3 # Copyright (c) 2012 Openstack Foundation
6 # Licensed under the Apache License, Version 2.0 (the "License"); you may
7 # not use this file except in compliance with the License. You may obtain
8 # a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15 # License for the specific language governing permissions and limitations
18 """Neutron root wrapper for dom0.
20 Executes networking commands in dom0. The XenAPI plugin is
21 responsible determining whether a command is safe to execute.
24 from __future__ import print_function
26 from six.moves import configparser as ConfigParser
27 from oslo_serialization import jsonutils as json
44 # Split arguments, require at least a command
45 exec_name = sys.argv.pop(0)
46 # argv[0] required; path to conf file
48 print("%s: No command specified" % exec_name)
49 sys.exit(RC_NOCOMMAND)
51 config_file = sys.argv.pop(0)
52 user_args = sys.argv[:]
54 return exec_name, config_file, user_args
57 def _xenapi_section_name(config):
58 sections = [sect for sect in config.sections() if sect.lower() == "xenapi"]
59 if len(sections) == 1:
62 print("Multiple [xenapi] sections or no [xenapi] section found!")
63 sys.exit(RC_BADCONFIG)
66 def load_configuration(exec_name, config_file):
67 config = ConfigParser.RawConfigParser()
68 config.read(config_file)
70 exec_dirs = config.get("DEFAULT", "exec_dirs").split(",")
71 filters_path = config.get("DEFAULT", "filters_path").split(",")
72 section = _xenapi_section_name(config)
73 url = config.get(section, "xenapi_connection_url")
74 username = config.get(section, "xenapi_connection_username")
75 password = config.get(section, "xenapi_connection_password")
76 except ConfigParser.Error:
77 print("%s: Incorrect configuration file: %s" % (exec_name, config_file))
78 sys.exit(RC_BADCONFIG)
79 if not url or not password:
80 msg = ("%s: Must specify xenapi_connection_url, "
81 "xenapi_connection_username (optionally), and "
82 "xenapi_connection_password in %s") % (exec_name, config_file)
84 sys.exit(RC_BADCONFIG)
86 filters_path=filters_path,
94 def filter_command(exec_name, filters_path, user_args, exec_dirs):
95 # Add ../ to sys.path to allow running from branch
96 possible_topdir = os.path.normpath(os.path.join(os.path.abspath(exec_name),
97 os.pardir, os.pardir))
98 if os.path.exists(os.path.join(possible_topdir, "neutron", "__init__.py")):
99 sys.path.insert(0, possible_topdir)
101 from oslo_rootwrap import wrapper
103 # Execute command if it matches any of the loaded filters
104 filters = wrapper.load_filters(filters_path)
105 filter_match = wrapper.match_filter(
106 filters, user_args, exec_dirs=exec_dirs)
108 print("Unauthorized command: %s" % ' '.join(user_args))
109 sys.exit(RC_UNAUTHORIZED)
112 def run_command(url, username, password, user_args, cmd_input):
114 session = XenAPI.Session(url)
115 session.login_with_password(username, password)
116 host = session.xenapi.session.get_this_host(session.handle)
117 result = session.xenapi.host.call_plugin(
118 host, 'netwrap', 'run_command',
119 {'cmd': json.dumps(user_args), 'cmd_input': json.dumps(cmd_input)})
120 return json.loads(result)
121 except Exception as e:
122 traceback.print_exc()
123 sys.exit(RC_XENAPI_ERROR)
127 exec_name, config_file, user_args = parse_args()
128 config = load_configuration(exec_name, config_file)
129 filter_command(exec_name, config['filters_path'], user_args, config['exec_dirs'])
131 # If data is available on the standard input, we need to pass it to the
132 # command executed in dom0
134 if select.select([sys.stdin,],[],[],0.0)[0]:
135 cmd_input = "".join(sys.stdin)
137 return run_command(config['url'], config['username'], config['password'],
138 user_args, cmd_input)
141 if __name__ == '__main__':