Commit 2b9213a6 authored by Christos Stavrakakis's avatar Christos Stavrakakis Committed by Dimitris Aragiorgis
Browse files

Set required umask for snf-manage commands

In order to communicate with Archipelago, Pithos backend needs to create
named pipes (under '/var/run/shm/posixfd') that can be read/written by the
group that Archipelago is running. This is achieved by using 'setgid' in the
specified directory combined with a proper 'umask'. For Gunicorn workers, the
umask is set by gunicorn-hooks. However, snf-manage commands did not set the
needed umask which resulted in wrong permissions.

This commits includes an ugly workaround to bypass this issue by setting
the needed umask in 'SynnefoManagementUtility' for subcommands that are
handling images, snapshots and files and for subcommands that define
the 'umask' class attribute.
parent 6df3d40a
......@@ -33,6 +33,7 @@ from snf_django.management.utils import parse_bool
class Command(SynnefoCommand):
can_import_settings = True
umask = 0o007
help = 'Reconcile contents of Synnefo DB with state of Ganeti backend'
option_list = SynnefoCommand.option_list + (
......
......@@ -33,6 +33,7 @@ backend-id.
class Command(SynnefoCommand):
help = "Create a new VM." + HELP_MSG
umask = 0o007
option_list = SynnefoCommand.option_list + (
make_option("--backend-id", dest="backend_id",
......
......@@ -26,6 +26,7 @@ HELP_MSG = """Create a new volume."""
class Command(SynnefoCommand):
help = HELP_MSG
umask = 0o007
option_list = SynnefoCommand.option_list + (
make_option(
......
......@@ -225,7 +225,7 @@ class SynnefoManagementUtility(ManagementUtility):
# Encode stdout. This check is required because of the way python
# checks if something is tty:
# https://bugzilla.redhat.com/show_bug.cgi?id=841152
if not subcommand in ['test'] and not 'shell' in subcommand:
if subcommand not in ['test'] and 'shell' not in subcommand:
sys.stdout = EncodedStream(sys.stdout)
sys.stderr = EncodedStream(sys.stderr)
......@@ -245,7 +245,21 @@ class SynnefoManagementUtility(ManagementUtility):
parser.print_lax_help()
sys.stdout.write(self.main_help_text() + '\n')
else:
self.fetch_command(subcommand).run_from_argv(self.argv)
sub_command = self.fetch_command(subcommand)
# NOTE: This is an ugly workaround to bypass the problem with
# the required permissions for the named pipes that Pithos backend
# is creating in order to communicate with XSEG.
if subcommand == 'test' or\
subcommand.startswith('image-') or\
subcommand.startswith('snapshot-') or\
subcommand.startswith('file-'):
# Set common umask for known commands
os.umask(0o007)
# Allow command to define a custom umask
cmd_umask = getattr(sub_command, 'umask', None)
if cmd_umask is not None:
os.umask(cmd_umask)
sub_command.run_from_argv(self.argv)
def main_help_text(self):
"""
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment