 648d3b76be
			
		
	
	648d3b76be
	
	
	
		
			
			The xenapi root wrapper did not parse the "exec_dirs" parameter, so it failed to execute the commands. This patch works around this problem by parsing the "exec_dirs". Fixes bug 1185872 Change-Id: I10175c7df5d34e47eb6044711ffbe4fe4cee3ce2
		
			
				
	
	
		
			123 lines
		
	
	
		
			3.9 KiB
		
	
	
	
		
			Python
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			123 lines
		
	
	
		
			3.9 KiB
		
	
	
	
		
			Python
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env python
 | |
| 
 | |
| # Copyright (c) 2012 Openstack, LLC.
 | |
| # All Rights Reserved.
 | |
| #
 | |
| #    Licensed under the Apache License, Version 2.0 (the "License"); you may
 | |
| #    not use this file except in compliance with the License. You may obtain
 | |
| #    a copy of the License at
 | |
| #
 | |
| #         http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| #    Unless required by applicable law or agreed to in writing, software
 | |
| #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 | |
| #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 | |
| #    License for the specific language governing permissions and limitations
 | |
| #    under the License.
 | |
| 
 | |
| """Quantum root wrapper for dom0.
 | |
| 
 | |
| Executes networking commands in dom0.  The XenAPI plugin is
 | |
| responsible determining whether a command is safe to execute.
 | |
| 
 | |
| """
 | |
| 
 | |
| import ConfigParser
 | |
| import json
 | |
| import os
 | |
| import sys
 | |
| import traceback
 | |
| 
 | |
| import XenAPI
 | |
| 
 | |
| 
 | |
| RC_UNAUTHORIZED = 99
 | |
| RC_NOCOMMAND = 98
 | |
| RC_BADCONFIG = 97
 | |
| RC_XENAPI_ERROR = 96
 | |
| 
 | |
| 
 | |
| def parse_args():
 | |
|     # Split arguments, require at least a command
 | |
|     exec_name = sys.argv.pop(0)
 | |
|     # argv[0] required; path to conf file
 | |
|     if len(sys.argv) < 2:
 | |
|         print "%s: No command specified" % exec_name
 | |
|         sys.exit(RC_NOCOMMAND)
 | |
| 
 | |
|     config_file = sys.argv.pop(0)
 | |
|     user_args = sys.argv[:]
 | |
| 
 | |
|     return exec_name, config_file, user_args
 | |
| 
 | |
| 
 | |
| def load_configuration(exec_name, config_file):
 | |
|     config = ConfigParser.RawConfigParser()
 | |
|     config.read(config_file)
 | |
|     try:
 | |
|         exec_dirs = config.get("DEFAULT", "exec_dirs").split(",")
 | |
|         filters_path = config.get("DEFAULT", "filters_path").split(",")
 | |
|         section = 'XENAPI'
 | |
|         url = config.get(section, "xenapi_connection_url")
 | |
|         username = config.get(section, "xenapi_connection_username")
 | |
|         password = config.get(section, "xenapi_connection_password")
 | |
|     except ConfigParser.Error:
 | |
|         print "%s: Incorrect configuration file: %s" % (exec_name, config_file)
 | |
|         sys.exit(RC_BADCONFIG)
 | |
|     if not url or not password:
 | |
|         msg = ("%s: Must specify xenapi_connection_url, "
 | |
|                "xenapi_connection_username (optionally), and "
 | |
|                "xenapi_connection_password in %s") % (exec_name, config_file)
 | |
|         print msg
 | |
|         sys.exit(RC_BADCONFIG)
 | |
|     return dict(
 | |
|         filters_path=filters_path,
 | |
|         url=url,
 | |
|         username=username,
 | |
|         password=password,
 | |
|         exec_dirs=exec_dirs,
 | |
|     )
 | |
| 
 | |
| 
 | |
| def filter_command(exec_name, filters_path, user_args, exec_dirs):
 | |
|     # Add ../ to sys.path to allow running from branch
 | |
|     possible_topdir = os.path.normpath(os.path.join(os.path.abspath(exec_name),
 | |
|                                                     os.pardir, os.pardir))
 | |
|     if os.path.exists(os.path.join(possible_topdir, "quantum", "__init__.py")):
 | |
|         sys.path.insert(0, possible_topdir)
 | |
| 
 | |
|     from quantum.rootwrap import wrapper
 | |
| 
 | |
|     # Execute command if it matches any of the loaded filters
 | |
|     filters = wrapper.load_filters(filters_path)
 | |
|     filter_match = wrapper.match_filter(
 | |
|         filters, user_args, exec_dirs=exec_dirs)
 | |
|     if not filter_match:
 | |
|         print "Unauthorized command: %s" % ' '.join(user_args)
 | |
|         sys.exit(RC_UNAUTHORIZED)
 | |
| 
 | |
| 
 | |
| def run_command(url, username, password, user_args):
 | |
|     try:
 | |
|         session = XenAPI.Session(url)
 | |
|         session.login_with_password(username, password)
 | |
|         host = session.xenapi.session.get_this_host(session.handle)
 | |
|         result = session.xenapi.host.call_plugin(
 | |
|             host, 'netwrap', 'run_command', {'cmd': json.dumps(user_args)})
 | |
|         return json.loads(result)
 | |
|     except Exception as e:
 | |
|         traceback.print_exc()
 | |
|         sys.exit(RC_XENAPI_ERROR)
 | |
| 
 | |
| 
 | |
| def main():
 | |
|     exec_name, config_file, user_args = parse_args()
 | |
|     config = load_configuration(exec_name, config_file)
 | |
|     filter_command(exec_name, config['filters_path'], user_args, config['exec_dirs'])
 | |
|     return run_command(config['url'], config['username'], config['password'],
 | |
|                        user_args)
 | |
| 
 | |
| 
 | |
| if __name__ == '__main__':
 | |
|     print main()
 |