diff options
author | Matthew Thode <prometheanfire@gentoo.org> | 2014-03-23 20:32:06 +0000 |
---|---|---|
committer | Matthew Thode <prometheanfire@gentoo.org> | 2014-03-23 20:32:06 +0000 |
commit | cf6af8b8378474c58f678c2ba73404d9f9809659 (patch) | |
tree | ca62ca156e6431d10a51aedf2fa1a6d72c81404a /sys-cluster | |
parent | updating neutron/quantum (diff) | |
download | gentoo-2-cf6af8b8378474c58f678c2ba73404d9f9809659.tar.gz gentoo-2-cf6af8b8378474c58f678c2ba73404d9f9809659.tar.bz2 gentoo-2-cf6af8b8378474c58f678c2ba73404d9f9809659.zip |
updating nova
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
Diffstat (limited to 'sys-cluster')
-rw-r--r-- | sys-cluster/nova/ChangeLog | 11 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-4463_4469-grizzly.patch | 432 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch | 111 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-4497-grizzly-2.patch | 51 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-6419_2013.1.4.patch | 129 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch | 127 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-7048-grizzly.patch | 35 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch | 161 | ||||
-rw-r--r-- | sys-cluster/nova/nova-2013.1.5.ebuild (renamed from sys-cluster/nova/nova-2013.1.4-r5.ebuild) | 9 |
9 files changed, 11 insertions, 1055 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog index 0b3e09048afe..bafdcf893e45 100644 --- a/sys-cluster/nova/ChangeLog +++ b/sys-cluster/nova/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for sys-cluster/nova # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.51 2014/02/24 02:58:01 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.52 2014/03/23 20:32:06 prometheanfire Exp $ + +*nova-2013.1.5 (23 Mar 2014) + + 23 Mar 2014; Matthew Thode <prometheanfire@gentoo.org> +nova-2013.1.5.ebuild, + -files/CVE-2013-4463_4469-grizzly.patch, -files/CVE-2013-4497-grizzly-1.patch, + -files/CVE-2013-4497-grizzly-2.patch, -files/CVE-2013-6419_2013.1.4.patch, + -files/CVE-2013-6437-2012.1.4.patch, -files/CVE-2013-7048-grizzly.patch, + -files/CVE-2013-7130-stable-grizzly.patch, -nova-2013.1.4-r5.ebuild: + updating nova 24 Feb 2014; Ian Delaney <idella4@gentoo.org> -files/CVE-2013-6437-2012.2.1.patch, -files/CVE-2013-7048-havana.patch, diff --git a/sys-cluster/nova/files/CVE-2013-4463_4469-grizzly.patch b/sys-cluster/nova/files/CVE-2013-4463_4469-grizzly.patch deleted file mode 100644 index f2dd6cdca46c..000000000000 --- a/sys-cluster/nova/files/CVE-2013-4463_4469-grizzly.patch +++ /dev/null @@ -1,432 +0,0 @@ -From 135faa7b5d9855312bedc19e5e1ecebae34d3d18 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady@redhat.com> -Date: Fri, 27 Sep 2013 04:07:14 +0100 -Subject: [PATCH] ensure we don't boot oversized images - -Since we can't generally shrink incoming images, add extra checks -to ensure oversized images are not allowed through. -All cases when populating the libvirt image cache are now handled, -including the initial download from glance, where we avoid -converting to raw, as that could generate non sparse images -much larger than the downloaded image. - -* nova/virt/libvirt/utils.py (fetch_image): Allow passing through -of the max_size parameter. -* nova/virt/images.py (fetch_to_raw): Accept the max_size parameter, -and use it to discard images with larger (virtual) sizes. -* nova/virt/libvirt/imagebackend.py (verify_base_size): A new -refactored function to identify and raise exception to oversized images. -(Raw.create_image): Pass the max_size to the fetch function. -Also enforce virtual image size checking for already fetched images, -as this class (despite the name) can be handling qcow files. -(Qcow2.create_image): Pass the max_size to the fetch function, -or verify the virtual size for the instance as done previously. -(Lvm.create_image): Pass the max_size to the fetch function. -Also check the size before transferring to the volume to improve -efficiency by not even attempting the transfer of oversized images. -(Rbd.create_image): Likewise. -* nova/tests/fake_libvirt_utils.py: Support max_size arg. -* nova/tests/test_libvirt.py (test_fetch_raw_image): -Add a case to check oversized images are discarded. -* nova/tests/test_imagebackend.py (test_create_image_too_small): -Adjust to avoid the fetch size check. - -Fixes bug: 1177830 -Fixes bug: 1206081 - -Conflicts: - - nova/tests/test_imagebackend.py - nova/virt/libvirt/imagebackend.py - -Change-Id: Idc35fce580be4f74e23883d1b4bea6475c3f6e30 ---- - nova/tests/fake_libvirt_utils.py | 2 +- - nova/tests/test_imagebackend.py | 35 ++++++++++------------------- - nova/tests/test_libvirt.py | 24 +++++++++++++++++--- - nova/virt/images.py | 24 +++++++++++++++++--- - nova/virt/libvirt/imagebackend.py | 47 ++++++++++++++++++++++++++++++--------- - nova/virt/libvirt/utils.py | 5 +++-- - 6 files changed, 95 insertions(+), 42 deletions(-) - -diff --git a/nova/tests/fake_libvirt_utils.py b/nova/tests/fake_libvirt_utils.py -index 23b758e..ecf357a 100644 ---- a/nova/tests/fake_libvirt_utils.py -+++ b/nova/tests/fake_libvirt_utils.py -@@ -193,7 +193,7 @@ def get_fs_info(path): - 'free': 84 * (1024 ** 3)} - - --def fetch_image(context, target, image_id, user_id, project_id): -+def fetch_image(context, target, image_id, user_id, project_id, max_size=0): - pass - - -diff --git a/nova/tests/test_imagebackend.py b/nova/tests/test_imagebackend.py -index 77446e8..93ed23d 100644 ---- a/nova/tests/test_imagebackend.py -+++ b/nova/tests/test_imagebackend.py -@@ -189,7 +189,7 @@ def prepare_mocks(self): - - def test_create_image(self): - fn = self.prepare_mocks() -- fn(target=self.TEMPLATE_PATH, image_id=None) -+ fn(target=self.TEMPLATE_PATH, max_size=None, image_id=None) - imagebackend.libvirt_utils.copy_image(self.TEMPLATE_PATH, self.PATH) - self.mox.ReplayAll() - -@@ -210,7 +210,7 @@ def test_create_image_generated(self): - - def test_create_image_extend(self): - fn = self.prepare_mocks() -- fn(target=self.TEMPLATE_PATH, image_id=None) -+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH, image_id=None) - imagebackend.libvirt_utils.copy_image(self.TEMPLATE_PATH, self.PATH) - imagebackend.disk.extend(self.PATH, self.SIZE) - self.mox.ReplayAll() -@@ -260,7 +260,7 @@ def prepare_mocks(self): - - def test_create_image(self): - fn = self.prepare_mocks() -- fn(target=self.TEMPLATE_PATH) -+ fn(max_size=None, target=self.TEMPLATE_PATH) - imagebackend.libvirt_utils.create_cow_image(self.TEMPLATE_PATH, - self.PATH) - self.mox.ReplayAll() -@@ -272,15 +272,12 @@ def test_create_image(self): - - def test_create_image_with_size(self): - fn = self.prepare_mocks() -- fn(target=self.TEMPLATE_PATH) -+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH) - self.mox.StubOutWithMock(os.path, 'exists') -- self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size') - if self.OLD_STYLE_INSTANCE_PATH: - os.path.exists(self.OLD_STYLE_INSTANCE_PATH).AndReturn(False) - os.path.exists(self.TEMPLATE_PATH).AndReturn(False) - os.path.exists(self.PATH).AndReturn(False) -- imagebackend.disk.get_disk_size(self.TEMPLATE_PATH -- ).AndReturn(self.SIZE) - os.path.exists(self.PATH).AndReturn(False) - imagebackend.libvirt_utils.create_cow_image(self.TEMPLATE_PATH, - self.PATH) -@@ -294,27 +291,24 @@ def test_create_image_with_size(self): - - def test_create_image_too_small(self): - fn = self.prepare_mocks() -- fn(target=self.TEMPLATE_PATH) - self.mox.StubOutWithMock(os.path, 'exists') - self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size') - if self.OLD_STYLE_INSTANCE_PATH: - os.path.exists(self.OLD_STYLE_INSTANCE_PATH).AndReturn(False) -- os.path.exists(self.TEMPLATE_PATH).AndReturn(False) -- os.path.exists(self.PATH).AndReturn(False) -+ os.path.exists(self.TEMPLATE_PATH).AndReturn(True) - imagebackend.disk.get_disk_size(self.TEMPLATE_PATH - ).AndReturn(self.SIZE) - self.mox.ReplayAll() - - image = self.image_class(self.INSTANCE, self.NAME) -- self.assertRaises(exception.ImageTooLarge, image.create_image, fn, -- self.TEMPLATE_PATH, 1) -+ self.assertRaises(exception.InstanceTypeDiskTooSmall, -+ image.create_image, fn, self.TEMPLATE_PATH, 1) - self.mox.VerifyAll() - - def test_generate_resized_backing_files(self): - fn = self.prepare_mocks() -- fn(target=self.TEMPLATE_PATH) -+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH) - self.mox.StubOutWithMock(os.path, 'exists') -- self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size') - self.mox.StubOutWithMock(imagebackend.libvirt_utils, - 'get_disk_backing_file') - if self.OLD_STYLE_INSTANCE_PATH: -@@ -329,8 +323,6 @@ def test_generate_resized_backing_files(self): - self.QCOW2_BASE) - imagebackend.disk.extend(self.QCOW2_BASE, self.SIZE) - -- imagebackend.disk.get_disk_size(self.TEMPLATE_PATH -- ).AndReturn(self.SIZE) - os.path.exists(self.PATH).AndReturn(True) - self.mox.ReplayAll() - -@@ -341,9 +333,8 @@ def test_generate_resized_backing_files(self): - - def test_qcow2_exists_and_has_no_backing_file(self): - fn = self.prepare_mocks() -- fn(target=self.TEMPLATE_PATH) -+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH) - self.mox.StubOutWithMock(os.path, 'exists') -- self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size') - self.mox.StubOutWithMock(imagebackend.libvirt_utils, - 'get_disk_backing_file') - if self.OLD_STYLE_INSTANCE_PATH: -@@ -353,8 +344,6 @@ def test_qcow2_exists_and_has_no_backing_file(self): - - imagebackend.libvirt_utils.get_disk_backing_file(self.PATH)\ - .AndReturn(None) -- imagebackend.disk.get_disk_size(self.TEMPLATE_PATH -- ).AndReturn(self.SIZE) - os.path.exists(self.PATH).AndReturn(True) - self.mox.ReplayAll() - -@@ -391,7 +380,7 @@ def prepare_mocks(self): - - def _create_image(self, sparse): - fn = self.prepare_mocks() -- fn(target=self.TEMPLATE_PATH) -+ fn(max_size=None, target=self.TEMPLATE_PATH) - self.libvirt_utils.create_lvm_image(self.VG, - self.LV, - self.TEMPLATE_SIZE, -@@ -423,7 +412,7 @@ def _create_image_generated(self, sparse): - - def _create_image_resize(self, sparse): - fn = self.prepare_mocks() -- fn(target=self.TEMPLATE_PATH) -+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH) - self.libvirt_utils.create_lvm_image(self.VG, self.LV, - self.SIZE, sparse=sparse) - self.disk.get_disk_size(self.TEMPLATE_PATH -@@ -462,7 +451,7 @@ def test_create_image_resize_sparsed(self): - - def test_create_image_negative(self): - fn = self.prepare_mocks() -- fn(target=self.TEMPLATE_PATH) -+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH) - self.libvirt_utils.create_lvm_image(self.VG, - self.LV, - self.SIZE, -diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py -index d8c4cf2..e422ec7 100644 ---- a/nova/tests/test_libvirt.py -+++ b/nova/tests/test_libvirt.py -@@ -4826,7 +4826,8 @@ def test_fetch_image(self): - image_id = '4' - user_id = 'fake' - project_id = 'fake' -- images.fetch_to_raw(context, image_id, target, user_id, project_id) -+ images.fetch_to_raw(context, image_id, target, user_id, project_id, -+ max_size=0) - - self.mox.ReplayAll() - libvirt_utils.fetch_image(context, target, image_id, -@@ -4856,20 +4857,27 @@ class FakeImgInfo(object): - file_format = path.split('.')[-2] - elif file_format == 'converted': - file_format = 'raw' -+ - if 'backing' in path: - backing_file = 'backing' - else: - backing_file = None - -+ if 'big' in path: -+ virtual_size = 2 -+ else: -+ virtual_size = 1 -+ - FakeImgInfo.file_format = file_format - FakeImgInfo.backing_file = backing_file -+ FakeImgInfo.virtual_size = virtual_size - - return FakeImgInfo() - - self.stubs.Set(utils, 'execute', fake_execute) - self.stubs.Set(os, 'rename', fake_rename) - self.stubs.Set(os, 'unlink', fake_unlink) -- self.stubs.Set(images, 'fetch', lambda *_: None) -+ self.stubs.Set(images, 'fetch', lambda *_, **__: None) - self.stubs.Set(images, 'qemu_img_info', fake_qemu_img_info) - self.stubs.Set(utils, 'delete_if_exists', fake_rm_on_errror) - -@@ -4884,7 +4892,8 @@ class FakeImgInfo(object): - 't.qcow2.part', 't.qcow2.converted'), - ('rm', 't.qcow2.part'), - ('mv', 't.qcow2.converted', 't.qcow2')] -- images.fetch_to_raw(context, image_id, target, user_id, project_id) -+ images.fetch_to_raw(context, image_id, target, user_id, project_id, -+ max_size=1) - self.assertEqual(self.executes, expected_commands) - - target = 't.raw' -@@ -4901,6 +4910,15 @@ class FakeImgInfo(object): - context, image_id, target, user_id, project_id) - self.assertEqual(self.executes, expected_commands) - -+ target = 'big.qcow2' -+ self.executes = [] -+ expected_commands = [('rm', '-f', 'big.qcow2.part')] -+ self.assertRaises(exception.InstanceTypeDiskTooSmall, -+ images.fetch_to_raw, -+ context, image_id, target, user_id, project_id, -+ max_size=1) -+ self.assertEqual(self.executes, expected_commands) -+ - del self.executes - - def test_get_disk_backing_file(self): -diff --git a/nova/virt/images.py b/nova/virt/images.py -index b40f566..541779a 100755 ---- a/nova/virt/images.py -+++ b/nova/virt/images.py -@@ -190,7 +190,7 @@ def convert_image(source, dest, out_format, run_as_root=False): - utils.execute(*cmd, run_as_root=run_as_root) - - --def fetch(context, image_href, path, _user_id, _project_id): -+def fetch(context, image_href, path, _user_id, _project_id, max_size=0): - # TODO(vish): Improve context handling and add owner and auth data - # when it is added to glance. Right now there is no - # auth checking in glance, so we assume that access was -@@ -202,9 +202,10 @@ def fetch(context, image_href, path, _user_id, _project_id): - image_service.download(context, image_id, image_file) - - --def fetch_to_raw(context, image_href, path, user_id, project_id): -+def fetch_to_raw(context, image_href, path, user_id, project_id, max_size=0): - path_tmp = "%s.part" % path -- fetch(context, image_href, path_tmp, user_id, project_id) -+ fetch(context, image_href, path_tmp, user_id, project_id, -+ max_size=max_size) - - with utils.remove_path_on_error(path_tmp): - data = qemu_img_info(path_tmp) -@@ -220,6 +221,23 @@ def fetch_to_raw(context, image_href, path, user_id, project_id): - raise exception.ImageUnacceptable(image_id=image_href, - reason=_("fmt=%(fmt)s backed by: %(backing_file)s") % locals()) - -+ # We can't generally shrink incoming images, so disallow -+ # images > size of the flavor we're booting. Checking here avoids -+ # an immediate DoS where we convert large qcow images to raw -+ # (which may compress well but not be sparse). -+ # TODO(p-draigbrady): loop through all flavor sizes, so that -+ # we might continue here and not discard the download. -+ # If we did that we'd have to do the higher level size checks -+ # irrespective of whether the base image was prepared or not. -+ disk_size = data.virtual_size -+ if max_size and max_size < disk_size: -+ msg = _('%(base)s virtual size %(disk_size)s ' -+ 'larger than flavor root disk size %(size)s') -+ LOG.error(msg % {'base': path, -+ 'disk_size': disk_size, -+ 'size': max_size}) -+ raise exception.InstanceTypeDiskTooSmall() -+ - if fmt != "raw" and CONF.force_raw_images: - staged = "%s.converted" % path - LOG.debug("%s was %s, converting to raw" % (image_href, fmt)) -diff --git a/nova/virt/libvirt/imagebackend.py b/nova/virt/libvirt/imagebackend.py -index e2c7ccf..dc85c97 100755 ---- a/nova/virt/libvirt/imagebackend.py -+++ b/nova/virt/libvirt/imagebackend.py -@@ -177,6 +177,36 @@ def _can_fallocate(self): - (CONF.preallocate_images, self.path)) - return can_fallocate - -+ @staticmethod -+ def verify_base_size(base, size, base_size=0): -+ """Check that the base image is not larger than size. -+ Since images can't be generally shrunk, enforce this -+ constraint taking account of virtual image size. -+ """ -+ -+ # Note(pbrady): The size and min_disk parameters of a glance -+ # image are checked against the instance size before the image -+ # is even downloaded from glance, but currently min_disk is -+ # adjustable and doesn't currently account for virtual disk size, -+ # so we need this extra check here. -+ # NOTE(cfb): Having a flavor that sets the root size to 0 and having -+ # nova effectively ignore that size and use the size of the -+ # image is considered a feature at this time, not a bug. -+ -+ if size is None: -+ return -+ -+ if size and not base_size: -+ base_size = disk.get_disk_size(base) -+ -+ if size < base_size: -+ msg = _('%(base)s virtual size %(base_size)s ' -+ 'larger than flavor root disk size %(size)s') -+ LOG.error(msg % {'base': base, -+ 'base_size': base_size, -+ 'size': size}) -+ raise exception.InstanceTypeDiskTooSmall() -+ - def snapshot_create(self): - raise NotImplementedError - -@@ -217,7 +247,8 @@ def copy_raw_image(base, target, size): - #Generating image in place - prepare_template(target=self.path, *args, **kwargs) - else: -- prepare_template(target=base, *args, **kwargs) -+ prepare_template(target=base, max_size=size, *args, **kwargs) -+ self.verify_base_size(base, size) - if not os.path.exists(self.path): - with utils.remove_path_on_error(self.path): - copy_raw_image(base, self.path, size) -@@ -257,7 +288,9 @@ def copy_qcow2_image(base, target, size): - - # Download the unmodified base image unless we already have a copy. - if not os.path.exists(base): -- prepare_template(target=base, *args, **kwargs) -+ prepare_template(target=base, max_size=size, *args, **kwargs) -+ else: -+ self.verify_base_size(base, size) - - legacy_backing_size = None - legacy_base = base -@@ -283,13 +316,6 @@ def copy_qcow2_image(base, target, size): - libvirt_utils.copy_image(base, legacy_base) - disk.extend(legacy_base, legacy_backing_size) - -- # NOTE(cfb): Having a flavor that sets the root size to 0 and having -- # nova effectively ignore that size and use the size of the -- # image is considered a feature at this time, not a bug. -- if size and size < disk.get_disk_size(base): -- LOG.error('%s virtual size larger than flavor root disk size %s' % -- (base, size)) -- raise exception.ImageTooLarge() - if not os.path.exists(self.path): - with utils.remove_path_on_error(self.path): - copy_qcow2_image(base, self.path, size) -@@ -348,6 +374,7 @@ def create_image(self, prepare_template, base, size, *args, **kwargs): - lock_path=self.lock_path) - def create_lvm_image(base, size): - base_size = disk.get_disk_size(base) -+ self.verify_base_size(base, size, base_size=base_size) - resize = size > base_size - size = size if resize else base_size - libvirt_utils.create_lvm_image(self.vg, self.lv, -@@ -365,7 +392,7 @@ def create_lvm_image(base, size): - with self.remove_volume_on_error(self.path): - prepare_template(target=self.path, *args, **kwargs) - else: -- prepare_template(target=base, *args, **kwargs) -+ prepare_template(target=base, max_size=size, *args, **kwargs) - with self.remove_volume_on_error(self.path): - create_lvm_image(base, size) - -diff --git a/nova/virt/libvirt/utils.py b/nova/virt/libvirt/utils.py -index 6972243..4c31fcb 100755 ---- a/nova/virt/libvirt/utils.py -+++ b/nova/virt/libvirt/utils.py -@@ -592,9 +592,10 @@ def get_fs_info(path): - 'used': used} - - --def fetch_image(context, target, image_id, user_id, project_id): -+def fetch_image(context, target, image_id, user_id, project_id, max_size=0): - """Grab image.""" -- images.fetch_to_raw(context, image_id, target, user_id, project_id) -+ images.fetch_to_raw(context, image_id, target, user_id, project_id, -+ max_size=max_size) - - - def get_instance_path(instance, forceold=False, relative=False): --- -1.8.4 - diff --git a/sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch b/sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch deleted file mode 100644 index e8e14c0ab747..000000000000 --- a/sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch +++ /dev/null @@ -1,111 +0,0 @@ -From df2ea2e3acdede21b40d47b7adbeac04213d031b Mon Sep 17 00:00:00 2001 -From: John Garbutt <john.garbutt@rackspace.com> -Date: Thu, 12 Sep 2013 18:11:49 +0100 -Subject: [PATCH] xenapi: enforce filters after live-migration - -Currently and network filters, including security groups, are -lost after a server has been live-migrated. - -This partially fixes the issue by ensuring that security groups are -re-applied to the VM once it reached the destination, and been started. - -This leaves a small amount of time during the live-migrate where the VM -is not protected. There is a further bug raised to close the rest of -this whole, but this helps keep the VM protected for the majority of the -time. - -Fixes bug 1202266 - -(Cherry picked from commit: 5cced7a6dd32d231c606e25dbf762d199bf9cca7) - -Change-Id: I66bc7af1c6da74e18dce47180af0cb6020ba2c1a ---- - nova/tests/test_xenapi.py | 22 +++++++++++++++++++++- - nova/virt/xenapi/driver.py | 4 ++-- - nova/virt/xenapi/vmops.py | 18 ++++++++++++++++++ - 3 files changed, 41 insertions(+), 3 deletions(-) - -diff --git a/nova/tests/test_xenapi.py b/nova/tests/test_xenapi.py -index f7fb81d..d4c19a4 100644 ---- a/nova/tests/test_xenapi.py -+++ b/nova/tests/test_xenapi.py -@@ -2723,7 +2723,27 @@ def test_post_live_migration_at_destination(self): - # ensure method is present - stubs.stubout_session(self.stubs, stubs.FakeSessionForVMTests) - self.conn = xenapi_conn.XenAPIDriver(fake.FakeVirtAPI(), False) -- self.conn.post_live_migration_at_destination(None, None, None, None) -+ -+ fake_instance = "instance" -+ fake_network_info = "network_info" -+ -+ def fake_fw(instance, network_info): -+ self.assertEquals(instance, fake_instance) -+ self.assertEquals(network_info, fake_network_info) -+ fake_fw.called += 1 -+ -+ fake_fw.called = 0 -+ _vmops = self.conn._vmops -+ self.stubs.Set(_vmops.firewall_driver, -+ 'setup_basic_filtering', fake_fw) -+ self.stubs.Set(_vmops.firewall_driver, -+ 'prepare_instance_filter', fake_fw) -+ self.stubs.Set(_vmops.firewall_driver, -+ 'apply_instance_filter', fake_fw) -+ -+ self.conn.post_live_migration_at_destination(None, fake_instance, -+ fake_network_info, None) -+ self.assertEqual(fake_fw.called, 3) - - def test_check_can_live_migrate_destination_with_block_migration(self): - stubs.stubout_session(self.stubs, stubs.FakeSessionForVMTests) -diff --git a/nova/virt/xenapi/driver.py b/nova/virt/xenapi/driver.py -index 128f67f..564c587 100755 ---- a/nova/virt/xenapi/driver.py -+++ b/nova/virt/xenapi/driver.py -@@ -1,4 +1,3 @@ --# vim: tabstop=4 shiftwidth=4 softtabstop=4 - - # Copyright (c) 2010 Citrix Systems, Inc. - # Copyright 2010 OpenStack Foundation -@@ -514,7 +513,8 @@ def post_live_migration_at_destination(self, ctxt, instance_ref, - :params : block_migration: if true, post operation of block_migraiton. - """ - # TODO(JohnGarbutt) look at moving/downloading ramdisk and kernel -- pass -+ self._vmops.post_live_migration_at_destination(ctxt, instance_ref, -+ network_info, block_device_info, block_device_info) - - def unfilter_instance(self, instance_ref, network_info): - """Removes security groups configured for an instance.""" -diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py -index eccf3e0..ae5c697 100644 ---- a/nova/virt/xenapi/vmops.py -+++ b/nova/virt/xenapi/vmops.py -@@ -1737,6 +1737,24 @@ def live_migrate(self, context, instance, destination_hostname, - recover_method(context, instance, destination_hostname, - block_migration) - -+ def post_live_migration_at_destination(self, context, instance, -+ network_info, block_migration, -+ block_device_info): -+ # FIXME(johngarbutt): we should block all traffic until we have -+ # applied security groups, however this requires changes to XenServer -+ try: -+ self.firewall_driver.setup_basic_filtering( -+ instance, network_info) -+ except NotImplementedError: -+ # NOTE(salvatore-orlando): setup_basic_filtering might be -+ # empty or not implemented at all, as basic filter could -+ # be implemented with VIF rules created by xapi plugin -+ pass -+ -+ self.firewall_driver.prepare_instance_filter(instance, -+ network_info) -+ self.firewall_driver.apply_instance_filter(instance, network_info) -+ - def get_per_instance_usage(self): - """Get usage info about each active instance.""" - usage = {} --- -1.8.4 - diff --git a/sys-cluster/nova/files/CVE-2013-4497-grizzly-2.patch b/sys-cluster/nova/files/CVE-2013-4497-grizzly-2.patch deleted file mode 100644 index 28fbbca758c8..000000000000 --- a/sys-cluster/nova/files/CVE-2013-4497-grizzly-2.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 01de658210fd65171bfbf5450c93673b5ce0bd9e Mon Sep 17 00:00:00 2001 -From: John Garbutt <john.garbutt@rackspace.com> -Date: Mon, 21 Oct 2013 19:34:43 +0100 -Subject: [PATCH] xenapi: apply firewall rules in finish_migrate - -When security groups were added, the rules were not re-applied to -servers that have been migrated to a new hypervisor. - -This change ensures the firewall rules are applied as part of creating -the new VM in finish_migrate. This code follows a very similar pattern -to the code in spawn, and that is where the cut and paste code comes -from. This code duplication was removed in Havana. - -Fixes bug 1073306 - -Change-Id: I6295a782df328a759e358fb82b76dd3f7bd4b39e ---- - nova/virt/xenapi/vmops.py | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py -index eccf3e0..7a96ac2 100644 ---- a/nova/virt/xenapi/vmops.py -+++ b/nova/virt/xenapi/vmops.py -@@ -277,8 +277,23 @@ def finish_migration(self, context, migration, instance, disk_info, - - self._attach_mapped_block_devices(instance, block_device_info) - -+ try: -+ self.firewall_driver.setup_basic_filtering( -+ instance, network_info) -+ except NotImplementedError: -+ # NOTE(salvatore-orlando): setup_basic_filtering might be -+ # empty or not implemented at all, as basic filter could -+ # be implemented with VIF rules created by xapi plugin -+ pass -+ -+ self.firewall_driver.prepare_instance_filter(instance, -+ network_info) -+ - # 5. Start VM - self._start(instance, vm_ref=vm_ref) -+ -+ self.firewall_driver.apply_instance_filter(instance, network_info) -+ - self._update_instance_progress(context, instance, - step=5, - total_steps=RESIZE_TOTAL_STEPS) --- -1.8.4 - diff --git a/sys-cluster/nova/files/CVE-2013-6419_2013.1.4.patch b/sys-cluster/nova/files/CVE-2013-6419_2013.1.4.patch deleted file mode 100644 index 541b794899d0..000000000000 --- a/sys-cluster/nova/files/CVE-2013-6419_2013.1.4.patch +++ /dev/null @@ -1,129 +0,0 @@ -commit d4155b806f52f2168742ceb37988fc7f405b44cd -Author: Aaron Rosen <arosen@nicira.com> -Date: Mon Oct 7 13:33:31 2013 -0700 - - Prevent spoofing instance_id from neturon to nova - - Previously, one could update a port's device_id in neutron to be that - of another tenant's instance_id and then be able to retrieve that instance's - metadata. This patch prevents this from occuring by checking that X-Tenant-ID - received from the metadata request matches the tenant_id in the nova database. - - DocImpact - This patch is dependent on another patch in neutron which adds - X-Tenant-ID to the request. Therefore to minimize downtime one - should upgrade Neutron first (then restart neutron-metadata-agent) - and lastly update nova. - - Fixes bug: 1235450 - -diff --git a/nova/api/metadata/handler.py b/nova/api/metadata/handler.py -index bbaeba5..2b7f659 100644 ---- a/nova/api/metadata/handler.py -+++ b/nova/api/metadata/handler.py -@@ -144,6 +144,7 @@ class MetadataRequestHandler(wsgi.Application): - - def _handle_instance_id_request(self, req): - instance_id = req.headers.get('X-Instance-ID') -+ tenant_id = req.headers.get('X-Tenant-ID') - signature = req.headers.get('X-Instance-ID-Signature') - remote_address = req.headers.get('X-Forwarded-For') - -@@ -151,8 +152,12 @@ class MetadataRequestHandler(wsgi.Application): - - if instance_id is None: - msg = _('X-Instance-ID header is missing from request.') -+ elif tenant_id is None: -+ msg = _('X-Tenant-ID header is missing from request.') - elif not isinstance(instance_id, basestring): - msg = _('Multiple X-Instance-ID headers found within request.') -+ elif not isinstance(tenant_id, basestring): -+ msg = _('Multiple X-Tenant-ID headers found within request.') - else: - msg = None - -@@ -188,4 +193,12 @@ class MetadataRequestHandler(wsgi.Application): - LOG.error(_('Failed to get metadata for instance id: %s'), - instance_id) - -+ if meta_data.instance['project_id'] != tenant_id: -+ LOG.warning(_("Tenant_id %(tenant_id)s does not match tenant_id " -+ "of instance %(instance_id)s."), -+ {'tenant_id': tenant_id, -+ 'instance_id': instance_id}) -+ # causes a 404 to be raised -+ meta_data = None -+ - return meta_data -diff --git a/nova/tests/test_metadata.py b/nova/tests/test_metadata.py -index 01f274f..51b6f72 100644 ---- a/nova/tests/test_metadata.py -+++ b/nova/tests/test_metadata.py -@@ -510,6 +510,7 @@ class MetadataHandlerTestCase(test.TestCase): - relpath="/2009-04-04/user-data", - address="192.192.192.2", - headers={'X-Instance-ID': 'a-b-c-d', -+ 'X-Tenant-ID': 'test', - 'X-Instance-ID-Signature': signed}) - self.assertEqual(response.status_int, 200) - -@@ -522,6 +523,7 @@ class MetadataHandlerTestCase(test.TestCase): - fake_get_metadata_by_instance_id=fake_get_metadata, - headers={'X-Forwarded-For': '192.192.192.2', - 'X-Instance-ID': 'a-b-c-d', -+ 'X-Tenant-ID': 'test', - 'X-Instance-ID-Signature': signed}) - - self.assertEqual(response.status_int, 200) -@@ -536,10 +538,36 @@ class MetadataHandlerTestCase(test.TestCase): - fake_get_metadata_by_instance_id=fake_get_metadata, - headers={'X-Forwarded-For': '192.192.192.2', - 'X-Instance-ID': 'a-b-c-d', -+ 'X-Tenant-ID': 'test', - 'X-Instance-ID-Signature': ''}) - - self.assertEqual(response.status_int, 403) - -+ # missing X-Tenant-ID from request -+ response = fake_request( -+ self.stubs, self.mdinst, -+ relpath="/2009-04-04/user-data", -+ address="192.192.192.2", -+ fake_get_metadata_by_instance_id=fake_get_metadata, -+ headers={'X-Forwarded-For': '192.192.192.2', -+ 'X-Instance-ID': 'a-b-c-d', -+ 'X-Instance-ID-Signature': signed}) -+ -+ self.assertEqual(response.status_int, 400) -+ -+ # mismatched X-Tenant-ID -+ response = fake_request( -+ self.stubs, self.mdinst, -+ relpath="/2009-04-04/user-data", -+ address="192.192.192.2", -+ fake_get_metadata_by_instance_id=fake_get_metadata, -+ headers={'X-Forwarded-For': '192.192.192.2', -+ 'X-Instance-ID': 'a-b-c-d', -+ 'X-Tenant-ID': 'FAKE', -+ 'X-Instance-ID-Signature': signed}) -+ -+ self.assertEqual(response.status_int, 404) -+ - # without X-Forwarded-For - response = fake_request( - self.stubs, self.mdinst, -@@ -547,6 +575,7 @@ class MetadataHandlerTestCase(test.TestCase): - address="192.192.192.2", - fake_get_metadata_by_instance_id=fake_get_metadata, - headers={'X-Instance-ID': 'a-b-c-d', -+ 'X-Tenant-ID': 'test', - 'X-Instance-ID-Signature': signed}) - - self.assertEqual(response.status_int, 500) -@@ -564,6 +593,7 @@ class MetadataHandlerTestCase(test.TestCase): - fake_get_metadata_by_instance_id=fake_get_metadata, - headers={'X-Forwarded-For': '192.192.192.2', - 'X-Instance-ID': 'z-z-z-z', -+ 'X-Tenant-ID': 'test', - 'X-Instance-ID-Signature': signed}) - self.assertEqual(response.status_int, 500) - diff --git a/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch b/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch deleted file mode 100644 index f679668b2c39..000000000000 --- a/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 3e451f1bac57d24e47171cffb3ad59bb1610d836 Mon Sep 17 00:00:00 2001 -From: Ryan Moore <ryan.moore@hp.com> -Date: Fri, 29 Nov 2013 14:21:19 +0000 -Subject: [PATCH] use 'os_type' in ephemeral filename only if mkfs defined - -Currently for undefined os-types it will use the default mkfs -command, but use the meta 'os_type' in the name of the -ephemeral file (e.g. ephemeral_20_abcdef). Which can result -in a lot of files (DoS?) -This change will only use 'os_type' in the ephemeral filename -if there is a specific mkfs command defined, otherwise it will -use 'default' (e.g. ephemeral_20_default) - -Modifed the tests to test for: - os_type='' - os_type=None - os_type='test' - with no mkfs command specified - os_type='test' - with a mkfs command specified - -Closes-Bug: 1253980 - -Backport of Original Change-Id: Ie4c10f99ce690c5e4ef181624bd688c38923855c -to stable/grizzly - -Change-Id: Ia040910e90861a2987eff345ad1c01863655b124 ---- - nova/tests/test_libvirt.py | 28 ++++++++++++++++++++++++++-- - nova/virt/disk/api.py | 4 ++++ - nova/virt/libvirt/driver.py | 5 ++--- - 3 files changed, 32 insertions(+), 5 deletions(-) - -diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py -index 4b07d65..d2ac73b 100644 ---- a/nova/tests/test_libvirt.py -+++ b/nova/tests/test_libvirt.py -@@ -2725,7 +2725,7 @@ def fake_get_info(instance): - self.assertTrue(self.cache_called_for_disk) - db.instance_destroy(self.context, instance['uuid']) - -- def test_create_image_plain(self): -+ def _test_create_image_plain(self, os_type='', filename='', mkfs=False): - gotFiles = [] - - def fake_image(self, instance, name, image_type=''): -@@ -2760,11 +2760,15 @@ def fake_get_info(instance): - instance_ref = self.test_instance - instance_ref['image_ref'] = 1 - instance = db.instance_create(self.context, instance_ref) -+ instance['os_type'] = os_type - - conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) - self.stubs.Set(conn, 'to_xml', fake_none) - self.stubs.Set(conn, '_create_domain_and_network', fake_none) - self.stubs.Set(conn, 'get_info', fake_get_info) -+ if mkfs: -+ self.stubs.Set(nova.virt.disk.api, '_MKFS_COMMAND', -+ {os_type: 'mkfs.ext3 --label %(fs_label)s %(target)s'}) - - image_meta = {'id': instance['image_ref']} - disk_info = blockinfo.get_disk_info(CONF.libvirt_type, -@@ -2779,11 +2783,31 @@ def fake_get_info(instance): - wantFiles = [ - {'filename': '356a192b7913b04c54574d18c28d46e6395428ab', - 'size': 10 * 1024 * 1024 * 1024}, -- {'filename': 'ephemeral_20_default', -+ {'filename': filename, - 'size': 20 * 1024 * 1024 * 1024}, - ] - self.assertEquals(gotFiles, wantFiles) - -+ def test_create_image_plain_os_type_blank(self): -+ self._test_create_image_plain(os_type='', -+ filename='ephemeral_20_default', -+ mkfs=False) -+ -+ def test_create_image_plain_os_type_none(self): -+ self._test_create_image_plain(os_type=None, -+ filename='ephemeral_20_default', -+ mkfs=False) -+ -+ def test_create_image_plain_os_type_set_no_fs(self): -+ self._test_create_image_plain(os_type='test', -+ filename='ephemeral_20_default', -+ mkfs=False) -+ -+ def test_create_image_plain_os_type_set_with_fs(self): -+ self._test_create_image_plain(os_type='test', -+ filename='ephemeral_20_test', -+ mkfs=True) -+ - def test_create_image_with_swap(self): - gotFiles = [] - -diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py -index e1af0bf..a17ba59 100755 ---- a/nova/virt/disk/api.py -+++ b/nova/virt/disk/api.py -@@ -90,6 +90,10 @@ - _DEFAULT_MKFS_COMMAND = mkfs_command - - -+def get_fs_type_for_os_type(os_type): -+ return os_type if _MKFS_COMMAND.get(os_type) else 'default' -+ -+ - def mkfs(os_type, fs_label, target): - mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or - '') % locals() -diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py -index ff1117c..0f0ea46 100755 ---- a/nova/virt/libvirt/driver.py -+++ b/nova/virt/libvirt/driver.py -@@ -1826,9 +1826,8 @@ def raw(fname): - project_id=instance['project_id']) - - # Lookup the filesystem type if required -- os_type_with_default = instance['os_type'] -- if not os_type_with_default: -- os_type_with_default = 'default' -+ os_type_with_default = disk.get_fs_type_for_os_type( -+ instance['os_type']) - - ephemeral_gb = instance['ephemeral_gb'] - if 'disk.local' in disk_mapping: --- -1.8.5.1 - diff --git a/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch b/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch deleted file mode 100644 index 7c9d98aa579b..000000000000 --- a/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa Mon Sep 17 00:00:00 2001 -From: Xavier Queralt <xqueralt@redhat.com> -Date: Wed, 27 Nov 2013 19:44:36 +0000 -Subject: Enforce permissions in snapshots temporary dir - -Live snapshots creates a temporary directory where libvirt driver -creates a new image from the instance's disk using blockRebase. -Currently this directory is created with 777 permissions making this -directory accessible by all the users in the system. - -This patch changes the tempdir permissions so they have the o+x -flag set, which is what libvirt needs to be able to write in it and - -Closes-Bug: #1227027 -Change-Id: I767ff5247b4452821727e92b668276004fc0f84d -(cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f) ---- -diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py -index 6b977cb..4cc85f1 100755 ---- a/nova/virt/libvirt/driver.py -+++ b/nova/virt/libvirt/driver.py -@@ -1191,9 +1191,8 @@ class LibvirtDriver(driver.ComputeDriver): - try: - out_path = os.path.join(tmpdir, snapshot_name) - if live_snapshot: -- # NOTE (rmk): libvirt needs to be able to write to the -- # temp directory, which is owned nova. -- utils.execute('chmod', '777', tmpdir, run_as_root=True) -+ # NOTE(xqueralt): libvirt needs o+x in the temp directory -+ os.chmod(tmpdir, 0o701) - self._live_snapshot(virt_dom, disk_path, out_path, - image_format) - else: --- -cgit v0.9.2 diff --git a/sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch b/sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch deleted file mode 100644 index c77d629a06d9..000000000000 --- a/sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 35e0ee309e040a95988a433120f1eba747f6f33c Mon Sep 17 00:00:00 2001
-From: Nikola Dipanov <ndipanov@redhat.com>
-Date: Tue, 10 Dec 2013 17:43:17 +0100
-Subject: [PATCH] libvirt: Fix root disk leak in live mig
-
-This patch makes sure that i_create_images_and_backing method of the
-libvirt driver (called in several places, but most problematic one is
-the call in the pre_live_migration method) creates all the files the
-instance needs that are not present.
-
-Prioir to this patch - the method would only attempt to download the
-image, and if it did so with the path of the ephemeral drives, it could
-expose the image to other users as an ephemeral devices. See the related
-bug for more detaiis.
-
-After this patch - we properly distinguish between image, ephemeral and
-swap files, and make sure that the imagebackend does the correct thing.
-
-Closes-bug: #1251590
-
-Co-authored-by: Loganathan Parthipan <parthipan@hp.com>
-
-This patch also includes part of commit
-65386c91910ee03d947c2b8bcc226a53c30e060a, not cherry-picked as a whole
-due to the fact that it is a trivial change, and to avoud the
-proliferation of patches needed to fix this bug.
-
-Change-Id: I78aa2f4243899db4f4941e77014a7e18e27fc63e
-(cherry picked from commit c69a619668b5f44e94a8fe1a23f3d887ba2834d7)
-
-Conflicts:
- nova/tests/test_libvirt.py
- nova/virt/libvirt/driver.py
----
- nova/tests/test_libvirt.py | 63 +++++++++++++++++++++++++++++++++++++++++++++
- nova/virt/libvirt/driver.py | 31 +++++++++++++++-------
- 2 files changed, 85 insertions(+), 9 deletions(-)
-
-diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
-index d2ac73b..d9c7405 100644
---- a/nova/tests/test_libvirt.py
-+++ b/nova/tests/test_libvirt.py
-@@ -2346,6 +2346,69 @@ class LibvirtConnTestCase(test.TestCase):
-
- db.instance_destroy(self.context, instance_ref['uuid'])
-
-+ def test_create_images_and_backing(self):
-+ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-+ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
-+ self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'create_image')
-+
-+ libvirt_driver.libvirt_utils.create_image(mox.IgnoreArg(),
-+ mox.IgnoreArg(),
-+ mox.IgnoreArg())
-+ conn._fetch_instance_kernel_ramdisk(self.context, self.test_instance)
-+ self.mox.ReplayAll()
-+
-+ self.stubs.Set(os.path, 'exists', lambda *args: False)
-+ disk_info_json = jsonutils.dumps([{'path': 'foo', 'type': None,
-+ 'disk_size': 0,
-+ 'backing_file': None}])
-+ conn._create_images_and_backing(self.context, self.test_instance,
-+ "/fake/instance/dir", disk_info_json)
-+
-+ def test_create_images_and_backing_ephemeral_gets_created(self):
-+ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-+ disk_info_json = jsonutils.dumps(
-+ [{u'backing_file': u'fake_image_backing_file',
-+ u'disk_size': 10747904,
-+ u'path': u'disk_path',
-+ u'type': u'qcow2',
-+ u'virt_disk_size': 25165824},
-+ {u'backing_file': u'ephemeral_1_default',
-+ u'disk_size': 393216,
-+ u'over_committed_disk_size': 1073348608,
-+ u'path': u'disk_eph_path',
-+ u'type': u'qcow2',
-+ u'virt_disk_size': 1073741824}])
-+
-+ base_dir = os.path.join(CONF.instances_path, '_base')
-+ ephemeral_target = os.path.join(base_dir, 'ephemeral_1_default')
-+ image_target = os.path.join(base_dir, 'fake_image_backing_file')
-+ self.test_instance.update({'name': 'fake_instance',
-+ 'user_id': 'fake-user',
-+ 'os_type': None,
-+ 'project_id': 'fake-project'})
-+
-+ self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'fetch_image')
-+ self.mox.StubOutWithMock(conn, '_create_ephemeral')
-+ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
-+
-+ conn._create_ephemeral(
-+ target=ephemeral_target,
-+ ephemeral_size=self.test_instance['ephemeral_gb'],
-+ max_size=mox.IgnoreArg(), os_type=mox.IgnoreArg(),
-+ fs_label=mox.IgnoreArg())
-+ libvirt_driver.libvirt_utils.fetch_image(context=self.context,
-+ image_id=mox.IgnoreArg(),
-+ user_id=mox.IgnoreArg(), project_id=mox.IgnoreArg(),
-+ max_size=mox.IgnoreArg(), target=image_target)
-+ conn._fetch_instance_kernel_ramdisk(
-+ self.context, self.test_instance).AndReturn(None)
-+
-+ self.mox.ReplayAll()
-+
-+ conn._create_images_and_backing(self.context, self.test_instance,
-+ "/fake/instance/dir",
-+ disk_info_json)
-+
- def test_pre_live_migration_works_correctly_mocked(self):
- # Creating testdata
- vol = {'block_device_mapping': [
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index 0f0ea46..39191af 100755
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -3304,19 +3304,32 @@ class LibvirtDriver(driver.ComputeDriver):
- elif info['backing_file']:
- # Creating backing file follows same way as spawning instances.
- cache_name = os.path.basename(info['backing_file'])
-- # Remove any size tags which the cache manages
-- cache_name = cache_name.split('_')[0]
-
- image = self.image_backend.image(instance,
- instance_disk,
- CONF.libvirt_images_type)
-- image.cache(fetch_func=libvirt_utils.fetch_image,
-- context=ctxt,
-- filename=cache_name,
-- image_id=instance['image_ref'],
-- user_id=instance['user_id'],
-- project_id=instance['project_id'],
-- size=info['virt_disk_size'])
-+ if cache_name.startswith('ephemeral'):
-+ image.cache(fetch_func=self._create_ephemeral,
-+ fs_label=cache_name,
-+ os_type=instance["os_type"],
-+ filename=cache_name,
-+ size=info['virt_disk_size'],
-+ ephemeral_size=instance['ephemeral_gb'])
-+ elif cache_name.startswith('swap'):
-+ inst_type = flavors.extract_flavor(instance)
-+ swap_mb = inst_type['swap']
-+ image.cache(fetch_func=self._create_swap,
-+ filename="swap_%s" % swap_mb,
-+ size=swap_mb * unit.Mi,
-+ swap_mb=swap_mb)
-+ else:
-+ image.cache(fetch_func=libvirt_utils.fetch_image,
-+ context=ctxt,
-+ filename=cache_name,
-+ image_id=instance['image_ref'],
-+ user_id=instance['user_id'],
-+ project_id=instance['project_id'],
-+ size=info['virt_disk_size'])
-
- # if image has kernel and ramdisk, just download
- # following normal way.
---
-1.8.3.1
-
diff --git a/sys-cluster/nova/nova-2013.1.4-r5.ebuild b/sys-cluster/nova/nova-2013.1.5.ebuild index a6bb1ff8b2ed..61951a3dde88 100644 --- a/sys-cluster/nova/nova-2013.1.4-r5.ebuild +++ b/sys-cluster/nova/nova-2013.1.5.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r5.ebuild,v 1.1 2014/01/27 08:44:51 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.5.ebuild,v 1.1 2014/03/23 20:32:06 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -70,13 +70,6 @@ RDEPEND=">=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}] app-emulation/xen-tools )" PATCHES=( - "${FILESDIR}/CVE-2013-4463_4469-grizzly.patch" - "${FILESDIR}/CVE-2013-4497-grizzly-1.patch" - "${FILESDIR}/CVE-2013-4497-grizzly-2.patch" - "${FILESDIR}/CVE-2013-6419_2013.1.4.patch" - "${FILESDIR}/CVE-2013-6437-2012.1.4.patch" - "${FILESDIR}/CVE-2013-7048-grizzly.patch" - "${FILESDIR}/CVE-2013-7130-stable-grizzly.patch" ) pkg_setup() { |