GPFS KNFS: Do not reuse ssh prefix in loop
Fix GPFS KNFS allow/deny access so that it does not reuse the ssh prefix when looping through NFS server commands for allow and deny access. This fixes GPFS KNFS allow/deny access incorrect behavior when multiple NFS servers are configured (gpfs_nfs_server_list) and any of the servers are remote (except the last one). Change-Id: I8c182eed386e8325b087c3192d363502bb848633 Closes-Bug: #1651578
This commit is contained in:
parent
3ede2d1c48
commit
b76a2af237
|
@ -679,17 +679,18 @@ class KNFSHelper(NASHelperBase):
|
||||||
raise exception.GPFSException(msg)
|
raise exception.GPFSException(msg)
|
||||||
|
|
||||||
def _publish_access(self, *cmd):
|
def _publish_access(self, *cmd):
|
||||||
|
localserver_iplist = socket.gethostbyname_ex(socket.gethostname())[2]
|
||||||
for server in self.configuration.gpfs_nfs_server_list:
|
for server in self.configuration.gpfs_nfs_server_list:
|
||||||
localserver_iplist = socket.gethostbyname_ex(
|
if server in localserver_iplist:
|
||||||
socket.gethostname())[2]
|
run_command = cmd
|
||||||
run_local = True
|
run_local = True
|
||||||
if server not in localserver_iplist:
|
else:
|
||||||
sshlogin = self.configuration.gpfs_ssh_login
|
sshlogin = self.configuration.gpfs_ssh_login
|
||||||
remote_login = sshlogin + '@' + server
|
remote_login = sshlogin + '@' + server
|
||||||
cmd = ['ssh', remote_login] + list(cmd)
|
run_command = ['ssh', remote_login] + list(cmd)
|
||||||
run_local = False
|
run_local = False
|
||||||
try:
|
try:
|
||||||
utils.execute(*cmd,
|
utils.execute(*run_command,
|
||||||
run_as_root=run_local,
|
run_as_root=run_local,
|
||||||
check_exit_code=True)
|
check_exit_code=True)
|
||||||
except exception.ProcessExecutionError:
|
except exception.ProcessExecutionError:
|
||||||
|
|
|
@ -85,7 +85,8 @@ mmcesnfslsexport:nfsexports:HEADER:version:reserved:reserved:Path:Delegations:Cl
|
||||||
self.snapshot = fake_share.fake_snapshot()
|
self.snapshot = fake_share.fake_snapshot()
|
||||||
self.local_ip = "192.11.22.1"
|
self.local_ip = "192.11.22.1"
|
||||||
self.remote_ip = "192.11.22.2"
|
self.remote_ip = "192.11.22.2"
|
||||||
gpfs_nfs_server_list = [self.local_ip, self.remote_ip]
|
self.remote_ip2 = "2.2.2.2"
|
||||||
|
gpfs_nfs_server_list = [self.remote_ip, self.local_ip, self.remote_ip2]
|
||||||
self._knfs_helper.configuration.gpfs_nfs_server_list = \
|
self._knfs_helper.configuration.gpfs_nfs_server_list = \
|
||||||
gpfs_nfs_server_list
|
gpfs_nfs_server_list
|
||||||
self._ces_helper.configuration.gpfs_nfs_server_list = \
|
self._ces_helper.configuration.gpfs_nfs_server_list = \
|
||||||
|
@ -810,28 +811,41 @@ mmcesnfslsexport:nfsexports:HEADER:version:reserved:reserved:Path:Delegations:Cl
|
||||||
|
|
||||||
def test_knfs__publish_access(self):
|
def test_knfs__publish_access(self):
|
||||||
self.mock_object(utils, 'execute')
|
self.mock_object(utils, 'execute')
|
||||||
cmd = ['fakecmd']
|
|
||||||
|
fake_command = 'fakecmd'
|
||||||
|
cmd = [fake_command]
|
||||||
self._knfs_helper._publish_access(*cmd)
|
self._knfs_helper._publish_access(*cmd)
|
||||||
|
|
||||||
utils.execute.assert_any_call(*cmd, run_as_root=True,
|
utils.execute.assert_any_call(*cmd, run_as_root=True,
|
||||||
check_exit_code=True)
|
check_exit_code=True)
|
||||||
remote_login = self.sshlogin + '@' + self.remote_ip
|
remote_login = self.sshlogin + '@' + self.remote_ip
|
||||||
cmd = ['ssh', remote_login] + list(cmd)
|
remote_login2 = self.sshlogin + '@' + self.remote_ip2
|
||||||
utils.execute.assert_any_call(*cmd, run_as_root=False,
|
utils.execute.assert_has_calls([
|
||||||
check_exit_code=True)
|
mock.call('ssh', remote_login, fake_command,
|
||||||
|
check_exit_code=True, run_as_root=False),
|
||||||
|
mock.call(fake_command, check_exit_code=True, run_as_root=True),
|
||||||
|
mock.call('ssh', remote_login2, fake_command,
|
||||||
|
check_exit_code=True, run_as_root=False)])
|
||||||
self.assertTrue(socket.gethostbyname_ex.called)
|
self.assertTrue(socket.gethostbyname_ex.called)
|
||||||
self.assertTrue(socket.gethostname.called)
|
self.assertTrue(socket.gethostname.called)
|
||||||
|
|
||||||
def test_knfs__publish_access_exception(self):
|
def test_knfs__publish_access_exception(self):
|
||||||
self.mock_object(
|
self.mock_object(
|
||||||
utils, 'execute',
|
utils, 'execute',
|
||||||
mock.Mock(side_effect=exception.ProcessExecutionError))
|
mock.Mock(side_effect=(0, exception.ProcessExecutionError)))
|
||||||
cmd = ['fakecmd']
|
|
||||||
|
fake_command = 'fakecmd'
|
||||||
|
cmd = [fake_command]
|
||||||
self.assertRaises(exception.ProcessExecutionError,
|
self.assertRaises(exception.ProcessExecutionError,
|
||||||
self._knfs_helper._publish_access, *cmd)
|
self._knfs_helper._publish_access, *cmd)
|
||||||
|
|
||||||
self.assertTrue(socket.gethostbyname_ex.called)
|
self.assertTrue(socket.gethostbyname_ex.called)
|
||||||
self.assertTrue(socket.gethostname.called)
|
self.assertTrue(socket.gethostname.called)
|
||||||
utils.execute.assert_called_once_with(*cmd, run_as_root=True,
|
remote_login = self.sshlogin + '@' + self.remote_ip
|
||||||
check_exit_code=True)
|
utils.execute.assert_has_calls([
|
||||||
|
mock.call('ssh', remote_login, fake_command,
|
||||||
|
check_exit_code=True, run_as_root=False),
|
||||||
|
mock.call(fake_command, check_exit_code=True, run_as_root=True)])
|
||||||
|
|
||||||
def test_ces_get_export_options(self):
|
def test_ces_get_export_options(self):
|
||||||
mock_out = {"ces:export_options": "squash=no_root_squash"}
|
mock_out = {"ces:export_options": "squash=no_root_squash"}
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- Fixed GPFS KNFS generation of NFS server allow/deny commands
|
||||||
|
when there are multiple servers in gpfs_nfs_server_list
|
||||||
|
so that the remote ssh login prefix used for one server is
|
||||||
|
not carried over to the commands for following servers.
|
Loading…
Reference in New Issue