Check allowed file storage paths during cluster-verify

Some paths, such as /bin or /usr/lib, should not be used for file
storage. This patch implements a check during cluster verification to
fail in case such a path has been used.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

diff --git a/lib/backend.py b/lib/backend.py
index 6da70d6..4e9d895 100644 (file)
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -801,6 +801,10 @@ def VerifyNode(what, cluster_name):
                                     for bridge in what[constants.NV_BRIDGES]
                                     if not utils.BridgeExists(bridge)]
 
+  if what.get(constants.NV_FILE_STORAGE_PATHS) == my_name:
+    result[constants.NV_FILE_STORAGE_PATHS] = \
+      bdev.ComputeWrongFileStoragePaths()
+
   return result
 
 

diff --git a/lib/cmdlib.py b/lib/cmdlib.py
index 6d998e4..beac311 100644 (file)
--- a/lib/cmdlib.py
+++ b/lib/cmdlib.py
@@ -2784,6 +2784,37 @@ class LUClusterVerifyGroup(LogicalUnit, _VerifyErrors):
              "OSes present on reference node %s but missing on this node: %s",
              base.name, utils.CommaJoin(missing))
 
+  def _VerifyFileStoragePaths(self, ninfo, nresult, is_master):
+    """Verifies paths in L{pathutils.FILE_STORAGE_PATHS_FILE}.
+
+    @type ninfo: L{objects.Node}
+    @param ninfo: the node to check
+    @param nresult: the remote results for the node
+    @type is_master: bool
+    @param is_master: Whether node is the master node
+
+    """
+    node = ninfo.name
+
+    if (is_master and
+        (constants.ENABLE_FILE_STORAGE or
+         constants.ENABLE_SHARED_FILE_STORAGE)):
+      try:
+        fspaths = nresult[constants.NV_FILE_STORAGE_PATHS]
+      except KeyError:
+        # This should never happen
+        self._ErrorIf(True, constants.CV_ENODEFILESTORAGEPATHS, node,
+                      "Node did not return forbidden file storage paths")
+      else:
+        self._ErrorIf(fspaths, constants.CV_ENODEFILESTORAGEPATHS, node,
+                      "Found forbidden file storage paths: %s",
+                      utils.CommaJoin(fspaths))
+    else:
+      self._ErrorIf(constants.NV_FILE_STORAGE_PATHS in nresult,
+                    constants.CV_ENODEFILESTORAGEPATHS, node,
+                    "Node should not have returned forbidden file storage"
+                    " paths")
+
   def _VerifyOob(self, ninfo, nresult):
     """Verifies out of band functionality of a node.
 
@@ -3126,6 +3157,10 @@ class LUClusterVerifyGroup(LogicalUnit, _VerifyErrors):
       node_verify_param[constants.NV_DRBDLIST] = None
       node_verify_param[constants.NV_DRBDHELPER] = drbd_helper
 
+    if constants.ENABLE_FILE_STORAGE or constants.ENABLE_SHARED_FILE_STORAGE:
+      # Load file storage paths only from master node
+      node_verify_param[constants.NV_FILE_STORAGE_PATHS] = master_node
+
     # bridge checks
     # FIXME: this needs to be changed per node-group, not cluster-wide
     bridges = set()
@@ -3279,6 +3314,8 @@ class LUClusterVerifyGroup(LogicalUnit, _VerifyErrors):
       self._VerifyNodeNetwork(node_i, nresult)
       self._VerifyNodeUserScripts(node_i, nresult)
       self._VerifyOob(node_i, nresult)
+      self._VerifyFileStoragePaths(node_i, nresult,
+                                   node == master_node)
 
       if nimg.vm_capable:
         self._VerifyNodeLVM(node_i, nresult, vg_name)

diff --git a/lib/constants.py b/lib/constants.py
index b0745ec..1673bed 100644 (file)
--- a/lib/constants.py
+++ b/lib/constants.py
@@ -1330,6 +1330,8 @@ CV_ENODEOOBPATH = \
   (CV_TNODE, "ENODEOOBPATH", "Invalid Out Of Band path")
 CV_ENODEUSERSCRIPTS = \
   (CV_TNODE, "ENODEUSERSCRIPTS", "User scripts not present or not executable")
+CV_ENODEFILESTORAGEPATHS = \
+  (CV_TNODE, "ENODEFILESTORAGEPATHS", "Detected bad file storage paths")
 
 CV_ALL_ECODES = frozenset([
   CV_ECLUSTERCFG,
@@ -1363,6 +1365,7 @@ CV_ALL_ECODES = frozenset([
   CV_ENODETIME,
   CV_ENODEOOBPATH,
   CV_ENODEUSERSCRIPTS,
+  CV_ENODEFILESTORAGEPATHS,
   ])
 
 CV_ALL_ECODES_STRINGS = frozenset(estr for (_, estr, _) in CV_ALL_ECODES)
@@ -1389,6 +1392,7 @@ NV_VMNODES = "vmnodes"
 NV_OOB_PATHS = "oob-paths"
 NV_BRIDGES = "bridges"
 NV_USERSCRIPTS = "user-scripts"
+NV_FILE_STORAGE_PATHS = "file-storage-paths"
 
 # Instance status
 INSTST_RUNNING = "running"