summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Thode <prometheanfire@gentoo.org>2014-03-23 20:32:06 +0000
committerMatthew Thode <prometheanfire@gentoo.org>2014-03-23 20:32:06 +0000
commitcf6af8b8378474c58f678c2ba73404d9f9809659 (patch)
treeca62ca156e6431d10a51aedf2fa1a6d72c81404a /sys-cluster
parentupdating neutron/quantum (diff)
downloadgentoo-2-cf6af8b8378474c58f678c2ba73404d9f9809659.tar.gz
gentoo-2-cf6af8b8378474c58f678c2ba73404d9f9809659.tar.bz2
gentoo-2-cf6af8b8378474c58f678c2ba73404d9f9809659.zip
updating nova
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
Diffstat (limited to 'sys-cluster')
-rw-r--r--sys-cluster/nova/ChangeLog11
-rw-r--r--sys-cluster/nova/files/CVE-2013-4463_4469-grizzly.patch432
-rw-r--r--sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch111
-rw-r--r--sys-cluster/nova/files/CVE-2013-4497-grizzly-2.patch51
-rw-r--r--sys-cluster/nova/files/CVE-2013-6419_2013.1.4.patch129
-rw-r--r--sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch127
-rw-r--r--sys-cluster/nova/files/CVE-2013-7048-grizzly.patch35
-rw-r--r--sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch161
-rw-r--r--sys-cluster/nova/nova-2013.1.5.ebuild (renamed from sys-cluster/nova/nova-2013.1.4-r5.ebuild)9
9 files changed, 11 insertions, 1055 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index 0b3e09048afe..bafdcf893e45 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for sys-cluster/nova
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.51 2014/02/24 02:58:01 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.52 2014/03/23 20:32:06 prometheanfire Exp $
+
+*nova-2013.1.5 (23 Mar 2014)
+
+ 23 Mar 2014; Matthew Thode <prometheanfire@gentoo.org> +nova-2013.1.5.ebuild,
+ -files/CVE-2013-4463_4469-grizzly.patch, -files/CVE-2013-4497-grizzly-1.patch,
+ -files/CVE-2013-4497-grizzly-2.patch, -files/CVE-2013-6419_2013.1.4.patch,
+ -files/CVE-2013-6437-2012.1.4.patch, -files/CVE-2013-7048-grizzly.patch,
+ -files/CVE-2013-7130-stable-grizzly.patch, -nova-2013.1.4-r5.ebuild:
+ updating nova
24 Feb 2014; Ian Delaney <idella4@gentoo.org>
-files/CVE-2013-6437-2012.2.1.patch, -files/CVE-2013-7048-havana.patch,
diff --git a/sys-cluster/nova/files/CVE-2013-4463_4469-grizzly.patch b/sys-cluster/nova/files/CVE-2013-4463_4469-grizzly.patch
deleted file mode 100644
index f2dd6cdca46c..000000000000
--- a/sys-cluster/nova/files/CVE-2013-4463_4469-grizzly.patch
+++ /dev/null
@@ -1,432 +0,0 @@
-From 135faa7b5d9855312bedc19e5e1ecebae34d3d18 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady@redhat.com>
-Date: Fri, 27 Sep 2013 04:07:14 +0100
-Subject: [PATCH] ensure we don't boot oversized images
-
-Since we can't generally shrink incoming images, add extra checks
-to ensure oversized images are not allowed through.
-All cases when populating the libvirt image cache are now handled,
-including the initial download from glance, where we avoid
-converting to raw, as that could generate non sparse images
-much larger than the downloaded image.
-
-* nova/virt/libvirt/utils.py (fetch_image): Allow passing through
-of the max_size parameter.
-* nova/virt/images.py (fetch_to_raw): Accept the max_size parameter,
-and use it to discard images with larger (virtual) sizes.
-* nova/virt/libvirt/imagebackend.py (verify_base_size): A new
-refactored function to identify and raise exception to oversized images.
-(Raw.create_image): Pass the max_size to the fetch function.
-Also enforce virtual image size checking for already fetched images,
-as this class (despite the name) can be handling qcow files.
-(Qcow2.create_image): Pass the max_size to the fetch function,
-or verify the virtual size for the instance as done previously.
-(Lvm.create_image): Pass the max_size to the fetch function.
-Also check the size before transferring to the volume to improve
-efficiency by not even attempting the transfer of oversized images.
-(Rbd.create_image): Likewise.
-* nova/tests/fake_libvirt_utils.py: Support max_size arg.
-* nova/tests/test_libvirt.py (test_fetch_raw_image):
-Add a case to check oversized images are discarded.
-* nova/tests/test_imagebackend.py (test_create_image_too_small):
-Adjust to avoid the fetch size check.
-
-Fixes bug: 1177830
-Fixes bug: 1206081
-
-Conflicts:
-
- nova/tests/test_imagebackend.py
- nova/virt/libvirt/imagebackend.py
-
-Change-Id: Idc35fce580be4f74e23883d1b4bea6475c3f6e30
----
- nova/tests/fake_libvirt_utils.py | 2 +-
- nova/tests/test_imagebackend.py | 35 ++++++++++-------------------
- nova/tests/test_libvirt.py | 24 +++++++++++++++++---
- nova/virt/images.py | 24 +++++++++++++++++---
- nova/virt/libvirt/imagebackend.py | 47 ++++++++++++++++++++++++++++++---------
- nova/virt/libvirt/utils.py | 5 +++--
- 6 files changed, 95 insertions(+), 42 deletions(-)
-
-diff --git a/nova/tests/fake_libvirt_utils.py b/nova/tests/fake_libvirt_utils.py
-index 23b758e..ecf357a 100644
---- a/nova/tests/fake_libvirt_utils.py
-+++ b/nova/tests/fake_libvirt_utils.py
-@@ -193,7 +193,7 @@ def get_fs_info(path):
- 'free': 84 * (1024 ** 3)}
-
-
--def fetch_image(context, target, image_id, user_id, project_id):
-+def fetch_image(context, target, image_id, user_id, project_id, max_size=0):
- pass
-
-
-diff --git a/nova/tests/test_imagebackend.py b/nova/tests/test_imagebackend.py
-index 77446e8..93ed23d 100644
---- a/nova/tests/test_imagebackend.py
-+++ b/nova/tests/test_imagebackend.py
-@@ -189,7 +189,7 @@ def prepare_mocks(self):
-
- def test_create_image(self):
- fn = self.prepare_mocks()
-- fn(target=self.TEMPLATE_PATH, image_id=None)
-+ fn(target=self.TEMPLATE_PATH, max_size=None, image_id=None)
- imagebackend.libvirt_utils.copy_image(self.TEMPLATE_PATH, self.PATH)
- self.mox.ReplayAll()
-
-@@ -210,7 +210,7 @@ def test_create_image_generated(self):
-
- def test_create_image_extend(self):
- fn = self.prepare_mocks()
-- fn(target=self.TEMPLATE_PATH, image_id=None)
-+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH, image_id=None)
- imagebackend.libvirt_utils.copy_image(self.TEMPLATE_PATH, self.PATH)
- imagebackend.disk.extend(self.PATH, self.SIZE)
- self.mox.ReplayAll()
-@@ -260,7 +260,7 @@ def prepare_mocks(self):
-
- def test_create_image(self):
- fn = self.prepare_mocks()
-- fn(target=self.TEMPLATE_PATH)
-+ fn(max_size=None, target=self.TEMPLATE_PATH)
- imagebackend.libvirt_utils.create_cow_image(self.TEMPLATE_PATH,
- self.PATH)
- self.mox.ReplayAll()
-@@ -272,15 +272,12 @@ def test_create_image(self):
-
- def test_create_image_with_size(self):
- fn = self.prepare_mocks()
-- fn(target=self.TEMPLATE_PATH)
-+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH)
- self.mox.StubOutWithMock(os.path, 'exists')
-- self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size')
- if self.OLD_STYLE_INSTANCE_PATH:
- os.path.exists(self.OLD_STYLE_INSTANCE_PATH).AndReturn(False)
- os.path.exists(self.TEMPLATE_PATH).AndReturn(False)
- os.path.exists(self.PATH).AndReturn(False)
-- imagebackend.disk.get_disk_size(self.TEMPLATE_PATH
-- ).AndReturn(self.SIZE)
- os.path.exists(self.PATH).AndReturn(False)
- imagebackend.libvirt_utils.create_cow_image(self.TEMPLATE_PATH,
- self.PATH)
-@@ -294,27 +291,24 @@ def test_create_image_with_size(self):
-
- def test_create_image_too_small(self):
- fn = self.prepare_mocks()
-- fn(target=self.TEMPLATE_PATH)
- self.mox.StubOutWithMock(os.path, 'exists')
- self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size')
- if self.OLD_STYLE_INSTANCE_PATH:
- os.path.exists(self.OLD_STYLE_INSTANCE_PATH).AndReturn(False)
-- os.path.exists(self.TEMPLATE_PATH).AndReturn(False)
-- os.path.exists(self.PATH).AndReturn(False)
-+ os.path.exists(self.TEMPLATE_PATH).AndReturn(True)
- imagebackend.disk.get_disk_size(self.TEMPLATE_PATH
- ).AndReturn(self.SIZE)
- self.mox.ReplayAll()
-
- image = self.image_class(self.INSTANCE, self.NAME)
-- self.assertRaises(exception.ImageTooLarge, image.create_image, fn,
-- self.TEMPLATE_PATH, 1)
-+ self.assertRaises(exception.InstanceTypeDiskTooSmall,
-+ image.create_image, fn, self.TEMPLATE_PATH, 1)
- self.mox.VerifyAll()
-
- def test_generate_resized_backing_files(self):
- fn = self.prepare_mocks()
-- fn(target=self.TEMPLATE_PATH)
-+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH)
- self.mox.StubOutWithMock(os.path, 'exists')
-- self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size')
- self.mox.StubOutWithMock(imagebackend.libvirt_utils,
- 'get_disk_backing_file')
- if self.OLD_STYLE_INSTANCE_PATH:
-@@ -329,8 +323,6 @@ def test_generate_resized_backing_files(self):
- self.QCOW2_BASE)
- imagebackend.disk.extend(self.QCOW2_BASE, self.SIZE)
-
-- imagebackend.disk.get_disk_size(self.TEMPLATE_PATH
-- ).AndReturn(self.SIZE)
- os.path.exists(self.PATH).AndReturn(True)
- self.mox.ReplayAll()
-
-@@ -341,9 +333,8 @@ def test_generate_resized_backing_files(self):
-
- def test_qcow2_exists_and_has_no_backing_file(self):
- fn = self.prepare_mocks()
-- fn(target=self.TEMPLATE_PATH)
-+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH)
- self.mox.StubOutWithMock(os.path, 'exists')
-- self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size')
- self.mox.StubOutWithMock(imagebackend.libvirt_utils,
- 'get_disk_backing_file')
- if self.OLD_STYLE_INSTANCE_PATH:
-@@ -353,8 +344,6 @@ def test_qcow2_exists_and_has_no_backing_file(self):
-
- imagebackend.libvirt_utils.get_disk_backing_file(self.PATH)\
- .AndReturn(None)
-- imagebackend.disk.get_disk_size(self.TEMPLATE_PATH
-- ).AndReturn(self.SIZE)
- os.path.exists(self.PATH).AndReturn(True)
- self.mox.ReplayAll()
-
-@@ -391,7 +380,7 @@ def prepare_mocks(self):
-
- def _create_image(self, sparse):
- fn = self.prepare_mocks()
-- fn(target=self.TEMPLATE_PATH)
-+ fn(max_size=None, target=self.TEMPLATE_PATH)
- self.libvirt_utils.create_lvm_image(self.VG,
- self.LV,
- self.TEMPLATE_SIZE,
-@@ -423,7 +412,7 @@ def _create_image_generated(self, sparse):
-
- def _create_image_resize(self, sparse):
- fn = self.prepare_mocks()
-- fn(target=self.TEMPLATE_PATH)
-+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH)
- self.libvirt_utils.create_lvm_image(self.VG, self.LV,
- self.SIZE, sparse=sparse)
- self.disk.get_disk_size(self.TEMPLATE_PATH
-@@ -462,7 +451,7 @@ def test_create_image_resize_sparsed(self):
-
- def test_create_image_negative(self):
- fn = self.prepare_mocks()
-- fn(target=self.TEMPLATE_PATH)
-+ fn(max_size=self.SIZE, target=self.TEMPLATE_PATH)
- self.libvirt_utils.create_lvm_image(self.VG,
- self.LV,
- self.SIZE,
-diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
-index d8c4cf2..e422ec7 100644
---- a/nova/tests/test_libvirt.py
-+++ b/nova/tests/test_libvirt.py
-@@ -4826,7 +4826,8 @@ def test_fetch_image(self):
- image_id = '4'
- user_id = 'fake'
- project_id = 'fake'
-- images.fetch_to_raw(context, image_id, target, user_id, project_id)
-+ images.fetch_to_raw(context, image_id, target, user_id, project_id,
-+ max_size=0)
-
- self.mox.ReplayAll()
- libvirt_utils.fetch_image(context, target, image_id,
-@@ -4856,20 +4857,27 @@ class FakeImgInfo(object):
- file_format = path.split('.')[-2]
- elif file_format == 'converted':
- file_format = 'raw'
-+
- if 'backing' in path:
- backing_file = 'backing'
- else:
- backing_file = None
-
-+ if 'big' in path:
-+ virtual_size = 2
-+ else:
-+ virtual_size = 1
-+
- FakeImgInfo.file_format = file_format
- FakeImgInfo.backing_file = backing_file
-+ FakeImgInfo.virtual_size = virtual_size
-
- return FakeImgInfo()
-
- self.stubs.Set(utils, 'execute', fake_execute)
- self.stubs.Set(os, 'rename', fake_rename)
- self.stubs.Set(os, 'unlink', fake_unlink)
-- self.stubs.Set(images, 'fetch', lambda *_: None)
-+ self.stubs.Set(images, 'fetch', lambda *_, **__: None)
- self.stubs.Set(images, 'qemu_img_info', fake_qemu_img_info)
- self.stubs.Set(utils, 'delete_if_exists', fake_rm_on_errror)
-
-@@ -4884,7 +4892,8 @@ class FakeImgInfo(object):
- 't.qcow2.part', 't.qcow2.converted'),
- ('rm', 't.qcow2.part'),
- ('mv', 't.qcow2.converted', 't.qcow2')]
-- images.fetch_to_raw(context, image_id, target, user_id, project_id)
-+ images.fetch_to_raw(context, image_id, target, user_id, project_id,
-+ max_size=1)
- self.assertEqual(self.executes, expected_commands)
-
- target = 't.raw'
-@@ -4901,6 +4910,15 @@ class FakeImgInfo(object):
- context, image_id, target, user_id, project_id)
- self.assertEqual(self.executes, expected_commands)
-
-+ target = 'big.qcow2'
-+ self.executes = []
-+ expected_commands = [('rm', '-f', 'big.qcow2.part')]
-+ self.assertRaises(exception.InstanceTypeDiskTooSmall,
-+ images.fetch_to_raw,
-+ context, image_id, target, user_id, project_id,
-+ max_size=1)
-+ self.assertEqual(self.executes, expected_commands)
-+
- del self.executes
-
- def test_get_disk_backing_file(self):
-diff --git a/nova/virt/images.py b/nova/virt/images.py
-index b40f566..541779a 100755
---- a/nova/virt/images.py
-+++ b/nova/virt/images.py
-@@ -190,7 +190,7 @@ def convert_image(source, dest, out_format, run_as_root=False):
- utils.execute(*cmd, run_as_root=run_as_root)
-
-
--def fetch(context, image_href, path, _user_id, _project_id):
-+def fetch(context, image_href, path, _user_id, _project_id, max_size=0):
- # TODO(vish): Improve context handling and add owner and auth data
- # when it is added to glance. Right now there is no
- # auth checking in glance, so we assume that access was
-@@ -202,9 +202,10 @@ def fetch(context, image_href, path, _user_id, _project_id):
- image_service.download(context, image_id, image_file)
-
-
--def fetch_to_raw(context, image_href, path, user_id, project_id):
-+def fetch_to_raw(context, image_href, path, user_id, project_id, max_size=0):
- path_tmp = "%s.part" % path
-- fetch(context, image_href, path_tmp, user_id, project_id)
-+ fetch(context, image_href, path_tmp, user_id, project_id,
-+ max_size=max_size)
-
- with utils.remove_path_on_error(path_tmp):
- data = qemu_img_info(path_tmp)
-@@ -220,6 +221,23 @@ def fetch_to_raw(context, image_href, path, user_id, project_id):
- raise exception.ImageUnacceptable(image_id=image_href,
- reason=_("fmt=%(fmt)s backed by: %(backing_file)s") % locals())
-
-+ # We can't generally shrink incoming images, so disallow
-+ # images > size of the flavor we're booting. Checking here avoids
-+ # an immediate DoS where we convert large qcow images to raw
-+ # (which may compress well but not be sparse).
-+ # TODO(p-draigbrady): loop through all flavor sizes, so that
-+ # we might continue here and not discard the download.
-+ # If we did that we'd have to do the higher level size checks
-+ # irrespective of whether the base image was prepared or not.
-+ disk_size = data.virtual_size
-+ if max_size and max_size < disk_size:
-+ msg = _('%(base)s virtual size %(disk_size)s '
-+ 'larger than flavor root disk size %(size)s')
-+ LOG.error(msg % {'base': path,
-+ 'disk_size': disk_size,
-+ 'size': max_size})
-+ raise exception.InstanceTypeDiskTooSmall()
-+
- if fmt != "raw" and CONF.force_raw_images:
- staged = "%s.converted" % path
- LOG.debug("%s was %s, converting to raw" % (image_href, fmt))
-diff --git a/nova/virt/libvirt/imagebackend.py b/nova/virt/libvirt/imagebackend.py
-index e2c7ccf..dc85c97 100755
---- a/nova/virt/libvirt/imagebackend.py
-+++ b/nova/virt/libvirt/imagebackend.py
-@@ -177,6 +177,36 @@ def _can_fallocate(self):
- (CONF.preallocate_images, self.path))
- return can_fallocate
-
-+ @staticmethod
-+ def verify_base_size(base, size, base_size=0):
-+ """Check that the base image is not larger than size.
-+ Since images can't be generally shrunk, enforce this
-+ constraint taking account of virtual image size.
-+ """
-+
-+ # Note(pbrady): The size and min_disk parameters of a glance
-+ # image are checked against the instance size before the image
-+ # is even downloaded from glance, but currently min_disk is
-+ # adjustable and doesn't currently account for virtual disk size,
-+ # so we need this extra check here.
-+ # NOTE(cfb): Having a flavor that sets the root size to 0 and having
-+ # nova effectively ignore that size and use the size of the
-+ # image is considered a feature at this time, not a bug.
-+
-+ if size is None:
-+ return
-+
-+ if size and not base_size:
-+ base_size = disk.get_disk_size(base)
-+
-+ if size < base_size:
-+ msg = _('%(base)s virtual size %(base_size)s '
-+ 'larger than flavor root disk size %(size)s')
-+ LOG.error(msg % {'base': base,
-+ 'base_size': base_size,
-+ 'size': size})
-+ raise exception.InstanceTypeDiskTooSmall()
-+
- def snapshot_create(self):
- raise NotImplementedError
-
-@@ -217,7 +247,8 @@ def copy_raw_image(base, target, size):
- #Generating image in place
- prepare_template(target=self.path, *args, **kwargs)
- else:
-- prepare_template(target=base, *args, **kwargs)
-+ prepare_template(target=base, max_size=size, *args, **kwargs)
-+ self.verify_base_size(base, size)
- if not os.path.exists(self.path):
- with utils.remove_path_on_error(self.path):
- copy_raw_image(base, self.path, size)
-@@ -257,7 +288,9 @@ def copy_qcow2_image(base, target, size):
-
- # Download the unmodified base image unless we already have a copy.
- if not os.path.exists(base):
-- prepare_template(target=base, *args, **kwargs)
-+ prepare_template(target=base, max_size=size, *args, **kwargs)
-+ else:
-+ self.verify_base_size(base, size)
-
- legacy_backing_size = None
- legacy_base = base
-@@ -283,13 +316,6 @@ def copy_qcow2_image(base, target, size):
- libvirt_utils.copy_image(base, legacy_base)
- disk.extend(legacy_base, legacy_backing_size)
-
-- # NOTE(cfb): Having a flavor that sets the root size to 0 and having
-- # nova effectively ignore that size and use the size of the
-- # image is considered a feature at this time, not a bug.
-- if size and size < disk.get_disk_size(base):
-- LOG.error('%s virtual size larger than flavor root disk size %s' %
-- (base, size))
-- raise exception.ImageTooLarge()
- if not os.path.exists(self.path):
- with utils.remove_path_on_error(self.path):
- copy_qcow2_image(base, self.path, size)
-@@ -348,6 +374,7 @@ def create_image(self, prepare_template, base, size, *args, **kwargs):
- lock_path=self.lock_path)
- def create_lvm_image(base, size):
- base_size = disk.get_disk_size(base)
-+ self.verify_base_size(base, size, base_size=base_size)
- resize = size > base_size
- size = size if resize else base_size
- libvirt_utils.create_lvm_image(self.vg, self.lv,
-@@ -365,7 +392,7 @@ def create_lvm_image(base, size):
- with self.remove_volume_on_error(self.path):
- prepare_template(target=self.path, *args, **kwargs)
- else:
-- prepare_template(target=base, *args, **kwargs)
-+ prepare_template(target=base, max_size=size, *args, **kwargs)
- with self.remove_volume_on_error(self.path):
- create_lvm_image(base, size)
-
-diff --git a/nova/virt/libvirt/utils.py b/nova/virt/libvirt/utils.py
-index 6972243..4c31fcb 100755
---- a/nova/virt/libvirt/utils.py
-+++ b/nova/virt/libvirt/utils.py
-@@ -592,9 +592,10 @@ def get_fs_info(path):
- 'used': used}
-
-
--def fetch_image(context, target, image_id, user_id, project_id):
-+def fetch_image(context, target, image_id, user_id, project_id, max_size=0):
- """Grab image."""
-- images.fetch_to_raw(context, image_id, target, user_id, project_id)
-+ images.fetch_to_raw(context, image_id, target, user_id, project_id,
-+ max_size=max_size)
-
-
- def get_instance_path(instance, forceold=False, relative=False):
---
-1.8.4
-
diff --git a/sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch b/sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch
deleted file mode 100644
index e8e14c0ab747..000000000000
--- a/sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From df2ea2e3acdede21b40d47b7adbeac04213d031b Mon Sep 17 00:00:00 2001
-From: John Garbutt <john.garbutt@rackspace.com>
-Date: Thu, 12 Sep 2013 18:11:49 +0100
-Subject: [PATCH] xenapi: enforce filters after live-migration
-
-Currently and network filters, including security groups, are
-lost after a server has been live-migrated.
-
-This partially fixes the issue by ensuring that security groups are
-re-applied to the VM once it reached the destination, and been started.
-
-This leaves a small amount of time during the live-migrate where the VM
-is not protected. There is a further bug raised to close the rest of
-this whole, but this helps keep the VM protected for the majority of the
-time.
-
-Fixes bug 1202266
-
-(Cherry picked from commit: 5cced7a6dd32d231c606e25dbf762d199bf9cca7)
-
-Change-Id: I66bc7af1c6da74e18dce47180af0cb6020ba2c1a
----
- nova/tests/test_xenapi.py | 22 +++++++++++++++++++++-
- nova/virt/xenapi/driver.py | 4 ++--
- nova/virt/xenapi/vmops.py | 18 ++++++++++++++++++
- 3 files changed, 41 insertions(+), 3 deletions(-)
-
-diff --git a/nova/tests/test_xenapi.py b/nova/tests/test_xenapi.py
-index f7fb81d..d4c19a4 100644
---- a/nova/tests/test_xenapi.py
-+++ b/nova/tests/test_xenapi.py
-@@ -2723,7 +2723,27 @@ def test_post_live_migration_at_destination(self):
- # ensure method is present
- stubs.stubout_session(self.stubs, stubs.FakeSessionForVMTests)
- self.conn = xenapi_conn.XenAPIDriver(fake.FakeVirtAPI(), False)
-- self.conn.post_live_migration_at_destination(None, None, None, None)
-+
-+ fake_instance = "instance"
-+ fake_network_info = "network_info"
-+
-+ def fake_fw(instance, network_info):
-+ self.assertEquals(instance, fake_instance)
-+ self.assertEquals(network_info, fake_network_info)
-+ fake_fw.called += 1
-+
-+ fake_fw.called = 0
-+ _vmops = self.conn._vmops
-+ self.stubs.Set(_vmops.firewall_driver,
-+ 'setup_basic_filtering', fake_fw)
-+ self.stubs.Set(_vmops.firewall_driver,
-+ 'prepare_instance_filter', fake_fw)
-+ self.stubs.Set(_vmops.firewall_driver,
-+ 'apply_instance_filter', fake_fw)
-+
-+ self.conn.post_live_migration_at_destination(None, fake_instance,
-+ fake_network_info, None)
-+ self.assertEqual(fake_fw.called, 3)
-
- def test_check_can_live_migrate_destination_with_block_migration(self):
- stubs.stubout_session(self.stubs, stubs.FakeSessionForVMTests)
-diff --git a/nova/virt/xenapi/driver.py b/nova/virt/xenapi/driver.py
-index 128f67f..564c587 100755
---- a/nova/virt/xenapi/driver.py
-+++ b/nova/virt/xenapi/driver.py
-@@ -1,4 +1,3 @@
--# vim: tabstop=4 shiftwidth=4 softtabstop=4
-
- # Copyright (c) 2010 Citrix Systems, Inc.
- # Copyright 2010 OpenStack Foundation
-@@ -514,7 +513,8 @@ def post_live_migration_at_destination(self, ctxt, instance_ref,
- :params : block_migration: if true, post operation of block_migraiton.
- """
- # TODO(JohnGarbutt) look at moving/downloading ramdisk and kernel
-- pass
-+ self._vmops.post_live_migration_at_destination(ctxt, instance_ref,
-+ network_info, block_device_info, block_device_info)
-
- def unfilter_instance(self, instance_ref, network_info):
- """Removes security groups configured for an instance."""
-diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py
-index eccf3e0..ae5c697 100644
---- a/nova/virt/xenapi/vmops.py
-+++ b/nova/virt/xenapi/vmops.py
-@@ -1737,6 +1737,24 @@ def live_migrate(self, context, instance, destination_hostname,
- recover_method(context, instance, destination_hostname,
- block_migration)
-
-+ def post_live_migration_at_destination(self, context, instance,
-+ network_info, block_migration,
-+ block_device_info):
-+ # FIXME(johngarbutt): we should block all traffic until we have
-+ # applied security groups, however this requires changes to XenServer
-+ try:
-+ self.firewall_driver.setup_basic_filtering(
-+ instance, network_info)
-+ except NotImplementedError:
-+ # NOTE(salvatore-orlando): setup_basic_filtering might be
-+ # empty or not implemented at all, as basic filter could
-+ # be implemented with VIF rules created by xapi plugin
-+ pass
-+
-+ self.firewall_driver.prepare_instance_filter(instance,
-+ network_info)
-+ self.firewall_driver.apply_instance_filter(instance, network_info)
-+
- def get_per_instance_usage(self):
- """Get usage info about each active instance."""
- usage = {}
---
-1.8.4
-
diff --git a/sys-cluster/nova/files/CVE-2013-4497-grizzly-2.patch b/sys-cluster/nova/files/CVE-2013-4497-grizzly-2.patch
deleted file mode 100644
index 28fbbca758c8..000000000000
--- a/sys-cluster/nova/files/CVE-2013-4497-grizzly-2.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 01de658210fd65171bfbf5450c93673b5ce0bd9e Mon Sep 17 00:00:00 2001
-From: John Garbutt <john.garbutt@rackspace.com>
-Date: Mon, 21 Oct 2013 19:34:43 +0100
-Subject: [PATCH] xenapi: apply firewall rules in finish_migrate
-
-When security groups were added, the rules were not re-applied to
-servers that have been migrated to a new hypervisor.
-
-This change ensures the firewall rules are applied as part of creating
-the new VM in finish_migrate. This code follows a very similar pattern
-to the code in spawn, and that is where the cut and paste code comes
-from. This code duplication was removed in Havana.
-
-Fixes bug 1073306
-
-Change-Id: I6295a782df328a759e358fb82b76dd3f7bd4b39e
----
- nova/virt/xenapi/vmops.py | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py
-index eccf3e0..7a96ac2 100644
---- a/nova/virt/xenapi/vmops.py
-+++ b/nova/virt/xenapi/vmops.py
-@@ -277,8 +277,23 @@ def finish_migration(self, context, migration, instance, disk_info,
-
- self._attach_mapped_block_devices(instance, block_device_info)
-
-+ try:
-+ self.firewall_driver.setup_basic_filtering(
-+ instance, network_info)
-+ except NotImplementedError:
-+ # NOTE(salvatore-orlando): setup_basic_filtering might be
-+ # empty or not implemented at all, as basic filter could
-+ # be implemented with VIF rules created by xapi plugin
-+ pass
-+
-+ self.firewall_driver.prepare_instance_filter(instance,
-+ network_info)
-+
- # 5. Start VM
- self._start(instance, vm_ref=vm_ref)
-+
-+ self.firewall_driver.apply_instance_filter(instance, network_info)
-+
- self._update_instance_progress(context, instance,
- step=5,
- total_steps=RESIZE_TOTAL_STEPS)
---
-1.8.4
-
diff --git a/sys-cluster/nova/files/CVE-2013-6419_2013.1.4.patch b/sys-cluster/nova/files/CVE-2013-6419_2013.1.4.patch
deleted file mode 100644
index 541b794899d0..000000000000
--- a/sys-cluster/nova/files/CVE-2013-6419_2013.1.4.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-commit d4155b806f52f2168742ceb37988fc7f405b44cd
-Author: Aaron Rosen <arosen@nicira.com>
-Date: Mon Oct 7 13:33:31 2013 -0700
-
- Prevent spoofing instance_id from neturon to nova
-
- Previously, one could update a port's device_id in neutron to be that
- of another tenant's instance_id and then be able to retrieve that instance's
- metadata. This patch prevents this from occuring by checking that X-Tenant-ID
- received from the metadata request matches the tenant_id in the nova database.
-
- DocImpact - This patch is dependent on another patch in neutron which adds
- X-Tenant-ID to the request. Therefore to minimize downtime one
- should upgrade Neutron first (then restart neutron-metadata-agent)
- and lastly update nova.
-
- Fixes bug: 1235450
-
-diff --git a/nova/api/metadata/handler.py b/nova/api/metadata/handler.py
-index bbaeba5..2b7f659 100644
---- a/nova/api/metadata/handler.py
-+++ b/nova/api/metadata/handler.py
-@@ -144,6 +144,7 @@ class MetadataRequestHandler(wsgi.Application):
-
- def _handle_instance_id_request(self, req):
- instance_id = req.headers.get('X-Instance-ID')
-+ tenant_id = req.headers.get('X-Tenant-ID')
- signature = req.headers.get('X-Instance-ID-Signature')
- remote_address = req.headers.get('X-Forwarded-For')
-
-@@ -151,8 +152,12 @@ class MetadataRequestHandler(wsgi.Application):
-
- if instance_id is None:
- msg = _('X-Instance-ID header is missing from request.')
-+ elif tenant_id is None:
-+ msg = _('X-Tenant-ID header is missing from request.')
- elif not isinstance(instance_id, basestring):
- msg = _('Multiple X-Instance-ID headers found within request.')
-+ elif not isinstance(tenant_id, basestring):
-+ msg = _('Multiple X-Tenant-ID headers found within request.')
- else:
- msg = None
-
-@@ -188,4 +193,12 @@ class MetadataRequestHandler(wsgi.Application):
- LOG.error(_('Failed to get metadata for instance id: %s'),
- instance_id)
-
-+ if meta_data.instance['project_id'] != tenant_id:
-+ LOG.warning(_("Tenant_id %(tenant_id)s does not match tenant_id "
-+ "of instance %(instance_id)s."),
-+ {'tenant_id': tenant_id,
-+ 'instance_id': instance_id})
-+ # causes a 404 to be raised
-+ meta_data = None
-+
- return meta_data
-diff --git a/nova/tests/test_metadata.py b/nova/tests/test_metadata.py
-index 01f274f..51b6f72 100644
---- a/nova/tests/test_metadata.py
-+++ b/nova/tests/test_metadata.py
-@@ -510,6 +510,7 @@ class MetadataHandlerTestCase(test.TestCase):
- relpath="/2009-04-04/user-data",
- address="192.192.192.2",
- headers={'X-Instance-ID': 'a-b-c-d',
-+ 'X-Tenant-ID': 'test',
- 'X-Instance-ID-Signature': signed})
- self.assertEqual(response.status_int, 200)
-
-@@ -522,6 +523,7 @@ class MetadataHandlerTestCase(test.TestCase):
- fake_get_metadata_by_instance_id=fake_get_metadata,
- headers={'X-Forwarded-For': '192.192.192.2',
- 'X-Instance-ID': 'a-b-c-d',
-+ 'X-Tenant-ID': 'test',
- 'X-Instance-ID-Signature': signed})
-
- self.assertEqual(response.status_int, 200)
-@@ -536,10 +538,36 @@ class MetadataHandlerTestCase(test.TestCase):
- fake_get_metadata_by_instance_id=fake_get_metadata,
- headers={'X-Forwarded-For': '192.192.192.2',
- 'X-Instance-ID': 'a-b-c-d',
-+ 'X-Tenant-ID': 'test',
- 'X-Instance-ID-Signature': ''})
-
- self.assertEqual(response.status_int, 403)
-
-+ # missing X-Tenant-ID from request
-+ response = fake_request(
-+ self.stubs, self.mdinst,
-+ relpath="/2009-04-04/user-data",
-+ address="192.192.192.2",
-+ fake_get_metadata_by_instance_id=fake_get_metadata,
-+ headers={'X-Forwarded-For': '192.192.192.2',
-+ 'X-Instance-ID': 'a-b-c-d',
-+ 'X-Instance-ID-Signature': signed})
-+
-+ self.assertEqual(response.status_int, 400)
-+
-+ # mismatched X-Tenant-ID
-+ response = fake_request(
-+ self.stubs, self.mdinst,
-+ relpath="/2009-04-04/user-data",
-+ address="192.192.192.2",
-+ fake_get_metadata_by_instance_id=fake_get_metadata,
-+ headers={'X-Forwarded-For': '192.192.192.2',
-+ 'X-Instance-ID': 'a-b-c-d',
-+ 'X-Tenant-ID': 'FAKE',
-+ 'X-Instance-ID-Signature': signed})
-+
-+ self.assertEqual(response.status_int, 404)
-+
- # without X-Forwarded-For
- response = fake_request(
- self.stubs, self.mdinst,
-@@ -547,6 +575,7 @@ class MetadataHandlerTestCase(test.TestCase):
- address="192.192.192.2",
- fake_get_metadata_by_instance_id=fake_get_metadata,
- headers={'X-Instance-ID': 'a-b-c-d',
-+ 'X-Tenant-ID': 'test',
- 'X-Instance-ID-Signature': signed})
-
- self.assertEqual(response.status_int, 500)
-@@ -564,6 +593,7 @@ class MetadataHandlerTestCase(test.TestCase):
- fake_get_metadata_by_instance_id=fake_get_metadata,
- headers={'X-Forwarded-For': '192.192.192.2',
- 'X-Instance-ID': 'z-z-z-z',
-+ 'X-Tenant-ID': 'test',
- 'X-Instance-ID-Signature': signed})
- self.assertEqual(response.status_int, 500)
-
diff --git a/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch b/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch
deleted file mode 100644
index f679668b2c39..000000000000
--- a/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-From 3e451f1bac57d24e47171cffb3ad59bb1610d836 Mon Sep 17 00:00:00 2001
-From: Ryan Moore <ryan.moore@hp.com>
-Date: Fri, 29 Nov 2013 14:21:19 +0000
-Subject: [PATCH] use 'os_type' in ephemeral filename only if mkfs defined
-
-Currently for undefined os-types it will use the default mkfs
-command, but use the meta 'os_type' in the name of the
-ephemeral file (e.g. ephemeral_20_abcdef). Which can result
-in a lot of files (DoS?)
-This change will only use 'os_type' in the ephemeral filename
-if there is a specific mkfs command defined, otherwise it will
-use 'default' (e.g. ephemeral_20_default)
-
-Modifed the tests to test for:
- os_type=''
- os_type=None
- os_type='test' - with no mkfs command specified
- os_type='test' - with a mkfs command specified
-
-Closes-Bug: 1253980
-
-Backport of Original Change-Id: Ie4c10f99ce690c5e4ef181624bd688c38923855c
-to stable/grizzly
-
-Change-Id: Ia040910e90861a2987eff345ad1c01863655b124
----
- nova/tests/test_libvirt.py | 28 ++++++++++++++++++++++++++--
- nova/virt/disk/api.py | 4 ++++
- nova/virt/libvirt/driver.py | 5 ++---
- 3 files changed, 32 insertions(+), 5 deletions(-)
-
-diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
-index 4b07d65..d2ac73b 100644
---- a/nova/tests/test_libvirt.py
-+++ b/nova/tests/test_libvirt.py
-@@ -2725,7 +2725,7 @@ def fake_get_info(instance):
- self.assertTrue(self.cache_called_for_disk)
- db.instance_destroy(self.context, instance['uuid'])
-
-- def test_create_image_plain(self):
-+ def _test_create_image_plain(self, os_type='', filename='', mkfs=False):
- gotFiles = []
-
- def fake_image(self, instance, name, image_type=''):
-@@ -2760,11 +2760,15 @@ def fake_get_info(instance):
- instance_ref = self.test_instance
- instance_ref['image_ref'] = 1
- instance = db.instance_create(self.context, instance_ref)
-+ instance['os_type'] = os_type
-
- conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
- self.stubs.Set(conn, 'to_xml', fake_none)
- self.stubs.Set(conn, '_create_domain_and_network', fake_none)
- self.stubs.Set(conn, 'get_info', fake_get_info)
-+ if mkfs:
-+ self.stubs.Set(nova.virt.disk.api, '_MKFS_COMMAND',
-+ {os_type: 'mkfs.ext3 --label %(fs_label)s %(target)s'})
-
- image_meta = {'id': instance['image_ref']}
- disk_info = blockinfo.get_disk_info(CONF.libvirt_type,
-@@ -2779,11 +2783,31 @@ def fake_get_info(instance):
- wantFiles = [
- {'filename': '356a192b7913b04c54574d18c28d46e6395428ab',
- 'size': 10 * 1024 * 1024 * 1024},
-- {'filename': 'ephemeral_20_default',
-+ {'filename': filename,
- 'size': 20 * 1024 * 1024 * 1024},
- ]
- self.assertEquals(gotFiles, wantFiles)
-
-+ def test_create_image_plain_os_type_blank(self):
-+ self._test_create_image_plain(os_type='',
-+ filename='ephemeral_20_default',
-+ mkfs=False)
-+
-+ def test_create_image_plain_os_type_none(self):
-+ self._test_create_image_plain(os_type=None,
-+ filename='ephemeral_20_default',
-+ mkfs=False)
-+
-+ def test_create_image_plain_os_type_set_no_fs(self):
-+ self._test_create_image_plain(os_type='test',
-+ filename='ephemeral_20_default',
-+ mkfs=False)
-+
-+ def test_create_image_plain_os_type_set_with_fs(self):
-+ self._test_create_image_plain(os_type='test',
-+ filename='ephemeral_20_test',
-+ mkfs=True)
-+
- def test_create_image_with_swap(self):
- gotFiles = []
-
-diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py
-index e1af0bf..a17ba59 100755
---- a/nova/virt/disk/api.py
-+++ b/nova/virt/disk/api.py
-@@ -90,6 +90,10 @@
- _DEFAULT_MKFS_COMMAND = mkfs_command
-
-
-+def get_fs_type_for_os_type(os_type):
-+ return os_type if _MKFS_COMMAND.get(os_type) else 'default'
-+
-+
- def mkfs(os_type, fs_label, target):
- mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or
- '') % locals()
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index ff1117c..0f0ea46 100755
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -1826,9 +1826,8 @@ def raw(fname):
- project_id=instance['project_id'])
-
- # Lookup the filesystem type if required
-- os_type_with_default = instance['os_type']
-- if not os_type_with_default:
-- os_type_with_default = 'default'
-+ os_type_with_default = disk.get_fs_type_for_os_type(
-+ instance['os_type'])
-
- ephemeral_gb = instance['ephemeral_gb']
- if 'disk.local' in disk_mapping:
---
-1.8.5.1
-
diff --git a/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch b/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch
deleted file mode 100644
index 7c9d98aa579b..000000000000
--- a/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa Mon Sep 17 00:00:00 2001
-From: Xavier Queralt <xqueralt@redhat.com>
-Date: Wed, 27 Nov 2013 19:44:36 +0000
-Subject: Enforce permissions in snapshots temporary dir
-
-Live snapshots creates a temporary directory where libvirt driver
-creates a new image from the instance's disk using blockRebase.
-Currently this directory is created with 777 permissions making this
-directory accessible by all the users in the system.
-
-This patch changes the tempdir permissions so they have the o+x
-flag set, which is what libvirt needs to be able to write in it and
-
-Closes-Bug: #1227027
-Change-Id: I767ff5247b4452821727e92b668276004fc0f84d
-(cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f)
----
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index 6b977cb..4cc85f1 100755
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -1191,9 +1191,8 @@ class LibvirtDriver(driver.ComputeDriver):
- try:
- out_path = os.path.join(tmpdir, snapshot_name)
- if live_snapshot:
-- # NOTE (rmk): libvirt needs to be able to write to the
-- # temp directory, which is owned nova.
-- utils.execute('chmod', '777', tmpdir, run_as_root=True)
-+ # NOTE(xqueralt): libvirt needs o+x in the temp directory
-+ os.chmod(tmpdir, 0o701)
- self._live_snapshot(virt_dom, disk_path, out_path,
- image_format)
- else:
---
-cgit v0.9.2
diff --git a/sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch b/sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch
deleted file mode 100644
index c77d629a06d9..000000000000
--- a/sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-From 35e0ee309e040a95988a433120f1eba747f6f33c Mon Sep 17 00:00:00 2001
-From: Nikola Dipanov <ndipanov@redhat.com>
-Date: Tue, 10 Dec 2013 17:43:17 +0100
-Subject: [PATCH] libvirt: Fix root disk leak in live mig
-
-This patch makes sure that i_create_images_and_backing method of the
-libvirt driver (called in several places, but most problematic one is
-the call in the pre_live_migration method) creates all the files the
-instance needs that are not present.
-
-Prioir to this patch - the method would only attempt to download the
-image, and if it did so with the path of the ephemeral drives, it could
-expose the image to other users as an ephemeral devices. See the related
-bug for more detaiis.
-
-After this patch - we properly distinguish between image, ephemeral and
-swap files, and make sure that the imagebackend does the correct thing.
-
-Closes-bug: #1251590
-
-Co-authored-by: Loganathan Parthipan <parthipan@hp.com>
-
-This patch also includes part of commit
-65386c91910ee03d947c2b8bcc226a53c30e060a, not cherry-picked as a whole
-due to the fact that it is a trivial change, and to avoud the
-proliferation of patches needed to fix this bug.
-
-Change-Id: I78aa2f4243899db4f4941e77014a7e18e27fc63e
-(cherry picked from commit c69a619668b5f44e94a8fe1a23f3d887ba2834d7)
-
-Conflicts:
- nova/tests/test_libvirt.py
- nova/virt/libvirt/driver.py
----
- nova/tests/test_libvirt.py | 63 +++++++++++++++++++++++++++++++++++++++++++++
- nova/virt/libvirt/driver.py | 31 +++++++++++++++-------
- 2 files changed, 85 insertions(+), 9 deletions(-)
-
-diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
-index d2ac73b..d9c7405 100644
---- a/nova/tests/test_libvirt.py
-+++ b/nova/tests/test_libvirt.py
-@@ -2346,6 +2346,69 @@ class LibvirtConnTestCase(test.TestCase):
-
- db.instance_destroy(self.context, instance_ref['uuid'])
-
-+ def test_create_images_and_backing(self):
-+ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-+ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
-+ self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'create_image')
-+
-+ libvirt_driver.libvirt_utils.create_image(mox.IgnoreArg(),
-+ mox.IgnoreArg(),
-+ mox.IgnoreArg())
-+ conn._fetch_instance_kernel_ramdisk(self.context, self.test_instance)
-+ self.mox.ReplayAll()
-+
-+ self.stubs.Set(os.path, 'exists', lambda *args: False)
-+ disk_info_json = jsonutils.dumps([{'path': 'foo', 'type': None,
-+ 'disk_size': 0,
-+ 'backing_file': None}])
-+ conn._create_images_and_backing(self.context, self.test_instance,
-+ "/fake/instance/dir", disk_info_json)
-+
-+ def test_create_images_and_backing_ephemeral_gets_created(self):
-+ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-+ disk_info_json = jsonutils.dumps(
-+ [{u'backing_file': u'fake_image_backing_file',
-+ u'disk_size': 10747904,
-+ u'path': u'disk_path',
-+ u'type': u'qcow2',
-+ u'virt_disk_size': 25165824},
-+ {u'backing_file': u'ephemeral_1_default',
-+ u'disk_size': 393216,
-+ u'over_committed_disk_size': 1073348608,
-+ u'path': u'disk_eph_path',
-+ u'type': u'qcow2',
-+ u'virt_disk_size': 1073741824}])
-+
-+ base_dir = os.path.join(CONF.instances_path, '_base')
-+ ephemeral_target = os.path.join(base_dir, 'ephemeral_1_default')
-+ image_target = os.path.join(base_dir, 'fake_image_backing_file')
-+ self.test_instance.update({'name': 'fake_instance',
-+ 'user_id': 'fake-user',
-+ 'os_type': None,
-+ 'project_id': 'fake-project'})
-+
-+ self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'fetch_image')
-+ self.mox.StubOutWithMock(conn, '_create_ephemeral')
-+ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
-+
-+ conn._create_ephemeral(
-+ target=ephemeral_target,
-+ ephemeral_size=self.test_instance['ephemeral_gb'],
-+ max_size=mox.IgnoreArg(), os_type=mox.IgnoreArg(),
-+ fs_label=mox.IgnoreArg())
-+ libvirt_driver.libvirt_utils.fetch_image(context=self.context,
-+ image_id=mox.IgnoreArg(),
-+ user_id=mox.IgnoreArg(), project_id=mox.IgnoreArg(),
-+ max_size=mox.IgnoreArg(), target=image_target)
-+ conn._fetch_instance_kernel_ramdisk(
-+ self.context, self.test_instance).AndReturn(None)
-+
-+ self.mox.ReplayAll()
-+
-+ conn._create_images_and_backing(self.context, self.test_instance,
-+ "/fake/instance/dir",
-+ disk_info_json)
-+
- def test_pre_live_migration_works_correctly_mocked(self):
- # Creating testdata
- vol = {'block_device_mapping': [
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index 0f0ea46..39191af 100755
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -3304,19 +3304,32 @@ class LibvirtDriver(driver.ComputeDriver):
- elif info['backing_file']:
- # Creating backing file follows same way as spawning instances.
- cache_name = os.path.basename(info['backing_file'])
-- # Remove any size tags which the cache manages
-- cache_name = cache_name.split('_')[0]
-
- image = self.image_backend.image(instance,
- instance_disk,
- CONF.libvirt_images_type)
-- image.cache(fetch_func=libvirt_utils.fetch_image,
-- context=ctxt,
-- filename=cache_name,
-- image_id=instance['image_ref'],
-- user_id=instance['user_id'],
-- project_id=instance['project_id'],
-- size=info['virt_disk_size'])
-+ if cache_name.startswith('ephemeral'):
-+ image.cache(fetch_func=self._create_ephemeral,
-+ fs_label=cache_name,
-+ os_type=instance["os_type"],
-+ filename=cache_name,
-+ size=info['virt_disk_size'],
-+ ephemeral_size=instance['ephemeral_gb'])
-+ elif cache_name.startswith('swap'):
-+ inst_type = flavors.extract_flavor(instance)
-+ swap_mb = inst_type['swap']
-+ image.cache(fetch_func=self._create_swap,
-+ filename="swap_%s" % swap_mb,
-+ size=swap_mb * unit.Mi,
-+ swap_mb=swap_mb)
-+ else:
-+ image.cache(fetch_func=libvirt_utils.fetch_image,
-+ context=ctxt,
-+ filename=cache_name,
-+ image_id=instance['image_ref'],
-+ user_id=instance['user_id'],
-+ project_id=instance['project_id'],
-+ size=info['virt_disk_size'])
-
- # if image has kernel and ramdisk, just download
- # following normal way.
---
-1.8.3.1
-
diff --git a/sys-cluster/nova/nova-2013.1.4-r5.ebuild b/sys-cluster/nova/nova-2013.1.5.ebuild
index a6bb1ff8b2ed..61951a3dde88 100644
--- a/sys-cluster/nova/nova-2013.1.4-r5.ebuild
+++ b/sys-cluster/nova/nova-2013.1.5.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r5.ebuild,v 1.1 2014/01/27 08:44:51 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.5.ebuild,v 1.1 2014/03/23 20:32:06 prometheanfire Exp $
EAPI=5
PYTHON_COMPAT=( python2_7 )
@@ -70,13 +70,6 @@ RDEPEND=">=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}]
app-emulation/xen-tools )"
PATCHES=(
- "${FILESDIR}/CVE-2013-4463_4469-grizzly.patch"
- "${FILESDIR}/CVE-2013-4497-grizzly-1.patch"
- "${FILESDIR}/CVE-2013-4497-grizzly-2.patch"
- "${FILESDIR}/CVE-2013-6419_2013.1.4.patch"
- "${FILESDIR}/CVE-2013-6437-2012.1.4.patch"
- "${FILESDIR}/CVE-2013-7048-grizzly.patch"
- "${FILESDIR}/CVE-2013-7130-stable-grizzly.patch"
)
pkg_setup() {