summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Thode <prometheanfire@gentoo.org>2016-01-07 11:55:40 -0600
committerMatthew Thode <prometheanfire@gentoo.org>2016-01-07 11:55:40 -0600
commit82b087e56b85822daadc9457c90a1c3b1b0a4da0 (patch)
treedd43baf09e68a16a63dc3f3d0ea87eb3a3d51317
parentmedia-radio/svxlink: Version bump (bug #569512) (diff)
downloadgentoo-82b087e56b85822daadc9457c90a1c3b1b0a4da0.tar.gz
gentoo-82b087e56b85822daadc9457c90a1c3b1b0a4da0.tar.bz2
gentoo-82b087e56b85822daadc9457c90a1c3b1b0a4da0.zip
sys-cluster/nova: fixing CVE-2015-7548
Package-Manager: portage-2.2.26
-rw-r--r--sys-cluster/nova/Manifest2
-rw-r--r--sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch267
-rw-r--r--sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch168
-rw-r--r--sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch171
-rw-r--r--sys-cluster/nova/nova-12.0.0-r1.ebuild295
-rw-r--r--sys-cluster/nova/nova-2015.1.1-r3.ebuild253
-rw-r--r--sys-cluster/nova/nova-2015.1.2.ebuild253
7 files changed, 901 insertions, 508 deletions
diff --git a/sys-cluster/nova/Manifest b/sys-cluster/nova/Manifest
index fb999f0a697..4eb99d9a719 100644
--- a/sys-cluster/nova/Manifest
+++ b/sys-cluster/nova/Manifest
@@ -1,4 +1,2 @@
DIST liberty-nova.conf.sample 134201 SHA256 32752212c571c4a1473c3fa8bbd197a658ee54e233b4d46a157807be42997e42 SHA512 5325a31a0fccb9898bec0a022f5430dcc1729615c8eac88a4261c403f9ecd8ce2b07d73b52f3bc2c5cbe681234b30b923adb94385aac28e08d982a8f8bfef350 WHIRLPOOL 6d2894160a96742551777ce397b67f332c4f2793402f4634a2cfd0005ba99fb077cf0d0306a59e4b8c7f689914860e5d7f45d838c845d6a896a66c24f0f141c0
DIST nova-12.0.0.tar.gz 5233669 SHA256 28416df09a1f99b78d001d133e30f51acce389749d7e111c9e7dce18e7462ac4 SHA512 e3304684e090e8ec6cb45df5d77835d8b7d7c881c08e49c89cfa547a2581ec13bd66c430db01d7e82345650a1bc6fea77faa37092f00313c4fd58390ea3627d7 WHIRLPOOL 53f3afbae0cd3b8884c9074299f17b26d73074466bad491636ab0ef0fe1e636fa08267c6d26fff9d9b1850e8c9100d509fc47d1b76588d8f1564b23ebd707b17
-DIST nova-2015.1.1.tar.gz 4544374 SHA256 d9b480827995727f2ccc06e4b5709e689e8a466006e07157ce92bc9d074e197e SHA512 7aad21fc59143cd4acab4a97980aafa9b1216789a0206c0d3098f5d96257e40baa77ef45696982648cc82a7f988f40525621da402871eeb398b21699932cea64 WHIRLPOOL 08b94f93be1e5821cfaaa835f33af2ddc23e75cea3dc6f1ca82be80317db95abd38dda336cca212cd68111fa65ca8c53c62f684e07acd2c1906e8d4cfc989905
-DIST nova-2015.1.2.tar.gz 4564794 SHA256 8ea47c076367dec47d7bea89210f260da64171be5adf559ced8514d5fdb6c453 SHA512 c3ec70f90723dbbc6c04a1ab5e5fd43b43c4080ab6a7454bd48d47eb2f228fe22b59f999f881dfb28fbd502e084c0c8764f5cdf4b096f6af46a2f0c97f0e4f61 WHIRLPOOL d3e038905726574864cc5c4d04ead21c90c24a676bc6d5580e65a1b37830889b92b7df09165b5f97e345aa99ba94a3f42b3212119a4bae34b318aa5946052bf6
diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch
new file mode 100644
index 00000000000..9f2429df1ab
--- /dev/null
+++ b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0001.patch
@@ -0,0 +1,267 @@
+From f41488f828fda1370e1b017503711248a810d432 Mon Sep 17 00:00:00 2001
+From: Matthew Booth <mbooth@redhat.com>
+Date: Wed, 9 Dec 2015 15:36:32 +0000
+Subject: [PATCH 1/3] Fix format detection in libvirt snapshot
+
+The libvirt driver was using automatic format detection during
+snapshot for disks stored on the local filesystem. This opened an
+exploit if nova was configured to use local file storage, and
+additionally to store those files in raw format by specifying
+use_cow_images = False in nova.conf. An authenticated user could write
+a qcow2 header to their guest image with a backing file on the host.
+libvirt.utils.get_disk_type() would then misdetect the type of this
+image as qcow2 and pass this to the Qcow2 image backend, whose
+snapshot_extract method interprets the image as qcow2 and writes the
+backing file to glance. The authenticated user can then download the
+host file from glance.
+
+This patch makes 2 principal changes. libvirt.utils.get_disk_type,
+which ought to be removed entirely as soon as possible, is updated to
+no longer do format detection if the format can't be determined from
+the path. Its name is changed to get_disk_type_from_path to reflect
+its actual function.
+
+libvirt.utils.find_disk is updated to return both the path and format
+of the root disk, rather than just the path. This is the most reliable
+source of this information, as it reflects the actual format in use.
+The previous format detection function of get_disk_type is replaced by
+the format taken from libvirt.
+
+We replace a call to get_disk_type in _rebase_with_qemu_img with an
+explicit call to qemu_img_info, as the other behaviour of
+get_disk_type was not relevant in this context. qemu_img_info is safe
+from the backing file exploit when called on a file known to be a
+qcow2 image. As the file in this context is a volume snapshot, this is
+a safe use.
+
+(cherry picked from commit c69fbad4860a1ce931d80f3f0ce0f90da29e8e5f)
+
+ Conflicts:
+ nova/tests/unit/virt/libvirt/test_driver.py
+ nova/tests/unit/virt/libvirt/test_utils.py
+ nova/virt/libvirt/driver.py
+ nova/virt/libvirt/utils.py
+
+ Most about method _rebase_with_qemu_img which does not exist.
+
+Partial-Bug: #1524274
+Change-Id: I94c1c0d26215c061f71c3f95e1a6bf3a58fa19ea
+---
+ nova/tests/unit/virt/libvirt/fake_libvirt_utils.py | 10 +++--
+ nova/tests/unit/virt/libvirt/test_utils.py | 44 +++-------------------
+ nova/virt/libvirt/driver.py | 25 +++++++++---
+ nova/virt/libvirt/utils.py | 26 ++++++++++---
+ 4 files changed, 51 insertions(+), 54 deletions(-)
+
+diff --git a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
+index 302ccee..52d1e85 100644
+--- a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
++++ b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
+@@ -40,7 +40,9 @@ def get_disk_backing_file(path):
+ return disk_backing_files.get(path, None)
+
+
+-def get_disk_type(path):
++def get_disk_type_from_path(path):
++ if disk_type in ('raw', 'qcow2'):
++ return None
+ return disk_type
+
+
+@@ -99,11 +101,11 @@ def file_open(path, mode=None):
+
+ def find_disk(virt_dom):
+ if disk_type == 'lvm':
+- return "/dev/nova-vg/lv"
++ return ("/dev/nova-vg/lv", "raw")
+ elif disk_type in ['raw', 'qcow2']:
+- return "filename"
++ return ("filename", disk_type)
+ else:
+- return "unknown_type_disk"
++ return ("unknown_type_disk", None)
+
+
+ def load_file(path):
+diff --git a/nova/tests/unit/virt/libvirt/test_utils.py b/nova/tests/unit/virt/libvirt/test_utils.py
+index ac7ea8d..6773bea 100644
+--- a/nova/tests/unit/virt/libvirt/test_utils.py
++++ b/nova/tests/unit/virt/libvirt/test_utils.py
+@@ -39,24 +39,6 @@ CONF = cfg.CONF
+
+ class LibvirtUtilsTestCase(test.NoDBTestCase):
+
+- @mock.patch('os.path.exists', return_value=True)
+- @mock.patch('nova.utils.execute')
+- def test_get_disk_type(self, mock_execute, mock_exists):
+- path = "disk.config"
+- example_output = """image: disk.config
+-file format: raw
+-virtual size: 64M (67108864 bytes)
+-cluster_size: 65536
+-disk size: 96K
+-blah BLAH: bb
+-"""
+- mock_execute.return_value = (example_output, '')
+- disk_type = libvirt_utils.get_disk_type(path)
+- mock_execute.assert_called_once_with('env', 'LC_ALL=C', 'LANG=C',
+- 'qemu-img', 'info', path)
+- mock_exists.assert_called_once_with(path)
+- self.assertEqual('raw', disk_type)
+-
+ @mock.patch('nova.utils.execute')
+ def test_copy_image_local(self, mock_execute):
+ libvirt_utils.copy_image('src', 'dest')
+@@ -77,37 +59,21 @@ blah BLAH: bb
+ on_completion=None, on_execute=None, compression=True)
+
+ @mock.patch('os.path.exists', return_value=True)
+- def test_disk_type(self, mock_exists):
++ def test_disk_type_from_path(self, mock_exists):
+ # Seems like lvm detection
+ # if its in /dev ??
+ for p in ['/dev/b', '/dev/blah/blah']:
+- d_type = libvirt_utils.get_disk_type(p)
++ d_type = libvirt_utils.get_disk_type_from_path(p)
+ self.assertEqual('lvm', d_type)
+
+ # Try rbd detection
+- d_type = libvirt_utils.get_disk_type('rbd:pool/instance')
++ d_type = libvirt_utils.get_disk_type_from_path('rbd:pool/instance')
+ self.assertEqual('rbd', d_type)
+
+ # Try the other types
+- template_output = """image: %(path)s
+-file format: %(format)s
+-virtual size: 64M (67108864 bytes)
+-cluster_size: 65536
+-disk size: 96K
+-"""
+ path = '/myhome/disk.config'
+- for f in ['raw', 'qcow2']:
+- output = template_output % ({
+- 'format': f,
+- 'path': path,
+- })
+- with mock.patch('nova.utils.execute',
+- return_value=(output, '')) as mock_execute:
+- d_type = libvirt_utils.get_disk_type(path)
+- mock_execute.assert_called_once_with(
+- 'env', 'LC_ALL=C', 'LANG=C',
+- 'qemu-img', 'info', path)
+- self.assertEqual(f, d_type)
++ d_type = libvirt_utils.get_disk_type_from_path(path)
++ self.assertIsNone(d_type)
+
+ @mock.patch('os.path.exists', return_value=True)
+ @mock.patch('nova.utils.execute')
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index fc1c909..51b1e4b 100644
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -1338,10 +1338,23 @@ class LibvirtDriver(driver.ComputeDriver):
+
+ snapshot = self._image_api.get(context, image_id)
+
+- disk_path = libvirt_utils.find_disk(virt_dom)
+- source_format = libvirt_utils.get_disk_type(disk_path)
+-
+- image_format = CONF.libvirt.snapshot_image_format or source_format
++ # source_format is an on-disk format
++ # source_type is a backend type
++ disk_path, source_format = libvirt_utils.find_disk(virt_dom)
++ source_type = libvirt_utils.get_disk_type_from_path(disk_path)
++
++ # We won't have source_type for raw or qcow2 disks, because we can't
++ # determine that from the path. We should have it from the libvirt
++ # xml, though.
++ if source_type is None:
++ source_type = source_format
++ # For lxc instances we won't have it either from libvirt xml
++ # (because we just gave libvirt the mounted filesystem), or the path,
++ # so source_type is still going to be None. In this case,
++ # snapshot_backend is going to default to CONF.libvirt.images_type
++ # below, which is still safe.
++
++ image_format = CONF.libvirt.snapshot_image_format or source_type
+
+ # NOTE(bfilippov): save lvm and rbd as raw
+ if image_format == 'lvm' or image_format == 'rbd':
+@@ -1367,7 +1380,7 @@ class LibvirtDriver(driver.ComputeDriver):
+ if (self._host.has_min_version(MIN_LIBVIRT_LIVESNAPSHOT_VERSION,
+ MIN_QEMU_LIVESNAPSHOT_VERSION,
+ host.HV_DRIVER_QEMU)
+- and source_format not in ('lvm', 'rbd')
++ and source_type not in ('lvm', 'rbd')
+ and not CONF.ephemeral_storage_encryption.enabled
+ and not CONF.workarounds.disable_libvirt_livesnapshot):
+ live_snapshot = True
+@@ -1402,7 +1415,7 @@ class LibvirtDriver(driver.ComputeDriver):
+
+ snapshot_backend = self.image_backend.snapshot(instance,
+ disk_path,
+- image_type=source_format)
++ image_type=source_type)
+
+ if live_snapshot:
+ LOG.info(_LI("Beginning live snapshot process"),
+diff --git a/nova/virt/libvirt/utils.py b/nova/virt/libvirt/utils.py
+index 5573927..062b2fb 100644
+--- a/nova/virt/libvirt/utils.py
++++ b/nova/virt/libvirt/utils.py
+@@ -334,13 +334,20 @@ def find_disk(virt_dom):
+ """
+ xml_desc = virt_dom.XMLDesc(0)
+ domain = etree.fromstring(xml_desc)
++ driver = None
+ if CONF.libvirt.virt_type == 'lxc':
+- source = domain.find('devices/filesystem/source')
++ filesystem = domain.find('devices/filesystem')
++ driver = filesystem.find('driver')
++
++ source = filesystem.find('source')
+ disk_path = source.get('dir')
+ disk_path = disk_path[0:disk_path.rfind('rootfs')]
+ disk_path = os.path.join(disk_path, 'disk')
+ else:
+- source = domain.find('devices/disk/source')
++ disk = domain.find('devices/disk')
++ driver = disk.find('driver')
++
++ source = disk.find('source')
+ disk_path = source.get('file') or source.get('dev')
+ if not disk_path and CONF.libvirt.images_type == 'rbd':
+ disk_path = source.get('name')
+@@ -351,17 +358,26 @@ def find_disk(virt_dom):
+ raise RuntimeError(_("Can't retrieve root device path "
+ "from instance libvirt configuration"))
+
+- return disk_path
++ if driver is not None:
++ format = driver.get('type')
++ # This is a legacy quirk of libvirt/xen. Everything else should
++ # report the on-disk format in type.
++ if format == 'aio':
++ format = 'raw'
++ else:
++ format = None
++ return (disk_path, format)
+
+
+-def get_disk_type(path):
++def get_disk_type_from_path(path):
+ """Retrieve disk type (raw, qcow2, lvm) for given file."""
+ if path.startswith('/dev'):
+ return 'lvm'
+ elif path.startswith('rbd:'):
+ return 'rbd'
+
+- return images.qemu_img_info(path).file_format
++ # We can't reliably determine the type from this path
++ return None
+
+
+ def get_fs_info(path):
+--
+2.5.0
+
diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch
new file mode 100644
index 00000000000..2ffca9f9cf8
--- /dev/null
+++ b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0002.patch
@@ -0,0 +1,168 @@
+From 0e6b4a06ad72ac68ec41bab2063f8d167e8e277e Mon Sep 17 00:00:00 2001
+From: Matthew Booth <mbooth@redhat.com>
+Date: Thu, 10 Dec 2015 16:34:19 +0000
+Subject: [PATCH 2/3] Fix format conversion in libvirt snapshot
+
+The libvirt driver was calling images.convert_image during snapshot to
+convert snapshots to the intended output format. However, this
+function does not take the input format as an argument, meaning it
+implicitly does format detection. This opened an exploit for setups
+using raw storage on the backend, including raw on filesystem, LVM,
+and RBD (Ceph). An authenticated user could write a qcow2 header to
+their instance's disk which specified an arbitrary backing file on the
+host. When convert_image ran during snapshot, this would then write
+the contents of the backing file to glance, which is then available to
+the user. If the setup uses an LVM backend this conversion runs as
+root, meaning the user can exfiltrate any file on the host, including
+raw disks.
+
+This change adds an input format to convert_image.
+
+Partial-Bug: #1524274
+
+Change-Id: If73e73718ecd5db262ed9904091024238f98dbc0
+(cherry picked from commit 840644d619e9560f205016eafc8799565ffd6d8c)
+---
+ nova/tests/unit/virt/libvirt/test_driver.py | 5 +++--
+ nova/tests/unit/virt/libvirt/test_utils.py | 3 ++-
+ nova/virt/images.py | 26 ++++++++++++++++++++++++--
+ nova/virt/libvirt/imagebackend.py | 19 ++++++++++++++-----
+ 4 files changed, 43 insertions(+), 10 deletions(-)
+
+diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
+index 22ef56d..6fd8728 100644
+--- a/nova/tests/unit/virt/libvirt/test_driver.py
++++ b/nova/tests/unit/virt/libvirt/test_driver.py
+@@ -14985,7 +14985,7 @@ class LibvirtVolumeSnapshotTestCase(test.NoDBTestCase):
+ self.mox.VerifyAll()
+
+
+-def _fake_convert_image(source, dest, out_format,
++def _fake_convert_image(source, dest, in_format, out_format,
+ run_as_root=True):
+ libvirt_driver.libvirt_utils.files[dest] = ''
+
+@@ -15127,7 +15127,8 @@ class LVMSnapshotTests(_BaseSnapshotTests):
+
+ mock_volume_info.assert_has_calls([mock.call('/dev/nova-vg/lv')])
+ mock_convert_image.assert_called_once_with(
+- '/dev/nova-vg/lv', mock.ANY, disk_format, run_as_root=True)
++ '/dev/nova-vg/lv', mock.ANY, 'raw', disk_format,
++ run_as_root=True)
+
+ def test_raw(self):
+ self._test_lvm_snapshot('raw')
+diff --git a/nova/tests/unit/virt/libvirt/test_utils.py b/nova/tests/unit/virt/libvirt/test_utils.py
+index 6773bea..6f75a92 100644
+--- a/nova/tests/unit/virt/libvirt/test_utils.py
++++ b/nova/tests/unit/virt/libvirt/test_utils.py
+@@ -594,7 +594,8 @@ disk size: 4.4M
+ target = 't.qcow2'
+ self.executes = []
+ expected_commands = [('qemu-img', 'convert', '-O', 'raw',
+- 't.qcow2.part', 't.qcow2.converted'),
++ 't.qcow2.part', 't.qcow2.converted',
++ '-f', 'qcow2'),
+ ('rm', 't.qcow2.part'),
+ ('mv', 't.qcow2.converted', 't.qcow2')]
+ images.fetch_to_raw(context, image_id, target, user_id, project_id,
+diff --git a/nova/virt/images.py b/nova/virt/images.py
+index 5b9374b..e2b5b91 100644
+--- a/nova/virt/images.py
++++ b/nova/virt/images.py
+@@ -66,9 +66,31 @@ def qemu_img_info(path):
+ return imageutils.QemuImgInfo(out)
+
+
+-def convert_image(source, dest, out_format, run_as_root=False):
++def convert_image(source, dest, in_format, out_format, run_as_root=False):
+ """Convert image to other format."""
++ if in_format is None:
++ raise RuntimeError("convert_image without input format is a security"
++ "risk")
++ _convert_image(source, dest, in_format, out_format, run_as_root)
++
++
++def convert_image_unsafe(source, dest, out_format, run_as_root=False):
++ """Convert image to other format, doing unsafe automatic input format
++ detection. Do not call this function.
++ """
++
++ # NOTE: there is only 1 caller of this function:
++ # imagebackend.Lvm.create_image. It is not easy to fix that without a
++ # larger refactor, so for the moment it has been manually audited and
++ # allowed to continue. Remove this function when Lvm.create_image has
++ # been fixed.
++ _convert_image(source, dest, None, out_format, run_as_root)
++
++
++def _convert_image(source, dest, in_format, out_format, run_as_root):
+ cmd = ('qemu-img', 'convert', '-O', out_format, source, dest)
++ if in_format is not None:
++ cmd = cmd + ('-f', in_format)
+ utils.execute(*cmd, run_as_root=run_as_root)
+
+
+@@ -123,7 +145,7 @@ def fetch_to_raw(context, image_href, path, user_id, project_id, max_size=0):
+ staged = "%s.converted" % path
+ LOG.debug("%s was %s, converting to raw" % (image_href, fmt))
+ with fileutils.remove_path_on_error(staged):
+- convert_image(path_tmp, staged, 'raw')
++ convert_image(path_tmp, staged, fmt, 'raw')
+ os.unlink(path_tmp)
+
+ data = qemu_img_info(staged)
+diff --git a/nova/virt/libvirt/imagebackend.py b/nova/virt/libvirt/imagebackend.py
+index 5e14f61..151ebc4 100644
+--- a/nova/virt/libvirt/imagebackend.py
++++ b/nova/virt/libvirt/imagebackend.py
+@@ -477,7 +477,7 @@ class Raw(Image):
+ self.correct_format()
+
+ def snapshot_extract(self, target, out_format):
+- images.convert_image(self.path, target, out_format)
++ images.convert_image(self.path, target, self.driver_format, out_format)
+
+ @staticmethod
+ def is_file_in_instance_path():
+@@ -631,7 +631,16 @@ class Lvm(Image):
+ size, sparse=self.sparse)
+ if self.ephemeral_key_uuid is not None:
+ encrypt_lvm_image()
+- images.convert_image(base, self.path, 'raw', run_as_root=True)
++ # NOTE: by calling convert_image_unsafe here we're
++ # telling qemu-img convert to do format detection on the input,
++ # because we don't know what the format is. For example,
++ # we might have downloaded a qcow2 image, or created an
++ # ephemeral filesystem locally, we just don't know here. Having
++ # audited this, all current sources have been sanity checked,
++ # either because they're locally generated, or because they have
++ # come from images.fetch_to_raw. However, this is major code smell.
++ images.convert_image_unsafe(base, self.path, self.driver_format,
++ run_as_root=True)
+ if resize:
+ disk.resize2fs(self.path, run_as_root=True)
+
+@@ -678,8 +687,8 @@ class Lvm(Image):
+ lvm.remove_volumes([self.lv_path])
+
+ def snapshot_extract(self, target, out_format):
+- images.convert_image(self.path, target, out_format,
+- run_as_root=True)
++ images.convert_image(self.path, target, self.driver_format,
++ out_format, run_as_root=True)
+
+ def get_model(self, connection):
+ return imgmodel.LocalBlockImage(self.path)
+@@ -786,7 +795,7 @@ class Rbd(Image):
+ self.driver.resize(self.rbd_name, size)
+
+ def snapshot_extract(self, target, out_format):
+- images.convert_image(self.path, target, out_format)
++ images.convert_image(self.path, target, 'raw', out_format)
+
+ @staticmethod
+ def is_shared_block_storage():
+--
+2.5.0
+
diff --git a/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch
new file mode 100644
index 00000000000..b542041b531
--- /dev/null
+++ b/sys-cluster/nova/files/cve-2015-7548-stable-liberty-0003.patch
@@ -0,0 +1,171 @@
+From 62516194c424abad3bec12ea360dde06617fe97d Mon Sep 17 00:00:00 2001
+From: Matthew Booth <mbooth@redhat.com>
+Date: Fri, 11 Dec 2015 13:40:54 +0000
+Subject: [PATCH 3/3] Fix backing file detection in libvirt live snapshot
+
+When doing a live snapshot, the libvirt driver creates an intermediate
+qcow2 file with the same backing file as the original disk. However,
+it calls qemu-img info without specifying the input format explicitly.
+An authenticated user can write data to a raw disk which will cause
+this code to misinterpret the disk as a qcow2 file with a
+user-specified backing file on the host, and return an arbitrary host
+file as the backing file.
+
+This bug does not appear to result in a data leak in this case, but
+this is hard to verify. It certainly results in corrupt output.
+
+Closes-Bug: #1524274
+
+Change-Id: I11485f077d28f4e97529a691e55e3e3c0bea8872
+(cherry picked from commit ccea9095d9fb5bcdcb61ee5e352c4a8163754b9d)
+---
+ nova/tests/unit/virt/libvirt/fake_libvirt_utils.py | 4 ++--
+ nova/tests/unit/virt/libvirt/test_driver.py | 7 ++++---
+ nova/virt/images.py | 8 +++++---
+ nova/virt/libvirt/driver.py | 11 +++++++----
+ nova/virt/libvirt/utils.py | 9 +++++----
+ 5 files changed, 23 insertions(+), 16 deletions(-)
+
+diff --git a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
+index 52d1e85..b474687 100644
+--- a/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
++++ b/nova/tests/unit/virt/libvirt/fake_libvirt_utils.py
+@@ -32,11 +32,11 @@ def create_cow_image(backing_file, path):
+ pass
+
+
+-def get_disk_size(path):
++def get_disk_size(path, format=None):
+ return 0
+
+
+-def get_disk_backing_file(path):
++def get_disk_backing_file(path, format=None):
+ return disk_backing_files.get(path, None)
+
+
+diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
+index 6fd8728..6d0afdf 100644
+--- a/nova/tests/unit/virt/libvirt/test_driver.py
++++ b/nova/tests/unit/virt/libvirt/test_driver.py
+@@ -12018,7 +12018,7 @@ class LibvirtConnTestCase(test.NoDBTestCase):
+
+ image_meta = objects.ImageMeta.from_dict(self.test_image_meta)
+ drvr._live_snapshot(self.context, self.test_instance, guest,
+- srcfile, dstfile, "qcow2", image_meta)
++ srcfile, dstfile, "qcow2", "qcow2", image_meta)
+
+ mock_dom.XMLDesc.assert_called_once_with(flags=(
+ fakelibvirt.VIR_DOMAIN_XML_INACTIVE |
+@@ -12029,8 +12029,9 @@ class LibvirtConnTestCase(test.NoDBTestCase):
+ fakelibvirt.VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT |
+ fakelibvirt.VIR_DOMAIN_BLOCK_REBASE_SHALLOW))
+
+- mock_size.assert_called_once_with(srcfile)
+- mock_backing.assert_called_once_with(srcfile, basename=False)
++ mock_size.assert_called_once_with(srcfile, format="qcow2")
++ mock_backing.assert_called_once_with(srcfile, basename=False,
++ format="qcow2")
+ mock_create_cow.assert_called_once_with(bckfile, dltfile, 1004009)
+ mock_chown.assert_called_once_with(dltfile, os.getuid())
+ mock_snapshot.assert_called_once_with(dltfile, "qcow2",
+diff --git a/nova/virt/images.py b/nova/virt/images.py
+index e2b5b91..6f3e487 100644
+--- a/nova/virt/images.py
++++ b/nova/virt/images.py
+@@ -44,7 +44,7 @@ CONF.register_opts(image_opts)
+ IMAGE_API = image.API()
+
+
+-def qemu_img_info(path):
++def qemu_img_info(path, format=None):
+ """Return an object containing the parsed output from qemu-img info."""
+ # TODO(mikal): this code should not be referring to a libvirt specific
+ # flag.
+@@ -56,8 +56,10 @@ def qemu_img_info(path):
+ msg = (_("Path does not exist %(path)s") % {'path': path})
+ raise exception.InvalidDiskInfo(reason=msg)
+
+- out, err = utils.execute('env', 'LC_ALL=C', 'LANG=C',
+- 'qemu-img', 'info', path)
++ cmd = ('env', 'LC_ALL=C', 'LANG=C', 'qemu-img', 'info', path)
++ if format is not None:
++ cmd = cmd + ('-f', format)
++ out, err = utils.execute(*cmd)
+ if not out:
+ msg = (_("Failed to run qemu-img info on %(path)s : %(error)s") %
+ {'path': path, 'error': err})
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index 51b1e4b..53a27b2 100644
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -1434,7 +1434,8 @@ class LibvirtDriver(driver.ComputeDriver):
+ # NOTE(xqueralt): libvirt needs o+x in the temp directory
+ os.chmod(tmpdir, 0o701)
+ self._live_snapshot(context, instance, guest, disk_path,
+- out_path, image_format, image_meta)
++ out_path, source_format, image_format,
++ image_meta)
+ else:
+ snapshot_backend.snapshot_extract(out_path, image_format)
+ finally:
+@@ -1540,7 +1541,7 @@ class LibvirtDriver(driver.ComputeDriver):
+ self._set_quiesced(context, instance, image_meta, False)
+
+ def _live_snapshot(self, context, instance, guest, disk_path, out_path,
+- image_format, image_meta):
++ source_format, image_format, image_meta):
+ """Snapshot an instance without downtime."""
+ dev = guest.get_block_device(disk_path)
+
+@@ -1558,9 +1559,11 @@ class LibvirtDriver(driver.ComputeDriver):
+ # in QEMU 1.3. In order to do this, we need to create
+ # a destination image with the original backing file
+ # and matching size of the instance root disk.
+- src_disk_size = libvirt_utils.get_disk_size(disk_path)
++ src_disk_size = libvirt_utils.get_disk_size(disk_path,
++ format=source_format)
+ src_back_path = libvirt_utils.get_disk_backing_file(disk_path,
+- basename=False)
++ format=source_format,
++ basename=False)
+ disk_delta = out_path + '.delta'
+ libvirt_utils.create_cow_image(src_back_path, disk_delta,
+ src_disk_size)
+diff --git a/nova/virt/libvirt/utils.py b/nova/virt/libvirt/utils.py
+index 062b2fb..7b0cf42 100644
+--- a/nova/virt/libvirt/utils.py
++++ b/nova/virt/libvirt/utils.py
+@@ -160,24 +160,25 @@ def pick_disk_driver_name(hypervisor_version, is_block_dev=False):
+ return None
+
+
+-def get_disk_size(path):
++def get_disk_size(path, format=None):
+ """Get the (virtual) size of a disk image
+
+ :param path: Path to the disk image
++ :param format: the on-disk format of path
+ :returns: Size (in bytes) of the given disk image as it would be seen
+ by a virtual machine.
+ """
+- size = images.qemu_img_info(path).virtual_size
++ size = images.qemu_img_info(path, format).virtual_size
+ return int(size)
+
+
+-def get_disk_backing_file(path, basename=True):
++def get_disk_backing_file(path, basename=True, format=None):
+ """Get the backing file of a disk image
+
+ :param path: Path to the disk image
+ :returns: a path to the image's backing store
+ """
+- backing_file = images.qemu_img_info(path).backing_file
++ backing_file = images.qemu_img_info(path, format).backing_file
+ if backing_file and basename:
+ backing_file = os.path.basename(backing_file)
+
+--
+2.5.0
+
diff --git a/sys-cluster/nova/nova-12.0.0-r1.ebuild b/sys-cluster/nova/nova-12.0.0-r1.ebuild
new file mode 100644
index 00000000000..2ad958e3ff2
--- /dev/null
+++ b/sys-cluster/nova/nova-12.0.0-r1.ebuild
@@ -0,0 +1,295 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 python3_4 )
+
+inherit distutils-r1 eutils linux-info multilib user
+
+DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python"
+HOMEPAGE="https://launchpad.net/nova"
+SRC_URI="
+ https://launchpad.net/${PN}/liberty/${PV}/+download/${P}.tar.gz
+ https://dev.gentoo.org/~prometheanfire/dist/nova/liberty/nova.conf.sample -> liberty-nova.conf.sample"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+compute compute-only iscsi +kvm +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test xen"
+REQUIRED_USE="
+ !compute-only? ( || ( mysql postgres sqlite ) )
+ compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )
+ compute? ( ^^ ( kvm xen ) )"
+
+CDEPEND=">=dev-python/pbr-1.8[${PYTHON_USEDEP}]"
+# need to package dev-python/sphinxcontrib-seqdiag
+DEPEND="
+ >=dev-python/setuptools-16.0[${PYTHON_USEDEP}]
+ ${CDEPEND}
+ app-admin/sudo
+ test? (
+ ${RDEPEND}
+ >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+ <=dev-python/coverage-4.0[${PYTHON_USEDEP}]
+ ~dev-python/fixtures-1.3.1[${PYTHON_USEDEP}]
+ >=dev-python/mock-1.2[${PYTHON_USEDEP}]
+ <=dev-python/mock-1.3.0[${PYTHON_USEDEP}]
+ >=dev-python/mox3-0.7.0[${PYTHON_USEDEP}]
+ <=dev-python/mox3-0.10.0[${PYTHON_USEDEP}]
+ >=dev-python/psycopg-2.5[${PYTHON_USEDEP}]
+ <=dev-python/psycopg-2.6.1[${PYTHON_USEDEP}]
+ >=dev-python/pymysql-0.6.2[${PYTHON_USEDEP}]
+ <=dev-python/pymysql-0.6.6[${PYTHON_USEDEP}]
+ ~dev-python/python-barbicanclient-3.3.0[${PYTHON_USEDEP}]
+ >=dev-python/python-ironicclient-0.8.0[${PYTHON_USEDEP}]
+ <=dev-python/python-ironicclient-0.8.1[${PYTHON_USEDEP}]
+ >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
+ <=dev-python/subunit-1.1.0[${PYTHON_USEDEP}]
+ ~dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}]
+ >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+ !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
+ <dev-python/sphinx-1.3[${PYTHON_USEDEP}]
+ >=dev-python/pillow-2.4.0[${PYTHON_USEDEP}]
+ <dev-python/pillow-3.0.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-sphinx-3.2.0[${PYTHON_USEDEP}]
+ >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
+ <=dev-python/oslotest-1.11.0[${PYTHON_USEDEP}]
+ >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
+ <=dev-python/testrepository-0.0.20[${PYTHON_USEDEP}]
+ >=dev-python/testresources-0.2.4[${PYTHON_USEDEP}]
+ <=dev-python/testresources-0.2.7-r9999[${PYTHON_USEDEP}]
+ >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
+ <=dev-python/testtools-1.8.0[${PYTHON_USEDEP}]
+ >=dev-python/tempest-lib-0.8.0[${PYTHON_USEDEP}]
+ <=dev-python/tempest-lib-0.9.0[${PYTHON_USEDEP}]
+ ~dev-python/bandit-0.13.2[${PYTHON_USEDEP}]
+ >=dev-python/oslo-vmware-0.16.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-vmware-1.21.0[${PYTHON_USEDEP}]
+ )"
+
+# barbicanclient is in here for doc generation
+RDEPEND="
+ ${CDEPEND}
+ compute-only? (
+ >=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
+ <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
+ )
+ sqlite? (
+ >=dev-python/sqlalchemy-0.9.9[sqlite,${PYTHON_USEDEP}]
+ <dev-python/sqlalchemy-1.1.0[sqlite,${PYTHON_USEDEP}]
+ )
+ mysql? (
+ dev-python/mysql-python
+ >=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
+ <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
+ )
+ postgres? (
+ dev-python/psycopg:2
+ >=dev-python/sqlalchemy-0.9.9[${PYTHON_USEDEP}]
+ <dev-python/sqlalchemy-1.1.0[${PYTHON_USEDEP}]
+ )
+ >=dev-python/boto-2.32.1[${PYTHON_USEDEP}]
+ <=dev-python/boto-2.38.0[${PYTHON_USEDEP}]
+ >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}]
+ <=dev-python/decorator-4.0.2[${PYTHON_USEDEP}]
+ ~dev-python/eventlet-0.17.4[${PYTHON_USEDEP}]
+ >=dev-python/jinja-2.6[${PYTHON_USEDEP}]
+ <=dev-python/jinja-2.8[${PYTHON_USEDEP}]
+ >=dev-python/keystonemiddleware-2.0.0[${PYTHON_USEDEP}]
+ <=dev-python/keystonemiddleware-2.3.1[${PYTHON_USEDEP}]
+ >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
+ <=dev-python/lxml-3.4.4[${PYTHON_USEDEP}]
+ >=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
+ !~dev-python/routes-2.0[${PYTHON_USEDEP}]
+ !~dev-python/routes-2.1[$(python_gen_usedep 'python2_7')]
+ <=dev-python/routes-2.2[${PYTHON_USEDEP}]
+ >=dev-python/cryptography-1.0[${PYTHON_USEDEP}]
+ <=dev-python/cryptography-1.1-r9999[${PYTHON_USEDEP}]
+ >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
+ <=dev-python/webob-1.4.1[${PYTHON_USEDEP}]
+ >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
+ <=dev-python/greenlet-0.4.9[${PYTHON_USEDEP}]
+ >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
+ <=dev-python/pastedeploy-1.5.2[${PYTHON_USEDEP}]
+ <=dev-python/paste-2.0.2[${PYTHON_USEDEP}]
+ >=dev-python/prettytable-0.7[${PYTHON_USEDEP}]
+ <dev-python/prettytable-0.8[${PYTHON_USEDEP}]
+ >=dev-python/sqlalchemy-migrate-0.9.6[${PYTHON_USEDEP}]
+ <=dev-python/sqlalchemy-migrate-0.10.0[${PYTHON_USEDEP}]
+ >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
+ !~dev-python/netaddr-0.7.16[${PYTHON_USEDEP}]
+ <=dev-python/netaddr-0.7.18[${PYTHON_USEDEP}]
+ ~dev-python/netifaces-0.10.4[${PYTHON_USEDEP}]
+ >=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}]
+ <=dev-python/paramiko-1.15.2[${PYTHON_USEDEP}]
+ >=dev-python/Babel-1.3[${PYTHON_USEDEP}]
+ <=dev-python/Babel-2.0[${PYTHON_USEDEP}]
+ >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
+ <=dev-python/iso8601-0.1.10[${PYTHON_USEDEP}]
+ >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
+ !~dev-python/jsonschema-2.5.0[${PYTHON_USEDEP}]
+ <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
+ >=dev-python/python-cinderclient-1.3.1[${PYTHON_USEDEP}]
+ <=dev-python/python-cinderclient-1.4.0[${PYTHON_USEDEP}]
+ >=dev-python/python-keystoneclient-1.6.0[${PYTHON_USEDEP}]
+ <=dev-python/python-keystoneclient-1.7.2-r9999[${PYTHON_USEDEP}]
+ >=dev-python/python-neutronclient-2.6.0[${PYTHON_USEDEP}]
+ <=dev-python/python-neutronclient-3.1.0[${PYTHON_USEDEP}]
+ >=dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}]
+ <=dev-python/python-glanceclient-1.1.0[${PYTHON_USEDEP}]
+ >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
+ <=dev-python/python-barbicanclient-3.3.0[${PYTHON_USEDEP}]
+ ~dev-python/six-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/stevedore-1.5.0[${PYTHON_USEDEP}]
+ <=dev-python/stevedore-1.8.0[${PYTHON_USEDEP}]
+ >=dev-python/setuptools-16.0[${PYTHON_USEDEP}]
+ >=dev-python/websockify-0.6.1[${PYTHON_USEDEP}]
+ >=dev-python/websockify-0.6.1[${PYTHON_USEDEP}]
+ <=dev-python/websockify-0.7.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-concurrency-2.3.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-concurrency-2.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-config-2.3.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-config-2.4.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-context-0.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-log-1.8.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-log-1.11.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-reports-0.1.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-reports-0.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-serialization-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-utils-2.0.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-utils-2.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-db-2.4.1[${PYTHON_USEDEP}]
+ <=dev-python/oslo-db-2.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-rootwrap-2.0.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-rootwrap-2.3.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-messaging-1.16.0[${PYTHON_USEDEP}]
+ !~dev-python/oslo-messaging-1.17.0[${PYTHON_USEDEP}]
+ !~dev-python/oslo-messaging-1.17.1[${PYTHON_USEDEP}]
+ <=dev-python/oslo-messaging-2.5.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-i18n-2.6.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-service-0.7.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-service-0.9.0[${PYTHON_USEDEP}]
+ >=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}]
+ <=dev-python/rfc3986-0.2.2[${PYTHON_USEDEP}]
+ >=dev-python/oslo-middleware-2.8.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-middleware-2.8.0[${PYTHON_USEDEP}]
+ >=dev-python/psutil-1.1.1[${PYTHON_USEDEP}]
+ <dev-python/psutil-2.0.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-versionedobjects-0.9.0[${PYTHON_USEDEP}]
+ <=dev-python/oslo-versionedobjects-0.10.0[${PYTHON_USEDEP}]
+ >=dev-python/alembic-0.8.0[${PYTHON_USEDEP}]
+ <=dev-python/alembic-0.8.20[${PYTHON_USEDEP}]
+ >=dev-python/os-brick-0.4.0[${PYTHON_USEDEP}]
+ <=dev-python/os-brick-0.5.0[${PYTHON_USEDEP}]
+ <=dev-python/libvirt-python-1.3.0[${PYTHON_USEDEP}]
+ app-emulation/libvirt[iscsi?]
+ novncproxy? ( www-apps/novnc )
+ sys-apps/iproute2
+ openvswitch? ( <=net-misc/openvswitch-2.4.0 )
+ rabbitmq? ( net-misc/rabbitmq-server )
+ memcached? ( net-misc/memcached
+ <=dev-python/python-memcached-1.57 )
+ sys-fs/sysfsutils
+ sys-fs/multipath-tools
+ net-misc/bridge-utils
+ compute? (
+ app-cdr/cdrkit
+ kvm? ( app-emulation/qemu )
+ xen? ( app-emulation/xen
+ app-emulation/xen-tools )
+ )
+ iscsi? (
+ sys-fs/lsscsi
+ >=sys-block/open-iscsi-2.0.872-r3
+ )"
+
+PATCHES=(
+ "${FILESDIR}"/cve-2015-7548-stable-liberty-0001.patch
+ "${FILESDIR}"/cve-2015-7548-stable-liberty-0002.patch
+ "${FILESDIR}"/cve-2015-7548-stable-liberty-0003.patch
+)
+
+pkg_setup() {
+ linux-info_pkg_setup
+ CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \
+ IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \
+ NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \
+ ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT"
+ if linux_config_exists; then
+ for module in ${CONFIG_CHECK_MODULES}; do
+ linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel"
+ done
+ fi
+ enewgroup nova
+ enewuser nova -1 -1 /var/lib/nova nova
+}
+
+python_prepare_all() {
+ sed -i '/^hacking/d' test-requirements.txt || die
+ distutils-r1_python_prepare_all
+}
+
+python_test() {
+ testr init
+ testr run --parallel || die "failed testsuite under python2.7"
+}
+
+python_install() {
+ distutils-r1_python_install
+
+ if use !compute-only; then
+ for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
+ newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
+ done
+ fi
+ use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
+ use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
+
+ diropts -m 0750 -o nova -g qemu
+ dodir /var/log/nova /var/lib/nova/instances
+ diropts -m 0750 -o nova -g nova
+
+ insinto /etc/nova
+ insopts -m 0640 -o nova -g nova
+ newins "${FILESDIR}/etc.liberty/api-paste.ini" "api-paste.ini"
+ newins "${FILESDIR}/etc.liberty/cells.json" "cells.json"
+ newins "${FILESDIR}/etc.liberty/logging_sample.conf" "logging_sample.conf"
+ newins "${DISTDIR}/liberty-nova.conf.sample" "nova.conf.sample"
+ newins "${FILESDIR}/etc.liberty/policy.json" "policy.json"
+ newins "${FILESDIR}/etc.liberty/rootwrap.conf" "rootwrap.conf"
+ #rootwrap filters
+ insinto /etc/nova/rootwrap.d
+ newins "${FILESDIR}/etc.liberty/rootwrap.d/api-metadata.filters" "api-metadata.filters"
+ newins "${FILESDIR}/etc.liberty/rootwrap.d/compute.filters" "compute.filters"
+ newins "${FILESDIR}/etc.liberty/rootwrap.d/network.filters" "network.filters"
+ #copy migration conf file (not coppied on install via setup.py script)
+ insopts -m 0644
+ insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
+ doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
+ #copy the CA cert dir (not coppied on install via setup.py script)
+ cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed"
+
+ #add sudoers definitions for user nova
+ insinto /etc/sudoers.d/
+ insopts -m 0600 -o root -g root
+ doins "${FILESDIR}/nova-sudoers"
+
+ if use iscsi ; then
+ # Install udev rules for handle iscsi disk with right links under /dev
+ udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules
+
+ insinto /etc/nova/
+ doins "${FILESDIR}/scsi-openscsi-link.sh"
+ fi
+}
+
+pkg_postinst() {
+ if use iscsi ; then
+ elog "iscsid needs to be running if you want cinder to connect"
+ fi
+}
diff --git a/sys-cluster/nova/nova-2015.1.1-r3.ebuild b/sys-cluster/nova/nova-2015.1.1-r3.ebuild
deleted file mode 100644
index 40e2a43e456..00000000000
--- a/sys-cluster/nova/nova-2015.1.1-r3.ebuild
+++ /dev/null
@@ -1,253 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit distutils-r1 eutils linux-info multilib user
-
-DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python"
-HOMEPAGE="https://launchpad.net/nova"
-SRC_URI="https://launchpad.net/${PN}/kilo/${PV}/+download/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="+compute compute-only iscsi +kvm +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test xen"
-REQUIRED_USE="
- !compute-only? ( || ( mysql postgres sqlite ) )
- compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )
- compute? ( ^^ ( kvm xen ) )"
-
-DEPEND="
- dev-python/setuptools[${PYTHON_USEDEP}]
- >=dev-python/pbr-0.8[${PYTHON_USEDEP}]
- <dev-python/pbr-1.0[${PYTHON_USEDEP}]
- app-admin/sudo
- test? (
- ${RDEPEND}
- >=dev-python/hacking-0.10.0[${PYTHON_USEDEP}]
- <dev-python/hacking-0.11[${PYTHON_USEDEP}]
- >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
- >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
- <dev-python/fixtures-1.3.0[${PYTHON_USEDEP}]
- >=dev-python/mock-1.0[${PYTHON_USEDEP}]
- <dev-python/mock-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/mox3-0.7.0[${PYTHON_USEDEP}]
- <dev-python/mox3-0.8.0[${PYTHON_USEDEP}]
- dev-python/mysql-python[${PYTHON_USEDEP}]
- dev-python/psycopg[${PYTHON_USEDEP}]
- >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
- <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/python-ironicclient-0.4.1[${PYTHON_USEDEP}]
- <dev-python/python-ironicclient-0.6.0[${PYTHON_USEDEP}]
- >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
- >=dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}]
- >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
- !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
- <dev-python/sphinx-1.3[${PYTHON_USEDEP}]
- >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
- <dev-python/oslo-sphinx-2.6.0[${PYTHON_USEDEP}]
- >=dev-python/oslotest-1.5.1[${PYTHON_USEDEP}]
- <dev-python/oslotest-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
- >=dev-python/testtools-0.9.36[${PYTHON_USEDEP}]
- !~dev-python/testtools-1.2.0[${PYTHON_USEDEP}]
- >=dev-python/tempest-lib-0.4.0[${PYTHON_USEDEP}]
- <dev-python/tempest-lib-0.5.0[${PYTHON_USEDEP}]
- >=dev-python/suds-0.4[${PYTHON_USEDEP}]
- >=dev-python/oslo-vmware-0.11.1[${PYTHON_USEDEP}]
- <dev-python/oslo-vmware-0.12.0[${PYTHON_USEDEP}]
- )"
-
-# barbicanclient is in here for doc generation
-RDEPEND="
- compute-only? (
- >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
- )
- sqlite? (
- >=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}]
- )
- mysql? (
- dev-python/mysql-python
- >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
- )
- postgres? (
- dev-python/psycopg:2
- >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
- )
- >=dev-python/boto-2.32.1[${PYTHON_USEDEP}]
- >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}]
- >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}]
- !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}]
- >=dev-python/jinja-2.6[${PYTHON_USEDEP}]
- >=dev-python/keystonemiddleware-1.5.0[${PYTHON_USEDEP}]
- <dev-python/keystonemiddleware-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
- >=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}]
- !~dev-python/routes-2.0[${PYTHON_USEDEP}]
- >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
- >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
- >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
- dev-python/paste[${PYTHON_USEDEP}]
- ~dev-python/sqlalchemy-migrate-0.9.5[${PYTHON_USEDEP}]
- >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
- >=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}]
- dev-python/pyasn1[${PYTHON_USEDEP}]
- >=dev-python/Babel-1.3[${PYTHON_USEDEP}]
- >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
- >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
- <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/python-cinderclient-1.1.0[${PYTHON_USEDEP}]
- <dev-python/python-cinderclient-1.2.0[${PYTHON_USEDEP}]
- >=dev-python/python-neutronclient-2.3.11[${PYTHON_USEDEP}]
- <dev-python/python-neutronclient-2.5.0[${PYTHON_USEDEP}]
- >=dev-python/python-glanceclient-0.15.0[${PYTHON_USEDEP}]
- <dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}]
- >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
- <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/stevedore-1.3.0[${PYTHON_USEDEP}]
- <dev-python/stevedore-1.4.0[${PYTHON_USEDEP}]
- >=dev-python/websockify-0.6.0[${PYTHON_USEDEP}]
- <dev-python/websockify-0.7.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-concurrency-1.8.2[${PYTHON_USEDEP}]
- <dev-python/oslo-concurrency-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-1.9.3[${PYTHON_USEDEP}]
- <dev-python/oslo-config-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
- <dev-python/oslo-context-0.3.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-log-1.0.0[${PYTHON_USEDEP}]
- <dev-python/oslo-log-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
- <dev-python/oslo-serialization-1.5.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-utils-1.4.0[${PYTHON_USEDEP}]
- <dev-python/oslo-utils-1.5.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-db-1.7.0[${PYTHON_USEDEP}]
- <dev-python/oslo-db-1.8.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-rootwrap-1.6.0[${PYTHON_USEDEP}]
- <dev-python/oslo-rootwrap-1.7.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-messaging-1.8.0[${PYTHON_USEDEP}]
- <dev-python/oslo-messaging-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
- <dev-python/oslo-i18n-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-middleware-1.0.0[${PYTHON_USEDEP}]
- <dev-python/oslo-middleware-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/psutil-1.1.1[${PYTHON_USEDEP}]
- <dev-python/psutil-2.0.0[${PYTHON_USEDEP}]
- dev-python/libvirt-python[${PYTHON_USEDEP}]
- app-emulation/libvirt[iscsi?]
- novncproxy? ( www-apps/novnc )
- sys-apps/iproute2
- openvswitch? ( net-misc/openvswitch )
- rabbitmq? ( net-misc/rabbitmq-server )
- memcached? ( net-misc/memcached
- dev-python/python-memcached )
- sys-fs/sysfsutils
- sys-fs/multipath-tools
- net-misc/bridge-utils
- compute? (
- app-cdr/cdrkit
- kvm? ( app-emulation/qemu )
- xen? ( app-emulation/xen
- app-emulation/xen-tools )
- )
- iscsi? (
- sys-fs/lsscsi
- >=sys-block/open-iscsi-2.0.872-r3
- )"
-
-PATCHES=(
- "${FILESDIR}/CVE-2015-3241-kilo.patch"
- "${FILESDIR}/CVE-2015-3280_2015.1.1.patch.patch"
-)
-
-pkg_setup() {
- linux-info_pkg_setup
- CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \
- IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \
- NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \
- ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT"
- if linux_config_exists; then
- for module in ${CONFIG_CHECK_MODULES}; do
- linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel"
- done
- fi
- enewgroup nova
- enewuser nova -1 -1 /var/lib/nova nova
-}
-
-python_prepare() {
- distutils-r1_python_prepare
- sed -i 's/python/python2\.7/g' tools/config/generate_sample.sh || die
-}
-
-python_compile() {
- distutils-r1_python_compile
- ./tools/config/generate_sample.sh -b ./ -p nova -o etc/nova || die
-}
-
-python_test() {
- testr init
- testr run --parallel || die "failed testsuite under python2.7"
-}
-
-python_install() {
- distutils-r1_python_install
-
- if use !compute-only; then
- for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
- newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
- done
- fi
- use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
- use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
-
- diropts -m 0750 -o nova -g qemu
- dodir /var/log/nova /var/lib/nova/instances
- diropts -m 0750 -o nova -g nova
-
- insinto /etc/nova
- insopts -m 0640 -o nova -g nova
- newins "etc/nova/nova.conf.sample" "nova.conf"
- doins "etc/nova/api-paste.ini"
- doins "etc/nova/logging_sample.conf"
- doins "etc/nova/policy.json"
- doins "etc/nova/rootwrap.conf"
- #rootwrap filters
- insinto /etc/nova/rootwrap.d
- doins "etc/nova/rootwrap.d/api-metadata.filters"
- doins "etc/nova/rootwrap.d/compute.filters"
- doins "etc/nova/rootwrap.d/network.filters"
- #copy migration conf file (not coppied on install via setup.py script)
- insopts -m 0644
- insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
- doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
- #copy the CA cert dir (not coppied on install via setup.py script)
- cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed"
-
- #add sudoers definitions for user nova
- insinto /etc/sudoers.d/
- insopts -m 0600 -o root -g root
- doins "${FILESDIR}/nova-sudoers"
-
- if use iscsi ; then
- # Install udev rules for handle iscsi disk with right links under /dev
- udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules
-
- insinto /etc/nova/
- doins "${FILESDIR}/scsi-openscsi-link.sh"
- fi
-}
-
-pkg_postinst() {
- if use iscsi ; then
- elog "iscsid needs to be running if you want cinder to connect"
- fi
-}
diff --git a/sys-cluster/nova/nova-2015.1.2.ebuild b/sys-cluster/nova/nova-2015.1.2.ebuild
deleted file mode 100644
index b516ec7f687..00000000000
--- a/sys-cluster/nova/nova-2015.1.2.ebuild
+++ /dev/null
@@ -1,253 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit distutils-r1 eutils linux-info multilib user
-
-DESCRIPTION="Cloud computing fabric controller (main part of an IaaS system) in Python"
-HOMEPAGE="https://launchpad.net/nova"
-SRC_URI="https://launchpad.net/${PN}/kilo/${PV}/+download/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="+compute compute-only iscsi +kvm +memcached mysql +novncproxy openvswitch postgres +rabbitmq sqlite test xen"
-REQUIRED_USE="
- !compute-only? ( || ( mysql postgres sqlite ) )
- compute-only? ( compute !rabbitmq !memcached !mysql !postgres !sqlite )
- compute? ( ^^ ( kvm xen ) )"
-
-DEPEND="
- dev-python/setuptools[${PYTHON_USEDEP}]
- >=dev-python/pbr-0.8[${PYTHON_USEDEP}]
- <dev-python/pbr-1.0[${PYTHON_USEDEP}]
- app-admin/sudo
- test? (
- ${RDEPEND}
- >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
- >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
- <dev-python/fixtures-1.3.0[${PYTHON_USEDEP}]
- >=dev-python/mock-1.0[${PYTHON_USEDEP}]
- <dev-python/mock-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/mox3-0.7.0[${PYTHON_USEDEP}]
- <dev-python/mox3-0.8.0[${PYTHON_USEDEP}]
- dev-python/mysql-python[${PYTHON_USEDEP}]
- dev-python/psycopg[${PYTHON_USEDEP}]
- >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
- <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/python-ironicclient-0.4.1[${PYTHON_USEDEP}]
- <dev-python/python-ironicclient-0.6.0[${PYTHON_USEDEP}]
- >=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
- >=dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}]
- >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
- !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
- <dev-python/sphinx-1.3[${PYTHON_USEDEP}]
- >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
- <dev-python/oslo-sphinx-2.6.0[${PYTHON_USEDEP}]
- >=dev-python/oslotest-1.5.1[${PYTHON_USEDEP}]
- <dev-python/oslotest-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
- >=dev-python/testtools-0.9.36[${PYTHON_USEDEP}]
- !~dev-python/testtools-1.2.0[${PYTHON_USEDEP}]
- >=dev-python/tempest-lib-0.4.0[${PYTHON_USEDEP}]
- <dev-python/tempest-lib-0.5.0[${PYTHON_USEDEP}]
- >=dev-python/suds-0.4[${PYTHON_USEDEP}]
- >=dev-python/oslo-vmware-0.11.1[${PYTHON_USEDEP}]
- <dev-python/oslo-vmware-0.12.0[${PYTHON_USEDEP}]
- )"
-
-# barbicanclient is in here for doc generation
-RDEPEND="
- compute-only? (
- >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
- )
- sqlite? (
- >=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}]
- )
- mysql? (
- dev-python/mysql-python
- >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
- )
- postgres? (
- dev-python/psycopg:2
- >=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
- <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
- )
- >=dev-python/boto-2.32.1[${PYTHON_USEDEP}]
- >=dev-python/decorator-3.4.0[${PYTHON_USEDEP}]
- >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}]
- !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}]
- >=dev-python/jinja-2.6[${PYTHON_USEDEP}]
- >=dev-python/keystonemiddleware-1.5.0[${PYTHON_USEDEP}]
- <dev-python/keystonemiddleware-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/lxml-2.3[${PYTHON_USEDEP}]
- >=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}]
- !~dev-python/routes-2.0[${PYTHON_USEDEP}]
- >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
- >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
- >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
- dev-python/paste[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-migrate-0.9.5[${PYTHON_USEDEP}]
- !~dev-python/sqlalchemy-migrate-0.9.8[${PYTHON_USEDEP}]
- <dev-python/sqlalchemy-migrate-0.10.0[${PYTHON_USEDEP}]
- >=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
- >=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}]
- dev-python/pyasn1[${PYTHON_USEDEP}]
- >=dev-python/Babel-1.3[${PYTHON_USEDEP}]
- >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
- >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}]
- <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/python-cinderclient-1.1.0[${PYTHON_USEDEP}]
- <dev-python/python-cinderclient-1.2.0[${PYTHON_USEDEP}]
- >=dev-python/python-neutronclient-2.4.0[${PYTHON_USEDEP}]
- <dev-python/python-neutronclient-2.5.0[${PYTHON_USEDEP}]
- >=dev-python/python-glanceclient-0.15.0[${PYTHON_USEDEP}]
- <dev-python/python-glanceclient-0.18.0[${PYTHON_USEDEP}]
- >=dev-python/python-barbicanclient-3.0.1[${PYTHON_USEDEP}]
- <dev-python/python-barbicanclient-3.1.0[${PYTHON_USEDEP}]
- >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/stevedore-1.3.0[${PYTHON_USEDEP}]
- <dev-python/stevedore-1.4.0[${PYTHON_USEDEP}]
- >=dev-python/websockify-0.6.0[${PYTHON_USEDEP}]
- <dev-python/websockify-0.7.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-concurrency-1.8.2[${PYTHON_USEDEP}]
- <dev-python/oslo-concurrency-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-1.9.3[${PYTHON_USEDEP}]
- <dev-python/oslo-config-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
- <dev-python/oslo-context-0.3.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-log-1.0.0[${PYTHON_USEDEP}]
- <dev-python/oslo-log-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}]
- <dev-python/oslo-serialization-1.5.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-utils-1.4.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-utils-1.4.1[${PYTHON_USEDEP}]
- <dev-python/oslo-utils-1.5.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-db-1.7.0[${PYTHON_USEDEP}]
- <dev-python/oslo-db-1.8.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-rootwrap-1.6.0[${PYTHON_USEDEP}]
- <dev-python/oslo-rootwrap-1.7.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-messaging-1.8.0[${PYTHON_USEDEP}]
- <dev-python/oslo-messaging-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}]
- <dev-python/oslo-i18n-1.6.0[${PYTHON_USEDEP}]
- >=dev-python/rfc3986-0.2.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-middleware-1.0.0[${PYTHON_USEDEP}]
- <dev-python/oslo-middleware-1.1.0[${PYTHON_USEDEP}]
- >=dev-python/psutil-1.1.1[${PYTHON_USEDEP}]
- <dev-python/psutil-2.0.0[${PYTHON_USEDEP}]
- dev-python/libvirt-python[${PYTHON_USEDEP}]
- app-emulation/libvirt[iscsi?]
- novncproxy? ( www-apps/novnc )
- sys-apps/iproute2
- openvswitch? ( net-misc/openvswitch )
- rabbitmq? ( net-misc/rabbitmq-server )
- memcached? ( net-misc/memcached
- dev-python/python-memcached )
- sys-fs/sysfsutils
- sys-fs/multipath-tools
- net-misc/bridge-utils
- compute? (
- app-cdr/cdrkit
- kvm? ( app-emulation/qemu )
- xen? ( app-emulation/xen
- app-emulation/xen-tools )
- )
- iscsi? (
- sys-fs/lsscsi
- >=sys-block/open-iscsi-2.0.872-r3
- )"
-
-PATCHES=(
-)
-
-pkg_setup() {
- linux-info_pkg_setup
- CONFIG_CHECK_MODULES="BLK_DEV_NBD VHOST_NET IP6_NF_FILTER IP6_NF_IPTABLES IP_NF_TARGET_REJECT \
- IP_NF_MANGLE IP_NF_TARGET_MASQUERADE NF_NAT_IPV4 IP_NF_FILTER IP_NF_IPTABLES \
- NF_CONNTRACK_IPV4 NF_DEFRAG_IPV4 NF_NAT_IPV4 NF_NAT NF_CONNTRACK NETFILTER_XTABLES \
- ISCSI_TCP SCSI_DH DM_MULTIPATH DM_SNAPSHOT"
- if linux_config_exists; then
- for module in ${CONFIG_CHECK_MODULES}; do
- linux_chkconfig_present ${module} || ewarn "${module} needs to be enabled in kernel"
- done
- fi
- enewgroup nova
- enewuser nova -1 -1 /var/lib/nova nova
-}
-
-python_prepare_all() {
- sed -i '/^hacking/d' test-requirements.txt || die
- sed -i 's/python/python2\.7/g' tools/config/generate_sample.sh || die
- distutils-r1_python_prepare_all
-}
-
-python_compile() {
- distutils-r1_python_compile
- ./tools/config/generate_sample.sh -b ./ -p nova -o etc/nova || die
-}
-
-python_test() {
- testr init
- testr run --parallel || die "failed testsuite under python2.7"
-}
-
-python_install() {
- distutils-r1_python_install
-
- if use !compute-only; then
- for svc in api cert conductor consoleauth network scheduler spicehtml5proxy xvpvncproxy; do
- newinitd "${FILESDIR}/nova.initd" "nova-${svc}"
- done
- fi
- use compute && newinitd "${FILESDIR}/nova.initd" "nova-compute"
- use novncproxy && newinitd "${FILESDIR}/nova.initd" "nova-novncproxy"
-
- diropts -m 0750 -o nova -g qemu
- dodir /var/log/nova /var/lib/nova/instances
- diropts -m 0750 -o nova -g nova
-
- insinto /etc/nova
- insopts -m 0640 -o nova -g nova
- newins "etc/nova/nova.conf.sample" "nova.conf"
- doins "etc/nova/api-paste.ini"
- doins "etc/nova/logging_sample.conf"
- doins "etc/nova/policy.json"
- doins "etc/nova/rootwrap.conf"
- #rootwrap filters
- insinto /etc/nova/rootwrap.d
- doins "etc/nova/rootwrap.d/api-metadata.filters"
- doins "etc/nova/rootwrap.d/compute.filters"
- doins "etc/nova/rootwrap.d/network.filters"
- #copy migration conf file (not coppied on install via setup.py script)
- insopts -m 0644
- insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
- doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
- #copy the CA cert dir (not coppied on install via setup.py script)
- cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "installing CA files failed"
-
- #add sudoers definitions for user nova
- insinto /etc/sudoers.d/
- insopts -m 0600 -o root -g root
- doins "${FILESDIR}/nova-sudoers"
-
- if use iscsi ; then
- # Install udev rules for handle iscsi disk with right links under /dev
- udev_newrules "${FILESDIR}/openstack-scsi-disk.rules" 60-openstack-scsi-disk.rules
-
- insinto /etc/nova/
- doins "${FILESDIR}/scsi-openscsi-link.sh"
- fi
-}
-
-pkg_postinst() {
- if use iscsi ; then
- elog "iscsid needs to be running if you want cinder to connect"
- fi
-}