Commit 45bc4635 authored by Iustin Pop's avatar Iustin Pop

Finish the remote→restricted commands rename

The documentation still points to /etc/ganeti/remote-commands,
although the code is already using restricted-command. Update the
documentation and a few docstrings accordingly.
Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
parent a81ca843
......@@ -395,8 +395,8 @@ docinput = \
doc/design-partitioned.rst \
doc/design-query-splitting.rst \
doc/design-query2.rst \
doc/design-remote-commands.rst \
doc/design-resource-model.rst \
doc/design-restricted-commands.rst \
doc/design-shared-storage.rst \
doc/design-monitoring-agent.rst \
doc/design-virtual-clusters.rst \
......
......@@ -6,7 +6,7 @@ The following design documents have been implemented in Ganeti 2.7:
- :doc:`design-bulk-create`
- :doc:`design-opportunistic-locking`
- :doc:`design-remote-commands`
- :doc:`design-restricted-commands`
- :doc:`design-node-add`
- :doc:`design-virtual-clusters`
- :doc:`design-network`
......
......@@ -28,7 +28,7 @@ be taken:
- No parameters may be passed
- No absolute or relative path may be passed, only a filename
- Executable must reside in ``/etc/ganeti/remote-commands``, which must
- Executable must reside in ``/etc/ganeti/restricted-commands``, which must
be owned by root:root and have mode 0755 or stricter
- Must be regular files or symlinks
- Must be executable by root:root
......@@ -46,7 +46,7 @@ If a command can not be executed for some reason, the lock is only
released with a delay of several seconds, after which the generic error
message will be returned to the caller.
At first, remote commands will not be made available through the
At first, restricted commands will not be made available through the
:doc:`remote API <rapi>`, though that could be done at a later point
(with a separate password).
......
......@@ -51,7 +51,7 @@ Contents:
design-opportunistic-locking.rst
design-ovf-support.rst
design-query2.rst
design-remote-commands.rst
design-restricted-commands.rst
design-shared-storage.rst
design-virtual-clusters.rst
design-network.rst
......
#
#
# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Google Inc.
# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Google Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
......@@ -88,15 +88,15 @@ _LVSLINE_REGEX = re.compile("^ *([^|]+)\|([^|]+)\|([0-9.]+)\|([^|]{6,})\|?$")
_MASTER_START = "start"
_MASTER_STOP = "stop"
#: Maximum file permissions for remote command directory and executables
#: Maximum file permissions for restricted command directory and executables
_RCMD_MAX_MODE = (stat.S_IRWXU |
stat.S_IRGRP | stat.S_IXGRP |
stat.S_IROTH | stat.S_IXOTH)
#: Delay before returning an error for remote commands
#: Delay before returning an error for restricted commands
_RCMD_INVALID_DELAY = 10
#: How long to wait to acquire lock for remote commands (shorter than
#: How long to wait to acquire lock for restricted commands (shorter than
#: L{_RCMD_INVALID_DELAY}) to reduce blockage of noded forks when many
#: command requests arrive
_RCMD_LOCK_TIMEOUT = _RCMD_INVALID_DELAY * 0.8
......@@ -3672,7 +3672,7 @@ def PowercycleNode(hypervisor_type):
def _VerifyRestrictedCmdName(cmd):
"""Verifies a remote command name.
"""Verifies a restricted command name.
@type cmd: string
@param cmd: Command name
......@@ -3694,7 +3694,7 @@ def _VerifyRestrictedCmdName(cmd):
def _CommonRestrictedCmdCheck(path, owner):
"""Common checks for remote command file system directories and files.
"""Common checks for restricted command file system directories and files.
@type path: string
@param path: Path to check
......@@ -3724,7 +3724,7 @@ def _CommonRestrictedCmdCheck(path, owner):
def _VerifyRestrictedCmdDirectory(path, _owner=None):
"""Verifies remote command directory.
"""Verifies restricted command directory.
@type path: string
@param path: Path to check
......@@ -3745,10 +3745,10 @@ def _VerifyRestrictedCmdDirectory(path, _owner=None):
def _VerifyRestrictedCmd(path, cmd, _owner=None):
"""Verifies a whole remote command and returns its executable filename.
"""Verifies a whole restricted command and returns its executable filename.
@type path: string
@param path: Directory containing remote commands
@param path: Directory containing restricted commands
@type cmd: string
@param cmd: Command name
@rtype: tuple; (boolean, string)
......@@ -3774,10 +3774,10 @@ def _PrepareRestrictedCmd(path, cmd,
_verify_dir=_VerifyRestrictedCmdDirectory,
_verify_name=_VerifyRestrictedCmdName,
_verify_cmd=_VerifyRestrictedCmd):
"""Performs a number of tests on a remote command.
"""Performs a number of tests on a restricted command.
@type path: string
@param path: Directory containing remote commands
@param path: Directory containing restricted commands
@type cmd: string
@param cmd: Command name
@return: Same as L{_VerifyRestrictedCmd}
......@@ -3804,7 +3804,7 @@ def RunRestrictedCmd(cmd,
_prepare_fn=_PrepareRestrictedCmd,
_runcmd_fn=utils.RunCmd,
_enabled=constants.ENABLE_RESTRICTED_COMMANDS):
"""Executes a remote command after performing strict tests.
"""Executes a restricted command after performing strict tests.
@type cmd: string
@param cmd: Command name
......@@ -3813,10 +3813,10 @@ def RunRestrictedCmd(cmd,
@raise RPCFail: In case of an error
"""
logging.info("Preparing to run remote command '%s'", cmd)
logging.info("Preparing to run restricted command '%s'", cmd)
if not _enabled:
_Fail("Remote commands disabled at configure time")
_Fail("Restricted commands disabled at configure time")
lock = None
try:
......@@ -3844,7 +3844,7 @@ def RunRestrictedCmd(cmd,
# Do not include original error message in returned error
_Fail("Executing command '%s' failed" % cmd)
elif cmdresult.failed or cmdresult.fail_reason:
_Fail("Remote command '%s' failed: %s; output: %s",
_Fail("Restricted command '%s' failed: %s; output: %s",
cmd, cmdresult.fail_reason, cmdresult.output)
else:
return cmdresult.output
......
#!/usr/bin/python
#
# Copyright (C) 2010 Google Inc.
# Copyright (C) 2010, 2013 Google Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
......@@ -423,7 +423,8 @@ class TestRunRestrictedCmd(unittest.TestCase):
_sleep_fn=sleep_fn, _prepare_fn=prepare_fn,
_enabled=True)
except backend.RPCFail, err:
self.assertTrue(str(err).startswith("Remote command 'test3079' failed:"))
self.assertTrue(str(err).startswith("Restricted command 'test3079'"
" failed:"))
self.assertTrue("stderr406328567" in str(err),
msg="Error did not include output")
else:
......@@ -477,7 +478,8 @@ class TestRunRestrictedCmd(unittest.TestCase):
_runcmd_fn=NotImplemented,
_enabled=False)
except backend.RPCFail, err:
self.assertEqual(str(err), "Remote commands disabled at configure time")
self.assertEqual(str(err),
"Restricted commands disabled at configure time")
else:
self.fail("Did not raise exception")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment