diff --git a/README.md b/README.md index 7903288..0891332 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,11 @@ openvz-nova-driver ================== -Virt driver that allows openstack nova to control openvz containers. \ No newline at end of file +Virt driver that allows openstack nova to control openvz containers. + +Once installed simply set these flags in the nova.conf file: + + +compute_driver=openvz + + diff --git a/etc/nova/rootwrap.d/openvz.filters b/etc/nova/rootwrap.d/openvz.filters index b222761..73de16f 100644 --- a/etc/nova/rootwrap.d/openvz.filters +++ b/etc/nova/rootwrap.d/openvz.filters @@ -1,245 +1,56 @@ -# nova-rootwrap command filters for compute nodes +# nova-rootwrap command filters for openvz nodes # This file should be owned by (and only-writeable by) the root user -[Filters] -# nova/virt/disk/mount/api.py: 'kpartx', '-a', device -# nova/virt/disk/mount/api.py: 'kpartx', '-d', device -kpartx: CommandFilter, /sbin/kpartx, root - -# nova/virt/xenapi/vm_utils.py: tune2fs, -O ^has_journal, part_path -# nova/virt/xenapi/vm_utils.py: tune2fs, -j, partition_path -tune2fs: CommandFilter, /sbin/tune2fs, root - -# nova/virt/disk/mount/api.py: 'mount', mapped_device -# nova/virt/disk/api.py: 'mount', '-o', 'bind', src, target -# nova/virt/xenapi/vm_utils.py: 'mount', '-t', 'ext2,ext3,ext4,reiserfs'.. -# nova/virt/configdrive.py: 'mount', device, mountdir -# nova/virt/libvirt/volume.py: 'mount', '-t', 'sofs' ... # nova/virt/openvz/utils.py: 'mount', '-o', 'defaults' ... mount: CommandFilter, /bin/mount, root -# nova/virt/disk/mount/api.py: 'umount', mapped_device -# nova/virt/disk/api.py: 'umount' target -# nova/virt/xenapi/vm_utils.py: 'umount', dev_path -# nova/virt/configdrive.py: 'umount', mountdir # nova/virt/openvz/utils.py: 'umount' umount: CommandFilter, /bin/umount, root -# nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-c', device, image -# nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-d', device -qemu-nbd: CommandFilter, /usr/bin/qemu-nbd, root - -# nova/virt/disk/mount/loop.py: 'losetup', '--find', '--show', image -# nova/virt/disk/mount/loop.py: 'losetup', '--detach', device -losetup: CommandFilter, /sbin/losetup, root - -# nova/virt/disk/vfs/localfs.py: 'tee', canonpath -tee: CommandFilter, /usr/bin/tee, root - -# nova/virt/disk/vfs/localfs.py: 'mkdir', canonpath +# nova/virt/openvz/utils.py: 'mkdir', path mkdir: CommandFilter, /bin/mkdir, root -# nova/virt/disk/vfs/localfs.py: 'chown' -# nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log -# nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log -# nova/virt/libvirt/connection.py: 'chown', 'root', basepath('disk') -# nova/utils.py: 'chown', owner_uid, path +# nova/virt/openvz/utils.py: 'chown', owner_uid, path chown: CommandFilter, /bin/chown, root -# nova/virt/disk/vfs/localfs.py: 'chmod' +# nova/virt/openvz/utils.py: 'chmod' chmod: CommandFilter, /bin/chmod, root -# nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap' -# nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up' -# nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev -# nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i.. -# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'.. -# nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',.. -# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',.. -# nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev) -# nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1] -# nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge -# nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', .. -# nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',.. -# nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ... -# nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,.. -# nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up' -# nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up' -# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, .. -# nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, .. -# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up' -ip: CommandFilter, /sbin/ip, root - -# nova/virt/libvirt/vif.py: 'tunctl', '-b', '-t', dev -# nova/network/linux_net.py: 'tunctl', '-b', '-t', dev -tunctl: CommandFilter, tunctl, root - -# nova/virt/libvirt/vif.py: 'ovs-vsctl', ... -# nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ... -# nova/network/linux_net.py: 'ovs-vsctl', .... -ovs-vsctl: CommandFilter, /usr/bin/ovs-vsctl, root - -# nova/network/linux_net.py: 'ovs-ofctl', .... -ovs-ofctl: CommandFilter, /usr/bin/ovs-ofctl, root - -# nova/virt/libvirt/connection.py: 'dd', if=%s % virsh_output, ... -dd: CommandFilter, /bin/dd, root - -# nova/virt/xenapi/volume_utils.py: 'iscsiadm', '-m', ... +# nova/virt/openvz/volume_drivers/iscsi.py: 'iscsiadm', '-m', ... iscsiadm: CommandFilter, iscsiadm, root -# nova/virt/libvirt/volume.py: 'aoe-revalidate', aoedev -# nova/virt/libvirt/volume.py: 'aoe-discover' -aoe-revalidate: CommandFilter, /usr/sbin/aoe-revalidate, root -aoe-discover: CommandFilter, /usr/sbin/aoe-discover, root - -# nova/virt/xenapi/vm_utils.py: parted, --script, ... -# nova/virt/xenapi/vm_utils.py: 'parted', '--script', dev_path, ..*. -parted: CommandFilter, parted, root - -# nova/virt/xenapi/vm_utils.py: 'pygrub', '-qn', dev_path -pygrub: CommandFilter, /usr/bin/pygrub, root - -# nova/virt/xenapi/vm_utils.py: fdisk %(dev_path)s # nova/virt/openvz/volume.py: fdisk %(dev_path)s fdisk: CommandFilter, /sbin/fdisk, root -# nova/virt/xenapi/vm_utils.py: e2fsck, -f, -p, partition_path -# nova/virt/disk/api.py: e2fsck, -f, -p, image -e2fsck: CommandFilter, /sbin/e2fsck, root - -# nova/virt/xenapi/vm_utils.py: resize2fs, partition_path -# nova/virt/disk/api.py: resize2fs, image -resize2fs: CommandFilter, /sbin/resize2fs, root - -# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ... -iptables-save: CommandFilter, iptables-save, root -ip6tables-save: CommandFilter, ip6tables-save, root - -# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,) -iptables-restore: CommandFilter, iptables-restore, root -ip6tables-restore: CommandFilter, ip6tables-restore, root - -# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ... -# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],.. +# nova/virt/openvz/driver.py: 'arping', '-U', floating_ip, '-A', '-I', ... arping: CommandFilter, arping, root -# nova/network/linux_net.py: 'route', '-n' -# nova/network/linux_net.py: 'route', 'del', 'default', 'gw' -# nova/network/linux_net.py: 'route', 'add', 'default', 'gw' -# nova/network/linux_net.py: 'route', '-n' -# nova/network/linux_net.py: 'route', 'del', 'default', 'gw', old_gw, .. -# nova/network/linux_net.py: 'route', 'add', 'default', 'gw', old_gateway -route: CommandFilter, /sbin/route, root - -# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address -dhcp_release: CommandFilter, /usr/bin/dhcp_release, root - -# nova/network/linux_net.py: 'kill', '-9', pid -# nova/network/linux_net.py: 'kill', '-HUP', pid -kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP - -# nova/network/linux_net.py: 'kill', pid -kill_radvd: KillFilter, root, /usr/sbin/radvd - -# nova/network/linux_net.py: dnsmasq call -dnsmasq: DnsmasqFilter, /usr/sbin/dnsmasq, root -dnsmasq_deprecated: DeprecatedDnsmasqFilter, /usr/sbin/dnsmasq, root - -# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'.. -radvd: CommandFilter, /usr/sbin/radvd, root - -# nova/network/linux_net.py: 'brctl', 'addbr', bridge -# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0 -# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off' -# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface -brctl: CommandFilter, brctl, root - -# nova/virt/libvirt/utils.py: 'mkswap' -# nova/virt/xenapi/vm_utils.py: 'mkswap' -mkswap: CommandFilter, /sbin/mkswap, root - -# nova/virt/xenapi/vm_utils.py: 'mkfs' -mkfs: CommandFilter, /sbin/mkfs, root - -# nova/virt/libvirt/utils.py: 'qemu-img' -qemu-img: CommandFilter, /usr/bin/qemu-img, root - -# nova/virt/disk/vfs/localfs.py: 'readlink', '-e' -readlink: CommandFilter, readlink, root - -# nova/virt/disk/api.py: 'touch', target +# nova/virt/openvz/file.py: 'touch', target touch: CommandFilter, /usr/bin/touch, root -# nova/virt/disk/api.py: -mkfs.ext3: CommandFilter, /sbin/mkfs.ext3, root -mkfs.ntfs: CommandFilter, /sbin/mkfs.ntfs, root - -# nova/virt/libvirt/connection.py: -read_initiator: ReadFileFilter, /etc/iscsi/initiatorname.iscsi - -# nova/virt/libvirt/connection.py: -lvremove: CommandFilter, /sbin/lvremove, root - -# nova/virt/libvirt/utils.py: -lvcreate: CommandFilter, /sbin/lvcreate, root - -# nova/virt/libvirt/utils.py: -lvs: CommandFilter, /sbin/lvs, root - -# nova/virt/libvirt/utils.py: -vgs: CommandFilter, /sbin/vgs, root - -# nova/virt/baremetal/volume_driver.py: 'tgtadm', '--lld', 'iscsi', ... -tgtadm: CommandFilter, /usr/sbin/tgtadm, root - -# nova/utils.py:read_file_as_root: 'cat', file_path -# (called from nova/virt/disk/vfs/localfs.py:VFSLocalFS.read_file) -read_passwd: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/passwd -read_shadow: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/shadow - -# nova/virt/libvirt/volume.py: 'multipath' '-R' -multipath: CommandFilter, /sbin/multipath, root - -# nova/virt/libvirt/utils.py: -systool: CommandFilter, /usr/bin/systool, root - -# nova/virt/libvirt/volume.py: -sginfo: CommandFilter, /usr/bin/sginfo, root -sg_scan: CommandFilter, /usr/bin/sg_scan, root - -# nova/virt/xenapi/vm_utils.py: -xenstore-read: CommandFilter, /usr/bin/xenstore-read, root - -# nova/virt/baremetal/tilera.py: '/usr/sbin/rpc.mountd' -rpc.mountd: CommandFilter, /usr/sbin/rpc.mountd, root - # Rackspace Openvz starts here # nova/compute/manager.py: 'blockdev', '--getsize64', host_device blockdev: CommandFilter, /sbin/blockdev, root -# nova/virt/openvz_conn.py: '/usr/sbin/vzlist' +# nova/virt/openvz/driver.py: '/usr/sbin/vzlist' vzlist: CommandFilter, /usr/sbin/vzlist, root -# nova/virt/openvz_conn.py: '/usr/sbin/vzctl' +# nova/virt/openvz/driver.py: '/usr/sbin/vzctl' vzctl: CommandFilter, /usr/sbin/vzctl, root -# nova/virt/openvz_conn.py: '/usr/sbin/arping' -arping_usrsbin: CommandFilter, /usr/sbin/arping, root - -# nova/virt/openvz_conn.py: '/bin/rm' +# nova/virt/openvz/driver.py: '/bin/rm' rm: CommandFilter, /bin/rm, root -# nova/virt/openvz_conn.py: +# nova/virt/openvz/driver.py: cpuinfo: ReadFileFilter, /proc/cpuinfo -# nova/virt/openvz_conn.py: +# nova/virt/openvz/driver.py: meminfo: ReadFileFilter, /proc/meminfo -# nova/virt/openvz_conn.py: '/usr/sbin/vzcpucheck' +# nova/virt/openvz/driver.py: '/usr/sbin/vzcpucheck' vzcpucheck: CommandFilter, /usr/sbin/vzcpucheck, root -# nova/virt/openvz_conn.py: '/bin/rmdir' +# nova/virt/openvz/driver.py: '/bin/rmdir' rmdir: CommandFilter, /bin/rmdir, root # nova/virt/openvz/volume_drivers/iscsi.py: '/usr/bin/iscsiadm'