From 440c9286ac4b1d2e10c25cb883250bc497611159 Mon Sep 17 00:00:00 2001 From: Matthew Thode Date: Tue, 25 Aug 2020 11:53:37 -0500 Subject: sys-cluster/nova: fix CVE-2020-17376 (live migration data leak) Package-Manager: Portage-3.0.4, Repoman-2.3.23 RepoMan-Options: --force Signed-off-by: Matthew Thode --- sys-cluster/nova/files/CVE-2020-17376.patch | 141 ++++++++++++++++++ sys-cluster/nova/nova-21.0.0-r1.ebuild | 217 ++++++++++++++++++++++++++++ sys-cluster/nova/nova-21.0.0.ebuild | 216 --------------------------- 3 files changed, 358 insertions(+), 216 deletions(-) create mode 100644 sys-cluster/nova/files/CVE-2020-17376.patch create mode 100644 sys-cluster/nova/nova-21.0.0-r1.ebuild delete mode 100644 sys-cluster/nova/nova-21.0.0.ebuild (limited to 'sys-cluster') diff --git a/sys-cluster/nova/files/CVE-2020-17376.patch b/sys-cluster/nova/files/CVE-2020-17376.patch new file mode 100644 index 000000000000..8cb2d4423f72 --- /dev/null +++ b/sys-cluster/nova/files/CVE-2020-17376.patch @@ -0,0 +1,141 @@ +From bbf9d1de06e9991acd968fceee899a8df3776d60 Mon Sep 17 00:00:00 2001 +From: Lee Yarwood +Date: Wed, 5 Aug 2020 23:00:06 +0100 +Subject: [PATCH] libvirt: Provide VIR_MIGRATE_PARAM_PERSIST_XML during live + migration + +The VIR_MIGRATE_PARAM_PERSIST_XML parameter was introduced in libvirt +v1.3.4 and is used to provide the new persistent configuration for the +destination during a live migration: + +https://libvirt.org/html/libvirt-libvirt-domain.html#VIR_MIGRATE_PARAM_PERSIST_XML + +Without this parameter the persistent configuration on the destination +will be the same as the original persistent configuration on the source +when the VIR_MIGRATE_PERSIST_DEST flag is provided. + +As Nova does not currently provide the VIR_MIGRATE_PARAM_PERSIST_XML +param but does provide the VIR_MIGRATE_PERSIST_DEST flag this means that +a soft reboot by Nova of the instance after a live migration can revert +the domain back to the original persistent configuration from the +source. + +Note that this is only possible in Nova as a soft reboot actually +results in the virDomainShutdown and virDomainLaunch libvirt APIs being +called that recreate the domain using the persistent configuration. +virDomainReboot does not result in this but is not called at this time. + +The impact of this on the instance after the soft reboot is pretty +severe, host devices referenced in the original persistent configuration +on the source may not exist or could even be used by other users on the +destination. CPU and NUMA affinity could also differ drastically between +the two hosts resulting in the instance being unable to start etc. + +As MIN_LIBVIRT_VERSION is now > v1.3.4 this change simply includes the +VIR_MIGRATE_PARAM_PERSIST_XML param using the same updated XML for the +destination as is already provided to VIR_MIGRATE_PARAM_DEST_XML. + +NOTE(lyarwood): A simple change to test_migrate_v3_unicode is included +as Iccce0ab50eee515e533ab36c8e7adc10cb3f7019 had removed this from +master. + +Co-authored-by: Tadayoshi Hosoya +Closes-Bug: #1890501 +Change-Id: Ia3f1d8e83cbc574ce5cb440032e12bbcb1e10e98 +(cherry picked from commit 1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff) +Signed-off-by: Matthew Thode +--- + nova/tests/unit/virt/libvirt/test_driver.py | 8 +++++++- + nova/tests/unit/virt/libvirt/test_guest.py | 2 ++ + nova/virt/libvirt/guest.py | 1 + + 3 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py +index b416641d362..99ce85a870b 100644 +--- a/nova/tests/unit/virt/libvirt/test_driver.py ++++ b/nova/tests/unit/virt/libvirt/test_driver.py +@@ -11196,6 +11196,7 @@ class LibvirtConnTestCase(test.NoDBTestCase, + 'migrate_disks': disk_paths, + 'bandwidth': _bandwidth, + 'destination_xml': target_xml, ++ 'persistent_xml': target_xml, + } + + # start test +@@ -11303,7 +11304,8 @@ class LibvirtConnTestCase(test.NoDBTestCase, + 'migrate_disks': disk_paths, + 'migrate_uri': 'tcp://127.0.0.2', + 'bandwidth': CONF.libvirt.live_migration_bandwidth, +- 'destination_xml': target_xml ++ 'destination_xml': target_xml, ++ 'persistent_xml': target_xml, + } + + # Start test +@@ -11462,6 +11464,7 @@ class LibvirtConnTestCase(test.NoDBTestCase, + 'migrate_uri': 'tcp://127.0.0.2', + 'bandwidth': CONF.libvirt.live_migration_bandwidth, + 'destination_xml': target_xml, ++ 'persistent_xml': target_xml, + } + + # start test +@@ -11813,6 +11816,7 @@ class LibvirtConnTestCase(test.NoDBTestCase, + 'migrate_disks': ['vda', 'vdb'], + 'bandwidth': CONF.libvirt.live_migration_bandwidth, + 'destination_xml': target_xml, ++ 'persistent_xml': target_xml, + } + + # start test +@@ -11939,6 +11943,7 @@ class LibvirtConnTestCase(test.NoDBTestCase, + 'migrate_disks': device_names, + 'bandwidth': CONF.libvirt.live_migration_bandwidth, + 'destination_xml': '', ++ 'persistent_xml': '', + } + if not params['migrate_disks']: + del params['migrate_disks'] +@@ -12078,6 +12083,7 @@ class LibvirtConnTestCase(test.NoDBTestCase, + 'migrate_disks': disk_paths, + 'bandwidth': CONF.libvirt.live_migration_bandwidth, + 'destination_xml': '', ++ 'persistent_xml': '', + } + + # Prepare mocks +diff --git a/nova/tests/unit/virt/libvirt/test_guest.py b/nova/tests/unit/virt/libvirt/test_guest.py +index 55642c66f66..51899b730b3 100644 +--- a/nova/tests/unit/virt/libvirt/test_guest.py ++++ b/nova/tests/unit/virt/libvirt/test_guest.py +@@ -682,6 +682,7 @@ class GuestTestCase(test.NoDBTestCase): + 'an-uri', flags=1, params={'migrate_uri': 'dest-uri', + 'migrate_disks': 'disk1', + 'destination_xml': '', ++ 'persistent_xml': '', + 'bandwidth': 2}) + + @testtools.skipIf(not six.PY2, 'libvirt python3 bindings accept unicode') +@@ -699,6 +700,7 @@ class GuestTestCase(test.NoDBTestCase): + 'migrate_disks': ['disk1', + 'disk2'], + 'destination_xml': expect_dest_xml, ++ 'persistent_xml': expect_dest_xml, + 'bandwidth': 2}) + + def test_abort_job(self): +diff --git a/nova/virt/libvirt/guest.py b/nova/virt/libvirt/guest.py +index 0d485eb86d9..46593247303 100644 +--- a/nova/virt/libvirt/guest.py ++++ b/nova/virt/libvirt/guest.py +@@ -638,6 +638,7 @@ class Guest(object): + + if destination_xml: + params['destination_xml'] = destination_xml ++ params['persistent_xml'] = destination_xml + if migrate_disks: + params['migrate_disks'] = migrate_disks + if migrate_uri: +-- +2.26.2 + diff --git a/sys-cluster/nova/nova-21.0.0-r1.ebuild b/sys-cluster/nova/nova-21.0.0-r1.ebuild new file mode 100644 index 000000000000..e96174c2c999 --- /dev/null +++ b/sys-cluster/nova/nova-21.0.0-r1.ebuild @@ -0,0 +1,217 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_7 ) +inherit distutils-r1 eutils linux-info multilib + +DESCRIPTION="Cloud computing fabric controller" +HOMEPAGE="https://launchpad.net/nova" + +if [[ ${PV} == *9999 ]];then + inherit git-r3 + SRC_URI="https://dev.gentoo.org/~prometheanfire/dist/openstack/nova/ussuri/nova.conf.sample -> nova.conf.sample-${PV}" + EGIT_REPO_URI="https://github.com/openstack/nova.git" + EGIT_BRANCH="stable/ussuri" +else + SRC_URI="https://dev.gentoo.org/~prometheanfire/dist/openstack/nova/ussuri/nova.conf.sample -> nova.conf.sample-${PV} + https://tarballs.openstack.org/${PN}/${P}.tar.gz" + KEYWORDS="amd64 ~arm64 x86" +fi + +LICENSE="Apache-2.0" +SLOT="0" +IUSE="+compute compute-only iscsi +memcached +mysql +novncproxy openvswitch postgres +rabbitmq sqlite" +REQUIRED_USE=" + !compute-only? ( || ( mysql postgres sqlite ) ) + compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )" + +CDEPEND=" + >=dev-python/pbr-2.0.0[${PYTHON_USEDEP}] + !~dev-python/pbr-2.1.0[${PYTHON_USEDEP}]" +DEPEND=" + ${CDEPEND} + app-admin/sudo" + +RDEPEND=" + ${CDEPEND} + compute-only? ( + >=dev-python/sqlalchemy-1.2.19[${PYTHON_USEDEP}] + ) + sqlite? ( + >=dev-python/sqlalchemy-1.2.19[sqlite,${PYTHON_USEDEP}] + ) + mysql? ( + >=dev-python/pymysql-0.7.6[${PYTHON_USEDEP}] + !~dev-python/pymysql-0.7.7[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-1.2.19[${PYTHON_USEDEP}] + ) + postgres? ( + >=dev-python/psycopg-2.5.0[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-1.2.19[${PYTHON_USEDEP}] + ) + >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}] + >=dev-python/eventlet-0.20.0[${PYTHON_USEDEP}] + !~dev-python/eventlet-0.20.1[${PYTHON_USEDEP}] + >=dev-python/jinja-2.10[${PYTHON_USEDEP}] + >=dev-python/keystonemiddleware-4.17.0[${PYTHON_USEDEP}] + >=dev-python/lxml-2.4.1[${PYTHON_USEDEP}] + !~dev-python/lxml-3.7.0[${PYTHON_USEDEP}] + >=dev-python/routes-2.3.1[${PYTHON_USEDEP}] + >=dev-python/cryptography-2.7[${PYTHON_USEDEP}] + >=dev-python/webob-1.8.2[${PYTHON_USEDEP}] + >=dev-python/greenlet-0.4.10[${PYTHON_USEDEP}] + !~dev-python/greenlet-0.4.14[${PYTHON_USEDEP}] + >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}] + >=dev-python/paste-2.0.2[${PYTHON_USEDEP}] + >=dev-python/prettytable-0.7.1[${PYTHON_USEDEP}] + =dev-python/sqlalchemy-migrate-0.13.0[${PYTHON_USEDEP}] + >=dev-python/netaddr-0.7.18[${PYTHON_USEDEP}] + >=dev-python/netifaces-0.10.4[${PYTHON_USEDEP}] + >=dev-python/paramiko-2.0.0[${PYTHON_USEDEP}] + >=dev-python/Babel-2.3.4[${PYTHON_USEDEP}] + !~dev-python/Babel-2.4.0[${PYTHON_USEDEP}] + >=dev-python/iso8601-0.1.11[${PYTHON_USEDEP}] + >=dev-python/jsonschema-2.6.0[${PYTHON_USEDEP}] + >=dev-python/python-cinderclient-3.3.0[${PYTHON_USEDEP}] + !~dev-python/python-cinderclient-4.0.0[${PYTHON_USEDEP}] + >=dev-python/keystoneauth-3.16.0[${PYTHON_USEDEP}] + >=dev-python/python-neutronclient-6.7.0[${PYTHON_USEDEP}] + >=dev-python/python-glanceclient-2.8.0[${PYTHON_USEDEP}] + >=dev-python/requests-2.14.2[${PYTHON_USEDEP}] + >=dev-python/six-1.10.0[${PYTHON_USEDEP}] + >=dev-python/stevedore-1.20.0[${PYTHON_USEDEP}] + >=dev-python/websockify-0.9.0[${PYTHON_USEDEP}] + >=dev-python/oslo-cache-1.26.0[${PYTHON_USEDEP}] + >=dev-python/oslo-concurrency-3.29.0[${PYTHON_USEDEP}] + >=dev-python/oslo-config-6.1.0[${PYTHON_USEDEP}] + >=dev-python/oslo-context-2.21.0[${PYTHON_USEDEP}] + >=dev-python/oslo-log-3.36.0[${PYTHON_USEDEP}] + >=dev-python/oslo-reports-1.18.0[${PYTHON_USEDEP}] + >=dev-python/oslo-serialization-1.21.0[${PYTHON_USEDEP}] + >=dev-python/oslo-upgradecheck-0.1.1[${PYTHON_USEDEP}] + !~dev-python/oslo-serialization-2.19.1[${PYTHON_USEDEP}] + >=dev-python/oslo-utils-4.1.0[${PYTHON_USEDEP}] + >=dev-python/oslo-db-4.44.0[${PYTHON_USEDEP}] + >=dev-python/oslo-rootwrap-5.8.0[${PYTHON_USEDEP}] + >=dev-python/oslo-messaging-10.3.0[${PYTHON_USEDEP}] + >=dev-python/oslo-policy-3.1.0[${PYTHON_USEDEP}] + >=dev-python/oslo-privsep-1.33.2[${PYTHON_USEDEP}] + >=dev-python/oslo-i18n-3.15.3[${PYTHON_USEDEP}] + >=dev-python/oslo-service-1.40.1[${PYTHON_USEDEP}] + >=dev-python/rfc3986-1.1.0[${PYTHON_USEDEP}] + >=dev-python/oslo-middleware-3.31.0[${PYTHON_USEDEP}] + >=dev-python/psutil-3.2.2[${PYTHON_USEDEP}] + >=dev-python/oslo-versionedobjects-1.35.0[${PYTHON_USEDEP}] + >=dev-python/os-brick-3.0.1[${PYTHON_USEDEP}] + >=dev-python/os-resource-classes-0.4.0[${PYTHON_USEDEP}] + >=dev-python/os-traits-2.2.0[${PYTHON_USEDEP}] + >=dev-python/os-vif-1.14.0[${PYTHON_USEDEP}] + >=dev-python/os-win-3.0.0[${PYTHON_USEDEP}] + >=dev-python/castellan-0.16.0[${PYTHON_USEDEP}] + >=dev-python/microversion-parse-0.2.1[${PYTHON_USEDEP}] + >=dev-python/os-xenapi-0.3.3[${PYTHON_USEDEP}] + >=dev-python/tooz-1.58.0[${PYTHON_USEDEP}] + >=dev-python/cursive-0.2.1[${PYTHON_USEDEP}] + >=dev-python/pypowervm-1.1.15[${PYTHON_USEDEP}] + >=dev-python/retrying-1.3.3[${PYTHON_USEDEP}] + >=dev-python/os-service-types-1.7.0[${PYTHON_USEDEP}] + >=dev-python/taskflow-2.16.0[${PYTHON_USEDEP}] + >=dev-python/python-dateutil-2.5.3[${PYTHON_USEDEP}] + >=dev-python/zVMCloudConnector-1.3.0[${PYTHON_USEDEP}] + >=dev-python/openstacksdk-0.35.0[${PYTHON_USEDEP}] + dev-python/libvirt-python[${PYTHON_USEDEP}] + app-emulation/libvirt[iscsi?] + app-emulation/spice-html5 + novncproxy? ( www-apps/novnc ) + sys-apps/iproute2 + openvswitch? ( net-misc/openvswitch ) + rabbitmq? ( net-misc/rabbitmq-server ) + memcached? ( + net-misc/memcached + >=dev-python/python-memcached-1.58 + ) + sys-fs/sysfsutils + sys-fs/multipath-tools + net-misc/bridge-utils + compute? ( + app-cdr/cdrtools + sys-fs/dosfstools + app-emulation/qemu + ) + iscsi? ( + sys-fs/lsscsi + >=sys-block/open-iscsi-2.0.873-r1 + ) + acct-user/nova + acct-group/nova" + +PATCHES=( + "${FILESDIR}/CVE-2020-17376.patch" +) + +pkg_setup() { + linux-info_pkg_setup + CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \ + IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \ + NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \ + ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT" + if linux_config_exists; then + for module in ${CONFIG_CHECK_MODULES}; do + linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel" + done + fi +} + +python_prepare_all() { + sed -i '/^hacking/d' test-requirements.txt || die + distutils-r1_python_prepare_all +} + +python_install_all() { + distutils-r1_python_install_all + + if use !compute-only; then + for svc in api conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do + newinitd "${FILESDIR}/nova.initd" "nova-${svc}" + done + fi + use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute" + use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy" + + diropts -m 0750 -o nova -g qemu + dodir /var/log/nova /var/lib/nova/instances + diropts -m 0750 -o nova -g nova + + insinto /etc/nova + insopts -m 0640 -o nova -g nova + newins "${DISTDIR}/nova.conf.sample-${PV}" "nova.conf.sample" + doins "${FILESDIR}/nova-compute.conf" + doins "${S}/etc/nova/"* + # rootwrap filters + insopts -m 0644 + insinto /etc/nova/rootwrap.d + doins "etc/nova/rootwrap.d/compute.filters" + + # add sudoers definitions for user nova + insinto /etc/sudoers.d/ + insopts -m 0600 -o root -g root + doins "${FILESDIR}/nova-sudoers" + + if use iscsi ; then + # Install udev rules for handle iscsi disk with right links under /dev + udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules + + insinto /etc/nova/ + doins "${FILESDIR}/scsi-openscsi-link.sh" + fi + rm -r "${ED}/usr/etc" +} + +pkg_postinst() { + if use iscsi ; then + elog "iscsid needs to be running if you want cinder to connect" + fi +} diff --git a/sys-cluster/nova/nova-21.0.0.ebuild b/sys-cluster/nova/nova-21.0.0.ebuild deleted file mode 100644 index 8601ad73fd10..000000000000 --- a/sys-cluster/nova/nova-21.0.0.ebuild +++ /dev/null @@ -1,216 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_7 ) -inherit distutils-r1 eutils linux-info multilib - -DESCRIPTION="Cloud computing fabric controller" -HOMEPAGE="https://launchpad.net/nova" - -if [[ ${PV} == *9999 ]];then - inherit git-r3 - SRC_URI="https://dev.gentoo.org/~prometheanfire/dist/openstack/nova/ussuri/nova.conf.sample -> nova.conf.sample-${PV}" - EGIT_REPO_URI="https://github.com/openstack/nova.git" - EGIT_BRANCH="stable/ussuri" -else - SRC_URI="https://dev.gentoo.org/~prometheanfire/dist/openstack/nova/ussuri/nova.conf.sample -> nova.conf.sample-${PV} - https://tarballs.openstack.org/${PN}/${P}.tar.gz" - KEYWORDS="amd64 ~arm64 x86" -fi - -LICENSE="Apache-2.0" -SLOT="0" -IUSE="+compute compute-only iscsi +memcached +mysql +novncproxy openvswitch postgres +rabbitmq sqlite" -REQUIRED_USE=" - !compute-only? ( || ( mysql postgres sqlite ) ) - compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )" - -CDEPEND=" - >=dev-python/pbr-2.0.0[${PYTHON_USEDEP}] - !~dev-python/pbr-2.1.0[${PYTHON_USEDEP}]" -DEPEND=" - ${CDEPEND} - app-admin/sudo" - -RDEPEND=" - ${CDEPEND} - compute-only? ( - >=dev-python/sqlalchemy-1.2.19[${PYTHON_USEDEP}] - ) - sqlite? ( - >=dev-python/sqlalchemy-1.2.19[sqlite,${PYTHON_USEDEP}] - ) - mysql? ( - >=dev-python/pymysql-0.7.6[${PYTHON_USEDEP}] - !~dev-python/pymysql-0.7.7[${PYTHON_USEDEP}] - >=dev-python/sqlalchemy-1.2.19[${PYTHON_USEDEP}] - ) - postgres? ( - >=dev-python/psycopg-2.5.0[${PYTHON_USEDEP}] - >=dev-python/sqlalchemy-1.2.19[${PYTHON_USEDEP}] - ) - >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}] - >=dev-python/eventlet-0.20.0[${PYTHON_USEDEP}] - !~dev-python/eventlet-0.20.1[${PYTHON_USEDEP}] - >=dev-python/jinja-2.10[${PYTHON_USEDEP}] - >=dev-python/keystonemiddleware-4.17.0[${PYTHON_USEDEP}] - >=dev-python/lxml-2.4.1[${PYTHON_USEDEP}] - !~dev-python/lxml-3.7.0[${PYTHON_USEDEP}] - >=dev-python/routes-2.3.1[${PYTHON_USEDEP}] - >=dev-python/cryptography-2.7[${PYTHON_USEDEP}] - >=dev-python/webob-1.8.2[${PYTHON_USEDEP}] - >=dev-python/greenlet-0.4.10[${PYTHON_USEDEP}] - !~dev-python/greenlet-0.4.14[${PYTHON_USEDEP}] - >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}] - >=dev-python/paste-2.0.2[${PYTHON_USEDEP}] - >=dev-python/prettytable-0.7.1[${PYTHON_USEDEP}] - =dev-python/sqlalchemy-migrate-0.13.0[${PYTHON_USEDEP}] - >=dev-python/netaddr-0.7.18[${PYTHON_USEDEP}] - >=dev-python/netifaces-0.10.4[${PYTHON_USEDEP}] - >=dev-python/paramiko-2.0.0[${PYTHON_USEDEP}] - >=dev-python/Babel-2.3.4[${PYTHON_USEDEP}] - !~dev-python/Babel-2.4.0[${PYTHON_USEDEP}] - >=dev-python/iso8601-0.1.11[${PYTHON_USEDEP}] - >=dev-python/jsonschema-2.6.0[${PYTHON_USEDEP}] - >=dev-python/python-cinderclient-3.3.0[${PYTHON_USEDEP}] - !~dev-python/python-cinderclient-4.0.0[${PYTHON_USEDEP}] - >=dev-python/keystoneauth-3.16.0[${PYTHON_USEDEP}] - >=dev-python/python-neutronclient-6.7.0[${PYTHON_USEDEP}] - >=dev-python/python-glanceclient-2.8.0[${PYTHON_USEDEP}] - >=dev-python/requests-2.14.2[${PYTHON_USEDEP}] - >=dev-python/six-1.10.0[${PYTHON_USEDEP}] - >=dev-python/stevedore-1.20.0[${PYTHON_USEDEP}] - >=dev-python/websockify-0.9.0[${PYTHON_USEDEP}] - >=dev-python/oslo-cache-1.26.0[${PYTHON_USEDEP}] - >=dev-python/oslo-concurrency-3.29.0[${PYTHON_USEDEP}] - >=dev-python/oslo-config-6.1.0[${PYTHON_USEDEP}] - >=dev-python/oslo-context-2.21.0[${PYTHON_USEDEP}] - >=dev-python/oslo-log-3.36.0[${PYTHON_USEDEP}] - >=dev-python/oslo-reports-1.18.0[${PYTHON_USEDEP}] - >=dev-python/oslo-serialization-1.21.0[${PYTHON_USEDEP}] - >=dev-python/oslo-upgradecheck-0.1.1[${PYTHON_USEDEP}] - !~dev-python/oslo-serialization-2.19.1[${PYTHON_USEDEP}] - >=dev-python/oslo-utils-4.1.0[${PYTHON_USEDEP}] - >=dev-python/oslo-db-4.44.0[${PYTHON_USEDEP}] - >=dev-python/oslo-rootwrap-5.8.0[${PYTHON_USEDEP}] - >=dev-python/oslo-messaging-10.3.0[${PYTHON_USEDEP}] - >=dev-python/oslo-policy-3.1.0[${PYTHON_USEDEP}] - >=dev-python/oslo-privsep-1.33.2[${PYTHON_USEDEP}] - >=dev-python/oslo-i18n-3.15.3[${PYTHON_USEDEP}] - >=dev-python/oslo-service-1.40.1[${PYTHON_USEDEP}] - >=dev-python/rfc3986-1.1.0[${PYTHON_USEDEP}] - >=dev-python/oslo-middleware-3.31.0[${PYTHON_USEDEP}] - >=dev-python/psutil-3.2.2[${PYTHON_USEDEP}] - >=dev-python/oslo-versionedobjects-1.35.0[${PYTHON_USEDEP}] - >=dev-python/os-brick-3.0.1[${PYTHON_USEDEP}] - >=dev-python/os-resource-classes-0.4.0[${PYTHON_USEDEP}] - >=dev-python/os-traits-2.2.0[${PYTHON_USEDEP}] - >=dev-python/os-vif-1.14.0[${PYTHON_USEDEP}] - >=dev-python/os-win-3.0.0[${PYTHON_USEDEP}] - >=dev-python/castellan-0.16.0[${PYTHON_USEDEP}] - >=dev-python/microversion-parse-0.2.1[${PYTHON_USEDEP}] - >=dev-python/os-xenapi-0.3.3[${PYTHON_USEDEP}] - >=dev-python/tooz-1.58.0[${PYTHON_USEDEP}] - >=dev-python/cursive-0.2.1[${PYTHON_USEDEP}] - >=dev-python/pypowervm-1.1.15[${PYTHON_USEDEP}] - >=dev-python/retrying-1.3.3[${PYTHON_USEDEP}] - >=dev-python/os-service-types-1.7.0[${PYTHON_USEDEP}] - >=dev-python/taskflow-2.16.0[${PYTHON_USEDEP}] - >=dev-python/python-dateutil-2.5.3[${PYTHON_USEDEP}] - >=dev-python/zVMCloudConnector-1.3.0[${PYTHON_USEDEP}] - >=dev-python/openstacksdk-0.35.0[${PYTHON_USEDEP}] - dev-python/libvirt-python[${PYTHON_USEDEP}] - app-emulation/libvirt[iscsi?] - app-emulation/spice-html5 - novncproxy? ( www-apps/novnc ) - sys-apps/iproute2 - openvswitch? ( net-misc/openvswitch ) - rabbitmq? ( net-misc/rabbitmq-server ) - memcached? ( - net-misc/memcached - >=dev-python/python-memcached-1.58 - ) - sys-fs/sysfsutils - sys-fs/multipath-tools - net-misc/bridge-utils - compute? ( - app-cdr/cdrtools - sys-fs/dosfstools - app-emulation/qemu - ) - iscsi? ( - sys-fs/lsscsi - >=sys-block/open-iscsi-2.0.873-r1 - ) - acct-user/nova - acct-group/nova" - -#PATCHES=( -#) - -pkg_setup() { - linux-info_pkg_setup - CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \ - IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \ - NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \ - ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT" - if linux_config_exists; then - for module in ${CONFIG_CHECK_MODULES}; do - linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel" - done - fi -} - -python_prepare_all() { - sed -i '/^hacking/d' test-requirements.txt || die - distutils-r1_python_prepare_all -} - -python_install_all() { - distutils-r1_python_install_all - - if use !compute-only; then - for svc in api conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do - newinitd "${FILESDIR}/nova.initd" "nova-${svc}" - done - fi - use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute" - use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy" - - diropts -m 0750 -o nova -g qemu - dodir /var/log/nova /var/lib/nova/instances - diropts -m 0750 -o nova -g nova - - insinto /etc/nova - insopts -m 0640 -o nova -g nova - newins "${DISTDIR}/nova.conf.sample-${PV}" "nova.conf.sample" - doins "${FILESDIR}/nova-compute.conf" - doins "${S}/etc/nova/"* - # rootwrap filters - insopts -m 0644 - insinto /etc/nova/rootwrap.d - doins "etc/nova/rootwrap.d/compute.filters" - - # add sudoers definitions for user nova - insinto /etc/sudoers.d/ - insopts -m 0600 -o root -g root - doins "${FILESDIR}/nova-sudoers" - - if use iscsi ; then - # Install udev rules for handle iscsi disk with right links under /dev - udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules - - insinto /etc/nova/ - doins "${FILESDIR}/scsi-openscsi-link.sh" - fi - rm -r "${ED}/usr/etc" -} - -pkg_postinst() { - if use iscsi ; then - elog "iscsid needs to be running if you want cinder to connect" - fi -} -- cgit v1.2.3-65-gdbad