xml': target_xml,
++ 'persistent_xml': target_xml,
+ }
+
+ # Start test
+@@ -11462,6 +11464,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_uri': 'tcp://127.0.0.2',
+ 'bandwidth': CONF.libvirt.live_migration_bandwidth,
+ 'destination_xml': target_xml,
++ 'persistent_xml': target_xml,
+ }
+
+ # start test
+@@ -11813,6 +11816,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_disks': ['vda', 'vdb'],
+ 'bandwidth': CONF.libvirt.live_migration_bandwidth,
+ 'destination_xml': target_xml,
++ 'persistent_xml': target_xml,
+ }
+
+ # start test
+@@ -11939,6 +11943,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_disks': device_names,
+ 'bandwidth': CONF.libvirt.live_migration_bandwidth,
+ 'destination_xml': '<xml/>',
++ 'persistent_xml': '<xml/>',
+ }
+ if not params['migrate_disks']:
+ del params['migrate_disks']
+@@ -12078,6 +12083,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_disks': disk_paths,
+ 'bandwidth': CONF.libvirt.live_migration_bandwidth,
+ 'destination_xml': '<xml/>',
++ 'persistent_xml': '<xml/>',
+ }
+
+ # Prepare mocks
+diff --git a/nova/tests/unit/virt/libvirt/test_guest.py b/nova/tests/unit/virt/libvirt/test_guest.py
+index 55642c66f66..51899b730b3 100644
+--- a/nova/tests/unit/virt/libvirt/test_guest.py
++++ b/nova/tests/unit/virt/libvirt/test_guest.py
+@@ -682,6 +682,7 @@ class GuestTestCase(test.NoDBTestCase):
+ 'an-uri', flags=1, params={'migrate_uri': 'dest-uri',
+ 'migrate_disks': 'disk1',
+ 'destination_xml': '</xml>',
++ 'persistent_xml': '</xml>',
+ 'bandwidth': 2})
+
+ @testtools.skipIf(not six.PY2, 'libvirt python3 bindings accept unicode')
+@@ -699,6 +700,7 @@ class GuestTestCase(test.NoDBTestCase):
+ 'migrate_disks': ['disk1',
+ 'disk2'],
+ 'destination_xml': expect_dest_xml,
++ 'persistent_xml': expect_dest_xml,
+ 'bandwidth': 2})
+
+ def test_abort_job(self):
+diff --git a/nova/virt/libvirt/guest.py b/nova/virt/libvirt/guest.py
+index 0d485eb86d9..46593247303 100644
+--- a/nova/virt/libvirt/guest.py
++++ b/nova/virt/libvirt/guest.py
+@@ -638,6 +638,7 @@ class Guest(object):
+
+ if destination_xml:
+ params['destination_xml'] = destination_xml
++ params['persistent_xml'] = destination_xml
+ if migrate_disks:
+ params['migrate_disks'] = migrate_disks
+ if migrate_uri:
+--
+2.26.2
+
diff --git a/sys-cluster/nova/nova-21.0.0.ebuild b/sys-cluster/nova/nova-21.0.0-r1.ebuild
similarity index 99%
rename from sys-cluster/nova/nova-21.0.0.ebuild
rename to sys-cluster/nova/nova-21.0.0-r1.ebuild
index 8601ad73fd1..e96174c2c99 100644
--- a/sys-cluster/nova/nova-21.0.0.ebuild
+++ b/sys-cluster/nova/nova-21.0.0-r1.ebuild
@@ -148,8 +148,9 @@ RDEPEND="
acct-user/nova
acct-group/nova"
-#PATCHES=(
-#)
+PATCHES=(
+ "${FILESDIR}/CVE-2020-17376.patch"
+)
pkg_setup() {
linux-info_pkg_setup
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-08-25 16:54 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-08 20:11 [gentoo-commits] repo/gentoo:master commit in: sys-cluster/nova/files/, sys-cluster/nova/ Matt Thode
-- strict thread matches above, loose matches on Subject: below --
2020-08-25 16:53 Matthew Thode
2018-01-28 4:13 Matt Thode
2016-05-16 19:00 Matt Thode
2016-02-10 1:16 Matt Thode
2015-09-02 3:18 Matt Thode
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox