Skip to content
Commits on Sep 13, 2012
  1. @alexpilotti

    Fixes import issue on Windows

    alexpilotti committed Sep 13, 2012
    Fixes Bug #1034043
    The crypt module is not available on Windows.
    Since this is a blocking issue on Hyper-V and since the only
    function using it is _set_passwd (not implemented on Windows),
    the import can be safely conditionally avoided.
    Change-Id: Iefe97edcfcff3b70593e07628b6a6f85e680cbc7
Commits on Sep 8, 2012
  1. fix unmounting of LXC containers in the presence of symlinks

    Pádraig Brady committed Sep 8, 2012
    When looking up the mount dir in /proc/mounts we need
    to canonicalize the path so that symlinks are resolved
    Fixes bug: 1046313
    Change-Id: Ib2bb8253e9cdfeda3c6ba13e56a0f907518ff558
Commits on Aug 9, 2012
  1. @dprince

    Fix the inject_metadata_into_fs in the disk API.

    dprince committed Aug 7, 2012
    Updates the _inject_metadata_into_fs in the disk/ so
    that it uses dict-style access. This resolves an issue introduced
    in a recent no-db-messaging change.
    Includes new test case.
    Fixes LP Bug #1034040.
    Change-Id: I1bc90a8331419709ab71e5da8c48cd1d54c40f9e
Commits on Aug 7, 2012
  1. Prohibit file injection writing to host filesystem

    Pádraig Brady committed Jul 31, 2012
    This is a refinement of the previous fix in commit 2427d4a,
    which does the file name canonicalization as the root user.
    This is required so that guest images could not for example,
    protect malicious symlinks in a directory only readable by root.
    Fixes bug: 1031311, CVE-2012-3447
    Change-Id: I7f7cdeeffadebae7451e1e13f73f1313a7df9c5c
Commits on Aug 2, 2012
  1. fix unmounting of LXC containers

    Pádraig Brady committed Aug 1, 2012
    There were two issues here.
    1. There was a global object stored for all instances,
    thus the last mounted instance was always unmounted.
    2. Even if there was only a single LXC instance in use,
    the global object would be lost on restart of Nova.
    Therefore we reset the internal state for the mount object,
    by passing in the mount point to destroy_container(),
    and querying the device in use for that mount point.
    Fixes bug: 971621
    Change-Id: I5442442f00d93f5e8b82f492d62918419db5cd3b
Commits on Jul 30, 2012
  1. Revert "Check for selinux before setting up selinux."

    Pádraig Brady committed Jul 30, 2012
    The existing code used trycmd(readlink) precisely because
    /etc/selinux might not exist. The presented traceback in
    the bug is only debug info.
    Also the change will not work with libguestfs for example,
    where the nova user can't access mount points mounted by root.
    After discussion on IRC it was decided to reduce
    debugging output in a subsequent commit.
    Reverts: 9bea239
    Change-Id: Id07eae5b330332f36ad7caa786593e486aa36469
Commits on Jul 29, 2012
  1. Check for selinux before setting up selinux.

    Chuck Short committed Jul 29, 2012
    Check to see if /etc/selinux exists before trying
    to setup ssh keys for selinux. If it doesnt exist
    it will result in a traceback when setting up the image
    since the directory doesnt exist on Ubuntu.
    Fixes LP: #1030609
    Change-Id: I8af1e6232bc5a84cbb878c2663ab30eb4139484c
    Signed-off-by: Chuck Short <>
Commits on Jul 26, 2012
  1. @dprince

    Don't import libvirt_utils in disk api.

    dprince committed Jul 26, 2012
    Updates the virt/disk/api so that we no longer import libvirt_utils.
    This fixes issues when using Nova compute with compute drivers other
    than libvirt. (xenapi, etc.)
    Fixes LP Bug #1029501.
    Change-Id: I46ece309480ce0a0941a96371a51d77712c41eb6
Commits on Jul 24, 2012
  1. refactor all uses of the `qemu-img info` command

    Pádraig Brady committed Jul 18, 2012
    * nova/virt/ Define a single function that
    calls `qemu-img info` in a robust manner, by avoiding
    locale issues etc.
    * nova/virt/libvirt/ Define secondary functions
    to parse items returned from images.qemu_img_info().
    * nova/virt/libvirt/ Use the libvirt.utils functions.
    * nova/virt/disk/ Likewise.
    * nova/tests/ Remove no longer needed stub
    for utils.execute('qemu-img info'). Adjust to a more restrictive
    `qemu-img info` format, and more robust calling signature.
    * nova/tests/ Adjust to moved method.
    Change-Id: I739dd246410c215f401ebd3a92b8207f46e8fb9a
Commits on Jul 20, 2012
  1. @openstack-gerrit
  2. set correct SELinux context for injected ssh keys

    Pádraig Brady committed Jun 27, 2012
    Instruct guests to ensure at boot, that the correct
    SELinux context is set for /root/.ssh/.
    This will cater for keys injected by nova from hosts
    without SELinux (enabled) or using libguestfs which
    currently doesn't support setting extended attributes.
    Suggested-by: David Naori <>
    Change-Id: Ibf3869e3ee477e91623e0c030838c1ec8a6128a6
Commits on Jul 18, 2012
  1. improve efficiency of image transfer during migration

    Pádraig Brady committed Jul 16, 2012
    This reduces time to transfer a qcow2 image
    with a virtual size of 10G, over GigE,
    from about 7 minutes to about 30 seconds.
    There are multiple inefficiencies in the existing process.
    Taking an example of a qcow2 image with 10G virtual size,
    the process was:
      qcow2 -> raw -> read -> send -> write -> qcow2
    qcow2 to raw takes 20s,
    transfer of the resultant 10G is another 4m9s, and
    conversion back to qcow takes 2m33s.
    I.E. a total of about 7 minutes.
    So instead we try to avoid the initial qcow2 to raw
    conversion completely, which results in the whole
    process completing in about 30s, in the common
    case where no conversion to raw is done on the destination.
    We also optimize the case where the source qcow2
    image doesn't have a backing file, and then directly
    copy the source image without merging a backing file.
    Note this will also improve the situation when
    resizing/migrating within the same host as
    needles conversions are avoided in that case too.
    We also optimize the case where raw images are being used
    by trying to use `rsync -Sz` rather than `scp`.
    That compresses runs of zeros and create sparse destination files.
    Testing a 10G raw image showed a saving of 30s in transfer time.
    Also the network was greatly reduced (corresponding to holes
    in the source), as was space usage at the destination.
    This gain is limited though by rsync inefficiently reading
    all the holes at the source:
    Thanks to David Naori <> for testing and ideas.
    Change-Id: I9e87f912ef2717221c244241cda2f1027a4ca66a
Commits on Jul 11, 2012
  1. only mount guest image once when injecting files

    Pádraig Brady committed Jun 25, 2012
    Previously we could incur the costly guest mount operation twice,
    if injecting files with any of net, ssh keys, password, metadata.
    Instead now inject files in the same operation.
    Also cleanup the internal injection functions a little
    by removing the unused 'execute' parameter.
    Partly mitigates the impact of bug 1013689.
    Change-Id: Ib66d327e745593cf1e5897470750d609b2a58980
Commits on Jul 5, 2012
  1. @berrange

    Don't catch & ignore exceptions when setting up LXC container filesys…

    berrange committed Jul 5, 2012
    The 'setup_container' method in nova/disk/ may well raise an
    exception if something goes wrong when setting up the LXC container's
    root filesystem. Currently it just catches & logs any exception.
    The caller thus always thinks everything worked & goes onto boot
    the container despite there being no root filesystem available
    for it.
    The fix is to simply remove the bogus exception catching completely
    Change-Id: I2691713f11cced1561f347819875f490b8aaafef
    Signed-off-by: Daniel P. Berrange <>
Commits on Jul 3, 2012
  1. @russellb @ttx

    Prevent file injection writing to host filesystem.

    russellb committed with ttx Jun 20, 2012
    Fix bug 1015531, CVE-2012-3360, CVE-2012-3361
    This patch prevents the file injection code from writing into the host
    filesystem if a user specifies a path for the injected file that
    contains '..'.  The check is to make sure that the final normalized path
    that is about to be written to is within the mounted guest filesystem.
    Signed-off-by: Russell Bryant <>
    Signed-off-by: Pádraig Brady <>
    Signed-off-by: Mark McLoughlin <>
    Change-Id: I658cd12fd319cee91eb9544cdf53c862c5d2c560
Commits on Jul 2, 2012
  1. Switch to common logging.

    Andrew Bogott committed Jun 28, 2012
    I only just moved logging from nova to common, so behavior should remain the same.
    Change-Id: I1d7304ca200f9d024bb7244d25be2f9a670318fb
Commits on Jun 12, 2012
  1. @frenzykryger

    blueprint lvm-disk-images

    frenzykryger committed May 16, 2012
    Add ability to use LVM volumes for VM disks.
    Implements LVM disks support for libvirt driver.
    VM disks will be stored on LVM volumes in volume group
     specified by `libvirt_images_volume_group` option.
     Another option `libvirt_local_images_type` specify which storage
     type will be used. Supported values are `raw`, `lvm`, `qcow2`,
     `default`. If `libvirt_local_images_type` = `default`, usual
     logic with `use_cow_images` flag is used.
    Boolean option `libvirt_sparse_logical_volumes` controls which type
     of logical volumes will be created (sparsed with virtualsize or
     usual logical volumes with full space allocation). Default value
     for this option is `False`.
    Commit introduce three classes: `Raw`, `Qcow2` and `Lvm`. They contain
     image creation logic, that was stored in
     `LibvirtConnection._cache_image` and `libvirt_info` methods,
     that produce right `LibvirtGuestConfigDisk` configurations for
     libvirt. `Backend` class choose which image type to use.
    Change-Id: I0d01cb7d2fd67de2565b8d45d34f7846ad4112c2
Commits on Jun 7, 2012
  1. @zyluo

    Replace standard json module with openstack.common.jsonutils

    zyluo committed Jun 3, 2012
    Implements blueprint use-common-jsonutils
    1. Edit openstack-common.conf and import nova/openstack/common/
    2. Remove json package imports and replace with jsonutils
    Places where using json.load hasn't changed.
    Change-Id: Ie6feab605fb0474fd505c56ef57b7a9ecfa5269d
Commits on May 31, 2012
  1. @zyluo

    Backslash continuation removal (Nova folsom-2)

    zyluo committed May 16, 2012
    Fixes bug #938588
    Backslash continuations removal for scripts in bin/, plugin/, and etc.
    Change-Id: Idd17048b6e8db6e939946968e011e68da8585b8d
Commits on May 7, 2012
  1. Replaces exceptions.Error with NovaException

    Alex Meade committed May 3, 2012
    Fixes bug 817107
    Change-Id: I6253e6bbcc44676c587b315fa32afba6459e676a
Commits on Mar 15, 2012
  1. @ttx

    Fix LXC volume attach issue

    ttx committed Mar 15, 2012
    Fix erroneous use of echo to set permissions on LXC volume access.
    Fixes bug 943304.
    Note that based on input from the duplicate bug (948193), we set:
    b x:x rwm
    to /sys/fs/cgroup/devices/libvirt/lxc/x/devices.allow
    instead of:
    c x:x rwm
    to /sys/fs/cgroup/devices/sysdefault/libvirt/lxc/x/devices.allow
    Change-Id: Ia048d3f46799839b4b85c781bb50488e09ba9b5e
Commits on Mar 12, 2012
  1. @openstack-gerrit
Commits on Mar 9, 2012
  1. @markmc

    Add pybasedir and bindir options

    markmc committed Mar 9, 2012
    Add a pybasedir option so that it can be used for interpolation in the
    default values of other options. This helps eliminate hard-coded paths
    from the sample config file.
    Also add a bindir option for similar reasons, but it also helps with
    Change-Id: Iadc746dcf2a24adbdf9bac945b5b330f01faeeb5
Commits on Mar 8, 2012
  1. Checks image virtual size before qemu-img resize.

    MotoKen committed Mar 8, 2012
    Checks virtual size instead of file size. Fixes bug 905350.
    Change-Id: I1772b0996b7c9a2e07d3e298b156f777df67ef5f
Commits on Mar 4, 2012
  1. @jerdfelt

    Only raw string literals should be used with _()

    jerdfelt committed Mar 4, 2012
    Fix a number of places where formatted strings were used with _() (causing
    gettext to not match the string) or variables with _() (causing xgettext
    to not extract a string)
    Also, there's no value in internationalizing an empty string
    Change-Id: Iac7dbe46eeaa8ddf03c2a357ecd52f69aa8678aa
Commits on Feb 29, 2012
  1. @ttx

    Add missing filters for new root commands

    ttx committed Feb 29, 2012
    Add missing rootwrap filters for 'ovs-ofctl', 'cp' and 'mkfs'.
    Do not run 'rm' as root since it's unnecessary.
    Add documentation to try to prevent future misses.
    Fixes bug 943293.
    Change-Id: Ia680048a28a75f661a136d8447ff0aaf195649ba
Commits on Feb 20, 2012
  1. @emonty

    Stop ignoring E202.

    emonty committed Feb 20, 2012
    There is absolutely no reason to ignore E202 in the pep8 checks.
    Change-Id: I4abf767639dd94e9e8b7b4a405b4a702a554b876
Commits on Feb 17, 2012
  1. @lhrc-mikeyp

    Add support for admin_password to LibVirt

    lhrc-mikeyp committed Feb 10, 2012
    If the config flag --libvirt_inject_password is set, Libvirt now makes
    an attempt to inject the admin_password to instances at startup time.
    Fixes bug 767202
    Change-Id: I1491c84825bf0bbad43a7d53b379271caa2b76f6
  2. @openstack-gerrit

    Merge "fixed bug 928749"

    Jenkins committed with openstack-gerrit Feb 17, 2012
Commits on Feb 14, 2012
  1. @openstack-gerrit

    Merge "Add support for LXC volumes."

    Jenkins committed with openstack-gerrit Feb 14, 2012
  2. @jkoelker

    Standardize logging delaration and use

    jkoelker committed Feb 14, 2012
    * Make modules use getLogger(__name__) and log to the result
    Change-Id: Ib6d69b4be140ec89affc86ed11e65e422d551df1
Commits on Feb 10, 2012
  1. fixed bug 928749

    Thorsten Tarrach committed Feb 8, 2012
    During the process of creating an instance
    for the first time from a glance server,
    nova tries to execute this command:
    mkfs.ntfs --fast --label ephemeral0
    This in turn fails with this error:
    is not a block device.
    Refusing to make a filesystem here!
    The reason is that mkfs.ntfs needs the
    --force flag to create a filesystem in a file.
    Change-Id: If6c424400317a5f19ab117daec4c791476245753
  2. @markmc

    Remove the last of the gflags shim layer

    markmc committed Feb 3, 2012
    Make FLAGS a ConfigOpts instance and fix up all the places where we
    expected FlagValues behaviour.
    Change-Id: I8f96f42e0d8d30ba6b362d29861e717cf0fa9e89
Commits on Feb 8, 2012
  1. Add support for LXC volumes.

    Chuck Short committed Jan 31, 2012
    This introduces volume support for LXC containers in Nova.
    The way that this works is that when a device is attached to an
    LXC container is that, the xml is parsed to find out which device to
    connect to the LXC container, binds the device to the LXC container,
    and allow the device through cgroups.
    This bug fixes LP: #924601.
    Change-Id: I00b41426ae8354b3cd4212655ecb48319a63aa9b
    Signed-off-by: Chuck Short <>
Commits on Feb 3, 2012
  1. @markmc

    Move cfg to nova.openstack.common

    markmc committed Feb 3, 2012
    Move it here so that it can be kept in sync with openstack-common using
    the new script for code in openstack-common's incubation area.
    See here for more details:
    Note: this commit just moves the existing code in Nova with no other
    changes. A subsequent commit will sync it with latest openstack-common
    so that it is easier see the new changes.
    Change-Id: If88d678b1b9bad3d37117de7f7159d7fea8ab4c8
Something went wrong with that request. Please try again.