diff options
| author |   Matthew Thode <prometheanfire@gentoo.org> | 2016-01-07 11:55:40 -0600 |
|---|---|---|
| committer | Matthew Thode <prometheanfire@gentoo.org> | 2016-01-07 11:55:40 -0600 |
| commit | 82b087e56b85822daadc9457c90a1c3b1b0a4da0 (patch) | |
| tree | dd43baf09e68a16a63dc3f3d0ea87eb3a3d51317 /sys-cluster | |
| parent | media-radio/svxlink: Version bump (bug #569512) (diff) | |
| download | gentoo-82b087e56b85822daadc9457c90a1c3b1b0a4da0.tar.gz gentoo-82b087e56b85822daadc9457c90a1c3b1b0a4da0.tar.bz2 gentoo-82b087e56b85822daadc9457c90a1c3b1b0a4da0.zip | |
sys-cluster/nova: fixing CVE-2015-7548
Package-Manager: portage-2.2.26
Diffstat (limited to 'sys-cluster')
| -rw-r--r-- | sys-cluster/nova/Manifest | 2 | ||||
| -rw-r--r-- | sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch | 267 | ||||
| -rw-r--r-- | sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch | 168 | ||||
| -rw-r--r-- | sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch | 171 | ||||
| -rw-r--r-- | sys-cluster/nova/nova-12.0.0-r1.ebuild | 295 | ||||
| -rw-r--r-- | sys-cluster/nova/nova-2015.1.1-r3.ebuild | 253 | ||||
| -rw-r--r-- | sys-cluster/nova/nova-2015.1.2.ebuild | 253 |
7 files changed, 901 insertions, 508 deletions
diff --git a/sys-cluster/nova/Manifest b/sys-cluster/nova/Manifest index fb999f0a6975..4eb99d9a719b 100644 --- a/sys-cluster/nova/Manifest +++ b/sys-cluster/nova/Manifest @@ -1,4 +1,2 @@ DIST liberty-nova.conf.sample 134201 SHA256 32752212c571c4a1473c3fa8bbd197a658ee54e233b4d46a157807be42997e42 SHA512 5325a31a0fccb9898bec0a022f5430dcc1729615c8eac88a4261c403f9ecd8ce2b07d73b52f3bc2c5cbe681234b30b923adb94385aac28e08d982a8f8bfef350 WHIRLPOOL 6d2894160a96742551777ce397b67f332c4f2793402f4634a2cfd0005ba99fb077cf0d0306a59e4b8c7f689914860e5d7f45d838c845d6a896a66c24f0f141c0 DIST nova-12.0.0.tar.gz 5233669 SHA256 28416df09a1f99b78d001d133e30f51acce389749d7e111c9e7dce18e7462ac4 SHA512 e3304684e090e8ec6cb45df5d77835d8b7d7c881c08e49c89cfa547a2581ec13bd66c430db01d7e82345650a1bc6fea77faa37092f00313c4fd58390ea3627d7 WHIRLPOOL 53f3afbae0cd3b8884c9074299f17b26d73074466bad491636ab0ef0fe1e636fa08267c6d26fff9d9b1850e8c9100d509fc47d1b76588d8f1564b23ebd707b17 -DIST nova-2015.1.1.tar.gz 4544374 SHA256 d9b480827995727f2ccc06e4b5709e689e8a466006e07157ce92bc9d074e197e SHA512 7aad21fc59143cd4acab4a97980aafa9b1216789a0206c0d3098f5d96257e40baa77ef45696982648cc82a7f988f40525621da402871eeb398b21699932cea64 WHIRLPOOL 08b94f93be1e5821cfaaa835f33af2ddc23e75cea3dc6f1ca82be80317db95abd38dda336cca212cd68111fa65ca8c53c62f684e07acd2c1906e8d4cfc989905 -DIST nova-2015.1.2.tar.gz 4564794 SHA256 8ea47c076367dec47d7bea89210f260da64171be5adf559ced8514d5fdb6c453 SHA512 c3ec70f90723dbbc6c04a1ab5e5fd43b43c4080ab6a7454bd48d47eb2f228fe22b59f999f881dfb28fbd502e084c0c8764f5cdf4b096f6af46a2f0c97f0e4f61 WHIRLPOOL d3e038905726574864cc5c4d04ead21c90c24a676bc6d5580e65a1b37830889b92b7df09165b5f97e345aa99ba94a3f42b3212119a4bae34b318aa5946052bf6 diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch new file mode 100644 index 000000000000..9f2429df1abc --- /dev/null +++ b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch @@ -0,0 +1,267 @@ +From f41488f828fda1370e1b017503711248a810d432 Mon Sep 17 00:00:00 2001 +From: Matthew Booth <mbooth@redhat.com> +Date: Wed, 9 Dec 2015 15:36:32 +0000 +Subject: [PATCH 1/3] Fix format detection in libvirt snapshot + +The libvirt driver was using automatic format detection during +snapshot for disks stored on the local filesystem. This opened an +exploit if nova was configured to use local file storage, and +additionally to store those files in raw format by specifying +use_cow_images = False in nova.conf. An authenticated user could write +a qcow2 header to their guest image with a backing file on the host. +libvirt.utils.get_disk_type() would then misdetect the type of this +image as qcow2 and pass this to the Qcow2 image backend, whose +snapshot_extract method interprets the image as qcow2 and writes the +backing file to glance. The authenticated user can then download the +host file from glance. + +This patch makes 2 principal changes. libvirt.utils.get_disk_type, +which ought to be removed entirely as soon as possible, is updated to +no longer do format detection if the format can't be determined from +the path. Its name is changed to get_disk_type_from_path to reflect +its actual function. + +libvirt.utils.find_disk is updated to return both the path and format +of the root disk, rather than just the path. This is the most reliable +source of this information, as it reflects the actual format in use. +The previous format detection function of get_disk_type is replaced by +the format taken from libvirt. + +We replace a call to get_disk_type in _rebase_with_qemu_img with an +explicit call to qemu_img_info, as the other behaviour of +get_disk_type was not relevant in this context. qemu_img_info is safe +from the backing file exploit when called on a file known to be a +qcow2 image. As the file in this context is a volume snapshot, this is +a safe use. + +(cherry picked from commit c69fbad4860a1ce931d80f3f0ce0f90da29e8e5f) + + Conflicts: + nova/tests/unit/virt/libvirt/test_driver.py + nova/tests/unit/virt/libvirt/test_utils.py + nova/virt/libvirt/driver.py + nova/virt/libvirt/utils.py + + Most about method _rebase_with_qemu_img which does not exist. + +Partial-Bug: #1524274 +Change-Id: I94c1c0d26215c061f71c3f95e1a6bf3a58fa19ea +--- + nova/tests/unit/virt/libvirt/fake_libvirt_utils.py | 10 +++-- + nova/tests/unit/virt/libvirt/test_utils.py | 44 +++------------------- + nova/virt/libvirt/driver.py | 25 +++++++++--- + nova/virt/libvirt/utils.py | 26 ++++++++++--- + 4 files changed, 51 insertions(+), 54 deletions(-) + +diff --git a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py +index 302ccee..52d1e85 100644 +--- a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py ++++ b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py +@@ -40,7 +40,9 @@ def get_disk_backing_file(path): + return disk_backing_files.get(path, None) + + +-def get_disk_type(path): ++def get_disk_type_from_path(path): ++ if disk_type in ('raw', 'qcow2'): ++ return None + return disk_type + + +@@ -99,11 +101,11 @@ def file_open(path, mode=None): + + def find_disk(virt_dom): + if disk_type == 'lvm': +- return "/dev/nova-vg/lv" ++ return ("/dev/nova-vg/lv", "raw") + elif disk_type in ['raw', 'qcow2']: +- return "filename" ++ return ("filename", disk_type) + else: +- return "unknown_type_disk" ++ return ("unknown_type_disk", None) + + + def load_file(path): +diff --git a/nova/tests/unit/virt/libvirt/test_utils.py b/nova/tests/unit/virt/libvirt/test_utils.py +index ac7ea8d..6773bea 100644 +--- a/nova/tests/unit/virt/libvirt/test_utils.py ++++ b/nova/tests/unit/virt/libvirt/test_utils.py +@@ -39,24 +39,6 @@ CONF = cfg.CONF + + class LibvirtUtilsTestCase(test.NoDBTestCase): + +- @mock.patch('os.path.exists', return_value=True) +- @mock.patch('nova.utils.execute') +- def test_get_disk_type(self, mock_execute, mock_exists): +- path = "disk.config" +- example_output = """image: disk.config +-file format: raw +-virtual size: 64M (67108864 bytes) +-cluster_size: 65536 +-disk size: 96K +-blah BLAH: bb +-""" +- mock_execute.return_value = (example_output, '') +- disk_type = libvirt_utils.get_disk_type(path) +- mock_execute.assert_called_once_with('env', 'LC_ALL=C', 'LANG=C', +- 'qemu-img', 'info', path) +- mock_exists.assert_called_once_with(path) +- self.assertEqual('raw', disk_type) +- + @mock.patch('nova.utils.execute') + def test_copy_image_local(self, mock_execute): + libvirt_utils.copy_image('src', 'dest') +@@ -77,37 +59,21 @@ blah BLAH: bb + on_completion=None, on_execute=None, compression=True) + + @mock.patch('os.path.exists', return_value=True) +- def test_disk_type(self, mock_exists): ++ def test_disk_type_from_path(self, mock_exists): + # Seems like lvm detection + # if its in /dev ?? + for p in ['/dev/b', '/dev/blah/blah']: +- d_type = libvirt_utils.get_disk_type(p) ++ d_type = libvirt_utils.get_disk_type_from_path(p) + self.assertEqual('lvm', d_type) + + # Try rbd detection +- d_type = libvirt_utils.get_disk_type('rbd:pool/instance') ++ d_type = libvirt_utils.get_disk_type_from_path('rbd:pool/instance') + self.assertEqual('rbd', d_type) + + # Try the other types +- template_output = """image: %(path)s +-file format: %(format)s +-virtual size: 64M (67108864 bytes) +-cluster_size: 65536 +-disk size: 96K +-""" + path = '/myhome/disk.config' +- for f in ['raw', 'qcow2']: +- output = template_output % ({ +- 'format': f, +- 'path': path, +- }) +- with mock.patch('nova.utils.execute', +- return_value=(output, '')) as mock_execute: +- d_type = libvirt_utils.get_disk_type(path) +- mock_execute.assert_called_once_with( +- 'env', 'LC_ALL=C', 'LANG=C', +- 'qemu-img', 'info', path) +- self.assertEqual(f, d_type) ++ d_type = libvirt_utils.get_disk_type_from_path(path) ++ self.assertIsNone(d_type) + + @mock.patch('os.path.exists', return_value=True) + @mock.patch('nova.utils.execute') +diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py +index fc1c909..51b1e4b 100644 +--- a/nova/virt/libvirt/driver.py ++++ b/nova/virt/libvirt/driver.py +@@ -1338,10 +1338,23 @@ class LibvirtDriver(driver.ComputeDriver): + + snapshot = self._image_api.get(context, image_id) + +- disk_path = libvirt_utils.find_disk(virt_dom) +- source_format = libvirt_utils.get_disk_type(disk_path) +- +- image_format = CONF.libvirt.snapshot_image_format or source_format ++ # source_format is an on-disk format ++ # source_type is a backend type ++ disk_path, source_format = libvirt_utils.find_disk(virt_dom) ++ source_type = libvirt_utils.get_disk_type_from_path(disk_path) ++ ++ # We won't have source_type for raw or qcow2 disks, because we can't ++ # determine that from the path. We should have it from the libvirt ++ # xml, though. ++ if source_type is None: ++ source_type = source_format ++ # For lxc instances we won't have it either from libvirt xml ++ # (because we just gave libvirt the mounted filesystem), or the path, ++ # so source_type is still going to be None. In this case, ++ # snapshot_backend is going to default to CONF.libvirt.images_type ++ # below, which is still safe. ++ ++ image_format = CONF.libvirt.snapshot_image_format or source_type + + # NOTE(bfilippov): save lvm and rbd as raw + if image_format == 'lvm' or image_format == 'rbd': +@@ -1367,7 +1380,7 @@ class LibvirtDriver(driver.ComputeDriver): + if (self._host.has_min_version(MIN_LIBVIRT_LIVESNAPSHOT_VERSION, + MIN_QEMU_LIVESNAPSHOT_VERSION, + host.HV_DRIVER_QEMU) +- and source_format not in ('lvm', 'rbd') ++ and source_type not in ('lvm', 'rbd') + and not CONF.ephemeral_storage_encryption.enabled + and not CONF.workarounds.disable_libvirt_livesnapshot): + live_snapshot = True +@@ -1402,7 +1415,7 @@ class LibvirtDriver(driver.ComputeDriver): + + snapshot_backend = self.image_backend.snapshot(instance, + disk_path, +- image_type=source_format) ++ image_type=source_type) + + if live_snapshot: + LOG.info(_LI("Beginning live snapshot process"), +diff --git a/nova/virt/libvirt/utils.py b/nova/virt/libvirt/utils.py +index 5573927..062b2fb 100644 +--- a/nova/virt/libvirt/utils.py ++++ b/nova/virt/libvirt/utils.py +@@ -334,13 +334,20 @@ def find_disk(virt_dom): + """ + xml_desc = virt_dom.XMLDesc(0) + domain = etree.fromstring(xml_desc) ++ driver = None + if CONF.libvirt.virt_type == 'lxc': +- source = domain.find('devices/filesystem/source') ++ filesystem = domain.find('devices/filesystem') ++ driver = filesystem.find('driver') ++ ++ source = filesystem.find('source') + disk_path = source.get('dir') + disk_path = disk_path[0:disk_path.rfind('rootfs')] + disk_path = os.path.join(disk_path, 'disk') + else: +- source = domain.find('devices/disk/source') ++ disk = domain.find('devices/disk') ++ driver = disk.find('driver') ++ ++ source = disk.find('source') + disk_path = source.get('file') or source.get('dev') + if not disk_path and CONF.libvirt.images_type == 'rbd': + disk_path = source.get('name') +@@ -351,17 +358,26 @@ def find_disk(virt_dom): + raise RuntimeError(_("Can't retrieve root device path " + "from instance libvirt configuration")) + +- return disk_path ++ if driver is not None: ++ format = driver.get('type') ++ # This is a legacy quirk of libvirt/xen. Everything else should ++ # report the on-disk format in type. ++ if format == 'aio': ++ format = 'raw' ++ else: ++ format = None ++ return (disk_path, format) + + +-def get_disk_type(path): ++def get_disk_type_from_path(path): + """Retrieve disk type (raw, qcow2, lvm) for given file.""" + if path.startswith('/dev'): + return 'lvm' + elif path.startswith('rbd:'): + return 'rbd' + +- return images.qemu_img_info(path).file_format ++ # We can't reliably determine the type from this path ++ return None + + + def get_fs_info(path): +-- +2.5.0 + diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch new file mode 100644 index 000000000000..2ffca9f9cf8a --- /dev/null +++ b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch @@ -0,0 +1,168 @@ +From 0e6b4a06ad72ac68ec41bab2063f8d167e8e277e Mon Sep 17 00:00:00 2001 +From: Matthew Booth <mbooth@redhat.com> +Date: Thu, 10 Dec 2015 16:34:19 +0000 +Subject: [PATCH 2/3] Fix format conversion in libvirt snapshot + +The libvirt driver was calling images.convert_image during snapshot to +convert snapshots to the intended output format. However, this +function does not take the input format as an argument, meaning it +implicitly does format detection. This opened an exploit for setups +using raw storage on the backend, including raw on filesystem, LVM, +and RBD (Ceph). An authenticated user could write a qcow2 header to +their instance's disk which specified an arbitrary backing file on the +host. When convert_image ran during snapshot, this would then write +the contents of the backing file to glance, which is then available to +the user. If the setup uses an LVM backend this conversion runs as +root, meaning the user can exfiltrate any file on the host, including +raw disks. + +This change adds an input format to convert_image. + +Partial-Bug: #1524274 + +Change-Id: If73e73718ecd5db262ed9904091024238f98dbc0 +(cherry picked from commit 840644d619e9560f205016eafc8799565ffd6d8c) +--- + nova/tests/unit/virt/libvirt/test_driver.py | 5 +++-- + nova/tests/unit/virt/libvirt/test_utils.py | 3 ++- + nova/virt/images.py | 26 ++++++++++++++++++++++++-- + nova/virt/libvirt/imagebackend.py | 19 ++++++++++++++----- + 4 files changed, 43 insertions(+), 10 deletions(-) + +diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py +index 22ef56d..6fd8728 100644 +--- a/nova/tests/unit/virt/libvirt/test_driver.py ++++ b/nova/tests/unit/virt/libvirt/test_driver.py +@@ -14985,7 +14985,7 @@ class LibvirtVolumeSnapshotTestCase(test.NoDBTestCase): + self.mox.VerifyAll() + + +-def _fake_convert_image(source, dest, out_format, ++def _fake_convert_image(source, dest, in_format, out_format, + run_as_root=True): + libvirt_driver.libvirt_utils.files[dest] = '' + +@@ -15127,7 +15127,8 @@ class LVMSnapshotTests(_BaseSnapshotTests): + + mock_volume_info.assert_has_calls([mock.call('/dev/nova-vg/lv')]) + mock_convert_image.assert_called_once_with( +- '/dev/nova-vg/lv', mock.ANY, disk_format, run_as_root=True) ++ '/dev/nova-vg/lv', mock.ANY, 'raw', disk_format, ++ run_as_root=True) + + def test_raw(self): + self._test_lvm_snapshot('raw') +diff --git a/nova/tests/unit/virt/libvirt/test_utils.py b/nova/tests/unit/virt/libvirt/test_utils.py +index 6773bea..6f75a92 100644 +--- a/nova/tests/unit/virt/libvirt/test_utils.py ++++ b/nova/tests/unit/virt/libvirt/test_utils.py +@@ -594,7 +594,8 @@ disk size: 4.4M + target = 't.qcow2' + self.executes = [] + expected_commands = [('qemu-img', 'convert', '-O', 'raw', +- 't.qcow2.part', 't.qcow2.converted'), ++ 't.qcow2.part', 't.qcow2.converted', ++ '-f', 'qcow2'), + ('rm', 't.qcow2.part'), + ('mv', 't.qcow2.converted', 't.qcow2')] + images.fetch_to_raw(context, image_id, target, user_id, project_id, +diff --git a/nova/virt/images.py b/nova/virt/images.py +index 5b9374b..e2b5b91 100644 +--- a/nova/virt/images.py ++++ b/nova/virt/images.py +@@ -66,9 +66,31 @@ def qemu_img_info(path): + return imageutils.QemuImgInfo(out) + + +-def convert_image(source, dest, out_format, run_as_root=False): ++def convert_image(source, dest, in_format, out_format, run_as_root=False): + """Convert image to other format.""" ++ if in_format is None: ++ raise RuntimeError("convert_image without input format is a security" ++ "risk") ++ _convert_image(source, dest, in_format, out_format, run_as_root) ++ ++ ++def convert_image_unsafe(source, dest, out_format, run_as_root=False): ++ """Convert image to other format, doing unsafe automatic input format ++ detection. Do not call this function. ++ """ ++ ++ # NOTE: there is only 1 caller of this function: ++ # imagebackend.Lvm.create_image. It is not easy to fix that without a ++ # larger refactor, so for the moment it has been manually audited and ++ # allowed to continue. Remove this function when Lvm.create_image has ++ # been fixed. ++ _convert_image(source, dest, None, out_format, run_as_root) ++ ++ ++def _convert_image(source, dest, in_format, out_format, run_as_root): + cmd = ('qemu-img', 'convert', '-O', out_format, source, dest) ++ if in_format is not None: ++ cmd = cmd + ('-f', in_format) + utils.execute(*cmd, run_as_root=run_as_root) + + +@@ -123,7 +145,7 @@ def fetch_to_raw(context, image_href, path, user_id, project_id, max_size=0): + staged = "%s.converted" % path + LOG.debug("%s was %s, converting to raw" % (image_href, fmt)) + with fileutils.remove_path_on_error(staged): +- convert_image(path_tmp, staged, 'raw') ++ convert_image(path_tmp, staged, fmt, 'raw') + os.unlink(path_tmp) + + data = qemu_img_info(staged) +diff --git a/nova/virt/libvirt/imagebackend.py b/nova/virt/libvirt/imagebackend.py +index 5e14f61..151ebc4 100644 +--- a/nova/virt/libvirt/imagebackend.py ++++ b/nova/virt/libvirt/imagebackend.py +@@ -477,7 +477,7 @@ class Raw(Image): + self.correct_format() + + def snapshot_extract(self, target, out_format): +- images.convert_image(self.path, target, out_format) ++ images.convert_image(self.path, target, self.driver_format, out_format) + + @staticmethod + def is_file_in_instance_path(): +@@ -631,7 +631,16 @@ class Lvm(Image): + size, sparse=self.sparse) + if self.ephemeral_key_uuid is not None: + encrypt_lvm_image() +- images.convert_image(base, self.path, 'raw', run_as_root=True) ++ # NOTE: by calling convert_image_unsafe here we're ++ # telling qemu-img convert to do format detection on the input, ++ # because we don't know what the format is. For example, ++ # we might have downloaded a qcow2 image, or created an ++ # ephemeral filesystem locally, we just don't know here. Having ++ # audited this, all current sources have been sanity checked, ++ # either because they're locally generated, or because they have ++ # come from images.fetch_to_raw. However, this is major code smell. ++ images.convert_image_unsafe(base, self.path, self.driver_format, ++ run_as_root=True) + if resize: + disk.resize2fs(self.path, run_as_root=True) + +@@ -678,8 +687,8 @@ class Lvm(Image): + lvm.remove_volumes([self.lv_path]) + + def snapshot_extract(self, target, out_format): +- images.convert_image(self.path, target, out_format, +- run_as_root=True) ++ images.convert_image(self.path, target, self.driver_format, ++ out_format, run_as_root=True) + + def get_model(self, connection): + return imgmodel.LocalBlockImage(self.path) +@@ -786,7 +795,7 @@ class Rbd(Image): + self.driver.resize(self.rbd_name, size) + + def snapshot_extract(self, target, out_format): +- images.convert_image(self.path, target, out_format) ++ images.convert_image(self.path, target, 'raw', out_format) + + @staticmethod + def is_shared_block_storage(): +-- +2.5.0 + diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch new file mode 100644 index 000000000000..b542041b5311 --- /dev/null +++ b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch @@ -0,0 +1,171 @@ +From 62516194c424abad3bec12ea360dde06617fe97d Mon Sep 17 00:00:00 2001 +From: Matthew Booth <mbooth@redhat.com> +Date: Fri, 11 Dec 2015 13:40:54 +0000 +Subject: [PATCH 3/3] Fix backing file detection in libvirt live snapshot + +When doing a live snapshot, the libvirt driver creates an intermediate +qcow2 file with the same backing file as the original disk. However, +it calls qemu-img info without specifying the input format explicitly. +An authenticated user can write data to a raw disk which will cause +this code to misinterpret the disk as a qcow2 file with a +user-specified backing file on the host, and return an arbitrary host +file as the backing file. + +This bug does not appear to result in a data leak in this case, but +this is hard to verify. It certainly results in corrupt output. + +Closes-Bug: #1524274 + +Change-Id: I11485f077d28f4e97529a691e55e3e3c0bea8872 +(cherry picked from commit ccea9095d9fb5bcdcb61ee5e352c4a8163754b9d) +--- + nova/tests/unit/virt/libvirt/fake_libvirt_utils.py | 4 ++-- + nova/tests/unit/virt/libvirt/test_driver.py | 7 ++++--- + nova/virt/images.py | 8 +++++--- + nova/virt/libvirt/driver.py | 11 +++++++---- + nova/virt/libvirt/utils.py | 9 +++++---- + 5 files changed, 23 insertions(+), 16 deletions(-) + +diff --git a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py +index 52d1e85..b474687 100644 +--- a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py ++++ b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py +@@ -32,11 +32,11 @@ def create_cow_image(backing_file, path): + pass + + +-def get_disk_size(path): ++def get_disk_size(path, format=None): + return 0 + + +-def get_disk_backing_file(path): ++def get_disk_backing_file(path, format=None): + return disk_backing_files.get(path, None) + + +diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py +index 6fd8728..6d0afdf 100644 +--- a/nova/tests/unit/virt/libvirt/test_driver.py ++++ b/nova/tests/unit/virt/libvirt/test_driver.py +@@ -12018,7 +12018,7 @@ class LibvirtConnTestCase(test.NoDBTestCase): + + image_meta = objects.ImageMeta.from_dict(self.test_image_meta) + drvr._live_snapshot(self.context, self.test_instance, guest, +- srcfile, dstfile, "qcow2", image_meta) ++ srcfile, dstfile, "qcow2", "qcow2", image_meta) + + mock_dom.XMLDesc.assert_called_once_with(flags=( + fakelibvirt.VIR_DOMAIN_XML_INACTIVE | +@@ -12029,8 +12029,9 @@ class LibvirtConnTestCase(test.NoDBTestCase): + fakelibvirt.VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT | + fakelibvirt.VIR_DOMAIN_BLOCK_REBASE_SHALLOW)) + +- mock_size.assert_called_once_with(srcfile) +- mock_backing.assert_called_once_with(srcfile, basename=False) ++ mock_size.assert_called_once_with(srcfile, format="qcow2") ++ mock_backing.assert_called_once_with(srcfile, basename=False, ++ format="qcow2") + mock_create_cow.assert_called_once_with(bckfile, dltfile, 1004009) + mock_chown.assert_called_once_with(dltfile, os.getuid()) + mock_snapshot.assert_called_once_with(dltfile, "qcow2", +diff --git a/nova/virt/images.py b/nova/virt/images.py +index e2b5b91..6f3e487 100644 +--- a/nova/virt/images.py ++++ b/nova/virt/images.py +@@ -44,7 +44,7 @@ CONF.register_opts(image_opts) + IMAGE_API = image.API() + + +-def qemu_img_info(path): ++def qemu_img_info(path, format=None): + """Return an object containing the parsed output from qemu-img info.""" + # TODO(mikal): this code should not be referring to a libvirt specific + # flag. +@@ -56,8 +56,10 @@ def qemu_img_info(path): + msg = (_("Path does not exist %(path)s") % {'path': path}) + raise exception.InvalidDiskInfo(reason=msg) + +- out, err = utils.execute('env', 'LC_ALL=C', 'LANG=C', +- 'qemu-img', 'info', path) ++ cmd = ('env', 'LC_ALL=C', 'LANG=C', 'qemu-img', 'info', path) ++ if format is not None: ++ cmd = cmd + ('-f', format) ++ out, err = utils.execute(*cmd) + if not out: + msg = (_("Failed to run qemu-img info on %(path)s : %(error)s") % + {'path': path, 'error': err}) +diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py +index 51b1e4b..53a27b2 100644 +--- a/nova/virt/libvirt/driver.py ++++ b/nova/virt/libvirt/driver.py +@@ -1434,7 +1434,8 @@ class LibvirtDriver(driver.ComputeDriver): + # NOTE(xqueralt): libvirt needs o+x in the temp directory + os.chmod(tmpdir, 0o701) + self._live_snapshot(context, instance, guest, disk_path, +- out_path, image_format, image_meta) ++ out_path, source_format, image_format, ++ image_meta) + else: + snapshot_backend.snapshot_extract(out_path, image_format) + finally: +@@ -1540,7 +1541,7 @@ class LibvirtDriver(driver.ComputeDriver): + self._set_quiesced(context, instance, image_meta, False) + + def _live_snapshot(self, context, instance, guest, disk_path, out_path, +- image_format, image_meta): ++ source_format, image_format, image_meta): + """Snapshot an instance without downtime.""" + dev = guest.get_block_device(disk_path) + +@@ -1558,9 +1559,11 @@ class LibvirtDriver(driver.ComputeDriver): + # in QEMU 1.3. In order to do this, we need to create + # a destination image with the original backing file + # and matching size of the instance root disk. +- src_disk_size = libvirt_utils.get_disk_size(disk_path) ++ src_disk_size = libvirt_utils.get_disk_size(disk_path, ++ format=source_format) + src_back_path = libvirt_utils.get_disk_backing_file(disk_path, +- basename=False) ++ format=source_format, ++ basename=False) + disk_delta = out_path + '.delta' + libvirt_utils.create_cow_image(src_back_path, disk_delta, + src_disk_size) +diff --git a/nova/virt/libvirt/utils.py b/nova/virt/libvirt/utils.py +index 062b2fb..7b0cf42 100644 +--- a/nova/virt/libvirt/utils.py ++++ b/nova/virt/libvirt/utils.py +@@ -160,24 +160,25 @@ def pick_disk_driver_name(hypervisor_version, is_block_dev=False): + return None + + +-def get_disk_size(path): ++def get_disk_size(path, format=None): + """Get the (virtual) size of a disk image + + :param path: Path to the disk image ++ :param format: the on-disk format of path + :returns: Size (in bytes) of the given disk image as it would be seen + by a virtual machine. + """ +- size = images.qemu_img_info(path).virtual_size ++ size = images.qemu_img_info(path, format).virtual_size + return int(size) + + +-def get_disk_backing_file(path, basename=True): ++def get_disk_backing_file(path, basename=True, format=None): + """Get the backing file of a disk image + + :param path: Path to the disk image + :returns: a path to the image's backing store + """ +- backing_file = images.qemu_img_info(path).backing_file ++ backing_file = images.qemu_img_info(path, format).backing_file + if backing_file and basename: + backing_file = os.path.basename(backing_file) + +-- +2.5.0 + diff --git a/sys-cluster/nova/nova-12.0.0-r1.ebuild b/sys-cluster/nova/nova-12.0.0-r1.ebuild new file mode 100644 index 000000000000..2ad958e3ff2d --- /dev/null +++ b/sys-cluster/nova/nova-12.0.0-r1.ebuild @@ -0,0 +1,295 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python2_7 python3_4 ) + +inherit distutils-r1 eutils linux-info multilib user + +DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python" +HOMEPAGE="https://launchpad.net/nova" +SRC_URI=" + https://launchpad.net/${PN}/liberty/${PV}/+download/${P}.tar.gz + https://dev.gentoo.org/~prometheanfire/dist/nova/liberty/nova.conf.sample -> liberty-nova.conf.sample" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+compute compute-only iscsi +kvm +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test xen" +REQUIRED_USE=" + !compute-only? ( || ( mysql postgres sqlite ) ) + compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite ) + compute? ( ^^ ( kvm xen ) )" + +CDEPEND=">=dev-python/pbr-1.8[${PYTHON_USEDEP}]" +# need to package dev-python/sphinxcontrib-seqdiag +DEPEND=" + >=dev-python/setuptools-16.0[${PYTHON_USEDEP}] + ${CDEPEND} + app-admin/sudo + test? ( + ${RDEPEND} + >=dev-python/coverage-3.6[${PYTHON_USEDEP}] + <=dev-python/coverage-4.0[${PYTHON_USEDEP}] + ~dev-python/fixtures-1.3.1[${PYTHON_USEDEP}] + >=dev-python/mock-1.2[${PYTHON_USEDEP}] + <=dev-python/mock-1.3.0[${PYTHON_USEDEP}] + >=dev-python/mox3-0.7.0[${PYTHON_USEDEP}] + <=dev-python/mox3-0.10.0[${PYTHON_USEDEP}] + >=dev-python/psycopg-2.5[${PYTHON_USEDEP}] + <=dev-python/psycopg-2.6.1[${PYTHON_USEDEP}] + >=dev-python/pymysql-0.6.2[${PYTHON_USEDEP}] + <=dev-python/pymysql-0.6.6[${PYTHON_USEDEP}] + ~dev-python/python-barbicanclient-3.3.0[${PYTHON_USEDEP}] + >=dev-python/python-ironicclient-0.8.0[${PYTHON_USEDEP}] + <=dev-python/python-ironicclient-0.8.1[${PYTHON_USEDEP}] + >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}] + <=dev-python/subunit-1.1.0[${PYTHON_USEDEP}] + ~dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}] + >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] + !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}] + <dev-python/sphinx-1.3[${PYTHON_USEDEP}] + >=dev-python/pillow-2.4.0[${PYTHON_USEDEP}] + <dev-python/pillow-3.0.0[${PYTHON_USEDEP}] + >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}] + <=dev-python/oslo-sphinx-3.2.0[${PYTHON_USEDEP}] + >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}] + <=dev-python/oslotest-1.11.0[${PYTHON_USEDEP}] + >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}] + <=dev-python/testrepository-0.0.20[${PYTHON_USEDEP}] + >=dev-python/testresources-0.2.4[${PYTHON_USEDEP}] + <=dev-python/testresources-0.2.7-r9999[${PYTHON_USEDEP}] + >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}] + <=dev-python/testtools-1.8.0[${PYTHON_USEDEP}] + >=dev-python/tempest-lib-0.8.0[${PYTHON_USEDEP}] + <=dev-python/tempest-lib-0.9.0[${PYTHON_USEDEP}] + ~dev-python/bandit-0.13.2[${PYTHON_USEDEP}] + >=dev-python/oslo-vmware-0.16.0[${PYTHON_USEDEP}] + <=dev-python/oslo-vmware-1.21.0[${PYTHON_USEDEP}] + )" + +# barbicanclient is in here for doc generation +RDEPEND=" + ${CDEPEND} + compute-only? ( + >=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}] + <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}] + ) + sqlite? ( + >=dev-python/sqlalchemy-0.9.9[sqlite,${PYTHON_USEDEP}] + <dev-python/sqlalchemy-1.1.0[sqlite,${PYTHON_USEDEP}] + ) + mysql? ( + dev-python/mysql-python + >=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}] + <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}] + ) + postgres? ( + dev-python/psycopg:2 + >=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}] + <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}] + ) + >=dev-python/boto-2.32.1[${PYTHON_USEDEP}] + <=dev-python/boto-2.38.0[${PYTHON_USEDEP}] + >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}] + <=dev-python/decorator-4.0.2[${PYTHON_USEDEP}] + ~dev-python/eventlet-0.17.4[${PYTHON_USEDEP}] + >=dev-python/jinja-2.6[${PYTHON_USEDEP}] + <=dev-python/jinja-2.8[${PYTHON_USEDEP}] + >=dev-python/keystonemiddleware-2.0.0[${PYTHON_USEDEP}] + <=dev-python/keystonemiddleware-2.3.1[${PYTHON_USEDEP}] + >=dev-python/lxml-2.3[${PYTHON_USEDEP}] + <=dev-python/lxml-3.4.4[${PYTHON_USEDEP}] + >=dev-python/routes-1.12.3[${PYTHON_USEDEP}] + !~dev-python/routes-2.0[${PYTHON_USEDEP}] + !~dev-python/routes-2.1[$(python_gen_usedep 'python2_7')] + <=dev-python/routes-2.2[${PYTHON_USEDEP}] + >=dev-python/cryptography-1.0[${PYTHON_USEDEP}] + <=dev-python/cryptography-1.1-r9999[${PYTHON_USEDEP}] + >=dev-python/webob-1.2.3[${PYTHON_USEDEP}] + <=dev-python/webob-1.4.1[${PYTHON_USEDEP}] + >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] + <=dev-python/greenlet-0.4.9[${PYTHON_USEDEP}] + >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}] + <=dev-python/pastedeploy-1.5.2[${PYTHON_USEDEP}] + <=dev-python/paste-2.0.2[${PYTHON_USEDEP}] + >=dev-python/prettytable-0.7[${PYTHON_USEDEP}] + <dev-python/prettytable-0.8[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-migrate-0.9.6[${PYTHON_USEDEP}] + <=dev-python/sqlalchemy-migrate-0.10.0[${PYTHON_USEDEP}] + >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}] + !~dev-python/netaddr-0.7.16[${PYTHON_USEDEP}] + <=dev-python/netaddr-0.7.18[${PYTHON_USEDEP}] + ~dev-python/netifaces-0.10.4[${PYTHON_USEDEP}] + >=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}] + <=dev-python/paramiko-1.15.2[${PYTHON_USEDEP}] + >=dev-python/Babel-1.3[${PYTHON_USEDEP}] + <=dev-python/Babel-2.0[${PYTHON_USEDEP}] + >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}] + <=dev-python/iso8601-0.1.10[${PYTHON_USEDEP}] + >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}] + !~dev-python/jsonschema-2.5.0[${PYTHON_USEDEP}] + <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}] + >=dev-python/python-cinderclient-1.3.1[${PYTHON_USEDEP}] + <=dev-python/python-cinderclient-1.4.0[${PYTHON_USEDEP}] + >=dev-python/python-keystoneclient-1.6.0[${PYTHON_USEDEP}] + <=dev-python/python-keystoneclient-1.7.2-r9999[${PYTHON_USEDEP}] + >=dev-python/python-neutronclient-2.6.0[${PYTHON_USEDEP}] + <=dev-python/python-neutronclient-3.1.0[${PYTHON_USEDEP}] + >=dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}] + <=dev-python/python-glanceclient-1.1.0[${PYTHON_USEDEP}] + >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}] + <=dev-python/python-barbicanclient-3.3.0[${PYTHON_USEDEP}] + ~dev-python/six-1.9.0[${PYTHON_USEDEP}] + >=dev-python/stevedore-1.5.0[${PYTHON_USEDEP}] + <=dev-python/stevedore-1.8.0[${PYTHON_USEDEP}] + >=dev-python/setuptools-16.0[${PYTHON_USEDEP}] + >=dev-python/websockify-0.6.1[${PYTHON_USEDEP}] + >=dev-python/websockify-0.6.1[${PYTHON_USEDEP}] + <=dev-python/websockify-0.7.0[${PYTHON_USEDEP}] + >=dev-python/oslo-concurrency-2.3.0[${PYTHON_USEDEP}] + <=dev-python/oslo-concurrency-2.6.0[${PYTHON_USEDEP}] + >=dev-python/oslo-config-2.3.0[${PYTHON_USEDEP}] + <=dev-python/oslo-config-2.4.0[${PYTHON_USEDEP}] + >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}] + <=dev-python/oslo-context-0.6.0[${PYTHON_USEDEP}] + >=dev-python/oslo-log-1.8.0[${PYTHON_USEDEP}] + <=dev-python/oslo-log-1.11.0[${PYTHON_USEDEP}] + >=dev-python/oslo-reports-0.1.0[${PYTHON_USEDEP}] + <=dev-python/oslo-reports-0.5.0[${PYTHON_USEDEP}] + >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}] + <=dev-python/oslo-serialization-1.9.0[${PYTHON_USEDEP}] + >=dev-python/oslo-utils-2.0.0[${PYTHON_USEDEP}] + <=dev-python/oslo-utils-2.5.0[${PYTHON_USEDEP}] + >=dev-python/oslo-db-2.4.1[${PYTHON_USEDEP}] + <=dev-python/oslo-db-2.6.0[${PYTHON_USEDEP}] + >=dev-python/oslo-rootwrap-2.0.0[${PYTHON_USEDEP}] + <=dev-python/oslo-rootwrap-2.3.0[${PYTHON_USEDEP}] + >=dev-python/oslo-messaging-1.16.0[${PYTHON_USEDEP}] + !~dev-python/oslo-messaging-1.17.0[${PYTHON_USEDEP}] + !~dev-python/oslo-messaging-1.17.1[${PYTHON_USEDEP}] + <=dev-python/oslo-messaging-2.5.0[${PYTHON_USEDEP}] + >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}] + <=dev-python/oslo-i18n-2.6.0[${PYTHON_USEDEP}] + >=dev-python/oslo-service-0.7.0[${PYTHON_USEDEP}] + <=dev-python/oslo-service-0.9.0[${PYTHON_USEDEP}] + >=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}] + <=dev-python/rfc3986-0.2.2[${PYTHON_USEDEP}] + >=dev-python/oslo-middleware-2.8.0[${PYTHON_USEDEP}] + <=dev-python/oslo-middleware-2.8.0[${PYTHON_USEDEP}] + >=dev-python/psutil-1.1.1[${PYTHON_USEDEP}] + <dev-python/psutil-2.0.0[${PYTHON_USEDEP}] + >=dev-python/oslo-versionedobjects-0.9.0[${PYTHON_USEDEP}] + <=dev-python/oslo-versionedobjects-0.10.0[${PYTHON_USEDEP}] + >=dev-python/alembic-0.8.0[${PYTHON_USEDEP}] + <=dev-python/alembic-0.8.20[${PYTHON_USEDEP}] + >=dev-python/os-brick-0.4.0[${PYTHON_USEDEP}] + <=dev-python/os-brick-0.5.0[${PYTHON_USEDEP}] + <=dev-python/libvirt-python-1.3.0[${PYTHON_USEDEP}] + app-emulation/libvirt[iscsi?] + novncproxy? ( www-apps/novnc ) + sys-apps/iproute2 + openvswitch? ( <=net-misc/openvswitch-2.4.0 ) + rabbitmq? ( net-misc/rabbitmq-server ) + memcached? ( net-misc/memcached + <=dev-python/python-memcached-1.57 ) + sys-fs/sysfsutils + sys-fs/multipath-tools + net-misc/bridge-utils + compute? ( + app-cdr/cdrkit + kvm? ( app-emulation/qemu ) + xen? ( app-emulation/xen + app-emulation/xen-tools ) + ) + iscsi? ( + sys-fs/lsscsi + >=sys-block/open-iscsi-2.0.872-r3 + )" + +PATCHES=( + "${FILESDIR}"/cve-2015-7548-stable-liberty-0001.patch + "${FILESDIR}"/cve-2015-7548-stable-liberty-0002.patch + "${FILESDIR}"/cve-2015-7548-stable-liberty-0003.patch +) + +pkg_setup() { + linux-info_pkg_setup + CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \ + IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \ + NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \ + ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT" + if linux_config_exists; then + for module in ${CONFIG_CHECK_MODULES}; do + linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel" + done + fi + enewgroup nova + enewuser nova -1 -1 /var/lib/nova nova +} + +python_prepare_all() { + sed -i '/^hacking/d' test-requirements.txt || die + distutils-r1_python_prepare_all +} + +python_test() { + testr init + testr run --parallel || die "failed testsuite under python2.7" +} + +python_install() { + distutils-r1_python_install + + if use !compute-only; then + for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do + newinitd "${FILESDIR}/nova.initd" "nova-${svc}" + done + fi + use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute" + use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy" + + diropts -m 0750 -o nova -g qemu + dodir /var/log/nova /var/lib/nova/instances + diropts -m 0750 -o nova -g nova + + insinto /etc/nova + insopts -m 0640 -o nova -g nova + newins "${FILESDIR}/etc.liberty/api-paste.ini" "api-paste.ini" + newins "${FILESDIR}/etc.liberty/cells.json" "cells.json" + newins "${FILESDIR}/etc.liberty/logging_sample.conf" "logging_sample.conf" + newins "${DISTDIR}/liberty-nova.conf.sample" "nova.conf.sample" + newins "${FILESDIR}/etc.liberty/policy.json" "policy.json" + newins "${FILESDIR}/etc.liberty/rootwrap.conf" "rootwrap.conf" + #rootwrap filters + insinto /etc/nova/rootwrap.d + newins "${FILESDIR}/etc.liberty/rootwrap.d/api-metadata.filters" "api-metadata.filters" + newins "${FILESDIR}/etc.liberty/rootwrap.d/compute.filters" "compute.filters" + newins "${FILESDIR}/etc.liberty/rootwrap.d/network.filters" "network.filters" + #copy migration conf file (not coppied on install via setup.py script) + insopts -m 0644 + insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/ + doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg" + #copy the CA cert dir (not coppied on install via setup.py script) + cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed" + + #add sudoers definitions for user nova + insinto /etc/sudoers.d/ + insopts -m 0600 -o root -g root + doins "${FILESDIR}/nova-sudoers" + + if use iscsi ; then + # Install udev rules for handle iscsi disk with right links under /dev + udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules + + insinto /etc/nova/ + doins "${FILESDIR}/scsi-openscsi-link.sh" + fi +} + +pkg_postinst() { + if use iscsi ; then + elog "iscsid needs to be running if you want cinder to connect" + fi +} diff --git a/sys-cluster/nova/nova-2015.1.1-r3.ebuild b/sys-cluster/nova/nova-2015.1.1-r3.ebuild deleted file mode 100644 index 40e2a43e4568..000000000000 --- a/sys-cluster/nova/nova-2015.1.1-r3.ebuild +++ /dev/null @@ -1,253 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 -PYTHON_COMPAT=( python2_7 ) - -inherit distutils-r1 eutils linux-info multilib user - -DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python" -HOMEPAGE="https://launchpad.net/nova" -SRC_URI="https://launchpad.net/${PN}/kilo/${PV}/+download/${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="+compute compute-only iscsi +kvm +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test xen" -REQUIRED_USE=" - !compute-only? ( || ( mysql postgres sqlite ) ) - compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite ) - compute? ( ^^ ( kvm xen ) )" - -DEPEND=" - dev-python/setuptools[${PYTHON_USEDEP}] - >=dev-python/pbr-0.8[${PYTHON_USEDEP}] - <dev-python/pbr-1.0[${PYTHON_USEDEP}] - app-admin/sudo - test? ( - ${RDEPEND} - >=dev-python/hacking-0.10.0[${PYTHON_USEDEP}] - <dev-python/hacking-0.11[${PYTHON_USEDEP}] - >=dev-python/coverage-3.6[${PYTHON_USEDEP}] - >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}] - <dev-python/fixtures-1.3.0[${PYTHON_USEDEP}] - >=dev-python/mock-1.0[${PYTHON_USEDEP}] - <dev-python/mock-1.1.0[${PYTHON_USEDEP}] - >=dev-python/mox3-0.7.0[${PYTHON_USEDEP}] - <dev-python/mox3-0.8.0[${PYTHON_USEDEP}] - dev-python/mysql-python[${PYTHON_USEDEP}] - dev-python/psycopg[${PYTHON_USEDEP}] - >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}] - <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}] - >=dev-python/python-ironicclient-0.4.1[${PYTHON_USEDEP}] - <dev-python/python-ironicclient-0.6.0[${PYTHON_USEDEP}] - >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}] - >=dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}] - >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] - !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}] - <dev-python/sphinx-1.3[${PYTHON_USEDEP}] - >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}] - <dev-python/oslo-sphinx-2.6.0[${PYTHON_USEDEP}] - >=dev-python/oslotest-1.5.1[${PYTHON_USEDEP}] - <dev-python/oslotest-1.6.0[${PYTHON_USEDEP}] - >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}] - >=dev-python/testtools-0.9.36[${PYTHON_USEDEP}] - !~dev-python/testtools-1.2.0[${PYTHON_USEDEP}] - >=dev-python/tempest-lib-0.4.0[${PYTHON_USEDEP}] - <dev-python/tempest-lib-0.5.0[${PYTHON_USEDEP}] - >=dev-python/suds-0.4[${PYTHON_USEDEP}] - >=dev-python/oslo-vmware-0.11.1[${PYTHON_USEDEP}] - <dev-python/oslo-vmware-0.12.0[${PYTHON_USEDEP}] - )" - -# barbicanclient is in here for doc generation -RDEPEND=" - compute-only? ( - >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}] - <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}] - ) - sqlite? ( - >=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}] - <=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}] - ) - mysql? ( - dev-python/mysql-python - >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}] - <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}] - ) - postgres? ( - dev-python/psycopg:2 - >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}] - <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}] - ) - >=dev-python/boto-2.32.1[${PYTHON_USEDEP}] - >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}] - >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}] - !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}] - >=dev-python/jinja-2.6[${PYTHON_USEDEP}] - >=dev-python/keystonemiddleware-1.5.0[${PYTHON_USEDEP}] - <dev-python/keystonemiddleware-1.6.0[${PYTHON_USEDEP}] - >=dev-python/lxml-2.3[${PYTHON_USEDEP}] - >=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}] - !~dev-python/routes-2.0[${PYTHON_USEDEP}] - >=dev-python/webob-1.2.3[${PYTHON_USEDEP}] - >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] - >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}] - dev-python/paste[${PYTHON_USEDEP}] - ~dev-python/sqlalchemy-migrate-0.9.5[${PYTHON_USEDEP}] - >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}] - >=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}] - dev-python/pyasn1[${PYTHON_USEDEP}] - >=dev-python/Babel-1.3[${PYTHON_USEDEP}] - >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}] - >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}] - <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}] - >=dev-python/python-cinderclient-1.1.0[${PYTHON_USEDEP}] - <dev-python/python-cinderclient-1.2.0[${PYTHON_USEDEP}] - >=dev-python/python-neutronclient-2.3.11[${PYTHON_USEDEP}] - <dev-python/python-neutronclient-2.5.0[${PYTHON_USEDEP}] - >=dev-python/python-glanceclient-0.15.0[${PYTHON_USEDEP}] - <dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}] - >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}] - <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}] - >=dev-python/six-1.9.0[${PYTHON_USEDEP}] - >=dev-python/stevedore-1.3.0[${PYTHON_USEDEP}] - <dev-python/stevedore-1.4.0[${PYTHON_USEDEP}] - >=dev-python/websockify-0.6.0[${PYTHON_USEDEP}] - <dev-python/websockify-0.7.0[${PYTHON_USEDEP}] - >=dev-python/oslo-concurrency-1.8.2[${PYTHON_USEDEP}] - <dev-python/oslo-concurrency-1.9.0[${PYTHON_USEDEP}] - >=dev-python/oslo-config-1.9.3[${PYTHON_USEDEP}] - <dev-python/oslo-config-1.10.0[${PYTHON_USEDEP}] - >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}] - <dev-python/oslo-context-0.3.0[${PYTHON_USEDEP}] - >=dev-python/oslo-log-1.0.0[${PYTHON_USEDEP}] - <dev-python/oslo-log-1.1.0[${PYTHON_USEDEP}] - >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}] - <dev-python/oslo-serialization-1.5.0[${PYTHON_USEDEP}] - >=dev-python/oslo-utils-1.4.0[${PYTHON_USEDEP}] - <dev-python/oslo-utils-1.5.0[${PYTHON_USEDEP}] - >=dev-python/oslo-db-1.7.0[${PYTHON_USEDEP}] - <dev-python/oslo-db-1.8.0[${PYTHON_USEDEP}] - >=dev-python/oslo-rootwrap-1.6.0[${PYTHON_USEDEP}] - <dev-python/oslo-rootwrap-1.7.0[${PYTHON_USEDEP}] - >=dev-python/oslo-messaging-1.8.0[${PYTHON_USEDEP}] - <dev-python/oslo-messaging-1.9.0[${PYTHON_USEDEP}] - >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}] - <dev-python/oslo-i18n-1.6.0[${PYTHON_USEDEP}] - >=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}] - >=dev-python/oslo-middleware-1.0.0[${PYTHON_USEDEP}] - <dev-python/oslo-middleware-1.1.0[${PYTHON_USEDEP}] - >=dev-python/psutil-1.1.1[${PYTHON_USEDEP}] - <dev-python/psutil-2.0.0[${PYTHON_USEDEP}] - dev-python/libvirt-python[${PYTHON_USEDEP}] - app-emulation/libvirt[iscsi?] - novncproxy? ( www-apps/novnc ) - sys-apps/iproute2 - openvswitch? ( net-misc/openvswitch ) - rabbitmq? ( net-misc/rabbitmq-server ) - memcached? ( net-misc/memcached - dev-python/python-memcached ) - sys-fs/sysfsutils - sys-fs/multipath-tools - net-misc/bridge-utils - compute? ( - app-cdr/cdrkit - kvm? ( app-emulation/qemu ) - xen? ( app-emulation/xen - app-emulation/xen-tools ) - ) - iscsi? ( - sys-fs/lsscsi - >=sys-block/open-iscsi-2.0.872-r3 - )" - -PATCHES=( - "${FILESDIR}/CVE-2015-3241-kilo.patch" - "${FILESDIR}/CVE-2015-3280_2015.1.1.patch.patch" -) - -pkg_setup() { - linux-info_pkg_setup - CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \ - IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \ - NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \ - ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT" - if linux_config_exists; then - for module in ${CONFIG_CHECK_MODULES}; do - linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel" - done - fi - enewgroup nova - enewuser nova -1 -1 /var/lib/nova nova -} - -python_prepare() { - distutils-r1_python_prepare - sed -i 's/python/python2\.7/g' tools/config/generate_sample.sh || die -} - -python_compile() { - distutils-r1_python_compile - ./tools/config/generate_sample.sh -b ./ -p nova -o etc/nova || die -} - -python_test() { - testr init - testr run --parallel || die "failed testsuite under python2.7" -} - -python_install() { - distutils-r1_python_install - - if use !compute-only; then - for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do - newinitd "${FILESDIR}/nova.initd" "nova-${svc}" - done - fi - use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute" - use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy" - - diropts -m 0750 -o nova -g qemu - dodir /var/log/nova /var/lib/nova/instances - diropts -m 0750 -o nova -g nova - - insinto /etc/nova - insopts -m 0640 -o nova -g nova - newins "etc/nova/nova.conf.sample" "nova.conf" - doins "etc/nova/api-paste.ini" - doins "etc/nova/logging_sample.conf" - doins "etc/nova/policy.json" - doins "etc/nova/rootwrap.conf" - #rootwrap filters - insinto /etc/nova/rootwrap.d - doins "etc/nova/rootwrap.d/api-metadata.filters" - doins "etc/nova/rootwrap.d/compute.filters" - doins "etc/nova/rootwrap.d/network.filters" - #copy migration conf file (not coppied on install via setup.py script) - insopts -m 0644 - insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/ - doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg" - #copy the CA cert dir (not coppied on install via setup.py script) - cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed" - - #add sudoers definitions for user nova - insinto /etc/sudoers.d/ - insopts -m 0600 -o root -g root - doins "${FILESDIR}/nova-sudoers" - - if use iscsi ; then - # Install udev rules for handle iscsi disk with right links under /dev - udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules - - insinto /etc/nova/ - doins "${FILESDIR}/scsi-openscsi-link.sh" - fi -} - -pkg_postinst() { - if use iscsi ; then - elog "iscsid needs to be running if you want cinder to connect" - fi -} diff --git a/sys-cluster/nova/nova-2015.1.2.ebuild b/sys-cluster/nova/nova-2015.1.2.ebuild deleted file mode 100644 index b516ec7f687c..000000000000 --- a/sys-cluster/nova/nova-2015.1.2.ebuild +++ /dev/null @@ -1,253 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 -PYTHON_COMPAT=( python2_7 ) - -inherit distutils-r1 eutils linux-info multilib user - -DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python" -HOMEPAGE="https://launchpad.net/nova" -SRC_URI="https://launchpad.net/${PN}/kilo/${PV}/+download/${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+compute compute-only iscsi +kvm +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test xen" -REQUIRED_USE=" - !compute-only? ( || ( mysql postgres sqlite ) ) - compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite ) - compute? ( ^^ ( kvm xen ) )" - -DEPEND=" - dev-python/setuptools[${PYTHON_USEDEP}] - >=dev-python/pbr-0.8[${PYTHON_USEDEP}] - <dev-python/pbr-1.0[${PYTHON_USEDEP}] - app-admin/sudo - test? ( - ${RDEPEND} - >=dev-python/coverage-3.6[${PYTHON_USEDEP}] - >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}] - <dev-python/fixtures-1.3.0[${PYTHON_USEDEP}] - >=dev-python/mock-1.0[${PYTHON_USEDEP}] - <dev-python/mock-1.1.0[${PYTHON_USEDEP}] - >=dev-python/mox3-0.7.0[${PYTHON_USEDEP}] - <dev-python/mox3-0.8.0[${PYTHON_USEDEP}] - dev-python/mysql-python[${PYTHON_USEDEP}] - dev-python/psycopg[${PYTHON_USEDEP}] - >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}] - <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}] - >=dev-python/python-ironicclient-0.4.1[${PYTHON_USEDEP}] - <dev-python/python-ironicclient-0.6.0[${PYTHON_USEDEP}] - >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}] - >=dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}] - >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] - !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}] - <dev-python/sphinx-1.3[${PYTHON_USEDEP}] - >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}] - <dev-python/oslo-sphinx-2.6.0[${PYTHON_USEDEP}] - >=dev-python/oslotest-1.5.1[${PYTHON_USEDEP}] - <dev-python/oslotest-1.6.0[${PYTHON_USEDEP}] - >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}] - >=dev-python/testtools-0.9.36[${PYTHON_USEDEP}] - !~dev-python/testtools-1.2.0[${PYTHON_USEDEP}] - >=dev-python/tempest-lib-0.4.0[${PYTHON_USEDEP}] - <dev-python/tempest-lib-0.5.0[${PYTHON_USEDEP}] - >=dev-python/suds-0.4[${PYTHON_USEDEP}] - >=dev-python/oslo-vmware-0.11.1[${PYTHON_USEDEP}] - <dev-python/oslo-vmware-0.12.0[${PYTHON_USEDEP}] - )" - -# barbicanclient is in here for doc generation -RDEPEND=" - compute-only? ( - >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}] - <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}] - ) - sqlite? ( - >=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}] - <=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}] - ) - mysql? ( - dev-python/mysql-python - >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}] - <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}] - ) - postgres? ( - dev-python/psycopg:2 - >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}] - <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}] - ) - >=dev-python/boto-2.32.1[${PYTHON_USEDEP}] - >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}] - >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}] - !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}] - >=dev-python/jinja-2.6[${PYTHON_USEDEP}] - >=dev-python/keystonemiddleware-1.5.0[${PYTHON_USEDEP}] - <dev-python/keystonemiddleware-1.6.0[${PYTHON_USEDEP}] - >=dev-python/lxml-2.3[${PYTHON_USEDEP}] - >=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}] - !~dev-python/routes-2.0[${PYTHON_USEDEP}] - >=dev-python/webob-1.2.3[${PYTHON_USEDEP}] - >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] - >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}] - dev-python/paste[${PYTHON_USEDEP}] - >=dev-python/sqlalchemy-migrate-0.9.5[${PYTHON_USEDEP}] - !~dev-python/sqlalchemy-migrate-0.9.8[${PYTHON_USEDEP}] - <dev-python/sqlalchemy-migrate-0.10.0[${PYTHON_USEDEP}] - >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}] - >=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}] - dev-python/pyasn1[${PYTHON_USEDEP}] - >=dev-python/Babel-1.3[${PYTHON_USEDEP}] - >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}] - >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}] - <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}] - >=dev-python/python-cinderclient-1.1.0[${PYTHON_USEDEP}] - <dev-python/python-cinderclient-1.2.0[${PYTHON_USEDEP}] - >=dev-python/python-neutronclient-2.4.0[${PYTHON_USEDEP}] - <dev-python/python-neutronclient-2.5.0[${PYTHON_USEDEP}] - >=dev-python/python-glanceclient-0.15.0[${PYTHON_USEDEP}] - <dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}] - >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}] - <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}] - >=dev-python/six-1.9.0[${PYTHON_USEDEP}] - >=dev-python/stevedore-1.3.0[${PYTHON_USEDEP}] - <dev-python/stevedore-1.4.0[${PYTHON_USEDEP}] - >=dev-python/websockify-0.6.0[${PYTHON_USEDEP}] - <dev-python/websockify-0.7.0[${PYTHON_USEDEP}] - >=dev-python/oslo-concurrency-1.8.2[${PYTHON_USEDEP}] - <dev-python/oslo-concurrency-1.9.0[${PYTHON_USEDEP}] - >=dev-python/oslo-config-1.9.3[${PYTHON_USEDEP}] - <dev-python/oslo-config-1.10.0[${PYTHON_USEDEP}] - >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}] - <dev-python/oslo-context-0.3.0[${PYTHON_USEDEP}] - >=dev-python/oslo-log-1.0.0[${PYTHON_USEDEP}] - <dev-python/oslo-log-1.1.0[${PYTHON_USEDEP}] - >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}] - <dev-python/oslo-serialization-1.5.0[${PYTHON_USEDEP}] - >=dev-python/oslo-utils-1.4.0[${PYTHON_USEDEP}] - !~dev-python/oslo-utils-1.4.1[${PYTHON_USEDEP}] - <dev-python/oslo-utils-1.5.0[${PYTHON_USEDEP}] - >=dev-python/oslo-db-1.7.0[${PYTHON_USEDEP}] - <dev-python/oslo-db-1.8.0[${PYTHON_USEDEP}] - >=dev-python/oslo-rootwrap-1.6.0[${PYTHON_USEDEP}] - <dev-python/oslo-rootwrap-1.7.0[${PYTHON_USEDEP}] - >=dev-python/oslo-messaging-1.8.0[${PYTHON_USEDEP}] - <dev-python/oslo-messaging-1.9.0[${PYTHON_USEDEP}] - >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}] - <dev-python/oslo-i18n-1.6.0[${PYTHON_USEDEP}] - >=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}] - >=dev-python/oslo-middleware-1.0.0[${PYTHON_USEDEP}] - <dev-python/oslo-middleware-1.1.0[${PYTHON_USEDEP}] - >=dev-python/psutil-1.1.1[${PYTHON_USEDEP}] - <dev-python/psutil-2.0.0[${PYTHON_USEDEP}] - dev-python/libvirt-python[${PYTHON_USEDEP}] - app-emulation/libvirt[iscsi?] - novncproxy? ( www-apps/novnc ) - sys-apps/iproute2 - openvswitch? ( net-misc/openvswitch ) - rabbitmq? ( net-misc/rabbitmq-server ) - memcached? ( net-misc/memcached - dev-python/python-memcached ) - sys-fs/sysfsutils - sys-fs/multipath-tools - net-misc/bridge-utils - compute? ( - app-cdr/cdrkit - kvm? ( app-emulation/qemu ) - xen? ( app-emulation/xen - app-emulation/xen-tools ) - ) - iscsi? ( - sys-fs/lsscsi - >=sys-block/open-iscsi-2.0.872-r3 - )" - -PATCHES=( -) - -pkg_setup() { - linux-info_pkg_setup - CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \ - IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \ - NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \ - ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT" - if linux_config_exists; then - for module in ${CONFIG_CHECK_MODULES}; do - linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel" - done - fi - enewgroup nova - enewuser nova -1 -1 /var/lib/nova nova -} - -python_prepare_all() { - sed -i '/^hacking/d' test-requirements.txt || die - sed -i 's/python/python2\.7/g' tools/config/generate_sample.sh || die - distutils-r1_python_prepare_all -} - -python_compile() { - distutils-r1_python_compile - ./tools/config/generate_sample.sh -b ./ -p nova -o etc/nova || die -} - -python_test() { - testr init - testr run --parallel || die "failed testsuite under python2.7" -} - -python_install() { - distutils-r1_python_install - - if use !compute-only; then - for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do - newinitd "${FILESDIR}/nova.initd" "nova-${svc}" - done - fi - use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute" - use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy" - - diropts -m 0750 -o nova -g qemu - dodir /var/log/nova /var/lib/nova/instances - diropts -m 0750 -o nova -g nova - - insinto /etc/nova - insopts -m 0640 -o nova -g nova - newins "etc/nova/nova.conf.sample" "nova.conf" - doins "etc/nova/api-paste.ini" - doins "etc/nova/logging_sample.conf" - doins "etc/nova/policy.json" - doins "etc/nova/rootwrap.conf" - #rootwrap filters - insinto /etc/nova/rootwrap.d - doins "etc/nova/rootwrap.d/api-metadata.filters" - doins "etc/nova/rootwrap.d/compute.filters" - doins "etc/nova/rootwrap.d/network.filters" - #copy migration conf file (not coppied on install via setup.py script) - insopts -m 0644 - insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/ - doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg" - #copy the CA cert dir (not coppied on install via setup.py script) - cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed" - - #add sudoers definitions for user nova - insinto /etc/sudoers.d/ - insopts -m 0600 -o root -g root - doins "${FILESDIR}/nova-sudoers" - - if use iscsi ; then - # Install udev rules for handle iscsi disk with right links under /dev - udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules - - insinto /etc/nova/ - doins "${FILESDIR}/scsi-openscsi-link.sh" - fi -} - -pkg_postinst() { - if use iscsi ; then - elog "iscsid needs to be running if you want cinder to connect" - fi -} |