#
#
-# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Google Inc.
+# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Google Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
from ganeti import compat
from ganeti import pathutils
from ganeti import vcluster
+from ganeti import ht
_BOOT_ID_PATH = "/proc/sys/kernel/random/boot_id"
-_ALLOWED_CLEAN_DIRS = frozenset([
+_ALLOWED_CLEAN_DIRS = compat.UniqueFrozenset([
pathutils.DATA_DIR,
pathutils.JOB_QUEUE_ARCHIVE_DIR,
pathutils.QUEUE_DIR,
_MASTER_START = "start"
_MASTER_STOP = "stop"
+#: Maximum file permissions for restricted command directory and executables
+_RCMD_MAX_MODE = (stat.S_IRWXU |
+ stat.S_IRGRP | stat.S_IXGRP |
+ stat.S_IROTH | stat.S_IXOTH)
+
+#: Delay before returning an error for restricted commands
+_RCMD_INVALID_DELAY = 10
+
+#: How long to wait to acquire lock for restricted commands (shorter than
+#: L{_RCMD_INVALID_DELAY}) to reduce blockage of noded forks when many
+#: command requests arrive
+_RCMD_LOCK_TIMEOUT = _RCMD_INVALID_DELAY * 0.8
+
class RPCFail(Exception):
"""Class denoting RPC failure.
"""
+def _GetInstReasonFilename(instance_name):
+ """Path of the file containing the reason of the instance status change.
+
+ @type instance_name: string
+ @param instance_name: The name of the instance
+ @rtype: string
+ @return: The path of the file
+
+ """
+ return utils.PathJoin(pathutils.INSTANCE_REASON_DIR, instance_name)
+
+
+def _StoreInstReasonTrail(instance_name, trail):
+ """Serialize a reason trail related to an instance change of state to file.
+
+ The exact location of the file depends on the name of the instance and on
+ the configuration of the Ganeti cluster defined at deploy time.
+
+ @type instance_name: string
+ @param instance_name: The name of the instance
+ @rtype: None
+
+ """
+ json = serializer.DumpJson(trail)
+ filename = _GetInstReasonFilename(instance_name)
+ utils.WriteFile(filename, data=json)
+
+
def _Fail(msg, *args, **kwargs):
"""Log an error and the raise an RPCFail exception.
result = utils.RunCmd([setup_script, action], env=env, reset_env=True)
if result.failed:
- _Fail("Failed to %s the master IP. Script return value: %s" %
- (action, result.exit_code), log=True)
+ _Fail("Failed to %s the master IP. Script return value: %s, output: '%s'" %
+ (action, result.exit_code, result.output), log=True)
@RunLocalHooks(constants.FAKE_OP_MASTER_TURNUP, "master-ip-turnup",
raise errors.QuitGanetiException(True, "Shutdown scheduled")
-def _GetVgInfo(name):
+def _GetVgInfo(name, excl_stor):
"""Retrieves information about a LVM volume group.
"""
# TODO: GetVGInfo supports returning information for multiple VGs at once
- vginfo = bdev.LogicalVolume.GetVGInfo([name])
+ vginfo = bdev.LogicalVolume.GetVGInfo([name], excl_stor)
if vginfo:
vg_free = int(round(vginfo[0][0], 0))
vg_size = int(round(vginfo[0][1], 0))
return map(fn, names)
-def GetNodeInfo(vg_names, hv_names):
+def GetNodeInfo(vg_names, hv_names, excl_stor):
"""Gives back a hash with different information about the node.
@type vg_names: list of string
@param vg_names: Names of the volume groups to ask for disk space information
@type hv_names: list of string
@param hv_names: Names of the hypervisors to ask for node information
+ @type excl_stor: boolean
+ @param excl_stor: Whether exclusive_storage is active
@rtype: tuple; (string, None/dict, None/dict)
@return: Tuple containing boot ID, volume group information and hypervisor
information
"""
bootid = utils.ReadFile(_BOOT_ID_PATH, size=128).rstrip("\n")
- vg_info = _GetNamedNodeInfo(vg_names, _GetVgInfo)
+ vg_info = _GetNamedNodeInfo(vg_names, (lambda vg: _GetVgInfo(vg, excl_stor)))
hv_info = _GetNamedNodeInfo(hv_names, _GetHvInfo)
return (bootid, vg_info, hv_info)
+def _CheckExclusivePvs(pvi_list):
+ """Check that PVs are not shared among LVs
+
+ @type pvi_list: list of L{objects.LvmPvInfo} objects
+ @param pvi_list: information about the PVs
+
+ @rtype: list of tuples (string, list of strings)
+ @return: offending volumes, as tuples: (pv_name, [lv1_name, lv2_name...])
+
+ """
+ res = []
+ for pvi in pvi_list:
+ if len(pvi.lv_list) > 1:
+ res.append((pvi.name, pvi.lv_list))
+ return res
+
+
def VerifyNode(what, cluster_name):
"""Verify the status of the local node.
if constants.NV_USERSCRIPTS in what:
result[constants.NV_USERSCRIPTS] = \
[script for script in what[constants.NV_USERSCRIPTS]
- if not (os.path.exists(script) and os.access(script, os.X_OK))]
+ if not utils.IsExecutable(script)]
if constants.NV_OOB_PATHS in what:
result[constants.NV_OOB_PATHS] = tmp = []
result[constants.NV_VGLIST] = utils.ListVolumeGroups()
if constants.NV_PVLIST in what and vm_capable:
- result[constants.NV_PVLIST] = \
- bdev.LogicalVolume.GetPVInfo(what[constants.NV_PVLIST],
- filter_allocatable=False)
+ check_exclusive_pvs = constants.NV_EXCLUSIVEPVS in what
+ val = bdev.LogicalVolume.GetPVInfo(what[constants.NV_PVLIST],
+ filter_allocatable=False,
+ include_lvs=check_exclusive_pvs)
+ if check_exclusive_pvs:
+ result[constants.NV_EXCLUSIVEPVS] = _CheckExclusivePvs(val)
+ for pvi in val:
+ # Avoid sending useless data on the wire
+ pvi.lv_list = []
+ result[constants.NV_PVLIST] = map(objects.LvmPvInfo.ToDict, val)
if constants.NV_VERSION in what:
result[constants.NV_VERSION] = (constants.PROTOCOL_VERSION,
" log file:\n%s", result.fail_reason, "\n".join(lines), log=False)
-def _GetBlockDevSymlinkPath(instance_name, idx):
- return utils.PathJoin(pathutils.DISK_LINKS_DIR, "%s%s%d" %
- (instance_name, constants.DISK_SEPARATOR, idx))
+def _GetBlockDevSymlinkPath(instance_name, idx, _dir=None):
+ """Returns symlink path for block device.
+
+ """
+ if _dir is None:
+ _dir = pathutils.DISK_LINKS_DIR
+
+ return utils.PathJoin(_dir,
+ ("%s%s%s" %
+ (instance_name, constants.DISK_SEPARATOR, idx)))
def _SymlinkBlockDev(instance_name, device_path, idx):
elif reboot_type == constants.INSTANCE_REBOOT_HARD:
try:
InstanceShutdown(instance, shutdown_timeout)
- return StartInstance(instance, False)
+ result = StartInstance(instance, False)
+ return result
except errors.HypervisorError, err:
_Fail("Failed to hard reboot instance %s: %s", instance.name, err)
else:
_Fail("Failed to get migration status: %s", err, exc=True)
-def BlockdevCreate(disk, size, owner, on_primary, info):
+def BlockdevCreate(disk, size, owner, on_primary, info, excl_stor):
"""Creates a block device for an instance.
@type disk: L{objects.Disk}
@type info: string
@param info: string that will be sent to the physical device
creation, used for example to set (LVM) tags on LVs
+ @type excl_stor: boolean
+ @param excl_stor: Whether exclusive_storage is active
@return: the new unique_id of the device (this can sometime be
computed only after creation), or None. On secondary nodes,
clist.append(crdev)
try:
- device = bdev.Create(disk, clist)
+ device = bdev.Create(disk, clist, excl_stor)
except errors.BlockDeviceError, err:
_Fail("Can't create block device: %s", err)
result["NIC_%d_BRIDGE" % idx] = nic.nicparams[constants.NIC_LINK]
if nic.nicparams[constants.NIC_LINK]:
result["NIC_%d_LINK" % idx] = nic.nicparams[constants.NIC_LINK]
+ if nic.netinfo:
+ nobj = objects.Network.FromDict(nic.netinfo)
+ result.update(nobj.HooksDict("NIC_%d_" % idx))
if constants.HV_NIC_TYPE in instance.hvparams:
result["NIC_%d_FRONTEND_TYPE" % idx] = \
instance.hvparams[constants.HV_NIC_TYPE]
return result
+def DiagnoseExtStorage(top_dirs=None):
+ """Compute the validity for all ExtStorage Providers.
+
+ @type top_dirs: list
+ @param top_dirs: the list of directories in which to
+ search (if not given defaults to
+ L{pathutils.ES_SEARCH_PATH})
+ @rtype: list of L{objects.ExtStorage}
+ @return: a list of tuples (name, path, status, diagnose, parameters)
+ for all (potential) ExtStorage Providers under all
+ search paths, where:
+ - name is the (potential) ExtStorage Provider
+ - path is the full path to the ExtStorage Provider
+ - status True/False is the validity of the ExtStorage Provider
+ - diagnose is the error message for an invalid ExtStorage Provider,
+ otherwise empty
+ - parameters is a list of (name, help) parameters, if any
+
+ """
+ if top_dirs is None:
+ top_dirs = pathutils.ES_SEARCH_PATH
+
+ result = []
+ for dir_name in top_dirs:
+ if os.path.isdir(dir_name):
+ try:
+ f_names = utils.ListVisibleFiles(dir_name)
+ except EnvironmentError, err:
+ logging.exception("Can't list the ExtStorage directory %s: %s",
+ dir_name, err)
+ break
+ for name in f_names:
+ es_path = utils.PathJoin(dir_name, name)
+ status, es_inst = bdev.ExtStorageFromDisk(name, base_dir=dir_name)
+ if status:
+ diagnose = ""
+ parameters = es_inst.supported_parameters
+ else:
+ diagnose = es_inst
+ parameters = []
+ result.append((name, es_path, status, diagnose, parameters))
+
+ return result
+
+
def BlockdevGrow(disk, amount, dryrun, backingstore):
"""Grow a stack of block devices.
config.set(constants.INISECT_INS, "nic%d_mac" %
nic_count, "%s" % nic.mac)
config.set(constants.INISECT_INS, "nic%d_ip" % nic_count, "%s" % nic.ip)
+ config.set(constants.INISECT_INS, "nic%d_network" % nic_count,
+ "%s" % nic.network)
for param in constants.NICS_PARAMETER_TYPES:
config.set(constants.INISECT_INS, "nic%d_%s" % (nic_count, param),
"%s" % nic.nicparams.get(param, None))
# Write and replace the file atomically
utils.WriteFile(file_name, data=_Decompress(content), uid=getents.masterd_uid,
- gid=getents.masterd_gid)
+ gid=getents.daemons_gid, mode=constants.JOB_QUEUE_FILES_PERMS)
def JobQueueRename(old, new):
getents = runtime.GetEnts()
- utils.RenameFile(old, new, mkdir=True, mkdir_mode=0700,
- dir_uid=getents.masterd_uid, dir_gid=getents.masterd_gid)
+ utils.RenameFile(old, new, mkdir=True, mkdir_mode=0750,
+ dir_uid=getents.masterd_uid, dir_gid=getents.daemons_gid)
def BlockdevClose(instance_name, disks):
hyper.PowercycleNode()
+def _VerifyRestrictedCmdName(cmd):
+ """Verifies a restricted command name.
+
+ @type cmd: string
+ @param cmd: Command name
+ @rtype: tuple; (boolean, string or None)
+ @return: The tuple's first element is the status; if C{False}, the second
+ element is an error message string, otherwise it's C{None}
+
+ """
+ if not cmd.strip():
+ return (False, "Missing command name")
+
+ if os.path.basename(cmd) != cmd:
+ return (False, "Invalid command name")
+
+ if not constants.EXT_PLUGIN_MASK.match(cmd):
+ return (False, "Command name contains forbidden characters")
+
+ return (True, None)
+
+
+def _CommonRestrictedCmdCheck(path, owner):
+ """Common checks for restricted command file system directories and files.
+
+ @type path: string
+ @param path: Path to check
+ @param owner: C{None} or tuple containing UID and GID
+ @rtype: tuple; (boolean, string or C{os.stat} result)
+ @return: The tuple's first element is the status; if C{False}, the second
+ element is an error message string, otherwise it's the result of C{os.stat}
+
+ """
+ if owner is None:
+ # Default to root as owner
+ owner = (0, 0)
+
+ try:
+ st = os.stat(path)
+ except EnvironmentError, err:
+ return (False, "Can't stat(2) '%s': %s" % (path, err))
+
+ if stat.S_IMODE(st.st_mode) & (~_RCMD_MAX_MODE):
+ return (False, "Permissions on '%s' are too permissive" % path)
+
+ if (st.st_uid, st.st_gid) != owner:
+ (owner_uid, owner_gid) = owner
+ return (False, "'%s' is not owned by %s:%s" % (path, owner_uid, owner_gid))
+
+ return (True, st)
+
+
+def _VerifyRestrictedCmdDirectory(path, _owner=None):
+ """Verifies restricted command directory.
+
+ @type path: string
+ @param path: Path to check
+ @rtype: tuple; (boolean, string or None)
+ @return: The tuple's first element is the status; if C{False}, the second
+ element is an error message string, otherwise it's C{None}
+
+ """
+ (status, value) = _CommonRestrictedCmdCheck(path, _owner)
+
+ if not status:
+ return (False, value)
+
+ if not stat.S_ISDIR(value.st_mode):
+ return (False, "Path '%s' is not a directory" % path)
+
+ return (True, None)
+
+
+def _VerifyRestrictedCmd(path, cmd, _owner=None):
+ """Verifies a whole restricted command and returns its executable filename.
+
+ @type path: string
+ @param path: Directory containing restricted commands
+ @type cmd: string
+ @param cmd: Command name
+ @rtype: tuple; (boolean, string)
+ @return: The tuple's first element is the status; if C{False}, the second
+ element is an error message string, otherwise the second element is the
+ absolute path to the executable
+
+ """
+ executable = utils.PathJoin(path, cmd)
+
+ (status, msg) = _CommonRestrictedCmdCheck(executable, _owner)
+
+ if not status:
+ return (False, msg)
+
+ if not utils.IsExecutable(executable):
+ return (False, "access(2) thinks '%s' can't be executed" % executable)
+
+ return (True, executable)
+
+
+def _PrepareRestrictedCmd(path, cmd,
+ _verify_dir=_VerifyRestrictedCmdDirectory,
+ _verify_name=_VerifyRestrictedCmdName,
+ _verify_cmd=_VerifyRestrictedCmd):
+ """Performs a number of tests on a restricted command.
+
+ @type path: string
+ @param path: Directory containing restricted commands
+ @type cmd: string
+ @param cmd: Command name
+ @return: Same as L{_VerifyRestrictedCmd}
+
+ """
+ # Verify the directory first
+ (status, msg) = _verify_dir(path)
+ if status:
+ # Check command if everything was alright
+ (status, msg) = _verify_name(cmd)
+
+ if not status:
+ return (False, msg)
+
+ # Check actual executable
+ return _verify_cmd(path, cmd)
+
+
+def RunRestrictedCmd(cmd,
+ _lock_timeout=_RCMD_LOCK_TIMEOUT,
+ _lock_file=pathutils.RESTRICTED_COMMANDS_LOCK_FILE,
+ _path=pathutils.RESTRICTED_COMMANDS_DIR,
+ _sleep_fn=time.sleep,
+ _prepare_fn=_PrepareRestrictedCmd,
+ _runcmd_fn=utils.RunCmd,
+ _enabled=constants.ENABLE_RESTRICTED_COMMANDS):
+ """Executes a restricted command after performing strict tests.
+
+ @type cmd: string
+ @param cmd: Command name
+ @rtype: string
+ @return: Command output
+ @raise RPCFail: In case of an error
+
+ """
+ logging.info("Preparing to run restricted command '%s'", cmd)
+
+ if not _enabled:
+ _Fail("Restricted commands disabled at configure time")
+
+ lock = None
+ try:
+ cmdresult = None
+ try:
+ lock = utils.FileLock.Open(_lock_file)
+ lock.Exclusive(blocking=True, timeout=_lock_timeout)
+
+ (status, value) = _prepare_fn(_path, cmd)
+
+ if status:
+ cmdresult = _runcmd_fn([value], env={}, reset_env=True,
+ postfork_fn=lambda _: lock.Unlock())
+ else:
+ logging.error(value)
+ except Exception: # pylint: disable=W0703
+ # Keep original error in log
+ logging.exception("Caught exception")
+
+ if cmdresult is None:
+ logging.info("Sleeping for %0.1f seconds before returning",
+ _RCMD_INVALID_DELAY)
+ _sleep_fn(_RCMD_INVALID_DELAY)
+
+ # Do not include original error message in returned error
+ _Fail("Executing command '%s' failed" % cmd)
+ elif cmdresult.failed or cmdresult.fail_reason:
+ _Fail("Restricted command '%s' failed: %s; output: %s",
+ cmd, cmdresult.fail_reason, cmdresult.output)
+ else:
+ return cmdresult.output
+ finally:
+ if lock is not None:
+ # Release lock at last
+ lock.Close()
+ lock = None
+
+
+def SetWatcherPause(until, _filename=pathutils.WATCHER_PAUSEFILE):
+ """Creates or removes the watcher pause file.
+
+ @type until: None or number
+ @param until: Unix timestamp saying until when the watcher shouldn't run
+
+ """
+ if until is None:
+ logging.info("Received request to no longer pause watcher")
+ utils.RemoveFile(_filename)
+ else:
+ logging.info("Received request to pause watcher until %s", until)
+
+ if not ht.TNumber(until):
+ _Fail("Duration must be numeric")
+
+ utils.WriteFile(_filename, data="%d\n" % (until, ), mode=0644)
+
+
class HooksRunner(object):
"""Hook runner.
projects / ganeti-local / blobdiff