From 72b35807acc955522c0c397dc10c891a9c22ffea Mon Sep 17 00:00:00 2001 From: Michael Hanselmann Date: Fri, 5 Oct 2012 02:43:47 +0200 Subject: [PATCH] Check allowed file storage paths during cluster-verify Some paths, such as /bin or /usr/lib, should not be used for file storage. This patch implements a check during cluster verification to fail in case such a path has been used. Signed-off-by: Michael Hanselmann Reviewed-by: Iustin Pop --- lib/backend.py | 4 ++++ lib/cmdlib.py | 37 +++++++++++++++++++++++++++++++++++++ lib/constants.py | 4 ++++ 3 files changed, 45 insertions(+) diff --git a/lib/backend.py b/lib/backend.py index 6da70d6..4e9d895 100644 --- a/lib/backend.py +++ b/lib/backend.py @@ -801,6 +801,10 @@ def VerifyNode(what, cluster_name): for bridge in what[constants.NV_BRIDGES] if not utils.BridgeExists(bridge)] + if what.get(constants.NV_FILE_STORAGE_PATHS) == my_name: + result[constants.NV_FILE_STORAGE_PATHS] = \ + bdev.ComputeWrongFileStoragePaths() + return result diff --git a/lib/cmdlib.py b/lib/cmdlib.py index 6d998e4..beac311 100644 --- a/lib/cmdlib.py +++ b/lib/cmdlib.py @@ -2784,6 +2784,37 @@ class LUClusterVerifyGroup(LogicalUnit, _VerifyErrors): "OSes present on reference node %s but missing on this node: %s", base.name, utils.CommaJoin(missing)) + def _VerifyFileStoragePaths(self, ninfo, nresult, is_master): + """Verifies paths in L{pathutils.FILE_STORAGE_PATHS_FILE}. + + @type ninfo: L{objects.Node} + @param ninfo: the node to check + @param nresult: the remote results for the node + @type is_master: bool + @param is_master: Whether node is the master node + + """ + node = ninfo.name + + if (is_master and + (constants.ENABLE_FILE_STORAGE or + constants.ENABLE_SHARED_FILE_STORAGE)): + try: + fspaths = nresult[constants.NV_FILE_STORAGE_PATHS] + except KeyError: + # This should never happen + self._ErrorIf(True, constants.CV_ENODEFILESTORAGEPATHS, node, + "Node did not return forbidden file storage paths") + else: + self._ErrorIf(fspaths, constants.CV_ENODEFILESTORAGEPATHS, node, + "Found forbidden file storage paths: %s", + utils.CommaJoin(fspaths)) + else: + self._ErrorIf(constants.NV_FILE_STORAGE_PATHS in nresult, + constants.CV_ENODEFILESTORAGEPATHS, node, + "Node should not have returned forbidden file storage" + " paths") + def _VerifyOob(self, ninfo, nresult): """Verifies out of band functionality of a node. @@ -3126,6 +3157,10 @@ class LUClusterVerifyGroup(LogicalUnit, _VerifyErrors): node_verify_param[constants.NV_DRBDLIST] = None node_verify_param[constants.NV_DRBDHELPER] = drbd_helper + if constants.ENABLE_FILE_STORAGE or constants.ENABLE_SHARED_FILE_STORAGE: + # Load file storage paths only from master node + node_verify_param[constants.NV_FILE_STORAGE_PATHS] = master_node + # bridge checks # FIXME: this needs to be changed per node-group, not cluster-wide bridges = set() @@ -3279,6 +3314,8 @@ class LUClusterVerifyGroup(LogicalUnit, _VerifyErrors): self._VerifyNodeNetwork(node_i, nresult) self._VerifyNodeUserScripts(node_i, nresult) self._VerifyOob(node_i, nresult) + self._VerifyFileStoragePaths(node_i, nresult, + node == master_node) if nimg.vm_capable: self._VerifyNodeLVM(node_i, nresult, vg_name) diff --git a/lib/constants.py b/lib/constants.py index b0745ec..1673bed 100644 --- a/lib/constants.py +++ b/lib/constants.py @@ -1330,6 +1330,8 @@ CV_ENODEOOBPATH = \ (CV_TNODE, "ENODEOOBPATH", "Invalid Out Of Band path") CV_ENODEUSERSCRIPTS = \ (CV_TNODE, "ENODEUSERSCRIPTS", "User scripts not present or not executable") +CV_ENODEFILESTORAGEPATHS = \ + (CV_TNODE, "ENODEFILESTORAGEPATHS", "Detected bad file storage paths") CV_ALL_ECODES = frozenset([ CV_ECLUSTERCFG, @@ -1363,6 +1365,7 @@ CV_ALL_ECODES = frozenset([ CV_ENODETIME, CV_ENODEOOBPATH, CV_ENODEUSERSCRIPTS, + CV_ENODEFILESTORAGEPATHS, ]) CV_ALL_ECODES_STRINGS = frozenset(estr for (_, estr, _) in CV_ALL_ECODES) @@ -1389,6 +1392,7 @@ NV_VMNODES = "vmnodes" NV_OOB_PATHS = "oob-paths" NV_BRIDGES = "bridges" NV_USERSCRIPTS = "user-scripts" +NV_FILE_STORAGE_PATHS = "file-storage-paths" # Instance status INSTST_RUNNING = "running" -- 1.7.10.4