openstack/nova
Code Issues Proposed changes

Move remaining uses of parted to privsep.

Browse Source 
Including updating their unit tests. We can now remove parted from
the rootwrap configuration.

Change-Id: I8cbfe296238976001e38997842059ec2f137f660
blueprint: hurrah-for-privsep
This commit is contained in:
Michael Still 2017-11-14 07:22:02 +11:00 committed by Matt Riedemann
parent 87ea686f9f
commit 635d205268
5 changed files with 48 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
etc/nova/rootwrap.d/compute.filters
View File

@ -57,10 +57,6 @@ iscsiadm: CommandFilter, iscsiadm, root
aoe-revalidate: CommandFilter, aoe-revalidate, root
aoe-discover: CommandFilter, aoe-discover, root
# nova/virt/xenapi/vm_utils.py: parted, --script, ...
# nova/virt/xenapi/vm_utils.py: 'parted', '--script', dev_path, ..*.
parted: CommandFilter, parted, root
# nova/virt/xenapi/vm_utils.py: 'pygrub', '-qn', dev_path
pygrub: CommandFilter, pygrub, root

15
nova/privsep/fs.py
View File

@ -195,3 +195,18 @@ def unprivileged_list_partitions(device):
partitions.append((num, start, size, fstype, name, flags))
return partitions
@nova.privsep.sys_admin_pctxt.entrypoint
def resize_partition(device, start, end, bootable):
return unprivileged_resize_partition(device, start, end, bootable)
# NOTE(mikal): this method is deliberately not wrapped in a privsep entrypoint
def unprivileged_resize_partition(device, start, end, bootable):
processutils.execute('parted', '--script', device, 'rm', '1')
processutils.execute('parted', '--script', device, 'mkpart',
'primary', '%ds' % start, '%ds' % end)
if bootable:
processutils.execute('parted', '--script', device,
'set', '1', 'boot', 'on')

59
nova/tests/unit/virt/xenapi/test_vm_utils.py
View File

@ -369,22 +369,22 @@ class ResizeHelpersTestCase(VMUtilsTestBase):
utils.execute('parted', '--script', path, 'set', '1',
'boot', 'on', run_as_root=True)
def test_resize_part_and_fs_down_succeeds(self):
self.mox.StubOutWithMock(vm_utils, "_repair_filesystem")
self.mox.StubOutWithMock(utils, 'execute')
@mock.patch('nova.privsep.fs.resize_partition')
@mock.patch.object(vm_utils, '_repair_filesystem')
@mock.patch.object(utils, 'execute')
def test_resize_part_and_fs_down_succeeds(self, mock_execute, mock_repair,
mock_resize):
dev_path = '/dev/fake'
partition_path = '%s1' % dev_path
vm_utils._resize_part_and_fs('fake', 0, 20, 10, 'boot')
dev_path = "/dev/fake"
partition_path = "%s1" % dev_path
vm_utils._repair_filesystem(partition_path)
self._call_tune2fs_remove_journal(partition_path)
utils.execute("resize2fs", partition_path, "10s", run_as_root=True)
self._call_parted_mkpart(dev_path, 0, 9)
self._call_parted_boot_flag(dev_path)
self._call_tune2fs_add_journal(partition_path)
self.mox.ReplayAll()
vm_utils._resize_part_and_fs("fake", 0, 20, 10, "boot")
mock_execute.assert_has_calls([
mock.call('tune2fs', '-O ^has_journal', partition_path,
run_as_root=True),
mock.call('resize2fs', partition_path, '10s', run_as_root=True),
mock.call('tune2fs', '-j', partition_path, run_as_root=True)])
mock_resize.assert_has_calls([
mock.call(dev_path, 0, 9, True)])
def test_log_progress_if_required(self):
self.mox.StubOutWithMock(vm_utils.LOG, "debug")
@ -427,21 +427,22 @@ class ResizeHelpersTestCase(VMUtilsTestBase):
vm_utils._resize_part_and_fs,
"fake", 0, 20, 10, "boot")
def test_resize_part_and_fs_up_succeeds(self):
self.mox.StubOutWithMock(vm_utils, "_repair_filesystem")
self.mox.StubOutWithMock(utils, 'execute')
@mock.patch('nova.privsep.fs.resize_partition')
@mock.patch.object(vm_utils, '_repair_filesystem')
@mock.patch.object(utils, 'execute')
def test_resize_part_and_fs_up_succeeds(self, mock_execute, mock_repair,
mock_resize):
dev_path = '/dev/fake'
partition_path = '%s1' % dev_path
vm_utils._resize_part_and_fs('fake', 0, 20, 30, '')
dev_path = "/dev/fake"
partition_path = "%s1" % dev_path
vm_utils._repair_filesystem(partition_path)
self._call_tune2fs_remove_journal(partition_path)
self._call_parted_mkpart(dev_path, 0, 29)
utils.execute("resize2fs", partition_path, run_as_root=True)
self._call_tune2fs_add_journal(partition_path)
self.mox.ReplayAll()
vm_utils._resize_part_and_fs("fake", 0, 20, 30, "")
mock_execute.assert_has_calls([
mock.call('tune2fs', '-O ^has_journal', partition_path,
run_as_root=True),
mock.call('resize2fs', partition_path, run_as_root=True),
mock.call('tune2fs', '-j', partition_path, run_as_root=True)])
mock_resize.assert_has_calls([
mock.call(dev_path, 0, 29, False)])
def test_resize_disk_throws_on_zero_size(self):
flavor = fake_flavor.fake_flavor_obj(self.context, root_gb=0)

13
nova/virt/xenapi/vm_utils.py
View File

@ -2317,17 +2317,8 @@ def _resize_part_and_fs(dev, start, old_sectors, new_sectors, flags):
"enough free space on your disk.")
raise exception.ResizeError(reason=reason)
utils.execute('parted', '--script', dev_path, 'rm', '1',
run_as_root=True)
utils.execute('parted', '--script', dev_path, 'mkpart',
'primary',
'%ds' % start,
'%ds' % end,
run_as_root=True)
if "boot" in flags.lower():
utils.execute('parted', '--script', dev_path,
'set', '1', 'boot', 'on',
run_as_root=True)
nova.privsep.fs.resize_partition(dev_path, start, end,
'boot' in flags.lower())
if new_sectors > old_sectors:
# Resizing up, resize filesystem after partition resize

2
releasenotes/notes/privsep-queens-rootwrap-adds-907aa1bc8e3eb2ca.yaml
View File

@ -12,5 +12,5 @@ upgrade:
The following commands are no longer required to be listed in your rootwrap
configuration: blkid; blockdev; cat; chown; cryptsetup; dd; ebrctl; ifc_ctl;
kpartx; losetup; lvcreate; lvremove; lvs; mkdir; mm-ctl; mount;
nova-idmapshift; ploop; prl_disk_tool; qemu-nbd; readlink; shred; tee;
nova-idmapshift; parted; ploop; prl_disk_tool; qemu-nbd; readlink; shred; tee;
touch; umount; vgs; vrouter-port-control; and xend.