Revision d19d94db

b/lib/constants.py
700 700
    HV_MIGRATION_PORT: 8102,
701 701
    HV_USE_LOCALTIME: False,
702 702
    HV_DISK_CACHE: HT_CACHE_DEFAULT,
703
    HV_SECURITY_MODEL: HT_SM_NONE,
704
    HV_SECURITY_DOMAIN: '',
703 705
    },
704 706
  HT_FAKE: {
705 707
    },
b/lib/hypervisor/hv_kvm.py
29 29
import tempfile
30 30
import time
31 31
import logging
32
import pwd
32 33
from cStringIO import StringIO
33 34

  
34 35
from ganeti import utils
......
76 77
    constants.HV_USE_LOCALTIME: hv_base.NO_CHECK,
77 78
    constants.HV_DISK_CACHE:
78 79
      hv_base.ParamInSet(True, constants.HT_VALID_CACHE_TYPES),
80
    constants.HV_SECURITY_MODEL:
81
      hv_base.ParamInSet(True, constants.HT_KVM_VALID_SM_TYPES),
82
    constants.HV_SECURITY_DOMAIN: hv_base.NO_CHECK,
79 83
    }
80 84

  
81 85
  _MIGRATION_STATUS_RE = re.compile('Migration\s+status:\s+(\w+)',
......
325 329
    boot_cdrom = hvp[constants.HV_BOOT_ORDER] == constants.HT_BO_CDROM
326 330
    boot_network = hvp[constants.HV_BOOT_ORDER] == constants.HT_BO_NETWORK
327 331

  
332
    security_model = hvp[constants.HV_SECURITY_MODEL]
333
    if security_model == constants.HT_SM_USER:
334
      kvm_cmd.extend(['-runas', hvp[constants.HV_SECURITY_DOMAIN]])
335

  
328 336
    if boot_network:
329 337
      kvm_cmd.extend(['-boot', 'n'])
330 338

  
......
791 799
      raise errors.HypervisorError("Cannot boot from cdrom without an"
792 800
                                   " ISO path")
793 801

  
802
    security_model = hvparams[constants.HV_SECURITY_MODEL]
803
    if security_model == constants.HT_SM_USER:
804
      if not hvparams[constants.HV_SECURITY_DOMAIN]:
805
        raise errors.HypervisorError("A security domain (user to run kvm as)"
806
                                     " must be specified")
807
    elif (security_model == constants.HT_SM_NONE or
808
          security_model == constants.HT_SM_POOL):
809
      if hvparams[constants.HV_SECURITY_DOMAIN]:
810
        raise errors.HypervisorError("Cannot have a security domain when the"
811
                                     " security model is 'none' or 'pool'")
812
    if security_model == constants.HT_SM_POOL:
813
      raise errors.HypervisorError("Security model pool is not supported yet")
814

  
815
  @classmethod
816
  def ValidateParameters(cls, hvparams):
817
    """Check the given parameters for validity.
818

  
819
    @type hvparams:  dict
820
    @param hvparams: dictionary with parameter names/value
821
    @raise errors.HypervisorError: when a parameter is not valid
822

  
823
    """
824
    super(KVMHypervisor, cls).ValidateParameters(hvparams)
825

  
826
    security_model = hvparams[constants.HV_SECURITY_MODEL]
827
    if security_model == constants.HT_SM_USER:
828
      username = hvparams[constants.HV_SECURITY_DOMAIN]
829
      try:
830
        pwdentry = pwd.getpwnam(username)
831
      except KeyError:
832
        raise errors.HypervisorError("Unknown security domain user %s"
833
                                     % username)
834

  
794 835
  @classmethod
795 836
  def PowercycleNode(cls):
796 837
    """KVM powercycle, just a wrapper over Linux powercycle.

Also available in: Unified diff