commit openstack-nova.1782 for openSUSE:12.3:Update
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package openstack-nova.1782 for openSUSE:12.3:Update checked in at 2013-06-27 12:51:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/openstack-nova.1782 (Old) and /work/SRC/openSUSE:12.3:Update/.openstack-nova.1782.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openstack-nova.1782" Changes: -------- New Changes file: --- /dev/null 2013-06-25 18:53:24.372030255 +0200 +++ /work/SRC/openSUSE:12.3:Update/.openstack-nova.1782.new/openstack-nova-doc.changes 2013-06-27 12:51:53.000000000 +0200 @@ -0,0 +1,91 @@ +------------------------------------------------------------------- +Fri Jan 18 13:42:51 UTC 2013 - vuntz@suse.com + +- Update to version 2012.2.3+git.1358515929.3545a7d: + + Add NFS to the libvirt volume driver list + + Call plug_vifs() for all instances in init_host + + Fix addition of CPU features when running against legacy libvirt + + Fix typo in resource tracker audit message +- Move back to "git_tarballs" source service. + +-------------------------------------------------------------------- +Thu Jan 17 15:22:36 UTC 2013 - cloud-devel@suse.de + +- Start using obs-service-github_tarballs + +-------------------------------------------------------------------- +Thu Jan 17 14:52:08 UTC 2013 - cloud-devel@suse.de + +- Update to version 2012.2.3+git.1358434328.a41b913: + + Provide better error message for aggregate-create + + Fix errors in used_limits extension + + Add an iptables mangle rule per-bridge for DHCP. + + Limit formatting routes when adding resources + +-------------------------------------------------------------------- +Thu Jan 3 12:17:48 UTC 2013 - cloud-devel@suse.de + +- Update to version 2012.2.3+git.1357215468.451003e: + + Fix a crash when launching qcow2 images containing snapshots + +------------------------------------------------------------------- +Wed Dec 19 15:36:47 UTC 2012 - saschpe@suse.de + +- It's a noarch package + +-------------------------------------------------------------------- +Tue Dec 11 17:36:43 UTC 2012 - cloud-devel@suse.de + +- Move to obs-service-git_tarballs + + Drop BuildRequires: python-setuptools-git +- Update to version 2012.2.3+git.1355243803.9e62846: + + Bump version to 2012.2.3 + + Final versioning for 2012.2.2 + + Don't leak info from libvirt LVM backed instances + +-------------------------------------------------------------------- +Mon Dec 10 17:20:47 UTC 2012 - iartarisi@suse.com + +- Update to latest git (670b388): + + Fix rpc control_exchange regression. + +------------------------------------------------------------------- +Thu Dec 6 13:51:20 UTC 2012 - iartarisi@suse.com + +- Fix version name + +------------------------------------------------------------------- +Fri Nov 16 12:52:08 UTC 2012 - saschpe@suse.de + +- Add more documentation requirements but disable some, currently + the build fails if too much is enabled (I/O error) + +------------------------------------------------------------------- +Thu Nov 15 13:26:43 UTC 2012 - saschpe@suse.de + +- Use openstack-macros +- Additional documentation requirements + +------------------------------------------------------------------- +Thu Nov 8 11:49:52 UTC 2012 - saschpe@suse.de + +- Drop from_vcs build flag + +------------------------------------------------------------------- +Wed Jun 27 12:39:11 UTC 2012 - saschpe@suse.de + +- Change versioning scheme to $release+git.$AUTHORDATE.$COMMITREV +- Simplify from_vcs macros + +------------------------------------------------------------------- +Wed Jun 27 10:13:39 CEST 2012 - vuntz@suse.com + +- Sync version to the version we currently have, to fix build. +- Add jsonutils-fix-new-anyjson.patch: fix nova.utils to be + compatibly with the version of python-anyjson we use + (lp#1017765). + +------------------------------------------------------------------- +Mon Jun 25 09:33:07 UTC 2012 - saschpe@suse.de + +- Initial version New Changes file: --- /dev/null 2013-06-25 18:53:24.372030255 +0200 +++ /work/SRC/openSUSE:12.3:Update/.openstack-nova.1782.new/openstack-nova.changes 2013-06-27 12:51:53.000000000 +0200 @@ -0,0 +1,1786 @@ +------------------------------------------------------------------- +Mon Jun 17 08:08:02 UTC 2013 - vuntz@suse.com + +- Add CVE-2013-2030.patch: fix insecure keystone middleware tmpdir + by default (CVE-2013-2030, bnc#819349). +- Use explicit keystone-signing dir to workaround lp#1181157. + +-------------------------------------------------------------------- +Thu Mar 14 21:51:50 UTC 2013 - vuntz@suse.com + +- Update to version 2012.2.4+git.1363297910.9561484: + + Avoid vm instance shutdown when power state is NOSTATE + + Fix an error in affinity filters + + Add quotas for fixed ips. (CVE-2013-1838) +- This fixes bnc#808622. + +------------------------------------------------------------------- +Mon Mar 11 10:01:24 UTC 2013 - vuntz@suse.com + +- Update 12.3 packages to Folsom as of March 5th. This comes with· + security fixes and bug fixes that we need to have OpenStack work + nicely. Fix bnc#802278. + +------------------------------------------------------------------- +Thu Mar 7 12:58:51 UTC 2013 - vuntz@suse.com + +- Install polkit rules file in /usr/share/polkit-1/rules.d/ since + it's not a configuration file, and use 10 instead of 50 as + priority to make sure it is taken into account. + +-------------------------------------------------------------------- +Wed Mar 6 15:26:14 UTC 2013 - cloud-devel@suse.de + +- Update to version 2012.2.4+git.1362583574.da38af5: + + VNC Token Validation (CVE-2013-0335) + +-------------------------------------------------------------------- +Tue Mar 5 16:57:22 UTC 2013 - cloud-devel@suse.de + +- Update to version 2012.2.4+git.1362502642.8c4df00: + + Ensure we add a new line when appending to rc.local + + Handle compute node not available for live migration + + remove intermediate libvirt downloaded images + +------------------------------------------------------------------- +Mon Feb 25 15:43:09 UTC 2013 - vuntz@suse.com + +- Add openstack-nova-polkit.rules: polkit rules for the new polkit + that uses javascript. On openSUSE 12.3 and later, we install this + file in /etc/polkit-1/rules.d/ instead of installing the pkla + file which is of no use with the new polkit. + +-------------------------------------------------------------------- +Fri Feb 22 10:11:47 UTC 2013 - cloud-devel@suse.de + +- Update to version 2012.2.4+git.1361527907.d5e7f55: + + Avoid stuck task_state on snapshot image failure + + Add a safe_minidom_parse_string function. (CVE-2013-1664) + + Enable libvirt to work with NoopFirewallDriver + + Fix state sync logic related to the PAUSED VM state + + libvirt: Fix nova-compute start when missing ip. + +-------------------------------------------------------------------- +Wed Feb 6 06:59:13 UTC 2013 - cloud-devel@suse.de + +- Update to version 2012.2.4+git.1360133953.e5d0f4b: + + Final versioning for 2012.2.3 + + Bump version to 2012.2.4 + +-------------------------------------------------------------------- +Wed Jan 30 07:09:51 UTC 2013 - cloud-devel@suse.de + +- Update to version 2012.2.3+git.1359529791.317cc0a: + + remove session parameter from fixed_ip_get + + Eliminate race conditions in floating association + + Fix to include error message in instance faults + + disallow boot from volume from specifying arbitrary volumes + (CVE-2013-0208) + +-------------------------------------------------------------------- +Fri Jan 25 10:59:36 UTC 2013 - cloud-devel@suse.de + +- Update to version 2012.2.3+git.1359111576.03c3e9b: + + Ensure that Quantum uses configured fixed IP + + Makes sure compute doesn't crash on failed resume. + +------------------------------------------------------------------- +Fri Jan 18 13:42:51 UTC 2013 - vuntz@suse.com + +- Update to version 2012.2.3+git.1358515929.3545a7d: + + Add NFS to the libvirt volume driver list + + Call plug_vifs() for all instances in init_host + + Fix addition of CPU features when running against legacy libvirt + + Fix typo in resource tracker audit message +- Move back to "git_tarballs" source service. + +-------------------------------------------------------------------- +Thu Jan 17 15:22:36 UTC 2013 - cloud-devel@suse.de + +- Start using obs-service-github_tarballs + +-------------------------------------------------------------------- +Thu Jan 17 14:52:08 UTC 2013 - cloud-devel@suse.de + +- Update to version 2012.2.3+git.1358434328.a41b913: + + Provide better error message for aggregate-create + + Fix errors in used_limits extension + + Add an iptables mangle rule per-bridge for DHCP. + + Limit formatting routes when adding resources + +------------------------------------------------------------------- +Tue Jan 15 08:01:05 UTC 2013 - vuntz@suse.com + +- Drop nova-migration-config.patch: the patch is not used anymore, + as we don't need it anymore with the _service we're using now. + +-------------------------------------------------------------------- +Thu Jan 3 12:17:48 UTC 2013 - cloud-devel@suse.de + +- Switch to github_tarballs source service +- Update to version 2012.2.3+git.1357215468.451003e: + + Fix a crash when launching qcow2 images containing snapshots + +------------------------------------------------------------------- +Wed Dec 19 14:49:49 UTC 2012 - saschpe@suse.de + +- Use macro %openstack_sphinx_build_manpages_only + +------------------------------------------------------------------- +Wed Dec 19 11:57:05 UTC 2012 - saschpe@suse.de + +- Move to obs-service-git_tarballs + + Drop BuildRequires: python-setuptools-git + + Drop %majorversion macro +- Fix testsuite requirements + +------------------------------------------------------------------- +Wed Dec 19 09:05:52 UTC 2012 - bwiedemann@suse.com + +- update init scripts and nova.conf for Folsom + +-------------------------------------------------------------------- +Tue Dec 11 17:36:43 UTC 2012 - cloud-devel@suse.de + +- Use new git_tarballs source service +- Update to version 2012.2.3+git.1355243803.9e62846: + + Bump version to 2012.2.3 + + Final versioning for 2012.2.2 + + Don't leak info from libvirt LVM backed instances + +-------------------------------------------------------------------- +Mon Dec 10 17:20:47 UTC 2012 - iartarisi@suse.com + +- Update to latest git (670b388): + + Fix rpc control_exchange regression. + +------------------------------------------------------------------- +Thu Dec 6 11:44:38 UTC 2012 - iartarisi@suse.com + +- Set the version to seconds from epoch + +------------------------------------------------------------------- +Thu Dec 6 11:03:34 UTC 2012 - iartarisi@suse.com + +- Use upstream tarballs instead of the git repository + +------------------------------------------------------------------- +Wed Dec 5 09:36:59 UTC 2012 - saschpe@suse.de + +- Use @PARENT_TAG@ in _service file to automate versioning + +------------------------------------------------------------------- +Mon Dec 3 14:44:22 UTC 2012 - iartarisi@suse.com + +- Add sqlalchemy-migrate config to the python package + +------------------------------------------------------------------- +Thu Nov 15 12:39:52 UTC 2012 - saschpe@suse.de + +- Use openstack-macros + +------------------------------------------------------------------- +Fri Nov 9 10:24:55 UTC 2012 - saschpe@suse.de + +- Add more test requirements for which we have packages now: + + Requires: python-nosehtmloutput + +------------------------------------------------------------------- +Thu Nov 8 11:36:41 UTC 2012 - saschpe@suse.de + +- Drop from_vcs build flag + +------------------------------------------------------------------- +Tue Oct 30 09:21:25 UTC 2012 - saschpe@suse.de + +- Drop temporary fixes for file permissions and attributes in %post + section. They were necessary only to migrate from pre-1.0 packages. ++++ 1589 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.openstack-nova.1782.new/openstack-nova.changes New: ---- CVE-2013-2030.patch _service nova-network-filter-bnc777488.patch nova-rbd-use-local-devices.patch nova-stable-folsom.tar.gz nova.conf openstack-nova-api.wsgi openstack-nova-doc.changes openstack-nova-doc.spec openstack-nova-manage.sh openstack-nova-network-init-bnc777488.patch openstack-nova-novncproxy.init openstack-nova-polkit.rules openstack-nova-vncproxy.init openstack-nova.changes openstack-nova.init openstack-nova.logrotate openstack-nova.spec org.openstack.nova.compute.pkla rpmlintrc sysconfig.openstack-novncproxy ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-nova-doc.spec ++++++ # # spec file for package openstack-nova-doc # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define component nova %define majorversion 2012.2.3 Name: openstack-%{component}-doc Version: 2012.2.4+git.1363297910.9561484 Release: 0 Summary: OpenStack Compute (Nova) - Documentation License: Apache-2.0 Group: Documentation/HTML Url: http://openstack.org/projects/compute/ Source: nova-stable-folsom.tar.gz BuildRequires: graphviz BuildRequires: openstack-macros BuildRequires: python-Cheetah BuildRequires: python-PasteDeploy BuildRequires: python-Sphinx #BuildRequires: python-SQLAlchemy BuildRequires: python-WebOb BuildRequires: python-base BuildRequires: python-boto #BuildRequires: python-cinderclient BuildRequires: python-distribute BuildRequires: python-eventlet BuildRequires: python-feedparser #BuildRequires: python-glanceclient BuildRequires: python-iso8601 BuildRequires: python-ldap BuildRequires: python-lxml BuildRequires: python-mox BuildRequires: python-netaddr #BuildRequires: python-nova BuildRequires: python-openssl BuildRequires: python-paste #BuildRequires: python-qpid #BuildRequires: python-quantumclient BuildRequires: python-routes #BuildRequires: python-zmq BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Nova is a cloud computing fabric controller (the main part of an IaaS system) built to match the popular AWS EC2 and S3 APIs. It is written in Python, using the Tornado and Twisted frameworks, and relies on the standard AMQP messaging protocol. This package contains documentation files for openstack-nova. %prep %setup -q -n nova-2012.2.4 %openstack_cleanup_prep %build python setup.py build_sphinx rm -rf doc/build/html/.buildinfo # Remove unneeded files %install %files %defattr(-,root,root,-) %doc LICENSE doc/build/html %changelog ++++++ openstack-nova.spec ++++++ # # spec file for package openstack-nova # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2011 B1 Systems GmbH, Vohburg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define component nova %define groupname openstack-%{component} %define username openstack-%{component} Name: openstack-%{component} Version: 2012.2.4+git.1363297910.9561484 Release: 0 Summary: OpenStack Compute (Nova) License: Apache-2.0 Group: System/Management Url: https://launchpad.net/nova Source: nova-stable-folsom.tar.gz Source1: %{name}.init Source2: %{name}.logrotate Source3: nova.conf Source4: openstack-nova-manage.sh Source6: openstack-nova-vncproxy.init # WSGI application skeleton for API app (for the SSL proxy): Source7: openstack-nova-api.wsgi Source8: openstack-nova-network-init-bnc777488.patch Source9: org.openstack.nova.compute.pkla Source10: openstack-nova-novncproxy.init Source11: sysconfig.openstack-novncproxy Source12: openstack-nova-polkit.rules # This adds support for using /dev/rdb? devices for ceph volumes. It's need # because our qemu and libvirt don't have librados support yet. (Not sure yet if # this is worth upstreaming, we would at least have to make in configurable) Patch5: nova-rbd-use-local-devices.patch Patch7: nova-network-filter-bnc777488.patch # PATCH-FIX-UPSTREAM CVE-2013-2030.patch -- fix insecure keystone middleware tmpdir by default, https://review.openstack.org/#/c/28570/ Patch8: CVE-2013-2030.patch BuildRequires: apache2 BuildRequires: fdupes BuildRequires: openstack-macros BuildRequires: python-base BuildRequires: python-distribute # Documentation requirements: BuildRequires: python-Sphinx %if 0%{?suse_version} > 1110 # to make orphaned-file-tests happy BuildRequires: polkit-default-privs Requires: polkit-default-privs %endif Requires: /usr/bin/truncate Requires: euca2ools Requires: logrotate Requires: python >= 2.6.8 Requires: python-nova = %{version} Requires: sudo #Requires: vblade-persist # To generate a self-signed certificate to be used in demo setups: Requires(post): apache2-utils Requires(post): openssl Requires(post): sysconfig %if 0%{?suse_version} > 1110 Requires(pre): pwdutils %else Requires(pre): shadow-utils %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} && 0%{?suse_version} <= 1110 %{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %else BuildArch: noarch %endif %description Nova is a cloud computing fabric controller (the main part of an IaaS system) built to match the popular AWS EC2 and S3 APIs. It is written in Python, using the Tornado and Twisted frameworks, and relies on the standard AMQP messaging protocol. %package -n python-nova Summary: OpenStack Compute (Nova) - Python module Group: Development/Languages/Python Requires: python >= 2.6.8 Requires: python-Paste Requires: python-PasteDeploy Requires: python-SQLAlchemy Requires: python-WebOb Requires: python-amqplib Requires: python-anyjson Requires: python-boto Requires: python-cheetah Requires: python-eventlet Requires: python-glanceclient Requires: python-greenlet Requires: python-httplib2 Requires: python-iso8601 Requires: python-kombu Requires: python-lxml Requires: python-netaddr Requires: python-paramiko Requires: python-quantumclient Requires: python-routes Requires: python-sqlalchemy-migrate Requires: python-suds %description -n python-nova This package contains the core Python module of OpenStack Nova. %package api Summary: OpenStack Compute (Nova) - API Group: Development/Languages/Python Requires: %{name} = %{version} %description api This package contains the OpenStack Nova API. %package cert Summary: OpenStack Compute (Nova) - Certificate Manager Group: Development/Languages/Python Requires: %{name} = %{version} %description cert This package contains the certificate manager of OpenStack Nova. %package compute Summary: OpenStack Compute (Nova) - Compute Group: Development/Languages/Python Requires: %{name} = %{version} Requires: bridge-utils Requires: libvirt >= 0.8.1 Requires: libvirt-python >= 0.8.1 Requires: tunctl %if 0%{?suse_version} < 1220 Requires(post): PolicyKit %endif %description compute This package contains the compute part of OpenStack. %package network Summary: OpenStack Compute (Nova) - Network Group: Development/Languages/Python Requires: %{name} = %{version} Requires: dnsmasq Requires: iptables %description network This package contains the network services for OpenStack. %package novncproxy Summary: OpenStack Compute (Nova) - Websocket Proxy Group: Development/Languages/Python Requires: %{name} = %{version} %description novncproxy This package contains the novnc-proxy service for OpenStack. %package objectstore Summary: OpenStack Compute (Nova) - Object Store Group: Development/Languages/Python Requires: %{name} = %{version} %description objectstore This package contains the objectstore service for OpenStack. %package scheduler Summary: OpenStack Compute (Nova) - Scheduler Group: Development/Languages/Python Requires: %{name} = %{version} %description scheduler This package contains the scheduler for OpenStack. %package vncproxy Summary: OpenStack Compute (Nova) - VNC Proxy Group: Development/Languages/Python Requires: %{name} = %{version} %description vncproxy This package contains the vnc-proxy service for OpenStack. %package volume Summary: OpenStack Compute (Nova) - Volume Group: Development/Languages/Python Requires: %{name} = %{version} %description volume This package contains the volume-manager for OpenStack. %package test Summary: OpenStack Compute (Nova) - Testsuite Group: Development/Languages/Python Requires: %{name} = %{version} Requires: curl Requires: pylint Requires: python-cinderclient Requires: python-coverage Requires: python-feedparser Requires: python-mox Requires: python-nose Requires: python-nosehtmloutput Requires: python-openstack.nose_plugin Requires: python-pep8 %description test The OpenStack Nova testsuite. It is used to verify the functionality of OpenStack Nova and its components. %prep %setup -q -n nova-2012.2.4 %patch5 -p1 %patch7 -p1 %patch8 -p1 %openstack_cleanup_prep %build python setup.py build %openstack_sphinx_build_manpages_only %install python setup.py install -O1 --skip-build --root %{buildroot} --prefix %{_prefix} ### directories install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova/images install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova/instances install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova/keys install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova/networks install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova/tmp install -d -m 755 %{buildroot}%{_localstatedir}/lock/nova install -d -m 755 %{buildroot}%{_localstatedir}/log/nova install -d -m 755 %{buildroot}%{_localstatedir}/run/nova ### configuration files install -p -D -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/nova/nova.conf sed -i -e 's/^#\(signing_dir = \)/\1/' etc/nova/api-paste.ini # workaround https://bugs.launchpad.net/nova/+bug/1181157 install -p -D -m 644 etc/nova/api-paste.ini etc/nova/policy.json %{buildroot}%{_sysconfdir}/nova/ install -p -D -m 644 etc/nova/rootwrap.conf %{buildroot}%{_sysconfdir}/nova/ cp -a etc/nova/rootwrap.d/ %{buildroot}%{_sysconfdir}/nova/ # bash-completion/logrotate/etc. install -p -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/bash_completion.d/openstack-nova-manage.sh install -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} ### init scripts mkdir -p %{buildroot}%{_initddir} mkdir -p %{buildroot}%{_sbindir} for i in api cert compute consoleauth network objectstore rpc-zmq-receiver scheduler volume do tmp=$(mktemp) cat %{SOURCE1} | sed "s/__NAME__/$i/g" > $tmp if [ "x$i" = "xcompute" ] ; then sed -i -e "s/# Should-Start:.*/& libvirtd/" $tmp fi install -m 755 $tmp %{buildroot}%{_initddir}/%{name}-$i ln -s ../..%{_initddir}/%{name}-$i %{buildroot}%{_sbindir}/rc%{name}-$i done # patch nova-network init script: ( cd %{buildroot}%{_initddir}/ ; patch -p0 < %{S:8} ) install -p -D -m 755 %{SOURCE6} %{buildroot}%{_initddir}/openstack-nova-vncproxy install -p -D -m 755 %{SOURCE10} %{buildroot}%{_initddir}/openstack-nova-novncproxy mkdir -p %{buildroot}%{_sbindir} ln -s %{_initddir}/openstack-nova-vncproxy %{buildroot}%{_sbindir}/rcopenstack-nova-vncproxy ln -s %{_initddir}/openstack-nova-novncproxy %{buildroot}%{_sbindir}/rcopenstack-nova-novncproxy ### documentation install -d %{buildroot}%{_mandir}/man1 install -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1 ### test subpackage %openstack_test_package_install %fdupes %{buildroot}%{_localstatedir}/lib/%{name}-test ### apache/WSGI for SSL # Apache2 SSL certificate stubs (generated in %%post) install -d %{buildroot}%{_sysconfdir}/apache2/ssl.{crt,csr,key} install -d %{buildroot}/srv/www/htdocs touch %{buildroot}%{_sysconfdir}/apache2/ssl.key/openstack-nova-{ca,server}.key touch %{buildroot}%{_sysconfdir}/apache2/ssl.csr/openstack-nova-server.csr touch %{buildroot}%{_sysconfdir}/apache2/ssl.crt/openstack-nova-{ca,server}.crt # Apache2 WSGI apps for api in ec2 osapi_compute osapi_volume metadata ; do install -D %{SOURCE7} %{buildroot}%{_localstatedir}/lib/nova/wsgi/$api.wsgi done ### misc %fdupes %{buildroot}%{python_sitelib}/%{component} install -p -D -m 644 %{SOURCE11} %{buildroot}%{_var}/adm/fillup-templates/sysconfig.openstack-nova-novncproxy %if 0%{?suse_version} > 1110 && 0%{?suse_version} < 1230 mkdir -p %{buildroot}%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/ cp -a %{SOURCE9} %{buildroot}%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/ %endif %if 0%{?suse_version} >= 1230 install -D -m 644 %{SOURCE12} %{buildroot}%{_datadir}/polkit-1/rules.d/10-openstack-nova-compute.rules %endif %pre getent group %{groupname} >/dev/null || groupadd -r %{groupname} getent passwd %{username} >/dev/null || \ useradd -r -g %{groupname} -d %{_localstatedir}/lib/nova -s /sbin/nologin \ -c "OpenStack Nova Daemons" %{username} exit 0 %post %{fillup_and_insserv -f openstack-nova-consoleauth openstack-nova-rpc-zmq-receiver} if [ ! -s %{_sysconfdir}/apache2/ssl.csr/openstack-nova-server.csr ] ; then # Generate a self-signed certificate to be used in non-production setups: (umask 377 ; /usr/bin/gensslcert -C openstack-nova -n nova.example.com) fi %preun %stop_on_removal openstack-nova-consoleauth openstack-nova-rpc-zmq-receiver %postun %restart_on_update openstack-nova-consoleauth openstack-nova-rpc-zmq-receiver %insserv_cleanup %post api %{fillup_and_insserv -f openstack-nova-api} %preun api %stop_on_removal openstack-nova-api %postun api %restart_on_update openstack-nova-api %insserv_cleanup %post cert %{fillup_and_insserv -f openstack-nova-cert} %preun cert %stop_on_removal openstack-nova-cert %postun cert %restart_on_update openstack-nova-cert %insserv_cleanup %post compute polkit-auth --grant org.libvirt.unix.manage --user %{username} 2>/dev/null || true %{fillup_and_insserv -f openstack-nova-compute} %preun compute %stop_on_removal openstack-nova-compute %postun compute %restart_on_update openstack-nova-compute %insserv_cleanup %post network %{fillup_and_insserv -f openstack-nova-network} %preun network %stop_on_removal openstack-nova-network %postun network %restart_on_update openstack-nova-network %insserv_cleanup %post vncproxy %{fillup_and_insserv -f openstack-nova-vncproxy} %preun vncproxy %stop_on_removal openstack-nova-vncproxy %postun vncproxy %restart_on_update openstack-nova-vncproxy %insserv_cleanup %post novncproxy %{fillup_and_insserv openstack-nova-novncproxy} %preun novncproxy %stop_on_removal openstack-nova-novncproxy %postun novncproxy %restart_on_update openstack-nova-novncproxy %insserv_cleanup %post objectstore %{fillup_and_insserv -f openstack-nova-objectstore} %preun objectstore %stop_on_removal openstack-nova-objectstore %postun objectstore %restart_on_update openstack-nova-objectstore %insserv_cleanup %post scheduler %{fillup_and_insserv -f openstack-nova-scheduler} %preun scheduler %stop_on_removal openstack-nova-scheduler %postun scheduler %restart_on_update openstack-nova-scheduler %insserv_cleanup %post volume %{fillup_and_insserv -f openstack-nova-volume} %preun volume %stop_on_removal openstack-nova-volume %postun volume %restart_on_update openstack-nova-volume %insserv_cleanup %files %defattr(-,root,root,-) %doc LICENSE README.rst %{_sysconfdir}/bash_completion.d/openstack-nova-manage.sh %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %dir %{_sysconfdir}/nova %config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/nova/api-paste.ini %config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/nova/nova.conf %config(noreplace) %{_sysconfdir}/nova/policy.json %config(noreplace) %{_sysconfdir}/nova/rootwrap.conf %dir %{_sysconfdir}/nova/rootwrap.d %attr(0755, %{username}, root) %{_localstatedir}/lib/nova %dir %attr(0755, %{username}, %{groupname}) %{_localstatedir}/log/nova %ghost %attr(0755, %{username}, root) %{_localstatedir}/lock/nova %ghost %dir %attr(0755, %{username}, root) %{_localstatedir}/run/nova %{_bindir}/nova-all %{_bindir}/nova-clear-rabbit-queues %{_bindir}/nova-console %{_bindir}/nova-manage %{_bindir}/nova-rootwrap %{_mandir}/man1/nova-all.1%{?ext_man} %{_mandir}/man1/nova-console.1%{?ext_man} %{_mandir}/man1/nova-manage.1%{?ext_man} %{_mandir}/man1/nova-rootwrap.1%{?ext_man} # apache integration for ssl setup %ghost %{_sysconfdir}/apache2/ssl.key/openstack-nova-*.key %ghost %{_sysconfdir}/apache2/ssl.csr/openstack-nova-server.csr %ghost %{_sysconfdir}/apache2/ssl.crt/openstack-nova-*.crt %dir %attr(0755, root, root) %{_localstatedir}/lib/nova/wsgi %attr(0644, root, root) %{_localstatedir}/lib/nova/wsgi/*.wsgi # FIXME: which package should these go in? %{_initddir}/%{name}-consoleauth %{_sbindir}/rc%{name}-consoleauth %{_bindir}/nova-consoleauth %{_mandir}/man1/nova-consoleauth.1%{?ext_man} %{_initddir}/%{name}-rpc-zmq-receiver %{_sbindir}/rc%{name}-rpc-zmq-receiver %{_bindir}/nova-rpc-zmq-receiver %{_mandir}/man1/nova-rpc-zmq-receiver.1%{?ext_man} %files -n python-nova %defattr(-,root,root,-) %doc LICENSE %{python_sitelib}/%{component}/ %{python_sitelib}/%{component}-*.egg-info # Part of test subpackage %exclude %{python_sitelib}/%{component}/tests/ %files api %defattr(-,root,root,-) %doc LICENSE %config(noreplace) %{_sysconfdir}/nova/rootwrap.d/api-metadata.filters %{_initddir}/%{name}-api %{_sbindir}/rc%{name}-api %{_bindir}/nova-api %{_bindir}/nova-api-ec2 %{_bindir}/nova-api-metadata %{_bindir}/nova-api-os-compute %{_bindir}/nova-api-os-volume %{_mandir}/man1/nova-api.1%{?ext_man} %{_mandir}/man1/nova-api-ec2.1%{?ext_man} %{_mandir}/man1/nova-api-metadata.1%{?ext_man} %{_mandir}/man1/nova-api-os-compute.1%{?ext_man} %{_mandir}/man1/nova-api-os-volume.1%{?ext_man} %files cert %defattr(-,root,root,-) %doc LICENSE %{_initddir}/%{name}-cert %{_sbindir}/rc%{name}-cert %{_bindir}/nova-cert %{_mandir}/man1/nova-cert.1%{?ext_man} %files compute %defattr(-,root,root,-) %doc LICENSE %config(noreplace) %{_sysconfdir}/nova/rootwrap.d/compute.filters %{_initddir}/%{name}-compute %{_sbindir}/rc%{name}-compute %{_bindir}/nova-compute %{_mandir}/man1/nova-compute.1%{?ext_man} %if 0%{?suse_version} > 1110 && 0%{?suse_version} < 1230 %{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/org.openstack.nova.compute.pkla %endif %if 0%{?suse_version} >= 1230 %{_datadir}/polkit-1/rules.d/10-openstack-nova-compute.rules %endif %files network %defattr(-,root,root,-) %doc LICENSE %config(noreplace) %{_sysconfdir}/nova/rootwrap.d/network.filters %{_initddir}/%{name}-network %{_sbindir}/rc%{name}-network %{_bindir}/nova-dhcpbridge %{_bindir}/nova-network %{_mandir}/man1/nova-dhcpbridge.1%{?ext_man} %{_mandir}/man1/nova-network.1%{?ext_man} %files novncproxy %defattr(-,root,root,-) %doc LICENSE %{_initddir}/%{name}-novncproxy %{_sbindir}/rc%{name}-novncproxy %{_bindir}/nova-novncproxy %{_mandir}/man1/nova-novncproxy.1%{?ext_man} %{_var}/adm/fillup-templates/sysconfig.openstack-nova-novncproxy %files objectstore %defattr(-,root,root,-) %doc LICENSE %{_initddir}/%{name}-objectstore %{_sbindir}/rc%{name}-objectstore %{_bindir}/nova-objectstore %{_mandir}/man1/nova-objectstore.1%{?ext_man} %files scheduler %defattr(-,root,root,-) %doc LICENSE %{_initddir}/%{name}-scheduler %{_sbindir}/rc%{name}-scheduler %{_bindir}/nova-scheduler %{_mandir}/man1/nova-scheduler.1%{?ext_man} %files vncproxy %defattr(-,root,root,-) %doc LICENSE %{_initddir}/%{name}-vncproxy %{_sbindir}/rc%{name}-vncproxy %{_bindir}/nova-xvpvncproxy %{_mandir}/man1/nova-xvpvncproxy.1%{?ext_man} %files volume %defattr(-,root,root,-) %doc LICENSE %config(noreplace) %{_sysconfdir}/nova/rootwrap.d/volume.filters %{_initddir}/%{name}-volume %{_sbindir}/rc%{name}-volume %{_bindir}/nova-volume %{_bindir}/nova-volume-usage-audit %{_mandir}/man1/nova-volume.1%{?ext_man} %{_mandir}/man1/nova-volume-usage-audit.1%{?ext_man} %files test %defattr(-,root,root) %{python_sitelib}/%{component}/tests/ %{_localstatedir}/lib/%{name}-test/ %changelog ++++++ CVE-2013-2030.patch ++++++
From 74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7 Mon Sep 17 00:00:00 2001 From: Russell Bryant
Date: Wed, 1 May 2013 09:41:57 -0400 Subject: [PATCH] Remove insecure default for signing_dir option.
The sample api-paste.ini file included an insecure value for the signing_dir option for the keystone authtoken middleware. Comment out the option so that we just rely on the default behavior by default. Fix bug 1174608. Conflicts: etc/nova/api-paste.ini Change-Id: I6189788953d789c34456bbe150b8ed6ce6f68403 (cherry picked from commit 58d6879b1caaa750c39c8e452a0634c24ffef2ce) --- etc/nova/api-paste.ini | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini index 3970974..95307b2 100644 --- a/etc/nova/api-paste.ini +++ b/etc/nova/api-paste.ini @@ -124,4 +124,7 @@ auth_protocol = http admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD% -signing_dir = /tmp/keystone-signing-nova +# signing_dir is configurable, but the default behavior of the authtoken +# middleware should be sufficient. It will create a temporary directory +# in the home directory for the user the nova process is running as. +#signing_dir = /var/lib/nova/keystone-signing -- 1.8.1.6 ++++++ _service ++++++ <services> <service name="git_tarballs" mode="disabled"> <param name="url">http://tarballs.openstack.org/nova/nova-stable-folsom.tar.gz</param> <param name="email">cloud-devel@suse.de</param> </service> </services> ++++++ nova-network-filter-bnc777488.patch ++++++ Index: nova-2012.1+git.1345844892.4d2a4af/nova/network/linux_net.py =================================================================== --- nova-2012.1+git.1345844892.4d2a4af.orig/nova/network/linux_net.py +++ nova-2012.1+git.1345844892.4d2a4af/nova/network/linux_net.py @@ -262,6 +262,9 @@ class IptablesManager(object): # among the various nova components. It sits at the very top # of FORWARD and OUTPUT. for tables in [self.ipv4, self.ipv6]: + tables['filter'].add_chain('nova-filter-FORWARD-sitelocl', wrap=False) + tables['filter'].add_rule('FORWARD', '-j nova-filter-FORWARD-sitelocl', wrap=False, top=True) + tables['filter'].add_chain('nova-filter-top', wrap=False) tables['filter'].add_rule('FORWARD', '-j nova-filter-top', wrap=False, top=True) Index: nova-2012.1+git.1345844892.4d2a4af/nova/tests/test_iptables_network.py =================================================================== --- nova-2012.1+git.1345844892.4d2a4af.orig/nova/tests/test_iptables_network.py +++ nova-2012.1+git.1345844892.4d2a4af/nova/tests/test_iptables_network.py @@ -144,7 +144,15 @@ class IptablesManagerTestCase(test.TestC "Duplicate line: %s" % line) seen_lines.add(line) - for chain in ['FORWARD', 'OUTPUT']: + for chain in ['FORWARD']: + for line in new_lines: + if line.startswith('[0:0] -A %s' % chain): + self.assertTrue('-j nova-filter-FORWARD-sitelocl' in line, + "First %s rule does not " + "jump to nova-filter-FORWARD-sitelocl" % chain) + break + + for chain in ['OUTPUT']: for line in new_lines: if line.startswith('[0:0] -A %s' % chain): self.assertTrue('-j nova-filter-top' in line, ++++++ nova-rbd-use-local-devices.patch ++++++
From e9c36242bc3a5addad26cd622f35706d55a3f6c5 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp
Date: Tue, 3 Jul 2012 17:42:06 +0200 Subject: [PATCH] Use local rbd devices (/dev/rbd*) for rbd volumes
This adds a new LibirtVolumeDriver to nova-compute that will take care to map/unmap local block devices for rbd volumes. The original approach for rbd volumes required rbd-enabled libvirt and kvm/qemu. Which we currently don't have on SLES-11-SP2. Change-Id: I62e7664200bc83b948e19a65a3cbda81ebb0470e --- nova/rootwrap/compute.py | 3 ++ nova/virt/libvirt/connection.py | 2 +- nova/virt/libvirt/volume.py | 58 +++++++++++++++++++++++++++++++++++++++ nova/volume/driver.py | 6 ++++ 4 files changed, 68 insertions(+), 1 deletions(-) Index: nova-2012.2+git.1349813491.b7e509a/nova/virt/libvirt/volume.py =================================================================== --- nova-2012.2+git.1349813491.b7e509a.orig/nova/virt/libvirt/volume.py +++ nova-2012.2+git.1349813491.b7e509a/nova/virt/libvirt/volume.py @@ -30,6 +30,8 @@ from nova.virt.libvirt import utils as v LOG = logging.getLogger(__name__) FLAGS = flags.FLAGS flags.DECLARE('num_iscsi_scan_tries', 'nova.volume.driver') +flags.DECLARE('rbd_secret_file', 'nova.volume.driver') +flags.DECLARE('rbd_user', 'nova.volume.driver') class LibvirtVolumeDriver(object): @@ -71,6 +73,62 @@ class LibvirtFakeVolumeDriver(LibvirtVol conf.serial = connection_info.get('serial') return conf +class LibvirtRbdVolumeDriver(LibvirtVolumeDriver): + """Driver to attach RBD volumes to libvirt.""" + + def _rbd_get_mapped_device(self, pool, image): + (out, err) = utils.execute('rbd', 'showmapped') + lines = out.split('\n') + del(lines[0]) + device_path="" + for line in lines: + elements = line.split('\t') + # elements is now [ id, pool, image, snap, device ] + if len(elements) == 5 and elements[1] == pool and elements[2] == image: + device_path = elements[4] + break + LOG.debug("device path: %s" % ( device_path)) + if len(device_path) == 0: + LOG.info("No host device found for rbd image %s/%s" % (pool, image)) + return device_path + + def _rbd_map_volume(self, connection_info): + pool = connection_info['data']['pool'] + image = connection_info['data']['image'] + (out, err) = utils.execute('rbd', 'map', '-p', pool, image, + '--secret', FLAGS.rbd_secret_file, + '--user', FLAGS.rbd_user, + run_as_root=True) + LOG.debug("rbd map: stdout=%s stderr=%s" % ( out, err)) + return self._rbd_get_mapped_device(pool, image) + + def _rbd_unmap_volume(self, connection_info): + pool = connection_info['data']['pool'] + image = connection_info['data']['image'] + host_device = self._rbd_get_mapped_device(pool, image) + if len(host_device) > 0: + (out, err) = utils.execute('rbd', 'unmap', host_device, + '--secret', FLAGS.rbd_secret_file, + '--user', FLAGS.rbd_user, + run_as_root=True) + LOG.debug("rbd unmap: stdout=%s stderr=%s" % ( out, err)) + + + def connect_volume(self, connection_info, mount_device): + """Connect the volume. Returns xml for libvirt.""" + driver = self._pick_volume_driver() + host_device = self._rbd_map_volume(connection_info) + + connection_info['data']['device_path'] = host_device + sup = super(LibvirtRbdVolumeDriver, self) + return sup.connect_volume(connection_info, mount_device) + + def disconnect_volume(self, connection_info, mount_device): + """Detach the volume from instance_name""" + sup = super(LibvirtRbdVolumeDriver, self) + sup.disconnect_volume(connection_info, mount_device) + self._rbd_unmap_volume(connection_info) + class LibvirtNetVolumeDriver(LibvirtVolumeDriver): """Driver to attach Network volumes to libvirt.""" Index: nova-2012.2+git.1349813491.b7e509a/nova/volume/driver.py =================================================================== --- nova-2012.2+git.1349813491.b7e509a.orig/nova/volume/driver.py +++ nova-2012.2+git.1349813491.b7e509a/nova/volume/driver.py @@ -67,6 +67,10 @@ volume_opts = [ default=None, help='the libvirt uuid of the secret for the rbd_user' 'volumes'), + cfg.StrOpt('rbd_secret_file', + default=None, + help='path the file containing the secret for the rbd_user' + 'volumes'), cfg.StrOpt('volume_tmp_dir', default=None, help='where to store temporary image files if the volume ' @@ -724,6 +728,8 @@ class RBDDriver(VolumeDriver): 'driver_volume_type': 'rbd', 'data': { 'name': '%s/%s' % (FLAGS.rbd_pool, volume['name']), + 'pool': FLAGS.rbd_pool, + 'image' : volume['name'], 'auth_enabled': FLAGS.rbd_secret_uuid is not None, 'auth_username': FLAGS.rbd_user, 'secret_type': 'ceph', Index: nova-2012.2+git.1349813491.b7e509a/etc/nova/rootwrap.d/compute.filters =================================================================== --- nova-2012.2+git.1349813491.b7e509a.orig/etc/nova/rootwrap.d/compute.filters +++ nova-2012.2+git.1349813491.b7e509a/etc/nova/rootwrap.d/compute.filters @@ -101,6 +101,9 @@ ovs-ofctl: CommandFilter, /usr/bin/ovs-o # nova/virt/libvirt/connection.py: 'dd', if=%s % virsh_output, ... dd: CommandFilter, /bin/dd, root +# nova/virt/libvirt/volume.py: 'rbd', "map/showmapped", ... +rbd: CommandFilter, /usr/bin/rbd, root + # nova/virt/xenapi/volume_utils.py: 'iscsiadm', '-m', ... iscsiadm: CommandFilter, /sbin/iscsiadm, root iscsiadm_usr: CommandFilter, /usr/bin/iscsiadm, root ++++++ nova.conf ++++++ [DEFAULT] # example nova.conf # replace the values verbose=True auth_strategy=keystone api_paste_config=/etc/nova/api-paste.ini rootwrap_config=/etc/nova/rootwrap.conf compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler fixed_range=192.168.0.0/24 dhcpbridge_flagfile=/etc/nova/nova.conf dhcpbridge=/usr/bin/nova-dhcpbridge logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/run/nova #instances_path=/var/lib/nova/instances root_helper=sudo /usr/bin/nova-rootwrap sql_connection=mysql://root:<mysql-password>@<IP>/nova s3_host=<IP> #s3_port=3333 osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions my_ip=<IP> rabbit_host=<IP> #rabbit_password= glance_api_servers=<IP> ec2_url=http://<IP>:8773/services/Cloud network_manager=nova.network.manager.FlatDHCPManager fixed_range=192.168.0.0/24 network_size=5000 compute_driver=libvirt.LibvirtDriver libvirt_type=kvm #libvirt_cpu_mode=none instance_name_template=instance-%08x enabled_apis=ec2,osapi_compute,metadata #bridge_interface=br0 ++++++ openstack-nova-api.wsgi ++++++ # # OpenStack Compute (Nova) API WSGI app skeleton # import eventlet eventlet.monkey_patch() import os import sys from paste import deploy from nova import flags from nova import log as logging from nova import utils utils.default_flagfile() flags.FLAGS(sys.argv) logging.setup() utils.monkey_patch() LOG = logging.getLogger(__name__) app_name = os.path.basename(__file__).rsplit('.')[0] config_path = utils.find_config(flags.FLAGS.api_paste_config) if app_name in flags.FLAGS.enabled_apis: application = deploy.loadapp("config:%s" % config_path, name=app_name) else: LOG.error("Not starting disabled Nova WSGI application '%s'" % app_name) ++++++ openstack-nova-manage.sh ++++++ # bash completion for openstack nova-manage # by Dominik Heidler <dheidler suse.de> _nova_manage_opts="" # lazy init _nova_manage_opts_exp="" # lazy init # this will only work with bash 4 ## declare dict #declare -A _nova_manage_subopts # dict hack for bash 3 # ...yea yea and eval is evil and you # could use it to inject malicious # code to .....yourself? # bash 3 sucks... _set_nova_manage_subopts () { eval _nova_manage_subopts_"$1"='$2' } _get_nova_manage_subopts () { eval echo '${_nova_manage_subopts_'"$1"'#_nova_manage_subopts_}' } _nova_manage() { local cur prev subopts COMPREPLY=() cur="${COMP_WORDS[COMP_CWORD]}" prev="${COMP_WORDS[COMP_CWORD-1]}" if [ "x$_nova_manage_opts" == "x" ] ; then _nova_manage_opts="`nova-manage bash-completion 2>/dev/null | sed -e "1d" -e "s/^\s*//g"`" _nova_manage_opts_exp="`echo $_nova_manage_opts | sed -e "s/\s/|/g"`" fi if [[ " `echo $_nova_manage_opts` " =~ " $prev " ]] ; then #if [ "x${_nova_manage_subopts["$prev"]}" == "x" ] ; then if [ "x$(_get_nova_manage_subopts "$prev")" == "x" ] ; then subopts="`nova-manage $prev bash-completion 2>/dev/null | sed -e "1d"`" #_nova_manage_subopts+=( ["$prev"]="$subopts" ) _set_nova_manage_subopts "$prev" "$subopts" fi #COMPREPLY=($(compgen -W "${_nova_manage_subopts["$prev"]}" -- ${cur})) COMPREPLY=($(compgen -W "$(_get_nova_manage_subopts "$prev")" -- ${cur})) elif [[ ! " ${COMP_WORDS[@]} " =~ " "($_nova_manage_opts_exp)" " ]] ; then COMPREPLY=($(compgen -W "${_nova_manage_opts}" -- ${cur})) fi return 0 } complete -F _nova_manage nova-manage ++++++ openstack-nova-network-init-bnc777488.patch ++++++ --- openstack-nova-network.orig 2012-08-17 15:38:54.000000000 +0000 +++ openstack-nova-network 2012-08-28 18:06:45.000000000 +0000 @@ -45,9 +45,31 @@ FULLNAME="OpenStack::Nova $name server" CHUSER="-u $USER" +iptables_setup() +{ + mode=$1 + if [ -n "$ADMINNETWORK" ] && grep -qx 'enabled_apis=metadata' /etc/nova/nova.conf ; then # this must not run outside of compute nodes + interface=$(perl -ne 'm/flat_network_bridge=([0-9a-z.-]+)/ && print $1' /etc/nova/nova.conf) + if [ -z "$interface" ] ; then + echo "error: no flat_network_bridge interface found in nova.conf" + echo "can not set iptables rules" + else + PATH="/sbin:/usr/sbin:/usr/bin:/bin" + c="nova-filter-FORWARD-sitelocl" + iptables -N $c 2>/dev/null + iptables -$mode $c -d $STORAGENETWORK/$STORAGENETMASK -j REJECT + iptables -$mode INPUT -d $STORAGENETWORK/$STORAGENETMASK -i $interface -j REJECT + iptables -$mode $c -d $ADMINNETWORK/$ADMINNETMASK -j REJECT + iptables -$mode INPUT -d $ADMINNETWORK/$ADMINNETMASK -i $interface -j REJECT + iptables -$mode INPUT -p tcp --dport 8775 -i $interface -j ACCEPT # metadata api + fi + fi +} + case "$1" in start) echo -n "Starting $FULLNAME" + iptables_setup I startproc -s $CHUSER -t ${STARTUP_TIMEOUT:-5} -q /usr/bin/nova-$name $OPTIONS rc_status -v ;; @@ -55,6 +77,7 @@ echo -n "Shutting down $FULLNAME" killproc /usr/bin/nova-$name rc_status -v + iptables_setup D ;; restart) $0 stop ++++++ openstack-nova-novncproxy.init ++++++ #!/bin/sh ### BEGIN INIT INFO # Provides: openstack-novncproxy # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Should-Start: rabbitmq-server mysql # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Nova novncproxy server # Description: Nova novncproxy server. ### END INIT INFO name="novncproxy" USER="openstack-nova" GROUP="nobody" CONFIGFILE="/etc/nova/nova.conf" RUNDIR="/var/run/nova" LOGFILE="/var/log/nova/$name.log" WEBROOT="/var/lib/nova/noVNC" DAEMON="nova-novncproxy" [ -e "/etc/sysconfig/openstack-$name" ] && . "/etc/sysconfig/openstack-$name" mkdir -p $RUNDIR DAEMON_OPTIONS="--config-file=$CONFIGFILE --logfile=$LOGFILE --web=$WEBROOT --daemon" OPTIONS="${OPTIONS} $DAEMON_OPTIONS" if [ "x$NOVNC_SSL_ENABLE" = "xyes" ] ; then SSL_KEY_FILE=`umask 077 >/dev/null ; mktemp /dev/shm/openstack-novnc-key.XXXXXX` SSL_CRT_FILE=`umask 077 >/dev/null ; mktemp /dev/shm/openstack-novnc-crt.XXXXXX` chown "$USER" "$SSL_KEY_FILE" "$SSL_CRT_FILE" OPTIONS="--cert $SSL_CRT_FILE --key $SSL_KEY_FILE ${OPTIONS}" fi # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status FULLNAME="OpenStack::Nova $name server" case "$1" in start) echo -n "Starting $DAEMON" [ ! -z "$SSL_CRT_FILE" ] && [ ! -z "$SSL_KEY_FILE" ] && ( umask 077 ; cp "$NOVNC_SSL_KEY" "$SSL_KEY_FILE" ; cp "$NOVNC_SSL_CERT" "$SSL_CRT_FILE" ) startproc -u $USER /usr/bin/$DAEMON $OPTIONS /dev/null 2>&1 & rc_status -v ;; stop) echo -n "Shutting down $DAEMON" killproc python /usr/bin/$DAEMON 2>/dev/null rc_status -v ;; restart) $0 stop $0 start rc_status ;; reload) ;; status) echo -n "Checking $DAEMON" /sbin/checkproc python /usr/bin/$DAEMON rc_status -v ;; condrestart|try-restart) $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi ;; *) echo $"Usage: $0 {start|stop|status|restart|try-restart}" exit 2 esac exit $? ++++++ openstack-nova-polkit.rules ++++++ // grant nova-compute libvirt management permissions polkit.addRule(function(action, subject) { if (action.id == "org.libvirt.unix.manage" && subject.user == "openstack-nova") { return polkit.Result.YES; } }); ++++++ openstack-nova-vncproxy.init ++++++ #!/bin/sh ### BEGIN INIT INFO # Provides: openstack-nova-vncproxy # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Should-Start: rabbitmq-server mysql postgresql # Should-Stop: rabbitmq-server mysql postgresql # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Nova vncproxy server # Description: Nova vncproxy server. ### END INIT INFO name="vncproxy" USER="openstack-nova" GROUP="nobody" CONFIGFILE="/etc/nova/nova.conf" RUNDIR="/var/run/nova" LOGFILE="/var/log/nova/$name.log" [ -e "/etc/sysconfig/openstack-nova-$name" ] && . "/etc/sysconfig/openstack-nova-$name" mkdir -p $RUNDIR DAEMON="/usr/bin/nova-xvpvncproxy" DAEMON_OPTIONS="--config-file=$CONFIGFILE --logfile=$LOGFILE" OPTIONS="${OPTIONS} $DAEMON_OPTIONS" # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status FULLNAME="OpenStack::Nova $name server" CHUSER="-u $USER" case "$1" in start) echo -n "Starting $FULLNAME" startproc -s $CHUSER -t ${STARTUP_TIMEOUT:-5} -q $DAEMON $OPTIONS rc_status -v ;; stop) echo -n "Shutting down $FULLNAME" killproc $DAEMON rc_status -v ;; restart) $0 stop $0 start rc_status ;; reload) ;; status) echo -n "Checking $FULLNAME" /sbin/checkproc $DAEMON rc_status -v ;; condrestart|try-restart) $0 restart ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}" exit 2 esac exit $? ++++++ openstack-nova.init ++++++ #!/bin/sh ### BEGIN INIT INFO # Provides: openstack-nova-__NAME__ # Required-Start: $network $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Should-Start: rabbitmq-server mysql postgresql # Should-Stop: rabbitmq-server mysql postgresql # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Nova __NAME__ server # Description: Nova __NAME__ server. ### END INIT INFO name="__NAME__" USER="openstack-nova" GROUP="nobody" CONFIGFILE="/etc/nova/nova.conf" RUNDIR="/var/run/nova" LOGFILE="/var/log/nova/$name.log" [ -e "/etc/sysconfig/openstack-nova-$name" ] && . "/etc/sysconfig/openstack-nova-$name" [ -e $LOGFILE ] || touch $LOGFILE mkdir -p $RUNDIR chown $USER. $RUNDIR $LOGFILE DAEMON_OPTIONS="--config-file=$CONFIGFILE --logfile=$LOGFILE" OPTIONS="${OPTIONS} $DAEMON_OPTIONS" # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status FULLNAME="OpenStack::Nova $name server" CHUSER="-u $USER" case "$1" in start) echo -n "Starting $FULLNAME" startproc -s $CHUSER -t ${STARTUP_TIMEOUT:-5} -q /usr/bin/nova-$name $OPTIONS rc_status -v ;; stop) echo -n "Shutting down $FULLNAME" killproc /usr/bin/nova-$name rc_status -v ;; restart) $0 stop $0 start rc_status ;; reload) ;; status) echo -n "Checking $FULLNAME" /sbin/checkproc /usr/bin/nova-$name rc_status -v ;; condrestart|try-restart) if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi rc_status ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}" exit 2 esac exit $? ++++++ openstack-nova.logrotate ++++++ /var/log/nova/*.log { daily missingok su openstack-nova openstack-nova } ++++++ org.openstack.nova.compute.pkla ++++++ [Grant nova-compute libvirt management permissions] Identity=unix-user:openstack-nova Action=org.libvirt.unix.manage ResultAny=yes ResultInactive=yes ResultActive=yes ++++++ rpmlintrc ++++++ # Bash completion files reside in /etc but are not meant to be configurable: addFilter("non-conffile-in-etc /etc/bash_completion.d/openstack-nova-manage.sh") #TODO: Fix this later on (i.e. SLE-12), Python on SLE-11 is way beyond broken: addFilter("no-binary") # This symling is for the -test package and can be ignored: addFilter("dangling-symlink /var/lib/openstack-nova-test/nova") addFilter("/var/lib/openstack-nova-test") ++++++ sysconfig.openstack-novncproxy ++++++ ## Path: System/Management ## Description: OpenStack noVNC Proxy ## Type: yesno ## Default: "no" # # Enable SSL for noVNC Proxy. # NOVNC_SSL_ENABLE="no" ## Type: string ## Default: "" # # Path to certificate for noVNC Proxy in SSL mode. # NOVNC_SSL_CERT="" ## Type: string ## Default: "" # # Path to the key for noVNC Proxy in SSL mode. # NOVNC_SSL_KEY="" -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de