From 4d54ceaa1936482b809a7c3bc6c901b564e1481c Mon Sep 17 00:00:00 2001 From: Chuck Short Date: Sun, 16 Sep 2018 22:02:53 -0400 Subject: [PATCH] Move hscli to privsep Move the hscli usage to privsep, this is basically a straight copy of the hsexecute function. Change-Id: I0a8f1502506b32fdd6599bc2d0c385ebeb968172 Signed-off-by: Chuck Short --- cinder/privsep/hscli.py | 45 ++++++++++++++++++++++++++ cinder/volume/drivers/veritas/utils.py | 39 ++++------------------ etc/cinder/rootwrap.d/volume.filters | 3 -- 3 files changed, 52 insertions(+), 35 deletions(-) create mode 100644 cinder/privsep/hscli.py diff --git a/cinder/privsep/hscli.py b/cinder/privsep/hscli.py new file mode 100644 index 00000000000..4d7f85d6610 --- /dev/null +++ b/cinder/privsep/hscli.py @@ -0,0 +1,45 @@ +# Copyright 2018 Red Hat, Inc +# Copyright (c) 2017 Veritas Technologies LLC. All rights reserved. +# Copyright 2017 Rackspace Australia +# Copyright 2018 Michael Still and Aptira +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +""" +Helpers for hscli related routines +""" +from oslo_concurrency import processutils as putils +from oslo_log import log as logging + +from cinder import exception +import cinder.privsep + +LOG = logging.getLogger(__name__) + + +@cinder.privsep.sys_admin_pctxt.entrypoint +def hsexecute(cmdarg_json): + + cmd_out = None + cmd_err = None + try: + # call hyperscale cli + (cmd_out, cmd_err) = putils.execute("hscli", cmdarg_json) + except (putils.UnknownArgumentError, putils.ProcessExecutionError, + OSError): + LOG.error("Exception in running the command for %s", + cmdarg_json, + exc_info=True) + raise exception.UnableToExecuteHyperScaleCmd(command=cmdarg_json) + + return (cmd_out, cmd_err) diff --git a/cinder/volume/drivers/veritas/utils.py b/cinder/volume/drivers/veritas/utils.py index 73d48ba9e9f..7ca90061a53 100644 --- a/cinder/volume/drivers/veritas/utils.py +++ b/cinder/volume/drivers/veritas/utils.py @@ -15,13 +15,12 @@ import json import uuid -from oslo_concurrency import processutils as putils from oslo_log import log as logging from oslo_utils import excutils import six from cinder import exception -from cinder import utils +from cinder.privsep import hscli from cinder.volume.drivers.veritas import hs_constants as constants LOG = logging.getLogger(__name__) @@ -59,7 +58,7 @@ def get_hyperscale_version(): cmdarg_json = json.dumps(cmd_arg) # call hscli for version - (cmd_out, cmd_err) = hsexecute(cmdarg_json) + (cmd_out, cmd_err) = hscli.hsexecute(cmdarg_json) # cmd_err should be None in case of successful execution of cmd if not cmd_err: @@ -89,7 +88,7 @@ def get_datanode_id(): cmdarg_json = json.dumps(cmd_arg) # call hscli for get_datanode_id - (cmd_out, cmd_err) = hsexecute(cmdarg_json) + (cmd_out, cmd_err) = hscli.hsexecute(cmdarg_json) # cmd_err should be None in case of successful execution of cmd if not cmd_err: @@ -124,7 +123,7 @@ def episodic_snap(meta): cmdarg_json = json.dumps(cmd_arg) # call hscli for episodic_snap - (cmd_out, cmd_err) = hsexecute(cmdarg_json) + (cmd_out, cmd_err) = hscli.hsexecute(cmdarg_json) # cmd_err should be None in case of successful execution of cmd if not cmd_err: @@ -162,7 +161,7 @@ def get_image_path(image_id, op_type='image'): cmdarg_json = json.dumps(cmd_arg) # call hscli for get_image_path - (cmd_out, cmd_err) = hsexecute(cmdarg_json) + (cmd_out, cmd_err) = hscli.hsexecute(cmdarg_json) # cmd_err should be None in case of successful execution of cmd if not cmd_err: @@ -197,7 +196,7 @@ def update_image(image_path, volume_id, hs_img_id): # create a json for cmd argument cmdarg_json = json.dumps(cmd_arg) - (cmd_out, cmd_err) = hsexecute(cmdarg_json) + (cmd_out, cmd_err) = hscli.hsexecute(cmdarg_json) # cmd_err should be None in case of successful execution of cmd if not cmd_err: @@ -218,30 +217,6 @@ def update_image(image_path, volume_id, hs_img_id): return output -def hsexecute(cmdarg_json): - - cmd_out = None - cmd_err = None - try: - # call hyperscale cli - (cmd_out, cmd_err) = utils.execute("hscli", - cmdarg_json, - run_as_root=True) - except (putils.UnknownArgumentError, putils.ProcessExecutionError, - OSError): - LOG.error("Exception in running the command for %s", - cmdarg_json, - exc_info=True) - raise exception.UnableToExecuteHyperScaleCmd(command=cmdarg_json) - - except Exception: - LOG.error("Internal exception in cmd for %s", cmdarg_json, - exc_info=True) - raise exception.UnableToExecuteHyperScaleCmd(command=cmdarg_json) - - return (cmd_out, cmd_err) - - def process_cmd_out(cmd_out): """Process the cmd output.""" @@ -315,7 +290,7 @@ def _send_message(exchange, routing_key, message_token, **kwargs): # create a json for cmd argument cmdarg_json = json.dumps(cmd_arg) - (cmd_out, cmd_err) = hsexecute(cmdarg_json) + (cmd_out, cmd_err) = hscli.hsexecute(cmdarg_json) # cmd_err should be none in case of successful execution of cmd if cmd_err: diff --git a/etc/cinder/rootwrap.d/volume.filters b/etc/cinder/rootwrap.d/volume.filters index 322333ded89..9ad11694170 100644 --- a/etc/cinder/rootwrap.d/volume.filters +++ b/etc/cinder/rootwrap.d/volume.filters @@ -10,9 +10,6 @@ tgt-admin: CommandFilter, tgt-admin, root cinder-rtstool: CommandFilter, cinder-rtstool, root scstadmin: CommandFilter, scstadmin, root -# HyperScale command to handle cinder operations -hscli: CommandFilter, hscli, root - # LVM related show commands pvs: EnvFilter, env, root, LC_ALL=C, pvs vgs: EnvFilter, env, root, LC_ALL=C, vgs