Clear the OS scripts environment

The OS scripts currently run with the whole noded environment; this is
different from the hooks which run with a cleared one and most likely
an oversight.

This _might_ create problems when upgrading, so it needs to be clearly
announced for the new version.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

diff --git a/NEWS b/NEWS
index 153ff35..ca719a8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,9 @@ Version 2.5.0 beta1
 
 *(unreleased)*
 
+
+Incompatible/important changes:
+
 - The default of the ``/2/instances/[instance_name]/rename`` RAPI
   resource's ``ip_check`` parameter changed from ``True`` to ``False``
   to match the underlying LUXI interface
@@ -26,6 +29,9 @@ Version 2.5.0 beta1
 - The "cluster-verify" hooks are now executed per group by the
   OP_CLUSTER_VERIFY_GROUP opcode. This maintains the same behavior if
   you just run "gnt-cluster verify", which generates one op per group.
+- The environment as passed to the OS scripts is cleared, and thus no
+  environment variables defined in the node daemon's environment will be
+  inherited by the scripts
 
 
 Version 2.4.3

diff --git a/lib/backend.py b/lib/backend.py
index 30fe8ff..89dbe46 100644 (file)
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -966,7 +966,7 @@ def InstanceOsAdd(instance, reinstall, debug):
   logfile = _InstanceLogName("add", instance.os, instance.name)
 
   result = utils.RunCmd([inst_os.create_script], env=create_env,
-                        cwd=inst_os.path, output=logfile,)
+                        cwd=inst_os.path, output=logfile, reset_env=True)
   if result.failed:
     logging.error("os create command '%s' returned error: %s, logfile: %s,"
                   " output: %s", result.cmd, result.fail_reason, logfile,
@@ -999,7 +999,7 @@ def RunRenameInstance(instance, old_name, debug):
                              "%s-%s" % (old_name, instance.name))
 
   result = utils.RunCmd([inst_os.rename_script], env=rename_env,
-                        cwd=inst_os.path, output=logfile)
+                        cwd=inst_os.path, output=logfile, reset_env=True)
 
   if result.failed:
     logging.error("os create command '%s' returned error: %s output: %s",
@@ -2752,7 +2752,7 @@ def ValidateOS(required, osname, checks, osparams):
 
   validate_env = OSCoreEnv(osname, tbv, osparams)
   result = utils.RunCmd([tbv.verify_script] + checks, env=validate_env,
-                        cwd=tbv.path)
+                        cwd=tbv.path, reset_env=True)
   if result.failed:
     logging.error("os validate command '%s' returned error: %s output: %s",
                   result.cmd, result.fail_reason, result.output)

diff --git a/man/ganeti-os-interface.rst b/man/ganeti-os-interface.rst
index 4426766..000880c 100644 (file)
--- a/man/ganeti-os-interface.rst
+++ b/man/ganeti-os-interface.rst
@@ -30,6 +30,12 @@ common set of variables will be exported for all commands, and some
 of them might have extra ones. Note that all counts are
 zero-based.
 
+Since Ganeti version 2.5, the environment will be cleaned up before
+being passed to scripts, therefore they will not inherit the environment
+in with which the ganeti node daemon was started. If you depend on any
+environment variables (non-Ganeti), then you will need to define or
+source them appropriately.
+
 OS_API_VERSION
     The OS API version that the rest of the environment conforms to.