[openstack-nova/f16] fix for protocol case handling (#829439, CVE-2012-2654)
Pádraig Brady
pbrady at fedoraproject.org
Thu Jun 7 00:18:44 UTC 2012
commit 487cb83639609c698e8b0a1b3c859f8286ab6bfa
Author: Pádraig Brady <P at draigBrady.com>
Date: Thu Jun 7 01:06:32 2012 +0100
fix for protocol case handling (#829439, CVE-2012-2654)
This fix was on the Diablo stable branch,
so I took the opportunity to sync with it.
Note I manually deleted the 2011.3.2 version bump patch,
as it's inaccurate
0001-Open-2011.3.2-development.patch | 26 +
0002-Fix-bug-917615.patch | 33 +
...19390-Block-Migration-fails-when-keystone.patch | 44 +
...fix-X-Server-Management-Url-for-v1.0-noau.patch | 2 +-
...Provides-flag-override-for-vlan-interface.patch | 1101 ++++++++++++++++++++
...-t-log-sensitive-data-in-compute-log-file.patch | 109 ++
...nova-manage-floating-delete-with-ip_range.patch | 29 +
...Bump-python-novaclient-version-to-2.6.0.1.patch | 57 +
...d-validation-for-OSAPI-server-name-length.patch | 2 +-
...ndefined-glance_host-in-get_glance_client.patch | 4 +-
...0011-Implement-quotas-for-security-groups.patch | 2 +-
...hain-rule-for-EC2-metadata-requests-lp-85.patch | 4 +-
...pi-add-the-INPUT-rule-for-EC2-metadata-lp.patch | 4 +-
...ser-to-choose-either-ietadm-or-tgtadm-lp-.patch | 2 +-
...e-VolumeDriver.sync_exec-method-lp-819997.patch | 2 +-
...tadm-tgtadm-calls-out-into-helper-classes.patch | 2 +-
...tgtadm-off-by-one-error.-Fixes-bug-871278.patch | 2 +-
...57-abstract-out-disk-image-access-methods.patch | 4 +-
...7-support-handling-images-with-libguestfs.patch | 2 +-
...estfs-operation-with-specified-partitions.patch | 2 +-
...e-don-t-access-the-net-when-building-docs.patch | 2 +-
...rotocol-case-handling-for-security-groups.patch | 90 ++
openstack-nova.spec | 52 +-
23 files changed, 1542 insertions(+), 35 deletions(-)
---
diff --git a/0001-Open-2011.3.2-development.patch b/0001-Open-2011.3.2-development.patch
new file mode 100644
index 0000000..ecf6a7f
--- /dev/null
+++ b/0001-Open-2011.3.2-development.patch
@@ -0,0 +1,26 @@
+From 9faf9252b2598c4c0214abd91e2dd4b3f2819e1b Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc at redhat.com>
+Date: Thu, 19 Jan 2012 12:34:47 +0000
+Subject: [PATCH] Open 2011.3.2 development
+
+Change-Id: I9a2491f04eab13795fe6e69f665ab9e64744a7f2
+---
+ nova/version.py | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nova/version.py b/nova/version.py
+index b97f072..da323a7 100644
+--- a/nova/version.py
++++ b/nova/version.py
+@@ -22,9 +22,9 @@ except ImportError:
+ 'revno': 0}
+
+
+-NOVA_VERSION = ['2011', '3', '1']
++NOVA_VERSION = ['2011', '3', '2']
+ YEAR, COUNT, REVISION = NOVA_VERSION
+-FINAL = True # This becomes true at Release Candidate time
++FINAL = False # This becomes true at Release Candidate time
+
+
+ def canonical_version_string():
diff --git a/0002-Fix-bug-917615.patch b/0002-Fix-bug-917615.patch
new file mode 100644
index 0000000..b768b3e
--- /dev/null
+++ b/0002-Fix-bug-917615.patch
@@ -0,0 +1,33 @@
+From 4f43496502aef88752e616695e29f930f09009c3 Mon Sep 17 00:00:00 2001
+From: Kiall Mac Innes <kiall at managedit.ie>
+Date: Fri, 20 Jan 2012 20:26:24 +0000
+Subject: [PATCH] Fix bug #917615.
+
+Partial Cherry-Pick of 52d58ad583350f2448b3971eeb3f1df541cfbfe5.
+
+Changes to nova.compute.manager.recover_live_migration() discarded as they are unnecessary for diablo.
+
+Conflicts:
+
+ nova/compute/manager.py
+
+Change-Id: I773b3f026fd7ebcb2aefcd2ef348cca0c5477238
+---
+ nova/virt/libvirt/connection.py | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
+index 55cb31d..80e9655 100644
+--- a/nova/virt/libvirt/connection.py
++++ b/nova/virt/libvirt/connection.py
+@@ -1711,8 +1711,8 @@ class LibvirtConnection(driver.ComputeDriver):
+ FLAGS.live_migration_bandwidth)
+
+ except Exception:
+- recover_method(ctxt, instance_ref, dest, block_migration)
+- raise
++ with utils.save_and_reraise_exception():
++ recover_method(ctxt, instance_ref, dest, block_migration)
+
+ # Waiting for completion of live_migration.
+ timer = utils.LoopingCall(f=None)
diff --git a/0003-Fixes-bug-919390-Block-Migration-fails-when-keystone.patch b/0003-Fixes-bug-919390-Block-Migration-fails-when-keystone.patch
new file mode 100644
index 0000000..4148b9b
--- /dev/null
+++ b/0003-Fixes-bug-919390-Block-Migration-fails-when-keystone.patch
@@ -0,0 +1,44 @@
+From 13599a50ae4420cc3fe132be9e1d0adf70aaf233 Mon Sep 17 00:00:00 2001
+From: Kiall Mac Innes <kiall at managedit.ie>
+Date: Fri, 20 Jan 2012 21:08:11 +0000
+Subject: [PATCH] Fixes bug #919390 - Block Migration fails when keystone is
+ un use.
+
+I've Updated the calls to nova.virt.libvirt.utils.fetch_image() to match the rest of the class.
+
+Additionally, nova.virt.images.fetch() currently makes no use of the user/project id supplied.
+
+Change-Id: I2db4b8c1b6542909fcc2b452fc961e22fe2557bf
+---
+ nova/virt/libvirt/connection.py | 11 ++++-------
+ 1 files changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
+index 55cb31d..3cb68a3 100644
+--- a/nova/virt/libvirt/connection.py
++++ b/nova/virt/libvirt/connection.py
+@@ -1779,20 +1779,17 @@ class LibvirtConnection(driver.ComputeDriver):
+ # if image has kernel and ramdisk, just download
+ # following normal way.
+ if instance_ref['kernel_id']:
+- user = manager.AuthManager().get_user(instance_ref['user_id'])
+- project = manager.AuthManager().get_project(
+- instance_ref['project_id'])
+ self._fetch_image(nova_context.get_admin_context(),
+ os.path.join(instance_dir, 'kernel'),
+ instance_ref['kernel_id'],
+- user,
+- project)
++ instance_ref['user_id'],
++ instance_ref['project_id'])
+ if instance_ref['ramdisk_id']:
+ self._fetch_image(nova_context.get_admin_context(),
+ os.path.join(instance_dir, 'ramdisk'),
+ instance_ref['ramdisk_id'],
+- user,
+- project)
++ instance_ref['user_id'],
++ instance_ref['project_id'])
+
+ def post_live_migration_at_destination(self, ctxt,
+ instance_ref,
diff --git a/0001-Bug-920497-fix-X-Server-Management-Url-for-v1.0-noau.patch b/0004-Bug-920497-fix-X-Server-Management-Url-for-v1.0-noau.patch
similarity index 96%
rename from 0001-Bug-920497-fix-X-Server-Management-Url-for-v1.0-noau.patch
rename to 0004-Bug-920497-fix-X-Server-Management-Url-for-v1.0-noau.patch
index 73287cd..e26ba5d 100644
--- a/0001-Bug-920497-fix-X-Server-Management-Url-for-v1.0-noau.patch
+++ b/0004-Bug-920497-fix-X-Server-Management-Url-for-v1.0-noau.patch
@@ -1,4 +1,4 @@
-From e00e78a187882a3af2cb2729d4658a66cb9b8dc6 Mon Sep 17 00:00:00 2001
+From e48106a2a5086c933d98043952d63c50c25df10b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Mon, 23 Jan 2012 15:49:08 +0000
Subject: [PATCH] Bug #920497 fix X-Server-Management-Url for v1.0 noauth API
diff --git a/0005-Provides-flag-override-for-vlan-interface.patch b/0005-Provides-flag-override-for-vlan-interface.patch
new file mode 100644
index 0000000..11cf781
--- /dev/null
+++ b/0005-Provides-flag-override-for-vlan-interface.patch
@@ -0,0 +1,1101 @@
+From d064c4460b8719ac3fda3d8e369fa5dc77ac6ec4 Mon Sep 17 00:00:00 2001
+From: Vishvananda Ishaya <vishvananda at gmail.com>
+Date: Thu, 2 Feb 2012 10:59:43 -0800
+Subject: [PATCH] Provides flag override for vlan interface
+
+This means you can have your vlan_interface be different on
+different hosts machines by setting vlan_interface differently
+on each host.
+
+ * Allow non-homogenous vlan networks
+ * Fixes bug 833426
+ * Includes failing test for linux_net
+
+(cherry picked from commit 8efe15209aaee6b15c8edb21362c08137294a7de)
+
+Resolved Conflicts:
+
+ nova/tests/test_linux_net.py
+
+Change-Id: I68aa52e745318cedfbefb6fbac8187fceb1ae06b
+---
+ nova/network/linux_net.py | 3 +-
+ nova/tests/test_linux_net.py | 1019 +++++++++++++++++++++++-------------------
+ nova/virt/libvirt/vif.py | 3 +-
+ nova/virt/xenapi/vif.py | 2 +-
+ 4 files changed, 562 insertions(+), 465 deletions(-)
+
+diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py
+index a6aea8a..67c2f37 100755
+--- a/nova/network/linux_net.py
++++ b/nova/network/linux_net.py
+@@ -864,10 +864,11 @@ class LinuxBridgeInterfaceDriver(LinuxNetInterfaceDriver):
+
+ def plug(self, network, mac_address):
+ if network.get('vlan', None) is not None:
++ iface = FLAGS.vlan_interface or network['bridge_interface']
+ LinuxBridgeInterfaceDriver.ensure_vlan_bridge(
+ network['vlan'],
+ network['bridge'],
+- network['bridge_interface'],
++ iface,
+ network,
+ mac_address)
+ else:
+diff --git a/nova/tests/test_linux_net.py b/nova/tests/test_linux_net.py
+index 0f5862f..f81bb0c 100755
+--- a/nova/tests/test_linux_net.py
++++ b/nova/tests/test_linux_net.py
+@@ -1,462 +1,557 @@
+-# vim: tabstop=4 shiftwidth=4 softtabstop=4
+-
+-# Copyright 2011 NTT
+-# All Rights Reserved.
+-#
+-# Licensed under the Apache License, Version 2.0 (the "License"); you may
+-# not use this file except in compliance with the License. You may obtain
+-# a copy of the License at
+-#
+-# http://www.apache.org/licenses/LICENSE-2.0
+-#
+-# Unless required by applicable law or agreed to in writing, software
+-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-# License for the specific language governing permissions and limitations
+-# under the License.
+-
+-import mox
+-
+-from nova import db
+-from nova import flags
+-from nova import log as logging
+-from nova import test
+-from nova import utils
+-from nova.network import linux_net
+-
+-
+-FLAGS = flags.FLAGS
+-
+-LOG = logging.getLogger('nova.tests.network')
+-
+-
+-HOST = "testhost"
+-
+-instances = [{'id': 0,
+- 'host': 'fake_instance00',
+- 'hostname': 'fake_instance00'},
+- {'id': 1,
+- 'host': 'fake_instance01',
+- 'hostname': 'fake_instance01'}]
+-
+-
+-addresses = [{"address": "10.0.0.1"},
+- {"address": "10.0.0.2"},
+- {"address": "10.0.0.3"},
+- {"address": "10.0.0.4"},
+- {"address": "10.0.0.5"},
+- {"address": "10.0.0.6"}]
+-
+-
+-networks = [{'id': 0,
+- 'uuid': "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
+- 'label': 'test0',
+- 'injected': False,
+- 'multi_host': False,
+- 'cidr': '192.168.0.0/24',
+- 'cidr_v6': '2001:db8::/64',
+- 'gateway_v6': '2001:db8::1',
+- 'netmask_v6': '64',
+- 'netmask': '255.255.255.0',
+- 'bridge': 'fa0',
+- 'bridge_interface': 'fake_fa0',
+- 'gateway': '192.168.0.1',
+- 'broadcast': '192.168.0.255',
+- 'dns1': '192.168.0.1',
+- 'dns2': '192.168.0.2',
+- 'dhcp_server': '0.0.0.0',
+- 'dhcp_start': '192.168.100.1',
+- 'vlan': None,
+- 'host': None,
+- 'project_id': 'fake_project',
+- 'vpn_public_address': '192.168.0.2'},
+- {'id': 1,
+- 'uuid': "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
+- 'label': 'test1',
+- 'injected': False,
+- 'multi_host': False,
+- 'cidr': '192.168.1.0/24',
+- 'cidr_v6': '2001:db9::/64',
+- 'gateway_v6': '2001:db9::1',
+- 'netmask_v6': '64',
+- 'netmask': '255.255.255.0',
+- 'bridge': 'fa1',
+- 'bridge_interface': 'fake_fa1',
+- 'gateway': '192.168.1.1',
+- 'broadcast': '192.168.1.255',
+- 'dns1': '192.168.0.1',
+- 'dns2': '192.168.0.2',
+- 'dhcp_server': '0.0.0.0',
+- 'dhcp_start': '192.168.100.1',
+- 'vlan': None,
+- 'host': None,
+- 'project_id': 'fake_project',
+- 'vpn_public_address': '192.168.1.2'}]
+-
+-
+-fixed_ips = [{'id': 0,
+- 'network_id': 0,
+- 'address': '192.168.0.100',
+- 'instance_id': 0,
+- 'allocated': True,
+- 'virtual_interface_id': 0,
+- 'virtual_interface': addresses[0],
+- 'instance': instances[0],
+- 'floating_ips': []},
+- {'id': 1,
+- 'network_id': 1,
+- 'address': '192.168.1.100',
+- 'instance_id': 0,
+- 'allocated': True,
+- 'virtual_interface_id': 1,
+- 'virtual_interface': addresses[1],
+- 'instance': instances[0],
+- 'floating_ips': []},
+- {'id': 2,
+- 'network_id': 1,
+- 'address': '192.168.0.101',
+- 'instance_id': 1,
+- 'allocated': True,
+- 'virtual_interface_id': 2,
+- 'virtual_interface': addresses[2],
+- 'instance': instances[1],
+- 'floating_ips': []},
+- {'id': 3,
+- 'network_id': 0,
+- 'address': '192.168.1.101',
+- 'instance_id': 1,
+- 'allocated': True,
+- 'virtual_interface_id': 3,
+- 'virtual_interface': addresses[3],
+- 'instance': instances[1],
+- 'floating_ips': []},
+- {'id': 4,
+- 'network_id': 0,
+- 'address': '192.168.0.102',
+- 'instance_id': 0,
+- 'allocated': True,
+- 'virtual_interface_id': 4,
+- 'virtual_interface': addresses[4],
+- 'instance': instances[0],
+- 'floating_ips': []},
+- {'id': 5,
+- 'network_id': 1,
+- 'address': '192.168.1.102',
+- 'instance_id': 1,
+- 'allocated': True,
+- 'virtual_interface_id': 5,
+- 'virtual_interface': addresses[5],
+- 'instance': instances[1],
+- 'floating_ips': []}]
+-
+-
+-vifs = [{'id': 0,
+- 'address': 'DE:AD:BE:EF:00:00',
+- 'uuid': '00000000-0000-0000-0000-0000000000000000',
+- 'network_id': 0,
+- 'network': networks[0],
+- 'instance_id': 0},
+- {'id': 1,
+- 'address': 'DE:AD:BE:EF:00:01',
+- 'uuid': '00000000-0000-0000-0000-0000000000000001',
+- 'network_id': 1,
+- 'network': networks[1],
+- 'instance_id': 0},
+- {'id': 2,
+- 'address': 'DE:AD:BE:EF:00:02',
+- 'uuid': '00000000-0000-0000-0000-0000000000000002',
+- 'network_id': 1,
+- 'network': networks[1],
+- 'instance_id': 1},
+- {'id': 3,
+- 'address': 'DE:AD:BE:EF:00:03',
+- 'uuid': '00000000-0000-0000-0000-0000000000000003',
+- 'network_id': 0,
+- 'network': networks[0],
+- 'instance_id': 1},
+- {'id': 4,
+- 'address': 'DE:AD:BE:EF:00:04',
+- 'uuid': '00000000-0000-0000-0000-0000000000000004',
+- 'network_id': 0,
+- 'network': networks[0],
+- 'instance_id': 0},
+- {'id': 5,
+- 'address': 'DE:AD:BE:EF:00:05',
+- 'uuid': '00000000-0000-0000-0000-0000000000000005',
+- 'network_id': 1,
+- 'network': networks[1],
+- 'instance_id': 1}]
+-
+-
+-class LinuxNetworkTestCase(test.TestCase):
+-
+- def setUp(self):
+- super(LinuxNetworkTestCase, self).setUp()
+- network_driver = FLAGS.network_driver
+- self.driver = utils.import_object(network_driver)
+- self.driver.db = db
+-
+- def test_update_dhcp_for_nw00(self):
+- self.flags(use_single_default_gateway=True)
+- self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
+- self.mox.StubOutWithMock(db, 'virtual_interface_get_by_instance')
+-
+- db.network_get_associated_fixed_ips(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([fixed_ips[0],
+- fixed_ips[3]])
+-
+- db.network_get_associated_fixed_ips(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([fixed_ips[0],
+- fixed_ips[3]])
+- db.virtual_interface_get_by_instance(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([vifs[0], vifs[1]])
+- db.virtual_interface_get_by_instance(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([vifs[2], vifs[3]])
+- self.mox.ReplayAll()
+-
+- self.driver.update_dhcp(None, "eth0", networks[0])
+-
+- def test_update_dhcp_for_nw01(self):
+- self.flags(use_single_default_gateway=True)
+- self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
+- self.mox.StubOutWithMock(db, 'virtual_interface_get_by_instance')
+-
+- db.network_get_associated_fixed_ips(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([fixed_ips[1],
+- fixed_ips[2]])
+-
+- db.network_get_associated_fixed_ips(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([fixed_ips[1],
+- fixed_ips[2]])
+- db.virtual_interface_get_by_instance(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([vifs[0], vifs[1]])
+- db.virtual_interface_get_by_instance(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([vifs[2], vifs[3]])
+- self.mox.ReplayAll()
+-
+- self.driver.update_dhcp(None, "eth0", networks[0])
+-
+- def test_get_dhcp_hosts_for_nw00(self):
+- self.flags(use_single_default_gateway=True)
+- self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
+-
+- db.network_get_associated_fixed_ips(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([fixed_ips[0],
+- fixed_ips[3]])
+- self.mox.ReplayAll()
+-
+- expected = \
+- "10.0.0.1,fake_instance00.novalocal,"\
+- "192.168.0.100,net:NW-i00000000-0\n"\
+- "10.0.0.4,fake_instance01.novalocal,"\
+- "192.168.1.101,net:NW-i00000001-0"
+- actual_hosts = self.driver.get_dhcp_hosts(None, networks[1])
+-
+- self.assertEquals(actual_hosts, expected)
+-
+- def test_get_dhcp_hosts_for_nw01(self):
+- self.flags(use_single_default_gateway=True)
+- self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
+-
+- db.network_get_associated_fixed_ips(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([fixed_ips[1],
+- fixed_ips[2]])
+- self.mox.ReplayAll()
+-
+- expected = \
+- "10.0.0.2,fake_instance00.novalocal,"\
+- "192.168.1.100,net:NW-i00000000-1\n"\
+- "10.0.0.3,fake_instance01.novalocal,"\
+- "192.168.0.101,net:NW-i00000001-1"
+- actual_hosts = self.driver.get_dhcp_hosts(None, networks[0])
+-
+- self.assertEquals(actual_hosts, expected)
+-
+- def test_get_dhcp_opts_for_nw00(self):
+- self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
+- self.mox.StubOutWithMock(db, 'virtual_interface_get_by_instance')
+-
+- db.network_get_associated_fixed_ips(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([fixed_ips[0],
+- fixed_ips[3],
+- fixed_ips[4]])
+- db.virtual_interface_get_by_instance(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([vifs[0],
+- vifs[1],
+- vifs[4]])
+- db.virtual_interface_get_by_instance(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([vifs[2],
+- vifs[3],
+- vifs[5]])
+- self.mox.ReplayAll()
+-
+- expected_opts = 'NW-i00000001-0,3'
+- actual_opts = self.driver.get_dhcp_opts(None, networks[0])
+-
+- self.assertEquals(actual_opts, expected_opts)
+-
+- def test_get_dhcp_opts_for_nw01(self):
+- self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
+- self.mox.StubOutWithMock(db, 'virtual_interface_get_by_instance')
+-
+- db.network_get_associated_fixed_ips(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([fixed_ips[1],
+- fixed_ips[2],
+- fixed_ips[5]])
+- db.virtual_interface_get_by_instance(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([vifs[0],
+- vifs[1],
+- vifs[4]])
+- db.virtual_interface_get_by_instance(mox.IgnoreArg(),
+- mox.IgnoreArg())\
+- .AndReturn([vifs[2],
+- vifs[3],
+- vifs[5]])
+- self.mox.ReplayAll()
+-
+- expected_opts = "NW-i00000000-1,3"
+- actual_opts = self.driver.get_dhcp_opts(None, networks[1])
+-
+- self.assertEquals(actual_opts, expected_opts)
+-
+- def test_dhcp_opts_not_default_gateway_network(self):
+- expected = "NW-i00000000-0,3"
+- actual = self.driver._host_dhcp_opts(fixed_ips[0])
+- self.assertEquals(actual, expected)
+-
+- def test_host_dhcp_without_default_gateway_network(self):
+- expected = ("10.0.0.1,fake_instance00.novalocal,192.168.0.100")
+- actual = self.driver._host_dhcp(fixed_ips[0])
+- self.assertEquals(actual, expected)
+-
+- def test_linux_bridge_driver_plug(self):
+- """Makes sure plug doesn't drop FORWARD by default.
+-
+- Ensures bug 890195 doesn't reappear."""
+-
+- def fake_execute(*args, **kwargs):
+- return "", ""
+- self.stubs.Set(utils, 'execute', fake_execute)
+-
+- def verify_add_rule(chain, rule):
+- self.assertEqual(chain, 'FORWARD')
+- self.assertIn('ACCEPT', rule)
+- self.stubs.Set(linux_net.iptables_manager.ipv4['filter'],
+- 'add_rule', verify_add_rule)
+- driver = linux_net.LinuxBridgeInterfaceDriver()
+- driver.plug({"bridge": "br100", "bridge_interface": "eth0"},
+- "fakemac")
+-
+- def _test_initialize_gateway(self, existing, expected, routes=''):
+- self.flags(fake_network=False)
+- executes = []
+-
+- def fake_execute(*args, **kwargs):
+- executes.append(args)
+- if args[0] == 'ip' and args[1] == 'addr' and args[2] == 'show':
+- return existing, ""
+- if args[0] == 'route' and args[1] == '-n':
+- return routes, ""
+- self.stubs.Set(utils, 'execute', fake_execute)
+- network = {'dhcp_server': '192.168.1.1',
+- 'cidr': '192.168.1.0/24',
+- 'broadcast': '192.168.1.255',
+- 'cidr_v6': '2001:db8::/64'}
+- self.driver.initialize_gateway_device('eth0', network)
+- self.assertEqual(executes, expected)
+-
+- def test_initialize_gateway_moves_wrong_ip(self):
+- existing = ("2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> "
+- " mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000\n"
+- " link/ether de:ad:be:ef:be:ef brd ff:ff:ff:ff:ff:ff\n"
+- " inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0\n"
+- " inet6 dead::beef:dead:beef:dead/64 scope link\n"
+- " valid_lft forever preferred_lft forever\n")
+- expected = [
+- ('ip', 'addr', 'show', 'dev', 'eth0', 'scope', 'global'),
+- ('route', '-n'),
+- ('ip', 'addr', 'del', '192.168.0.1/24',
+- 'brd', '192.168.0.255', 'scope', 'global', 'dev', 'eth0'),
+- ('ip', 'addr', 'add', '192.168.1.1/24',
+- 'brd', '192.168.1.255', 'dev', 'eth0'),
+- ('ip', 'addr', 'add', '192.168.0.1/24',
+- 'brd', '192.168.0.255', 'scope', 'global', 'dev', 'eth0'),
+- ('ip', '-f', 'inet6', 'addr', 'change',
+- '2001:db8::/64', 'dev', 'eth0'),
+- ('ip', 'link', 'set', 'dev', 'eth0', 'promisc', 'on'),
+- ]
+- self._test_initialize_gateway(existing, expected)
+-
+- def test_initialize_gateway_resets_route(self):
+- routes = "0.0.0.0 192.68.0.1 0.0.0.0 " \
+- "UG 100 0 0 eth0"
+- existing = ("2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> "
+- " mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000\n"
+- " link/ether de:ad:be:ef:be:ef brd ff:ff:ff:ff:ff:ff\n"
+- " inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0\n"
+- " inet6 dead::beef:dead:beef:dead/64 scope link\n"
+- " valid_lft forever preferred_lft forever\n")
+- expected = [
+- ('ip', 'addr', 'show', 'dev', 'eth0', 'scope', 'global'),
+- ('route', '-n'),
+- ('route', 'del', 'default', 'gw', '192.68.0.1', 'dev', 'eth0'),
+- ('ip', 'addr', 'del', '192.168.0.1/24',
+- 'brd', '192.168.0.255', 'scope', 'global', 'dev', 'eth0'),
+- ('ip', 'addr', 'add', '192.168.1.1/24',
+- 'brd', '192.168.1.255', 'dev', 'eth0'),
+- ('ip', 'addr', 'add', '192.168.0.1/24',
+- 'brd', '192.168.0.255', 'scope', 'global', 'dev', 'eth0'),
+- ('route', 'add', 'default', 'gw', '192.68.0.1'),
+- ('ip', '-f', 'inet6', 'addr', 'change',
+- '2001:db8::/64', 'dev', 'eth0'),
+- ('ip', 'link', 'set', 'dev', 'eth0', 'promisc', 'on'),
+- ]
+- self._test_initialize_gateway(existing, expected, routes)
+-
+- def test_initialize_gateway_no_move_right_ip(self):
+- existing = ("2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> "
+- " mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000\n"
+- " link/ether de:ad:be:ef:be:ef brd ff:ff:ff:ff:ff:ff\n"
+- " inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0\n"
+- " inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0\n"
+- " inet6 dead::beef:dead:beef:dead/64 scope link\n"
+- " valid_lft forever preferred_lft forever\n")
+- expected = [
+- ('ip', 'addr', 'show', 'dev', 'eth0', 'scope', 'global'),
+- ('ip', '-f', 'inet6', 'addr', 'change',
+- '2001:db8::/64', 'dev', 'eth0'),
+- ('ip', 'link', 'set', 'dev', 'eth0', 'promisc', 'on'),
+- ]
+- self._test_initialize_gateway(existing, expected)
+-
+- def test_initialize_gateway_add_if_blank(self):
+- existing = ("2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> "
+- " mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000\n"
+- " link/ether de:ad:be:ef:be:ef brd ff:ff:ff:ff:ff:ff\n"
+- " inet6 dead::beef:dead:beef:dead/64 scope link\n"
+- " valid_lft forever preferred_lft forever\n")
+- expected = [
+- ('ip', 'addr', 'show', 'dev', 'eth0', 'scope', 'global'),
+- ('route', '-n'),
+- ('ip', 'addr', 'add', '192.168.1.1/24',
+- 'brd', '192.168.1.255', 'dev', 'eth0'),
+- ('ip', '-f', 'inet6', 'addr', 'change',
+- '2001:db8::/64', 'dev', 'eth0'),
+- ('ip', 'link', 'set', 'dev', 'eth0', 'promisc', 'on'),
+- ]
+- self._test_initialize_gateway(existing, expected)
++# vim: tabstop=4 shiftwidth=4 softtabstop=4
++
++# Copyright 2011 NTT
++# All Rights Reserved.
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may
++# not use this file except in compliance with the License. You may obtain
++# a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations
++# under the License.
++
++import os
++
++import mox
++
++from nova import context
++from nova import db
++from nova import flags
++from nova import log as logging
++from nova import test
++from nova import utils
++from nova.network import linux_net
++
++
++FLAGS = flags.FLAGS
++
++LOG = logging.getLogger('nova.tests.network')
++
++
++HOST = "testhost"
++
++instances = [{'id': 0,
++ 'host': 'fake_instance00',
++ 'hostname': 'fake_instance00'},
++ {'id': 1,
++ 'host': 'fake_instance01',
++ 'hostname': 'fake_instance01'}]
++
++
++addresses = [{"address": "10.0.0.1"},
++ {"address": "10.0.0.2"},
++ {"address": "10.0.0.3"},
++ {"address": "10.0.0.4"},
++ {"address": "10.0.0.5"},
++ {"address": "10.0.0.6"}]
++
++
++networks = [{'id': 0,
++ 'uuid': "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
++ 'label': 'test0',
++ 'injected': False,
++ 'multi_host': False,
++ 'cidr': '192.168.0.0/24',
++ 'cidr_v6': '2001:db8::/64',
++ 'gateway_v6': '2001:db8::1',
++ 'netmask_v6': '64',
++ 'netmask': '255.255.255.0',
++ 'bridge': 'fa0',
++ 'bridge_interface': 'fake_fa0',
++ 'gateway': '192.168.0.1',
++ 'broadcast': '192.168.0.255',
++ 'dns1': '192.168.0.1',
++ 'dns2': '192.168.0.2',
++ 'dhcp_server': '0.0.0.0',
++ 'dhcp_start': '192.168.100.1',
++ 'vlan': None,
++ 'host': None,
++ 'project_id': 'fake_project',
++ 'vpn_public_address': '192.168.0.2'},
++ {'id': 1,
++ 'uuid': "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
++ 'label': 'test1',
++ 'injected': False,
++ 'multi_host': False,
++ 'cidr': '192.168.1.0/24',
++ 'cidr_v6': '2001:db9::/64',
++ 'gateway_v6': '2001:db9::1',
++ 'netmask_v6': '64',
++ 'netmask': '255.255.255.0',
++ 'bridge': 'fa1',
++ 'bridge_interface': 'fake_fa1',
++ 'gateway': '192.168.1.1',
++ 'broadcast': '192.168.1.255',
++ 'dns1': '192.168.0.1',
++ 'dns2': '192.168.0.2',
++ 'dhcp_server': '0.0.0.0',
++ 'dhcp_start': '192.168.100.1',
++ 'vlan': None,
++ 'host': None,
++ 'project_id': 'fake_project',
++ 'vpn_public_address': '192.168.1.2'}]
++
++
++fixed_ips = [{'id': 0,
++ 'network_id': 0,
++ 'address': '192.168.0.100',
++ 'instance_id': 0,
++ 'allocated': True,
++ 'virtual_interface_id': 0,
++ 'instance_id': 0,
++ 'floating_ips': []},
++ {'id': 1,
++ 'network_id': 1,
++ 'address': '192.168.1.100',
++ 'instance_id': 0,
++ 'allocated': True,
++ 'virtual_interface_id': 1,
++ 'instance_id': 0,
++ 'floating_ips': []},
++ {'id': 2,
++ 'network_id': 1,
++ 'address': '192.168.0.101',
++ 'instance_id': 1,
++ 'allocated': True,
++ 'virtual_interface_id': 2,
++ 'instance_id': 1,
++ 'floating_ips': []},
++ {'id': 3,
++ 'network_id': 0,
++ 'address': '192.168.1.101',
++ 'instance_id': 1,
++ 'allocated': True,
++ 'virtual_interface_id': 3,
++ 'instance_id': 1,
++ 'floating_ips': []},
++ {'id': 4,
++ 'network_id': 0,
++ 'address': '192.168.0.102',
++ 'instance_id': 0,
++ 'allocated': True,
++ 'virtual_interface_id': 4,
++ 'instance_id': 0,
++ 'floating_ips': []},
++ {'id': 5,
++ 'network_id': 1,
++ 'address': '192.168.1.102',
++ 'instance_id': 1,
++ 'allocated': True,
++ 'virtual_interface_id': 5,
++ 'instance_id': 1,
++ 'floating_ips': []}]
++
++
++vifs = [{'id': 0,
++ 'address': 'DE:AD:BE:EF:00:00',
++ 'uuid': '00000000-0000-0000-0000-0000000000000000',
++ 'network_id': 0,
++ 'instance_id': 0},
++ {'id': 1,
++ 'address': 'DE:AD:BE:EF:00:01',
++ 'uuid': '00000000-0000-0000-0000-0000000000000001',
++ 'network_id': 1,
++ 'instance_id': 0},
++ {'id': 2,
++ 'address': 'DE:AD:BE:EF:00:02',
++ 'uuid': '00000000-0000-0000-0000-0000000000000002',
++ 'network_id': 1,
++ 'instance_id': 1},
++ {'id': 3,
++ 'address': 'DE:AD:BE:EF:00:03',
++ 'uuid': '00000000-0000-0000-0000-0000000000000003',
++ 'network_id': 0,
++ 'instance_id': 1},
++ {'id': 4,
++ 'address': 'DE:AD:BE:EF:00:04',
++ 'uuid': '00000000-0000-0000-0000-0000000000000004',
++ 'network_id': 0,
++ 'instance_id': 0},
++ {'id': 5,
++ 'address': 'DE:AD:BE:EF:00:05',
++ 'uuid': '00000000-0000-0000-0000-0000000000000005',
++ 'network_id': 1,
++ 'instance_id': 1}]
++
++
++class LinuxNetworkTestCase(test.TestCase):
++
++ def setUp(self):
++ super(LinuxNetworkTestCase, self).setUp()
++ network_driver = FLAGS.network_driver
++ self.driver = utils.import_object(network_driver)
++ self.driver.db = db
++ self.context = context.RequestContext('testuser', 'testproject',
++ is_admin=True)
++
++ def test_update_dhcp_for_nw00(self):
++ self.flags(use_single_default_gateway=True)
++
++ def get_vif(_context, vif_id):
++ return vifs[vif_id]
++
++ def get_instance(_context, instance_id):
++ return instances[instance_id]
++
++ self.stubs.Set(db, 'virtual_interface_get', get_vif)
++ self.stubs.Set(db, 'instance_get', get_instance)
++ self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
++ self.mox.StubOutWithMock(db, 'virtual_interface_get_by_instance')
++ self.mox.StubOutWithMock(self.driver, 'write_to_file')
++ self.mox.StubOutWithMock(self.driver, 'ensure_path')
++ self.mox.StubOutWithMock(os, 'chmod')
++
++ db.network_get_associated_fixed_ips(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([fixed_ips[0],
++ fixed_ips[3]])
++
++ db.network_get_associated_fixed_ips(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([fixed_ips[0],
++ fixed_ips[3]])
++ db.virtual_interface_get_by_instance(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([vifs[0], vifs[1]])
++ db.virtual_interface_get_by_instance(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([vifs[2], vifs[3]])
++ self.driver.write_to_file(mox.IgnoreArg(), mox.IgnoreArg())
++ self.driver.write_to_file(mox.IgnoreArg(), mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ os.chmod(mox.IgnoreArg(), mox.IgnoreArg())
++ os.chmod(mox.IgnoreArg(), mox.IgnoreArg())
++
++ self.mox.ReplayAll()
++
++ self.driver.update_dhcp(self.context, "eth0", networks[0])
++
++ def test_update_dhcp_for_nw01(self):
++ self.flags(use_single_default_gateway=True)
++
++ def get_vif(_context, vif_id):
++ return vifs[vif_id]
++
++ def get_instance(_context, instance_id):
++ return instances[instance_id]
++
++ self.stubs.Set(db, 'virtual_interface_get', get_vif)
++ self.stubs.Set(db, 'instance_get', get_instance)
++ self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
++ self.mox.StubOutWithMock(db, 'virtual_interface_get_by_instance')
++ self.mox.StubOutWithMock(self.driver, 'write_to_file')
++ self.mox.StubOutWithMock(self.driver, 'ensure_path')
++ self.mox.StubOutWithMock(os, 'chmod')
++
++ db.network_get_associated_fixed_ips(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([fixed_ips[1],
++ fixed_ips[2]])
++
++ db.network_get_associated_fixed_ips(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([fixed_ips[1],
++ fixed_ips[2]])
++ db.virtual_interface_get_by_instance(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([vifs[0], vifs[1]])
++ db.virtual_interface_get_by_instance(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([vifs[2], vifs[3]])
++ self.driver.write_to_file(mox.IgnoreArg(), mox.IgnoreArg())
++ self.driver.write_to_file(mox.IgnoreArg(), mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ self.driver.ensure_path(mox.IgnoreArg())
++ os.chmod(mox.IgnoreArg(), mox.IgnoreArg())
++ os.chmod(mox.IgnoreArg(), mox.IgnoreArg())
++
++ self.mox.ReplayAll()
++
++ self.driver.update_dhcp(self.context, "eth0", networks[0])
++
++ def test_get_dhcp_hosts_for_nw00(self):
++ self.flags(use_single_default_gateway=True)
++
++ def get_vif(_context, vif_id):
++ return vifs[vif_id]
++
++ def get_instance(_context, instance_id):
++ return instances[instance_id]
++
++ self.stubs.Set(db, 'virtual_interface_get', get_vif)
++ self.stubs.Set(db, 'instance_get', get_instance)
++ self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
++
++ db.network_get_associated_fixed_ips(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([fixed_ips[0],
++ fixed_ips[3]])
++ self.mox.ReplayAll()
++
++ expected = \
++ "DE:AD:BE:EF:00:00,fake_instance00.novalocal,"\
++ "192.168.0.100,net:NW-i00000000-0\n"\
++ "DE:AD:BE:EF:00:03,fake_instance01.novalocal,"\
++ "192.168.1.101,net:NW-i00000001-0"
++ actual_hosts = self.driver.get_dhcp_hosts(self.context, networks[1])
++
++ self.assertEquals(actual_hosts, expected)
++
++ def test_get_dhcp_hosts_for_nw01(self):
++ self.flags(use_single_default_gateway=True)
++
++ def get_vif(_context, vif_id):
++ return vifs[vif_id]
++
++ def get_instance(_context, instance_id):
++ return instances[instance_id]
++
++ self.stubs.Set(db, 'virtual_interface_get', get_vif)
++ self.stubs.Set(db, 'instance_get', get_instance)
++ self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
++
++ db.network_get_associated_fixed_ips(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([fixed_ips[1],
++ fixed_ips[2]])
++ self.mox.ReplayAll()
++
++ expected = \
++ "DE:AD:BE:EF:00:01,fake_instance00.novalocal,"\
++ "192.168.1.100,net:NW-i00000000-1\n"\
++ "DE:AD:BE:EF:00:02,fake_instance01.novalocal,"\
++ "192.168.0.101,net:NW-i00000001-1"
++ actual_hosts = self.driver.get_dhcp_hosts(self.context, networks[0])
++
++ self.assertEquals(actual_hosts, expected)
++
++ def test_get_dhcp_opts_for_nw00(self):
++ def get_instance(_context, instance_id):
++ return instances[instance_id]
++
++ self.stubs.Set(db, 'instance_get', get_instance)
++ self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
++ self.mox.StubOutWithMock(db, 'virtual_interface_get_by_instance')
++
++ db.network_get_associated_fixed_ips(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([fixed_ips[0],
++ fixed_ips[3],
++ fixed_ips[4]])
++ db.virtual_interface_get_by_instance(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([vifs[0],
++ vifs[1],
++ vifs[4]])
++ db.virtual_interface_get_by_instance(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([vifs[2],
++ vifs[3],
++ vifs[5]])
++ self.mox.ReplayAll()
++
++ expected_opts = 'NW-i00000001-0,3'
++ actual_opts = self.driver.get_dhcp_opts(self.context, networks[0])
++
++ self.assertEquals(actual_opts, expected_opts)
++
++ def test_get_dhcp_opts_for_nw01(self):
++ def get_instance(_context, instance_id):
++ print instance_id
++ return instances[instance_id]
++
++ self.stubs.Set(db, 'instance_get', get_instance)
++ self.mox.StubOutWithMock(db, 'network_get_associated_fixed_ips')
++ self.mox.StubOutWithMock(db, 'virtual_interface_get_by_instance')
++
++ db.network_get_associated_fixed_ips(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([fixed_ips[1],
++ fixed_ips[2],
++ fixed_ips[5]])
++ db.virtual_interface_get_by_instance(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([vifs[0],
++ vifs[1],
++ vifs[4]])
++ db.virtual_interface_get_by_instance(mox.IgnoreArg(),
++ mox.IgnoreArg())\
++ .AndReturn([vifs[2],
++ vifs[3],
++ vifs[5]])
++ self.mox.ReplayAll()
++
++ expected_opts = "NW-i00000000-1,3"
++ actual_opts = self.driver.get_dhcp_opts(self.context, networks[1])
++
++ self.assertEquals(actual_opts, expected_opts)
++
++ def test_dhcp_opts_not_default_gateway_network(self):
++ expected = "NW-i00000000-0,3"
++ actual = self.driver._host_dhcp_opts(fixed_ips[0], instances[0])
++ self.assertEquals(actual, expected)
++
++ def test_host_dhcp_without_default_gateway_network(self):
++ expected = ','.join(['DE:AD:BE:EF:00:00',
++ 'fake_instance00.novalocal',
++ '192.168.0.100'])
++ actual = self.driver._host_dhcp(fixed_ips[0], vifs[0], instances[0])
++ self.assertEquals(actual, expected)
++
++ def test_linux_bridge_driver_plug(self):
++ """Makes sure plug doesn't drop FORWARD by default.
++
++ Ensures bug 890195 doesn't reappear."""
++
++ def fake_execute(*args, **kwargs):
++ return "", ""
++ self.stubs.Set(utils, 'execute', fake_execute)
++
++ def verify_add_rule(chain, rule):
++ self.assertEqual(chain, 'FORWARD')
++ self.assertIn('ACCEPT', rule)
++ self.stubs.Set(linux_net.iptables_manager.ipv4['filter'],
++ 'add_rule', verify_add_rule)
++ driver = linux_net.LinuxBridgeInterfaceDriver()
++ driver.plug({"bridge": "br100", "bridge_interface": "eth0"},
++ "fakemac")
++
++ def test_vlan_override(self):
++ """Makes sure vlan_interface flag overrides network bridge_interface.
++
++ Allows heterogeneous networks a la bug 833426"""
++
++ driver = linux_net.LinuxBridgeInterfaceDriver()
++
++ @classmethod
++ def test_ensure(_self, vlan, bridge, interface, network, mac_address):
++ self.passed_interface = interface
++
++ self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver,
++ 'ensure_vlan_bridge', test_ensure)
++
++ network = {
++ "bridge": "br100",
++ "bridge_interface": "base_interface",
++ "vlan": "fake"
++ }
++ driver.plug(network, "fakemac")
++ self.assertEqual(self.passed_interface, "base_interface")
++ self.flags(vlan_interface="override_interface")
++ driver.plug(network, "fakemac")
++ self.assertEqual(self.passed_interface, "override_interface")
++
++ def _test_initialize_gateway(self, existing, expected, routes=''):
++ self.flags(fake_network=False)
++ executes = []
++
++ def fake_execute(*args, **kwargs):
++ executes.append(args)
++ if args[0] == 'ip' and args[1] == 'addr' and args[2] == 'show':
++ return existing, ""
++ if args[0] == 'route' and args[1] == '-n':
++ return routes, ""
++ self.stubs.Set(utils, 'execute', fake_execute)
++ network = {'dhcp_server': '192.168.1.1',
++ 'cidr': '192.168.1.0/24',
++ 'broadcast': '192.168.1.255',
++ 'cidr_v6': '2001:db8::/64'}
++ self.driver.initialize_gateway_device('eth0', network)
++ self.assertEqual(executes, expected)
++
++ def test_initialize_gateway_moves_wrong_ip(self):
++ existing = ("2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> "
++ " mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000\n"
++ " link/ether de:ad:be:ef:be:ef brd ff:ff:ff:ff:ff:ff\n"
++ " inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0\n"
++ " inet6 dead::beef:dead:beef:dead/64 scope link\n"
++ " valid_lft forever preferred_lft forever\n")
++ expected = [
++ ('ip', 'addr', 'show', 'dev', 'eth0', 'scope', 'global'),
++ ('route', '-n'),
++ ('ip', 'addr', 'del', '192.168.0.1/24',
++ 'brd', '192.168.0.255', 'scope', 'global', 'dev', 'eth0'),
++ ('ip', 'addr', 'add', '192.168.1.1/24',
++ 'brd', '192.168.1.255', 'dev', 'eth0'),
++ ('ip', 'addr', 'add', '192.168.0.1/24',
++ 'brd', '192.168.0.255', 'scope', 'global', 'dev', 'eth0'),
++ ('ip', '-f', 'inet6', 'addr', 'change',
++ '2001:db8::/64', 'dev', 'eth0'),
++ ('ip', 'link', 'set', 'dev', 'eth0', 'promisc', 'on'),
++ ]
++ self._test_initialize_gateway(existing, expected)
++
++ def test_initialize_gateway_resets_route(self):
++ routes = "0.0.0.0 192.68.0.1 0.0.0.0 " \
++ "UG 100 0 0 eth0"
++ existing = ("2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> "
++ " mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000\n"
++ " link/ether de:ad:be:ef:be:ef brd ff:ff:ff:ff:ff:ff\n"
++ " inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0\n"
++ " inet6 dead::beef:dead:beef:dead/64 scope link\n"
++ " valid_lft forever preferred_lft forever\n")
++ expected = [
++ ('ip', 'addr', 'show', 'dev', 'eth0', 'scope', 'global'),
++ ('route', '-n'),
++ ('route', 'del', 'default', 'gw', '192.68.0.1', 'dev', 'eth0'),
++ ('ip', 'addr', 'del', '192.168.0.1/24',
++ 'brd', '192.168.0.255', 'scope', 'global', 'dev', 'eth0'),
++ ('ip', 'addr', 'add', '192.168.1.1/24',
++ 'brd', '192.168.1.255', 'dev', 'eth0'),
++ ('ip', 'addr', 'add', '192.168.0.1/24',
++ 'brd', '192.168.0.255', 'scope', 'global', 'dev', 'eth0'),
++ ('route', 'add', 'default', 'gw', '192.68.0.1'),
++ ('ip', '-f', 'inet6', 'addr', 'change',
++ '2001:db8::/64', 'dev', 'eth0'),
++ ('ip', 'link', 'set', 'dev', 'eth0', 'promisc', 'on'),
++ ]
++ self._test_initialize_gateway(existing, expected, routes)
++
++ def test_initialize_gateway_no_move_right_ip(self):
++ existing = ("2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> "
++ " mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000\n"
++ " link/ether de:ad:be:ef:be:ef brd ff:ff:ff:ff:ff:ff\n"
++ " inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0\n"
++ " inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0\n"
++ " inet6 dead::beef:dead:beef:dead/64 scope link\n"
++ " valid_lft forever preferred_lft forever\n")
++ expected = [
++ ('ip', 'addr', 'show', 'dev', 'eth0', 'scope', 'global'),
++ ('ip', '-f', 'inet6', 'addr', 'change',
++ '2001:db8::/64', 'dev', 'eth0'),
++ ('ip', 'link', 'set', 'dev', 'eth0', 'promisc', 'on'),
++ ]
++ self._test_initialize_gateway(existing, expected)
++
++ def test_initialize_gateway_add_if_blank(self):
++ existing = ("2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> "
++ " mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000\n"
++ " link/ether de:ad:be:ef:be:ef brd ff:ff:ff:ff:ff:ff\n"
++ " inet6 dead::beef:dead:beef:dead/64 scope link\n"
++ " valid_lft forever preferred_lft forever\n")
++ expected = [
++ ('ip', 'addr', 'show', 'dev', 'eth0', 'scope', 'global'),
++ ('route', '-n'),
++ ('ip', 'addr', 'add', '192.168.1.1/24',
++ 'brd', '192.168.1.255', 'dev', 'eth0'),
++ ('ip', '-f', 'inet6', 'addr', 'change',
++ '2001:db8::/64', 'dev', 'eth0'),
++ ('ip', 'link', 'set', 'dev', 'eth0', 'promisc', 'on'),
++ ]
++ self._test_initialize_gateway(existing, expected)
+diff --git a/nova/virt/libvirt/vif.py b/nova/virt/libvirt/vif.py
+index fdfae38..aee2a8a 100644
+--- a/nova/virt/libvirt/vif.py
++++ b/nova/virt/libvirt/vif.py
+@@ -77,13 +77,14 @@ class LibvirtBridgeDriver(VIFDriver):
+ if (not network.get('multi_host') and
+ mapping.get('should_create_bridge')):
+ if mapping.get('should_create_vlan'):
++ iface = FLAGS.vlan_interface or network['bridge_interface']
+ LOG.debug(_('Ensuring vlan %(vlan)s and bridge %(bridge)s'),
+ {'vlan': network['vlan'],
+ 'bridge': network['bridge']})
+ linux_net.LinuxBridgeInterfaceDriver.ensure_vlan_bridge(
+ network['vlan'],
+ network['bridge'],
+- network['bridge_interface'])
++ iface)
+ else:
+ LOG.debug(_("Ensuring bridge %s"), network['bridge'])
+ linux_net.LinuxBridgeInterfaceDriver.ensure_bridge(
+diff --git a/nova/virt/xenapi/vif.py b/nova/virt/xenapi/vif.py
+index 2f25efe..11d5ade 100644
+--- a/nova/virt/xenapi/vif.py
++++ b/nova/virt/xenapi/vif.py
+@@ -59,7 +59,7 @@ class XenAPIBridgeDriver(VIFDriver):
+
+ vlan_num = network['vlan']
+ bridge = network['bridge']
+- bridge_interface = network['bridge_interface']
++ bridge_interface = FLAGS.vlan_interface or network['bridge_interface']
+ # Check whether bridge already exists
+ # Retrieve network whose name_label is "bridge"
+ network_ref = NetworkHelper.find_network_with_name_label(
diff --git a/0006-Don-t-log-sensitive-data-in-compute-log-file.patch b/0006-Don-t-log-sensitive-data-in-compute-log-file.patch
new file mode 100644
index 0000000..92e5d1a
--- /dev/null
+++ b/0006-Don-t-log-sensitive-data-in-compute-log-file.patch
@@ -0,0 +1,109 @@
+From 552a53d49d7fbf190f1478b110f6934ebb0620c4 Mon Sep 17 00:00:00 2001
+From: Russell Bryant <rbryant at redhat.com>
+Date: Thu, 9 Feb 2012 09:39:15 -0500
+Subject: [PATCH] Don't log sensitive data in compute log file.
+
+Sanitize run_instance's admin_password argument from
+nova.rpc 'received' debug logging. Fixes bug 915025.
+
+Sanitize new_pass from set_admin_password. Fixes bug 920687.
+
+Manually merged from:
+ ccbc940211c348940ca9766ef60328302a080f9a
+ fa10e7ad5b3f6ab5de5b7b187da7a8bf05a263d5
+
+Change-Id: I3af8263f88ef2e68d5d7f6d8c4824737fffcf461
+---
+ Authors | 1 +
+ nova/rpc/common.py | 21 +++++++++++++++++++++
+ nova/rpc/impl_carrot.py | 3 ++-
+ nova/rpc/impl_kombu.py | 3 ++-
+ 4 files changed, 26 insertions(+), 2 deletions(-)
+
+diff --git a/Authors b/Authors
+index 49706a1..de37b1d 100644
+--- a/Authors
++++ b/Authors
+@@ -110,6 +110,7 @@ Ricardo Carrillo Cruz <emaildericky at gmail.com>
+ Rick Clark <rick at openstack.org>
+ Rick Harris <rconradharris at gmail.com>
+ Rob Kost <kost at isi.edu>
++Russell Bryant <rbryant at redhat.com>
+ Ryan Lane <rlane at wikimedia.org>
+ Ryan Lucio <rlucio at internap.com>
+ Ryu Ishimoto <ryu at midokura.jp>
+diff --git a/nova/rpc/common.py b/nova/rpc/common.py
+index b8c2806..7bfe59a 100644
+--- a/nova/rpc/common.py
++++ b/nova/rpc/common.py
+@@ -1,3 +1,5 @@
++import copy
++
+ from nova import exception
+ from nova import flags
+ from nova import log as logging
+@@ -27,3 +29,22 @@ class RemoteError(exception.Error):
+ super(RemoteError, self).__init__('%s %s\n%s' % (exc_type,
+ value,
+ traceback))
++
++
++def _safe_log(log_func, msg, msg_data):
++ """Sanitizes the msg_data field before logging."""
++ SANITIZE = {
++ 'set_admin_password': ('new_pass',),
++ 'run_instance': ('admin_password',),
++ }
++ method = msg_data['method']
++ if method in SANITIZE:
++ msg_data = copy.deepcopy(msg_data)
++ args_to_sanitize = SANITIZE[method]
++ for arg in args_to_sanitize:
++ try:
++ msg_data['args'][arg] = "<SANITIZED>"
++ except KeyError:
++ pass
++
++ return log_func(msg, msg_data)
+diff --git a/nova/rpc/impl_carrot.py b/nova/rpc/impl_carrot.py
+index 57fd074..f68f2b8 100644
+--- a/nova/rpc/impl_carrot.py
++++ b/nova/rpc/impl_carrot.py
+@@ -43,6 +43,7 @@ from nova import context
+ from nova import exception
+ from nova import fakerabbit
+ from nova import flags
++import nova.rpc.common as rpc_common
+ from nova.rpc.common import RemoteError, LOG
+
+ # Needed for tests
+@@ -252,7 +253,7 @@ class AdapterConsumer(Consumer):
+ Example: {'method': 'echo', 'args': {'value': 42}}
+
+ """
+- LOG.debug(_('received %s') % message_data)
++ rpc_common._safe_log(LOG.debug, _('received %s'), message_data)
+ # This will be popped off in _unpack_context
+ msg_id = message_data.get('_msg_id', None)
+ ctxt = _unpack_context(message_data)
+diff --git a/nova/rpc/impl_kombu.py b/nova/rpc/impl_kombu.py
+index b9058f3..403c094 100644
+--- a/nova/rpc/impl_kombu.py
++++ b/nova/rpc/impl_kombu.py
+@@ -33,6 +33,7 @@ import greenlet
+ from nova import context
+ from nova import exception
+ from nova import flags
++import nova.rpc.common as rpc_common
+ from nova.rpc.common import RemoteError, LOG
+
+ # Needed for tests
+@@ -597,7 +598,7 @@ class ProxyCallback(object):
+ Example: {'method': 'echo', 'args': {'value': 42}}
+
+ """
+- LOG.debug(_('received %s') % message_data)
++ rpc_common._safe_log(LOG.debug, _('received %s'), message_data)
+ ctxt = _unpack_context(message_data)
+ method = message_data.get('method')
+ args = message_data.get('args', {})
diff --git a/0007-Fix-nova-manage-floating-delete-with-ip_range.patch b/0007-Fix-nova-manage-floating-delete-with-ip_range.patch
new file mode 100644
index 0000000..c21065c
--- /dev/null
+++ b/0007-Fix-nova-manage-floating-delete-with-ip_range.patch
@@ -0,0 +1,29 @@
+From ff30847e50a7924f0ccb5be699643c02f689fea4 Mon Sep 17 00:00:00 2001
+From: Russell Bryant <rbryant at redhat.com>
+Date: Wed, 15 Feb 2012 17:40:36 -0500
+Subject: [PATCH] Fix nova-manage floating delete with --ip_range.
+
+This patch fixes an error when trying to delete a range of floating IPs
+as reported in bug 932070.
+
+This was fixed in master as a part of:
+ 9e21a2228c191896223daae2379fcf1352cc736c
+
+Change-Id: I165e59a258d728c222cfea0406d4bc78cfab669c
+---
+ bin/nova-manage | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/bin/nova-manage b/bin/nova-manage
+index f3aff19..e56c5ba 100755
+--- a/bin/nova-manage
++++ b/bin/nova-manage
+@@ -697,7 +697,7 @@ class FloatingIpCommands(object):
+ @args('--ip_range', dest="ip_range", metavar='<range>', help='IP range')
+ def delete(self, ip_range):
+ """Deletes floating ips by range"""
+- for address in netaddr.IPNetwork(ip_range):
++ for address in netaddr.IPNetwork(ip_range).iter_hosts():
+ db.floating_ip_destroy(context.get_admin_context(),
+ str(address))
+
diff --git a/0008-Bump-python-novaclient-version-to-2.6.0.1.patch b/0008-Bump-python-novaclient-version-to-2.6.0.1.patch
new file mode 100644
index 0000000..6769133
--- /dev/null
+++ b/0008-Bump-python-novaclient-version-to-2.6.0.1.patch
@@ -0,0 +1,57 @@
+From 61fc0b8a5328414e27e347f1b685943ca4a19b59 Mon Sep 17 00:00:00 2001
+From: Dan Prince <dprince at redhat.com>
+Date: Tue, 10 Apr 2012 21:13:49 -0400
+Subject: [PATCH] Bump python-novaclient version to 2.6.0.1.
+
+Bump the python-novaclient version in pip-requires to 2.6.0.1. The
+previous python-novaclient version 2.6.0 was broken and thus
+Diablo tests were failing.
+
+Also nails the Glance version in pip-requires to 2011.3.1. This
+should fix 'No module named iso8601' errors when running
+Diablo tests with the latest Diablo trunk builds.
+
+Change-Id: Idc9bcceaff91afa69fbc255bc39a68d854ac1127
+---
+ .mailmap | 1 +
+ Authors | 2 +-
+ tools/pip-requires | 4 ++--
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/.mailmap b/.mailmap
+index b9e61f6..090265a 100644
+diff --git a/Authors b/Authors
+index de37b1d..eddf0e6 100644
+--- a/Authors
++++ b/Authors
+@@ -27,7 +27,7 @@ Christian Berendt <berendt at b1-systems.de>
+ Christopher MacGown <chris at pistoncloud.com>
+ Chuck Short <zulcss at ubuntu.com>
+ Cory Wright <corywright at gmail.com>
+-Dan Prince <dan.prince at rackspace.com>
++Dan Prince <dprince at redhat.com>
+ Dan Wendlandt <dan at nicira.com>
+ Dave Walker <DaveWalker at ubuntu.com>
+ David Pravec <David.Pravec at danix.org>
+diff --git a/tools/pip-requires b/tools/pip-requires
+index 26c639b..5ce28ad 100644
+--- a/tools/pip-requires
++++ b/tools/pip-requires
+@@ -11,7 +11,7 @@ eventlet
+ kombu==1.0.4
+ lockfile==0.8
+ lxml==2.3
+-python-novaclient==2.6.0
++python-novaclient==2.6.0.1
+ python-daemon==1.5.5
+ python-gflags==1.3
+ redis==2.0.0
+@@ -26,7 +26,7 @@ paste
+ sqlalchemy-migrate
+ netaddr
+ sphinx
+-glance
++glance==2011.3.1
+ xattr>=0.6.0
+ nova-adminclient
+ suds==0.4
diff --git a/0012-Add-validation-for-OSAPI-server-name-length.patch b/0009-Add-validation-for-OSAPI-server-name-length.patch
similarity index 97%
rename from 0012-Add-validation-for-OSAPI-server-name-length.patch
rename to 0009-Add-validation-for-OSAPI-server-name-length.patch
index 0703452..563d607 100644
--- a/0012-Add-validation-for-OSAPI-server-name-length.patch
+++ b/0009-Add-validation-for-OSAPI-server-name-length.patch
@@ -1,4 +1,4 @@
-From 6a46582bee253abbbf1f2fd3d64e950fedf04975 Mon Sep 17 00:00:00 2001
+From 1ebec5726c7a9db0a6f29fad0ef747b0c087f702 Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince at redhat.com>
Date: Thu, 29 Mar 2012 10:46:59 -0400
Subject: [PATCH] Add validation for OSAPI server name length.
diff --git a/0013-Fix-undefined-glance_host-in-get_glance_client.patch b/0010-Fix-undefined-glance_host-in-get_glance_client.patch
similarity index 97%
rename from 0013-Fix-undefined-glance_host-in-get_glance_client.patch
rename to 0010-Fix-undefined-glance_host-in-get_glance_client.patch
index 66bb837..1d317fb 100644
--- a/0013-Fix-undefined-glance_host-in-get_glance_client.patch
+++ b/0010-Fix-undefined-glance_host-in-get_glance_client.patch
@@ -1,4 +1,4 @@
-From ba534d3de24a39c319b0e3f177e6be03d1022b01 Mon Sep 17 00:00:00 2001
+From 947a25b6e906e6894cb61e243169e5f67e729e2b Mon Sep 17 00:00:00 2001
From: Mike Lundy <mike at pistoncloud.com>
Date: Mon, 24 Oct 2011 20:05:19 -0700
Subject: [PATCH] Fix undefined glance_host in get_glance_client
@@ -22,7 +22,7 @@ Change-Id: Idbe6c06c22ca1a50df589e016ea5e5924b0cc29d
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/Authors b/Authors
-index 49706a1..8983c8d 100644
+index eddf0e6..97fd649 100644
--- a/Authors
+++ b/Authors
@@ -92,6 +92,7 @@ Masanori Itoh <itoumsn at nttdata.co.jp>
diff --git a/0014-Implement-quotas-for-security-groups.patch b/0011-Implement-quotas-for-security-groups.patch
similarity index 99%
rename from 0014-Implement-quotas-for-security-groups.patch
rename to 0011-Implement-quotas-for-security-groups.patch
index 7b8de5f..513a27c 100644
--- a/0014-Implement-quotas-for-security-groups.patch
+++ b/0011-Implement-quotas-for-security-groups.patch
@@ -1,4 +1,4 @@
-From bfb80b8a5e292576f3162619dc6ad6e53505a6bd Mon Sep 17 00:00:00 2001
+From 8c8735a73afb16d5856f0aa6088e9ae406c52beb Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince at redhat.com>
Date: Wed, 11 Apr 2012 16:21:29 -0400
Subject: [PATCH] Implement quotas for security groups.
diff --git a/0002-Add-INPUT-chain-rule-for-EC2-metadata-requests-lp-85.patch b/0012-Add-INPUT-chain-rule-for-EC2-metadata-requests-lp-85.patch
similarity index 93%
rename from 0002-Add-INPUT-chain-rule-for-EC2-metadata-requests-lp-85.patch
rename to 0012-Add-INPUT-chain-rule-for-EC2-metadata-requests-lp-85.patch
index 91dcf73..13396b2 100644
--- a/0002-Add-INPUT-chain-rule-for-EC2-metadata-requests-lp-85.patch
+++ b/0012-Add-INPUT-chain-rule-for-EC2-metadata-requests-lp-85.patch
@@ -1,4 +1,4 @@
-From 464b843bcd4c014b7a8940184727ad764a397443 Mon Sep 17 00:00:00 2001
+From e1cc6b0c7677acf9c742bb0bfc115d84022cd6e8 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc at redhat.com>
Date: Mon, 5 Sep 2011 07:10:52 +0100
Subject: [PATCH] Add INPUT chain rule for EC2 metadata requests (lp:856385)
@@ -21,7 +21,7 @@ Change-Id: Ic99ba9249ce5219cd2631184154add82d25d9d6d
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py
-index a6aea8a..df43f54 100755
+index 67c2f37..cb71f9b 100755
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@@ -378,6 +378,10 @@ def metadata_forward():
diff --git a/0003-Have-nova-api-add-the-INPUT-rule-for-EC2-metadata-lp.patch b/0013-Have-nova-api-add-the-INPUT-rule-for-EC2-metadata-lp.patch
similarity index 98%
rename from 0003-Have-nova-api-add-the-INPUT-rule-for-EC2-metadata-lp.patch
rename to 0013-Have-nova-api-add-the-INPUT-rule-for-EC2-metadata-lp.patch
index 4b8493d..bdb4015 100644
--- a/0003-Have-nova-api-add-the-INPUT-rule-for-EC2-metadata-lp.patch
+++ b/0013-Have-nova-api-add-the-INPUT-rule-for-EC2-metadata-lp.patch
@@ -1,4 +1,4 @@
-From 1276248a43361b46f8ca2568c029e075b7e5406d Mon Sep 17 00:00:00 2001
+From 8e23bafa4afab0090736e60183fe1861cece8f7e Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc at redhat.com>
Date: Thu, 8 Sep 2011 14:29:49 +0100
Subject: [PATCH] Have nova-api add the INPUT rule for EC2 metadata
@@ -84,7 +84,7 @@ index 11ac9f6..792407b 100644
DEFINE_bool('monkey_patch', False,
diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py
-index df43f54..2ad8452 100755
+index cb71f9b..0961c4a 100755
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@@ -378,10 +378,17 @@ def metadata_forward():
diff --git a/0004-Allow-the-user-to-choose-either-ietadm-or-tgtadm-lp-.patch b/0014-Allow-the-user-to-choose-either-ietadm-or-tgtadm-lp-.patch
similarity index 99%
rename from 0004-Allow-the-user-to-choose-either-ietadm-or-tgtadm-lp-.patch
rename to 0014-Allow-the-user-to-choose-either-ietadm-or-tgtadm-lp-.patch
index ddde94e..6a03356 100644
--- a/0004-Allow-the-user-to-choose-either-ietadm-or-tgtadm-lp-.patch
+++ b/0014-Allow-the-user-to-choose-either-ietadm-or-tgtadm-lp-.patch
@@ -1,4 +1,4 @@
-From 7674cb87528fc40f330bc501fd246e945e14d276 Mon Sep 17 00:00:00 2001
+From 0357fdee9cfd9212b3cc2a81b438769bb63b2a48 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc at redhat.com>
Date: Thu, 11 Aug 2011 07:44:38 -0400
Subject: [PATCH] Allow the user to choose either ietadm or tgtadm (lp:819997)
diff --git a/0005-Remove-VolumeDriver.sync_exec-method-lp-819997.patch b/0015-Remove-VolumeDriver.sync_exec-method-lp-819997.patch
similarity index 99%
rename from 0005-Remove-VolumeDriver.sync_exec-method-lp-819997.patch
rename to 0015-Remove-VolumeDriver.sync_exec-method-lp-819997.patch
index 927819d..803a072 100644
--- a/0005-Remove-VolumeDriver.sync_exec-method-lp-819997.patch
+++ b/0015-Remove-VolumeDriver.sync_exec-method-lp-819997.patch
@@ -1,4 +1,4 @@
-From 9f018314935374e05a50923d32c7b3933e86cea9 Mon Sep 17 00:00:00 2001
+From c24f7be3edcccdb9ebd9261265f00643b07b53df Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc at redhat.com>
Date: Sun, 18 Sep 2011 12:04:46 +0100
Subject: [PATCH] Remove VolumeDriver.sync_exec method (lp:819997)
diff --git a/0006-Refactor-ietadm-tgtadm-calls-out-into-helper-classes.patch b/0016-Refactor-ietadm-tgtadm-calls-out-into-helper-classes.patch
similarity index 99%
rename from 0006-Refactor-ietadm-tgtadm-calls-out-into-helper-classes.patch
rename to 0016-Refactor-ietadm-tgtadm-calls-out-into-helper-classes.patch
index 76af87a..ca5174d 100644
--- a/0006-Refactor-ietadm-tgtadm-calls-out-into-helper-classes.patch
+++ b/0016-Refactor-ietadm-tgtadm-calls-out-into-helper-classes.patch
@@ -1,4 +1,4 @@
-From 4dd34f3f5ce0482788077bcb9457d5ff8bf8f792 Mon Sep 17 00:00:00 2001
+From 224d99a25d40e11c6ea6209603224e5b9e871d6a Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc at redhat.com>
Date: Sun, 18 Sep 2011 16:02:43 +0100
Subject: [PATCH] Refactor ietadm/tgtadm calls out into helper classes
diff --git a/0007-Fix-tgtadm-off-by-one-error.-Fixes-bug-871278.patch b/0017-Fix-tgtadm-off-by-one-error.-Fixes-bug-871278.patch
similarity index 95%
rename from 0007-Fix-tgtadm-off-by-one-error.-Fixes-bug-871278.patch
rename to 0017-Fix-tgtadm-off-by-one-error.-Fixes-bug-871278.patch
index 42bc4e2..91aa00f 100644
--- a/0007-Fix-tgtadm-off-by-one-error.-Fixes-bug-871278.patch
+++ b/0017-Fix-tgtadm-off-by-one-error.-Fixes-bug-871278.patch
@@ -1,4 +1,4 @@
-From 7bd0b6b004e686fa97ebc0a2e5e9bb75d95aaeea Mon Sep 17 00:00:00 2001
+From df5239af7a166daa8ab9551cd9481026bde76aae Mon Sep 17 00:00:00 2001
From: Chuck Short <chuck.short at canonical.com>
Date: Tue, 13 Dec 2011 13:45:43 -0500
Subject: [PATCH] Fix tgtadm off by one error. Fixes bug #871278
diff --git a/0008-Bug-898257-abstract-out-disk-image-access-methods.patch b/0018-Bug-898257-abstract-out-disk-image-access-methods.patch
similarity index 99%
rename from 0008-Bug-898257-abstract-out-disk-image-access-methods.patch
rename to 0018-Bug-898257-abstract-out-disk-image-access-methods.patch
index e85ff6d..206107d 100644
--- a/0008-Bug-898257-abstract-out-disk-image-access-methods.patch
+++ b/0018-Bug-898257-abstract-out-disk-image-access-methods.patch
@@ -1,4 +1,4 @@
-From b89cb44fd42849f8f94d22efa651f935b6ae376f Mon Sep 17 00:00:00 2001
+From dfc0e2be1ceac19ce92cff8fc3ea4e1c79c8ad56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Wed, 30 Nov 2011 17:00:17 +0000
Subject: [PATCH] Bug#898257 abstract out disk image access methods
@@ -1021,7 +1021,7 @@ index 0000000..55b287e
+ self.linked = False
+ self.device = None
diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
-index 55cb31d..9abd330 100644
+index 17667ea..58c63d2 100644
--- a/nova/virt/libvirt/connection.py
+++ b/nova/virt/libvirt/connection.py
@@ -179,6 +179,7 @@ class LibvirtConnection(driver.ComputeDriver):
diff --git a/0009-Bug-898257-support-handling-images-with-libguestfs.patch b/0019-Bug-898257-support-handling-images-with-libguestfs.patch
similarity index 98%
rename from 0009-Bug-898257-support-handling-images-with-libguestfs.patch
rename to 0019-Bug-898257-support-handling-images-with-libguestfs.patch
index 8cfd19b..82656c8 100644
--- a/0009-Bug-898257-support-handling-images-with-libguestfs.patch
+++ b/0019-Bug-898257-support-handling-images-with-libguestfs.patch
@@ -1,4 +1,4 @@
-From 2b3f7c99df94960ee76590394e209a827fe5c240 Mon Sep 17 00:00:00 2001
+From e8b17424336603b01814b3c77dd429be4014dfb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Wed, 30 Nov 2011 17:00:17 +0000
Subject: [PATCH] Bug#898257 support handling images with libguestfs
diff --git a/0010-Fix-libguestfs-operation-with-specified-partitions.patch b/0020-Fix-libguestfs-operation-with-specified-partitions.patch
similarity index 95%
rename from 0010-Fix-libguestfs-operation-with-specified-partitions.patch
rename to 0020-Fix-libguestfs-operation-with-specified-partitions.patch
index 75e6f21..84b477f 100644
--- a/0010-Fix-libguestfs-operation-with-specified-partitions.patch
+++ b/0020-Fix-libguestfs-operation-with-specified-partitions.patch
@@ -1,4 +1,4 @@
-From 69fcb2df30ae3e1e406ca58080cf88aba5b8ab7b Mon Sep 17 00:00:00 2001
+From 2e1a3dd69f9d76b0e89d20661a2762f9fab4cab4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Tue, 10 Jan 2012 10:54:21 +0000
Subject: [PATCH] Fix libguestfs operation with specified partitions
diff --git a/0011-Ensure-we-don-t-access-the-net-when-building-docs.patch b/0021-Ensure-we-don-t-access-the-net-when-building-docs.patch
similarity index 94%
rename from 0011-Ensure-we-don-t-access-the-net-when-building-docs.patch
rename to 0021-Ensure-we-don-t-access-the-net-when-building-docs.patch
index 7a175b1..bcabbbc 100644
--- a/0011-Ensure-we-don-t-access-the-net-when-building-docs.patch
+++ b/0021-Ensure-we-don-t-access-the-net-when-building-docs.patch
@@ -1,4 +1,4 @@
-From 3588ad017f290892ddbf56a124926076edee4e79 Mon Sep 17 00:00:00 2001
+From 46d76782c9efc2a1154e5f4a84740fa6f10f3ff9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Fri, 6 Jan 2012 12:16:34 +0000
Subject: [PATCH] Ensure we don't access the net when building docs
diff --git a/0022-Fix-up-protocol-case-handling-for-security-groups.patch b/0022-Fix-up-protocol-case-handling-for-security-groups.patch
new file mode 100644
index 0000000..08cd0ee
--- /dev/null
+++ b/0022-Fix-up-protocol-case-handling-for-security-groups.patch
@@ -0,0 +1,90 @@
+From 97c9e73ada674a1e009fc1126de0aef0de1c59e9 Mon Sep 17 00:00:00 2001
+From: Vishvananda Ishaya <vishvananda at gmail.com>
+Date: Wed, 6 Jun 2012 13:25:04 -0400
+Subject: [PATCH] Fix up protocol case handling for security groups.
+
+Fix bug 985184.
+
+When creating security group rules, any case for the protocol was
+accepted as input, such as TCP, Tcp, tcp, etc., and was stored in the
+database as specified. However, unless specified as all lowercase, the
+code to apply the rules would break and result in some rules not being
+applied.
+
+(cherry picked from commit ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654)
+
+Change-Id: I36af1db29c2bd97627d614df21b5da07db29a8ab
+---
+ nova/api/ec2/cloud.py | 2 +-
+ nova/api/openstack/contrib/security_groups.py | 2 +-
+ nova/virt/libvirt/firewall.py | 15 ++++++++-------
+ 3 files changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
+index cd41921..de50b6a 100644
+--- a/nova/api/ec2/cloud.py
++++ b/nova/api/ec2/cloud.py
+@@ -740,7 +740,7 @@ class CloudController(object):
+ to_port=to_port, msg="For ICMP, the"
+ " type:code must be valid")
+
+- values['protocol'] = ip_protocol
++ values['protocol'] = ip_protocol.lower()
+ values['from_port'] = from_port
+ values['to_port'] = to_port
+ else:
+diff --git a/nova/api/openstack/contrib/security_groups.py b/nova/api/openstack/contrib/security_groups.py
+index 78d4881..2844b19 100644
+--- a/nova/api/openstack/contrib/security_groups.py
++++ b/nova/api/openstack/contrib/security_groups.py
+@@ -331,7 +331,7 @@ class SecurityGroupRulesController(SecurityGroupController):
+ to_port=to_port, msg="For ICMP, the"
+ " type:code must be valid")
+
+- values['protocol'] = ip_protocol
++ values['protocol'] = ip_protocol.lower()
+ values['from_port'] = from_port
+ values['to_port'] = to_port
+ else:
+diff --git a/nova/virt/libvirt/firewall.py b/nova/virt/libvirt/firewall.py
+index dfa1deb..8d1bbe0 100644
+--- a/nova/virt/libvirt/firewall.py
++++ b/nova/virt/libvirt/firewall.py
+@@ -417,20 +417,21 @@ class NWFilterFirewall(FirewallDriver):
+ rule_xml += "<rule action='accept' direction='in' priority='300'>"
+ if rule.cidr:
+ version = netutils.get_ip_version(rule.cidr)
++ protocol = rule.protocol.lower()
+ if(FLAGS.use_ipv6 and version == 6):
+ net, prefixlen = netutils.get_net_and_prefixlen(rule.cidr)
+ rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \
+- (v6protocol[rule.protocol], net, prefixlen)
++ (v6protocol[protocol], net, prefixlen)
+ else:
+ net, mask = netutils.get_net_and_mask(rule.cidr)
+ rule_xml += "<%s srcipaddr='%s' srcipmask='%s' " % \
+- (rule.protocol, net, mask)
+- if rule.protocol in ['tcp', 'udp']:
++ (protocol, net, mask)
++ if protocol in ['tcp', 'udp']:
+ rule_xml += "dstportstart='%s' dstportend='%s' " % \
+ (rule.from_port, rule.to_port)
+- elif rule.protocol == 'icmp':
++ elif protocol == 'icmp':
+ LOG.info('rule.protocol: %r, rule.from_port: %r, '
+- 'rule.to_port: %r', rule.protocol,
++ 'rule.to_port: %r', protocol,
+ rule.from_port, rule.to_port)
+ if rule.from_port != -1:
+ rule_xml += "type='%s' " % rule.from_port
+@@ -659,8 +660,8 @@ class IptablesFirewallDriver(FirewallDriver):
+ else:
+ fw_rules = ipv6_rules
+
+- protocol = rule.protocol
+- if version == 6 and rule.protocol == 'icmp':
++ protocol = rule.protocol.lower()
++ if version == 6 and protocol == 'icmp':
+ protocol = 'icmpv6'
+
+ args = ['-j ACCEPT']
diff --git a/openstack-nova.spec b/openstack-nova.spec
index 9dee26b..68a6d9a 100644
--- a/openstack-nova.spec
+++ b/openstack-nova.spec
@@ -2,7 +2,7 @@
Name: openstack-nova
Version: 2011.3.1
-Release: 8%{?dist}
+Release: 9%{?dist}
Summary: OpenStack Compute (nova)
Group: Applications/System
@@ -30,20 +30,27 @@ Source23: openstack-nova-db-setup
#
# patches_base=2011.3.1
#
-Patch0001: 0001-Bug-920497-fix-X-Server-Management-Url-for-v1.0-noau.patch
-Patch0002: 0002-Add-INPUT-chain-rule-for-EC2-metadata-requests-lp-85.patch
-Patch0003: 0003-Have-nova-api-add-the-INPUT-rule-for-EC2-metadata-lp.patch
-Patch0004: 0004-Allow-the-user-to-choose-either-ietadm-or-tgtadm-lp-.patch
-Patch0005: 0005-Remove-VolumeDriver.sync_exec-method-lp-819997.patch
-Patch0006: 0006-Refactor-ietadm-tgtadm-calls-out-into-helper-classes.patch
-Patch0007: 0007-Fix-tgtadm-off-by-one-error.-Fixes-bug-871278.patch
-Patch0008: 0008-Bug-898257-abstract-out-disk-image-access-methods.patch
-Patch0009: 0009-Bug-898257-support-handling-images-with-libguestfs.patch
-Patch0010: 0010-Fix-libguestfs-operation-with-specified-partitions.patch
-Patch0011: 0011-Ensure-we-don-t-access-the-net-when-building-docs.patch
-Patch0012: 0012-Add-validation-for-OSAPI-server-name-length.patch
-Patch0013: 0013-Fix-undefined-glance_host-in-get_glance_client.patch
-Patch0014: 0014-Implement-quotas-for-security-groups.patch
+Patch0002: 0002-Fix-bug-917615.patch
+Patch0003: 0003-Fixes-bug-919390-Block-Migration-fails-when-keystone.patch
+Patch0004: 0004-Bug-920497-fix-X-Server-Management-Url-for-v1.0-noau.patch
+Patch0005: 0005-Provides-flag-override-for-vlan-interface.patch
+Patch0006: 0006-Don-t-log-sensitive-data-in-compute-log-file.patch
+Patch0007: 0007-Fix-nova-manage-floating-delete-with-ip_range.patch
+Patch0008: 0008-Bump-python-novaclient-version-to-2.6.0.1.patch
+Patch0009: 0009-Add-validation-for-OSAPI-server-name-length.patch
+Patch0010: 0010-Fix-undefined-glance_host-in-get_glance_client.patch
+Patch0011: 0011-Implement-quotas-for-security-groups.patch
+Patch0012: 0012-Add-INPUT-chain-rule-for-EC2-metadata-requests-lp-85.patch
+Patch0013: 0013-Have-nova-api-add-the-INPUT-rule-for-EC2-metadata-lp.patch
+Patch0014: 0014-Allow-the-user-to-choose-either-ietadm-or-tgtadm-lp-.patch
+Patch0015: 0015-Remove-VolumeDriver.sync_exec-method-lp-819997.patch
+Patch0016: 0016-Refactor-ietadm-tgtadm-calls-out-into-helper-classes.patch
+Patch0017: 0017-Fix-tgtadm-off-by-one-error.-Fixes-bug-871278.patch
+Patch0018: 0018-Bug-898257-abstract-out-disk-image-access-methods.patch
+Patch0019: 0019-Bug-898257-support-handling-images-with-libguestfs.patch
+Patch0020: 0020-Fix-libguestfs-operation-with-specified-partitions.patch
+Patch0021: 0021-Ensure-we-don-t-access-the-net-when-building-docs.patch
+Patch0022: 0022-Fix-up-protocol-case-handling-for-security-groups.patch
BuildArch: noarch
BuildRequires: intltool
@@ -176,7 +183,6 @@ This package contains documentation files for nova.
%prep
%setup -q -n nova-%{version}
-%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
%patch0004 -p1
@@ -190,6 +196,14 @@ This package contains documentation files for nova.
%patch0012 -p1
%patch0013 -p1
%patch0014 -p1
+%patch0015 -p1
+%patch0016 -p1
+%patch0017 -p1
+%patch0018 -p1
+%patch0019 -p1
+%patch0020 -p1
+%patch0021 -p1
+%patch0022 -p1
find . \( -name .gitignore -o -name .placeholder \) -delete
@@ -376,7 +390,11 @@ fi
%endif
%changelog
-* Thu Apr 19 2012 Pádraig Bradu <P at draigBrady.com> - 2011.3.1-8
+* Wed Jun 06 2012 Pádraig Brady <P at draigBrady.com> - 2011.3.1-9
+- Sync up with Diablo stable branch, including...
+- Fix for protocol case handling (#829439, CVE-2012-2654)
+
+* Thu Apr 19 2012 Pádraig Brady <P at draigBrady.com> - 2011.3.1-8
- Fix undefined glance_host in get_glance_client
- Implement quotas for security groups (#814361, CVE-2012-2101)
More information about the scm-commits
mailing list