1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
|
import errno
import logging
import os
import pwd
import platform
import tempfile
import uuid
import subprocess
import threading
from ceph_volume import process, terminal
from . import as_string
# python2 has no FileNotFoundError
try:
FileNotFoundError
except NameError:
FileNotFoundError = OSError
logger = logging.getLogger(__name__)
mlogger = terminal.MultiLogger(__name__)
# TODO: get these out of here and into a common area for others to consume
if platform.system() == 'FreeBSD':
FREEBSD = True
DEFAULT_FS_TYPE = 'zfs'
PROCDIR = '/compat/linux/proc'
# FreeBSD does not have blockdevices any more
BLOCKDIR = '/dev'
ROOTGROUP = 'wheel'
else:
FREEBSD = False
DEFAULT_FS_TYPE = 'xfs'
PROCDIR = '/proc'
BLOCKDIR = '/sys/block'
ROOTGROUP = 'root'
host_rootfs = '/rootfs'
run_host_cmd = [
'nsenter',
'--mount={}/proc/1/ns/mnt'.format(host_rootfs),
'--ipc={}/proc/1/ns/ipc'.format(host_rootfs),
'--net={}/proc/1/ns/net'.format(host_rootfs),
'--uts={}/proc/1/ns/uts'.format(host_rootfs)
]
def generate_uuid():
return str(uuid.uuid4())
def find_executable_on_host(locations=[], executable='', binary_check='/bin/ls'):
paths = ['{}/{}'.format(location, executable) for location in locations]
command = []
command.extend(run_host_cmd + [binary_check] + paths)
process = subprocess.Popen(
command,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE,
close_fds=True
)
stdout = as_string(process.stdout.read())
if stdout:
executable_on_host = stdout.split('\n')[0]
logger.info('Executable {} found on the host, will use {}'.format(executable, executable_on_host))
return executable_on_host
else:
logger.warning('Executable {} not found on the host, will return {} as-is'.format(executable, executable))
return executable
def which(executable, run_on_host=False):
"""find the location of an executable"""
def _get_path(executable, locations):
for location in locations:
executable_path = os.path.join(location, executable)
if os.path.exists(executable_path) and os.path.isfile(executable_path):
return executable_path
return None
static_locations = (
'/usr/local/bin',
'/bin',
'/usr/bin',
'/usr/local/sbin',
'/usr/sbin',
'/sbin',
)
if not run_on_host:
path = os.getenv('PATH', '')
path_locations = path.split(':')
exec_in_path = _get_path(executable, path_locations)
if exec_in_path:
return exec_in_path
mlogger.warning('Executable {} not in PATH: {}'.format(executable, path))
exec_in_static_locations = _get_path(executable, static_locations)
if exec_in_static_locations:
mlogger.warning('Found executable under {}, please ensure $PATH is set correctly!'.format(exec_in_static_locations))
return exec_in_static_locations
else:
executable = find_executable_on_host(static_locations, executable)
# At this point, either `find_executable_on_host()` found an executable on the host
# or we fallback to just returning the argument as-is, to prevent a hard fail, and
# hoping that the system might have the executable somewhere custom
return executable
def get_ceph_user_ids():
"""
Return the id and gid of the ceph user
"""
try:
user = pwd.getpwnam('ceph')
except KeyError:
# is this even possible?
raise RuntimeError('"ceph" user is not available in the current system')
return user[2], user[3]
def get_file_contents(path, default=''):
contents = default
if not os.path.exists(path):
return contents
try:
with open(path, 'r') as open_file:
contents = open_file.read().strip()
except Exception:
logger.exception('Failed to read contents from: %s' % path)
return contents
def mkdir_p(path, chown=True):
"""
A `mkdir -p` that defaults to chown the path to the ceph user
"""
try:
os.mkdir(path)
except OSError as e:
if e.errno == errno.EEXIST:
pass
else:
raise
if chown:
uid, gid = get_ceph_user_ids()
os.chown(path, uid, gid)
def chown(path, recursive=True):
"""
``chown`` a path to the ceph user (uid and guid fetched at runtime)
"""
uid, gid = get_ceph_user_ids()
if os.path.islink(path):
process.run(['chown', '-h', 'ceph:ceph', path])
path = os.path.realpath(path)
if recursive:
process.run(['chown', '-R', 'ceph:ceph', path])
else:
os.chown(path, uid, gid)
def is_binary(path):
"""
Detect if a file path is a binary or not. Will falsely report as binary
when utf-16 encoded. In the ceph universe there is no such risk (yet)
"""
with open(path, 'rb') as fp:
contents = fp.read(8192)
if b'\x00' in contents: # a null byte may signal binary
return True
return False
class tmp_mount(object):
"""
Temporarily mount a device on a temporary directory,
and unmount it upon exit
When ``encrypted`` is set to ``True``, the exit method will call out to
close the device so that it doesn't remain open after mounting. It is
assumed that it will be open because otherwise it wouldn't be possible to
mount in the first place
"""
def __init__(self, device, encrypted=False):
self.device = device
self.path = None
self.encrypted = encrypted
def __enter__(self):
self.path = tempfile.mkdtemp()
process.run([
'mount',
'-v',
self.device,
self.path
])
return self.path
def __exit__(self, exc_type, exc_val, exc_tb):
process.run([
'umount',
'-v',
self.path
])
if self.encrypted:
# avoid a circular import from the encryption module
from ceph_volume.util import encryption
encryption.dmcrypt_close(self.device)
def unmount_tmpfs(path):
"""
Removes the mount at the given path iff the path is a tmpfs mount point.
Otherwise no action is taken.
"""
_out, _err, rc = process.call(['findmnt', '-t', 'tmpfs', '-M', path])
if rc != 0:
logger.info('{} does not appear to be a tmpfs mount'.format(path))
else:
logger.info('Unmounting tmpfs path at {}'.format( path))
unmount(path)
def unmount(path):
"""
Removes mounts at the given path
"""
process.run([
'umount',
'-v',
path,
])
def path_is_mounted(path, destination=None):
"""
Check if the given path is mounted
"""
m = Mounts(paths=True)
mounts = m.get_mounts()
realpath = os.path.realpath(path)
mounted_locations = mounts.get(realpath, [])
if destination:
return destination in mounted_locations
return mounted_locations != []
def device_is_mounted(dev, destination=None):
"""
Check if the given device is mounted, optionally validating that a
destination exists
"""
plain_mounts = Mounts(devices=True)
realpath_mounts = Mounts(devices=True, realpath=True)
realpath_dev = os.path.realpath(dev) if dev.startswith('/') else dev
destination = os.path.realpath(destination) if destination else None
# plain mounts
plain_dev_mounts = plain_mounts.get_mounts().get(dev, [])
realpath_dev_mounts = plain_mounts.get_mounts().get(realpath_dev, [])
# realpath mounts
plain_dev_real_mounts = realpath_mounts.get_mounts().get(dev, [])
realpath_dev_real_mounts = realpath_mounts.get_mounts().get(realpath_dev, [])
mount_locations = [
plain_dev_mounts,
realpath_dev_mounts,
plain_dev_real_mounts,
realpath_dev_real_mounts
]
for mounts in mount_locations:
if mounts: # we have a matching mount
if destination:
if destination in mounts:
logger.info(
'%s detected as mounted, exists at destination: %s', dev, destination
)
return True
else:
logger.info('%s was found as mounted', dev)
return True
logger.info('%s was not found as mounted', dev)
return False
class Mounts(object):
excluded_paths = []
def __init__(self, devices=False, paths=False, realpath=False):
self.devices = devices
self.paths = paths
self.realpath = realpath
def safe_realpath(self, path, timeout=0.2):
def _realpath(path, result):
p = os.path.realpath(path)
result.append(p)
result = []
t = threading.Thread(target=_realpath, args=(path, result))
t.setDaemon(True)
t.start()
t.join(timeout)
if t.is_alive():
return None
return result[0]
def get_mounts(self):
"""
Create a mapping of all available system mounts so that other helpers can
detect nicely what path or device is mounted
It ignores (most of) non existing devices, but since some setups might need
some extra device information, it will make an exception for:
- tmpfs
- devtmpfs
- /dev/root
If ``devices`` is set to ``True`` the mapping will be a device-to-path(s),
if ``paths`` is set to ``True`` then the mapping will be
a path-to-device(s)
:param realpath: Resolve devices to use their realpaths. This is useful for
paths like LVM where more than one path can point to the same device
"""
devices_mounted = {}
paths_mounted = {}
do_not_skip = ['tmpfs', 'devtmpfs', '/dev/root']
default_to_devices = self.devices is False and self.paths is False
with open(PROCDIR + '/mounts', 'rb') as mounts:
proc_mounts = mounts.readlines()
for line in proc_mounts:
fields = [as_string(f) for f in line.split()]
if len(fields) < 3:
continue
if fields[0] in Mounts.excluded_paths or \
fields[1] in Mounts.excluded_paths:
continue
if self.realpath:
if fields[0].startswith('/'):
device = self.safe_realpath(fields[0])
if device is None:
logger.warning(f"Can't get realpath on {fields[0]}, skipping.")
Mounts.excluded_paths.append(fields[0])
continue
else:
device = fields[0]
else:
device = fields[0]
path = self.safe_realpath(fields[1])
if path is None:
logger.warning(f"Can't get realpath on {fields[1]}, skipping.")
Mounts.excluded_paths.append(fields[1])
continue
# only care about actual existing devices
if not os.path.exists(device) or not device.startswith('/'):
if device not in do_not_skip:
continue
if device in devices_mounted.keys():
devices_mounted[device].append(path)
else:
devices_mounted[device] = [path]
if path in paths_mounted.keys():
paths_mounted[path].append(device)
else:
paths_mounted[path] = [device]
# Default to returning information for devices if
if self.devices is True or default_to_devices:
return devices_mounted
else:
return paths_mounted
def set_context(path, recursive=False):
"""
Calls ``restorecon`` to set the proper context on SELinux systems. Only if
the ``restorecon`` executable is found anywhere in the path it will get
called.
If the ``CEPH_VOLUME_SKIP_RESTORECON`` environment variable is set to
any of: "1", "true", "yes" the call will be skipped as well.
Finally, if SELinux is not enabled, or not available in the system,
``restorecon`` will not be called. This is checked by calling out to the
``selinuxenabled`` executable. If that tool is not installed or returns
a non-zero exit status then no further action is taken and this function
will return.
"""
skip = os.environ.get('CEPH_VOLUME_SKIP_RESTORECON', '')
if skip.lower() in ['1', 'true', 'yes']:
logger.info(
'CEPH_VOLUME_SKIP_RESTORECON environ is set, will not call restorecon'
)
return
try:
stdout, stderr, code = process.call(['selinuxenabled'],
verbose_on_failure=False)
except FileNotFoundError:
logger.info('No SELinux found, skipping call to restorecon')
return
if code != 0:
logger.info('SELinux is not enabled, will not call restorecon')
return
# restore selinux context to default policy values
if which('restorecon').startswith('/'):
if recursive:
process.run(['restorecon', '-R', path])
else:
process.run(['restorecon', path])
|