diff --git a/systemd-cgroup_patch/Mitaka/systemd-run_mitaka_plain-diff.patch b/systemd-cgroup_patch/Mitaka/systemd-run_mitaka_plain-diff.patch index 667b4bc..c1fadea 100644 --- a/systemd-cgroup_patch/Mitaka/systemd-run_mitaka_plain-diff.patch +++ b/systemd-cgroup_patch/Mitaka/systemd-run_mitaka_plain-diff.patch @@ -1,21 +1,7 @@ -diff --git a/etc/nova/rootwrap.d/compute.filters b/etc/nova/rootwrap.d/compute.filters -index c846b89..fd62234 100644 ---- a/etc/nova/rootwrap.d/compute.filters -+++ b/etc/nova/rootwrap.d/compute.filters -@@ -247,5 +247,9 @@ ploop: CommandFilter, ploop, root - # nova/virt/libvirt/utils.py: 'xend', 'status' - xend: CommandFilter, xend, root - -+# nova/virt/libvirt/volume/quobyte.py -+mount.quobyte: CommandFilter, mount.quobyte, root -+umount.quobyte: CommandFilter, umount.quobyte, root -+ - # nova/virt/libvirt/utils.py: - touch: CommandFilter, touch, root -diff --git a/nova/tests/unit/virt/libvirt/volume/test_quobyte.py b/nova/tests/unit/virt/libvirt/volume/test_quobyte.py -index 8d16cad..78f42da 100644 ---- a/nova/tests/unit/virt/libvirt/volume/test_quobyte.py -+++ b/nova/tests/unit/virt/libvirt/volume/test_quobyte.py +diff --git nova/tests/unit/virt/libvirt/volume/test_quobyte.py nova/tests/unit/virt/libvirt/volume/test_quobyte.py +index 8d16cad..410da74 100644 +--- nova/tests/unit/virt/libvirt/volume/test_quobyte.py ++++ nova/tests/unit/virt/libvirt/volume/test_quobyte.py @@ -31,9 +31,12 @@ from nova.virt.libvirt.volume import quobyte class QuobyteTestCase(test.NoDBTestCase): """Tests the nova.virt.libvirt.volume.quobyte module utilities.""" @@ -30,13 +16,8 @@ index 8d16cad..78f42da 100644 mnt_base = '/mnt' quobyte_volume = '192.168.1.1/volume-00001' export_mnt_base = os.path.join(mnt_base, -@@ -45,15 +48,44 @@ class QuobyteTestCase(test.NoDBTestCase): - expected_commands = [mock.call('mount.quobyte', - quobyte_volume, - export_mnt_base, -- check_exit_code=[0, 4]) -+ check_exit_code=[0, 4], -+ run_as_root=True) +@@ -48,12 +51,40 @@ class QuobyteTestCase(test.NoDBTestCase): + check_exit_code=[0, 4]) ] mock_execute.assert_has_calls(expected_commands) + mock_exists.assert_called_once_with(" /run/systemd/system") @@ -56,12 +37,12 @@ index 8d16cad..78f42da 100644 + + mock_ensure_tree.assert_called_once_with(export_mnt_base) + expected_commands = [mock.call('systemd-run', ++ '--scope', ++ '--user', + 'mount.quobyte', -+ '-f', + quobyte_volume, + export_mnt_base, -+ check_exit_code=[0, 4], -+ run_as_root=True) ++ check_exit_code=[0, 4]) + ] + mock_execute.assert_has_calls(expected_commands) + mock_exists.assert_called_once_with(" /run/systemd/system") @@ -77,87 +58,37 @@ index 8d16cad..78f42da 100644 mnt_base = '/mnt' quobyte_volume = '192.168.1.1/volume-00001' export_mnt_base = os.path.join(mnt_base, -@@ -70,9 +102,11 @@ class QuobyteTestCase(test.NoDBTestCase): - export_mnt_base, - '-c', - config_file_dummy, -- check_exit_code=[0, 4]) -+ check_exit_code=[0, 4], -+ run_as_root=True) +@@ -73,6 +104,7 @@ class QuobyteTestCase(test.NoDBTestCase): + check_exit_code=[0, 4]) ] mock_execute.assert_has_calls(expected_commands) + mock_exists.assert_called_once_with(" /run/systemd/system") @mock.patch.object(fileutils, "ensure_tree") @mock.patch.object(utils, "execute", -@@ -99,7 +133,8 @@ class QuobyteTestCase(test.NoDBTestCase): - quobyte.umount_volume(export_mnt_base) - - mock_execute.assert_called_once_with('umount.quobyte', -- export_mnt_base) -+ export_mnt_base, -+ run_as_root=True) - - @mock.patch.object(quobyte.LOG, "error") - @mock.patch.object(utils, "execute") -@@ -324,12 +359,14 @@ class LibvirtQuobyteVolumeDriverTestCase( - - libvirt_driver.disconnect_volume(connection_info, "vde") - -- def test_libvirt_quobyte_driver_mount_non_quobyte_volume(self): -+ @mock.patch.object(libvirt_utils, 'is_mounted', return_value=True) -+ def test_libvirt_quobyte_driver_mount_non_quobyte_volume(self, -+ mock_is_mounted): - mnt_base = '/mnt' - self.flags(quobyte_mount_point_base=mnt_base, group='libvirt') - - libvirt_driver = quobyte.LibvirtQuobyteVolumeDriver(self.fake_conn) -- export_string = 'quobyte://192.168.1.1/volume-00001' -+ export_string = 'quobyte:192.168.1.1/volume-00001' - - connection_info = {'data': {'export': export_string, - 'name': self.name}} -@@ -345,6 +382,8 @@ class LibvirtQuobyteVolumeDriverTestCase( - libvirt_driver.connect_volume, - connection_info, - self.disk_info) -+ mock_is_mounted.assert_called_once_with(mock.ANY, -+ "quobyte@" + export_string) - - def test_libvirt_quobyte_driver_normalize_export_with_protocol(self): - mnt_base = '/mnt' -diff --git a/nova/virt/libvirt/volume/quobyte.py b/nova/virt/libvirt/volume/quobyte.py -index 199439b..05e2933 100644 ---- a/nova/virt/libvirt/volume/quobyte.py -+++ b/nova/virt/libvirt/volume/quobyte.py -@@ -56,6 +56,10 @@ def mount_volume(volume, mnt_base, configfile=None): +diff --git nova/virt/libvirt/volume/quobyte.py nova/virt/libvirt/volume/quobyte.py +index 199439b..c9ea879 100644 +--- nova/virt/libvirt/volume/quobyte.py ++++ nova/virt/libvirt/volume/quobyte.py +@@ -56,13 +56,17 @@ def mount_volume(volume, mnt_base, configfile=None): fileutils.ensure_tree(mnt_base) command = ['mount.quobyte', volume, mnt_base] + if os.path.exists(" /run/systemd/system"): + # Note(kaisers): with systemd this requires a separate CGROUP to + # prevent Nova service stop/restarts from killing the mount. -+ command = ['systemd-run', 'mount.quobyte', '-f', volume, mnt_base] ++ command = ['systemd-run', '--scope', '--user', 'mount.quobyte', volume, ++ mnt_base] if configfile: command.extend(['-c', configfile]) -@@ -63,14 +67,14 @@ def mount_volume(volume, mnt_base, configfile=None): + LOG.debug('Mounting volume %s at mount point %s ...', volume, mnt_base) - # Run mount command but do not fail on already mounted exit code -- utils.execute(*command, check_exit_code=[0, 4]) -+ utils.execute(*command, check_exit_code=[0, 4], run_as_root=True) +- # Run mount command but do not fail on already mounted exit code + utils.execute(*command, check_exit_code=[0, 4]) LOG.info(_LI('Mounted volume: %s'), volume) - - def umount_volume(mnt_base): - """Wraps execute calls for unmouting a Quobyte volume""" - try: -- utils.execute('umount.quobyte', mnt_base) -+ utils.execute('umount.quobyte', mnt_base, run_as_root=True) - except processutils.ProcessExecutionError as exc: - if 'Device or resource busy' in six.text_type(exc): - LOG.error(_LE("The Quobyte volume at %s is still in use."), @@ -138,8 +142,8 @@ class LibvirtQuobyteVolumeDriver(fs.LibvirtBaseFileSystemVolumeDriver): if not mounted: diff --git a/systemd-cgroup_patch/README.md b/systemd-cgroup_patch/README.md index c47e97f..1386939 100644 --- a/systemd-cgroup_patch/README.md +++ b/systemd-cgroup_patch/README.md @@ -12,5 +12,13 @@ Removal can easily be done via: These patches can be applied by navigating to the project to be patched root directory and running: - patch -p1 < /path/to/patchfile + patch -p0 < /path/to/patchfile + +### Changelog + + +#### 1.0 + - mounts no longer as root but as Nova service user + +#### original release \ No newline at end of file