Move flushing block devices to privsep.

A similar pattern to the others. Maybe we should write a more fully fledged
wrapper around blockdev at some point, but I think its not required yet.

Change-Id: Ie65d7c90abd0f8448500089fa48e831aef7b7abf
blueprint: hurrah-for-privsep

nova/privsep/fs.py

@@ -82,6 +82,11 @@ def blockdev_size(path):
     return processutils.execute('blockdev', '--getsize64', path)
 
 
+@nova.privsep.sys_admin_pctxt.entrypoint
+def blockdev_flush(path):
+    return processutils.execute('blockdev', '--flushbufs', path)
+
+
 @nova.privsep.sys_admin_pctxt.entrypoint
 def clear(path, volume_size, shred=False):
     cmd = ['shred']

nova/tests/unit/virt/test_virt.py

@@ -216,9 +216,10 @@ class TestVirtDisk(test.NoDBTestCase):
     @mock.patch('nova.privsep.fs.umount')
     @mock.patch('nova.privsep.fs.nbd_disconnect')
     @mock.patch('nova.privsep.fs.remove_device_maps')
+    @mock.patch('nova.privsep.fs.blockdev_flush')
     def test_lxc_teardown_container(
-            self, mock_remove_maps, mock_nbd_disconnect, mock_umount,
-            mock_loopremove, mock_exist):
+            self, mock_blockdev_flush, mock_remove_maps, mock_nbd_disconnect,
+            mock_umount, mock_loopremove, mock_exist):
 
         def proc_mounts(mount_point):
             mount_points = {
@@ -231,7 +232,6 @@ class TestVirtDisk(test.NoDBTestCase):
 
         self.stub_out('nova.virt.disk.api._DiskImage._device_for_path',
                       proc_mounts)
-        expected_commands = []
 
         disk_api.teardown_container('/mnt/loop/nopart')
         mock_loopremove.assert_has_calls([mock.call('/dev/loop0')])
@@ -248,24 +248,22 @@ class TestVirtDisk(test.NoDBTestCase):
         mock_remove_maps.reset_mock()
 
         disk_api.teardown_container('/mnt/nbd/nopart')
-        expected_commands += [
-                              ('blockdev', '--flushbufs', '/dev/nbd15'),
-                             ]
         mock_nbd_disconnect.assert_has_calls([mock.call('/dev/nbd15')])
         mock_umount.assert_has_calls([mock.call('/dev/nbd15')])
+        mock_blockdev_flush.assert_has_calls([mock.call('/dev/nbd15')])
         mock_nbd_disconnect.reset_mock()
         mock_umount.reset_mock()
+        mock_blockdev_flush.reset_mock()
 
         disk_api.teardown_container('/mnt/nbd/part')
-        expected_commands += [
-                              ('blockdev', '--flushbufs', '/dev/nbd15'),
-                             ]
         mock_nbd_disconnect.assert_has_calls([mock.call('/dev/nbd15')])
         mock_umount.assert_has_calls([mock.call('/dev/mapper/nbd15p1')])
+        mock_blockdev_flush.assert_has_calls([mock.call('/dev/nbd15')])
         mock_nbd_disconnect.reset_mock()
         mock_umount.reset_mock()
         mock_remove_maps.assert_has_calls([mock.call('/dev/nbd15')])
         mock_remove_maps.reset_mock()
+        mock_blockdev_flush.reset_mock()
 
         # NOTE(thomasem): Not adding any commands in this case, because we're
         # not expecting an additional umount for LocalBlockImages. This is to
@@ -273,8 +271,6 @@ class TestVirtDisk(test.NoDBTestCase):
         disk_api.teardown_container('/dev/volume-group/uuid_disk')
         mock_umount.assert_not_called()
 
-        self.assertEqual(self.executes, expected_commands)
-
     @mock.patch('os.path.exists', return_value=True)
     @mock.patch('nova.virt.disk.api._DiskImage._device_for_path',
                 return_value=None)

nova/virt/disk/mount/nbd.py

@@ -134,5 +134,4 @@ class NbdMount(api.Mount):
         # Without this flush, when a nbd device gets re-used the
         # qemu-nbd intermittently hangs.
         if self.device:
-            utils.execute('blockdev', '--flushbufs',
-                          self.device, run_as_root=True)
+            nova.privsep.fs.blockdev_flush(self.device)

releasenotes/notes/privsep-queens-rootwrap-adds-907aa1bc8e3eb2ca.yaml

@@ -10,7 +10,7 @@ upgrade:
     internal functionality using privsep.
   - |
     The following commands are no longer required to be listed in your rootwrap
-    configuration: blkid; cat; chown; cryptsetup; dd; ebrctl; ifc_ctl; kpartx;
-    losetup; lvcreate; lvremove; lvs; mkdir; mm-ctl; mount; nova-idmapshift;
-    ploop; prl_disk_tool; qemu-nbd; readlink; shred; tee; touch; umount; vgs;
-    vrouter-port-control; and xend.
+    configuration: blkid; blockdev; cat; chown; cryptsetup; dd; ebrctl; ifc_ctl;
+    kpartx; losetup; lvcreate; lvremove; lvs; mkdir; mm-ctl; mount;
+    nova-idmapshift; ploop; prl_disk_tool; qemu-nbd; readlink; shred; tee;
+    touch; umount; vgs; vrouter-port-control; and xend.