2013-07-08 11:11:16 +01:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
2016-01-18 10:19:17 +00:00
|
|
|
# Copyright (c) 2012 OpenStack Foundation
|
2013-07-08 11:11:16 +01:00
|
|
|
# All Rights Reserved.
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
# not use this file except in compliance with the License. You may obtain
|
|
|
|
# a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
|
|
# License for the specific language governing permissions and limitations
|
|
|
|
# under the License.
|
|
|
|
|
|
|
|
"""Neutron root wrapper for dom0.
|
|
|
|
|
|
|
|
Executes networking commands in dom0. The XenAPI plugin is
|
|
|
|
responsible determining whether a command is safe to execute.
|
|
|
|
|
|
|
|
"""
|
2013-09-18 02:35:53 -07:00
|
|
|
from __future__ import print_function
|
2013-07-08 11:11:16 +01:00
|
|
|
|
2015-05-07 13:00:38 +00:00
|
|
|
from six.moves import configparser as ConfigParser
|
2015-08-11 06:01:25 -07:00
|
|
|
from oslo_serialization import jsonutils as json
|
|
|
|
|
2013-07-08 11:11:16 +01:00
|
|
|
import os
|
2013-12-16 13:43:38 +01:00
|
|
|
import select
|
2013-07-08 11:11:16 +01:00
|
|
|
import sys
|
|
|
|
|
2016-11-24 23:29:06 -08:00
|
|
|
from os_xenapi.client import XenAPI
|
2013-07-08 11:11:16 +01:00
|
|
|
|
|
|
|
|
|
|
|
RC_UNAUTHORIZED = 99
|
|
|
|
RC_NOCOMMAND = 98
|
|
|
|
RC_BADCONFIG = 97
|
|
|
|
RC_XENAPI_ERROR = 96
|
|
|
|
|
|
|
|
|
|
|
|
def parse_args():
|
|
|
|
# Split arguments, require at least a command
|
|
|
|
exec_name = sys.argv.pop(0)
|
|
|
|
# argv[0] required; path to conf file
|
|
|
|
if len(sys.argv) < 2:
|
2016-07-12 22:48:01 -07:00
|
|
|
sys.stderr.write("%s: No command specified" % exec_name)
|
2013-07-08 11:11:16 +01:00
|
|
|
sys.exit(RC_NOCOMMAND)
|
|
|
|
|
|
|
|
config_file = sys.argv.pop(0)
|
|
|
|
user_args = sys.argv[:]
|
|
|
|
|
|
|
|
return exec_name, config_file, user_args
|
|
|
|
|
|
|
|
|
|
|
|
def _xenapi_section_name(config):
|
|
|
|
sections = [sect for sect in config.sections() if sect.lower() == "xenapi"]
|
|
|
|
if len(sections) == 1:
|
|
|
|
return sections[0]
|
|
|
|
|
2016-07-12 22:48:01 -07:00
|
|
|
sys.stderr.write("Multiple [xenapi] sections or no [xenapi] section found!")
|
2013-07-08 11:11:16 +01:00
|
|
|
sys.exit(RC_BADCONFIG)
|
|
|
|
|
|
|
|
|
|
|
|
def load_configuration(exec_name, config_file):
|
|
|
|
config = ConfigParser.RawConfigParser()
|
|
|
|
config.read(config_file)
|
|
|
|
try:
|
|
|
|
exec_dirs = config.get("DEFAULT", "exec_dirs").split(",")
|
|
|
|
filters_path = config.get("DEFAULT", "filters_path").split(",")
|
|
|
|
section = _xenapi_section_name(config)
|
|
|
|
url = config.get(section, "xenapi_connection_url")
|
|
|
|
username = config.get(section, "xenapi_connection_username")
|
|
|
|
password = config.get(section, "xenapi_connection_password")
|
|
|
|
except ConfigParser.Error:
|
2016-07-12 22:48:01 -07:00
|
|
|
sys.stderr.write("%s: Incorrect configuration file: %s" %
|
|
|
|
(exec_name, config_file))
|
2013-07-08 11:11:16 +01:00
|
|
|
sys.exit(RC_BADCONFIG)
|
|
|
|
if not url or not password:
|
|
|
|
msg = ("%s: Must specify xenapi_connection_url, "
|
|
|
|
"xenapi_connection_username (optionally), and "
|
|
|
|
"xenapi_connection_password in %s") % (exec_name, config_file)
|
2016-07-12 22:48:01 -07:00
|
|
|
sys.stderr.write(msg)
|
2013-07-08 11:11:16 +01:00
|
|
|
sys.exit(RC_BADCONFIG)
|
|
|
|
return dict(
|
|
|
|
filters_path=filters_path,
|
|
|
|
url=url,
|
|
|
|
username=username,
|
|
|
|
password=password,
|
|
|
|
exec_dirs=exec_dirs,
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
def filter_command(exec_name, filters_path, user_args, exec_dirs):
|
|
|
|
# Add ../ to sys.path to allow running from branch
|
|
|
|
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(exec_name),
|
|
|
|
os.pardir, os.pardir))
|
|
|
|
if os.path.exists(os.path.join(possible_topdir, "neutron", "__init__.py")):
|
|
|
|
sys.path.insert(0, possible_topdir)
|
|
|
|
|
2015-02-18 16:50:29 -08:00
|
|
|
from oslo_rootwrap import wrapper
|
2013-07-08 11:11:16 +01:00
|
|
|
|
|
|
|
# Execute command if it matches any of the loaded filters
|
|
|
|
filters = wrapper.load_filters(filters_path)
|
|
|
|
filter_match = wrapper.match_filter(
|
|
|
|
filters, user_args, exec_dirs=exec_dirs)
|
|
|
|
if not filter_match:
|
2016-07-12 22:48:01 -07:00
|
|
|
sys.stderr.write("Unauthorized command: %s" % ' '.join(user_args))
|
2013-07-08 11:11:16 +01:00
|
|
|
sys.exit(RC_UNAUTHORIZED)
|
|
|
|
|
|
|
|
|
2013-12-16 13:43:38 +01:00
|
|
|
def run_command(url, username, password, user_args, cmd_input):
|
2013-07-08 11:11:16 +01:00
|
|
|
try:
|
|
|
|
session = XenAPI.Session(url)
|
|
|
|
session.login_with_password(username, password)
|
2016-03-18 11:12:10 -05:00
|
|
|
try:
|
|
|
|
host = session.xenapi.session.get_this_host(session.handle)
|
|
|
|
result = session.xenapi.host.call_plugin(
|
2016-11-24 23:29:06 -08:00
|
|
|
host, 'netwrap.py', 'run_command',
|
2016-03-18 11:12:10 -05:00
|
|
|
{'cmd': json.dumps(user_args), 'cmd_input': json.dumps(cmd_input)})
|
2016-07-12 22:48:01 -07:00
|
|
|
result_dict = json.loads(result)
|
|
|
|
returncode = result_dict.get('returncode')
|
|
|
|
captured_stdout = result_dict.get('out')
|
|
|
|
captured_stderr = result_dict.get('err')
|
|
|
|
sys.stdout.write(captured_stdout)
|
|
|
|
sys.stderr.write(captured_stderr)
|
|
|
|
sys.exit(returncode)
|
2016-03-18 11:12:10 -05:00
|
|
|
finally:
|
|
|
|
session.xenapi.session.logout()
|
2013-07-08 11:11:16 +01:00
|
|
|
except Exception as e:
|
2016-07-12 22:48:01 -07:00
|
|
|
sys.stderr.write("Failed to execute command in Dom0, %s" % e)
|
2013-07-08 11:11:16 +01:00
|
|
|
sys.exit(RC_XENAPI_ERROR)
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
2016-11-24 23:29:06 -08:00
|
|
|
# Deprecated: This script is deprecated and will be deleted in next release
|
|
|
|
sys.stderr.write("Deprecated: neutron-rootwrap-xen-dom0 is deprecated, "
|
|
|
|
"will be deleted in next release.")
|
2013-07-08 11:11:16 +01:00
|
|
|
exec_name, config_file, user_args = parse_args()
|
|
|
|
config = load_configuration(exec_name, config_file)
|
|
|
|
filter_command(exec_name, config['filters_path'], user_args, config['exec_dirs'])
|
2013-12-16 13:43:38 +01:00
|
|
|
|
|
|
|
# If data is available on the standard input, we need to pass it to the
|
|
|
|
# command executed in dom0
|
|
|
|
cmd_input = None
|
|
|
|
if select.select([sys.stdin,],[],[],0.0)[0]:
|
|
|
|
cmd_input = "".join(sys.stdin)
|
|
|
|
|
2013-07-08 11:11:16 +01:00
|
|
|
return run_command(config['url'], config['username'], config['password'],
|
2013-12-16 13:43:38 +01:00
|
|
|
user_args, cmd_input)
|
2013-07-08 11:11:16 +01:00
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
2016-07-12 22:48:01 -07:00
|
|
|
main()
|