debian/0000775000000000000000000000000013156276575007211 5ustar debian/nova-api.manpages0000664000000000000000000000003112764501734012422 0ustar doc/build/man/nova-api.1 debian/nova-novncproxy.manpages0000664000000000000000000000004012764501734014076 0ustar doc/build/man/nova-novncproxy.1 debian/nova-objectstore.install0000664000000000000000000000003112764501734014047 0ustar usr/bin/nova-objectstore debian/control0000664000000000000000000007504512764501734010617 0ustar Source: nova Section: net Priority: extra Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Openstack Maintainers Uploaders: Soren Hansen , Thomas Goirand Build-Depends: debhelper (>= 7.0.50), python-all (>= 2.6), python-all-dev (>= 2.6.6-3~) Build-Depends-Indep: openssh-client, openssl, python-amqplib (>= 0.6.1), python-anyjson (>= 0.3.3), python-babel, python-boto (>= 2.4.0), python-cinderclient (>= 1:1.0.5), python-coverage, python-crypto, python-distutils-extra, python-eventlet (>= 0.13.0), python-feedparser, python-fixtures (>= 0.3.14), python-glanceclient (>= 1:0.9.0), python-greenlet (>= 0.3.2), python-iso8601, python-jinja2, python-jsonschema (>= 1.3.0), python-keystoneclient (>= 1:0.3.2), python-kombu (>= 2.5.12), python-lxml (>= 2.3), python-migrate (>= 0.8.2), python-mock, python-mox, python-netaddr (>= 0.7.6), python-neutronclient (>= 1:2.3.0), python-oslo.config (>= 1:1.2.0), python-oslo.messaging, python-oslo.rootwrap, python-oslosphinx, python-paramiko (>= 1.8.0), python-paste, python-pastedeploy (>= 1.5.0), python-pbr (>= 0.5.21), python-pyasn1, python-pycadf (>= 0.1.9), python-routes, python-setuptools, python-six (>= 1.5.2), python-sphinx (>> 1.0), python-sqlalchemy-ext ( >= 0.7.8-1~) | python-sqlalchemy, python-stevedore (>= 0.12), python-suds, python-testtools (>= 0.9.32), python-webob (>= 1.2.3), sqlite3, subunit, testrepository ( >= 0.0.17) Build-Conflicts: python-cjson Standards-Version: 3.9.3 Homepage: http://launchpad.net/nova Vcs-Browser: http://bazaar.launchpad.net/~ubuntu-server-dev/nova/icehouse/files Vcs-Bzr: https://code.launchpad.net/~ubuntu-server-dev/nova/icehouse XS-Testsuite: autopkgtest X-Python-Version: >= 2.7 Package: python-nova Architecture: all Section: python Depends: openssh-client, openssl, python-amqplib (>= 0.6.1), python-anyjson (>= 0.3.3), python-babel, python-boto (>= 2.4.0), python-cinderclient (>= 1:1.0.5), python-eventlet (>= 0.13.0), python-glanceclient (>= 1:0.9.0), python-greenlet (>= 0.3.2), python-iso8601, python-jinja2, python-jsonschema (>= 1.3.0), python-keystoneclient (>= 1:0.3.2), python-kombu (>= 2.5.12), python-lxml (>= 2.3), python-m2crypto, python-migrate, python-netaddr (>= 0.7.6), python-neutronclient (>= 1:2.3.0), python-oslo.config (>= 1:1.2.0), python-paramiko (>= 1.8.0), python-paste, python-pastedeploy (>= 1.5.0), python-pyasn1, python-pycadf (>= 0.1.9), python-routes, python-simplejson, python-six (>= 1.5.2), python-sqlalchemy-ext ( >= 0.7.8-1~) | python-sqlalchemy (<< 0.6.3-2), python-stevedore (>= 0.12), python-suds, python-webob (>= 1.2.3), sudo, ${misc:Depends}, ${python:Depends} Suggests: python-ldap Conflicts: python-cjson XB-Python-Version: ${python:Versions} Recommends: python-mysqldb Provides: ${python:Provides} Description: OpenStack Compute Python libraries OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package contains the core Python parts of Nova. Package: nova-common Architecture: all Depends: adduser, python-nova (= ${binary:Version}), ${misc:Depends}, ${python:Depends} Provides: ${python:Provides} Recommends: python-glanceclient, python-keystone Description: OpenStack Compute - common files OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package contains things that are needed by all parts of Nova. Package: nova-compute Architecture: all Depends: nova-common (= ${binary:Version}), nova-compute-kvm | nova-compute-hypervisor, ${misc:Depends}, ${python:Depends} Description: OpenStack Compute - compute node base OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This is the package you will install on the nodes that will run your virtual machines. Package: nova-compute-libvirt Architecture: all Depends: adduser, ebtables, genisoimage, iptables, kpartx, libvirt-bin, nova-compute (= ${binary:Version}), open-iscsi, parted, python-libvirt, qemu-utils, vlan, ${misc:Depends}, ${python:Depends} Suggests: guestmount, multipath-tools, sg3-utils, sysfsutils Description: OpenStack Compute - compute node libvirt support OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package provides common dependencies and setup for all libvirt based hypervisor options. Package: nova-compute-lxc Architecture: all Depends: nova-compute-libvirt (= ${binary:Version}), ${misc:Depends} Provides: nova-compute-hypervisor Conflicts: nova-compute-hypervisor Description: OpenStack Compute - compute node (LXC) OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . Install this package on your compute nodes if you're using LXC. Package: nova-compute-xen Architecture: all Depends: nova-compute-libvirt (= ${binary:Version}), xen-system-amd64 | xen-system-i386, ${misc:Depends} Provides: nova-compute-hypervisor Conflicts: nova-compute-hypervisor Description: OpenStack Compute - compute node (Xen) OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . Install this package on your compute nodes if you're using Xen. Package: nova-compute-qemu Architecture: all Depends: nova-compute-libvirt (= ${binary:Version}), qemu, ${misc:Depends} Provides: nova-compute-hypervisor Conflicts: nova-compute-hypervisor Description: OpenStack Compute - compute node (QEmu) OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . Install this package on your compute nodes if you're using QEmu. Package: nova-compute-kvm Architecture: all Depends: nova-compute-libvirt (= ${binary:Version}), qemu-system (>= 1.3.0) | kvm, ${misc:Depends} Provides: nova-compute-hypervisor Conflicts: nova-compute-hypervisor Description: OpenStack Compute - compute node (KVM) OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . Install this package on your compute nodes if you're using kvm. Package: nova-compute-vmware Architecture: all Depends: genisoimage, nova-compute (= ${binary:Version}), ${misc:Depends} Provides: nova-compute-hypervisor Conflicts: nova-compute-hypervisor Description: OpenStack Compute - compute node (VMware) OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . Install this package on your compute nodes if you're using VMware vCenter. Package: nova-conductor Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: OpenStack Compute - conductor service OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This is the Nova conductor service component Package: nova-cert Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: OpenStack Compute - certificate management OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This is the Nova certificate management component. Package: nova-scheduler Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: OpenStack Compute - virtual machine scheduler OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This is the Nova scheduler. Package: nova-volume Section: oldlibs Priority: extra Architecture: all Depends: cinder-api, cinder-scheduler, cinder-volume, ${misc:Depends} Description: OpenStack Compute - storage OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This is a dummy transitional package that can be removed after upgrade. Package: nova-ajax-console-proxy Architecture: all Section: oldlibs Priority: extra Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: OpenStack Compute - AJAX console proxy - transitional package OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package used to provide the AJAX proxy, which is now gone. Package: nova-novncproxy Architecture: all Depends: nova-common (= ${binary:Version}), novnc, websockify, ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: OpenStack Compute - NoVNC proxy OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package provides the VNC proxy. It is a publically reachable component which proxies access to VNCs running on compute nodes. Package: nova-xvpvncproxy Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: OpenStack Compute - XVP VNC proxy OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package provides the VNC proxy. It is a publically reachable component which proxies access to VNCs running on compute nodes. Package: nova-spiceproxy Architecture: all Depends: nova-common (= ${binary:Version}), spice-html5, websockify, ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: OpenStack Compute - spice html5 proxy OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package provides the spice proxy. It is a publically reachable component which proxies access to qemu-space running on compute nodes Package: nova-api Architecture: all Depends: iptables, nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: OpenStack Compute - API frontend OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package provides the API frontend. Package: nova-network Architecture: all Depends: bridge-utils, dnsmasq-base, dnsmasq-utils, ebtables, iptables, iputils-arping, netcat, nova-common (= ${binary:Version}), vlan, ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Suggests: radvd Description: OpenStack Compute - Network manager OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This is the package you will install on the network nodes. This service is responsible for managing floating and fixed IPs, DHCP, bridging and VLANs, and in some cases acts as a gateway. Different networking strategies are available to the service by changing the network_manager flag to FlatManager, FlatDHCPManager, or VlanManager (default is VLAN). Package: nova-objectstore Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: OpenStack Compute - object store OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This is the package contains a very simple S3-like object store. For production use, you should use OpenStack Storage, aka. Swift. Package: nova-console Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Recommends: nova-consoleauth (>= 2012.1~rc1-0ubuntu2) Description: OpenStack Compute - Console OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package provides the console server. This enables the use of consoles to be used along with XVP and XenServer. It is a publically reachable component which proxies access to VNCs running on compute nodes. Package: nova-consoleauth Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Breaks: nova-console (<< 2012.1~rc1-0ubuntu2) Replaces: nova-console (<< 2012.1~rc1-0ubuntu2) Description: OpenStack Compute - Console Authenticator OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package provides the authentication service for nova-console. It grants user requests for console access based on tokens in the identity service and allows access to virtual consoles via a browser. Package: nova-doc Architecture: all Section: doc Depends: ${misc:Depends} Recommends: libjs-jquery Description: OpenStack Compute - documentation OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package contains the documentation for Nova. Package: nova-api-metadata Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Breaks: nova-api Description: OpenStack Compute - metadata API frontend OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . This package provides the metadata API backend for guest VMs. Package: nova-api-os-compute Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Breaks: nova-api Description: OpenStack Compute - OpenStack Compute API frontend OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . This package provides the OpenStack Compute API frontend. Package: nova-api-os-volume Section: oldlibs Priority: extra Architecture: all Depends: cinder-api, ${misc:Depends} Description: OpenStack Compute - OpenStack Volume API frontend OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . This is a dummy transitional package that can be removed after upgrade. Package: nova-api-ec2 Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Breaks: nova-api Description: OpenStack Compute - EC2 API frontend OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This package provides the EC2 API. Package: nova-cells Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: Openstack Compute - cells OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This is the Nova cells component. Package: nova-baremetal Architecture: all Depends: nova-common (= ${binary:Version}), ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends} Description: Openstack Compute - baremetal virt OpenStack is a reliable cloud infrastructure. Its mission is to produce the ubiquitous cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. . OpenStack Compute, codenamed Nova, is a cloud computing fabric controller. In addition to its "native" API (the OpenStack API), it also supports the Amazon EC2 API. . Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc. . This is the baremetal virt component. debian/nova-conductor.install0000664000000000000000000000002712764501734013531 0ustar usr/bin/nova-conductor debian/nova-console.upstart0000775000000000000000000000063012764501734013232 0ustar description "Nova Console" author "Vishvananda Ishaya " start on runlevel [2345] stop on runlevel [!2345] respawn chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova mkdir -p /var/lock/nova chown nova:root /var/lock/nova end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-console -- --config-file=/etc/nova/nova.conf debian/nova-objectstore.logrotate0000664000000000000000000000025012764501734014404 0ustar /var/log/nova/nova-objectstore.log { daily missingok postrotate restart nova-objectstore endscript compress delaycompress notifempty } debian/nova-spiceproxy.upstart0000775000000000000000000000063212764501734013777 0ustar description "Nova spice proxy" author "Chuck Short " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-api-os-compute -- --config-file=/etc/nova/nova.conf debian/nova_sudoers0000664000000000000000000000015012764501734011627 0ustar Defaults:nova !requiretty nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf * debian/nova-api.install0000664000000000000000000000007212764501734012302 0ustar etc/nova/rootwrap.d/api-metadata.filters usr/bin/nova-api debian/nova-api-metadata.upstart0000775000000000000000000000062112764501734014117 0ustar description "Nova Metadata API server" author "Joe Heck " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-api-metadata -- --config-file=/etc/nova/nova.conf debian/nova-api.postinst0000664000000000000000000000017212764501734012520 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then chown root:root /etc/nova/rootwrap.d/api-metadata.filters fi #DEBHELPER# debian/nova-conductor.upstart0000775000000000000000000000061312764501734013571 0ustar description "Nova conductor" author "Chuck Short " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-conductor -- --config-file=/etc/nova/nova.conf debian/xen-openvswitch-nova.rules0000664000000000000000000000016512764501734014361 0ustar SUBSYSTEM=="xen-backend", KERNEL=="vif*", RUN+="/usr/lib/xcp/scripts/ovs_configure_vif_flows.py $env{ACTION} %k all" debian/nova-compute-kvm.conf0000664000000000000000000000010712764501734013256 0ustar [DEFAULT] compute_driver=libvirt.LibvirtDriver [libvirt] virt_type=kvm debian/nova-compute-lxc.conf0000664000000000000000000000010712764501734013247 0ustar [DEFAULT] compute_driver=libvirt.LibvirtDriver [libvirt] virt_type=lxc debian/nova-objectstore.upstart0000775000000000000000000000062612764501734014120 0ustar description "Nova object store" author "Soren Hansen " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-objectstore -- --config-file=/etc/nova/nova.conf debian/nova-network.manpages0000664000000000000000000000007512764501734013352 0ustar doc/build/man/nova-network.1 doc/build/man/nova-dhcpbridge.1 debian/nova-cert.manpages0000664000000000000000000000003212764501734012607 0ustar doc/build/man/nova-cert.1 debian/changelog0000664000000000000000000026021213156276326011060 0ustar nova (1:2014.1.5-0ubuntu1.7) trusty-security; urgency=medium * SECURITY UPDATE: DoS via instance deletion during migration - debian/patches/CVE-2015-3241-1.patch: check for resize path on libvirt instance delete in nova/tests/virt/libvirt/test_libvirt.py, nova/virt/libvirt/driver.py. - debian/patches/CVE-2015-3241-1.patch: sync process utils from oslo in nova/openstack/common/processutils.py. - debian/patches/CVE-2015-3241-1.patch: kill rsync/scp processes before deleting instance in nova/tests/virt/libvirt/test_libvirt.py, nova/tests/virt/libvirt/test_libvirt_utils.py, nova/virt/libvirt/driver.py, nova/virt/libvirt/instancejobtracker.py, nova/virt/libvirt/utils.py. - CVE-2015-3241 * SECURITY UPDATE: DoS via instance deletion during resize - debian/patches/CVE-2015-3280.patch: delete orphaned instance files from compute nodes in nova/compute/manager.py, nova/tests/compute/test_compute_mgr.py. - CVE-2015-3280 * SECURITY UPDATE: DoS via crafted disk image - debian/patches/CVE-2015-5162-1.patch: add prlimit parameter to execute() in nova/openstack/common/prlimit.py, nova/openstack/common/processutils.py, nova/tests/openstack_common/test_processutils.py. - debian/patches/CVE-2015-5162-2.patch: add support for missing process limits in nova/openstack/common/prlimit.py, nova/openstack/common/processutils.py, nova/tests/openstack_common/test_processutils.py. - debian/patches/CVE-2015-5162-3.patch: set address space & CPU time limits when running qemu-img in nova/virt/images.py, nova/tests/virt/libvirt/test_libvirt.py, nova/tests/virt/libvirt/test_image_utils.py, nova/tests/virt/libvirt/test_libvirt_utils.py. - CVE-2015-5162 * SECURITY UPDATE: arbitrary file read via snapshot - debian/patches/CVE-2015-7548-1.patch: fix format detection in libvirt snapshot in nova/tests/virt/libvirt/fake_libvirt_utils.py, nova/tests/virt/libvirt/test_image_utils.py, nova/tests/virt/libvirt/test_libvirt_utils.py, nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py. - debian/patches/CVE-2015-7548-2.patch: fix format conversion in libvirt snapshot in nova/tests/virt/libvirt/test_libvirt.py, nova/virt/images.py, nova/virt/libvirt/imagebackend.py. - debian/patches/CVE-2015-7548-3.patch: fix backing file detection in libvirt live snapshot in nova/tests/virt/libvirt/test_libvirt.py, nova/tests/virt/libvirt/fake_libvirt_utils.py, nova/virt/images.py, nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py. - debian/patches/CVE-2015-7548-4.patch: disable live snapshot for rbd-backed instances in nova/virt/libvirt/driver.py. - CVE-2015-7548 * SECURITY UPDATE: restriction bypass via security group changes - debian/patches/CVE-2015-7713.patch: don't expect meta attributes in object_compat that aren't in the db obj in nova/compute/manager.py, nova/tests/compute/test_compute.py. - CVE-2015-7713 * SECURITY UPDATE: password disclosure via xen log files - debian/patches/CVE-2015-8749.patch: mask passwords in volume connection_data dict in nova/virt/xenapi/volume_utils.py. - CVE-2015-8749 * SECURITY UPDATE: arbitrary file read via crafted qcow2 header - debian/patches/CVE-2016-2140-1.patch: always copy or recreate disk.info during a migration in nova/virt/libvirt/driver.py, nova/tests/virt/libvirt/test_libvirt.py. - debian/patches/CVE-2016-2140-2.patch: fix processing of libvirt disk.info in non-disk-image cases in nova/virt/libvirt/driver.py, nova/tests/virt/libvirt/test_libvirt.py. - debian/patches/CVE-2016-2140-3.patch: decode disk_info before use in nova/tests/virt/libvirt/test_libvirt.py, nova/virt/libvirt/driver.py. - CVE-2016-2140 * Thanks to Red Hat for the backports many of these patches are based on. -- Marc Deslauriers Wed, 13 Sep 2017 14:30:17 -0400 nova (1:2014.1.5-0ubuntu1.6) trusty; urgency=medium * Allow evacuate for an instance in the Error state (LP: #1298061) - d/p/remove_useless_state_check.patch remove unnecessary task_state check - d/p/evacuate_error_vm.patch Allow evacuate from error state -- Liang Chen Fri, 09 Sep 2016 17:41:48 +0800 nova (1:2014.1.5-0ubuntu1.5) trusty; urgency=medium * Fix live migration usage of the wrong connector (LP: #1475411) - d/p/Fix-live-migrations-usage-of-the-wrong-connector-inf.patch * Fix wrong used ProcessExecutionError exception (LP: #1308839) - d/p/Fix-wrong-used-ProcessExecutionError-exception.patch * Clean up iSCSI multipath devices in Post Live Migration (LP: #1357368) - d/p/Clean-up-iSCSI-multipath-devices-in-Post-Live-Migrat.patch * Detach iSCSI latest path for latest disk (LP: #1374999) - d/p/Detach-iSCSI-latest-path-for-latest-disk.patch -- Billy Olsen Fri, 29 Apr 2016 15:35:01 -0700 nova (1:2014.1.5-0ubuntu1.4) trusty; urgency=medium * Protect against possible rpcapi mismatch on upgrade (LP: #1506257) - d/p/protect-against-upgrade-rpc-ver-mismatch.patch -- Edward Hope-Morley Thu, 22 Oct 2015 10:00:29 -0500 nova (1:2014.1.5-0ubuntu1.3) trusty; urgency=medium * Attempting to attach the same volume multiple times can cause bdm record for existing attachment to be deleted. (LP: #1349888) - d/p/fix-creating-bdm-for-failed-volume-attachment.patch -- Edward Hope-Morley Tue, 08 Sep 2015 12:32:45 +0100 nova (1:2014.1.5-0ubuntu1.2) trusty; urgency=medium * Add rsyslog retry support (LP: #1459046) - d/p/add-support-for-syslog-connect-retries.patch * Add vm clean shutdown support (LP: #1196924) - d/p/clean-shutdown.patch -- Edward Hope-Morley Thu, 16 Jul 2015 11:55:57 +0100 nova (1:2014.1.5-0ubuntu1.1) trusty; urgency=medium [ Edward Hope-Morley ] - d/nova-compute.upstart: Fix (another) race between nova-compute and neutron-ovs-cleanup (LP: #1471022) -- Edward Hope-Morley Wed, 08 Jul 2015 09:44:18 -0500 nova (1:2014.1.5-0ubuntu1) trusty; urgency=medium * Resynchronize with stable/icehouse (08b5d48) (LP: #1467533): - [74295ed] Use ebtables to isolate dhcp traffic - [a83eb5f] VMware: fix AttributeError: TaskInfo instance has no attribute 'name' - [8876294] libvirt: partial fix for live-migration with config drive - [b77c188] Type conflict in trusted_filter.py using attestation_port default value - [378a8d4] Use instance.uuid instead of instance - [c12f21d] Make test_version_string_with_package_is_good work with pbr 0.11 - [1668178] Moves trusted filter unit tests into own file - [4812617] Use hypervisor hostname for compute trust level - [d8853ee] Recover from POWERING-* state on compute manager start-up - [0784b0c] Avoid referring to juno-era exception type - [f513a28] libvirt: Make sure volumes are well detected during block migration - [68ec684] libvirt: avoid changing UUID when redefining nwfilters - [cc86ef5] delete python bytecode before every test run - [3501ec2] Drop use of oslo.utils in nova - [392dc22] Eventlet green threads not released back to pool - [1e03160] Sync strutils from oslo-incubator for mask_password fix - [7292c02] Allow instances to attach to shared external nets - [dbc348d] Fix libvirt watchdog support - [08b5d48] HyperV Driver - Fix to implement hypervisor-uptime * d/p/drop-oslo-utils-usage.patch: Dropped; Fixed upstream. * d/p/recover-from-power-state-on-compute.patch: Dropped; Fixed upstream. * d/p/fix-requirements.patch: Rebased. -- Corey Bryant Mon, 22 Jun 2015 10:15:07 -0400 nova (1:2014.1.4-0ubuntu2.1) trusty; urgency=medium * Ensure that compute manager restarts during instance power operations don't leave instances stuck in transitional task states (LP: #1304333): - d/p/recover-from-power-state-on-compute.patch Cherry pick backport of upstream fix from OpenStack >= Juno. -- Edward Hope-Morley Wed, 22 Apr 2015 09:51:28 +0100 nova (1:2014.1.4-0ubuntu2) trusty; urgency=medium [ Edward Hope-Morley ] * Fixed race between nova-compute and neutron-ovs-cleanup (LP: #1420572) [ Corey Bryant ] * d/control: Set minimum python-six dependency to 1.5.2 (LP: #1403114). -- Corey Bryant Mon, 30 Mar 2015 09:28:30 -0400 nova (1:2014.1.4-0ubuntu1) trusty; urgency=medium * Resynchronize with stable/icehouse (cac6472) (LP: #1432608): - [0ff6742] Websocket Proxy should verify Origin header - [c70e1fb] Fix kwargs['instance'] KeyError in @reverts_task_state decorator - [07ec12c] Revert "Eventlet green threads not released back to pool" - [e9cf07b] Compute: Catch binding failed exception while init host - [e275961] Make tests use sha256 as openssl default digest algorithm - [a657582] Eventlet green threads not released back to pool - [4b46a86] Fix image metadata returned for volumes - [58a6393] Check min_ram and min_disk when boot from volume - [c5411d2] Extends use of ServiceProxy to more methods in HostAPI in cells - [1e2abd6] Remove usage of self.__dict__ for message var replacement - [54f9225] only emit deprecation warnings once - [52103be] Fix disconnecting necessary iSCSI sessions issue - [cca94d0] Fix connecting unnecessary iSCSI sessions issue - [ac9f5c7] Fix wrong command for _rescan_multipath - [d7c8e93] Fix unsafe SSL connection on TrustedFilter - [9ecc468] Fix SecurityGroupExists error when booting instances - [33be7d7] Update "num_instance" during delete instance - [3de3f10] Fix nova evacuate issues for RBD - [fe289fb] Fix nova-compute start issue after evacuate - [f781656] Add _security_group_ensure_default() DBAPI method - [8812672] Run build_and_run_instance in a separate greenthread - [b6a080b] Fixes DOS issue in instance list ip filter - [5ab0421] Make the block device mapping retries configurable - [0695e14] Retry on closing of luks encrypted volume in case device is busy - [dffa810] Add @_retry_on_deadlock to _instance_update() - [f086ca3] Nova api service doesn't handle SIGHUP properly - [7cdb643] Fix XML UnicodeEncode serialization error - [98a6c1e] postgresql: use postgres db instead of template1 - [155664f] share neutron admin auth tokens - [3e80433] VMware: validate that VM exists on backend prior to deletion - [d71445c] VMWare: Fix VM leak when deletion of VM during resizing - [56b62b7] Sync process utils from oslo - [ddd62ff] VMware: prevent race condition with VNC port allocation - [4174130] Fixes Hyper-V volume mapping issue on reboot - [bfeae68] Fix CellStateManagerFile init to failure - [5ec3cd3] Raise descriptive error for over volume quota - [f9fad7a] Fixes missing ec2 api address disassociate error on failure - [64ec1bf] Fix instance cross AZ check when attaching volumes - [698c821] Ignore errors when deleting non-existing vifs - [8141e7a] libvirt: Handle unsupported host capabilities - [df9ead9] libvirt: Make `fakelibvirt.libvirtError` match - [cac6472] Add _wrap_db_error() support to SessionTransaction.commit() * d/p/drop-oslo-utils-usage.patch: Added to override new oslo.utils dep. * d/p/disable-websockify-tests.patch: Added to disable websockify tests. * d/p/block-device-mapping-config.patch: Dropped. Fixed upstream in [5ab0421]. * d/p/libvirt-Handle-unsupported-host-capabilities.patch: Dropped. Fixed upstream in [8141e7a] and [df9ead9]. * d/p/cells-json-store.patch: Dropped. Fixed upstream in [bfeae68]. * d/p/fix-requirements.patch: Rebased. * d/p/update-run-tests.patch: Run tests with default concurrencey. -- Corey Bryant Fri, 20 Mar 2015 07:27:23 +0000 nova (1:2014.1.3-0ubuntu2) trusty; urgency=medium [ Corey Bryant ] * d/p/block-device-mapping-config.patch: Make the block device mapping retries configurable (LP: #1376927). -- Chuck Short Wed, 12 Nov 2014 09:22:45 -0500 nova (1:2014.1.3-0ubuntu1.1) trusty-security; urgency=medium * No change rebuild for security: - [82a13b3] VM in rescue state must have a restricted set of actions + CVE-2014-3604 + LP: #1338830 - [f58d95c] Sync process and str utils from oslo + CVE-2014-7230 + LP: #1343604 -- Marc Deslauriers Tue, 21 Oct 2014 12:07:58 -0400 nova (1:2014.1.3-0ubuntu1) trusty; urgency=medium [ Liam Young ] * d/p/cells-json-store.patch: Fix issue with nova-cells failing when using JSON file to store cell information (LP: #1314677). [ Corey Bryant ] * Resynchronize with stable/icehouse (a058646) (LP: #1377136): - [1a95c95] Adds tests for Hyper-V VM Utils - [bb47d55] Removes unnecessary instructions in test_hypervapi - [4f41d37] Fixes a Hyper-V list_instances localization issue - [9015410] Adds list_instance_uuids to the Hyper-V driver - [3371ad8] Add _wrap_db_error() support to Session.commit() - [dfb0e0f] Neutron: Atomic update of instance info cache - [bce481c] Ensure info cache updates don't overwhelm cells - [f58d95c] Sync process and str utils from oslo - [4e6371b] remove test_multiprocess_api - [7e09173] Fixes Hyper-V agent force_hyperv_utils_v1 flag issue - [7523ab4] Fix attaching config drive issue on Hyper-V when migrate instances - [74e0ba7] Fix live-migration failure in FC multipath case - [b61aa4d] libvirt: Save device_path in connection_info when booting from volume - [f93b8ee] Made unassigned networks visible in flat networking - [82cc3be] Do not fail cell's instance deletion, if it's missing info_cache - [d72c0a4] Fixes Hyper-V boot from volume root device issue - [0d3dad7] Fixes Hyper-V resize down exception - [5d5970a] db: Add @_retry_on_deadlock to service_update() - [9596f52] Add Hyper-V driver in the "compute_driver" option description - [4a8d6ca] Block sqlalchemy migrate 0.9.2 as it breaks all of nova - [311ab57] Move the error check for "brctl addif" - [df09c2a] Fix rootwrap for non openstack.org iqn's - [1613cd99] Fix instance boot when Ceph is used for ephemeral storage - [4bc680f] Make floatingip-ip-delete atomic with neutron - [0d69163] Fix race condition with vif plugging in finish migrate - [520aa4c] libvirt: Use VIR_DOMAIN_AFFECT_LIVE for paused instances - [3c34e37] add repr for event objects - [1b7ab22] make lifecycle event logs more clear - [e1d6e18] Catch missing Glance image attrs with None - [b591389] Update block_device_info to contain swap and ephemeral disks - [2155188] Adds get_instance_disk_info to compute drivers - [87f842d] Fixes Hyper-V vm state issue - [1106ef2] Fix expected error details from jsonschema - [e5e6bc7] Include next link when default limit is reached - [526853e] Fix FloatingIP.save() passing FixedIP object to sqlalchemy - [4e1e217] Read deleted instances during lifecycle events - [d8b9ba5] Add a retry_on_deadlock to reservations_expire - [b53adea] Add expire reservations in backport position. - [e874ee2] Fixes Hyper-V SCSI slot selection - [471e644] VMware: do not cache image when root_gb is 0 - [825cfe4] Fix _parse_datetime in simple tenant usage extension - [073ee06] Avoid traceback logs from simple tenant usage extension - [9447203] replace NovaException with VirtualInterfaceCreate when neutron fails - [6b7cb1a] libvirt: convert cpu features attribute from list to a set - [7ca83e8] Delete image when backup operation failed on snapshot step - [82a13b3] VM in rescue state must have a restricted set of actions - [e7d2087] shelve doesn't work on nova-cells environment - [aeb71a8] libvirt: return the correct instance path while cleanup_resize - [cce6d22] Fix nova image-show with queued image - [aff80d5] _translate_from_glance() can cause an unnecessary HTTP request - [a058646] Loosen import_exceptions to cover all of gettextutils * d/p/libvirt-convert-cpu-features-attribute-from-list-to-.patch: Dropped. Code has been fixed upstream. * d/p/libvirt-Handle-unsupported-host-capabilities.patch: Rebased. -- Chuck Short Mon, 06 Oct 2014 09:24:45 -0400 nova (1:2014.1.2-0ubuntu1) trusty; urgency=medium [ Corey Bryant ] * Resynchronize with stable/icehouse (c545075) (LP: #1354159): - [1408081] Mask block_device_info auth_password in virt driver debug logs - [8d7de91] VMware: Add check for datacenter with no datastore - [0d9419f] Fixes hyper-v volume attach when host is AD member - [1469c8e] Prevent clean-up of migrating instances on compute init - [0617601] VMware: use default values in get_info() when properties are missing - [c8df2ac] Set python hash seed to 0 in tox.ini - [7de0132] Do not pass instances without host to compute API - [811cab7] Do not process events for instances without host - [0e1580e] Attach/detach interface to paused instance with affect live flag - [397de7b] Turn periodic tasks off in all unit tests - [9f59ca7] Avoid possible timing attack in metadata api - [72cc37d] Handle service creation race by service workers - [af7ba1c] Fixes rbd backend image size - [a8b52c0] VMware: Fix race in spawn() when resizing cached image - [132d5a2] Avoid re-adding iptables rules for instances that have disappeared - [0142324] VMware: Fix fake raising the wrong exception in _remove_file - [b08f62a] Fix security group list when not defined for an instance - [f598864] libvirt: Make nwfilter driver use right filterref - [da777f1] Make sure domain exists before referencing it - [8d260a8] Scheduler: enable scheduler hint to pass the group name - [4c551d9] Instance groups: add method get_by_hint - [9f5d2a6] Avoid referencing stale instance/network_info dicts in firewall - [e43c43e] Neutronv2 api does not support neutron without port quota - [120ecf3] Fix the wrong dest of 'vlan' option and add new 'vlan_start' option - [f864329] Use default rpc_response_timeout in unit tests - [4aeefa7] Network: ensure that ports are 'unset' when instance is deleted - [a365897] Save connection info in libvirt after volume connect - [d1c5736] Cleanup allocating networks when InstanceNotFound is raised - [2f40191] Failure during termination should always leave state as error() - [485f25d] Use no_timer_check with soft-qemu - [0994254] Use correct project/user for quotas - [4c6b0f7] Revert "Remove broken quota-classes API" - [96212b1] libvirt: Refresh volume connection_info after volume snapshot - [c104f2f] Set the volume access mode during volume attach - [c754305] VCDriver - Ignore host in Maintenance mode in stats update - [4820dbb] VMware: Fix memory leaks caused by caches - [0252c87] Include pending task in log message on skip sync_power_state - [9095bcf] Fixes Hyper-V iSCSI target login method - [17e71f7] VMware: prevent image snapshot if no root disk defined - [c545075] versions API: ignore request with a body * d/p/fix-requirements.patch: Refreshed. * d/p/Fixes-rdb-backend-image-size.patch: Dropped. Fixed upstream in 2014.1.2. [ James Page ] * d/watch: Point to tarballs.openstack.org for release artifacts. -- Corey Bryant Thu, 07 Aug 2014 17:16:50 -0400 nova (1:2014.1.1-0ubuntu2) trusty; urgency=high * Cherry picked two fixes from upstream. - [2cebfd2] libvirt: convert cpu features attribute from list to a set (LP: #1267191) - [b86a0e5] Fixes rdb backend image size (LP: #1219658) -- Rafael David Tinoco Wed, 25 Jun 2014 12:56:15 -0300 nova (1:2014.1.1-0ubuntu1) trusty; urgency=medium * Resynchronize with stable/icehouse (867341f) (LP: #1328134): - [867341f] Fix security group race condition while listing and deleting rules - [ffcb176] VMware: ensure rescue instance is deleted when instance is deleted - [fe4fe70] VMware: Log additional details of suds faults - [43f0437] Add info_cache as expected attribute when evacuate instance - [a2da9ce] VMware: uncaught exception during snapshot deletion - [1a45944] Catch InstanceNotFound exception if migration fails - [ee374f1] Do not wait for neutron event if not powering on libvirt domain - [705ad64] Reap child processes gracefully if greenlet thread gets killed - [f769bf8] Fixes arguments parsing when executing command - [bedb66f] Use one query instead of two for quota_usages - [422decd] VMWare - Check for compute node before triggering destroy - [6629116] Use debug level logging in unit tests, but don't save them. - [088b718] support local debug logging - [080f785] Revert "Use debug level logging during unit tests" - [fb03028] VMWare: add power off vm before detach disk during unrescue - [d93427a] Check for None or timestamp in availability zone api sample - [f5c3330f] Pass configured auth strategy to neutronclient - [74d1043] remove unneeded call to network_api on rebuild_instance - [f1fdb3c] Remove unnecessary call to fetch info_cache - [395ec82] Remove metadata's network-api dependence on the database - [a48d268] InvalidCPUInfo exception added to except block - [77392a9] Moved the registration of lifecycle event handler in init_host() - [40ae1ee] Fix display of server group members - [66c7ca1] Change errors_out_migration decorator to work with RPC - [e1e140b] Don't explode if we fail to unplug VIFs after a failed boot - [c816488] Remove unneeded call to fetch network info on shutdown - [7f9f3ef] Don't overwrite instance object with dict in _init_instance() - [2728f1e] Fix bug detach volume fails with "KeyError" in EC2 * debian/patches/libvirt-Handle-unsupported-host-capabilities.patch: Fix exception when starting LXC containers. (LP: #1297962) -- Chuck Short Tue, 24 Jun 2014 10:47:47 -0400 nova (1:2014.1-0ubuntu1.2) trusty-security; urgency=medium * SECURITY UPDATE: specify /etc/nova/rootwrap.conf for use with nova-rootwrap - CVE-2013-1068 (LP: #1185019) -- Jamie Strandboge Mon, 09 Jun 2014 09:32:44 -0500 nova (1:2014.1-0ubuntu1) trusty; urgency=medium [ Chuck Short ] * debian/control: Add genisoimage as a dependency for nova-compute-vmware. (LP: #1306484) [ Corey Bryant ] * New upstream release (LP: #1299055). -- James Page Thu, 17 Apr 2014 11:09:35 +0100 nova (1:2014.1~rc2-0ubuntu1) trusty; urgency=medium * New upstream release candidate (LP: #1299055) including fixes for: - Require admin context for interfaces on external networks to prevent non-admin users directly creating ports on external networks (LP: #1284718). -- James Page Thu, 10 Apr 2014 10:59:37 +0100 nova (1:2014.1~rc1-0ubuntu1) trusty; urgency=medium [ Chuck Short ] * debian/control: Use python-oslosphinx instead of python-oslo.sphinx. * debian/patches/use-oslo.sphinx-namespace.patch: Dropped no longer needed because of the python-oslo.sphinx rename. * debian/patches/arm-console-patch.patch: Fix typo in patch to allow booting ARM vm. * debian/nova-common.install: Remove nova-rpc-zmq-receiver, it has been removed upstream. [ Corey Bryant ] * New upstream release. (LP: #1299055) -- Corey Bryant Mon, 31 Mar 2014 16:21:50 -0400 nova (1:2014.1~b3-0ubuntu2) trusty; urgency=medium * d/nova-common.postinst: Tidy detection of default sqlite to ensure that db sync is only run against local databases (LP: #1290423). -- James Page Thu, 13 Mar 2014 11:00:23 +0000 nova (1:2014.1~b3-0ubuntu1) trusty; urgency=medium * New upstream release. * debian/patches/fix-requirements.patch: Refreshed. * debian/patches/fix-novnc-regression.patch: Dropped no longer needed. * debian/patches/fix-docs-build-without-network.patch: Dropped no longer needed. * debian/control: Add python-oslo.messaging as a build dependcy. * debian/patches/sqlachemy-0.8.3-compat.patch: Dropped no longer needed. * debian/patches/use-oslo.sphinx-namespace.patch: Use the oslo.sphinx name space for documentation. * debian/patches/arm-console-patch.patch: Add additonal tty for arm64. * debian/patches/update-run-tests.patch: Display tests results while building and set the concurrency to 1. * debian/control: Add subunit as a build-dependency. -- Chuck Short Thu, 06 Mar 2014 12:02:41 -0500 nova (1:2014.1~b2-0ubuntu3) trusty; urgency=medium * debian/tests/nova-compute-daemons: Drop nova-compute-uml. -- Chuck Short Fri, 31 Jan 2014 14:40:23 -0500 nova (1:2014.1~b2-0ubuntu2) trusty; urgency=medium * debian/patches/fix-nova-api-fake-network.patch: Fixed nova-api-metadata not starting. (LP: #1270845) -- Chuck Short Thu, 30 Jan 2014 14:06:29 -0500 nova (1:2014.1~b2-0ubuntu1) trusty; urgency=low [ Chuck Short ] * New upstream release. * debian/patches/fix-libvirt-regression.patch: Dropped. * debian/patches/sqlachemy-0.8.3-compat.patch: Refreshed. * debian/control: Add python-pycadf dependency. * debian/patches/fix-requirements.patch: Refreshed. [ James Page ] * d/nova-compute-*.conf: Update default hypervisor configurations to use new libvirt section configuration. * d/control: Bump version for stevedore to >= 0.12. * d/p/*: Refreshed. * d/control: Add new nova-compute-libvirt package to support libvirt based hypervisors, rework dependencies for nova-compute{-*} to align to this approach (LP: #928834). * d/nova-compute.postinst: Renamed to nova-compute-libvirt.postinst as its only appropriate for libvirt based hypervisors. * d/control,nova-compute-vmware.*,rules: Add new nova-compute-vmware hypervisor package. * d/control: Add missing ebtables dependency for nova-network (LP: #1161338). * d/nova-compute.upstart: If libvirt-bin is installed, then wait for it to reach running state before starting nova-compute (LP: #907152, #1190280). * d/nova-spiceproxy.logrotate: Manage the correct log file (LP: #1259332). * d/control: Drop dependency on curl, no longer required. * d/control,rules,nova-compute-uml.*: Drop nova-compute-uml package. * d/nova-compute.postinst,nova-compute-libvirt.postinst: Move permissions changes to compute rootwrap filters to nova-compute postinst. * d/control: Add python-oslo.rootwrap to BD's. -- Chuck Short Thu, 23 Jan 2014 13:26:34 -0500 nova (1:2014.1~b1-0ubuntu2) trusty; urgency=low * d/nova-compute.postinst.in: rename to nova-compute.postinst as libvirtd detection is no longer done in d/rules. -- James Page Wed, 11 Dec 2013 09:38:18 +0000 nova (1:2014.1~b1-0ubuntu1) trusty; urgency=low * New upstream release. * debian/control: - Open icehouse release. - Bump the versioned dependencies of python-pbr, python-migrate, and python-six. - Add "X-Python-Version:" * Dropped xcp support (LP: #1197386) (LP: #1199791): - debian/patches/path-to-the-xenhost.conf-fixup.patch: Removed - debian/control: Removed nova-compute-xcp, nova-xcp-plugins, and nova-xcp-network. * debian/patches/fix-boto-versioning.patch: Dropped no longer needed. * debian/patches/native-lxc-hypervisor.patch: Dropped. * Simplified debian/rules: - Remove git vcs, its not being used by anyone, complain if you are. - Removed libvirtd detection, no need for it so drop it. - Simplify building required docs including mangpages. - Add OSLO_VERSION to set correct distro version for package build. * debian/patches/sqlachemy-0.8.3-compat.patch: Add support for sqlachemy 0.8.3. * debian/patches/avoid-failing-test.patch: Dropped. * debian/patches/skip_ipv6_test.patch: Skip ipv6 test. * debian/patches/fix-libvirt-regression.patch: Fix libvirt regression while running the tests. -- Chuck Short Thu, 05 Dec 2013 11:25:41 -0500 nova (1:2013.2-0ubuntu1) saucy; urgency=low * New upstream release (LP: #1236462). -- Chuck Short Thu, 17 Oct 2013 11:27:05 -0400 nova (1:2013.2~rc2-0ubuntu1) saucy; urgency=low * New upstream release candidate (LP: #1239156): - d/p/fix-boto-versioning.patch: Cherry picked fix from upstream gerrit for test failures with boto < 2.13. * d/control: Add epoch to versioned dependencies for python-oslo.config. -- James Page Sun, 13 Oct 2013 11:05:46 +0100 nova (1:2013.2~rc1-0ubuntu3) saucy; urgency=low * debian/patches/native-lxc-hypervisor.patch: Update rootwrap.d/compute.filters to allow nova-network to start. (LP: #1235373) -- Chuck Short Fri, 04 Oct 2013 13:18:17 -0400 nova (1:2013.2~rc1-0ubuntu2) saucy; urgency=low [ Chuck Short ] * debian/patches/fix-novnc-regression.patch: Fix regression caused by use of more recent version of websockify upstream (LP: #1235044). -- James Page Fri, 04 Oct 2013 11:13:34 +0100 nova (1:2013.2~rc1-0ubuntu1) saucy; urgency=low * New upstream release candidate. * debian/control: - Dropped python-setuptools-git, python-carrot, python-unittest2, python-daemon, python-gflags, python-cheetah, python-glance, python-lockfile, python-routes, python-xattr, python-novaclient, python-pycurl, python-keystone, python-libxml2, python-pyparsing, and python-d2to1. - Suggest python-ldap for python-nova. - Added python-mock, python-greenlet, python-keystoneclient, python-anyjson, python-jsonschema, and python-six - Bumped versioned dependencies for python-fixtures, python-testtools, and testrepository, python-stevedore, - Added versioned depends for python-cinderclient, python-neutronclient, python-boto, python-paramiko, python-amplib, python-eventlet, python-glanceclient, python-oslo.config, python-paramiko, python-six * debian/patches/fix-requirements.patch: Rediffed * debian/patches/native-lxc-hypervisor.patch: Add native lxc support. (LP: #1220701) -- Chuck Short Thu, 03 Oct 2013 09:42:52 -0400 nova (1:2013.2~b3-0ubuntu2) saucy; urgency=low * debian/tests: Removed tests for nova-compute-xen and nova-compute-xcp. nova (1:2013.2~b3-0ubuntu1) saucy; urgency=low * New usptream release. * debian/patches/avoid_requirements_cheetah.patch: Dropped * debian/patches/fix-sqlalchemy-0.7.9-usage.patch: Dropped * debian/patches/fix-requirements.patch: Refreshed. * debian/patches/path-to-the-xenhost.conf-fixup.patch: Refreshed * debian/control: Add python-jinja2 * debian/control: Dropped python-cheetah -- Chuck Short Mon, 09 Sep 2013 13:11:11 -0400 nova (1:2013.2~b2-0ubuntu2) saucy; urgency=low * debian/control: Fix python-sqlalchemy dependency. -- Chuck Short Fri, 19 Jul 2013 15:03:16 -0400 nova (1:2013.2~b2-0ubuntu1) saucy; urgency=low [ Adam Gandelman ] * d/patches/requirements_drop_requests_vers_cap.patch: Remove upper version limit on requests dependency, which was capped upstream to fix centos-related gating issues. * debian/control: - Set version requirement python-kombu (>= 2.5.12). - Set version requirement python-pyparsing (>= 1.5.6). - Add websockify to nova-spiceproxy Depends. - Add spice-html5 to nova-spiceproxy Depends (LP: #1197119) * Add nova-xvpvncproxy upstart (LP: #1197163) [ James Page ] * d/control: Update VCS fields for new branch locations. [ Chuck Short ] * New upstream release. * debian/patches/fix-requirements.patch: Combined several patches into one. * debian/control: Replace python-quantumclient with python-neutronclient. * debian/patches/fix-sqlalchemy-0.7.9-usage.patch: Temporary patch to address a FTBFS with sqlalchemy 0.7.9. * debian/patches/avoid-failing-test.patch: Skip failing test on buildds. -- Chuck Short Fri, 19 Jul 2013 09:15:03 -0400 nova (1:2013.2~b1-0ubuntu3) saucy; urgency=low * Depend on python-oslo.config instead of python-oslo-config. -- Adam Conrad Sat, 06 Jul 2013 15:36:40 -0600 nova (1:2013.2~b1-0ubuntu2) saucy; urgency=low [Yolanda Robla] * debian/tests: added autopkgtests [ Adam Gandelman ] * debian/control: Set version requirements python-pbr (>= 0.5.11), python-d2to1 (>= 0.2.10). -- Chuck Short Wed, 19 Jun 2013 13:00:11 -0500 nova (1:2013.2~b1-0ubuntu1) saucy; urgency=low [ Chuck Short ] * New upstream version. * debian/patches/avoid_setuptools_git_dependency.patch: Dropped no longer needed. * debian/control: Add python-pbr and python-d2to1 as build dependencies. * debian/control: Drop pep8 dependency. * debian/patches/fix-ubuntu-tests.patch: Dropped no longer needed. [ Adam Gandelman ] * debian/patches/avoid_requirements_websockify.patch: Remove websockify to avoid making it a dependency of every nova package. * debian/patches/avoid_requirements_cheetah.patch: Temporarily remove Cheetah until cheetah's dependencies have been MIR'd. * debian/control: Add python-babel. * debian/control: Set min. version 0.7.6 on python-netaddr dependency. -- Chuck Short Fri, 31 May 2013 07:44:38 -0500 nova (1:2013.1-0ubuntu2) raring; urgency=low * debian/nova-cells.upstart: Fix typo in upstart job. (LP: #1163218) * debian/control: Add iptables dependency. (LP: #1172393) -- Chuck Short Wed, 24 Apr 2013 07:39:25 -0500 nova (1:2013.1-0ubuntu1) raring; urgency=low * New upstream release. -- Chuck Short Thu, 04 Apr 2013 10:42:21 -0500 nova (1:2013.1~rc2-0ubuntu1) raring; urgency=low [ James Page ] * d/control: Promote novnc and websockify to Depends for nova-novncproxy (LP: #1066845). [ Chuck Short ] * New upstream release. -- Chuck Short Tue, 02 Apr 2013 08:44:39 -0500 nova (1:2013.1~rc1-0ubuntu1) raring; urgency=low [ Chuck Short ] * New upstream release. * debian/patches/avoid_setuptools_git_dependency.patch: Refreshed. * debian/control: Clean up dependencies: - Dropped python-gflags no longer needed. - Dropped python-daemon no longer needed. - Dropped python-glance no longer needed. - Dropped python-lockfile no longer needed. - Dropped python-simplejson no longer needed. - Dropped python-tempita no longer needed. - Dropped python-xattr no longer needed. - Add sqlite3 required for the testsuite. [ James Page ] * d/watch: Update uversionmangle to deal with upstream versioning changes, remove tarballs.openstack.org. -- Chuck Short Wed, 20 Mar 2013 12:59:22 -0500 nova (2013.1.g3-0ubuntu1) raring; urgency=low [ Chuck Short ] * New usptream release. * debian/patches/debian/patches/fix-ubuntu-tests.patch: Refreshed. * debian/nova-baremetal.logrotate: Fix logfile path. * debian/control, debian/nova-spiceproxy.{install, logrotate, upstart}: Add spice html5 proxy support. * debian/nova-novncproxy.upstart: Start on runlevel [2345] * debian/rules: Call testr directly since run_tests.sh -N gives weird return value when tests pass. * debian/pyddist-overrides: Add websockify. * debian/nova-common.postinst: Removed config file conversion, since the option is no longer available. (LP: #1110567) * debian/control: Add python-pyasn1 as a dependency. * debian/control: Add python-oslo-config as a dependency. * debian/control: Suggest sysfsutils, sg3-utils, multipath-tools for fibre channel support. [ Adam Gandelman ] * debian/control: Fix typo (websocikfy -> websockify). -- Chuck Short Fri, 22 Feb 2013 09:27:29 -0600 nova (2013.1~g2-0ubuntu3) raring; urgency=low * SECURITY UPDATE: fix lack of authentication on block device used for os-volume_boot - debian/patches/CVE-2013-0208.patch: adjust nova/compute/api.py to validate we can access the volumes - CVE-2013-0208 -- Jamie Strandboge Thu, 24 Jan 2013 08:23:44 -0600 nova (2013.1~g2-0ubuntu2) raring; urgency=low * Make nova-compute-kvm prefer qemu-system over kvm for the new qemu. -- Adam Conrad Sat, 19 Jan 2013 07:00:56 -0700 nova (2013.1~g2-0ubuntu1) raring; urgency=low [ Chuck Short ] * New upstream release. * debian/patches/ubuntu-show-tests.patch: Dropped no longer needed. * debian/nova-xcp-plugins.install: Fix xcp-plugins empty packages * debian/control: Drop python-nose in favor or testrepository * debian/control: Add python-coverage as a build dep. * debian/rules, debian/control: Run pep8 tests. * debian/*.init: Remove they are not needed and take up space * debian/control, debian/nova-cells.{install, logrotate, upstart}: Add cells support. * debian/patches/fix-ubuntu-tests.patch: temporarily disable failing tests. * debian/control, debian/nova-baremetal.{install, logrotate, upstart}: Add nova baremetal support. * debian/control: Remove python-support. [ Adam Gandelman ] * debian/*.manpages: Install Sphinx-generated manpages instead of our own. * debian/nova-compute-*.conf: Specify the newly required compute_driver flag in addition to libvirt_type. * debian/control: Specify required python-webob and python-stevedore versions. [ Yolanda Robla ] * debian/*.upstart: Use start-stop-daemon instead of su for chuid (LP: #1086833). * debian/rules: Remove override of dh_installinit for discriminating between Debian and Ubuntu. * debian/nova-common.docs: Installing changelogs from rules * debian/rules: Replacing perms in /etc/nova/logging.conf for 0644 * debian/control: adduser dependency on nova-compute. * debian/control: added section oldlibs and priority extra on nova-ajax-console-proxy. * debian/nova-xvpvncproxy.postrm: removing because of duplicates. [ James Page ] * d/control: Add ~ to python-sqlalchemy-ext versioned dependencies to make backporting easier. * d/control: Updated nova-volume description and depdendencies to mark it as a transitional package, moved to oldlibs/extra. * d/p/fix-libvirt-tests.patch: Dropped; accepted upstream. * d/control: Added python-stevedore to BD's. * d/*.postrm: Dropped postrm's that just run update-rc.d; this is not required when deploying upstart configurations only. * d/nova-scheduler.manpages: Add man page for nova-rpc-zmq-receiver. * d/rules: Install upstream changelog with a policy compliant name. * d/control: Mark nova-compute-xcp as virtual package. * d/control: nova-api-os-volume; Depend on cinder-api and mark as transitional package. * d/nova-api-os-volume.lintian-overrides: Dropped - no longer required. -- Chuck Short Fri, 11 Jan 2013 13:06:56 -0600 nova (2013.1~g1-0ubuntu1) raring; urgency=low [ Adam Gandelman ] * debian/control: Ensure novaclient is upgraded with nova, require python-keystoneclient >= 1:2.9.0. (LP: #1073289) * debian/patches/{ubuntu/*, rbd-security.patch}: Dropped, applied upstream. * debian/control: Add python-testtools to Build-Depends. [ Chuck Short ] * New upstream version. * Refreshed debian/patches/avoid_setuptools_git_dependency.patch. * debian/rules: FTBFS if missing binaries. * debian/nova-scheudler.install: Add missing rabbit-queues and nova-rpc-zmq-receiver. * Remove nova-volume since it doesnt exist anymore, transition to cinder-*. * debian/rules: install apport hook in the right place. * debian/patches/ubuntu-show-tests.patch: Display test failures. * debian/control: Add depends on genisoimage * debian/control: Suggest guestmount. * debian/control: Suggest websockify. (LP: #1076442) * debian/nova.conf: Disable nova-volume service. * debian/control: Depend on xen-system-* rather than the hypervisor. * debian/control, debian/mans/nova-conductor.8, debian/nova-conductor.init, debian/nova-conductor.install, debian/nova-conductor.logrotate debian/nova-conductor.manpages, debian/nova-conductor.postrm debian/nova-conductor.upstart.in: Add nova-conductor service. * debian/control: Add python-fixtures as a build deps. -- Chuck Short Fri, 23 Nov 2012 09:32:05 -0600 nova (2012.2-0ubuntu5) quantal; urgency=low [ Adam Gandelman ] * Move management of /var/lib/nova/volumes from nova-common to nova-volume. Ensure it has proper permissions. (LP: #1065320) * debian/patches/avoid_setuptools_git_dependency.patch: Remove setuptools_git from tools/pip-requires to avoid it being automatically added to python-nova's runtime dependencies. (LP: #1059907) [ Chuck Short ] * debian/patches/rbd-security.patch: Support override of ceph rbd user and secret in nova-compute. (LP: #1065883) * debian/patches/ubuntu/fix-libvirt-firewall-slowdown.patch: Fix refreshing of security groups in libvirt not to block on RPC calls. (LP: #1062314) * debian/patches/ubuntu/fix-ec2-volume-id-mappings.patch: Read deleted snapshot and volume id mappings. (LP: #1065785) -- Chuck Short Fri, 12 Oct 2012 12:35:01 -0500 nova (2012.2-0ubuntu4) quantal; urgency=low * debian/patches/ubuntu/ubuntu-fix-ec2-instance-id-mappings.patch: Backport from trunk, Set read_deleted='yes' for instance_id_mappings. (LP: #1061166) -- Chuck Short Tue, 09 Oct 2012 11:51:15 -0500 nova (2012.2-0ubuntu3) quantal; urgency=low * nova-xvpvncproxy, nova-novncproxy: Add missing .install, .logrotate, .postrm, manpages and upstart jobs (LP: #1060336) * debian/{rules, nova-volume.install}: Rename nova_tgt to nova_tgt.conf so that it is actually loaded by tgt. (LP: #1060422) -- Adam Gandelman Tue, 02 Oct 2012 13:44:35 -0700 nova (2012.2-0ubuntu2) quantal; urgency=low * debian/patches/ubuntu-fix-32-64-bit-iss.patch: Backport ba8cca2b59bb2904635520ad12f6d9a73f10242c, python's builtin builtin hash returns different values on 32-bit and 64-bit architectures, so it's safer to use a well-defined hash like MD5. This fixes a FTBFS in Ubuntu's buildds. -- Chuck Short Fri, 28 Sep 2012 07:49:45 -0500 nova (2012.2-0ubuntu1) quantal; urgency=low [ Adam Gandelman ] * debian/control: Depend on python-sqlalchemy >= 0.7.8-1. [ Chuck Short ] * New upstream release. * debian/control: Dont conflict with novnc. (LP: #1055505) * debian/nova-volume.postinst, nova-common.dirs: Configure nova-volumes to use tgtd properly. -- Chuck Short Thu, 27 Sep 2012 12:36:04 -0500 nova (2012.2~rc3-0ubuntu1) quantal; urgency=low * New upstream relase. -- Chuck Short Wed, 26 Sep 2012 12:56:25 -0500 nova (2012.2~rc2-0ubuntu1) quantal; urgency=low [ Adam Gandelman ] * debian/control: Add python-cinderclient to python-nova Depends. * wrap-and-sort. [ Chuck Short ] * debian/nova-common.postinst: Change root_helper to rootwrap_config when upgrading from precise * debian/pydist-overrides: dont try to install babel. * New upstream version. * debian/rules: FTBFS if testsuite fails. -- Chuck Short Tue, 25 Sep 2012 10:54:59 -0500 nova (2012.2~rc1-0ubuntu1) quantal; urgency=low [ Adam Gandelman ] * Ensure /etc/nova/rootwrap.d/ is only writable by root, ensure those permissions on /etc/nova/rootwrap.conf as well as all individual filter configurations. [ Chuck Short ] * Fix lintian warnings * debian/*.lograote: compress logfiles when they are rotated. (LP: #1049915) * debian/control: - Suggest ceph-common for nova-volume. - Add python-cinderclient as a build depends. [Vishvananda Ishaya] * Split up vncproxy and xvpvncproxy. -- Chuck Short Thu, 20 Sep 2012 07:45:50 -0500 nova (2012.2~rc1~20120907.15996-0ubuntu1) quantal; urgency=low [ Chuck Short ] * New upstream release. * debian/nova-common.postinst: Drop nova_sudoers permission changing since we do it in the debian/rules. (LP: #995285) [ Soren Hansen ] * Update debian/watch to account for symbolically named tarballs and use newer URL. * Fix Launchpad URLs in debian/watch. -- Chuck Short Fri, 07 Sep 2012 17:49:53 -0500 nova (2012.2~rc1~20120827.15815-0ubuntu1) quantal; urgency=low [ Adam Gandelman ] * New upstream release. [ Chuck Short ] * debian/patches/0001-Update-tools-hacking-for-pep8-1.2-and- beyond.patch: Dropped we dont run pep8 tests anymore. * debian/control: Drop pep8 build depends * debian/*.upstart.in: Make sure we transition correctly from runlevel 1 to 2. (LP: #820694) -- Adam Gandelman Mon, 27 Aug 2012 15:37:18 -0700 nova (2012.2~f3-0ubuntu1) quantal; urgency=low [ Chuck Short ] * New upstream version. * debian/rules: Re-enable testsuite. * debian/control: - Add python-quantumclient as a build depends. - Bump standards to 3.9.3 - Fix lintian warnings. - Recommend python-glanceclient and python-keystoneclient. - Add dependency of iptables for nova-network. * debian/watch: Update * debian/rules: Do not run pep8 tests since upstream is still using an older pep8. * debian/patches/0001-Update-tools-hacking-for-pep8-1.2-and- beyond.patch: Get the testsuite running again. * debian/nova-volume.install, debian/nova_tgt: Add support for persistent volumes. [ Adam Gandelman ] * debian/{nova-api.install, nova-api-metadata.install}: Install api-metadata.filters. (LP: #1002111) * debian/control: Added python-glanceclient. -- Chuck Short Thu, 16 Aug 2012 14:04:11 -0500 nova (2012.2~f2-0ubuntu1) quantal; urgency=low [ Adam Gandelman ] * Use new rootwrap configuration structure: - debian/nova-{compute, network, volume}.{pyinstall, pyremove}: Dropped. - debian/nova-common.dirs: Add /etc/nova/rootwrap.d/. - debian/nova-common.install: Install /etc/nova/rootwrap.conf. - debian/debian/nova.conf: Reference rootwrap.conf in calls to nova-rootwrap. - debian/nova-{compute, network, volume}.install: Install corresponding filter in /etc/nova/rootwrap.d/ * debian/rules: Install logging_sample.conf to /etc/nova/logging.conf as part of nova-common. * debian/pydist-overrides: Add setuptools-git. * debian/control: Add python-setuptools-git as a Build-Depends. * debian/rules: Do not remove nova.egg-info during auto_clean. Now that upstream has moved to setuptools-git, doing so results in missing files from built package. [ Chuck Short ] * New upstream release. -- Chuck Short Fri, 06 Jul 2012 10:18:33 -0400 nova (2012.2~f2~20120531.14249-0ubuntu4) quantal; urgency=low * debian/rules: Temporarily disable test suite while blocking tests are investigated. * debian/patches/kombu_tests_timeout.patch: Dropped. -- Adam Gandelman Tue, 19 Jun 2012 17:10:26 -0700 nova (2012.2~f2~20120531.14249-0ubuntu3) quantal; urgency=low [ Adam Gandelman ] * debian/patches/nova-manage_flagfile_location.patch: Dropped. * debian/nova-common.postinst: Old format config will break nova-manage if left in place. Move it away instead of copying before conversion. * debian/nova.conf: Set booleans explicitly '=true', specify path to paste config. * debian/*.init, debian/*.upstart.in, debian/mans/*: Update to use --config-file flag instead of obsolete --flagfile. * debian/nova-common.postinst: Also handle conversion of nova-compute.conf to new .ini format. [ Paul Belanger ] * Give nova group read permissions nova files / directories (LP: #989241) * Add adm group to /var/log/nova (LP: #989242) -- Adam Gandelman Tue, 05 Jun 2012 10:39:42 -0700 nova (2012.2~f2~20120531.14249-0ubuntu2) quantal; urgency=low * Really fix quantal postinst. -- Chuck Short Fri, 01 Jun 2012 11:31:33 -0400 nova (2012.2~f2~20120531.14249-0ubuntu1) quantal; urgency=low * New upstream release. * debian/nova-common.postinst: Fix typo when upgrading. (LP: #1005479) * debian/nova-common.docs: Add ChangeLog * debian/patches/nova-manage_flagfile_location.patch: Refreshed * debian/patches/upstream: Removed -- Chuck Short Fri, 01 Jun 2012 11:07:00 -0400 nova (2012.2~f1-0ubuntu1) quantal; urgency=low * New upstream release. * Prepare for quantal: - Dropped debian/patches/upstream/0006-Use-project_id-in-ec2.cloud._format_image.patch - Dropped debian/patches/upstream/0005-Populate-image-properties-with-project_id-again.patch - Dropped debian/patches/upstream/0004-Fixed-bug-962840-added-a-test-case.patch - Dropped debian/patches/upstream/0003-Allow-unprivileged-RADOS-users-to-access-rbd-volumes.patch - Dropped debian/patches/upstream/0002-Stop-libvirt-test-from-deleting-instances-dir.patch - Dropped debian/patches/upstream/0001-fix-bug-where-nova-ignores-glance-host-in-imageref.patch - Dropped debian/patches/0001-fix-useexisting-deprecation-warnings.patch * debian/control: Add python-keystone as a dependency. (LP: #907197) * debian/patches/kombu_tests_timeout.patch: Refreshed. * debian/nova.conf, debian/nova-common.postinst: Convert to new ini file configuration * debian/patches/nova-manage_flagfile_location.patch: Refreshed -- Chuck Short Thu, 24 May 2012 13:12:53 -0400 nova (2012.1-0ubuntu2) precise; urgency=low [ Adam Gandelman ] * debian/rules: Properly create empty doc/build/man dir for builds that skip doc building * debian/control: Set 'Conflicts: nova-compute-hypervisor' for the various nova-compute-$type packages. (LP: #975616) * debian/control: Set 'Breaks: nova-api' for the various nova-api-$service sub-packages. (LP: #966115) [ Chuck Short ] * Resynchronize with stable/essex: - b1d11b8 Use project_id in ec2.cloud._format_image() - 6e988ed Fixes image publication using deprecated auth. (LP: #977765) - 6e988ed Populate image properties with project_id again - 3b14c74 Fixed bug 962840, added a test case. - d4e96fe Allow unprivileged RADOS users to access rbd volumes. - 4acfab6 Stop libvirt test from deleting instances dir - 155c7b2 fix bug where nova ignores glance host in imageref * debian/nova.conf: Enabled ec2_private_dns_show_ip so that juju can connect to openstack instances. * debian/patches/fix-docs-build-without-network.patch: Fix docs build when there is no network access. -- Chuck Short Thu, 12 Apr 2012 14:14:29 -0400 nova (2012.1-0ubuntu1) precise; urgency=low * New upstream release. -- Chuck Short Thu, 05 Apr 2012 11:00:38 -0400 nova (2012.1~rc4-0ubuntu1) precise; urgency=low * New upstream release. * debian/patches/nova-console-monitor.patch: Disabled. * debian/nova.conf: Removed console-monitor option. -- Chuck Short Wed, 04 Apr 2012 16:55:52 -0400 nova (2012.1~rc3-0ubuntu1) precise; urgency=low * New Upstream release. * debian/control: Conflict nova-vncproxy with novnc. -- Chuck Short Wed, 04 Apr 2012 09:25:14 -0400 nova (2012.1~rc2-0ubuntu1) precise; urgency=low [ Adam Gandelman ] * debian/control: Remove unncessary nova-cert dependency from nova-api. (LP: #965356) * debian/nova-common.postinst: Clean up spacing, remove redundant chown, set blanket 0700 nova.nova permissions on /etc/nova/ * debian/nova-compute-{kvm, lxc, uml, xen}.postinst: Set proper permissions on /etc/nova/nova-compute.conf (LP: #861459) * debian/nova-common.postinst: Ensure default nova.sqlite database is not world-readable. * debian/{rules, nova-common.{install, postinst}}: Install api-paste.ini 0600 with nova-common (in prepartion for proper nova-api-* package separation) * debian/{nova-common.nova-manage.logrotate, nova-network.nova-dhcpbridge.logrotate, rules}: Add lograte files, override_dh_installlogrotate. (LP: #942646) * Add manpage stubs for nova-api-ec2, nova-api-metadata, nova-api-os-{volume, compute}, nova-rootwrap. Use sphinx built manpage for nova-manage (nova-common.manpages) * debian/nova-compute-{kvm, xen, uml, qemu}.postinst: Remove calls to adduser since this is already handled from nova-compute.postsinst in a vendor neutral way. Silences lintian errors regarding adduser dependency [ Chuck Short ] * New upstream version. * debian/patches/libvirt-use-console-pipe.patch: Dropped. * debian/patches/nova-console-monitor.patch: Add console-monitor option. * debian/nova.conf: Enable use_console_monitor * debian/patches/fix-ubuntu-tests.patch: Fix nova testsuite. * debian/rules: fail package build if testsuite fails. * debian/patches/validate_server_name_length.patch: Dropped no longer needed. * debian/patches/fix-docs-build-without-network.patch: Some docs need a network connection in order to build. Disable fetching docs from the internet. * debian/patches/0001-fix-useexisting-deprecation-warnings.patch: Remove deprecated warnings with sqlalchemy. [ Tyler Hicks ] * SECURITY UPDATE: Denial of service via resource exhaustion in nova-api (LP: #968411) - debian/patches/validate_server_name_length.patch: Limit server names to a maximum of 255 characters to prevent nova-api log files from exhausting storage space. Based on upstream patch. - CVE-2012-1585 -- Chuck Short Mon, 02 Apr 2012 11:17:33 -0400 nova (2012.1~rc1-0ubuntu2) precise; urgency=low * debian/control: Add Breaks/Replaces to nova-consoleauth, update description, nova-console Recommends nova-consoleauth * debian/nova-console.install: Remove nova-consoleauth -- Adam Gandelman Thu, 22 Mar 2012 11:31:35 -0700 nova (2012.1~rc1-0ubuntu1) precise; urgency=low [ Adam Gandelman ] [Chuck Short] * New upstream release. * debian/patches/libvirt-use-console-pipe.patch: Refreshed [Adam Gandelman] * debian/patches/libvirt-console.patch: Refresh * debian/control: Split nova-consoleauth from nova-console into its own pkg (LP: #959289) * debian/nova-console.upstart.in: Specify shell -- Chuck Short Tue, 20 Mar 2012 11:06:11 -0400 nova (2012.1~rc1~20120316.13416-0ubuntu1) precise; urgency=low [Adam Gandelman] * New upstream release. * debian/patches/libvirt-conosle-patch: Refresh * debian/control: Fix descriptions of nova-{doc, cert} (LP: #942541) [Paul Belanger] * debian/control: python-nova depends on openssh-client (LP: #956177) -- Adam Gandelman Mon, 12 Mar 2012 12:09:45 -0700 nova (2012.1~rc1~20120309.13261-0ubuntu1) precise; urgency=low [ Chuck Short ] * New upstream release. * Refreshed libvirt-console-patch again. [ Adam Gandleman ] * debian/patches/{ec2-fixes.patch, libvirt-console-pipe.patch}: Fix and refresh. Add dep3 headers from original git commits. * debian/patches/ec2-fixes.patch: Dropped. Merge upstream at 121537c3 * debain/{rules, nova-docs.doc}: Docs now built in doc/build/. * debian/patches/libvirt-use-console-pipe.patch: Update use of instance['name'] instead of instance_name -- Chuck Short Fri, 09 Mar 2012 13:07:19 -0500 nova (2012.1~e4-0ubuntu1) precise; urgency=low [ Adam Gandleman ] * debian/patches/libvirt-use-console-pipe.patch: Refreshed. * debain/nova-volume.upstart.in: Ensure lock directory is created (LP: #940780) * debain/control: Fix nova-compute-$flavor Depends * debian/control: Add python-iso8601 to python-nova Depends [ Chuck Short ] * debian/rules: Fix FTBFS. * Merge Ubuntu/Debian packaging: - Thanks to Julien Danjou, Ghe Rivero, and Thomas Goirand - debian/copyright: Update copyright file. - debian/nova-api.init, debian/nova-compute.init, debian/nova-network.init, debian/nova-objectstore, debian/nova-scheduler, debian/nova-volume.init: Synchronize init scripts. - nova-common.install, debian/rules: Install policy.json - debian/rules, debian/nova-xcp-network.install, debian/nova-xcp-plugins.install, nova-xcp-plugins.postrm, debian/nova-xcp-plugins.doc, debian/nova-xcp-plugins.postinst, debian/README.xcp_and_openstack, debian/control, debian/ubuntu_xen-openvswitch-nova.rules, debian/patches/path-to-the-xenhost.conf-fixup.patch: Add Xen XCP support. - debian/control, debian/nova-compute-{kvm,lxc,qemu,xen,uml}.postinst: Make nova-compute a virtual package. - Dropped ubuntu_ubuntu_control_vars: We dont use it * New upstream release. * Dropped python-babel, it will be handled by langpacks. * debian/patches/ec2-fixes.patch: Backport turnk fix for ec2 permissions. * debian/patches/path-to-the-xenhost.conf-fixup.patch: Refreshed. -- Chuck Short Fri, 02 Mar 2012 11:18:35 -0500 nova (2012.1~e4~20120224.12913-0ubuntu1) precise; urgency=low [ Monty Taylor ] * Move files from nova/locale to /usr/share/locale [ Chuck Short ] * debian/rules: Fix FTBFS. * debian/control: Add depends on python-babel. * debian/control: Add depends on python-iso8601. * debian/nova-api-os-volume.install: Fix FTBS. * debian/patches/libvirt-use-console-pipe.patch: Refreshed and Re-enabled. (LP: #879666) * debian/control: Make sure we install nova-cert [ Joseph Heck ] * debian/nova-console.install: Add nova-consoleauth. * Add nova-api-ec2, nova-api-os-compute, and nova-api-os-volume. -- Chuck Short Fri, 24 Feb 2012 10:08:10 -0500 nova (2012.1~e4~20120217.12709-0ubuntu1) precise; urgency=low [ Dave Walker (Daviey) ] * New upstream snapshot * debian/patches/temp_fix_linux_net.patch: - Dropped, applied upstream. LP: #929127 * debian/patches/libvirt-use-console-pipe.patch: - Rebased against latest trunk [ Chuck Short ] * debian/nova.conf: Re-enable default iscsi_helper. * debian/nova.conf: More fixups. * debian/control: Dont depend and conflicts on nova-compute- hypervisor. (LP: #923681) * debian/patches/libvirt-us-console-pipe.patch: Refreshed. * Temporarily disable console patch. (LP: #932787) * New usptream version. -- Chuck Short Fri, 17 Feb 2012 11:02:12 -0500 nova (2012.1~e4~20120210.12574-0ubuntu1) precise; urgency=low [Chuck Short] * New upstream release. * debian/patches/nova-manage_flagfile_location.patch: Refreshed patch. * debian/patches/libvirt-use-console-pipe.patch: Re-add from oneiric. * Dropped debian/patches/packaged-ajaxterm-calls.patch. * debian/control: - Dropped recommends on ajaxterm for nova-compute - Dropped nova-ajaxterm package. [Adam Gandleman] * debian/patches/temp_fix_linux_net.patch: Temporary patch until LP: 929127 is resolved. -- Chuck Short Fri, 10 Feb 2012 11:25:38 -0500 nova (2012.1~e4~20120208.12523-0ubuntu1) UNRELEASED; urgency=low [ Chuck Short ] * debian/patches/fix-nova-rootwraper-env.patch: Dropped no longer needed. * debian/nova-compute-{kvm,xen,uml,lxc}.conf: Add the connection type "--connection=libvirt" since libvirt is no longer the default. [ Adam Gandelman ] * debian/nova.conf: Define connection_type=libvirt in common nova.conf instead of nova-compute-*.conf until Bug #921294 is addressed. [ Vish Ishaya ] * debian/mans/nova-cert.8, debian/nova-cert.init, debian/nova-cert.install, debian/nova-cert.logrotate, debian/nova-cert.manpages, debian/nova-cert.upstart.in, debian/control, debian/source_nova.py: Add nova-cert. [ Soren Hansen ] * Refresh flagfile location patch. * Enable builds on versions of Ubuntu that do not have dh_python2. * Remove ajaxterm patch (upstream performed a ajaxtermectomy) * Replace ajax console proxy package with an empty, transitional package. * Add a nova-compute-qemu package. -- Soren Hansen Fri, 10 Feb 2012 17:41:50 +0100 nova (2012.1~e4~20120203.12454-0ubuntu1) precise; urgency=low [Chuck Short] * New upstream version. * debian/control: Replace m2crpto with python-crypto. (LP: #917851) * debian/*.upstart.in, debian/nova-common.postinst, debian/nova_sudoers: Change default shell to /bin/false. (LP: #890362) [Adam Gandleman] * debian/nova-common.{install, postinst}: Install policy.json on all Nova nodes (LP: #923817) * debian/rules: Remove installation of policy.json (moved to nova-common), point to the correct upstream git repository. -- Chuck Short Fri, 03 Feb 2012 09:03:12 -0500 nova (2012.1~e3-0ubuntu1) precise; urgency=low [Chuck short] * New upstream release. * debian/patches/fix-nova-rootwraper-env.patch: Dropped no longer needed. * debian/nova-compute-{kvm,xen,uml,lxc}.conf: Add the connection type "--connection=libvirt" since libvirt is no longer the default. [Adam Gandelman] * debian/nova.conf: Define connection_type=libvirt in common nova.conf instead of nova-compute-*.conf until Bug #921294 is addressed. [Vish Ishaya] * debian/mans/nova-cert.8, debian/nova-cert.init, debian/nova-cert.install, debian/nova-cert.logrotate, debian/nova-cert.manpages, debian/nova-cert.upstart.in, debian/control, debian/source_nova.py: Add nova-cert. -- Chuck Short Thu, 26 Jan 2012 10:29:13 -0500 nova (2012.1~e3~20120120.12170-0ubuntu1) precise; urgency=low [Chuck Short] * New upstream version. * debian/nova-vncproxy.install, debian/nova-vncproxy.upstart.in: nova-vncproxy becomes nova-xvpvncproxy. * debian/nova.conf: Really use the nova rootwrapper. (LP: #918179) * debian/nova_sudoers: Fix typo in rootwrap usage. * debian/patches/kombu_tests_timeout.patch: Skip "test_iterconsume_errors_will_reconnect" test. [Dan Prince] * Add policy.json to packages. [Thierry Carrez] * debian/*.pyinstall: Ship filter files in each node... (LP: #919105) * debian/python-nova.pyremove: ...and no longer in python-nova (LP: #919105) * debian/patches/fix-nova-rootwraper-env.patch: Fix temporary issue with nova-rootwrap and nova-compute. -- Chuck Short Fri, 20 Jan 2012 11:54:15 -0500 nova (2012.1~e3~20120113.12049-0ubuntu1) precise; urgency=low [ Chuck Short ] * New upstream version. * debian/nova_sudoers, debian/nova-common.install, Switch out to nova-rootwrap. (LP: #681774) * Add "get-origsource-git" which allows developers to generate a tarball from github, by doing: fakeroot debian/rules get-orig-source-git * debian/debian/nova-objectstore.logrotate: Dont determine if we are running Debian or Ubuntu. (LP: #91379) [ Adam Gandleman ] * Removed python-nova.postinst, let dh_python2 generate instead since python-support is not a dependency. (LP: #907543) -- Chuck Short Fri, 13 Jan 2012 09:51:10 +0100 nova (2012.1~e2-0ubuntu4) precise; urgency=low * SECURITY UPDATE: fix tenant bypass by authenticated users via OpenStack API (LP: #904072) - CVE-2012-XXXX -- Jamie Strandboge Thu, 05 Jan 2012 08:58:46 -0600 nova (2012.1~e2-0ubuntu2) precise; urgency=low [ Chuck Short ] * debian/nova.conf: Fix misconfiguration. [ Dan Prince ] * debian/nova_sudoers: Fix typo * Add policy.json to packages. -- Thierry Carrez (ttx) Thu, 22 Dec 2011 16:15:22 +0100 nova (2012.1~e2-0ubuntu1) precise; urgency=low * New usptream release. Fixes the following bugs: (LP: #871278, #848643, #859679, #83199) * debian/nova-console.install: Fix empty package. * debian/patches, debian/pydist-overrides: Cleaner way of disabling unwanted python-dependencies. * debian/control: - Suggest python-keystone. (LP: #901881) - Update build dependencies. * debian/nova.conf: Use virtio networking by default. (LP: #904480) * debian/fix-traversal-via-image-register.patch: Dropped fixed upstream. -- Chuck Short Fri, 16 Dec 2011 13:03:55 -0500 nova (2012.1~e2~20111208.11721-0ubuntu3) precise; urgency=low * SECURITY UPDATE: fix directory traversal during image registration via EC2 API and S3/RegisterImage - fix-traversal-via-image-register.patch: adjust nova/image/s3.py to use basename instead of absolute path - CVE-2011-4596 -- Jamie Strandboge Tue, 13 Dec 2011 08:39:13 -0600 nova (2012.1~e2~20111208.11721-0ubuntu2) precise; urgency=low * Disable python-coverage as well. -- Chuck Short Mon, 12 Dec 2011 10:13:04 -0500 nova (2012.1~e2~20111208.11721-0ubuntu1) precise; urgency=low * New upstream release. * debian/control: + Add python-suds as a dependency. * debian/patches: Temporarily disable python-nosexcover. -- Chuck Short Fri, 09 Dec 2011 14:24:07 -0500 nova (2012.1~e2~20111202.11641-0ubuntu2) precise; urgency=low * debian/nova.conf: Remove parameter to --force_dhcp_release (LP: #891227) -- Adam Gandelman Fri, 02 Dec 2011 11:31:34 -0800 nova (2012.1~e2~20111202.11641-0ubuntu1) precise; urgency=low * New upstream release. * debian/nova_sudoers: Clean up to remove unused programs needed by root. (LP: #989583) -- Chuck Short Fri, 02 Dec 2011 10:56:30 -0500 nova (2012.1~e2~20111125.11566-0ubuntu1) precise; urgency=low * New upstream release. * Refreshed debian/patches/packaged-ajaxterm-calls.patch. -- Chuck Short Fri, 25 Nov 2011 14:02:18 -0500 nova (2012.1~e2~20111116.11495-0ubuntu1) precise; urgency=low * New upstream version. * Refreshed debian/patches/packaged-ajaxterm-calls.patch. -- Chuck Short Fri, 18 Nov 2011 09:40:58 -0500 nova (2012.1~e1-0ubuntu3) precise; urgency=low * debian/rules: Take the api-paste.ini from nova/etc. -- Chuck Short Thu, 17 Nov 2011 14:10:03 -0500 nova (2012.1~e1-0ubuntu2) precise; urgency=low * Revert debian/nova-manage_flagfile_location.patch: It was causing more problems then it should have. (LP: #891229) -- Chuck Short Wed, 16 Nov 2011 21:12:34 -0500 nova (2012.1~e1-0ubuntu1) precise; urgency=low * New upstream release. * debian/control: Dropped python-feedparser until MIR comes through. * Synced with upstream bzr packaging. -- Chuck Short Fri, 11 Nov 2011 09:25:25 -0500 nova (2012.1~e1~20111020.11229-0ubuntu1) precise; urgency=low * New upstream release. * Dropped patches, already applied upstream: - debian/patches/backport-iscsitarget-choice.patch - debian/patches/backport-libvirt-console-pipe.patch - debian/patches/backport-lxc-container-console-fix.patch - debian/patches/backport-recreate-gateway-using-dhcp.patch - debian/patches/backport-snapshot-cleanup.patch - debian/patches/block-migration-needs-copy-backingfile.patch - debian/patches/fix-iscsi-target-path.patch - debian/patches/fix-lp838581-removed-db_pool-complexities.patch - debian/patches/fix-lp863305-images-permission.patch - debian/patches/fqdn-in-local-hostname-of-ec2-metadata.patch - debian/patches/use-netcat-instead-of-socat.patc * debian/control: - Add python-feedparser as a build dependency. - Bump standards version to 3.9.2 - Point to the essex branch. * debian/patches/nova-manage_flagfile_location.patch: Update patch to take in account of devstack (LP: #870405) -- Chuck Short Fri, 21 Oct 2011 14:37:26 -0400 nova (2012.1~e1~20110909.1546-0ubuntu0) UNRELEASED; urgency=low [ Dan Prince ] * Fix dnsmasq line in nova_sudoers. * Update ajaxterm patch to work with latest nova code. [ Monty Taylor ] * Added python-feedparser to build-deps. * Added branching logic to allow for building on lucid. * Indicate depend on pastedeploy 1.5.0, since it's required. [ Tushar Patil ] * Added iputils-arping to Depends and arping to sudoers [Chuck Short] * Merged ubuntu packaging changes: - debian/control: Drop socat in favor of netcat. - debian/nova-compute.upstart.in, debian/nova.conf: Move reference of nova-compute.conf from nova.conf to nova-compute's argv. - debian/nova-common.postinst: Create 'nova' group, add user to it. - debian/nova-common.postinst: Restrict permissions of /var/log/nova * Updated debian/patches/packaged-ajaxterm-calls.patch to fix FTBFS. * Updated debian/patches/nova-manage_flagfile_location.patch * debian/nova-api.install, debian/rules: Use etc/nova/api-paste.ini. * debian/nova_sudoers: Clean up sudoers. * debian/control: Add dependencies. [ Mark Washenberger ] * Add support for nova-console package. -- Monty Taylor Fri, 30 Sep 2011 09:33:16 -0700 nova (2011.3-0ubuntu6.1) oneiric-proposed; urgency=low [Scott Moser] * Removed db_pool complexities from nova.db.sqlalchemy.session (LP: #838581) [Chuck Short] * debian/patches/fix-iscsi-target-path.patch: Fix ISCSI target path patch. (LP: #871278) * debian/control: Either install xen-hypervisor-4.1-amd64 or xen-hypervisor-4.1-i386 for nova-compute-xen. (LP: #873243) -- Chuck Short Wed, 12 Oct 2011 14:33:25 -0400 nova (2011.3-0ubuntu6) oneiric; urgency=low * debian/patches/backport-libvirt-console-pipe.patch: - Patch updated to fix race on instance termination (LP: #868349) -- Robie Basak Wed, 05 Oct 2011 17:37:49 +0100 nova (2011.3-0ubuntu5) oneiric; urgency=low * debian/nova-common.postinst: - Set permissions recursively on /var/lib/nova to nova:nova for new installations (LP: #865169). * debian/patches/backport-libvirt-console-pipe.patch: - Patch updated to use correct patchset from upstream - incorrect version was uploaded in -0ubuntu4 (LP: #832507). -- James Page Tue, 04 Oct 2011 09:43:55 +0100 nova (2011.3-0ubuntu4) oneiric; urgency=low [James Page] * debian/nova-common.postinst: - Exclude mounted LXC rootfs filesystems within /var/lib/nova from user/group ownership changes (LP: #861260). - Ensure that primary group for 'nova' user is 'nova' so that files created by this user have the correct group ownership. [Adam Gandelman] * debian/nova-common.postinst: Restrict permissions of /var/log/nova (LP: #862816) [Ante Karamatic] * Add /usr/sbin/ietadm to sudoers (LP: #861547) * debian/control: Fix typo in Vcs-Bzr [Chuck Short] * debian/patches/backport-libvirt-console-pipe.patch: Move console.log to a ringbuffer so that the console.log keeps filling up. (LP: #832507) * debian/patches/backport-lxc-container-console-fix.patch: Make euca-get-console-output usable for LXC containers. (LP: #832159) * debian/patches/backport-snapshot-cleanup.patch: Enforce snapshot cleanup. (LP: #861582). * debian/patches/fix-lp863305-images-permission.patch: Fix image access control. (LP: #863305) -- Chuck Short Fri, 30 Sep 2011 15:21:56 -0400 nova (2011.3-0ubuntu3) oneiric; urgency=low [Adam Gandelman] * debian/nova-common.postinst: Create 'nova' group, add user to it (LP: #856530) * debian/nova.conf, debian/nova-compute.upstart.in: Move reference of nova-compute.conf from nova.conf to nova-compute's argv. (LP: #839796) [Chuck Short] * debian/patches/backport-recreate-gateway-using-dhcp.patch: Makes sure to recreate gateway for moved ip. (LP: #859587) * debian/control: Update Vcs info. [ Scott Moser ] * debian/patches/fqdn-in-local-hostname-of-ec2-metadata.patch Make the 'local-hostname' in the EC2 Metadata service contain the domainname also. (LP: #854614) -- Chuck Short Tue, 27 Sep 2011 14:56:59 -0400 nova (2011.3-0ubuntu2) oneiric; urgency=low [Chuck Short] * debian/rules, debian/control: Use dh_python2 * debian/control, debian/series, debian/patches/backport-iscsitarget-choice.patch, debian/nova_sudoers: + Change the default from iscsitarget to tgt. * debian/control, debian/series, debian/patches/use-netcat-instead-of-socat.patch, debian/nova_sudoers: + Change from socat to netcat. * debian/patches/block-migration-needs-copy-backingfile.patch: Fix block migration by needing to copy backing_file. [Monty Taylor] * Install a new paste config to enable deprecated auth., -- Chuck Short Fri, 23 Sep 2011 13:34:51 -0400 nova (2011.3-0ubuntu1) oneiric; urgency=low [Chuck Short] * New upstream release. * debian/control, debian/nova_sudoers: + Add iputils-arping and add /usr/bin/apring. * debian/nova_sudoers: Clean up missing binaries. [Monty Taylor] * debian/control: + Add vlan to nova-compute -- Chuck Short Thu, 22 Sep 2011 09:33:49 -0400 nova (2011.3~rc~20110920.r1192-0ubuntu2) oneiric; urgency=low * debian/nova_sudoers: + Fix typo in nova_sudoers. + Tabs vs Spaces. * debian/nova.conf: + Use force_dhcp_release. -- Chuck Short Tue, 20 Sep 2011 15:44:39 -0400 nova (2011.3~rc~20110920.r1192-0ubuntu1) oneiric; urgency=low [Chuck Short] * New Upstream release. [ Monty Taylor ] * Add branching logic for building on lucid. [Vish Ishaya] * Add dnsmas-utils to nova-network dependencies * Add dhcp_release to sudoers. -- Chuck Short Tue, 20 Sep 2011 10:02:04 -0400 nova (2011.3~rc~20110916.r1173-0ubuntu1) oneiric; urgency=low [ Chuck Short ] * New uptream version. * debian/rules: Dont fail tests. [ Monty Taylor ] * Add branching logic for building on lucid. * Add vlan as a depend for nova-compute. -- Monty Taylor Wed, 21 Sep 2011 17:49:43 -0400 nova (2011.3~rc~20110909.r1155-0ubuntu1) oneiric; urgency=low * New upstream version. -- Chuck Short Fri, 09 Sep 2011 15:09:02 -0400 nova (2011.3~rc~20110901.1523-0ubuntu1) oneiric; urgency=low [ Chuck Short ] * Really remove python-ipy. * New upstream release. * Use "--use_deprecated_auth" by default because we dont support kestone yet. (LP: #838768) [ James E. Blair ] * Add python-unittest2 as a build dep. [ Dave Walker (Daviey) ] * debian/control: Added python-kombu as a build and run depends. - LP: #798876 [ Scott Moser ] * add dependency on qemu-kvm to nova-compute (LP: #833530) -- Chuck Short Fri, 02 Sep 2011 13:21:22 -0400 nova (2011.3~d4-0ubuntu1) oneiric; urgency=low [Chuck Short] * New upstream release. [Thierry Carrez] * No longer run nova-objectstore as root (LP: #820968) -- Chuck Short Fri, 26 Aug 2011 13:31:14 -0400 nova (2011.3~d4~20110812.1417-0ubuntu1) oneiric; urgency=low [Chuck Short] * New upstream version * Dont respawn the upstart jobs if nova is failing. * Remove python-ipy. [ Dan Prince ] * Updated the ajaxterm patch to work with latest nova code (privsep) * Added python-lxml to python-nova build-deps. [ Thomas Goirand ] * Add copyright info for ipv6 class for boto. [ Soren Hansen ] * Add parted to sudoers file. * Add Depends: python-simplejson and Conflicts: python-cjson due to bug #800465 which caused the test suite to fail. * Remove nova-instancemonitor package (dropped upstream). * Remove twisted dependency (dropped upstream). * Create nova-compute-{kvm,lxc,uml,xen} packages that pull in the right packages and configures nova to use the hypervisor in question. [ Thierry Carrez (ttx) ] * Added python-xattr to build deps, apprently this is now needed * Removed python-xattr from build deps, now that python-glance properly depends on it * Added radvd to nova_sudoers file (LP: #758072) * Make nova.conf non-world-readable, as it may contain DB passwords (LP: #798878) [ Brian Waldon ] * Remove nova-instancemonitor man page stub. * Remove nova-instancemonitor from apport hook. [ Monty Taylor ] * Added python-lxml to build-deps. [ Scott Moser ] * use trailing '/' on all usages of chown to support the case where the directory is a symlink -- Chuck Short Fri, 12 Aug 2011 03:12:38 -0400 nova (2011.3~d1-0ubuntu1) oneiric; urgency=low [Chuck Short] * New upstream version. [Soren Hansen] * libvirt plugin was refactored. Adjust ajaxterm patch accordingly. * Add /sbin/brctl to sudoers (it moved from /usr/sbin to /sbin in Oneiric). * Add dependencies on dnsmasq-base and bridge-utils to nova-network. (LP: #790661) -- Chuck Short Thu, 02 Jun 2011 09:30:39 -0400 nova (2011.3~bzr1108-0ubuntu1) oneiric; urgency=low [ Thomas Goirand ] * Removes embedded jquery.js from nova-doc package. * Added some manpages stubs to make package lintian clean. * Adds a nova-volume.default where the admin can decide what VG to use. * debian/nova-objectstore.logrotate working in Debian. * Do not have debian/*.upstart files in Debian. Using debian/*.upstart.in and copying them as .upstart only if building in Ubuntu. * Nova init files reviewed so that they are working in Debian. * Initscripts of nova-compute now has a Should-Start: libvirt-bin * nova-compute.postinst working with libvirt group in Debian. * Reviewed the package descriptions. * Reviewed some dependencies in debian/control (added some adduser and lsb-base depends). * Added missing binary Depends: (nova-manage must depends on python-amqplib unless failing puiparts tests, nova-compute is pretty usless without qemu-utils) * Removes .gitignore files from binaries. * Don't package nova-manage.1 man page if we aren't building docs. * Packages correctly: nova-manage.1 and not novamanage.1 !!! [ Soren Hansen ] * Bump required version of libvirt-bin on Ubuntu to 0.8.8. * Drop the last of the AOE dependencies. iSCSI is the default nowadays. * Make the decision about the name of the libvirt group at build time rather than runtime. (LP: #781716) [ Vishvananda Ishaya ] * Add dd to the sudo cmd list. * Add a nova-vncproxy package. -- Soren Hansen Wed, 25 May 2011 15:57:03 +0200 nova (2011.2-0ubuntu1) natty; urgency=low * New upstream release. -- Chuck Short Fri, 15 Apr 2011 07:14:43 -0400 nova (2011.2~gamma1-0ubuntu1) natty; urgency=low [Chuck Short] * New upstream release. * debian/nova-doc.docs: Adjust directory to the right docs path. [Soren Hansen] * Refresh nova-manage-flags patch. * Adjust call to ajaxterm to work with the packaged ajaxterm instead of the one we ship in the tarball. * Remove all traces of the adminclient package. It moved to its own tarball. There are no known consumers, so this should not be a problem. * Remove build-dependency on python-suds again. * setup.py now takes care of installing the CA code, so yank those bits from debian/nova-common.install. * setup.py now places api-paste.ini correctly, so stop working around it. -- Chuck Short Fri, 08 Apr 2011 10:49:10 -0400 nova (2011.2~bzr925-0ubuntu1) natty; urgency=low [Chuck Short] * New upstream release. [Soren Hansen] * Make the build fail if the test suite does. The test that used to fail on the buildd's has been complete rewritten. (LP: #712481) * Specify that we need Sphinx > 1.0 to build. * Remove refresh_bzr_branches target from debian/rules. It is not used anymore. * Clean up after doc builds on debian/rules clean. * Add a nova-ajax-console-proxy package. * Add Recommends: ajaxterm to nova-compute, so that nova-ajax-console- proxy will have something to connect to. * Stop depending on aoetools. iscsi is the default nowadays (and has been for a while). * Move dependency on open-iscsi from nova-volume to nova-compute. They're client tools, so that's where they belong. * Add a build-depends on python-suds. * Add logrote config for nova-ajax-console-proxy. * Add upstart job for nova-ajax-console-proxy. -- Chuck Short Thu, 31 Mar 2011 11:25:10 -0400 nova (2011.2~bzr828-0ubuntu1) natty; urgency=low * New upstream version. * debian/control: Add python-lockfile as a build dependency. -- Chuck Short Fri, 18 Mar 2011 09:28:17 -0400 nova (2011.2~bzr786-0ubuntu1) natty; urgency=low [Chuck Short] * New upstream version. [ Thierry Carrez (ttx) ] * nova-api.conf was renamed api-paste.ini (LP: #705453) [ Soren Hansen ] * Start on filesystem event rather than local-filesystems. * Weed out a *lot* of out-dated information from debian/control. * Create /var/lock/nova in upstart jobs and set lock_path in the flagfile. * Add dependency on python-novaclient. -- Chuck Short Fri, 11 Mar 2011 09:41:45 -0500 nova (2011.2~bzr760-0ubuntu1) natty; urgency=low [Chuck Short] * New upstream version. * Fix up typos in debian/control. (LP: #721414) [ Thierry Carrez (ttx) ] * Add python-distutils-extra as build-dep (for i18n) * Ship .mo files in /usr/share/locale * Add lvdisplay to nova_sudoers, clean up dupe entries [ Soren Hansen ] * Always run "nova-manage db sync" from postinst, unless an explicit sql_connection has been set in nova.conf. (LP: #705758) -- Chuck Short Fri, 04 Mar 2011 10:19:52 -0500 nova (2011.2~bzr700-0ubuntu1) natty; urgency=low [ Chuck Short ] * New upstream version. [ Soren Hansen ] * Rely on --logdir to find and use the correct logfile. * Remove the postrotate magic for all but nova-objectstore. It is not needed anymore due to using RotatingFileHandler for logging. [ Thierry Carrez ] * Ship adminclient in a separate package. -- Chuck Short Fri, 18 Feb 2011 09:36:22 -0500 nova (2011.2~bzr663-0ubuntu1) natty; urgency=low [ Chuck Short ] * New upstream verison. * Add python-paramiko to debian/control. [Soren Hansen] * Honour nocheck and nodocs in DEB_BUILD_OPTIONS. * Add /sbin/route to sudoers file. -- Chuck Short Fri, 11 Feb 2011 10:27:54 -0500 nova (2011.1-0ubuntu2) natty; urgency=low * Dont fail unittest because of buildd problems. -- Chuck Short Thu, 03 Feb 2011 07:26:54 -0500 nova (2011.1-0ubuntu1) natty; urgency=low * New upstream release. * Add recommends to python-mysqldb (LP: #708511) * Add dependency of iscsitarget to nova-volume and a sugestion to use sheepdog (LP: #708141) * Suggest radvd for those who want to try ipv6. -- Chuck Short Thu, 03 Feb 2011 07:00:52 -0500 nova (2011.1~bzr638-0ubuntu1) natty; urgency=low * New upstream snapshot. -- Chuck Short Fri, 28 Jan 2011 13:41:00 -0500 nova (2011.1~bzr597-0ubuntu1) natty; urgency=low [ Chuck Short ] * New upstream snapshot. * Add socat, iscsiadm, and vgs to nova_sudoers. * Add aoetools, open-iscsi to dependencies for nova-volume. * Add socat to dependencies for nova-network. * Add python-paste and python-pastedeploy as build dependency. * Add python-tempita and python-migrate as build dependency. [ Soren Hansen ] * Add dependency on sudo. * Add upstart jobs for everything. * Adjust test run for nosetests newness. * Quiet nova-compute's postinst script. * Change the dependency on sqlalchemy to ensure the C extension gets installed for versions of the package where that was split out. * Don't chgrp anything to the 'nogroup' group. The whole idea of the nogroup group is that it doesn't own anything, so only being a member of that shouldn't grant you access to anything. Making dirs and files owned by nogroup messes this up. * Update nova-manage patch. * Add iptables-{restore,save} to sudoers file. * Create a logrotate config for each daemon. Make them restart the service after rotation. * Drop python-redis dependency. * Change python compatibility from "2.6" to "2.6-" * Add launchpad page to watch file. * Set Python-Version control fields for python-nova. * Add ip6tables-{save,restore} to sudoers file. (LP: #704458) * Add python-glance dependency. * Include paste config for nova-api. * Initialise database on initial install. [ Rick Clark ] * Add dependency on python-cheetah * Added iscsi target admin tool to sudoers file. * Specified log for nova-objectstore. * Set verbose logging in nova.conf. [ Monty Taylor ] * Add dependency on python-netaddr [ Thierry Carrez (ttx) ] * Added qemu-nbd to nova_sudoers * Added modprobe nbd to nova-compute upstart script -- Thierry Carrez (ttx) Mon, 24 Jan 2011 14:32:19 +0100 nova (2011.1~bzr456-0ubuntu1) natty; urgency=low [ Chuck Short ] * New upstream snapshot. * debian/source_nova.py: Add apport hook. [ Soren Hansen ] * Removed logdir.patch. Merged upstream. * Drop flagfile_location.patch: Merged upstream. * Use new --state_path flag and weed out the many direct references to /var/lib/nova. * Leave it to upstream's 'setup.py install' to install templates. Remove explicit paths from nova.conf. -- Chuck Short Mon, 13 Dec 2010 10:17:01 -0500 nova (2011.1~bzr412-0ubuntu1) natty; urgency=low [ Soren Hansen ] * New upstream snapshot. * Added the new tarballs page to debian/watch. * Clean out patch-branches (everything is upstream now). * Remove redis-server as a build-depends and don't start it for tests anymore. * Add missing dependency on python-webob. * Force a python-support run (so avoid deferring it until dpkg triggers run). (LP: #660428) * Remove build and runtime dependencies on python-tornado. It's not needed anymore. * logdir.patch: Add a --logdir option to workers so that they can all use the same flagfile. (lp:~soren/nova/logdir-flag) * Consolidate all the flagfiles into one. * flagfile_location.patch: Patch from upstream to ensure all workers have a consistent way of finding their flagfile. (lp:~soren/nova/unify-default-flagfile-location) * nova-manage_flagfile_location.patch: Make sure nova-manage uses /etc/nova/nova.conf by default. * Add build and runtime dependency on openssl. It used to be pulled in by python-tornado, but is actually used directly by nova. [ Chuck Short ] * debian/control: - Add dependency to python-rrdtool so that nova-instancemonitor doesnt complain about missing python modules when starting. * debian/nova-common.install: Add missing templates. * debian/nova-*.conf: Update flagfiles to handle upstream changes. * Dropped start-redis since we dont do redis anymore. -- Soren Hansen Tue, 23 Nov 2010 11:17:09 +0100 nova (0.9.1~bzr331-0ubuntu2) maverick; urgency=low * Add a minimal patch to ensure a string gets returned as an instance's internal ID. (LP: #657053) -- Soren Hansen Fri, 08 Oct 2010 23:16:58 +0200 nova (0.9.1~bzr331-0ubuntu1) maverick; urgency=low [ Soren Hansen ] * New upstream snapshot (FFe ref: LP #645936) * Add SQLAlchemy dependency. * Specify that we want sqlite and we want it in /var/lib/nova/nova.sqlite. * Move "adduser nova libvirtd" to nova-compute.postinst. * Add python-eventlet and python-routes dependencies. * Make /bin/true our error handler for init scripts. * Install nova-api-new as nova-api. * Add nova-scheduler package. * Add /bin/kill to sudoers. * Make sure nova_sudoers has the correct mode, otherwise sudo gets very upset. * Add ebtables and gawk dependencies for nwfilter stuff to work. [ Chuck Short ] * Add dependency on lvm2 for nova-volume. * Add lvm commands to sudoers list. -- Soren Hansen Tue, 21 Sep 2010 16:36:37 +0200 nova (0.9.1~bzr265-0ubuntu1) maverick; urgency=low * New upstream snapshot (FFe: LP: #628027) * Install uml libvirt xml file. * Add adduser as a dependency of nova-common so that we can create a nova user. * Create a nova user on install. * Create a separate tmpdir for nova, so that we can limit calls to chmod/chown to dirs and files in that directory. * Add nova-network package. * Add a sudoers file for nova, so that we don't have to run as root anymore. * Fix all init scripts to run their respective daemons as nova. * Update nova-compute flag file to account for moved libvirt templates. * Make all init scripts create /var/run/nova. * Move all pidfiles into /var/run/nova. * Make all daemons create a log file in /var/log/nova. * Respect DEB_BUILD_OPTIONS=nocheck. * Add a logrotate config file. -- Soren Hansen Tue, 07 Sep 2010 13:12:10 +0200 nova (0.9.1~bzr204-0ubuntu2) maverick; urgency=low * Make sure debian/start-redis is executable. -- Soren Hansen Sat, 07 Aug 2010 11:38:30 +0200 nova (0.9.1~bzr204-0ubuntu1) maverick; urgency=low * First OpenStack release. -- Soren Hansen Wed, 04 Aug 2010 13:27:50 +0200 debian/nova-common.dirs0000664000000000000000000000041712764501734012317 0ustar etc/nova etc/nova/rootwrap.d var/lib/nova/buckets var/lib/nova/CA var/lib/nova/CA/INTER var/lib/nova/CA/newcerts var/lib/nova/CA/private var/lib/nova/CA/reqs var/lib/nova/images var/lib/nova/instances var/lib/nova/keys var/lib/nova/networks var/lib/nova/tmp var/log/nova debian/nova-doc.docs0000664000000000000000000000001712764501734011557 0ustar doc/build/html debian/nova-xvpvncproxy.install0000664000000000000000000000003112764501734014152 0ustar usr/bin/nova-xvpvncproxy debian/nova-api-metadata.install0000664000000000000000000000010312764501734014053 0ustar etc/nova/rootwrap.d/api-metadata.filters usr/bin/nova-api-metadata debian/nova-api-ec2.manpages0000664000000000000000000000003512764501734013075 0ustar doc/build/man/nova-api-ec2.1 debian/nova-consoleauth.manpages0000664000000000000000000000004112764501734014176 0ustar doc/build/man/nova-consoleauth.1 debian/nova-network.logrotate0000664000000000000000000000015112764501734013552 0ustar /var/log/nova/nova-network.log { daily missingok compress delaycompress notifempty } debian/nova-baremetal.logrotate0000664000000000000000000000015312764501734014017 0ustar /var/log/nova/nova-baremetal.log { daily missingok compress delaycompress notifempty } debian/nova-consoleauth.install0000664000000000000000000000003112764501734014050 0ustar usr/bin/nova-consoleauth debian/nova-common.install0000664000000000000000000000034512764501734013024 0ustar debian/nova.conf etc/nova debian/nova_sudoers etc/sudoers.d etc/nova/api-paste.ini etc/nova etc/nova/policy.json etc/nova etc/nova/policy.json etc/nova etc/nova/rootwrap.conf etc/nova usr/bin/nova-manage usr/bin/nova-rootwrap debian/python-nova.install0000664000000000000000000000012712764501734013053 0ustar debian/source_nova.py /usr/share/apport/package-hooks/ usr/lib/python*/dist-packages/* debian/nova-cert.logrotate0000664000000000000000000000014612764501734013022 0ustar /var/log/nova/nova-cert.log { daily missingok compress delaycompress notifempty } debian/nova-api-ec2.install0000664000000000000000000000002512764501734012747 0ustar usr/bin/nova-api-ec2 debian/nova-consoleauth.upstart0000775000000000000000000000063412764501734014120 0ustar description "Nova Console" author "Vishvananda Ishaya " start on runlevel [2345] stop on runlevel [!2345] respawn chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova mkdir -p /var/lock/nova chown nova:root /var/lock/nova end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-consoleauth -- --config-file=/etc/nova/nova.conf debian/nova-scheduler.manpages0000664000000000000000000000003712764501734013635 0ustar doc/build/man/nova-scheduler.1 debian/source/0000775000000000000000000000000012764501734010501 5ustar debian/source/format0000664000000000000000000000001412764501734011707 0ustar 3.0 (quilt) debian/nova-doc.doc-base0000664000000000000000000000035112764501734012305 0ustar Document: nova-doc Title: Nova Documentation Author: OpenStack Abstract: Sphinx documentation for Nova Section: Network/File Transfer Format: HTML Index: /usr/share/doc/nova-doc/html/index.html Files: /usr/share/doc/nova-doc/html/* debian/nova-common.postinst0000664000000000000000000000504312764501734013241 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then if ! getent group nova > /dev/null 2>&1; then addgroup --system nova >/dev/null fi if ! getent passwd nova > /dev/null 2>&1; then adduser --system --home /var/lib/nova --ingroup nova --no-create-home --shell /bin/false nova fi if [ "$(id -gn nova)" = "nogroup" ]; then usermod -g nova nova fi if [ -z "$2" ]; then # New install - blanket permissions chown -R nova:nova /var/lib/nova/ elif dpkg --compare-versions "$2" lt "2011.3-0ubuntu4"; then # make sure that LXC rootfs mount points are excleuded # during upgrades from previous versions find /var/lib/nova/ -name 'rootfs' -prune -o \ -group root -a -user nova -exec chown nova:nova {} \; find /var/lib/nova/ -name 'rootfs' -prune -o \ -group nogroup -a -user nova -exec chown nova:nova {} \; elif dpkg --compare-versions "$2" lt "2012.2~f1~20120503.13935-0ubuntu1"; then # convert the root_helper to rootwrap_config sed -e "s,^root_helper=.\+,rootwrap_config=/etc/nova/rootwrap.conf," -i /etc/nova/nova.conf fi if [ "$(id -gn nova)" = "nogroup" ]; then usermod -g nova nova fi if dpkg --compare-versions "$2" lt "2012.1~e3-0ubuntu2"; then usermod -s "/bin/false" nova fi chown -R nova:nova /etc/nova chown -R nova:adm /var/log/nova if [ -z "$2" ]; then # New install - blanket permissions chown -R nova:nova /var/lib/nova/ elif dpkg --compare-versions "$2" lt "2011.3-0ubuntu4"; then # Make sure the LXC rootfs mount points are excluded # during upgrades from previous versions find /var/lib/nova/ -name 'rootfs' -prune -o \ -group root -a -user nova -exec chown nova:nova {} \; find /var/lib/nova/ -name 'rootfs' -prune -o \ -group nogroup -a -user nova -exec chown nova:nova {} \; fi chmod 0640 /etc/nova/nova.conf chmod 0640 /etc/nova/policy.json chmod 0640 /etc/nova/api-paste.ini chmod 0750 /etc/nova chmod 0750 /var/log/nova chown root:root /etc/nova/rootwrap.conf chown root:root /etc/nova/rootwrap.d chmod 0755 /etc/nova/rootwrap.d if ! grep -qE "^(sql_)?connection( )?=.*" /etc/nova/nova.conf || \ grep -qE "^(sql_)?connection.*sqlite.*" /etc/nova/nova.conf then su -s /bin/sh -c 'nova-manage db sync' nova fi if [ -e /var/lib/nova/nova.sqlite ] then chown nova:nova /var/lib/nova/nova.sqlite chmod 0640 /var/lib/nova/nova.sqlite fi fi #DEBHELPER# debian/nova-spiceproxy.install0000664000000000000000000000003512764501734013735 0ustar usr/bin/nova-spicehtml5proxy debian/compat0000664000000000000000000000000212764501734010377 0ustar 7 debian/nova-baremetal.install0000664000000000000000000000010312764501734013460 0ustar usr/bin/nova-baremetal-deploy-helper usr/bin/nova-baremetal-manage debian/nova-consoleauth.logrotate0000664000000000000000000000017612764501734014414 0ustar /var/log/nova/nova-consoleauth.log { daily copytruncate missingok compress delaycompress notifempty } debian/nova-compute.upstart0000775000000000000000000000325612764501734013253 0ustar # vim: set ft=upstart et ts=2: description "Nova compute worker" author "Soren Hansen " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run env MAX_STATUS_CHECK_RETRIES=20 pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ modprobe nbd # If libvirt-bin is installed, always wait for it to start first if status libvirt-bin; then start wait-for-state WAIT_FOR=libvirt-bin WAIT_STATE=running WAITER=nova-compute fi # If installed, wait for neutron-ovs-cleanup to complete prior to starting # nova-compute. if status neutron-ovs-cleanup; then # See LP #1471022 for explanation of why we do like this retries=$MAX_STATUS_CHECK_RETRIES delay=1 while true; do # Already running? s=`status neutron-ovs-cleanup` echo $s `echo $s| grep -qE "\sstart/running"` && break if retries=`expr $retries - 1`; then # Give it a push echo "Attempting to start neutron-ovs-cleanup" start neutron-ovs-cleanup || : # Wait a bit to avoid hammering ovs-cleanup (which itself may be waiting # on dependencies) echo "Recheck neutron-ovs-cleanup status in ${delay}s" sleep $delay if _=`expr $retries % 2`; then delay=`expr $delay + 2` fi else echo "Max retries ($MAX_STATUS_CHECK_RETRIES) reached - no longer waiting for neutron-ovs-cleanup to start" break fi done fi end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-compute -- --config-file=/etc/nova/nova.conf --config-file=/etc/nova/nova-compute.conf debian/nova-scheduler.upstart0000775000000000000000000000061412764501734013550 0ustar description "Nova scheduler" author "Soren Hansen " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-scheduler -- --config-file=/etc/nova/nova.conf debian/nova-compute.logrotate0000664000000000000000000000015112764501734013535 0ustar /var/log/nova/nova-compute.log { daily missingok compress delaycompress notifempty } debian/nova-conductor.logrotate0000664000000000000000000000015312764501734014063 0ustar /var/log/nova/nova-conductor.log { daily missingok compress delaycompress notifempty } debian/nova-compute-vmware.postinst0000664000000000000000000000022512764501734014721 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then chown nova:nova /etc/nova/nova-compute.conf chmod 0600 /etc/nova/nova-compute.conf fi #DEBHELPER# debian/nova-scheduler.install0000664000000000000000000000007012764501734013505 0ustar usr/bin/nova-clear-rabbit-queues usr/bin/nova-scheduler debian/nova-compute-qemu.conf0000664000000000000000000000011012764501734013422 0ustar [DEFAULT] compute_driver=libvirt.LibvirtDriver [libvirt] virt_type=qemu debian/patches/0000775000000000000000000000000013156270116010621 5ustar debian/patches/Clean-up-iSCSI-multipath-devices-in-Post-Live-Migrat.patch0000664000000000000000000001472012764501734023323 0ustar From 65e606faa159b4ff6124b60e9ba090833f93a48b Mon Sep 17 00:00:00 2001 From: Jeegn Chen Date: Fri, 15 Aug 2014 21:40:14 +0800 Subject: [PATCH 3/4] Clean up iSCSI multipath devices in Post Live Migration When a volume is attached to a VM in the source compute node through multipath, the related files in /dev/disk/by-path/ are like this stack@ubuntu-server12:~/devstack$ ls /dev/disk/by-path/*24 /dev/disk/by-path/ip-192.168.3.50:3260-iscsi-iqn.1992-04.com.emc:cx. fnm00124500890.a5-lun-24 /dev/disk/by-path/ip-192.168.4.51:3260-iscsi-iqn.1992-04.com.emc:cx. fnm00124500890.b4-lun-24 The information on its corresponding multipath device is like this stack@ubuntu-server12:~/devstack$ sudo multipath -l 3600601602ba034 00921130967724e411 3600601602ba03400921130967724e411 dm-3 DGC,VRAID size=1.0G features='1 queue_if_no_path' hwhandler='1 alua' wp=rw |-+- policy='round-robin 0' prio=-1 status=active | `- 19:0:0:24 sdl 8:176 active undef running `-+- policy='round-robin 0' prio=-1 status=enabled `- 18:0:0:24 sdj 8:144 active undef running But when the VM is migrated to the destination, the related information is like the following example since we CANNOT guarantee that all nodes are able to access the same iSCSI portals and the same target LUN number. And the information is used to overwrite connection_info in the DB before the post live migration logic is executed. stack@ubuntu-server13:~/devstack$ ls /dev/disk/by-path/*24 /dev/disk/by-path/ip-192.168.3.51:3260-iscsi-iqn.1992-04.com.emc:cx. fnm00124500890.b5-lun-100 /dev/disk/by-path/ip-192.168.4.51:3260-iscsi-iqn.1992-04.com.emc:cx. fnm00124500890.b4-lun-100 stack@ubuntu-server13:~/devstack$ sudo multipath -l 3600601602ba034 00921130967724e411 3600601602ba03400921130967724e411 dm-3 DGC,VRAID size=1.0G features='1 queue_if_no_path' hwhandler='1 alua' wp=rw |-+- policy='round-robin 0' prio=-1 status=active | `- 19:0:0:100 sdf 8:176 active undef running `-+- policy='round-robin 0' prio=-1 status=enabled `- 18:0:0:100 sdg 8:144 active undef running As a result, if post live migration in source side uses , and to find the devices to clean up, it may use 192.168.3.51, iqn.1992-04.com.emc:cx.fnm00124500890.a5 and 100. However, the correct one should be 192.168.3.50, iqn.1992-04.com.emc:cx. fnm00124500890.a5 and 24. Similar philosophy in (https://bugs.launchpad.net/nova/+bug/1327497) can be used to fix it: Leverage the unchanged multipath_id to find correct devices to delete. Conflicts: nova/tests/virt/libvirt/test_libvirt_volume.py NOTE(wolsen): Conflicts are due to additional tests not included in this cherry-pick. Change-Id: I875293c3ade9423caa2b8afe9eca25a74606d262 Closes-Bug: #1357368 (cherry picked from commit aa9104ccedb3ff13cc34a498b11f5e8ff100fd99) (cherry picked from commit 9c3ec16576e2f7c9d5aff6e4b620d708e6636568) --- nova/tests/virt/libvirt/test_libvirt_volume.py | 30 ++++++++++++++++++++++++++ nova/virt/libvirt/volume.py | 8 ++++++- 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/nova/tests/virt/libvirt/test_libvirt_volume.py b/nova/tests/virt/libvirt/test_libvirt_volume.py index e068c01..187061b 100644 --- a/nova/tests/virt/libvirt/test_libvirt_volume.py +++ b/nova/tests/virt/libvirt/test_libvirt_volume.py @@ -351,6 +351,36 @@ class LibvirtVolumeTestCase(test.NoDBTestCase): ['-f', 'fake-multipath-devname'], check_exit_code=[0, 1]) + def test_libvirt_iscsi_driver_multipath_id(self): + libvirt_driver = volume.LibvirtISCSIVolumeDriver(self.fake_conn) + libvirt_driver.use_multipath = True + self.stubs.Set(libvirt_driver, '_run_iscsiadm_bare', + lambda x, check_exit_code: ('',)) + self.stubs.Set(libvirt_driver, '_rescan_iscsi', lambda: None) + self.stubs.Set(libvirt_driver, '_get_host_device', lambda x: None) + self.stubs.Set(libvirt_driver, '_rescan_multipath', lambda: None) + fake_multipath_id = 'fake_multipath_id' + fake_multipath_device = '/dev/mapper/%s' % fake_multipath_id + self.stubs.Set(libvirt_driver, '_get_multipath_device_name', + lambda x: fake_multipath_device) + + def fake_disconnect_volume_multipath_iscsi(iscsi_properties, + multipath_device): + if fake_multipath_device != multipath_device: + raise Exception('Invalid multipath_device.') + + self.stubs.Set(libvirt_driver, '_disconnect_volume_multipath_iscsi', + fake_disconnect_volume_multipath_iscsi) + with mock.patch.object(os.path, 'exists', return_value=True): + vol = {'id': 1, 'name': self.name} + connection_info = self.iscsi_connection(vol, self.location, + self.iqn) + libvirt_driver.connect_volume(connection_info, + self.disk_info) + self.assertEqual(fake_multipath_id, + connection_info['data']['multipath_id']) + libvirt_driver.disconnect_volume(connection_info, "fake") + def iser_connection(self, volume, location, iqn): return { 'driver_volume_type': 'iser', diff --git a/nova/virt/libvirt/volume.py b/nova/virt/libvirt/volume.py index 8e18b0e..a2e6b14 100644 --- a/nova/virt/libvirt/volume.py +++ b/nova/virt/libvirt/volume.py @@ -350,6 +350,8 @@ class LibvirtISCSIVolumeDriver(LibvirtBaseVolumeDriver): if multipath_device is not None: host_device = multipath_device + connection_info['data']['multipath_id'] = \ + multipath_device.split('/')[-1] conf.source_type = "block" conf.source_path = host_device @@ -362,7 +364,11 @@ class LibvirtISCSIVolumeDriver(LibvirtBaseVolumeDriver): host_device = self._get_host_device(iscsi_properties) multipath_device = None if self.use_multipath: - multipath_device = self._get_multipath_device_name(host_device) + if 'multipath_id' in iscsi_properties: + multipath_device = ('/dev/mapper/%s' % + iscsi_properties['multipath_id']) + else: + multipath_device = self._get_multipath_device_name(host_device) super(LibvirtISCSIVolumeDriver, self).disconnect_volume(connection_info, disk_dev) -- 1.9.1 debian/patches/CVE-2015-7548-3.patch0000664000000000000000000001662113156263133013420 0ustar Backport of: From d3573cca0764e853c1b0cead26cb65710919ee43 Mon Sep 17 00:00:00 2001 From: Matthew Booth Date: Fri, 11 Dec 2015 13:40:54 +0000 Subject: [PATCH] Fix backing file detection in libvirt live snapshot When doing a live snapshot, the libvirt driver creates an intermediate qcow2 file with the same backing file as the original disk. However, it calls qemu-img info without specifying the input format explicitly. An authenticated user can write data to a raw disk which will cause this code to misinterpret the disk as a qcow2 file with a user-specified backing file on the host, and return an arbitrary host file as the backing file. This bug does not appear to result in a data leak in this case, but this is hard to verify. It certainly results in corrupt output. (cherry picked from commit fec5b15911f7d4a927633875d042c6a94171b8ae) Conflicts: nova/tests/virt/libvirt/fake_libvirt_utils.py nova/tests/virt/libvirt/test_libvirt.py nova/virt/images.py nova/virt/libvirt/driver.py Resolves: rhbz 1295730 Resolves: rhbz 1295729 Closes-Bug: #1524274 Change-Id: I11485f077d28f4e97529a691e55e3e3c0bea8872 Reviewed-on: https://code.engineering.redhat.com/gerrit/64915 Tested-by: RHOS Jenkins Reviewed-by: Matthew Booth --- nova/tests/virt/libvirt/fake_libvirt_utils.py | 6 +++++- nova/tests/virt/libvirt/test_libvirt.py | 3 +-- nova/virt/images.py | 8 +++++--- nova/virt/libvirt/driver.py | 16 ++++++++++------ nova/virt/libvirt/utils.py | 9 +++++---- 5 files changed, 26 insertions(+), 16 deletions(-) Index: nova-2014.1.5/nova/tests/virt/libvirt/fake_libvirt_utils.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/fake_libvirt_utils.py 2017-09-13 13:09:44.429692727 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/fake_libvirt_utils.py 2017-09-13 13:09:44.417692566 -0400 @@ -90,7 +90,11 @@ def create_cow_image(backing_file, path) pass -def get_disk_backing_file(path): +def get_disk_size(path, format=None): + return 0 + + +def get_disk_backing_file(path, format=None): return disk_backing_files.get(path, None) Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 13:09:44.429692727 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 13:09:44.421692620 -0400 @@ -7451,8 +7451,7 @@ class LibvirtConnTestCase(test.TestCase) unplug.side_effect = test.TestingException self.assertRaises(test.TestingException, conn.cleanup, 'ctxt', fake_inst, 'netinfo') - unplug.assert_called_once_with(fake_inst, 'netinfo', - ignore_errors=True) + unplug.assert_called_once_with(fake_inst, 'netinfo', ignore_errors=True) @mock.patch('os.path.exists', return_value=True) @mock.patch('tempfile.mkstemp') Index: nova-2014.1.5/nova/virt/images.py =================================================================== --- nova-2014.1.5.orig/nova/virt/images.py 2017-09-13 13:09:44.429692727 -0400 +++ nova-2014.1.5/nova/virt/images.py 2017-09-13 13:09:44.421692620 -0400 @@ -55,7 +55,7 @@ except Exception: 'vulnerability CVE-2015-5162.') -def qemu_img_info(path): +def qemu_img_info(path, format=None): """Return an object containing the parsed output from qemu-img info.""" # TODO(mikal): this code should not be referring to a libvirt specific # flag. @@ -63,6 +63,8 @@ def qemu_img_info(path): return imageutils.QemuImgInfo() cmd = ('env', 'LC_ALL=C', 'LANG=C', 'qemu-img', 'info', path) + if format is not None: + cmd = cmd + ('-f', format) if QEMU_IMG_LIMITS is not None: out, err = utils.execute(*cmd, prlimit=QEMU_IMG_LIMITS) else: Index: nova-2014.1.5/nova/virt/libvirt/driver.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/driver.py 2017-09-13 13:09:44.429692727 -0400 +++ nova-2014.1.5/nova/virt/libvirt/driver.py 2017-09-13 13:09:44.425692673 -0400 @@ -1593,7 +1593,7 @@ class LibvirtDriver(driver.ComputeDriver # NOTE(xqueralt): libvirt needs o+x in the temp directory os.chmod(tmpdir, 0o701) self._live_snapshot(virt_dom, disk_path, out_path, - image_format) + source_format, image_format, metadata) else: snapshot_backend.snapshot_extract(out_path, image_format) finally: @@ -1651,7 +1651,8 @@ class LibvirtDriver(driver.ComputeDriver else: return True - def _live_snapshot(self, domain, disk_path, out_path, image_format): + def _live_snapshot(self, domain, disk_path, out_path, + source_format, image_format, image_meta): """Snapshot an instance without downtime.""" # Save a copy of the domain's running XML file xml = domain.XMLDesc(0) @@ -1667,9 +1668,11 @@ class LibvirtDriver(driver.ComputeDriver # in QEMU 1.3. In order to do this, we need to create # a destination image with the original backing file # and matching size of the instance root disk. - src_disk_size = libvirt_utils.get_disk_size(disk_path) + src_disk_size = libvirt_utils.get_disk_size(disk_path, + format=source_format) src_back_path = libvirt_utils.get_disk_backing_file(disk_path, - basename=False) + format=source_format, + basename=False) disk_delta = out_path + '.delta' libvirt_utils.create_cow_image(src_back_path, disk_delta, src_disk_size) Index: nova-2014.1.5/nova/virt/libvirt/utils.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/utils.py 2017-09-13 13:09:44.429692727 -0400 +++ nova-2014.1.5/nova/virt/libvirt/utils.py 2017-09-13 13:09:44.425692673 -0400 @@ -457,24 +457,25 @@ def pick_disk_driver_name(hypervisor_ver return None -def get_disk_size(path): +def get_disk_size(path, format=None): """Get the (virtual) size of a disk image :param path: Path to the disk image + :param format: the on-disk format of path :returns: Size (in bytes) of the given disk image as it would be seen by a virtual machine. """ - size = images.qemu_img_info(path).virtual_size + size = images.qemu_img_info(path, format).virtual_size return int(size) -def get_disk_backing_file(path, basename=True): +def get_disk_backing_file(path, basename=True, format=None): """Get the backing file of a disk image :param path: Path to the disk image :returns: a path to the image's backing store """ - backing_file = images.qemu_img_info(path).backing_file + backing_file = images.qemu_img_info(path, format).backing_file if backing_file and basename: backing_file = os.path.basename(backing_file) debian/patches/CVE-2015-7548-1.patch0000664000000000000000000002715713156262740013427 0ustar Backport of: From 2cd7f611200021c1089f3258a16014be18eb7da9 Mon Sep 17 00:00:00 2001 From: Matthew Booth Date: Wed, 9 Dec 2015 15:36:32 +0000 Subject: [PATCH] Fix format detection in libvirt snapshot The libvirt driver was using automatic format detection during snapshot for disks stored on the local filesystem. This opened an exploit if nova was configured to use local file storage, and additionally to store those files in raw format by specifying use_cow_images = False in nova.conf. An authenticated user could write a qcow2 header to their guest image with a backing file on the host. libvirt.utils.get_disk_type() would then misdetect the type of this image as qcow2 and pass this to the Qcow2 image backend, whose snapshot_extract method interprets the image as qcow2 and writes the backing file to glance. The authenticated user can then download the host file from glance. This patch makes 2 principal changes. libvirt.utils.get_disk_type, which ought to be removed entirely as soon as possible, is updated to no longer do format detection if the format can't be determined from the path. Its name is changed to get_disk_type_from_path to reflect its actual function. libvirt.utils.find_disk is updated to return both the path and format of the root disk, rather than just the path. This is the most reliable source of this information, as it reflects the actual format in use. The previous format detection function of get_disk_type is replaced by the format taken from libvirt. We replace a call to get_disk_type in _rebase_with_qemu_img with an explicit call to qemu_img_info, as the other behaviour of get_disk_type was not relevant in this context. qemu_img_info is safe from the backing file exploit when called on a file known to be a qcow2 image. As the file in this context is a volume snapshot, this is a safe use. (cherry picked from commit f228834204fd8bdcf62f67e00c49edf63662a7dd) Conflicts: nova/tests/virt/libvirt/fake_libvirt_utils.py nova/tests/virt/libvirt/test_image_utils.py nova/virt/libvirt/driver.py Resolves: rhbz 1295730 Resolves: rhbz 1295729 Partial-Bug: #1524274 Change-Id: I94c1c0d26215c061f71c3f95e1a6bf3a58fa19ea Reviewed-on: https://code.engineering.redhat.com/gerrit/64913 Tested-by: RHOS Jenkins Reviewed-by: Matthew Booth --- nova/tests/virt/libvirt/fake_libvirt_utils.py | 11 ++++++++-- nova/tests/virt/libvirt/test_image_utils.py | 29 ++++++--------------------- nova/tests/virt/libvirt/test_libvirt_utils.py | 19 +++--------------- nova/virt/libvirt/driver.py | 25 +++++++++++++++++------ nova/virt/libvirt/utils.py | 26 +++++++++++++++++++----- 5 files changed, 58 insertions(+), 52 deletions(-) Index: nova-2014.1.5/nova/tests/virt/libvirt/fake_libvirt_utils.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/fake_libvirt_utils.py 2017-09-13 13:05:46.310514860 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/fake_libvirt_utils.py 2017-09-13 13:05:46.306514807 -0400 @@ -94,7 +94,9 @@ def get_disk_backing_file(path): return disk_backing_files.get(path, None) -def get_disk_type(path): +def get_disk_type_from_path(path): + if disk_type in ('raw', 'qcow2'): + return None return disk_type @@ -156,7 +158,12 @@ def file_open(path, mode=None): def find_disk(virt_dom): - return "filename" + if disk_type == 'lvm': + return ("/dev/nova-vg/lv", "raw") + elif disk_type in ['raw', 'qcow2']: + return ("filename", disk_type) + else: + return ("unknown_type_disk", None) def load_file(path): Index: nova-2014.1.5/nova/tests/virt/libvirt/test_image_utils.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_image_utils.py 2017-09-13 13:05:46.310514860 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_image_utils.py 2017-09-13 13:06:58.099472963 -0400 @@ -22,40 +22,21 @@ from nova.virt.libvirt import utils as l class ImageUtilsTestCase(test.NoDBTestCase): - def test_disk_type(self): + def test_disk_type_from_path(self): # Seems like lvm detection # if its in /dev ?? for p in ['/dev/b', '/dev/blah/blah']: - d_type = libvirt_utils.get_disk_type(p) + d_type = libvirt_utils.get_disk_type_from_path(p) self.assertEqual('lvm', d_type) # Try rbd detection - d_type = libvirt_utils.get_disk_type('rbd:pool/instance') + d_type = libvirt_utils.get_disk_type_from_path('rbd:pool/instance') self.assertEqual('rbd', d_type) # Try the other types - template_output = """image: %(path)s -file format: %(format)s -virtual size: 64M (67108864 bytes) -cluster_size: 65536 -disk size: 96K -""" path = '/myhome/disk.config' - for f in ['raw', 'qcow2']: - output = template_output % ({ - 'format': f, - 'path': path, - }) - self.mox.StubOutWithMock(os.path, 'exists') - self.mox.StubOutWithMock(utils, 'execute') - os.path.exists(path).AndReturn(True) - utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path, - prlimit=images.QEMU_IMG_LIMITS).AndReturn((output, '')) - self.mox.ReplayAll() - d_type = libvirt_utils.get_disk_type(path) - self.assertEqual(f, d_type) - self.mox.UnsetStubs() + d_type = libvirt_utils.get_disk_type_from_path(path) + self.assertIsNone(d_type) def test_disk_backing(self): path = '/myhome/disk.config' Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt_utils.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt_utils.py 2017-09-13 13:05:46.310514860 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt_utils.py 2017-09-13 13:07:24.239821827 -0400 @@ -29,24 +29,10 @@ CONF = cfg.CONF class LibvirtUtilsTestCase(test.NoDBTestCase): - def test_get_disk_type(self): + def test_get_disk_type_from_path(self): path = "disk.config" - example_output = """image: disk.config -file format: raw -virtual size: 64M (67108864 bytes) -cluster_size: 65536 -disk size: 96K -blah BLAH: bb -""" - self.mox.StubOutWithMock(os.path, 'exists') - self.mox.StubOutWithMock(utils, 'execute') - os.path.exists(path).AndReturn(True) - utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path, - prlimit=images.QEMU_IMG_LIMITS).AndReturn((example_output, '')) - self.mox.ReplayAll() - disk_type = libvirt_utils.get_disk_type(path) - self.assertEqual(disk_type, 'raw') + disk_type = libvirt_utils.get_disk_type_from_path(path) + self.assertIsNone(disk_type) def test_logical_volume_size(self): executes = [] Index: nova-2014.1.5/nova/virt/libvirt/driver.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/driver.py 2017-09-13 13:05:46.310514860 -0400 +++ nova-2014.1.5/nova/virt/libvirt/driver.py 2017-09-13 13:05:46.306514807 -0400 @@ -1505,10 +1505,23 @@ class LibvirtDriver(driver.ComputeDriver snapshot_image_service, snapshot_image_id = _image_service snapshot = snapshot_image_service.show(context, snapshot_image_id) - disk_path = libvirt_utils.find_disk(virt_dom) - source_format = libvirt_utils.get_disk_type(disk_path) + # source_format is an on-disk format + # source_type is a backend type + disk_path, source_format = libvirt_utils.find_disk(virt_dom) + source_type = libvirt_utils.get_disk_type_from_path(disk_path) + + # We won't have source_type for raw or qcow2 disks, because we can't + # determine that from the path. We should have it from the libvirt + # xml, though. + if source_type is None: + source_type = source_format + # For lxc instances we won't have it either from libvirt xml + # (because we just gave libvirt the mounted filesystem), or the path, + # so source_type is still going to be None. In this case, + # snapshot_backend is going to default to CONF.libvirt.images_type + # below, which is still safe. - image_format = CONF.libvirt.snapshot_image_format or source_format + image_format = CONF.libvirt.snapshot_image_format or source_type # NOTE(bfilippov): save lvm and rbd as raw if image_format == 'lvm' or image_format == 'rbd': @@ -1530,7 +1543,7 @@ class LibvirtDriver(driver.ComputeDriver if self.has_min_version(MIN_LIBVIRT_LIVESNAPSHOT_VERSION, MIN_QEMU_LIVESNAPSHOT_VERSION, REQ_HYPERVISOR_LIVESNAPSHOT) \ - and not source_format == "lvm" and not source_format == 'rbd': + and not source_type == "lvm" and not source_format == 'rbd': live_snapshot = True # Abort is an idempotent operation, so make sure any block # jobs which may have failed are ended. This operation also @@ -1561,7 +1574,7 @@ class LibvirtDriver(driver.ComputeDriver virt_dom.managedSave(0) snapshot_backend = self.image_backend.snapshot(disk_path, - image_type=source_format) + image_type=source_type) if live_snapshot: LOG.info(_("Beginning live snapshot process"), Index: nova-2014.1.5/nova/virt/libvirt/utils.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/utils.py 2017-09-13 13:05:46.310514860 -0400 +++ nova-2014.1.5/nova/virt/libvirt/utils.py 2017-09-13 13:05:46.310514860 -0400 @@ -604,13 +604,20 @@ def find_disk(virt_dom): """ xml_desc = virt_dom.XMLDesc(0) domain = etree.fromstring(xml_desc) + driver = None if CONF.libvirt.virt_type == 'lxc': - source = domain.find('devices/filesystem/source') + filesystem = domain.find('devices/filesystem') + driver = filesystem.find('driver') + + source = filesystem.find('source') disk_path = source.get('dir') disk_path = disk_path[0:disk_path.rfind('rootfs')] disk_path = os.path.join(disk_path, 'disk') else: - source = domain.find('devices/disk/source') + disk = domain.find('devices/disk') + driver = disk.find('driver') + + source = disk.find('source') disk_path = source.get('file') or source.get('dev') if not disk_path and CONF.libvirt.images_type == 'rbd': disk_path = source.get('name') @@ -621,17 +628,26 @@ def find_disk(virt_dom): raise RuntimeError(_("Can't retrieve root device path " "from instance libvirt configuration")) - return disk_path + if driver is not None: + format = driver.get('type') + # This is a legacy quirk of libvirt/xen. Everything else should + # report the on-disk format in type. + if format == 'aio': + format = 'raw' + else: + format = None + return (disk_path, format) -def get_disk_type(path): +def get_disk_type_from_path(path): """Retrieve disk type (raw, qcow2, lvm) for given file.""" if path.startswith('/dev'): return 'lvm' elif path.startswith('rbd:'): return 'rbd' - return images.qemu_img_info(path).file_format + # We can't reliably determine the type from this path + return None def get_fs_info(path): debian/patches/skip_ipv6_test.patch0000664000000000000000000000106012764501734014617 0ustar Description: Skip trying to connect to ipv6 server. Author: Chuck Short Forwarded: no --- a/nova/tests/test_wsgi.py +++ b/nova/tests/test_wsgi.py @@ -224,7 +224,10 @@ class TestWSGIServerWithSSL(test.NoDBTes server.start() - response = urllib2.urlopen('https://[::1]:%d/' % server.port) + try: + response = urllib2.urlopen('https://[::1]:%d/' % server.port) + except: + self.skipTest('Skipped by Ubuntu') self.assertEqual(greetings, response.read()) server.stop() debian/patches/fix-requirements.patch0000664000000000000000000000071312764501734015161 0ustar Description: Disable websockify and set min version of six. Author: Corey Bryant Forwarded: Not needed. --- a/requirements.txt +++ b/requirements.txt @@ -25,9 +25,8 @@ python-neutronclient>=2.3.4,<2.3.11 python-glanceclient>=0.9.0,!=0.14.0,<=0.14.2 python-keystoneclient>=0.7.0,<0.12.0 -six>=1.6.0,<=1.9.0 +six>=1.5.2,<=1.9.0 stevedore>=0.14 -websockify>=0.5.1,<0.6 wsgiref>=0.1.2 oslo.config>=1.2.0,<1.5 oslo.rootwrap<1.4 debian/patches/CVE-2015-7713.patch0000664000000000000000000001325213155753517013260 0ustar From 6dfb9690b1c1d2a0836db48a735953a23a098470 Mon Sep 17 00:00:00 2001 From: Matt Riedemann Date: Wed, 9 Sep 2015 20:29:09 -0700 Subject: [PATCH] Don't expect meta attributes in object_compat that aren't in the db obj The object_compat decorator expects to get the Instance object with 'metadata' and 'system_metadata' attributes but if those aren't in the db instance dict object, Instance._from_db_object will fail with a KeyError. In Kilo this happens per refresh_instance_security_rules because in the compute API code, the instance passed to refresh_instance_security_rules comes from the call to get the security group(s) which joins on the instances column, but that doesn't join on the metadata/system_metadata fields for the instances. So when the instances get to object_compat in the compute manager and the db instance dict is converted to the Instance object, it expects fields that aren't in the dict and we get the KeyError. The refresh_instance_security_rules case is fixed in Liberty per commit 12fbe6f082ef9b70b89302e15daa12e851e507a7 - in that case the compute API passes Instance objects to the compute manager so object_compat doesn't have anything to do, _load_instance just sees instance_or_dict isn't a dict and ignores it. We're making this change since (1) it's an obviously wrong assumption in object_compat and should be fixed and (2) we need to backport this fix to stable/kilo since it's an upgrade impact for users there. Closes-Bug: #1484738 Resolves: rhbz#1272864 Upstream-Liberty: https://review.openstack.org/222022 Upstream-Kilo: https://review.openstack.org/222023 Upstream-Juno: https://review.openstack.org/222026 Conflicts: nova/tests/unit/compute/test_compute.py NOTE(mriedem): The conflict is due to the unit tests being moved in kilo, otherwise this is unchanged. Change-Id: I36a954c095a9aa35879200784dc18e35edf689e6 (cherry picked from commit 9369aab04e37b7818d49b00e65857be8b3564e9e) (cherry picked from commit 08d1153d3be9f8d59aa0acc03eedd45a1697ed7b) Reviewed-on: https://code.engineering.redhat.com/gerrit/61173 Reviewed-by: RHOS Jenkins Tested-by: RHOS Jenkins Reviewed-by: Lee Yarwood --- nova/compute/manager.py | 6 +++++- nova/tests/compute/test_compute.py | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) Index: nova-2014.1.5/nova/compute/manager.py =================================================================== --- nova-2014.1.5.orig/nova/compute/manager.py 2017-09-12 08:47:08.890464733 -0400 +++ nova-2014.1.5/nova/compute/manager.py 2017-09-12 08:47:08.882464635 -0400 @@ -397,6 +397,11 @@ def object_compat(function): def decorated_function(self, context, *args, **kwargs): def _load_instance(instance_or_dict): if isinstance(instance_or_dict, dict): + # try to get metadata and system_metadata for most cases but + # only attempt to load those if the db instance already has + # those fields joined + metas = [meta for meta in ('metadata', 'system_metadata') + if meta in instance_or_dict] instance = instance_obj.Instance._from_db_object( context, instance_obj.Instance(), instance_or_dict, expected_attrs=metas) @@ -404,7 +409,6 @@ def object_compat(function): return instance return instance_or_dict - metas = ['metadata', 'system_metadata'] try: kwargs['instance'] = _load_instance(kwargs['instance']) except KeyError: Index: nova-2014.1.5/nova/tests/compute/test_compute.py =================================================================== --- nova-2014.1.5.orig/nova/tests/compute/test_compute.py 2017-09-12 08:47:08.890464733 -0400 +++ nova-2014.1.5/nova/tests/compute/test_compute.py 2017-09-12 08:47:08.882464635 -0400 @@ -1203,6 +1203,24 @@ class ComputeTestCase(BaseTestCase): def test_fn(_self, context, instance): self.assertIsInstance(instance, instance_obj.Instance) self.assertEqual(instance.uuid, db_inst['uuid']) + self.assertEqual(instance.metadata, db_inst['metadata']) + self.assertEqual(instance.system_metadata, + db_inst['system_metadata']) + test_fn(None, self.context, instance=db_inst) + + def test_object_compat_no_metas(self): + # Tests that we don't try to set metadata/system_metadata on the + # instance object using fields that aren't in the db object. + db_inst = fake_instance.fake_db_instance() + db_inst.pop('metadata', None) + db_inst.pop('system_metadata', None) + + @compute_manager.object_compat + def test_fn(_self, context, instance): + self.assertIsInstance(instance, instance_obj.Instance) + self.assertEqual(instance.uuid, db_inst['uuid']) + self.assertNotIn('metadata', instance) + self.assertNotIn('system_metadata', instance) test_fn(None, self.context, instance=db_inst) def test_object_compat_more_positional_args(self): @@ -1212,6 +1230,9 @@ class ComputeTestCase(BaseTestCase): def test_fn(_self, context, instance, pos_arg_1, pos_arg_2): self.assertIsInstance(instance, instance_obj.Instance) self.assertEqual(instance.uuid, db_inst['uuid']) + self.assertEqual(instance.metadata, db_inst['metadata']) + self.assertEqual(instance.system_metadata, + db_inst['system_metadata']) self.assertEqual(pos_arg_1, 'fake_pos_arg1') self.assertEqual(pos_arg_2, 'fake_pos_arg2') debian/patches/Fix-live-migrations-usage-of-the-wrong-connector-inf.patch0000664000000000000000000001455012764501734023671 0ustar From 3ec5288e964a1eb187b016845738baeb4f03f81b Mon Sep 17 00:00:00 2001 From: Anthony Lee Date: Thu, 16 Jul 2015 13:02:00 -0700 Subject: [PATCH 1/4] Fix live-migrations usage of the wrong connector information During the post_live_migration step for the Nova libvirt driver an incorrect assumption is being made about the connector information being sent to _disconnect_volume. It is assumed that the connection information on the source and destination is the same but that is not always the case. The BDM, where the connector information is being retrieved from only contains the connection information for the destination. This will not work when trying to disconnect volumes from the source during live migration as the properties such as the target_lun and initiator_target_map could be different. This ends up leaving behind dangling LUNs and possibly removing the incorrect volume's LUNs. The solution proposed here utilizes the connection_info that can be retrieved for a host from Cinder's initialize_connection API. This connection information contains the correct data for the source host and allows volume LUNs to be removed properly. Conflicts: nova/tests/unit/virt/libvirt/test_driver.py NOTE(mriedem): The conflicts are due to the tests being moved in Kilo and 41f80226e0a1f73af76c7968617ebfda0aeb40b1 not being in stable/juno (renamed conn var to drvr in libvirt tests). NOTE(wolsen): The conflicts in icehouse are due to the driver invocation changing between icehouse and juno. Change-Id: I3dfb75eb58dfbc66b218bcee473af4c2ac282eb6 Closes-Bug: #1475411 Closes-Bug: #1288039 Closes-Bug: #1423772 (cherry picked from commit 587092c909e15e983f7aef31d7bc0862271a32c7) (cherry picked from commit 9d2abbd9ab60ca873650759feaba98b4d8d35566) Conflicts: nova/tests/virt/libvirt/test_libvirt.py --- nova/tests/virt/libvirt/test_libvirt.py | 31 +++++++++++++++++++++++++------ nova/virt/libvirt/driver.py | 18 +++++++++++++++++- 2 files changed, 42 insertions(+), 7 deletions(-) diff --git a/nova/tests/virt/libvirt/test_libvirt.py b/nova/tests/virt/libvirt/test_libvirt.py index ce9914d..096fb60 100644 --- a/nova/tests/virt/libvirt/test_libvirt.py +++ b/nova/tests/virt/libvirt/test_libvirt.py @@ -4496,10 +4496,22 @@ class LibvirtConnTestCase(test.TestCase): def test_post_live_migration(self): vol = {'block_device_mapping': [ - {'connection_info': 'dummy1', 'mount_device': '/dev/sda'}, - {'connection_info': 'dummy2', 'mount_device': '/dev/sdb'}]} + {'connection_info': { + 'data': {'multipath_id': 'dummy1'}, + 'serial': 'fake_serial1'}, + 'mount_device': '/dev/sda', + }, + {'connection_info': { + 'data': {}, + 'serial': 'fake_serial2'}, + 'mount_device': '/dev/sdb', }]} + + def fake_initialize_connection(context, volume_id, connector): + return {'data': {}} + conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) + fake_connector = {'host': 'fake'} inst_ref = {'id': 'foo'} cntx = context.get_admin_context() @@ -4507,17 +4519,24 @@ class LibvirtConnTestCase(test.TestCase): with contextlib.nested( mock.patch.object(driver, 'block_device_info_get_mapping', return_value=vol['block_device_mapping']), + mock.patch.object(conn, "get_volume_connector", + return_value=fake_connector), + mock.patch.object(conn._volume_api, "initialize_connection", + side_effect=fake_initialize_connection), mock.patch.object(conn, 'volume_driver_method') - ) as (block_device_info_get_mapping, volume_driver_method): + ) as (block_device_info_get_mapping, get_volume_connector, + initialize_connection, volume_driver_method): conn.post_live_migration(cntx, inst_ref, vol) block_device_info_get_mapping.assert_has_calls([ mock.call(vol)]) + get_volume_connector.assert_has_calls([ + mock.call(inst_ref)]) volume_driver_method.assert_has_calls([ mock.call('disconnect_volume', - v['connection_info'], - v['mount_device'].rpartition("/")[2]) - for v in vol['block_device_mapping']]) + {'data': {'multipath_id': 'dummy1'}}, 'sda'), + mock.call('disconnect_volume', + {'data': {}}, 'sdb')]) def test_get_instance_disk_info_excludes_volumes(self): # Test data diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py index f7fd824..95792fc 100644 --- a/nova/virt/libvirt/driver.py +++ b/nova/virt/libvirt/driver.py @@ -4735,8 +4735,24 @@ class LibvirtDriver(driver.ComputeDriver): # Disconnect from volume server block_device_mapping = driver.block_device_info_get_mapping( block_device_info) + connector = self.get_volume_connector(instance) + volume_api = self._volume_api for vol in block_device_mapping: - connection_info = vol['connection_info'] + # Retrieve connection info from Cinder's initialize_connection API. + # The info returned will be accurate for the source server. + volume_id = vol['connection_info']['serial'] + connection_info = volume_api.initialize_connection(context, + volume_id, + connector) + + # Pull out multipath_id from the bdm information. The + # multipath_id can be placed into the connection info + # because it is based off of the volume and will be the + # same on the source and destination hosts. + if 'multipath_id' in vol['connection_info']['data']: + multipath_id = vol['connection_info']['data']['multipath_id'] + connection_info['data']['multipath_id'] = multipath_id + disk_dev = vol['mount_device'].rpartition("/")[2] self.volume_driver_method('disconnect_volume', connection_info, -- 1.9.1 debian/patches/CVE-2016-2140-3.patch0000664000000000000000000000570313156263160013377 0ustar From a20a0e46b7841bb64e6bc17b9f0d255541739ea9 Mon Sep 17 00:00:00 2001 From: Lee Yarwood Date: Thu, 17 Mar 2016 16:36:08 +0000 Subject: [PATCH] libvirt: Decode disk_info before use The fix for OSSA 2016-007 / CVE-2016-2140 in f302bf04 assumed that disk_info is always a plain, decoded list. However prior to Liberty when preforming a live block migration the compute manager populates disk_info with an encoded JSON string when calling self.driver.get_instance_disk_info. In the live migration case without block migration disk_info is None. As a result we should always decode disk_info when a block migration is called for to ensure that we can iterate over the disks and rebuild the disk.info file. The following change removed the JSON encoding from get_instance_disk_info and other methods within the libvirt driver for Liberty. libvirt: Remove unnecessary JSON conversions https://review.openstack.org/#/c/177437/6 Closes-Bug: #1558697 Change-Id: Icfe1f23cc3af2d0166dac82109111e341623fc4a Reviewed-on: https://code.engineering.redhat.com/gerrit/70141 Tested-by: RHOS Jenkins Reviewed-by: Matthew Booth --- nova/tests/virt/libvirt/test_libvirt.py | 2 +- nova/virt/libvirt/driver.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 13:10:06.361985415 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 13:10:06.357985362 -0400 @@ -4465,7 +4465,7 @@ class LibvirtConnTestCase(test.TestCase) drvr.pre_live_migration(self.context, instance, block_device_info=None, network_info=[], - disk_info=disk_info, + disk_info=jsonutils.dumps(disk_info), migrate_data=migrate_data) write_to_file.assert_called_with(disk_info_path, jsonutils.dumps(image_disk_info)) Index: nova-2014.1.5/nova/virt/libvirt/driver.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/driver.py 2017-09-13 13:10:06.361985415 -0400 +++ nova-2014.1.5/nova/virt/libvirt/driver.py 2017-09-13 13:10:06.357985362 -0400 @@ -4728,7 +4728,7 @@ class LibvirtDriver(driver.ComputeDriver # contents of each file when using the Raw backend. if disk_info: image_disk_info = {} - for info in disk_info: + for info in jsonutils.loads(disk_info): image_file = os.path.basename(info['path']) image_path = os.path.join(instance_dir, image_file) image_disk_info[image_path] = info['type'] debian/patches/CVE-2015-3241-2.patch0000644000000000000000000001342413155747134013404 0ustar From 203d8803b786a2eaf73389f6c1209f720e1533dd Mon Sep 17 00:00:00 2001 From: abhishekkekane Date: Sat, 8 Aug 2015 02:28:50 -0700 Subject: [PATCH] Sync process utils from oslo for execute callbacks ------------------------------------------------ The sync pulls in the following changes: Ifc23325 Add 2 callbacks to processutils.execute() I22b2d7b processutils: ensure on_completion callback is always called I59d5799 Let oslotest manage the six.move setting for mox I245750f Remove `processutils` dependency on `log` Ia5bb418 Fix exception message in openstack.common.processutils.execute ----------------------------------------------- Related-Bug: 1387543 (cherry picked from commit bf23643e36c8764b4bd532546a2cc04385fe0cff) Upstream patch removes the six move from nova/openstack/common/__init__.py. This backport leaves it there as it doesn't seem to be related, and it upsets python 2.6. Upstream-Juno: https://review.openstack.org/#/c/208876/ Related: rhbz 1257789 Related: CVE-2015-3241 Change-Id: I22b2d7bde8797276f7670bc289d915dab5122481 Reviewed-on: https://code.engineering.redhat.com/gerrit/57493 Reviewed-by: Vladik Romanovsky Tested-by: RHOS Jenkins Reviewed-by: Matthew Booth --- nova/openstack/common/processutils.py | 59 ++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 19 deletions(-) diff --git a/nova/openstack/common/processutils.py b/nova/openstack/common/processutils.py index cb787e2..4ad0a96 100644 --- a/nova/openstack/common/processutils.py +++ b/nova/openstack/common/processutils.py @@ -112,6 +112,17 @@ def execute(*cmd, **kwargs): :type shell: boolean :param loglevel: log level for execute commands. :type loglevel: int. (Should be logging.DEBUG or logging.INFO) + :param on_execute: This function will be called upon process creation + with the object as a argument. The Purpose of this + is to allow the caller of `processutils.execute` to + track process creation asynchronously. + :type on_execute: function(:class:`subprocess.Popen`) + :param on_completion: This function will be called upon process + completion with the object as a argument. The + Purpose of this is to allow the caller of + `processutils.execute` to track process completion + asynchronously. + :type on_completion: function(:class:`subprocess.Popen`) :returns: (stdout, stderr) from process execution :raises: :class:`UnknownArgumentError` on receiving unknown arguments @@ -127,6 +138,8 @@ def execute(*cmd, **kwargs): root_helper = kwargs.pop('root_helper', '') shell = kwargs.pop('shell', False) loglevel = kwargs.pop('loglevel', logging.DEBUG) + on_execute = kwargs.pop('on_execute', None) + on_completion = kwargs.pop('on_completion', None) if isinstance(check_exit_code, bool): ignore_exit_code = not check_exit_code @@ -135,8 +148,7 @@ def execute(*cmd, **kwargs): check_exit_code = [check_exit_code] if kwargs: - raise UnknownArgumentError(_('Got unknown keyword args ' - 'to utils.execute: %r') % kwargs) + raise UnknownArgumentError(_('Got unknown keyword args: %r') % kwargs) if run_as_root and hasattr(os, 'geteuid') and os.geteuid() != 0: if not root_helper: @@ -168,23 +180,32 @@ def execute(*cmd, **kwargs): close_fds=close_fds, preexec_fn=preexec_fn, shell=shell) - result = None - for _i in six.moves.range(20): - # NOTE(russellb) 20 is an arbitrary number of retries to - # prevent any chance of looping forever here. - try: - if process_input is not None: - result = obj.communicate(process_input) - else: - result = obj.communicate() - except OSError as e: - if e.errno in (errno.EAGAIN, errno.EINTR): - continue - raise - break - obj.stdin.close() # pylint: disable=E1101 - _returncode = obj.returncode # pylint: disable=E1101 - LOG.log(loglevel, _('Result was %s') % _returncode) + + if on_execute: + on_execute(obj) + + try: + result = None + for _i in six.moves.range(20): + # NOTE(russellb) 20 is an arbitrary number of retries to + # prevent any chance of looping forever here. + try: + if process_input is not None: + result = obj.communicate(process_input) + else: + result = obj.communicate() + except OSError as e: + if e.errno in (errno.EAGAIN, errno.EINTR): + continue + raise + break + obj.stdin.close() # pylint: disable=E1101 + _returncode = obj.returncode # pylint: disable=E1101 + LOG.log(loglevel, _('Result was %s') % _returncode) + finally: + if on_completion: + on_completion(obj) + if not ignore_exit_code and _returncode not in check_exit_code: (stdout, stderr) = result sanitized_stdout = strutils.mask_password(stdout) debian/patches/CVE-2015-3280.patch0000664000000000000000000002406413155750447013255 0ustar From 38efa64f487ed644068b28ea050bb43f2e291208 Mon Sep 17 00:00:00 2001 From: Rajesh Tailor Date: Wed, 4 Mar 2015 05:05:19 -0800 Subject: [PATCH] Delete orphaned instance files from compute nodes While resizing/revert-resizing instance, if instance gets deleted in between, then instance files remains either on the source or destination compute node. To address this issue, added a new periodic task '_cleanup_incomplete_migrations' which takes care of deleting instance files from source/destination compute nodes and then mark migration record as failed so that it doesn't appear again in the next periodic task run. SecurityImpact (cherry picked from commit 18d6b5cc79973fc553daf7a92f22cce4dc0ca013) Conflicts: nova/compute/manager.py nova/tests/unit/compute/test_compute_mgr.py (cherry picked from commit fa72fb8b51d59e04913c871539cee98a3da79058) Conflicts: nova/tests/compute/test_compute_mgr.py nova/compute/manager.py Closes-Bug: 1392527 Resolves: rhbz 1264278 Resolves: rhbz 1264279 Upstream-Juno: https://review.openstack.org/#/c/219301/ Change-Id: I9866d8e32e99b9f907921f4b226edf7b62bd83a7 Reviewed-on: https://code.engineering.redhat.com/gerrit/58740 Tested-by: RHOS Jenkins Reviewed-by: Nikola Dipanov Reviewed-by: Jon Schlueter --- nova/compute/manager.py | 60 ++++++++++++++++++++++++++-- nova/tests/compute/test_compute_mgr.py | 73 ++++++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+), 4 deletions(-) Index: nova-2014.1.5/nova/compute/manager.py =================================================================== --- nova-2014.1.5.orig/nova/compute/manager.py 2017-09-12 08:20:52.683037454 -0400 +++ nova-2014.1.5/nova/compute/manager.py 2017-09-12 08:20:52.675037354 -0400 @@ -245,12 +245,18 @@ def errors_out_migration(function): def decorated_function(self, context, *args, **kwargs): try: return function(self, context, *args, **kwargs) - except Exception: + except Exception as ex: with excutils.save_and_reraise_exception(): migration = kwargs['migration'] - status = migration.status - if status not in ['migrating', 'post-migrating']: - return + + # NOTE(rajesht): If InstanceNotFound error is thrown from + # decorated function, migration status should be set to + # 'error', without checking current migration status. + if not isinstance(ex, exception.InstanceNotFound): + status = migration.status + if status not in ['migrating', 'post-migrating']: + return + migration.status = 'error' try: migration.save(context.elevated()) @@ -3279,6 +3285,7 @@ class ComputeManager(manager.Manager): @wrap_exception() @reverts_task_state @wrap_instance_event + @errors_out_migration @wrap_instance_fault def revert_resize(self, context, instance, migration, reservations): """Destroys the new instance on the destination machine. @@ -3333,6 +3340,7 @@ class ComputeManager(manager.Manager): @wrap_exception() @reverts_task_state @wrap_instance_event + @errors_out_migration @wrap_instance_fault def finish_revert_resize(self, context, instance, reservations, migration): """Finishes the second half of reverting a resize. @@ -5834,3 +5842,47 @@ class ComputeManager(manager.Manager): instance.cleaned = True with utils.temporary_mutation(context, read_deleted='yes'): instance.save(context) + + @periodic_task.periodic_task(spacing=CONF.instance_delete_interval) + def _cleanup_incomplete_migrations(self, context): + """Delete instance files on failed resize/revert-resize operation + + During resize/revert-resize operation, if that instance gets deleted + in-between then instance files might remain either on source or + destination compute node because of race condition. + """ + LOG.debug('Cleaning up deleted instances with incomplete migration ') + migration_filters = {'host': CONF.host, + 'status': 'error'} + migrations = migration_obj.MigrationList.get_by_filters(context, + migration_filters) + + if not migrations: + return + + inst_uuid_from_migrations = set([migration.instance_uuid for migration + in migrations]) + + inst_filters = {'deleted': True, 'soft_deleted': False, + 'uuid': inst_uuid_from_migrations} + attrs = ['info_cache', 'security_groups', 'system_metadata'] + with utils.temporary_mutation(context, read_deleted='yes'): + instances = instance_obj.InstanceList.get_by_filters( + context, inst_filters, expected_attrs=attrs, use_slave=True) + + for instance in instances: + if instance.host != CONF.host: + for migration in migrations: + if instance.uuid == migration.instance_uuid: + # Delete instance files if not cleanup properly either + # from the source or destination compute nodes when + # the instance is deleted during resizing. + self.driver.delete_instance_files(instance) + try: + migration.status = 'failed' + migration.save(context.elevated()) + except exception.MigrationNotFound: + LOG.warning(_LW("Migration %s is not found."), + migration.id, context=context, + instance=instance) + break Index: nova-2014.1.5/nova/tests/compute/test_compute_mgr.py =================================================================== --- nova-2014.1.5.orig/nova/tests/compute/test_compute_mgr.py 2017-09-12 08:20:52.683037454 -0400 +++ nova-2014.1.5/nova/tests/compute/test_compute_mgr.py 2017-09-12 08:20:52.675037354 -0400 @@ -870,6 +870,79 @@ class ComputeManagerUnitTestCase(test.No self.assertFalse(c.cleaned) self.assertEqual('1', c.system_metadata['clean_attempts']) + @mock.patch.object(migration_obj.Migration, 'save') + @mock.patch.object(migration_obj.MigrationList, 'get_by_filters') + @mock.patch.object(instance_obj.InstanceList, 'get_by_filters') + def _test_cleanup_incomplete_migrations(self, inst_host, + mock_inst_get_by_filters, + mock_migration_get_by_filters, + mock_save): + def fake_inst(context, uuid, host): + inst = instance_obj.Instance(context) + inst.uuid = uuid + inst.host = host + return inst + + def fake_migration(uuid, status, inst_uuid, src_host, dest_host): + migration = migration_obj.Migration() + migration.uuid = uuid + migration.status = status + migration.instance_uuid = inst_uuid + migration.source_compute = src_host + migration.dest_compute = dest_host + return migration + + fake_instances = [fake_inst(self.context, '111', inst_host), + fake_inst(self.context, '222', inst_host)] + + fake_migrations = [fake_migration('123', 'error', '111', + 'fake-host', 'fake-mini'), + fake_migration('456', 'error', '222', + 'fake-host', 'fake-mini')] + + mock_migration_get_by_filters.return_value = fake_migrations + mock_inst_get_by_filters.return_value = fake_instances + + with mock.patch.object(self.compute.driver, 'delete_instance_files'): + self.compute._cleanup_incomplete_migrations(self.context) + + # Ensure that migration status is set to 'failed' after instance + # files deletion for those instances whose instance.host is not + # same as compute host where periodic task is running. + for inst in fake_instances: + if inst.host != CONF.host: + for mig in fake_migrations: + if inst.uuid == mig.instance_uuid: + self.assertEqual('failed', mig.status) + + def test_cleanup_incomplete_migrations_dest_node(self): + """Test to ensure instance files are deleted from destination node. + + If an instance gets deleted during resizing/revert-resizing + operation, in that case instance files gets deleted from + instance.host (source host here), but there is possibility that + instance files could be present on destination node. + + This test ensures that `_cleanup_incomplete_migration` periodic + task deletes orphaned instance files from destination compute node. + """ + self.flags(host='fake-mini') + self._test_cleanup_incomplete_migrations('fake-host') + + def test_cleanup_incomplete_migrations_source_node(self): + """Test to ensure instance files are deleted from source node. + + If instance gets deleted during resizing/revert-resizing operation, + in that case instance files gets deleted from instance.host (dest + host here), but there is possibility that instance files could be + present on source node. + + This test ensures that `_cleanup_incomplete_migration` periodic + task deletes orphaned instance files from source compute node. + """ + self.flags(host='fake-host') + self._test_cleanup_incomplete_migrations('fake-mini') + def test_swap_volume_volume_api_usage(self): # This test ensures that volume_id arguments are passed to volume_api # and that volume states are OK debian/patches/evacuate_error_vm.patch0000664000000000000000000000725512764501734015372 0ustar commit 4551896ced835b0cd89b9ff1ff17ef2bae2282f5 Author: Chris Friesen Date: Fri Mar 14 11:37:55 2014 -0600 Allow evacuate from vm_state=Error We currently allow reboot/rebuild/rescue for an instance in the Error state. This commit allows "evacuate" as well, since it is essentially a "rebuild" on a different compute node. This is useful in a number of cases, in particular if an initial evacuation attempt fails. Change-Id: I3f513eb738c91fe71767308f57251629639efd6a Closes-Bug: 1298061 (cherry picked from commit 2f8dfc0da2fd7f13185c4638aa74013be617cf11) diff --git a/nova/compute/api.py b/nova/compute/api.py index d939aaf..61dcdd0 100644 --- a/nova/compute/api.py +++ b/nova/compute/api.py @@ -3040,7 +3040,8 @@ class API(base.Base): host_name, block_migration=block_migration, disk_over_commit=disk_over_commit) - @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.STOPPED]) + @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.STOPPED, + vm_states.ERROR]) def evacuate(self, context, instance, host, on_shared_storage, admin_password=None): """Running evacuate to target host. diff --git a/nova/tests/compute/test_compute.py b/nova/tests/compute/test_compute.py index e1297a9..6c2333e 100644 --- a/nova/tests/compute/test_compute.py +++ b/nova/tests/compute/test_compute.py @@ -9234,9 +9234,9 @@ class ComputeAPITestCase(BaseTestCase): instance.refresh() self.assertEqual(instance['task_state'], task_states.MIGRATING) - def test_evacuate(self): + def _check_evacuate(self, instance_params=None): instance = jsonutils.to_primitive(self._create_fake_instance( - services=True)) + instance_params, services=True)) instance_uuid = instance['uuid'] instance = db.instance_get_by_uuid(self.context, instance_uuid) self.assertIsNone(instance['task_state']) @@ -9265,6 +9265,12 @@ class ComputeAPITestCase(BaseTestCase): db.instance_destroy(self.context, instance['uuid']) + def test_evacuate(self): + self._check_evacuate() + + def test_error_evacuate(self): + self._check_evacuate({'vm_state': vm_states.ERROR}) + def test_fail_evacuate_from_non_existing_host(self): inst = {} inst['vm_state'] = vm_states.ACTIVE @@ -9333,9 +9339,7 @@ class ComputeAPITestCase(BaseTestCase): jsonutils.to_primitive(self._create_fake_instance( {'vm_state': vm_states.SOFT_DELETED})), jsonutils.to_primitive(self._create_fake_instance( - {'vm_state': vm_states.DELETED})), - jsonutils.to_primitive(self._create_fake_instance( - {'vm_state': vm_states.ERROR})) + {'vm_state': vm_states.DELETED})) ] for instance in instances: diff --git a/nova/tests/compute/test_compute_cells.py b/nova/tests/compute/test_compute_cells.py index 55f500f..9045246 100644 --- a/nova/tests/compute/test_compute_cells.py +++ b/nova/tests/compute/test_compute_cells.py @@ -148,6 +148,9 @@ class CellsComputeAPITestCase(test_compute.ComputeAPITestCase): def test_evacuate(self): self.skipTest("Test is incompatible with cells.") + def test_error_evacuate(self): + self.skipTest("Test is incompatible with cells.") + def test_delete_instance_no_cell(self): cells_rpcapi = self.compute_api.cells_rpcapi self.mox.StubOutWithMock(cells_rpcapi, debian/patches/CVE-2015-3241-1.patch0000664000000000000000000003632713156000660013377 0ustar From 8232a7c6d58fe24e74259557986b5af9655bfd31 Mon Sep 17 00:00:00 2001 From: John Warren Date: Wed, 11 Jun 2014 20:29:28 +0000 Subject: [PATCH] Check for resize path on libvirt instance delete If an instance is deleted after the instance's disk image path has been renamed by adding the "_resize" suffix to it but before the resize operation completes, the libvirt driver will not delete the orphaned files and manual intervention is needed to get them deleted. This fix addresses the issue by attempting to rename the instance path by adding a "_del" suffix and if that fails, renaming the instance path with the "_resize" suffix by replacing the "_resize" suffix with the "_del" suffix. If both renaming operations fail, the sequence is repeated, in case the the disk image path initially had the "_resize" suffix and another thread removed it before the second rename operation was attempted. These rename operations are used in favor of checking for the existence of paths and deleting if found, because rename operations are atomic whereas another thread could rename the path between the exist check and the deleting. Regardless of the outcome of the renaming operations, the existence of the instance path with the "_del" suffix is verified and if it exists, it is deleted. This is done in case a prior delete operation that managed to create the "_del" path was subsequently interrupted before all instance files could be deleted. Note that the LibvirtConnTestCase.test_delete_instance_files test case was removed in order to eliminate redundancy. Closes-Bug: #1308565 (cherry picked from commit 98e6891dfd4408c56644f55fe3cff88703beb4bf) Upstream-Juno: https://review.openstack.org/#/c/99472/ Related: rhbz 1257789 Related: CVE-2015-3241 Change-Id: Ifcb2e18211347ccf3e5472779c5917a729a6eced Reviewed-on: https://code.engineering.redhat.com/gerrit/57492 Tested-by: RHOS Jenkins Reviewed-by: Padraig Brady --- nova/tests/virt/libvirt/test_libvirt.py | 192 +++++++++++++++++++++++++------- nova/virt/libvirt/driver.py | 50 +++++++-- 2 files changed, 194 insertions(+), 48 deletions(-) Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt.py 2017-09-12 11:47:57.420575903 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py 2017-09-12 11:47:57.412575798 -0400 @@ -5246,9 +5246,10 @@ class LibvirtConnTestCase(test.TestCase) else: libvirt_driver.LibvirtDriver.volume_driver_method( mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg()) - self.mox.StubOutWithMock(shutil, "rmtree") - shutil.rmtree(os.path.join(CONF.instances_path, - 'instance-%08x' % int(instance['id']))) + self.mox.StubOutWithMock(libvirt_driver.LibvirtDriver, + 'delete_instance_files') + (libvirt_driver.LibvirtDriver.delete_instance_files(mox.IgnoreArg()). + AndReturn(True)) self.mox.StubOutWithMock(libvirt_driver.LibvirtDriver, '_cleanup_lvm') libvirt_driver.LibvirtDriver._cleanup_lvm(instance) @@ -5327,44 +5328,6 @@ class LibvirtConnTestCase(test.TestCase) self.stubs.Set(os.path, 'exists', fake_os_path_exists) conn.destroy(self.context, instance, [], None, False) - def test_delete_instance_files(self): - instance = {"name": "instancename", "id": "42", - "uuid": "875a8070-d0b9-4949-8b31-104d125c9a64", - "cleaned": 0, 'info_cache': None, 'security_groups': []} - - self.mox.StubOutWithMock(db, 'instance_get_by_uuid') - self.mox.StubOutWithMock(os.path, 'exists') - self.mox.StubOutWithMock(shutil, "rmtree") - - db.instance_get_by_uuid(mox.IgnoreArg(), mox.IgnoreArg(), - columns_to_join=['info_cache', - 'security_groups'], - use_slave=False - ).AndReturn(instance) - os.path.exists(mox.IgnoreArg()).AndReturn(False) - os.path.exists(mox.IgnoreArg()).AndReturn(True) - shutil.rmtree(os.path.join(CONF.instances_path, instance['uuid'])) - os.path.exists(mox.IgnoreArg()).AndReturn(True) - os.path.exists(mox.IgnoreArg()).AndReturn(False) - os.path.exists(mox.IgnoreArg()).AndReturn(True) - shutil.rmtree(os.path.join(CONF.instances_path, instance['uuid'])) - os.path.exists(mox.IgnoreArg()).AndReturn(False) - self.mox.ReplayAll() - - def fake_obj_load_attr(self, attrname): - if not hasattr(self, attrname): - self[attrname] = {} - - conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) - self.stubs.Set(instance_obj.Instance, 'fields', - {'id': int, 'uuid': str, 'cleaned': int}) - self.stubs.Set(instance_obj.Instance, 'obj_load_attr', - fake_obj_load_attr) - - inst_obj = instance_obj.Instance.get_by_uuid(None, instance['uuid']) - self.assertFalse(conn.delete_instance_files(inst_obj)) - self.assertTrue(conn.delete_instance_files(inst_obj)) - def test_reboot_different_ids(self): class FakeLoopingCall: def start(self, *a, **k): @@ -9310,6 +9273,153 @@ class LibvirtDriverTestCase(test.TestCas instance = self._create_instance() self.assertTrue(conn.instance_on_disk(instance)) + @mock.patch('shutil.rmtree') + @mock.patch('nova.utils.execute') + @mock.patch('os.path.exists') + @mock.patch('nova.virt.libvirt.utils.get_instance_path') + def test_delete_instance_files(self, get_instance_path, exists, exe, + shutil): + lv = self.libvirtconnection + get_instance_path.return_value = '/path' + params = dict(uuid='fake-uuid', id=1) + instance = self._create_instance(params) + + exists.side_effect = [False, False, True, False] + + result = lv.delete_instance_files(instance) + get_instance_path.assert_called_with(instance) + exe.assert_called_with('mv', '/path', '/path_del') + shutil.assert_called_with('/path_del') + self.assertTrue(result) + + @mock.patch('shutil.rmtree') + @mock.patch('nova.utils.execute') + @mock.patch('os.path.exists') + @mock.patch('nova.virt.libvirt.utils.get_instance_path') + def test_delete_instance_files_resize(self, get_instance_path, exists, + exe, shutil): + lv = self.libvirtconnection + get_instance_path.return_value = '/path' + params = dict(uuid='fake-uuid', id=1) + instance = self._create_instance(params) + + nova.utils.execute.side_effect = [Exception(), None] + exists.side_effect = [False, False, True, False] + + result = lv.delete_instance_files(instance) + get_instance_path.assert_called_with(instance) + expected = [mock.call('mv', '/path', '/path_del'), + mock.call('mv', '/path_resize', '/path_del')] + self.assertEqual(expected, exe.mock_calls) + shutil.assert_called_with('/path_del') + self.assertTrue(result) + + @mock.patch('shutil.rmtree') + @mock.patch('nova.utils.execute') + @mock.patch('os.path.exists') + @mock.patch('nova.virt.libvirt.utils.get_instance_path') + def test_delete_instance_files_failed(self, get_instance_path, exists, exe, + shutil): + lv = self.libvirtconnection + get_instance_path.return_value = '/path' + params = dict(uuid='fake-uuid', id=1) + instance = self._create_instance(params) + + exists.side_effect = [False, False, True, True] + + result = lv.delete_instance_files(instance) + get_instance_path.assert_called_with(instance) + exe.assert_called_with('mv', '/path', '/path_del') + shutil.assert_called_with('/path_del') + self.assertFalse(result) + + @mock.patch('shutil.rmtree') + @mock.patch('nova.utils.execute') + @mock.patch('os.path.exists') + @mock.patch('nova.virt.libvirt.utils.get_instance_path') + def test_delete_instance_files_mv_failed(self, get_instance_path, exists, + exe, shutil): + lv = self.libvirtconnection + get_instance_path.return_value = '/path' + params = dict(uuid='fake-uuid', id=1) + instance = self._create_instance(params) + + nova.utils.execute.side_effect = Exception() + exists.side_effect = [True, True] + + result = lv.delete_instance_files(instance) + get_instance_path.assert_called_with(instance) + expected = [mock.call('mv', '/path', '/path_del'), + mock.call('mv', '/path_resize', '/path_del')] * 2 + self.assertEqual(expected, exe.mock_calls) + self.assertFalse(result) + + @mock.patch('shutil.rmtree') + @mock.patch('nova.utils.execute') + @mock.patch('os.path.exists') + @mock.patch('nova.virt.libvirt.utils.get_instance_path') + def test_delete_instance_files_resume(self, get_instance_path, exists, + exe, shutil): + lv = self.libvirtconnection + get_instance_path.return_value = '/path' + params = dict(uuid='fake-uuid', id=1) + instance = self._create_instance(params) + + nova.utils.execute.side_effect = Exception() + exists.side_effect = [False, False, True, False] + + result = lv.delete_instance_files(instance) + get_instance_path.assert_called_with(instance) + expected = [mock.call('mv', '/path', '/path_del'), + mock.call('mv', '/path_resize', '/path_del')] * 2 + self.assertEqual(expected, exe.mock_calls) + self.assertTrue(result) + + @mock.patch('shutil.rmtree') + @mock.patch('nova.utils.execute') + @mock.patch('os.path.exists') + @mock.patch('nova.virt.libvirt.utils.get_instance_path') + def test_delete_instance_files_none(self, get_instance_path, exists, + exe, shutil): + lv = self.libvirtconnection + get_instance_path.return_value = '/path' + params = dict(uuid='fake-uuid', id=1) + instance = self._create_instance(params) + + nova.utils.execute.side_effect = Exception() + exists.side_effect = [False, False, False, False] + + result = lv.delete_instance_files(instance) + get_instance_path.assert_called_with(instance) + expected = [mock.call('mv', '/path', '/path_del'), + mock.call('mv', '/path_resize', '/path_del')] * 2 + self.assertEqual(expected, exe.mock_calls) + self.assertEqual(0, len(shutil.mock_calls)) + self.assertTrue(result) + + @mock.patch('shutil.rmtree') + @mock.patch('nova.utils.execute') + @mock.patch('os.path.exists') + @mock.patch('nova.virt.libvirt.utils.get_instance_path') + def test_delete_instance_files_concurrent(self, get_instance_path, exists, + exe, shutil): + lv = self.libvirtconnection + get_instance_path.return_value = '/path' + params = dict(uuid='fake-uuid', id=1) + instance = self._create_instance(params) + + nova.utils.execute.side_effect = [Exception(), Exception(), None] + exists.side_effect = [False, False, True, False] + + result = lv.delete_instance_files(instance) + get_instance_path.assert_called_with(instance) + expected = [mock.call('mv', '/path', '/path_del'), + mock.call('mv', '/path_resize', '/path_del')] + expected.append(expected[0]) + self.assertEqual(expected, exe.mock_calls) + shutil.assert_called_with('/path_del') + self.assertTrue(result) + class LibvirtVolumeUsageTestCase(test.TestCase): """Test for LibvirtDriver.get_all_volume_usage.""" Index: nova-2014.1.5/nova/virt/libvirt/driver.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/driver.py 2017-09-12 11:47:57.420575903 -0400 +++ nova-2014.1.5/nova/virt/libvirt/driver.py 2017-09-12 11:47:57.416575850 -0400 @@ -5342,23 +5342,59 @@ class LibvirtDriver(driver.ComputeDriver def delete_instance_files(self, instance): target = libvirt_utils.get_instance_path(instance) - if os.path.exists(target): - LOG.info(_('Deleting instance files %s'), target, + # A resize may be in progress + target_resize = target + '_resize' + # Other threads may attempt to rename the path, so renaming the path + # to target + '_del' (because it is atomic) and iterating through + # twice in the unlikely event that a concurrent rename occurs between + # the two rename attempts in this method. In general this method + # should be fairly thread-safe without these additional checks, since + # other operations involving renames are not permitted when the task + # state is not None and the task state should be set to something + # other than None by the time this method is invoked. + target_del = target + '_del' + for i in six.moves.range(2): + try: + utils.execute('mv', target, target_del) + break + except Exception: + pass + try: + utils.execute('mv', target_resize, target_del) + break + except Exception: + pass + # Either the target or target_resize path may still exist if all + # rename attempts failed. + remaining_path = None + for p in (target, target_resize): + if os.path.exists(p): + remaining_path = p + break + + # A previous delete attempt may have been interrupted, so target_del + # may exist even if all rename attempts during the present method + # invocation failed due to the absence of both target and + # target_resize. + if not remaining_path and os.path.exists(target_del): + LOG.info(_('Deleting instance files %s'), target_del, instance=instance) + remaining_path = target_del try: - shutil.rmtree(target) + shutil.rmtree(target_del) except OSError as e: LOG.error(_('Failed to cleanup directory %(target)s: ' - '%(e)s'), {'target': target, 'e': e}, + '%(e)s'), {'target': target_del, 'e': e}, instance=instance) # It is possible that the delete failed, if so don't mark the instance # as cleaned. - if os.path.exists(target): - LOG.info(_('Deletion of %s failed'), target, instance=instance) + if remaining_path and os.path.exists(remaining_path): + LOG.info(_('Deletion of %s failed'), remaining_path, + instance=instance) return False - LOG.info(_('Deletion of %s complete'), target, instance=instance) + LOG.info(_('Deletion of %s complete'), target_del, instance=instance) return True @property debian/patches/CVE-2015-5162-2.patch0000644000000000000000000002116013156222604013373 0ustar From b64a7d38673b48c2c12f9fcfd249a3f57c02e8f4 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 14 Oct 2016 16:38:36 +0200 Subject: [PATCH] processutils: add support for missing process limits The original commit adding support for process limits only wired up address space, max files and resident set size limits. This is not sufficient to enable nova to protect qemu-img commands against malicious images. This commit adds support for the remaining limits supported by python: core file size, cpu time, data size, file size, locked memory size, max processes and stack size. Upstream-Liberty: https://review.openstack.org/#/c/332222/ Resolves: rhbz#1382549 Related-bug: #1449062 Change-Id: I164c4b35e1357a0f80ed7fe00a7ae8f49df92e31 (cherry picked from commit 8af826953d1ad2cab2ecf360e0c794de70a367c3) (cherry picked from commit 5f417f8e9656e097070036daced26d8b0f3728c3) (cherry picked from commit d65d931da8490576f0abf30f124ca3a032b481c7) Reviewed-on: https://code.engineering.redhat.com/gerrit/87170 Tested-by: RHOS Jenkins Reviewed-by: Kashyap Chamarthy Tested-by: Victor Stinner --- nova/openstack/common/prlimit.py | 21 +++++++++++++ nova/openstack/common/processutils.py | 38 +++++++++++++++++------- nova/tests/openstack_common/test_processutils.py | 37 ++++++++++++++++++++++- 3 files changed, 85 insertions(+), 11 deletions(-) diff --git a/nova/openstack/common/prlimit.py b/nova/openstack/common/prlimit.py index fa1ef68..a3dc8a7 100644 --- a/nova/openstack/common/prlimit.py +++ b/nova/openstack/common/prlimit.py @@ -26,8 +26,15 @@ USAGE_PROGRAM = ('%s -m nova.openstack.common.prlimit' RESOURCES = ( # argparse argument => resource ('as', resource.RLIMIT_AS), + ('core', resource.RLIMIT_CORE), + ('cpu', resource.RLIMIT_CPU), + ('data', resource.RLIMIT_DATA), + ('fsize', resource.RLIMIT_FSIZE), + ('memlock', resource.RLIMIT_MEMLOCK), ('nofile', resource.RLIMIT_NOFILE), + ('nproc', resource.RLIMIT_NPROC), ('rss', resource.RLIMIT_RSS), + ('stack', resource.RLIMIT_STACK), ) @@ -35,10 +42,24 @@ def parse_args(): parser = argparse.ArgumentParser(description='prlimit', prog=USAGE_PROGRAM) parser.add_argument('--as', type=int, help='Address space limit in bytes') + parser.add_argument('--core', type=int, + help='Core file size limit in bytes') + parser.add_argument('--cpu', type=int, + help='CPU time limit in seconds') + parser.add_argument('--data', type=int, + help='Data size limit in bytes') + parser.add_argument('--fsize', type=int, + help='File size limit in bytes') + parser.add_argument('--memlock', type=int, + help='Locked memory limit in bytes') parser.add_argument('--nofile', type=int, help='Maximum number of open files') + parser.add_argument('--nproc', type=int, + help='Maximum number of processes') parser.add_argument('--rss', type=int, help='Maximum Resident Set Size (RSS) in bytes') + parser.add_argument('--stack', type=int, + help='Stack size limit in bytes') parser.add_argument('program', help='Program (absolute path)') parser.add_argument('program_args', metavar="arg", nargs='...', diff --git a/nova/openstack/common/processutils.py b/nova/openstack/common/processutils.py index 4a31171..17508d7 100644 --- a/nova/openstack/common/processutils.py +++ b/nova/openstack/common/processutils.py @@ -88,16 +88,36 @@ class ProcessLimits(object): Attributes: * address_space: Address space limit in bytes - * number_files: Maximum number of open files. + * core_file_size: Core file size limit in bytes + * cpu_time: CPU time limit in seconds + * data_size: Data size limit in bytes + * file_size: File size limit in bytes + * memory_locked: Locked memory limit in bytes + * number_files: Maximum number of open files + * number_processes: Maximum number of processes * resident_set_size: Maximum Resident Set Size (RSS) in bytes + * stack_size: Stack size limit in bytes This object can be used for the *prlimit* parameter of :func:`execute`. """ + _LIMITS = { + "address_space": "--as", + "core_file_size": "--core", + "cpu_time": "--cpu", + "data_size": "--data", + "file_size": "--fsize", + "memory_locked": "--memlock", + "number_files": "--nofile", + "number_processes": "--nproc", + "resident_set_size": "--rss", + "stack_size": "--stack", + } + def __init__(self, **kw): - self.address_space = kw.pop('address_space', None) - self.number_files = kw.pop('number_files', None) - self.resident_set_size = kw.pop('resident_set_size', None) + for limit in self._LIMITS.keys(): + setattr(self, limit, kw.pop(limit, None)) + if kw: raise ValueError("invalid limits: %s" % ', '.join(sorted(kw.keys()))) @@ -105,12 +125,10 @@ class ProcessLimits(object): def prlimit_args(self): """Create a list of arguments for the prlimit command line.""" args = [] - if self.address_space: - args.append('--as=%s' % self.address_space) - if self.number_files: - args.append('--nofile=%s' % self.number_files) - if self.resident_set_size: - args.append('--rss=%s' % self.resident_set_size) + for limit in self._LIMITS.keys(): + val = getattr(self, limit) + if val is not None: + args.append("%s=%s" % (self._LIMITS[limit], val)) return args diff --git a/nova/tests/openstack_common/test_processutils.py b/nova/tests/openstack_common/test_processutils.py index 4822539..a10f68c 100644 --- a/nova/tests/openstack_common/test_processutils.py +++ b/nova/tests/openstack_common/test_processutils.py @@ -32,7 +32,7 @@ class PrlimitTestCase(test.TestCase): # Create a new soft limit for a resource, lower than the current # soft limit. soft_limit, hard_limit = resource.getrlimit(res) - if soft_limit < 0: + if soft_limit <= 0: soft_limit = default_limit else: soft_limit -= substract @@ -70,6 +70,31 @@ class PrlimitTestCase(test.TestCase): prlimit = self.limit_address_space() self.check_limit(prlimit, 'RLIMIT_AS', prlimit.address_space) + def test_core_size(self): + size = self.soft_limit(resource.RLIMIT_CORE, 1, 1024) + prlimit = processutils.ProcessLimits(core_file_size=size) + self.check_limit(prlimit, 'RLIMIT_CORE', prlimit.core_file_size) + + def test_cpu_time(self): + time = self.soft_limit(resource.RLIMIT_CPU, 1, 1024) + prlimit = processutils.ProcessLimits(cpu_time=time) + self.check_limit(prlimit, 'RLIMIT_CPU', prlimit.cpu_time) + + def test_data_size(self): + max_memory = self.memory_limit(resource.RLIMIT_DATA) + prlimit = processutils.ProcessLimits(data_size=max_memory) + self.check_limit(prlimit, 'RLIMIT_DATA', max_memory) + + def test_file_size(self): + size = self.soft_limit(resource.RLIMIT_FSIZE, 1, 1024) + prlimit = processutils.ProcessLimits(file_size=size) + self.check_limit(prlimit, 'RLIMIT_FSIZE', prlimit.file_size) + + def test_memory_locked(self): + max_memory = self.memory_limit(resource.RLIMIT_MEMLOCK) + prlimit = processutils.ProcessLimits(memory_locked=max_memory) + self.check_limit(prlimit, 'RLIMIT_MEMLOCK', max_memory) + def test_resident_set_size(self): max_memory = self.memory_limit(resource.RLIMIT_RSS) prlimit = processutils.ProcessLimits(resident_set_size=max_memory) @@ -80,6 +105,16 @@ class PrlimitTestCase(test.TestCase): prlimit = processutils.ProcessLimits(number_files=nfiles) self.check_limit(prlimit, 'RLIMIT_NOFILE', nfiles) + def test_number_processes(self): + nprocs = self.soft_limit(resource.RLIMIT_NPROC, 1, 65535) + prlimit = processutils.ProcessLimits(number_processes=nprocs) + self.check_limit(prlimit, 'RLIMIT_NPROC', nprocs) + + def test_stack_size(self): + max_memory = self.memory_limit(resource.RLIMIT_STACK) + prlimit = processutils.ProcessLimits(stack_size=max_memory) + self.check_limit(prlimit, 'RLIMIT_STACK', max_memory) + def test_unsupported_prlimit(self): self.assertRaises(ValueError, processutils.ProcessLimits, xxx=33) debian/patches/series0000664000000000000000000000173013156263070012040 0ustar # Ubuntu specific patches below here. Note these can be dropped eventually. disable-websockify-tests.patch fix-requirements.patch skip_ipv6_test.patch arm-console-patch.patch update-run-tests.patch add-support-for-syslog-connect-retries.patch clean-shutdown.patch fix-creating-bdm-for-failed-volume-attachment.patch protect-against-upgrade-rpc-ver-mismatch.patch Fix-live-migrations-usage-of-the-wrong-connector-inf.patch Fix-wrong-used-ProcessExecutionError-exception.patch Clean-up-iSCSI-multipath-devices-in-Post-Live-Migrat.patch Detach-iSCSI-latest-path-for-latest-disk.patch remove_useless_state_check.patch evacuate_error_vm.patch CVE-2015-3241-1.patch CVE-2015-3241-2.patch CVE-2015-3241-3.patch CVE-2015-3280.patch CVE-2015-5162-1.patch CVE-2015-5162-2.patch CVE-2015-5162-3.patch CVE-2015-7548-1.patch CVE-2015-7548-2.patch CVE-2015-7548-3.patch CVE-2015-7548-4.patch CVE-2015-7713.patch CVE-2015-8749.patch CVE-2016-2140-1.patch CVE-2016-2140-2.patch CVE-2016-2140-3.patch debian/patches/CVE-2015-7548-2.patch0000664000000000000000000001743713156263126013427 0ustar Backport of: From 26138c7a1e5c14b6084a83d563d4aa8883843726 Mon Sep 17 00:00:00 2001 From: Matthew Booth Date: Thu, 10 Dec 2015 16:34:19 +0000 Subject: [PATCH] Fix format conversion in libvirt snapshot The libvirt driver was calling images.convert_image during snapshot to convert snapshots to the intended output format. However, this function does not take the input format as an argument, meaning it implicitly does format detection. This opened an exploit for setups using raw storage on the backend, including raw on filesystem, LVM, and RBD (Ceph). An authenticated user could write a qcow2 header to their instance's disk which specified an arbitrary backing file on the host. When convert_image ran during snapshot, this would then write the contents of the backing file to glance, which is then available to the user. If the setup uses an LVM backend this conversion runs as root, meaning the user can exfiltrate any file on the host, including raw disks. This change adds an input format to convert_image. (cherry picked from commit 6e0b5d760afd86d439aaf6f34d6f031afdaf208c) Conflicts: nova/tests/virt/libvirt/test_libvirt.py nova/virt/libvirt/imagebackend.py Resolves: rhbz 1295729 Resolves: rhbz 1295730 Partial-Bug: #1524274 Change-Id: If73e73718ecd5db262ed9904091024238f98dbc0 Reviewed-on: https://code.engineering.redhat.com/gerrit/64914 Tested-by: RHOS Jenkins Reviewed-by: Matthew Booth --- nova/tests/virt/libvirt/test_libvirt.py | 7 ++++--- nova/virt/images.py | 26 ++++++++++++++++++++++++-- nova/virt/libvirt/imagebackend.py | 19 ++++++++++++++----- 3 files changed, 42 insertions(+), 10 deletions(-) Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 13:09:38.757617032 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 13:09:38.753616979 -0400 @@ -2829,7 +2829,7 @@ class LibvirtConnTestCase(test.TestCase) libvirt_driver.utils.execute = self.fake_execute self.stubs.Set(libvirt_driver.libvirt_utils, 'disk_type', 'raw') - def convert_image(source, dest, out_format): + def convert_image(source, dest, in_format, out_format): libvirt_driver.libvirt_utils.files[dest] = '' self.stubs.Set(images, 'convert_image', convert_image) @@ -2882,7 +2882,7 @@ class LibvirtConnTestCase(test.TestCase) libvirt_driver.utils.execute = self.fake_execute self.stubs.Set(libvirt_driver.libvirt_utils, 'disk_type', 'raw') - def convert_image(source, dest, out_format): + def convert_image(source, dest, in_format, out_format): libvirt_driver.libvirt_utils.files[dest] = '' self.stubs.Set(images, 'convert_image', convert_image) @@ -8531,7 +8531,8 @@ disk size: 4.4M''', '')) target = 't.qcow2' self.executes = [] expected_commands = [('qemu-img', 'convert', '-O', 'raw', - 't.qcow2.part', 't.qcow2.converted'), + 't.qcow2.part', 't.qcow2.converted', + '-f', 'qcow2'), ('rm', 't.qcow2.part'), ('mv', 't.qcow2.converted', 't.qcow2')] images.fetch_to_raw(context, image_id, target, user_id, project_id, Index: nova-2014.1.5/nova/virt/images.py =================================================================== --- nova-2014.1.5.orig/nova/virt/images.py 2017-09-13 13:09:38.757617032 -0400 +++ nova-2014.1.5/nova/virt/images.py 2017-09-13 13:09:38.757617032 -0400 @@ -70,9 +70,31 @@ def qemu_img_info(path): return imageutils.QemuImgInfo(out) -def convert_image(source, dest, out_format, run_as_root=False): +def convert_image(source, dest, in_format, out_format, run_as_root=False): """Convert image to other format.""" + if in_format is None: + raise RuntimeError("convert_image without input format is a security" + "risk") + _convert_image(source, dest, in_format, out_format, run_as_root) + + +def convert_image_unsafe(source, dest, out_format, run_as_root=False): + """Convert image to other format, doing unsafe automatic input format + detection. Do not call this function. + """ + + # NOTE: there is only 1 caller of this function: + # imagebackend.Lvm.create_image. It is not easy to fix that without a + # larger refactor, so for the moment it has been manually audited and + # allowed to continue. Remove this function when Lvm.create_image has + # been fixed. + _convert_image(source, dest, None, out_format, run_as_root) + + +def _convert_image(source, dest, in_format, out_format, run_as_root): cmd = ('qemu-img', 'convert', '-O', out_format, source, dest) + if in_format is not None: + cmd = cmd + ('-f', in_format) utils.execute(*cmd, run_as_root=run_as_root) @@ -128,7 +150,7 @@ def fetch_to_raw(context, image_href, pa staged = "%s.converted" % path LOG.debug("%s was %s, converting to raw" % (image_href, fmt)) with fileutils.remove_path_on_error(staged): - convert_image(path_tmp, staged, 'raw') + convert_image(path_tmp, staged, fmt, 'raw') os.unlink(path_tmp) data = qemu_img_info(staged) Index: nova-2014.1.5/nova/virt/libvirt/imagebackend.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/imagebackend.py 2017-09-13 13:09:38.757617032 -0400 +++ nova-2014.1.5/nova/virt/libvirt/imagebackend.py 2017-09-13 13:09:38.757617032 -0400 @@ -356,7 +356,7 @@ class Raw(Image): self.correct_format() def snapshot_extract(self, target, out_format): - images.convert_image(self.path, target, out_format) + images.convert_image(self.path, target, self.driver_format, out_format) class Qcow2(Image): @@ -465,7 +465,16 @@ class Lvm(Image): size = size if resize else base_size libvirt_utils.create_lvm_image(self.vg, self.lv, size, sparse=self.sparse) - images.convert_image(base, self.path, 'raw', run_as_root=True) + # NOTE: by calling convert_image_unsafe here we're + # telling qemu-img convert to do format detection on the input, + # because we don't know what the format is. For example, + # we might have downloaded a qcow2 image, or created an + # ephemeral filesystem locally, we just don't know here. Having + # audited this, all current sources have been sanity checked, + # either because they're locally generated, or because they have + # come from images.fetch_to_raw. However, this is major code smell. + images.convert_image_unsafe(base, self.path, self.driver_format, + run_as_root=True) if resize: disk.resize2fs(self.path, run_as_root=True) @@ -492,8 +501,8 @@ class Lvm(Image): libvirt_utils.remove_logical_volumes(path) def snapshot_extract(self, target, out_format): - images.convert_image(self.path, target, out_format, - run_as_root=True) + images.convert_image(self.path, target, self.driver_format, + out_format, run_as_root=True) class RBDVolumeProxy(object): @@ -686,7 +695,7 @@ class Rbd(Image): self._resize(self.rbd_name, size) def snapshot_extract(self, target, out_format): - images.convert_image(self.path, target, out_format) + images.convert_image(self.path, target, 'raw', out_format) @staticmethod def is_shared_block_storage(): debian/patches/CVE-2015-7548-4.patch0000664000000000000000000000362713156263136013426 0ustar From d28d73214f07d8577747d2b2e70dc11f370e4465 Mon Sep 17 00:00:00 2001 From: Matthew Booth Date: Thu, 14 Apr 2016 17:13:37 +0100 Subject: [PATCH] Disable live snapshot for rbd-backed instances The backport of change I11485f077d28f4e97529a691e55e3e3c0bea8872 missed a use of source_format. After this change source_format strictly contains a file format, and source_type contains the name of the backend. Therefore, for rbd source_format is 'raw', and source_type is 'rbd'. The test to enable live migration still expected source_format for rbd to be 'rbd', which caused the exclusion to be missed. This change is a fixup to the backport. The new line is in line with upstream. Downstream-Only Resolves: rhbz#1326489 Change-Id: I6dcbceb39a97b5fbe7bf42d367596afc4ea061e0 Reviewed-on: https://code.engineering.redhat.com/gerrit/72226 Reviewed-by: Lee Yarwood Tested-by: RHOS Jenkins Tested-by: Matthew Booth --- nova/virt/libvirt/driver.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: nova-2014.1.5/nova/virt/libvirt/driver.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/driver.py 2017-09-13 13:09:48.401745734 -0400 +++ nova-2014.1.5/nova/virt/libvirt/driver.py 2017-09-13 13:09:48.397745682 -0400 @@ -1543,7 +1543,7 @@ class LibvirtDriver(driver.ComputeDriver if self.has_min_version(MIN_LIBVIRT_LIVESNAPSHOT_VERSION, MIN_QEMU_LIVESNAPSHOT_VERSION, REQ_HYPERVISOR_LIVESNAPSHOT) \ - and not source_type == "lvm" and not source_format == 'rbd': + and source_type not in ('lvm', 'rbd'): live_snapshot = True # Abort is an idempotent operation, so make sure any block # jobs which may have failed are ended. This operation also debian/patches/remove_useless_state_check.patch0000664000000000000000000001262412764501734017253 0ustar commit 9f9ea6301ca27a1d9f15021e9495196aac92a91a Author: Chris Yeoh Date: Fri Mar 14 14:41:30 2014 +1030 Remove unnecessary passing of task_state to check_instance_state Remove cases where task_state=[None] was passed to check_instance_state when that is essentially the default value anyway Change-Id: I49b6449b9ae43a5cfcf5a1ccac5ee9a64d2b3f3c (cherry picked from commit e7cbb7a28c50a1e4deb3111ab80e7475d0eca4e1) diff --git a/nova/compute/api.py b/nova/compute/api.py index fd15df6..d939aaf 100644 --- a/nova/compute/api.py +++ b/nova/compute/api.py @@ -1775,8 +1775,7 @@ class API(base.Base): @check_instance_lock @check_instance_host @check_instance_cell - @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.ERROR], - task_state=[None]) + @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.ERROR]) def stop(self, context, instance, do_cast=True): """Stop an instance.""" self.force_stop(context, instance, do_cast) @@ -2148,8 +2147,7 @@ class API(base.Base): @check_instance_lock @check_instance_cell @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.STOPPED, - vm_states.ERROR], - task_state=[None]) + vm_states.ERROR]) def rebuild(self, context, instance, image_href, admin_password, files_to_inject=None, **kwargs): """Rebuild the given instance with the provided attributes.""" @@ -2385,8 +2383,7 @@ class API(base.Base): @wrap_check_policy @check_instance_lock @check_instance_cell - @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.STOPPED], - task_state=[None]) + @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.STOPPED]) def resize(self, context, instance, flavor_id=None, **extra_instance_updates): """Resize (ie, migrate) a running instance. @@ -2486,8 +2483,7 @@ class API(base.Base): @wrap_check_policy @check_instance_lock @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.STOPPED, - vm_states.PAUSED, vm_states.SUSPENDED], - task_state=[None]) + vm_states.PAUSED, vm_states.SUSPENDED]) def shelve(self, context, instance): """Shelve an instance. @@ -2513,7 +2509,7 @@ class API(base.Base): @wrap_check_policy @check_instance_lock - @check_instance_state(vm_state=[vm_states.SHELVED], task_state=[None]) + @check_instance_state(vm_state=[vm_states.SHELVED]) def shelve_offload(self, context, instance): """Remove a shelved instance from the hypervisor.""" instance.task_state = task_states.SHELVING_OFFLOADING @@ -2524,7 +2520,7 @@ class API(base.Base): @wrap_check_policy @check_instance_lock @check_instance_state(vm_state=[vm_states.SHELVED, - vm_states.SHELVED_OFFLOADED], task_state=[None]) + vm_states.SHELVED_OFFLOADED]) def unshelve(self, context, instance): """Restore a shelved instance.""" instance.task_state = task_states.UNSHELVING @@ -2807,8 +2803,7 @@ class API(base.Base): @check_instance_lock @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.PAUSED, vm_states.STOPPED, vm_states.RESIZED, - vm_states.SOFT_DELETED], - task_state=[None]) + vm_states.SOFT_DELETED]) def attach_volume(self, context, instance, volume_id, device=None, disk_bus=None, device_type=None): """Attach an existing volume to an existing instance.""" @@ -2836,8 +2831,7 @@ class API(base.Base): @check_instance_lock @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.PAUSED, vm_states.STOPPED, vm_states.RESIZED, - vm_states.SOFT_DELETED], - task_state=[None]) + vm_states.SOFT_DELETED]) def detach_volume(self, context, instance, volume): """Detach a volume from an instance.""" if volume['attach_status'] == 'detached': @@ -2853,8 +2847,7 @@ class API(base.Base): @check_instance_lock @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.PAUSED, vm_states.SUSPENDED, vm_states.STOPPED, - vm_states.RESIZED, vm_states.SOFT_DELETED], - task_state=[None]) + vm_states.RESIZED, vm_states.SOFT_DELETED]) def swap_volume(self, context, instance, old_volume, new_volume): """Swap volume attached to an instance.""" if old_volume['attach_status'] == 'detached': @@ -3047,8 +3040,7 @@ class API(base.Base): host_name, block_migration=block_migration, disk_over_commit=disk_over_commit) - @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.STOPPED], - task_state=[None]) + @check_instance_state(vm_state=[vm_states.ACTIVE, vm_states.STOPPED]) def evacuate(self, context, instance, host, on_shared_storage, admin_password=None): """Running evacuate to target host. debian/patches/protect-against-upgrade-rpc-ver-mismatch.patch0000664000000000000000000000431612764501734021565 0ustar diff --git a/nova/compute/rpcapi.py b/nova/compute/rpcapi.py index 2e39fd9..0b4eabe 100644 --- a/nova/compute/rpcapi.py +++ b/nova/compute/rpcapi.py @@ -816,6 +816,25 @@ class ComputeAPI(object): cctxt = self.client.prepare(server=host, version=version) return cctxt.call(ctxt, 'get_host_uptime') + def _reserve_block_device_name(self, ctxt, instance, device, volume_id, + disk_bus=None, device_type=None): + version = '3.16' + kw = {'instance': instance, 'device': device, + 'volume_id': volume_id, 'disk_bus': disk_bus, + 'device_type': device_type} + + if not self.client.can_send_version(version): + # NOTE(russellb) Havana compat + version = self._get_compat_version('3.0', '2.3') + kw['instance'] = jsonutils.to_primitive( + objects_base.obj_to_primitive(instance)) + del kw['disk_bus'] + del kw['device_type'] + + cctxt = self.client.prepare(server=_compute_host(None, instance), + version=version) + return cctxt.call(ctxt, 'reserve_block_device_name', **kw) + def reserve_block_device_name(self, ctxt, instance, device, volume_id, disk_bus=None, device_type=None): kw = {'instance': instance, 'device': device, @@ -829,7 +848,14 @@ class ComputeAPI(object): cctxt = self.client.prepare(server=_compute_host(None, instance), version=version) - volume_bdm = cctxt.call(ctxt, 'reserve_block_device_name', **kw) + try: + volume_bdm = cctxt.call(ctxt, 'reserve_block_device_name', **kw) + except messaging.rpc.client.RemoteError: + # NOTE(dosaboy): catch rpc api version mismatch (see bug 1506257) + volume_bdm = self._reserve_block_device_name(ctxt, instance, + device, volume_id, + disk_bus, device_type) + if not isinstance(volume_bdm, block_device_obj.BlockDeviceMapping): volume_bdm = block_device_obj.BlockDeviceMapping.get_by_volume_id( ctxt, volume_id) debian/patches/update-run-tests.patch0000664000000000000000000000132712764501734015100 0ustar Description: Update run_tests.sh to show results. Author: Chuck Short Forwarded: Not needed. --- a/run_tests.sh +++ b/run_tests.sh @@ -137,14 +137,7 @@ ${wrapper} python setup.py egg_info fi echo "Running \`${wrapper} $TESTRTESTS\`" - if ${wrapper} which subunit-2to1 2>&1 > /dev/null - then - # subunit-2to1 is present, testr subunit stream should be in version 2 - # format. Convert to version one before colorizing. - bash -c "${wrapper} $TESTRTESTS | ${wrapper} subunit-2to1 | ${wrapper} tools/colorizer.py" - else - bash -c "${wrapper} $TESTRTESTS | ${wrapper} tools/colorizer.py" - fi + bash -c "${wrapper} $TESTRTESTS | ${wrapper} subunit2pyunit" RESULT=$? set -e debian/patches/CVE-2015-5162-3.patch0000664000000000000000000002726513156251271013414 0ustar Backport of: From 6bc37dcceca823998068167b49aec6def3112397 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Mon, 18 Apr 2016 16:32:19 +0000 Subject: [PATCH] virt: set address space & CPU time limits when running qemu-img This uses the new 'prlimit' parameter for oslo.concurrency execute method, to set an address space limit of 1GB and CPU time limit of 2 seconds, when running qemu-img. This is a re-implementation of the previously reverted commit commit da217205f53f9a38a573fb151898fbbeae41021d Author: Tristan Cacqueray Date: Wed Aug 5 17:17:04 2015 +0000 virt: Use preexec_fn to ulimit qemu-img info call NOTE (kchamart) [stable/liberty]: Add a check for the presence of 'ProcessLimits' attribute (which is only present in oslo.concurrency>=2.6.1; and a conditional check for 'prlimit' parameter in qemu_img_info() method. Upstream discussion[1][2] that led to merging this patch to stable/liberty branch. [1] http://lists.openstack.org/pipermail/openstack-dev/2016-September/104091.html [2] http://lists.openstack.org/pipermail/openstack-dev/2016-September/104303.html Closes-Bug: #1449062 Change-Id: I135b5242af1bfdcb0ea09a6fcda21fc03a6fbe7d (cherry picked from commit 068d851561addfefb2b812d91dc2011077cb6e1d) --- nova/tests/unit/virt/libvirt/test_driver.py | 7 ++++-- nova/tests/unit/virt/libvirt/test_utils.py | 27 ++++++++++++++-------- nova/virt/images.py | 16 ++++++++++++- .../apply-limits-to-qemu-img-8813f7a333ebdf69.yaml | 8 +++++++ 4 files changed, 46 insertions(+), 12 deletions(-) create mode 100644 releasenotes/notes/apply-limits-to-qemu-img-8813f7a333ebdf69.yaml Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 11:45:23.529581583 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 11:45:23.529581583 -0400 @@ -4476,7 +4476,8 @@ class LibvirtConnTestCase(test.TestCase) self.mox.StubOutWithMock(utils, "execute") utils.execute('env', 'LC_ALL=C', 'LANG=C', 'qemu-img', 'info', - '/test/disk.local').AndReturn((ret, '')) + '/test/disk.local', prlimit=images.QEMU_IMG_LIMITS, + ).AndReturn((ret, '')) self.mox.ReplayAll() conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) @@ -4588,7 +4589,8 @@ class LibvirtConnTestCase(test.TestCase) self.mox.StubOutWithMock(utils, "execute") utils.execute('env', 'LC_ALL=C', 'LANG=C', 'qemu-img', 'info', - '/test/disk.local').AndReturn((ret, '')) + '/test/disk.local', prlimit=images.QEMU_IMG_LIMITS, + ).AndReturn((ret, '')) self.mox.ReplayAll() conn_info = {'driver_volume_type': 'fake'} @@ -8283,7 +8285,8 @@ class LibvirtUtilsTestCase(test.TestCase rval = ('', '') os.path.exists('/some/path').AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', '/some/path').AndReturn(rval) + 'qemu-img', 'info', '/some/path', + prlimit=images.QEMU_IMG_LIMITS).AndReturn(rval) utils.execute('qemu-img', 'create', '-f', 'qcow2', '-o', 'backing_file=/some/path', '/the/new/cow') @@ -8320,7 +8323,7 @@ class LibvirtUtilsTestCase(test.TestCase self.mox.StubOutWithMock(utils, 'execute') os.path.exists('/some/path').AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', 'qemu-img', 'info', - '/some/path').AndReturn(('''image: 00000001 + '/some/path', prlimit=images.QEMU_IMG_LIMITS).AndReturn(('''image: 00000001 file format: raw virtual size: 4.4M (4592640 bytes) disk size: 4.4M''', '')) Index: nova-2014.1.5/nova/virt/images.py =================================================================== --- nova-2014.1.5.orig/nova/virt/images.py 2017-09-13 11:45:23.529581583 -0400 +++ nova-2014.1.5/nova/virt/images.py 2017-09-13 11:45:23.529581583 -0400 @@ -29,6 +29,8 @@ from nova.openstack.common import fileut from nova.openstack.common.gettextutils import _ from nova.openstack.common import imageutils from nova.openstack.common import log as logging +from nova.openstack.common import units +from nova.openstack.common import processutils from nova import utils LOG = logging.getLogger(__name__) @@ -41,6 +43,16 @@ image_opts = [ CONF = cfg.CONF CONF.register_opts(image_opts) +QEMU_IMG_LIMITS = None + +try: + QEMU_IMG_LIMITS = processutils.ProcessLimits( + cpu_time=2, + address_space=1 * units.Gi) +except Exception: + LOG.error('Please upgrade to oslo.concurrency version ' + '2.6.1 -- this version has fixes for the ' + 'vulnerability CVE-2015-5162.') def qemu_img_info(path): @@ -50,8 +62,11 @@ def qemu_img_info(path): if not os.path.exists(path) and CONF.libvirt.images_type != 'rbd': return imageutils.QemuImgInfo() - out, err = utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path) + cmd = ('env', 'LC_ALL=C', 'LANG=C', 'qemu-img', 'info', path) + if QEMU_IMG_LIMITS is not None: + out, err = utils.execute(*cmd, prlimit=QEMU_IMG_LIMITS) + else: + out, err = utils.execute(*cmd) return imageutils.QemuImgInfo(out) Index: nova-2014.1.5/nova/tests/virt/libvirt/test_image_utils.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_image_utils.py 2017-09-13 11:45:23.529581583 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_image_utils.py 2017-09-13 11:45:23.529581583 -0400 @@ -50,7 +50,8 @@ disk size: 96K self.mox.StubOutWithMock(utils, 'execute') os.path.exists(path).AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path).AndReturn((output, '')) + 'qemu-img', 'info', path, + prlimit=images.QEMU_IMG_LIMITS).AndReturn((output, '')) self.mox.ReplayAll() d_type = libvirt_utils.get_disk_type(path) self.assertEqual(f, d_type) @@ -71,7 +72,8 @@ disk size: 96K self.mox.StubOutWithMock(utils, 'execute') os.path.exists(path).AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path).AndReturn((output, '')) + 'qemu-img', 'info', path, + prlimit=images.QEMU_IMG_LIMITS).AndReturn((output, '')) self.mox.ReplayAll() d_backing = libvirt_utils.get_disk_backing_file(path) self.assertIsNone(d_backing) @@ -97,7 +99,8 @@ disk size: 96K self.mox.StubOutWithMock(utils, 'execute') os.path.exists(path).AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path).AndReturn((output, '')) + 'qemu-img', 'info', path, + prlimit=images.QEMU_IMG_LIMITS).AndReturn((output, '')) self.mox.ReplayAll() d_size = libvirt_utils.get_disk_size(path) self.assertEqual(i, d_size) @@ -111,7 +114,8 @@ disk size: 96K self.mox.StubOutWithMock(utils, 'execute') os.path.exists(path).AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path).AndReturn((output, '')) + 'qemu-img', 'info', path, + prlimit=images.QEMU_IMG_LIMITS).AndReturn((output, '')) self.mox.ReplayAll() d_size = libvirt_utils.get_disk_size(path) self.assertEqual(i, d_size) @@ -130,7 +134,8 @@ blah BLAH: bb self.mox.StubOutWithMock(utils, 'execute') os.path.exists(path).AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path).AndReturn((example_output, '')) + 'qemu-img', 'info', path, + prlimit=images.QEMU_IMG_LIMITS).AndReturn((example_output, '')) self.mox.ReplayAll() image_info = images.qemu_img_info(path) self.assertEqual('disk.config', image_info.image) @@ -152,7 +157,8 @@ backing file: /var/lib/nova/a328c7998805 self.mox.StubOutWithMock(utils, 'execute') os.path.exists(path).AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path).AndReturn((example_output, '')) + 'qemu-img', 'info', path, + prlimit=images.QEMU_IMG_LIMITS).AndReturn((example_output, '')) self.mox.ReplayAll() image_info = images.qemu_img_info(path) self.assertEqual('disk.config', image_info.image) @@ -179,7 +185,8 @@ backing file: /var/lib/nova/a328c7998805 self.mox.StubOutWithMock(utils, 'execute') os.path.exists(path).AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path).AndReturn((example_output, '')) + 'qemu-img', 'info', path, + prlimit=images.QEMU_IMG_LIMITS).AndReturn((example_output, '')) self.mox.ReplayAll() image_info = images.qemu_img_info(path) self.assertEqual('disk.config', image_info.image) @@ -207,7 +214,8 @@ junk stuff: bbb self.mox.StubOutWithMock(utils, 'execute') os.path.exists(path).AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path).AndReturn((example_output, '')) + 'qemu-img', 'info', path, + prlimit=images.QEMU_IMG_LIMITS).AndReturn((example_output, '')) self.mox.ReplayAll() image_info = images.qemu_img_info(path) self.assertEqual('disk.config', image_info.image) @@ -231,7 +239,8 @@ ID TAG VM SIZE self.mox.StubOutWithMock(utils, 'execute') os.path.exists(path).AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path).AndReturn((example_output, '')) + 'qemu-img', 'info', path, + prlimit=images.QEMU_IMG_LIMITS).AndReturn((example_output, '')) self.mox.ReplayAll() image_info = images.qemu_img_info(path) self.assertEqual('disk.config', image_info.image) Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt_utils.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt_utils.py 2017-09-13 11:45:23.529581583 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt_utils.py 2017-09-13 11:45:54.838008056 -0400 @@ -22,6 +22,7 @@ from oslo.config import cfg from nova.openstack.common import processutils from nova import test from nova import utils +from nova.virt import images from nova.virt.libvirt import utils as libvirt_utils CONF = cfg.CONF @@ -41,7 +42,8 @@ blah BLAH: bb self.mox.StubOutWithMock(utils, 'execute') os.path.exists(path).AndReturn(True) utils.execute('env', 'LC_ALL=C', 'LANG=C', - 'qemu-img', 'info', path).AndReturn((example_output, '')) + 'qemu-img', 'info', path, + prlimit=images.QEMU_IMG_LIMITS).AndReturn((example_output, '')) self.mox.ReplayAll() disk_type = libvirt_utils.get_disk_type(path) self.assertEqual(disk_type, 'raw') debian/patches/Detach-iSCSI-latest-path-for-latest-disk.patch0000664000000000000000000001236212764501734021207 0ustar From 030621f36e1508af779764b34baf9915f27e0d4b Mon Sep 17 00:00:00 2001 From: Billy Olsen Date: Thu, 21 Apr 2016 21:00:24 +0000 Subject: [PATCH 4/4] Detach iSCSI latest path for latest disk Forwarded: https://review.openstack.org/#/c/135382/ Bug: https://bugs.launchpad.net/nova/+bug/1374999 The logic responsible to disconnect iscsi volumes wasn't clearing latest path for the latest remaining disk. With this change, latest disk path is removed right before iscsi disk is disconnected. Also, the device descriptor was not removed if the iqn are different and multipath is enabled. Conflicts: nova/tests/virt/libvirt/test_libvirt_volume.py NOTE(wolsen): Conflicts are due to removing additional tests included in stable/juno but not part of this cherry-pick Change-Id: Ib6f6cea40cc3a14a3a443b157d0decba5602bf13 Closes-Bug: 1374999 Closes-Bug: 1452032 (cherry picked from commit 768da20fab6f84a8c34a089767b87924045c905a) (cherry picked from commit 092a88b534f133aaca5f969f69f77ac38b1878fa) --- nova/tests/virt/libvirt/test_libvirt_volume.py | 53 +++++++++++++++++++++++--- nova/virt/libvirt/volume.py | 1 + 2 files changed, 48 insertions(+), 6 deletions(-) --- a/nova/tests/virt/libvirt/test_libvirt_volume.py +++ b/nova/tests/virt/libvirt/test_libvirt_volume.py @@ -364,13 +364,10 @@ self.stubs.Set(libvirt_driver, '_get_multipath_device_name', lambda x: fake_multipath_device) - def fake_disconnect_volume_multipath_iscsi(iscsi_properties, - multipath_device): - if fake_multipath_device != multipath_device: - raise Exception('Invalid multipath_device.') + fake_rm_mp_dev_desc = mock.MagicMock() - self.stubs.Set(libvirt_driver, '_disconnect_volume_multipath_iscsi', - fake_disconnect_volume_multipath_iscsi) + self.stubs.Set(libvirt_driver, '_remove_multipath_device_descriptor', + fake_rm_mp_dev_desc) with mock.patch.object(os.path, 'exists', return_value=True): vol = {'id': 1, 'name': self.name} connection_info = self.iscsi_connection(vol, self.location, @@ -380,6 +377,50 @@ self.assertEqual(fake_multipath_id, connection_info['data']['multipath_id']) libvirt_driver.disconnect_volume(connection_info, "fake") + fake_rm_mp_dev_desc.assert_called_with(fake_multipath_device) + + def test_disconnect_volume_multipath_iscsi_not_in_use(self): + libvirt_driver = volume.LibvirtISCSIVolumeDriver(self.fake_conn) + libvirt_driver.use_multipath = True + self.stubs.Set(libvirt_driver, '_run_iscsiadm_bare', + lambda x, check_exit_code: ('',)) + self.stubs.Set(libvirt_driver, '_rescan_iscsi', lambda: None) + self.stubs.Set(libvirt_driver, '_get_host_device', lambda x: None) + self.stubs.Set(libvirt_driver, '_rescan_multipath', lambda: None) + + fake_multipath_id = 'fake_multipath_id' + fake_multipath_device = '/dev/mapper/%s' % fake_multipath_id + + fake_remove_multipath_device_descriptor = mock.MagicMock() + fake_disconnect_mpath = mock.MagicMock() + + self.stubs.Set(libvirt_driver, '_get_multipath_device_name', + lambda x: fake_multipath_device) + + self.stubs.Set(libvirt_driver, + '_remove_multipath_device_descriptor', + fake_remove_multipath_device_descriptor) + + self.stubs.Set(libvirt_driver, + '_disconnect_mpath', fake_disconnect_mpath) + + self.stubs.Set(libvirt_driver, + '_get_target_portals_from_iscsiadm_output', + lambda x: [[self.location, self.iqn]]) + + with contextlib.nested( + mock.patch.object(os.path, 'exists', return_value=True), + mock.patch.object(libvirt_driver, '_connect_to_iscsi_portal') + ): + vol = {'id': 1, 'name': self.name} + connection_info = self.iscsi_connection(vol, self.location, + self.iqn) + libvirt_driver.connect_volume(connection_info, + self.disk_info) + libvirt_driver.disconnect_volume(connection_info, "fake") + + fake_remove_multipath_device_descriptor.assert_called_with( + fake_multipath_device) def iser_connection(self, volume, location, iqn): return { --- a/nova/virt/libvirt/volume.py +++ b/nova/virt/libvirt/volume.py @@ -460,6 +460,7 @@ if not devices: # disconnect if no other multipath devices + self._remove_multipath_device_descriptor(multipath_device) self._disconnect_mpath(iscsi_properties, ips_iqns) return @@ -480,7 +481,6 @@ if not in_use: # disconnect if no other multipath devices with same iqn self._disconnect_mpath(iscsi_properties, ips_iqns) - return elif multipath_device not in devices: # delete the devices associated w/ the unused multipath self._delete_mpath(iscsi_properties, multipath_device, ips_iqns) debian/patches/disable-websockify-tests.patch0000664000000000000000000000114012764501734016553 0ustar --- a/nova/tests/console/test_websocketproxy.py +++ b/nova/tests/console/test_websocketproxy.py @@ -16,8 +16,13 @@ import mock +import testtools + +try: + from nova.console import websocketproxy +except: + websocketproxy = None -from nova.console import websocketproxy from nova import exception from nova import test from oslo.config import cfg @@ -27,6 +32,7 @@ class NovaProxyRequestHandlerBaseTestCase(test.TestCase): + @testtools.skipIf(websocketproxy is None, "websockify not available") def setUp(self): super(NovaProxyRequestHandlerBaseTestCase, self).setUp() debian/patches/arm-console-patch.patch0000664000000000000000000000107412764501734015167 0ustar diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py index 884050e..0056cec 100644 --- a/nova/virt/libvirt/driver.py +++ b/nova/virt/libvirt/driver.py @@ -3032,7 +3032,7 @@ class LibvirtDriver(driver.ComputeDriver): disk_mapping = disk_info['mapping'] img_meta_prop = image_meta.get('properties', {}) if image_meta else {} - CONSOLE = "console=tty0 console=ttyS0" + CONSOLE = "console=tty0 console=ttyS0 console=ttyAMA0" guest = vconfig.LibvirtConfigGuest() guest.virt_type = CONF.libvirt.virt_type debian/patches/CVE-2015-5162-1.patch0000644000000000000000000003373713156222453013411 0ustar From 994da57713461bb5524e641a93efc0ecd94ef329 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 14 Oct 2016 16:17:58 +0200 Subject: [PATCH] Add prlimit parameter to execute() Add a new oslo_concurrency.prlimit module which is written to be used on the command line: python -m oslo_concurrency.prlimit --rss=RSS -- program arg1 ... This module calls setrlimit() to restrict the resources and then executes the program. Its command line is written to be the same than the Linux prlimit system program. Add a new ProcessLimits class processutils: resource limits on a process. Add an optional prlimit parameter to process_utils.execute(). If the parameter is used, wrap the command through the new oslo_concurrency prlimit wrapper. Linux provides a prlimit command line tool which implements the same feature (and even more), but it requires util-linux v2.21, and OpenStack targets other operating systems like Solaris and FreeBSD. Upstream-Liberty: https://review.openstack.org/#/c/327630/ Resolves: rhbz#1382549 NOTE(vstinner): The backport comes from oslo.concurrency of OSP 6, I edited the patch manually to adapt it to the old nova/openstack/common/ hierarchy and I created a new unit test file. The test_relative_path() unit test was not backported because execute() the env_variables parameter required by the test. Change-Id: Ib40aa62958ab9c157a2bd51d7ff3edb445556285 Related-Bug: 1449062 (cherry-pick from b2e78569c5cabc9582c02aacff1ce2a5e186c3ab) (cherry picked from commit e33f64fc7920bc4c7051f35042237403fddf1f02) Reviewed-on: https://code.engineering.redhat.com/gerrit/87169 Tested-by: RHOS Jenkins Reviewed-by: Kashyap Chamarthy Tested-by: Victor Stinner --- nova/openstack/common/prlimit.py | 89 +++++++++++++++++ nova/openstack/common/processutils.py | 49 +++++++++ nova/tests/openstack_common/__init__.py | 0 nova/tests/openstack_common/test_processutils.py | 122 +++++++++++++++++++++++ 4 files changed, 260 insertions(+) create mode 100644 nova/openstack/common/prlimit.py create mode 100644 nova/tests/openstack_common/__init__.py create mode 100644 nova/tests/openstack_common/test_processutils.py diff --git a/nova/openstack/common/prlimit.py b/nova/openstack/common/prlimit.py new file mode 100644 index 0000000..fa1ef68 --- /dev/null +++ b/nova/openstack/common/prlimit.py @@ -0,0 +1,89 @@ +# Copyright 2016 Red Hat. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import print_function + +import argparse +import os +import resource +import sys + +USAGE_PROGRAM = ('%s -m nova.openstack.common.prlimit' + % os.path.basename(sys.executable)) + +RESOURCES = ( + # argparse argument => resource + ('as', resource.RLIMIT_AS), + ('nofile', resource.RLIMIT_NOFILE), + ('rss', resource.RLIMIT_RSS), +) + + +def parse_args(): + parser = argparse.ArgumentParser(description='prlimit', prog=USAGE_PROGRAM) + parser.add_argument('--as', type=int, + help='Address space limit in bytes') + parser.add_argument('--nofile', type=int, + help='Maximum number of open files') + parser.add_argument('--rss', type=int, + help='Maximum Resident Set Size (RSS) in bytes') + parser.add_argument('program', + help='Program (absolute path)') + parser.add_argument('program_args', metavar="arg", nargs='...', + help='Program parameters') + + args = parser.parse_args() + return args + + +def main(): + args = parse_args() + + program = args.program + if not os.path.isabs(program): + # program uses a relative path: try to find the absolute path + # to the executable + if sys.version_info >= (3, 3): + import shutil + program_abs = shutil.which(program) + else: + import distutils.spawn + program_abs = distutils.spawn.find_executable(program) + if program_abs: + program = program_abs + + for arg_name, rlimit in RESOURCES: + value = getattr(args, arg_name) + if value is None: + continue + try: + resource.setrlimit(rlimit, (value, value)) + except ValueError as exc: + print("%s: failed to set the %s resource limit: %s" + % (USAGE_PROGRAM, arg_name.upper(), exc), + file=sys.stderr) + sys.exit(1) + + try: + os.execv(program, [program] + args.program_args) + except Exception as exc: + print("%s: failed to execute %s: %s" + % (USAGE_PROGRAM, program, exc), + file=sys.stderr) + sys.exit(1) + + +if __name__ == "__main__": + main() diff --git a/nova/openstack/common/processutils.py b/nova/openstack/common/processutils.py index 4ad0a96..4a31171 100644 --- a/nova/openstack/common/processutils.py +++ b/nova/openstack/common/processutils.py @@ -23,6 +23,7 @@ import os import random import shlex import signal +import sys from eventlet.green import subprocess from eventlet import greenthread @@ -81,6 +82,38 @@ def _subprocess_setup(): signal.signal(signal.SIGPIPE, signal.SIG_DFL) +class ProcessLimits(object): + """Resource limits on a process. + + Attributes: + + * address_space: Address space limit in bytes + * number_files: Maximum number of open files. + * resident_set_size: Maximum Resident Set Size (RSS) in bytes + + This object can be used for the *prlimit* parameter of :func:`execute`. + """ + + def __init__(self, **kw): + self.address_space = kw.pop('address_space', None) + self.number_files = kw.pop('number_files', None) + self.resident_set_size = kw.pop('resident_set_size', None) + if kw: + raise ValueError("invalid limits: %s" + % ', '.join(sorted(kw.keys()))) + + def prlimit_args(self): + """Create a list of arguments for the prlimit command line.""" + args = [] + if self.address_space: + args.append('--as=%s' % self.address_space) + if self.number_files: + args.append('--nofile=%s' % self.number_files) + if self.resident_set_size: + args.append('--rss=%s' % self.resident_set_size) + return args + + def execute(*cmd, **kwargs): """Helper method to shell out and execute a command through subprocess. @@ -123,10 +156,17 @@ def execute(*cmd, **kwargs): `processutils.execute` to track process completion asynchronously. :type on_completion: function(:class:`subprocess.Popen`) + :param prlimit: Set resource limits on the child process. See + below for a detailed description. + :type prlimit: :class:`ProcessLimits` :returns: (stdout, stderr) from process execution :raises: :class:`UnknownArgumentError` on receiving unknown arguments :raises: :class:`ProcessExecutionError` + + The *prlimit* parameter can be used to set resource limits on the child + process. If this parameter is used, the child process will be spawned by a + wrapper process which will set limits before spawning the command. """ process_input = kwargs.pop('process_input', None) @@ -140,6 +180,7 @@ def execute(*cmd, **kwargs): loglevel = kwargs.pop('loglevel', logging.DEBUG) on_execute = kwargs.pop('on_execute', None) on_completion = kwargs.pop('on_completion', None) + prlimit = kwargs.pop('prlimit', None) if isinstance(check_exit_code, bool): ignore_exit_code = not check_exit_code @@ -158,6 +199,14 @@ def execute(*cmd, **kwargs): cmd = shlex.split(root_helper) + list(cmd) cmd = map(str, cmd) + + if prlimit: + args = [sys.executable, '-m', 'nova.openstack.common.prlimit'] + args.extend(prlimit.prlimit_args()) + args.append('--') + args.extend(cmd) + cmd = args + sanitized_cmd = strutils.mask_password(' '.join(cmd)) while attempts > 0: diff --git a/nova/tests/openstack_common/__init__.py b/nova/tests/openstack_common/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/nova/tests/openstack_common/test_processutils.py b/nova/tests/openstack_common/test_processutils.py new file mode 100644 index 0000000..4822539 --- /dev/null +++ b/nova/tests/openstack_common/test_processutils.py @@ -0,0 +1,122 @@ +# Copyright 2011 OpenStack Foundation. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import print_function + +import os +import resource +import sys + +from nova.openstack.common import processutils +from nova import test + + +class PrlimitTestCase(test.TestCase): + # Simply program that does nothing and returns an exit code 0. + # Use Python to be portable. + SIMPLE_PROGRAM = [sys.executable, '-c', 'pass'] + + def soft_limit(self, res, substract, default_limit): + # Create a new soft limit for a resource, lower than the current + # soft limit. + soft_limit, hard_limit = resource.getrlimit(res) + if soft_limit < 0: + soft_limit = default_limit + else: + soft_limit -= substract + return soft_limit + + def memory_limit(self, res): + # Substract 1 kB just to get a different limit. Don't substract too + # much to avoid memory allocation issues. + # + # Use 1 GB by default. Limit high enough to be able to load shared + # libraries. Limit low enough to be work on 32-bit platforms. + return self.soft_limit(res, 1024, 1024 ** 3) + + def limit_address_space(self): + max_memory = self.memory_limit(resource.RLIMIT_AS) + return processutils.ProcessLimits(address_space=max_memory) + + def test_simple(self): + # Simple test running a program (/bin/true) with no parameter + prlimit = self.limit_address_space() + stdout, stderr = processutils.execute(*self.SIMPLE_PROGRAM, + prlimit=prlimit) + self.assertEqual(stdout.rstrip(), '') + self.assertEqual(stderr.rstrip(), '') + + def check_limit(self, prlimit, resource, value): + code = ';'.join(('import resource', + 'print(resource.getrlimit(resource.%s))' % resource)) + args = [sys.executable, '-c', code] + stdout, stderr = processutils.execute(*args, prlimit=prlimit) + expected = (value, value) + self.assertEqual(stdout.rstrip(), str(expected)) + + def test_address_space(self): + prlimit = self.limit_address_space() + self.check_limit(prlimit, 'RLIMIT_AS', prlimit.address_space) + + def test_resident_set_size(self): + max_memory = self.memory_limit(resource.RLIMIT_RSS) + prlimit = processutils.ProcessLimits(resident_set_size=max_memory) + self.check_limit(prlimit, 'RLIMIT_RSS', max_memory) + + def test_number_files(self): + nfiles = self.soft_limit(resource.RLIMIT_NOFILE, 1, 1024) + prlimit = processutils.ProcessLimits(number_files=nfiles) + self.check_limit(prlimit, 'RLIMIT_NOFILE', nfiles) + + def test_unsupported_prlimit(self): + self.assertRaises(ValueError, processutils.ProcessLimits, xxx=33) + + def test_execv_error(self): + prlimit = self.limit_address_space() + args = ['/missing_path/dont_exist/program'] + try: + processutils.execute(*args, prlimit=prlimit) + except processutils.ProcessExecutionError as exc: + self.assertEqual(exc.exit_code, 1) + self.assertEqual(exc.stdout, '') + expected = ('%s -m nova.openstack.common.prlimit: ' + 'failed to execute /missing_path/dont_exist/program: ' + % os.path.basename(sys.executable)) + self.assertIn(expected, exc.stderr) + else: + self.fail("ProcessExecutionError not raised") + + def test_setrlimit_error(self): + prlimit = self.limit_address_space() + + # trying to set a limit higher than the current hard limit + # with setrlimit() should fail. + higher_limit = prlimit.address_space + 1024 + + args = [sys.executable, '-m', 'nova.openstack.common.prlimit', + '--as=%s' % higher_limit, + '--'] + args.extend(self.SIMPLE_PROGRAM) + try: + processutils.execute(*args, prlimit=prlimit) + except processutils.ProcessExecutionError as exc: + self.assertEqual(exc.exit_code, 1) + self.assertEqual(exc.stdout, '') + expected = ('%s -m nova.openstack.common.prlimit: ' + 'failed to set the AS resource limit: ' + % os.path.basename(sys.executable)) + self.assertIn(expected, exc.stderr) + else: + self.fail("ProcessExecutionError not raised") debian/patches/fix-creating-bdm-for-failed-volume-attachment.patch0000664000000000000000000004166612764501734022447 0ustar From f2061f0b6e94cf364ff565366ab71dfcc68cd2ef Mon Sep 17 00:00:00 2001 From: git-harry Date: Mon, 4 Aug 2014 15:17:29 +0100 Subject: [PATCH] Fix creating bdm for failed volume attachment This commit modifies the reserve_block_device_name method to return the bdm object, when the corresponding keyword argument is True. This ensures the correct bdm is destroyed if the attach fails. Currently the code assumes only one bdm per volume and so retrieving it can cause the incorrect db entry to be returned. Closes-Bug: #1349888 (cherry picked from commit 339a97d0f2d17f531cfc79e09cd8b8bc75ce6e2a) Conflicts: nova/compute/api.py nova/compute/manager.py nova/compute/rpcapi.py nova/tests/compute/test_compute.py nova/tests/compute/test_rpcapi.py nova/tests/integrated/v3/test_extended_volumes.py Change-Id: I22a6db76d2044331d1a846eb4b6d7338c50270e2 --- nova/compute/api.py | 10 ++--- nova/compute/manager.py | 10 +++-- nova/compute/rpcapi.py | 45 +++++++++++++++++------ nova/tests/compute/test_compute.py | 35 +++++++++--------- nova/tests/compute/test_rpcapi.py | 20 +++++----- nova/tests/integrated/test_api_samples.py | 6 ++- nova/tests/integrated/v3/test_extended_volumes.py | 8 ++-- 7 files changed, 80 insertions(+), 54 deletions(-) diff --git a/nova/compute/api.py b/nova/compute/api.py index fd15df6..5605728 100644 --- a/nova/compute/api.py +++ b/nova/compute/api.py @@ -2786,11 +2786,9 @@ class API(base.Base): # the same time. When db access is removed from # compute, the bdm will be created here and we will # have to make sure that they are assigned atomically. - device = self.compute_rpcapi.reserve_block_device_name( - context, device=device, instance=instance, volume_id=volume_id, - disk_bus=disk_bus, device_type=device_type) - volume_bdm = block_device_obj.BlockDeviceMapping.get_by_volume_id( - context, volume_id) + volume_bdm = self.compute_rpcapi.reserve_block_device_name( + context, instance, device, volume_id, disk_bus=disk_bus, + device_type=device_type) try: volume = self.volume_api.get(context, volume_id) self.volume_api.check_attach(context, volume, instance=instance) @@ -2801,7 +2799,7 @@ class API(base.Base): with excutils.save_and_reraise_exception(): volume_bdm.destroy(context) - return device + return volume_bdm.device_name @wrap_check_policy @check_instance_lock diff --git a/nova/compute/manager.py b/nova/compute/manager.py index 6c49a64..aace5c2 100644 --- a/nova/compute/manager.py +++ b/nova/compute/manager.py @@ -586,7 +586,7 @@ class ComputeVirtAPI(virtapi.VirtAPI): class ComputeManager(manager.Manager): """Manages the running instances from creation to destruction.""" - target = messaging.Target(version='3.23') + target = messaging.Target(version='3.35') # How long to wait in seconds before re-issuing a shutdown # signal to a instance during power off. The overall @@ -4226,7 +4226,8 @@ class ComputeManager(manager.Manager): @reverts_task_state @wrap_instance_fault def reserve_block_device_name(self, context, instance, device, - volume_id, disk_bus=None, device_type=None): + volume_id, disk_bus=None, device_type=None, + return_bdm_object=False): # NOTE(ndipanov): disk_bus and device_type will be set to None if not # passed (by older clients) and defaulted by the virt driver. Remove # default values on the next major RPC version bump. @@ -4249,7 +4250,10 @@ class ComputeManager(manager.Manager): disk_bus=disk_bus, device_type=device_type) bdm.create(context) - return device_name + if return_bdm_object: + return bdm + else: + return device_name return do_reserve() diff --git a/nova/compute/rpcapi.py b/nova/compute/rpcapi.py index a1adfbf..2e39fd9 100644 --- a/nova/compute/rpcapi.py +++ b/nova/compute/rpcapi.py @@ -22,6 +22,7 @@ from oslo import messaging from nova import block_device from nova import exception from nova.objects import base as objects_base +from nova.objects import block_device as block_device_obj from nova.openstack.common.gettextutils import _ from nova.openstack.common import jsonutils from nova import rpc @@ -241,6 +242,28 @@ class ComputeAPI(object): 3.21 - Made rebuild take new-world BDM objects 3.22 - Made terminate_instance take new-world BDM objects 3.23 - Added external_instance_event() + build_and_run_instance was added in Havana and not used or + documented. + + ... Icehouse supports message version 3.23. So, any changes to + existing methods in 3.x after that point should be done such that they + can handle the version_cap being set to 3.23. + + 3.24 - Update rescue_instance() to take optional rescue_image_ref + 3.25 - Make detach_volume take an object + 3.26 - Make live_migration() and + rollback_live_migration_at_destination() take an object + ... Removed run_instance() + 3.27 - Make run_instance() accept a new-world object + 3.28 - Update get_console_output() to accept a new-world object + 3.29 - Make check_instance_shared_storage accept a new-world object + 3.30 - Make remove_volume_connection() accept a new-world object + 3.31 - Add get_instance_diagnostics + 3.32 - Add destroy_disks and migrate_data optional parameters to + rollback_live_migration_at_destination() + 3.33 - Make build_and_run_instance() take a NetworkRequestList object + 3.34 - Add get_serial_console method + 3.35 - Make reserve_block_device_name return a BDM object ''' VERSION_ALIASES = { @@ -795,22 +818,22 @@ class ComputeAPI(object): def reserve_block_device_name(self, ctxt, instance, device, volume_id, disk_bus=None, device_type=None): - version = '3.16' kw = {'instance': instance, 'device': device, 'volume_id': volume_id, 'disk_bus': disk_bus, - 'device_type': device_type} - - if not self.client.can_send_version(version): - # NOTE(russellb) Havana compat - version = self._get_compat_version('3.0', '2.3') - kw['instance'] = jsonutils.to_primitive( - objects_base.obj_to_primitive(instance)) - del kw['disk_bus'] - del kw['device_type'] + 'device_type': device_type, 'return_bdm_object': True} + if self.client.can_send_version('3.35'): + version = '3.35' + else: + del kw['return_bdm_object'] + version = '3.16' cctxt = self.client.prepare(server=_compute_host(None, instance), version=version) - return cctxt.call(ctxt, 'reserve_block_device_name', **kw) + volume_bdm = cctxt.call(ctxt, 'reserve_block_device_name', **kw) + if not isinstance(volume_bdm, block_device_obj.BlockDeviceMapping): + volume_bdm = block_device_obj.BlockDeviceMapping.get_by_volume_id( + ctxt, volume_id) + return volume_bdm def backup_instance(self, ctxt, instance, image_id, backup_type, rotation): diff --git a/nova/tests/compute/test_compute.py b/nova/tests/compute/test_compute.py index 9fd2603..1642fc5 100644 --- a/nova/tests/compute/test_compute.py +++ b/nova/tests/compute/test_compute.py @@ -1731,7 +1731,8 @@ class ComputeTestCase(BaseTestCase): bdms = [] - def fake_rpc_reserve_block_device_name(self, context, **kwargs): + def fake_rpc_reserve_block_device_name(self, context, instance, device, + volume_id, **kwargs): bdm = block_device_obj.BlockDeviceMapping( **{'source_type': 'volume', 'destination_type': 'volume', @@ -1740,6 +1741,7 @@ class ComputeTestCase(BaseTestCase): 'device_name': '/dev/vdc'}) bdm.create(context) bdms.append(bdm) + return bdm self.stubs.Set(cinder.API, 'get', fake_volume_get) self.stubs.Set(cinder.API, 'check_attach', fake_check_attach) @@ -8760,6 +8762,10 @@ class ComputeAPITestCase(BaseTestCase): fake_bdm = fake_block_device.FakeDbBlockDeviceDict( {'source_type': 'volume', 'destination_type': 'volume', 'volume_id': 'fake-volume-id', 'device_name': '/dev/vdb'}) + bdm = block_device_obj.BlockDeviceMapping()._from_db_object( + self.context, + block_device_obj.BlockDeviceMapping(), + fake_bdm) instance = self._create_fake_instance() fake_volume = {'id': 'fake-volume-id'} @@ -8768,23 +8774,18 @@ class ComputeAPITestCase(BaseTestCase): mock.patch.object(cinder.API, 'check_attach'), mock.patch.object(cinder.API, 'reserve_volume'), mock.patch.object(compute_rpcapi.ComputeAPI, - 'reserve_block_device_name', return_value='/dev/vdb'), - mock.patch.object(db, 'block_device_mapping_get_by_volume_id', - return_value=fake_bdm), + 'reserve_block_device_name', return_value=bdm), mock.patch.object(compute_rpcapi.ComputeAPI, 'attach_volume') ) as (mock_get, mock_check_attach, mock_reserve_vol, mock_reserve_bdm, - mock_bdm_get, mock_attach): + mock_attach): self.compute_api.attach_volume( self.context, instance, 'fake-volume-id', '/dev/vdb', 'ide', 'cdrom') mock_reserve_bdm.assert_called_once_with( - self.context, device='/dev/vdb', instance=instance, - volume_id='fake-volume-id', disk_bus='ide', - device_type='cdrom') - mock_bdm_get.assert_called_once_with( - self.context, 'fake-volume-id', []) + self.context, instance, '/dev/vdb', 'fake-volume-id', + disk_bus='ide', device_type='cdrom') self.assertEqual(mock_get.call_args, mock.call(self.context, 'fake-volume-id')) self.assertEqual(mock_check_attach.call_args, @@ -8815,8 +8816,12 @@ class ComputeAPITestCase(BaseTestCase): def fake_rpc_attach_volume(self, context, **kwargs): called['fake_rpc_attach_volume'] = True - def fake_rpc_reserve_block_device_name(self, context, **kwargs): + def fake_rpc_reserve_block_device_name(self, context, instance, device, + volume_id, **kwargs): called['fake_rpc_reserve_block_device_name'] = True + bdm = block_device_obj.BlockDeviceMapping() + bdm['device_name'] = '/dev/vdb' + return bdm self.stubs.Set(cinder.API, 'get', fake_volume_get) self.stubs.Set(cinder.API, 'check_attach', fake_check_attach) @@ -8828,17 +8833,11 @@ class ComputeAPITestCase(BaseTestCase): self.stubs.Set(compute_rpcapi.ComputeAPI, 'attach_volume', fake_rpc_attach_volume) - self.mox.StubOutWithMock(block_device_obj.BlockDeviceMapping, - 'get_by_volume_id') - block_device_obj.BlockDeviceMapping.get_by_volume_id( - self.context, mox.IgnoreArg()).AndReturn('fake-bdm') - self.mox.ReplayAll() - instance = self._create_fake_instance() self.compute_api.attach_volume(self.context, instance, 1, device=None) self.assertTrue(called.get('fake_check_attach')) self.assertTrue(called.get('fake_reserve_volume')) - self.assertTrue(called.get('fake_reserve_volume')) + self.assertTrue(called.get('fake_volume_get')) self.assertTrue(called.get('fake_rpc_reserve_block_device_name')) self.assertTrue(called.get('fake_rpc_attach_volume')) diff --git a/nova/tests/compute/test_rpcapi.py b/nova/tests/compute/test_rpcapi.py index d4026ea..1a2b9f5 100644 --- a/nova/tests/compute/test_rpcapi.py +++ b/nova/tests/compute/test_rpcapi.py @@ -24,6 +24,7 @@ from oslo.config import cfg from nova.compute import rpcapi as compute_rpcapi from nova import context from nova import db +from nova.objects import block_device as objects_block_dev from nova.openstack.common import jsonutils from nova import test from nova.tests import fake_block_device @@ -88,7 +89,13 @@ class ComputeRpcAPITestCase(test.TestCase): rpc_mock, prepare_mock, csv_mock ): prepare_mock.return_value = rpcapi.client - rpc_mock.return_value = 'foo' if rpc_method == 'call' else None + if 'return_bdm_object' in kwargs: + del kwargs['return_bdm_object'] + rpc_mock.return_value = objects_block_dev.BlockDeviceMapping() + elif rpc_method == 'call': + rpc_mock.return_value = 'foo' + else: + rpc_mock.return_value = None csv_mock.side_effect = ( lambda v: orig_prepare(version=v).can_send_version()) @@ -495,14 +502,9 @@ class ComputeRpcAPITestCase(test.TestCase): def test_reserve_block_device_name(self): self._test_compute_api('reserve_block_device_name', 'call', - instance=self.fake_instance, device='device', volume_id='id', - disk_bus='ide', device_type='cdrom', version='3.16') - - # NOTE(russellb) Havana compat - self.flags(compute='havana', group='upgrade_levels') - self._test_compute_api('reserve_block_device_name', 'call', - instance=self.fake_instance, device='device', volume_id='id', - version='2.3') + instance=self.fake_instance, device='device', + volume_id='id', disk_bus='ide', device_type='cdrom', + version='3.35', return_bdm_object=True) def refresh_provider_fw_rules(self): self._test_compute_api('refresh_provider_fw_rules', 'cast', diff --git a/nova/tests/integrated/test_api_samples.py b/nova/tests/integrated/test_api_samples.py index 3098aff..b2eb41b 100644 --- a/nova/tests/integrated/test_api_samples.py +++ b/nova/tests/integrated/test_api_samples.py @@ -3855,13 +3855,15 @@ class VolumeAttachmentsSampleJsonTest(VolumeAttachmentsSampleBase): extension_name = ("nova.api.openstack.compute.contrib.volumes.Volumes") def test_attach_volume_to_server(self): - device_name = '/dev/vdd' self.stubs.Set(cinder.API, 'get', fakes.stub_volume_get) self.stubs.Set(cinder.API, 'check_attach', lambda *a, **k: None) self.stubs.Set(cinder.API, 'reserve_volume', lambda *a, **k: None) + device_name = '/dev/vdd' + bdm = block_device_obj.BlockDeviceMapping() + bdm['device_name'] = device_name self.stubs.Set(compute_manager.ComputeManager, "reserve_block_device_name", - lambda *a, **k: device_name) + lambda *a, **k: bdm) self.stubs.Set(compute_manager.ComputeManager, 'attach_volume', lambda *a, **k: None) diff --git a/nova/tests/integrated/v3/test_extended_volumes.py b/nova/tests/integrated/v3/test_extended_volumes.py index 22e0479..9f24208 100644 --- a/nova/tests/integrated/v3/test_extended_volumes.py +++ b/nova/tests/integrated/v3/test_extended_volumes.py @@ -78,20 +78,18 @@ class ExtendedVolumesSampleJsonTests(test_servers.ServersSampleBase): self._verify_response('servers-detail-resp', subs, response, 200) def test_attach_volume(self): + bdm = block_device_obj.BlockDeviceMapping() device_name = '/dev/vdd' - disk_bus = 'ide' - device_type = 'cdrom' + bdm['device_name'] = device_name self.stubs.Set(cinder.API, 'get', fakes.stub_volume_get) self.stubs.Set(cinder.API, 'check_attach', lambda *a, **k: None) self.stubs.Set(cinder.API, 'reserve_volume', lambda *a, **k: None) self.stubs.Set(compute_manager.ComputeManager, "reserve_block_device_name", - lambda *a, **k: device_name) + lambda *a, **k: bdm) self.stubs.Set(compute_manager.ComputeManager, 'attach_volume', lambda *a, **k: None) - self.stubs.Set(block_device_obj.BlockDeviceMapping, 'get_by_volume_id', - classmethod(lambda *a, **k: None)) volume = fakes.stub_volume_get(None, context.get_admin_context(), 'a26887c6-c47b-4654-abb5-dfadf7d3f803') -- 1.9.1 debian/patches/clean-shutdown.patch0000664000000000000000000005150212764501734014607 0ustar commit 879bbcf902c7a8ba0b3c58660b461f5b4918834e Author: Phil Day Date: Fri Jan 24 15:43:20 2014 +0000 Power off commands should give guests a chance to shutdown Currently in libvirt operations which power off an instance such as stop, shelve, rescue, and resize simply destroy the underlying VM. Some GuestOS's do not react well to this type of power failure, and so it would be better if these operations followed the same approach as soft_reboot and give the guest as chance to shutdown gracefully. The shutdown behavior is defined by two values: - shutdown_timeout defines the overall period a Guest is allowed to complete it's shutdown. The default valus is set via nova.conf and can be overridden on a per image basis by image metadata allowing different types of guest OS to specify how long they need to shutdown cleanly. - shutdown_retry_interval defines how frequently within that period the Guest will be signaled to shutdown. This is a protection against guests that may not be ready to process the shutdown signal when it is first issued. (e.g. still booting). This is defined as a constant. This is one of a set of changes that will eventually expose the choice of whether to give the GuestOS a chance to shutdown via the API. This change implements the libvirt changes to power_off() and adds a clean shutdown to compute.manager.stop(). Subsequent patches will: - Add clean shutdown to Shelve - Add clean shutdown to Rescue - Convert soft_reboot to use the same approach - Expose clean shutdown via rpcapi - Expose clean shutdown via API Partially-Implements: blueprint user-defined-shutdown Closes-Bug: #1196924 DocImpact Conflicts: nova/compute/manager.py nova/tests/virt/test_ironic_api_contracts.py Change-Id: I432b0b0c09db82797f28deb5617f02ee45a4278c (cherry picked from commit c07ed15415c0ec3c5862f437f440632eff1e94df) diff --git a/nova/compute/manager.py b/nova/compute/manager.py index 990b92f..e27103f 100644 --- a/nova/compute/manager.py +++ b/nova/compute/manager.py @@ -183,6 +183,10 @@ timeout_opts = [ default=0, help="Automatically confirm resizes after N seconds. " "Set to 0 to disable."), + cfg.IntOpt("shutdown_timeout", + default=60, + help="Total amount of time to wait in seconds for an instance " + "to perform a clean shutdown."), ] running_deleted_opts = [ @@ -575,6 +579,11 @@ class ComputeManager(manager.Manager): target = messaging.Target(version='3.23') + # How long to wait in seconds before re-issuing a shutdown + # signal to a instance during power off. The overall + # time to wait is set by CONF.shutdown_timeout. + SHUTDOWN_RETRY_INTERVAL = 10 + def __init__(self, compute_driver=None, *args, **kwargs): """Load configuration options and connect to the hypervisor.""" self.virtapi = ComputeVirtAPI(self) @@ -2137,6 +2146,25 @@ class ComputeManager(manager.Manager): instance=instance) self._set_instance_error_state(context, instance['uuid']) + def _get_power_off_values(self, context, instance, clean_shutdown): + """Get the timing configuration for powering down this instance.""" + if clean_shutdown: + timeout = compute_utils.get_value_from_system_metadata(instance, + key='image_os_shutdown_timeout', type=int, + default=CONF.shutdown_timeout) + retry_interval = self.SHUTDOWN_RETRY_INTERVAL + else: + timeout = 0 + retry_interval = 0 + + return timeout, retry_interval + + def _power_off_instance(self, context, instance, clean_shutdown=True): + """Power off an instance on this host.""" + timeout, retry_interval = self._get_power_off_values(context, + instance, clean_shutdown) + self.driver.power_off(instance, timeout, retry_interval) + def _shutdown_instance(self, context, instance, bdms, requested_networks=None, notify=True): """Shutdown an instance on this host.""" @@ -2308,16 +2336,23 @@ class ComputeManager(manager.Manager): @reverts_task_state @wrap_instance_event @wrap_instance_fault - def stop_instance(self, context, instance): + def stop_instance(self, context, instance, clean_shutdown=True): """Stopping an instance on this host.""" - self._notify_about_instance_usage(context, instance, "power_off.start") - self.driver.power_off(instance) - current_power_state = self._get_power_state(context, instance) - instance.power_state = current_power_state - instance.vm_state = vm_states.STOPPED - instance.task_state = None - instance.save(expected_task_state=task_states.POWERING_OFF) - self._notify_about_instance_usage(context, instance, "power_off.end") + + @utils.synchronized(instance.uuid) + def do_stop_instance(): + self._notify_about_instance_usage(context, instance, + "power_off.start") + self._power_off_instance(context, instance, clean_shutdown) + current_power_state = self._get_power_state(context, instance) + instance.power_state = current_power_state + instance.vm_state = vm_states.STOPPED + instance.task_state = None + instance.save(expected_task_state=task_states.POWERING_OFF) + self._notify_about_instance_usage(context, instance, + "power_off.end") + + do_stop_instance() def _power_on(self, context, instance): network_info = self._get_instance_nw_info(context, instance) diff --git a/nova/compute/utils.py b/nova/compute/utils.py index 119510c..ced00eb 100644 --- a/nova/compute/utils.py +++ b/nova/compute/utils.py @@ -267,6 +267,25 @@ def get_image_metadata(context, image_service, image_id, instance): return utils.get_image_from_system_metadata(system_meta) +def get_value_from_system_metadata(instance, key, type, default): + """Get a value of a specified type from image metadata. + + @param instance: The instance object + @param key: The name of the property to get + @param type: The python type the value is be returned as + @param default: The value to return if key is not set or not the right type + """ + value = instance.system_metadata.get(key, default) + try: + return type(value) + except ValueError: + LOG.warning(_("Metadata value %(value)s for %(key)s is not of " + "type %(type)s. Using default value %(default)s."), + {'value': value, 'key': key, 'type': type, + 'default': default}, instance=instance) + return default + + def notify_usage_exists(notifier, context, instance_ref, current_period=False, ignore_missing_network_data=True, system_metadata=None, extra_usage_info=None): diff --git a/nova/tests/api/ec2/test_cloud.py b/nova/tests/api/ec2/test_cloud.py index 00ea03e..9d037cf 100644 --- a/nova/tests/api/ec2/test_cloud.py +++ b/nova/tests/api/ec2/test_cloud.py @@ -2449,7 +2449,8 @@ class CloudTestCase(test.TestCase): self.stubs.Set(fake_virt.FakeDriver, 'power_on', fake_power_on) - def fake_power_off(self, instance): + def fake_power_off(self, instance, + shutdown_timeout, shutdown_attempts): virt_driver['powered_off'] = True self.stubs.Set(fake_virt.FakeDriver, 'power_off', fake_power_off) diff --git a/nova/tests/compute/test_compute.py b/nova/tests/compute/test_compute.py index b126a52..cb680f3 100644 --- a/nova/tests/compute/test_compute.py +++ b/nova/tests/compute/test_compute.py @@ -2064,7 +2064,8 @@ class ComputeTestCase(BaseTestCase): called = {'power_off': False} - def fake_driver_power_off(self, instance): + def fake_driver_power_off(self, instance, + shutdown_timeout, shutdown_attempts): called['power_off'] = True self.stubs.Set(nova.virt.fake.FakeDriver, 'power_off', diff --git a/nova/tests/compute/test_compute_utils.py b/nova/tests/compute/test_compute_utils.py index 2304e95..7415f46 100644 --- a/nova/tests/compute/test_compute_utils.py +++ b/nova/tests/compute/test_compute_utils.py @@ -711,6 +711,28 @@ class ComputeGetImageMetadataTestCase(test.TestCase): self.assertThat(expected, matchers.DictMatches(image_meta)) +class ComputeUtilsGetValFromSysMetadata(test.TestCase): + + def test_get_value_from_system_metadata(self): + instance = fake_instance.fake_instance_obj('fake-context') + system_meta = {'int_val': 1, + 'int_string': '2', + 'not_int': 'Nope'} + instance.system_metadata = system_meta + + result = compute_utils.get_value_from_system_metadata( + instance, 'int_val', int, 0) + self.assertEqual(1, result) + + result = compute_utils.get_value_from_system_metadata( + instance, 'int_string', int, 0) + self.assertEqual(2, result) + + result = compute_utils.get_value_from_system_metadata( + instance, 'not_int', int, 0) + self.assertEqual(0, result) + + class ComputeUtilsGetNWInfo(test.TestCase): def test_instance_object_none_info_cache(self): inst = fake_instance.fake_instance_obj('fake-context', diff --git a/nova/tests/virt/libvirt/test_libvirt.py b/nova/tests/virt/libvirt/test_libvirt.py index 2478e8e..ed1c8e8 100644 --- a/nova/tests/virt/libvirt/test_libvirt.py +++ b/nova/tests/virt/libvirt/test_libvirt.py @@ -5608,6 +5608,82 @@ class LibvirtConnTestCase(test.TestCase): conn._hard_reboot(self.context, instance, network_info, block_device_info) + def _test_clean_shutdown(self, seconds_to_shutdown, + timeout, retry_interval, + shutdown_attempts, succeeds): + info_tuple = ('fake', 'fake', 'fake', 'also_fake') + shutdown_count = [] + + def count_shutdowns(): + shutdown_count.append("shutdown") + + # Mock domain + mock_domain = self.mox.CreateMock(libvirt.virDomain) + + mock_domain.info().AndReturn( + (libvirt_driver.VIR_DOMAIN_RUNNING,) + info_tuple) + mock_domain.shutdown().WithSideEffects(count_shutdowns) + + retry_countdown = retry_interval + for x in xrange(min(seconds_to_shutdown, timeout)): + mock_domain.info().AndReturn( + (libvirt_driver.VIR_DOMAIN_RUNNING,) + info_tuple) + if retry_countdown == 0: + mock_domain.shutdown().WithSideEffects(count_shutdowns) + retry_countdown = retry_interval + else: + retry_countdown -= 1 + + if seconds_to_shutdown < timeout: + mock_domain.info().AndReturn( + (libvirt_driver.VIR_DOMAIN_SHUTDOWN,) + info_tuple) + + self.mox.ReplayAll() + + def fake_lookup_by_name(instance_name): + return mock_domain + + def fake_create_domain(**kwargs): + self.reboot_create_called = True + + conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) + instance = {"name": "instancename", "id": "instanceid", + "uuid": "875a8070-d0b9-4949-8b31-104d125c9a64"} + self.stubs.Set(conn, '_lookup_by_name', fake_lookup_by_name) + self.stubs.Set(conn, '_create_domain', fake_create_domain) + result = conn._clean_shutdown(instance, timeout, retry_interval) + + self.assertEqual(succeeds, result) + self.assertEqual(shutdown_attempts, len(shutdown_count)) + + def test_clean_shutdown_first_time(self): + self._test_clean_shutdown(seconds_to_shutdown=2, + timeout=5, + retry_interval=3, + shutdown_attempts=1, + succeeds=True) + + def test_clean_shutdown_with_retry(self): + self._test_clean_shutdown(seconds_to_shutdown=4, + timeout=5, + retry_interval=3, + shutdown_attempts=2, + succeeds=True) + + def test_clean_shutdown_failure(self): + self._test_clean_shutdown(seconds_to_shutdown=6, + timeout=5, + retry_interval=3, + shutdown_attempts=2, + succeeds=False) + + def test_clean_shutdown_no_wait(self): + self._test_clean_shutdown(seconds_to_shutdown=6, + timeout=0, + retry_interval=3, + shutdown_attempts=1, + succeeds=False) + def test_resume(self): dummyxml = ("instance-0000000a" "" diff --git a/nova/virt/baremetal/driver.py b/nova/virt/baremetal/driver.py index c1de148..b24e50a 100644 --- a/nova/virt/baremetal/driver.py +++ b/nova/virt/baremetal/driver.py @@ -399,8 +399,9 @@ class BareMetalDriver(driver.ComputeDriver): """Cleanup after instance being destroyed.""" pass - def power_off(self, instance, node=None): + def power_off(self, instance, timeout=0, retry_interval=0, node=None): """Power off the specified instance.""" + # TODO(PhilDay): Add support for timeout (clean shutdown) if not node: node = _get_baremetal_node_by_instance_uuid(instance['uuid']) pm = get_power_manager(node=node, instance=instance) diff --git a/nova/virt/driver.py b/nova/virt/driver.py index 2fc95cc..2db2964 100644 --- a/nova/virt/driver.py +++ b/nova/virt/driver.py @@ -579,10 +579,13 @@ class ComputeDriver(object): # TODO(Vek): Need to pass context in for access to auth_token raise NotImplementedError() - def power_off(self, instance): + def power_off(self, instance, timeout=0, retry_interval=0): """Power off the specified instance. :param instance: nova.objects.instance.Instance + :param timeout: time to wait for GuestOS to shutdown + :param retry_interval: How often to signal guest while + waiting for it to shutdown """ raise NotImplementedError() diff --git a/nova/virt/fake.py b/nova/virt/fake.py index ea175cb..19d81a8 100644 --- a/nova/virt/fake.py +++ b/nova/virt/fake.py @@ -179,7 +179,7 @@ class FakeDriver(driver.ComputeDriver): block_device_info=None): pass - def power_off(self, instance): + def power_off(self, instance, shutdown_timeout=0, shutdown_attempts=0): pass def power_on(self, context, instance, network_info, block_device_info): diff --git a/nova/virt/hyperv/driver.py b/nova/virt/hyperv/driver.py index 566a9a2..e975cf7 100644 --- a/nova/virt/hyperv/driver.py +++ b/nova/virt/hyperv/driver.py @@ -111,7 +111,8 @@ class HyperVDriver(driver.ComputeDriver): def resume(self, context, instance, network_info, block_device_info=None): self._vmops.resume(instance) - def power_off(self, instance): + def power_off(self, instance, timeout=0, retry_interval=0): + # TODO(PhilDay): Add support for timeout (clean shutdown) self._vmops.power_off(instance) def power_on(self, context, instance, network_info, diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py index 43f4762..7cddad3 100644 --- a/nova/virt/libvirt/driver.py +++ b/nova/virt/libvirt/driver.py @@ -45,6 +45,7 @@ import glob import mmap import os import shutil +import six import socket import sys import tempfile @@ -2157,8 +2158,85 @@ class LibvirtDriver(driver.ComputeDriver): dom = self._lookup_by_name(instance['name']) dom.resume() - def power_off(self, instance): + def _clean_shutdown(self, instance, timeout, retry_interval): + """Attempt to shutdown the instance gracefully. + + :param instance: The instance to be shutdown + :param timeout: How long to wait in seconds for the instance to + shutdown + :param retry_interval: How often in seconds to signal the instance + to shutdown while waiting + + :returns: True if the shutdown succeeded + """ + + # List of states that represent a shutdown instance + SHUTDOWN_STATES = [power_state.SHUTDOWN, + power_state.CRASHED] + + try: + dom = self._lookup_by_name(instance["name"]) + except exception.InstanceNotFound: + # If the instance has gone then we don't need to + # wait for it to shutdown + return True + + (state, _max_mem, _mem, _cpus, _t) = dom.info() + state = LIBVIRT_POWER_STATE[state] + if state in SHUTDOWN_STATES: + LOG.info(_("Instance already shutdown."), + instance=instance) + return True + + LOG.debug("Shutting down instance from state %s", state, + instance=instance) + dom.shutdown() + retry_countdown = retry_interval + + for sec in six.moves.range(timeout): + + dom = self._lookup_by_name(instance["name"]) + (state, _max_mem, _mem, _cpus, _t) = dom.info() + state = LIBVIRT_POWER_STATE[state] + + if state in SHUTDOWN_STATES: + LOG.info(_("Instance shutdown successfully after %d " + "seconds."), sec, instance=instance) + return True + + # Note(PhilD): We can't assume that the Guest was able to process + # any previous shutdown signal (for example it may + # have still been startingup, so within the overall + # timeout we re-trigger the shutdown every + # retry_interval + if retry_countdown == 0: + retry_countdown = retry_interval + # Instance could shutdown at any time, in which case we + # will get an exception when we call shutdown + try: + LOG.debug("Instance in state %s after %d seconds - " + "resending shutdown", state, sec, + instance=instance) + dom.shutdown() + except libvirt.libvirtError: + # Assume this is because its now shutdown, so loop + # one more time to clean up. + LOG.debug("Ignoring libvirt exception from shutdown " + "request.", instance=instance) + continue + else: + retry_countdown -= 1 + + time.sleep(1) + + LOG.info(_("Instance failed to shutdown in %d seconds."), + timeout, instance=instance) + return False + + def power_off(self, instance, timeout=0, retry_interval=0): """Power off the specified instance.""" + if timeout: + self._clean_shutdown(instance, timeout, retry_interval) self._destroy(instance) def power_on(self, context, instance, network_info, diff --git a/nova/virt/vmwareapi/driver.py b/nova/virt/vmwareapi/driver.py index e514bbb..aedc5c3 100644 --- a/nova/virt/vmwareapi/driver.py +++ b/nova/virt/vmwareapi/driver.py @@ -704,8 +704,9 @@ class VMwareVCDriver(VMwareESXDriver): _vmops = self._get_vmops_for_compute_node(instance['node']) _vmops.unrescue(instance) - def power_off(self, instance): + def power_off(self, instance, timeout=0, retry_interval=0): """Power off the specified instance.""" + # TODO(PhilDay): Add support for timeout (clean shutdown) _vmops = self._get_vmops_for_compute_node(instance['node']) _vmops.power_off(instance) diff --git a/nova/virt/xenapi/driver.py b/nova/virt/xenapi/driver.py index e7a0d1c..ccbe765 100644 --- a/nova/virt/xenapi/driver.py +++ b/nova/virt/xenapi/driver.py @@ -325,8 +325,9 @@ class XenAPIDriver(driver.ComputeDriver): """Unrescue the specified instance.""" self._vmops.unrescue(instance) - def power_off(self, instance): + def power_off(self, instance, timeout=0, retry_interval=0): """Power off the specified instance.""" + # TODO(PhilDay): Add support for timeout (clean shutdown) self._vmops.power_off(instance) def power_on(self, context, instance, network_info, debian/patches/add-support-for-syslog-connect-retries.patch0000664000000000000000000001041412764501734021317 0ustar From fa2a6c6b6aee59b1a98fa7b93f55405457449bf0 Mon Sep 17 00:00:00 2001 From: Edward Hope-Morley Date: Thu, 18 Jun 2015 13:38:58 +0100 Subject: [PATCH] Add support for syslog connect retries If we have requested logging to syslog and syslog is not yet ready we shoudl allow for retry attempts. This patch provides a new option syslog-connect-retries to allow for retries with a 5 second interval between each retry. Closes-Bug: 1459046 Co-authored-by: Liang Chen Conflicts: nova/openstack/common/log.py Change-Id: I88269a75c56c68443230620217a469aebee523f8 --- nova/openstack/common/log.py | 58 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 12 deletions(-) diff --git a/nova/openstack/common/log.py b/nova/openstack/common/log.py index cdc439a..71700b7 100644 --- a/nova/openstack/common/log.py +++ b/nova/openstack/common/log.py @@ -34,7 +34,9 @@ import logging.config import logging.handlers import os import re +import socket import sys +import time import traceback from oslo.config import cfg @@ -118,6 +120,10 @@ logging_cli_opts = [ help='Use syslog for logging. ' 'Existing syslog format is DEPRECATED during I, ' 'and then will be changed in J to honor RFC5424'), + cfg.IntOpt('syslog-connect-retries', + default=3, + help='Number of attempts with a five second interval to retry ' + 'connecting to syslog. (if use-syslog=True)'), cfg.BoolOpt('use-syslog-rfc-format', # TODO(bogdando) remove or use True after existing # syslog format deprecation in J @@ -490,18 +496,6 @@ def _setup_logging_from_conf(): for handler in log_root.handlers: log_root.removeHandler(handler) - if CONF.use_syslog: - facility = _find_facility_from_conf() - # TODO(bogdando) use the format provided by RFCSysLogHandler - # after existing syslog format deprecation in J - if CONF.use_syslog_rfc_format: - syslog = RFCSysLogHandler(address='/dev/log', - facility=facility) - else: - syslog = logging.handlers.SysLogHandler(address='/dev/log', - facility=facility) - log_root.addHandler(syslog) - logpath = _get_log_file_path() if logpath: filelog = logging.handlers.WatchedFileHandler(logpath) @@ -548,6 +542,46 @@ def _setup_logging_from_conf(): logger = logging.getLogger(mod) logger.setLevel(level) + if CONF.use_syslog: + retries = CONF.syslog_connect_retries + syslog_ready = False + while True: + try: + facility = _find_facility_from_conf() + # TODO(bogdando) use the format provided by RFCSysLogHandler + # after existing syslog format deprecation in J + if CONF.use_syslog_rfc_format: + syslog = RFCSysLogHandler(address='/dev/log', + facility=facility) + else: + syslog = logging.handlers.SysLogHandler(address='/dev/log', + facility=facility) + log_root.addHandler(syslog) + syslog_ready = True + except socket.error: + if CONF.syslog_connect_retries <= 0: + log_root.error(_('Connection to syslog failed and no ' + 'retry attempts requested')) + break + + if retries: + log_root.info(_('Connection to syslog failed - ' + 'retrying in 5 seconds')) + retries -= 1 + else: + log_root.error(_('Connection to syslog failed and ' + 'max retry attempts reached')) + break + + time.sleep(5) + else: + break + + if not syslog_ready: + log_root.error(_('Unable to add syslog handler. Verify that ' + 'syslog is running.')) + + _loggers = {} -- 1.9.1 debian/patches/CVE-2015-3241-3.patch0000664000000000000000000003726713156001151013401 0ustar Backport of: From 70d2a051b057054676df663291885defb84a6dd6 Mon Sep 17 00:00:00 2001 From: abhishekkekane Date: Mon, 6 Jul 2015 01:51:26 -0700 Subject: [PATCH] libvirt: Kill rsync/scp processes before deleting instance In the resize operation, during copying files from source to destination compute node scp/rsync processes are not aborted after the instance is deleted because linux kernel doesn't delete instance files physically until all processes using the file handle is closed completely. Hence rsync/scp process keeps on running until it transfers 100% of file data. Added new module instancejobtracker to libvirt driver which will add, remove or terminate the processes running against particular instances. Added callback methods to execute call which will store the pid of scp/rsync process in cache as a key: value pair and to remove the pid from the cache after process completion. Process id will be used to kill the process if it is running while deleting the instance. Instance uuid is used as a key in the cache and pid will be the value. Conflicts: nova/tests/unit/virt/libvirt/test_driver.py nova/tests/unit/virt/libvirt/test_utils.py nova/virt/libvirt/driver.py nova/virt/libvirt/utils.py Note: The required unit-tests are manually added to the below path, as new path for unit-tests is not present in stable/juno release. nova/tests/virt/libvirt/test_driver.py nova/tests/virt/libvirt/test_utils.py SecurityImpact Closes-bug: #1387543 (cherry picked from commit 7ab75d5b0b75fc3426323bef19bf436a258b9707) (cherry picked from commit b5020a047fc487f35b76fc05f31e52665a1afda1) (cherry picked from commit 539693e40388c4729c99a2c133b573896296df2a) Upstream-Juno: https://review.openstack.org/#/c/214528/ Resolves: rhbz 1257789 Resolves: CVE-2015-3241 Change-Id: Ie03acc00a7c904aec13c90ae6a53938d08e5e0c9 Reviewed-on: https://code.engineering.redhat.com/gerrit/57494 Reviewed-by: Vladik Romanovsky Tested-by: RHOS Jenkins Reviewed-by: Matthew Booth --- nova/tests/virt/libvirt/test_image_utils.py | 6 +- nova/tests/virt/libvirt/test_libvirt.py | 40 +++++++++++ nova/tests/virt/libvirt/test_libvirt_utils.py | 6 +- nova/virt/libvirt/driver.py | 19 +++++- nova/virt/libvirt/instancejobtracker.py | 97 +++++++++++++++++++++++++++ nova/virt/libvirt/utils.py | 14 ++-- 6 files changed, 172 insertions(+), 10 deletions(-) create mode 100644 nova/virt/libvirt/instancejobtracker.py Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt.py 2017-09-12 11:48:41.737154733 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py 2017-09-12 11:48:41.729154628 -0400 @@ -23,6 +23,7 @@ import mox import os import re import shutil +import signal import tempfile import uuid @@ -6709,6 +6710,15 @@ class LibvirtConnTestCase(test.TestCase) self.mox.ReplayAll() self.assertTrue(conn._is_storage_shared_with('foo', '/path')) + def test_store_pid_remove_pid(self): + instance = self.create_instance_obj(self.context) + drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) + popen = mock.Mock(pid=3) + drvr.job_tracker.add_job(instance, popen.pid) + self.assertIn(3, drvr.job_tracker.jobs[instance.uuid]) + drvr.job_tracker.remove_job(instance, popen.pid) + self.assertNotIn(instance.uuid, drvr.job_tracker.jobs) + def test_create_domain_define_xml_fails(self): """Tests that the xml is logged when defining the domain fails.""" fake_xml = "this is a test" @@ -8687,12 +8697,18 @@ class LibvirtDriverTestCase(test.TestCas def fake_execute(*args, **kwargs): pass + def fake_copy_image(src, dest, host=None, receive=False, + on_execute=None, on_completion=None): + self.assertIsNotNone(on_execute) + self.assertIsNotNone(on_completion) + self.stubs.Set(self.libvirtconnection, 'get_instance_disk_info', fake_get_instance_disk_info) self.stubs.Set(self.libvirtconnection, '_destroy', fake_destroy) self.stubs.Set(self.libvirtconnection, 'get_host_ip_addr', fake_get_host_ip_addr) self.stubs.Set(utils, 'execute', fake_execute) + self.stubs.Set(libvirt_utils, 'copy_image', fake_copy_image) ins_ref = self._create_instance() flavor = {'root_gb': 10, 'ephemeral_gb': 20} @@ -9294,6 +9310,30 @@ class LibvirtDriverTestCase(test.TestCas @mock.patch('shutil.rmtree') @mock.patch('nova.utils.execute') + @mock.patch('os.path.exists') + @mock.patch('os.kill') + @mock.patch('nova.virt.libvirt.utils.get_instance_path') + def test_delete_instance_files_kill_running( + self, get_instance_path, kill, exists, exe, shutil): + lv = self.libvirtconnection + get_instance_path.return_value = '/path' + params = dict(uuid='fake-uuid', id=1) + instance = self._create_instance(params) + lv.job_tracker.jobs[instance.uuid] = [3, 4] + + exists.side_effect = [False, False, True, False] + + result = lv.delete_instance_files(instance) + get_instance_path.assert_called_with(instance) + exe.assert_called_with('mv', '/path', '/path_del') + kill.assert_has_calls([mock.call(3, signal.SIGKILL), mock.call(3, 0), + mock.call(4, signal.SIGKILL), mock.call(4, 0)]) + shutil.assert_called_with('/path_del') + self.assertTrue(result) + self.assertNotIn(instance.uuid, lv.job_tracker.jobs) + + @mock.patch('shutil.rmtree') + @mock.patch('nova.utils.execute') @mock.patch('os.path.exists') @mock.patch('nova.virt.libvirt.utils.get_instance_path') def test_delete_instance_files_resize(self, get_instance_path, exists, Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt_utils.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt_utils.py 2017-09-12 11:48:41.737154733 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt_utils.py 2017-09-12 11:48:41.729154628 -0400 @@ -218,7 +218,8 @@ blah BLAH: bb mock_execute.assert_called_once_with('cp', 'src', 'dest') _rsync_call = functools.partial(mock.call, - 'rsync', '--sparse', '--compress') + 'rsync', '--sparse', '--compress', + on_execute=None, on_completion=None) @mock.patch('nova.utils.execute') def test_copy_image_rsync(self, mock_execute): @@ -241,6 +242,7 @@ blah BLAH: bb mock_execute.assert_has_calls([ self._rsync_call('--dry-run', 'src', 'host:dest'), - mock.call('scp', 'src', 'host:dest'), + mock.call('scp', 'src', 'host:dest', + on_execute=None, on_completion=None), ]) self.assertEqual(2, mock_execute.call_count) Index: nova-2014.1.5/nova/virt/libvirt/driver.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/driver.py 2017-09-12 11:48:41.737154733 -0400 +++ nova-2014.1.5/nova/virt/libvirt/driver.py 2017-09-12 11:50:03.642222778 -0400 @@ -104,6 +104,7 @@ from nova.virt.libvirt import config as from nova.virt.libvirt import firewall as libvirt_firewall from nova.virt.libvirt import imagebackend from nova.virt.libvirt import imagecache +from nova.virt.libvirt import instancejobtracker from nova.virt.libvirt import utils as libvirt_utils from nova.virt import netutils from nova.virt import watchdog_actions @@ -414,6 +415,8 @@ class LibvirtDriver(driver.ComputeDriver self._volume_api = volume.API() + self.job_tracker = instancejobtracker.InstanceJobTracker() + @property def disk_cachemode(self): if self._disk_cachemode is None: @@ -5102,6 +5105,12 @@ class LibvirtDriver(driver.ComputeDriver img_path = info['path'] fname = os.path.basename(img_path) from_path = os.path.join(inst_base_resize, fname) + + on_execute = lambda process: self.job_tracker.add_job( + instance, process.pid) + on_completion = lambda process: self.job_tracker.remove_job( + instance, process.pid) + if info['type'] == 'qcow2' and info['backing_file']: tmp_path = from_path + "_rbase" # merge backing file @@ -5111,11 +5120,15 @@ class LibvirtDriver(driver.ComputeDriver if shared_storage: utils.execute('mv', tmp_path, img_path) else: - libvirt_utils.copy_image(tmp_path, img_path, host=dest) + libvirt_utils.copy_image(tmp_path, img_path, host=dest, + on_execute=on_execute, + on_completion=on_completion) utils.execute('rm', '-f', tmp_path) else: # raw or qcow2 with no backing file - libvirt_utils.copy_image(from_path, img_path, host=dest) + libvirt_utils.copy_image(from_path, img_path, host=dest, + on_execute=on_execute, + on_completion=on_completion) except Exception: with excutils.save_and_reraise_exception(): self._cleanup_remote_migration(dest, inst_base, @@ -5377,6 +5390,8 @@ class LibvirtDriver(driver.ComputeDriver # invocation failed due to the absence of both target and # target_resize. if not remaining_path and os.path.exists(target_del): + self.job_tracker.terminate_jobs(instance) + LOG.info(_('Deleting instance files %s'), target_del, instance=instance) remaining_path = target_del Index: nova-2014.1.5/nova/virt/libvirt/instancejobtracker.py =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ nova-2014.1.5/nova/virt/libvirt/instancejobtracker.py 2017-09-12 11:48:41.733154681 -0400 @@ -0,0 +1,97 @@ +# Copyright 2015 NTT corp. +# All Rights Reserved. +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +import collections +import errno +import os +import signal + +from nova.openstack.common.gettextutils import _LE +from nova.openstack.common.gettextutils import _LW +from nova.openstack.common import log as logging + + +LOG = logging.getLogger(__name__) + + +class InstanceJobTracker(object): + def __init__(self): + self.jobs = collections.defaultdict(list) + + def add_job(self, instance, pid): + """Appends process_id of instance to cache. + + This method will store the pid of a process in cache as + a key: value pair which will be used to kill the process if it + is running while deleting the instance. Instance uuid is used as + a key in the cache and pid will be the value. + + :param instance: Object of instance + :param pid: Id of the process + """ + self.jobs[instance.uuid].append(pid) + + def remove_job(self, instance, pid): + """Removes pid of process from cache. + + This method will remove the pid of a process from the cache. + + :param instance: Object of instance + :param pid: Id of the process + """ + uuid = instance.uuid + if uuid in self.jobs and pid in self.jobs[uuid]: + self.jobs[uuid].remove(pid) + + # remove instance.uuid if no pid's remaining + if not self.jobs[uuid]: + self.jobs.pop(uuid, None) + + def terminate_jobs(self, instance): + """Kills the running processes for given instance. + + This method is used to kill all running processes of the instance if + it is deleted in between. + + :param instance: Object of instance + """ + pids_to_remove = list(self.jobs.get(instance.uuid, [])) + for pid in pids_to_remove: + try: + # Try to kill the process + os.kill(pid, signal.SIGKILL) + except OSError as exc: + if exc.errno != errno.ESRCH: + LOG.error(_LE('Failed to kill process %(pid)s ' + 'due to %(reason)s, while deleting the ' + 'instance.'), {'pid': pid, 'reason': exc}, + instance=instance) + + try: + # Check if the process is still alive. + os.kill(pid, 0) + except OSError as exc: + if exc.errno != errno.ESRCH: + LOG.error(_LE('Unexpected error while checking process ' + '%(pid)s.'), {'pid': pid}, + instance=instance) + else: + # The process is still around + LOG.warn(_LW("Failed to kill a long running process " + "%(pid)s related to the instance when " + "deleting it."), {'pid': pid}, + instance=instance) + + self.remove_job(instance, pid) Index: nova-2014.1.5/nova/virt/libvirt/utils.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/utils.py 2017-09-12 11:48:41.737154733 -0400 +++ nova-2014.1.5/nova/virt/libvirt/utils.py 2017-09-12 11:50:28.938552498 -0400 @@ -481,12 +481,15 @@ def get_disk_backing_file(path, basename return backing_file -def copy_image(src, dest, host=None): +def copy_image(src, dest, host=None, on_execute=None, + on_completion=None): """Copy a disk image to an existing directory :param src: Source image :param dest: Destination path :param host: Remote host + :param on_execute: Callback method to store pid of process in cache + :param on_completion: Callback method to remove pid of process from cache """ if not host: @@ -505,11 +508,14 @@ def copy_image(src, dest, host=None): # Do a relatively light weight test first, so that we # can fall back to scp, without having run out of space # on the destination for example. - execute('rsync', '--sparse', '--compress', '--dry-run', src, dest) + execute('rsync', '--sparse', '--compress', '--dry-run', src, dest, + on_execute=on_execute, on_completion=on_completion) except processutils.ProcessExecutionError: - execute('scp', src, dest) + execute('scp', src, dest, on_execute=on_execute, + on_completion=on_completion) else: - execute('rsync', '--sparse', '--compress', src, dest) + execute('rsync', '--sparse', '--compress', src, dest, + on_execute=on_execute, on_completion=on_completion) def write_to_file(path, contents, umask=None): debian/patches/Fix-wrong-used-ProcessExecutionError-exception.patch0000664000000000000000000001057212764501734023002 0ustar From 3a55f1422e81a642ae914e5b47f490639def34ea Mon Sep 17 00:00:00 2001 From: Wangpan Date: Thu, 17 Apr 2014 13:44:55 +0800 Subject: [PATCH 2/4] Fix wrong used ProcessExecutionError exception This class has been moved to nova.openstack.common.processutils, but a wrong usage is exists in nova.virt.libvirt.volume, correct here. Conflicts: nova/tests/virt/libvirt/test_libvirt_volume.py NOTE(wolsen): conflicts are due to test restructuring between stable/juno and stable/icehouse. Closes-bug: #1308839 Change-Id: I76f99b63dc5097b462dcff6ff63cbbb13d7580fb (cherry picked from commit aa9383081230b92ecc7c1b176cb3eb62a237949c) --- nova/tests/virt/libvirt/test_libvirt_volume.py | 42 +++++++++++++++++++++++++- nova/virt/libvirt/volume.py | 3 +- 2 files changed, 42 insertions(+), 3 deletions(-) --- a/nova/tests/virt/libvirt/test_libvirt_volume.py +++ b/nova/tests/virt/libvirt/test_libvirt_volume.py @@ -14,14 +14,15 @@ # under the License. import contextlib +import fixtures import os import time -import fixtures import mock from oslo.config import cfg from nova import exception +from nova.openstack.common import processutils from nova.storage import linuxscsi from nova import test from nova.tests.virt.libvirt import fake_libvirt_utils @@ -311,6 +312,45 @@ '/sys/block/%s/device/delete' % dev_name)] self.assertEqual(self.executes, expected_commands) + def test_libvirt_iscsi_driver_disconnect_multipath_error(self): + libvirt_driver = volume.LibvirtISCSIVolumeDriver(self.fake_conn) + devs = ['/dev/disk/by-path/ip-%s-iscsi-%s-lun-2' % (self.location, + self.iqn)] + with contextlib.nested( + mock.patch.object(os.path, 'exists', return_value=True), + mock.patch.object(self.fake_conn, 'get_all_block_devices', + return_value=devs), + mock.patch.object(libvirt_driver, '_rescan_multipath'), + mock.patch.object(libvirt_driver, '_run_multipath'), + mock.patch.object(libvirt_driver, '_get_multipath_device_name', + return_value='/dev/mapper/fake-multipath-devname'), + mock.patch.object(libvirt_driver, + '_get_target_portals_from_iscsiadm_output', + return_value=[('fake-ip', 'fake-portal')]), + mock.patch.object(libvirt_driver, '_get_multipath_iqn', + return_value='fake-portal'), + ) as (mock_exists, mock_devices, mock_rescan_multipath, + mock_run_multipath, mock_device_name, mock_get_portals, + mock_get_iqn): + mock_run_multipath.side_effect = processutils.ProcessExecutionError + name = 'volume-00000001' + vol = {'id': 1, 'name': self.name} + connection_info = self.iscsi_connection(vol, self.location, + self.iqn) + conf = libvirt_driver.connect_volume(connection_info, + self.disk_info) + tree = conf.format_dom() + dev_name = 'ip-%s-iscsi-%s-lun-1' % (self.location, self.iqn) + dev_str = '/dev/disk/by-path/%s' % dev_name + self.assertEqual('block', tree.get('type')) + self.assertEqual(dev_str, tree.find('./source').get('dev')) + + libvirt_driver.use_multipath = True + libvirt_driver.disconnect_volume(connection_info, "vde") + mock_run_multipath.assert_called_once_with( + ['-f', 'fake-multipath-devname'], + check_exit_code=[0, 1]) + def iser_connection(self, volume, location, iqn): return { 'driver_volume_type': 'iser', --- a/nova/virt/libvirt/volume.py +++ b/nova/virt/libvirt/volume.py @@ -399,7 +399,7 @@ try: self._run_multipath(['-f', disk_descriptor], check_exit_code=[0, 1]) - except exception.ProcessExecutionError as exc: + except processutils.ProcessExecutionError as exc: # Because not all cinder drivers need to remove the dev mapper, # here just logs a warning to avoid affecting those drivers in # exceptional cases. debian/patches/CVE-2016-2140-2.patch0000664000000000000000000001200313156263153013367 0ustar From e9ee2bd26b5f863099cda5f4aa89c4d567984d27 Mon Sep 17 00:00:00 2001 From: Matthew Booth Date: Wed, 9 Mar 2016 17:27:03 +0000 Subject: [PATCH] Fix processing of libvirt disk.info in non-disk-image cases In Idfc16f54049aaeab31ac1c1d8d79a129acc9fb87 a change was made that caused non-disk-image backends to fall over because of an undefined variable because they skipped processing of the disk.info file. This adds a check for that case to make sure we don't run that path in the non-disk-image backend case. Conflicts: nova/tests/virt/libvirt/test_libvirt.py Upstream-Kilo: https://review.openstack.org/#/c/290847 Closes-Bug: #1555287 Change-Id: I02f8a5f0e29816336e500a8fe8dcc9ece15968e9 Reviewed-on: https://code.engineering.redhat.com/gerrit/69570 Tested-by: RHOS Jenkins Reviewed-by: Matthew Booth --- nova/tests/virt/libvirt/test_libvirt.py | 14 +++++++++++--- nova/virt/libvirt/driver.py | 21 ++++++++++++--------- 2 files changed, 23 insertions(+), 12 deletions(-) Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 13:10:01.537921037 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 13:10:01.533920984 -0400 @@ -8804,12 +8804,20 @@ class LibvirtDriverTestCase(test.TestCas mock_shared.return_value = False admin_ctx = context.get_admin_context() - self.libvirtconnection.migrate_disk_and_power_off(admin_ctx, instance, - mock.sentinel, - flavor_object, None) src_disk_info_path = os.path.join(instance_base + '_resize', 'disk.info') + + with mock.patch.object(os.path, 'exists', autospec=True) \ + as mock_exists: + # disk.info exists on the source + mock_exists.side_effect = \ + lambda path: path == src_disk_info_path + self.libvirtconnection.migrate_disk_and_power_off(admin_ctx, + instance, mock.sentinel, + flavor_object, None) + self.assertTrue(mock_exists.called) + dst_disk_info_path = os.path.join(instance_base, 'disk.info') mock_copy.assert_any_call(src_disk_info_path, dst_disk_info_path, host=mock.sentinel, on_execute=mock.ANY, Index: nova-2014.1.5/nova/virt/libvirt/driver.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/driver.py 2017-09-13 13:10:01.537921037 -0400 +++ nova-2014.1.5/nova/virt/libvirt/driver.py 2017-09-13 13:10:01.533920984 -0400 @@ -5134,17 +5134,18 @@ class LibvirtDriver(driver.ComputeDriver if shared_storage: dest = None utils.execute('mkdir', '-p', inst_base) + + on_execute = lambda process: \ + self.job_tracker.add_job(instance, process.pid) + on_completion = lambda process: \ + self.job_tracker.remove_job(instance, process.pid) + for info in disk_info: # assume inst_base == dirname(info['path']) img_path = info['path'] fname = os.path.basename(img_path) from_path = os.path.join(inst_base_resize, fname) - on_execute = lambda process: self.job_tracker.add_job( - instance, process.pid) - on_completion = lambda process: self.job_tracker.remove_job( - instance, process.pid) - if info['type'] == 'qcow2' and info['backing_file']: tmp_path = from_path + "_rbase" # merge backing file @@ -5167,10 +5168,12 @@ class LibvirtDriver(driver.ComputeDriver # Ensure disk.info is written to the new path to avoid disks being # reinspected and potentially changing format. src_disk_info_path = os.path.join(inst_base_resize, 'disk.info') - dst_disk_info_path = os.path.join(inst_base, 'disk.info') - libvirt_utils.copy_image(src_disk_info_path, dst_disk_info_path, - host=dest, on_execute=on_execute, - on_completion=on_completion) + if os.path.exists(src_disk_info_path): + dst_disk_info_path = os.path.join(inst_base, 'disk.info') + libvirt_utils.copy_image(src_disk_info_path, + dst_disk_info_path, + host=dest, on_execute=on_execute, + on_completion=on_completion) except Exception: with excutils.save_and_reraise_exception(): self._cleanup_remote_migration(dest, inst_base, debian/patches/CVE-2015-8749.patch0000664000000000000000000000407013155761065013265 0ustar Backport of: From ef1ccdaca9512b88878155f7d8c2c77853d91252 Mon Sep 17 00:00:00 2001 From: Matt Riedemann Date: Mon, 16 Nov 2015 13:11:09 -0800 Subject: [PATCH] xen: mask passwords in volume connection_data dict The connection_data dict can have credentials in it, so we need to scrub those before putting the stringified dict into the StorageError message and raising that up and when logging the dict. Note that strutils.mask_password converts the dict to a string using six.text_type so we don't have to do that conversion first. SecurityImpact Change-Id: Ic5f4d4c26794550a92481bf2b725ef5eafa581b2 Closes-Bug: #1516765 (cherry picked from commit 8b289237ed6d53738c22878decf0c429301cf3d0) (cherry picked from commit cf197ec2d682fb4da777df2291ca7ef101f73b77) --- nova/tests/unit/virt/xenapi/test_volume_utils.py | 17 +++++++++++++++-- nova/tests/unit/virt/xenapi/test_volumeops.py | 16 ++++++++++++++++ nova/virt/xenapi/volume_utils.py | 3 ++- nova/virt/xenapi/volumeops.py | 6 +++++- 4 files changed, 38 insertions(+), 4 deletions(-) Index: nova-2014.1.5/nova/virt/xenapi/volume_utils.py =================================================================== --- nova-2014.1.5.orig/nova/virt/xenapi/volume_utils.py 2017-09-12 09:32:54.906602924 -0400 +++ nova-2014.1.5/nova/virt/xenapi/volume_utils.py 2017-09-12 09:33:35.547153637 -0400 @@ -26,6 +26,7 @@ from oslo.config import cfg from nova.openstack.common.gettextutils import _ from nova.openstack.common import log as logging +from nova.openstack.common import strutils xenapi_volume_utils_opts = [ cfg.IntOpt('introduce_vdi_retry_wait', @@ -267,7 +268,7 @@ def parse_volume_info(connection_data): target_host is None or target_iqn is None): raise StorageError(_('Unable to obtain target information' - ' %s') % connection_data) + ' %s') % strutils.mask_password(connection_data)) volume_info = {} volume_info['id'] = volume_id volume_info['target'] = target_host debian/patches/CVE-2016-2140-1.patch0000664000000000000000000002215613156270116013375 0ustar Backport of: From 48e30ff15efdf167ce5782b57ee3cf287c5b9049 Mon Sep 17 00:00:00 2001 From: Lee Yarwood Date: Wed, 24 Feb 2016 11:23:22 +0000 Subject: [PATCH] libvirt: Always copy or recreate disk.info during a migration The disk.info file contains the path and format of any image, config or ephermal disk associated with an instance. When using RAW images and migrating an instance this file should always be copied or recreated. This avoids the Raw imagebackend reinspecting the format of these disks when spawning the instance on the destination host. By not copying or recreating this disk.info file, a malicious image written to an instance disk on the source host will cause Nova to reinspect and record a different format for the disk on the destination. This format then being used incorrectly when finally spawning the instance on the destination. Conflicts: nova/tests/unit/virt/libvirt/test_driver.py nova/virt/libvirt/driver.py Resolves:rhbz #1313655 Resolves:rhbz #1313656 SecurityImpact Closes-bug: #1548450 Change-Id: Idfc16f54049aaeab31ac1c1d8d79a129acc9fb87 Reviewed-on: https://code.engineering.redhat.com/gerrit/69013 Reviewed-by: Matthew Booth Tested-by: RHOS Jenkins --- nova/tests/virt/libvirt/test_libvirt.py | 81 +++++++++++++++++++++++++++++++++ nova/virt/libvirt/driver.py | 26 +++++++++++ 2 files changed, 107 insertions(+) Index: nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py =================================================================== --- nova-2014.1.5.orig/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 13:51:13.969596813 -0400 +++ nova-2014.1.5/nova/tests/virt/libvirt/test_libvirt.py 2017-09-13 13:51:59.014183154 -0400 @@ -4433,6 +4433,43 @@ class LibvirtConnTestCase(test.TestCase) conn.pre_live_migration(self.context, instance, block_device_info=None, network_info=[], disk_info={}) + def test_pre_live_migration_recreate_disk_info(self): + + migrate_data = {'is_shared_storage': False, + 'is_volume_backed': False, + 'block_migration': True, + 'instance_relative_path': '/some/path/'} + disk_info = [{'disk_size': 5368709120, 'type': 'raw', + 'virt_disk_size': 5368709120, + 'path': '/some/path/disk', + 'backing_file': '', 'over_committed_disk_size': 0}, + {'disk_size': 1073741824, 'type': 'raw', + 'virt_disk_size': 1073741824, + 'path': '/some/path/disk.eph0', + 'backing_file': '', 'over_committed_disk_size': 0}] + image_disk_info = {'/some/path/disk': 'raw', + '/some/path/disk.eph0': 'raw'} + + drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) + instance = db.instance_create(self.context, self.test_instance) + instance_path = os.path.dirname(disk_info[0]['path']) + disk_info_path = os.path.join(instance_path, 'disk.info') + + with contextlib.nested( + mock.patch.object(os, 'mkdir'), + mock.patch.object(fake_libvirt_utils, 'write_to_file'), + mock.patch.object(drvr, '_create_images_and_backing') + ) as ( + mkdir, write_to_file, create_images_and_backing + ): + drvr.pre_live_migration(self.context, instance, + block_device_info=None, + network_info=[], + disk_info=disk_info, + migrate_data=migrate_data) + write_to_file.assert_called_with(disk_info_path, + jsonutils.dumps(image_disk_info)) + def test_get_instance_disk_info_works_correctly(self): # Test data instance_ref = db.instance_create(self.context, self.test_instance) @@ -8734,6 +8771,50 @@ class LibvirtDriverTestCase(test.TestCas self.libvirtconnection.migrate_disk_and_power_off, 'ctx', instance, '10.0.0.1', flavor, None) + @mock.patch('nova.utils.execute') + @mock.patch('nova.virt.libvirt.utils.copy_image') + @mock.patch('nova.virt.libvirt.driver.LibvirtDriver._destroy') + @mock.patch('nova.virt.libvirt.utils.get_instance_path') + @mock.patch('nova.virt.libvirt.driver.LibvirtDriver' + '._is_storage_shared_with') + @mock.patch('nova.virt.libvirt.driver.LibvirtDriver' + '.get_instance_disk_info') + def test_migrate_disk_and_power_off_resize_copy_disk_info(self, + mock_disk_info, + mock_shared, + mock_path, + mock_destroy, + mock_copy, + mock_execuate): + + instance = self._create_instance() + disk_info = jsonutils.dumps([{'disk_size': 1, 'type': 'qcow2', + 'virt_disk_size': 10737418240, 'path': '/test/disk', + 'backing_file': '/base/disk'}, + {'disk_size': 1, 'type': 'qcow2', + 'virt_disk_size': 536870912, 'path': '/test/disk.swap', + 'backing_file': '/base/swap_512'}]) + disk_info_text = jsonutils.loads(disk_info) + instance_base = os.path.dirname(disk_info_text[0]['path']) + flavor = {'root_gb': 10, 'ephemeral_gb': 25} + flavor_object = flavor_obj.Flavor(**flavor) + + mock_disk_info.return_value = disk_info + mock_path.return_value = instance_base + mock_shared.return_value = False + + admin_ctx = context.get_admin_context() + self.libvirtconnection.migrate_disk_and_power_off(admin_ctx, instance, + mock.sentinel, + flavor_object, None) + + src_disk_info_path = os.path.join(instance_base + '_resize', + 'disk.info') + dst_disk_info_path = os.path.join(instance_base, 'disk.info') + mock_copy.assert_any_call(src_disk_info_path, dst_disk_info_path, + host=mock.sentinel, on_execute=mock.ANY, + on_completion=mock.ANY) + def test_wait_for_running(self): def fake_get_info(instance): if instance['name'] == "not_found": Index: nova-2014.1.5/nova/virt/libvirt/driver.py =================================================================== --- nova-2014.1.5.orig/nova/virt/libvirt/driver.py 2017-09-13 13:51:13.969596813 -0400 +++ nova-2014.1.5/nova/virt/libvirt/driver.py 2017-09-13 13:51:13.969596813 -0400 @@ -4723,6 +4723,24 @@ class LibvirtDriver(driver.ComputeDriver raise exception.DestinationDiskExists(path=instance_dir) os.mkdir(instance_dir) + # Recreate the disk.info file and in doing so stop the + # imagebackend from recreating it incorrectly by inspecting the + # contents of each file when using the Raw backend. + if disk_info: + image_disk_info = {} + for info in disk_info: + image_file = os.path.basename(info['path']) + image_path = os.path.join(instance_dir, image_file) + image_disk_info[image_path] = info['type'] + + LOG.debug('Creating disk.info with the contents: %s', + image_disk_info, instance=instance) + + image_disk_info_path = os.path.join(instance_dir, + 'disk.info') + libvirt_utils.write_to_file(image_disk_info_path, + jsonutils.dumps(image_disk_info)) + # Ensure images and backing files are present. self._create_images_and_backing(context, instance, instance_dir, disk_info) @@ -5145,6 +5163,14 @@ class LibvirtDriver(driver.ComputeDriver libvirt_utils.copy_image(from_path, img_path, host=dest, on_execute=on_execute, on_completion=on_completion) + + # Ensure disk.info is written to the new path to avoid disks being + # reinspected and potentially changing format. + src_disk_info_path = os.path.join(inst_base_resize, 'disk.info') + dst_disk_info_path = os.path.join(inst_base, 'disk.info') + libvirt_utils.copy_image(src_disk_info_path, dst_disk_info_path, + host=dest, on_execute=on_execute, + on_completion=on_completion) except Exception: with excutils.save_and_reraise_exception(): self._cleanup_remote_migration(dest, inst_base, debian/nova-common.nova-manage.logrotate0000664000000000000000000000015012764501734015540 0ustar /var/log/nova/nova-manage.log { daily missingok compress delaycompress notifempty } debian/nova-api-ec2.logrotate0000664000000000000000000000015112764501734013301 0ustar /var/log/nova/nova-api-ec2.log { daily missingok compress delaycompress notifempty } debian/nova-api-os-compute.manpages0000664000000000000000000000004412764501734014517 0ustar doc/build/man/nova-api-os-compute.1 debian/nova-network.upstart0000775000000000000000000000061612764501734013265 0ustar description "Nova network worker" author "Soren Hansen " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-network -- --config-file=/etc/nova/nova.conf debian/nova-cert.upstart0000775000000000000000000000060212764501734012524 0ustar description "Nova cert" author "Soren Hansen " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-cert -- --config-file=/etc/nova/nova.conf debian/nova-api.logrotate0000664000000000000000000000014512764501734012635 0ustar /var/log/nova/nova-api.log { daily missingok compress delaycompress notifempty } debian/nova-xvpvncproxy.manpages0000664000000000000000000000004112764501734014300 0ustar doc/build/man/nova-xvpvncproxy.1 debian/nova-cert.install0000664000000000000000000000002212764501734012461 0ustar usr/bin/nova-cert debian/nova-novncproxy.upstart0000775000000000000000000000064012764501734014016 0ustar description "Nova NoVNC proxy" author "Vishvananda Ishaya " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-novncproxy -- --config-file=/etc/nova/nova.conf debian/nova-conductor.manpages0000664000000000000000000000003712764501734013657 0ustar doc/build/man/nova-conductor.1 debian/nova-baremetal.upstart0000775000000000000000000000063112764501734013525 0ustar description "Nova baremetal" author "Chuck Short " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-baremetal-deploy-helper -- --config-file=/etc/nova/nova.conf debian/nova-compute-lxc.postinst0000664000000000000000000000022512764501734014206 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then chown nova:nova /etc/nova/nova-compute.conf chmod 0600 /etc/nova/nova-compute.conf fi #DEBHELPER# debian/source_nova.py0000664000000000000000000000217212764501734012100 0ustar #!/usr/bin/python '''openstack Apport interface Copyright (C) 2010 Canonical Ltd. Author: Chuck Short This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See http://www.gnu.org/copyleft/gpl.html for the full text of the license. ''' import os import subprocess from apport.hookutils import * def add_info(report,ui): response = ui.yesno("The contents of your /etc/nova/nova.conf file " "may help developers diagnose your bug more " "quickly. However, it may contain sensitive " "information. Do you want to include it in your " "bug report?") if response == None: # user cancelled raise StopIteration elif response == True: attach_file(report, '/etc/nova/nova.conf', 'NovaConf') attach_related_packages(report, ['python-nova', 'nova-common', 'nova-compute', 'nova-scheduler', 'nova-volume', 'nova-api', 'nova-network', 'nova-objectstore', 'nova-doc', 'nova-cert']) debian/nova-objectstore.manpages0000664000000000000000000000004112764501734014175 0ustar doc/build/man/nova-objectstore.1 debian/copyright0000664000000000000000000000424712764501734011143 0ustar Format: http://dep.debian.net/deps/dep5- Upstream-Name: nova Source: https://code.launchpad.net/nova Files: * Copyright: 2010 United States Government as represented by the Administrator of the National Aeronautics and Space Administration. Copyright: 2010 OpenStack LLC Copyright: Others (See individual files for more details) License: Apache-2 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. . On Debian-based systems the full text of the Apache version 2.0 license can be found in `/usr/share/common-licenses/Apache-2.0'. Files: contrib/boto_v6/* Copyright: 2006-2010, Mitch Garnaat http://garnaat.org/ 2010, Eucalyptus Systems, Inc. License: BSD-Style Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. debian/nova-api-metadata.postinst0000664000000000000000000000017212764501734014276 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then chown root:root /etc/nova/rootwrap.d/api-metadata.filters fi #DEBHELPER# debian/nova-compute-qemu.postinst0000664000000000000000000000022512764501734014367 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then chown nova:nova /etc/nova/nova-compute.conf chmod 0600 /etc/nova/nova-compute.conf fi #DEBHELPER# debian/nova-console.manpages0000664000000000000000000000003512764501734013317 0ustar doc/build/man/nova-console.1 debian/watch0000664000000000000000000000016712764501734010236 0ustar version=3 opts="uversionmangle=s/\.([a-zA-Z])/~$1/;s/%7E/~/" \ http://tarballs.openstack.org/nova/ nova-(.*)\.tar\.gz debian/nova-api-os-compute.install0000664000000000000000000000003412764501734014371 0ustar usr/bin/nova-api-os-compute debian/nova-compute.postinst0000664000000000000000000000016712764501734013427 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then chown root:root /etc/nova/rootwrap.d/compute.filters fi #DEBHELPER# debian/nova-compute-xen.conf0000664000000000000000000000010712764501734013253 0ustar [DEFAULT] compute_driver=libvirt.LibvirtDriver [libvirt] virt_type=xen debian/nova-api-metadata.manpages0000664000000000000000000000004212764501734014202 0ustar doc/build/man/nova-api-metadata.1 debian/nova-compute-kvm.postinst0000664000000000000000000000022512764501734014215 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then chown nova:nova /etc/nova/nova-compute.conf chmod 0600 /etc/nova/nova-compute.conf fi #DEBHELPER# debian/nova.conf0000664000000000000000000000073212764501734011015 0ustar [DEFAULT] dhcpbridge_flagfile=/etc/nova/nova.conf dhcpbridge=/usr/bin/nova-dhcpbridge logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova force_dhcp_release=True iscsi_helper=tgtadm libvirt_use_virtio_for_bridges=True connection_type=libvirt root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf verbose=True ec2_private_dns_show_ip=True api_paste_config=/etc/nova/api-paste.ini volumes_path=/var/lib/nova/volumes enabled_apis=ec2,osapi_compute,metadata debian/nova-xvpvncproxy.upstart0000775000000000000000000000063112764501734014217 0ustar description "Nova XVPVNC proxy" author "Adam Gandelman " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-xvpvncproxy -- --config-file=/etc/nova/nova.conf debian/gbp.conf0000664000000000000000000000016312764501734010620 0ustar [DEFAULT] upstream-branch = master debian-branch = debian/unstable [git-buildpackage] export-dir = ../build-area/ debian/nova-novncproxy.logrotate0000664000000000000000000000015412764501734014311 0ustar /var/log/nova/nova-novncproxy.log { daily missingok compress delaycompress notifempty } debian/nova-doc.links0000664000000000000000000000063512764501734011755 0ustar # Overwrite jquery.js from upstream tarball with a link to jquery.js # provided by jQuery Debian package /usr/share/javascript/jquery/jquery.js usr/share/doc/nova-doc/html/_static/jquery.js # Overwrite underscore.js from upstream tarball with a link to underscore.min.js # provided by Underscore Debian package /usr/share/javascript/underscore/underscore.min.js usr/share/doc/nova-doc/html/_static/underscore.js debian/nova-console.logrotate0000664000000000000000000000017212764501734013526 0ustar /var/log/nova/nova-console.log { daily copytruncate missingok compress delaycompress notifempty } debian/nova-api-metadata.logrotate0000664000000000000000000000015612764501734014415 0ustar /var/log/nova/nova-api-metadata.log { daily missingok compress delaycompress notifempty } debian/nova-cells.install0000664000000000000000000000002312764501734012627 0ustar usr/bin/nova-cells debian/nova-compute-xen.postinst0000664000000000000000000000022512764501734014212 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then chown nova:nova /etc/nova/nova-compute.conf chmod 0600 /etc/nova/nova-compute.conf fi #DEBHELPER# debian/nova-network.install0000664000000000000000000000012112764501734013215 0ustar etc/nova/rootwrap.d/network.filters usr/bin/nova-dhcpbridge usr/bin/nova-network debian/nova-compute.manpages0000664000000000000000000000003512764501734013331 0ustar doc/build/man/nova-compute.1 debian/nova-xvpvncproxy.logrotate0000664000000000000000000000015512764501734014513 0ustar /var/log/nova/nova-xvpvncproxy.log { daily missingok compress delaycompress notifempty } debian/nova-cells.upstart0000775000000000000000000000060112764501734012670 0ustar description "Nova cells" author "Chuck Short " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock nova end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-cells -- --config-file=/etc/nova/nova.conf debian/nova-novncproxy.install0000664000000000000000000000003012764501734013750 0ustar usr/bin/nova-novncproxy debian/nova-api.upstart0000775000000000000000000000060712764501734012345 0ustar description "Nova API server" author "Soren Hansen " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-api -- --config-file=/etc/nova/nova.conf debian/nova-api-ec2.upstart0000775000000000000000000000060712764501734013014 0ustar description "Nova EC2 API server" author "Joe Heck " start on runlevel [2345] stop on runlevel [!2345] chdir /var/run pre-start script mkdir -p /var/run/nova chown nova:root /var/run/nova/ mkdir -p /var/lock/nova chown nova:root /var/lock/nova/ end script exec start-stop-daemon --start --chuid nova --exec /usr/bin/nova-api-ec2 -- --config-file=/etc/nova/nova.conf debian/nova-network.nova-dhcpbridge.logrotate0000664000000000000000000000015412764501734016610 0ustar /var/log/nova/nova-dhcpbridge.log { daily missingok compress delaycompress notifempty } debian/nova-console.install0000664000000000000000000000002512764501734013171 0ustar usr/bin/nova-console debian/nova-compute-vmware.conf0000664000000000000000000000006212764501734013762 0ustar [DEFAULT] compute_driver=vmwareapi.VMwareVCDriver debian/pydist-overrides0000664000000000000000000000005112764501734012434 0ustar coverage setuptools-git babel websockify debian/README.Source0000664000000000000000000000021412764501734011315 0ustar To do a release to the ubuntu archive: 1. dch --release && debcommit --release 2. bzr bd -S 3. dput 4. Once it has been accepted: bzr push debian/nova-scheduler.logrotate0000664000000000000000000000015312764501734014041 0ustar /var/log/nova/nova-scheduler.log { daily missingok compress delaycompress notifempty } debian/tests/0000775000000000000000000000000012764501734010343 5ustar debian/tests/python-nova0000775000000000000000000000042712764501734012556 0ustar #!/bin/bash #------------------------- # Testing client utilities #------------------------- set -e result=$(python `dirname $0`/test_import_nova.py 2>&1) if [ "$result" ]; then echo "ERROR: PYTHON-NOVA MODULE CANNOT BE IMPORTED" exit 1 else echo "OK" exit 0 fi debian/tests/nova-compute-daemons0000775000000000000000000000072112764501734014332 0ustar #!/bin/bash #--------------------- # Testing nova-compute #--------------------- set -e DAEMONS=('nova-compute-kvm' 'nova-compute-lxc' 'nova-compute-qemu') for daemon in "${DAEMONS[@]}"; do apt-get install -y nova-compute $daemon 2>&1 > /dev/null if pidof -x nova-compute > /dev/null; then echo "OK" else echo "ERROR: NOVA-COMPUTE IS NOT RUNNING" exit 1 fi apt-get remove -y $daemon nova-compute 2>&1 > /dev/null done debian/tests/control0000664000000000000000000000046112764501734011747 0ustar Tests: nova-compute-daemons nova-daemons nova-clients nova-api python-nova Depends: nova-compute, nova-conductor, nova-cert, nova-scheduler, nova-novncproxy, nova-xvpvncproxy, nova-api, nova-network, nova-objectstore, nova-console, nova-consoleauth, nova-baremetal, python-nova Restrictions: needs-root debian/tests/nova-api0000775000000000000000000000064212764501734012005 0ustar #!/bin/bash #----------------- # Testing nova-api #----------------- set -e DAEMONS=('nova-api-metadata' 'nova-api-os-compute' 'nova-api-ec2') for daemon in "${DAEMONS[@]}"; do apt-get install -y $daemon 2>&1 > /dev/null if pidof -x $daemon > /dev/null; then echo "OK" else echo "ERROR: ${daemon} IS NOT RUNNING" exit 1 fi apt-get remove -y $daemon 2>&1 > /dev/null done debian/tests/nova-daemons0000775000000000000000000000067512764501734012670 0ustar #!/bin/bash #--------------------- # Testing nova-daemons #--------------------- set -e DAEMONS=('nova-conductor' 'nova-cert' 'nova-scheduler' 'nova-novncproxy' 'nova-network' 'nova-objectstore' \ 'nova-console' 'nova-consoleauth' 'nova-baremetal-deploy-helper') for daemon in "${DAEMONS[@]}"; do if pidof -x $daemon > /dev/null; then echo "OK" else echo "ERROR: ${daemon} IS NOT RUNNING" exit 1 fi done debian/tests/nova-clients0000775000000000000000000000046412764501734012677 0ustar #!/bin/bash #------------------------- # Testing client utilities #------------------------- set -e HELP_CLIENTS=('nova-xvpvncproxy' 'nova-api') for client in "${HELP_CLIENTS[@]}"; do RET=$($client -h 2>&1 > /dev/null) if [[ $RET ]]; then echo "ERROR, ${client} is not running" fi done debian/tests/test_import_nova.py0000664000000000000000000000011712764501734014310 0ustar try: import nova except ImportError, e: print "ERROR IMPORTING MODULE" debian/rules0000775000000000000000000000376512764501734010274 0ustar #!/usr/bin/make -f # Verbose mode #export DH_VERBOSE=1 VERSION := $(shell dpkg-parsechangelog | sed -rne 's,^Version: ([0-9]:)*([^-]+).*,\2,p') export OSLO_PACKAGE_VERSION=$(VERSION) # Send HTTP traffic to “discard” service export http_proxy = http://127.0.1.1:9/ export https_proxy = ${http_proxy} %: dh $@ --with python2 override_dh_auto_clean: dh_auto_clean rm -rf doc/build/* doc/source/api doc/.autogenerated rm -rf tests.sqlite clean.sqlite run_tests.log rm -rf CA rm -f po/nova.pot rm -rf .autogenerated override_dh_auto_build: dh_auto_build ifeq (,$(findstring nodocs, $(DEB_BUILD_OPTIONS))) mkdir -p doc/build/html mkdir -p doc/build/man sphinx-build -b man doc/source doc/build/man sphinx-build -b html doc/source doc/build/html endif get-orig-source: uscan --verbose --rename --destdir=../build-area override_dh_install: dh_install --fail-missing -Xbin/nova-all chmod 440 $(CURDIR)/debian/nova-common/etc/sudoers.d/nova_sudoers install -D -m 644 debian/source_nova.py debian/php5-common/usr/share/apport/package-hooks/source_nova.py install -D -m 0644 $(CURDIR)/etc/nova/logging_sample.conf $(CURDIR)/debian/nova-common/etc/nova/logging.conf for hypervisor in qemu kvm xen lxc vmware; do \ install -D -m 0600 $(CURDIR)/debian/nova-compute-$${hypervisor}.conf $(CURDIR)/debian/nova-compute-$${hypervisor}/etc/nova/nova-compute.conf; \ done override_dh_fixperms: dh_fixperms -Xnova_sudoers dh_fixperms -Xnova_tgt.conf rm -f $(CURDIR)/debian/python-nova/usr/share/pyshared/nova/CA/.gitignore rm -f $(CURDIR)/debian/python-nova/usr/share/pyshared/nova/CA/projects/.gitignore rm -f $(CURDIR)/debian/python-nova/usr/share/pyshared/nova/CA/reqs/.gitignore ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS))) override_dh_auto_test: ./run_tests.sh -N -P endif override_dh_python2: dh_python2 override_dh_installlogrotate: dh_installlogrotate dh_installlogrotate --name=nova-manage dh_installlogrotate --name=nova-dhcpbridge override_dh_installchangelogs: dh_installchangelogs ChangeLog debian/nova-compute-libvirt.postinst0000664000000000000000000000024112764501734015071 0ustar #!/bin/sh -e if [ "$1" = "configure" ]; then if ! getent group libvirtd | grep -qE '\' then adduser nova libvirtd fi fi #DEBHELPER# debian/nova-common.manpages0000664000000000000000000000007212764501734013146 0ustar doc/build/man/nova-rootwrap.1 doc/build/man/nova-manage.1 debian/nova-api-os-compute.logrotate0000664000000000000000000000016012764501734014723 0ustar /var/log/nova/nova-api-os-compute.log { daily missingok compress delaycompress notifempty } debian/nova-cells.logrotate0000664000000000000000000000014712764501734013170 0ustar /var/log/nova/nova-cells.log { daily missingok compress delaycompress notifempty }