Commit Graph

19 Commits

Author SHA1 Message Date
Luong Anh Tuan
ff8ae43265 Replace yaml.load() with yaml.safe_load()
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I84640973fd9f45a69d2b21f6d594cd5bf10660a6
Closes-Bug: #1634265
2017-01-16 15:07:05 +07:00
Luong Anh Tuan
29d50bc69b Replace six.iteritems() with .items()
We should avoid using six.iteritems/keys achieve iterators. We can use
dict.items/keys instead, as it will return iterators in PY3 as well.
And dict.items/keys will more readable.

In py2, the performance about list should be negligible, see
https://wiki.openstack.org/wiki/Python3 and
http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html

Change-Id: I6353f0a1b423c6dbd0c71343f7919fd0de440e34
2016-11-23 12:03:05 +00:00
Matthew Thode
176ae7bff6
Initial add of gentoo support for diskimage-builder
uses upstream's stage4 images, includes all the needed bells and
whistles for openstack on kvm.

Change-Id: Ibca43173c30c2a74a73a2e2d9dd6d6d832c62694
Closes-Bug: 1530911
2016-01-12 19:15:00 -06:00
Pino Toscano
430ea923e0 svc-map: do not specify user/group for install
Since install is run as root already (using sudo), the resulting file
will be already root:root.

Change-Id: I6023fd277ea77fbfa4f7ad42b04d58c8cd6bd4fe
2015-09-07 17:04:03 +02:00
Antoine Musso
8d052a54a7 Turn docs warnings into errors and fix issues
Set the pbr option 'warnerrors' to make build_sphinx turns warnings into
error. Fix all warnings.

`tox -edocs` will thus abort whenever someone introduce a new error.

Change-Id: Id6d09768a241866e1fdc1a1e2bf90336f5c5087d
2015-04-27 15:03:19 +00:00
Gregory Haynes
89dd01e4a0 Run svc-map tests
We currently do not run these tests and they also fail.

Change-Id: I60c8cbd9495b52fb8b4c848549822a05f921664f
2015-03-29 04:11:41 +00:00
Jenkins
e0e0159ef7 Merge "CentOS 6 Element" 2015-03-19 19:42:40 +00:00
Jenkins
4074851682 Merge "Fix race in svc-map" 2015-03-05 00:11:19 +00:00
Abel Lopez
8026dda8a0 CentOS 6 Element
This is the centos element, which builds CentOS 6.

There are a couple of modifications to redhat-common because
the version of tar in el6 doesn't support --xattrs-include.

There is a change to both pkg-map and svc-map to add 'centos'
to the 'redhat' family.

Also explicitly have to install cloud-utils growroot and
dracut growpart for proper fsresize at instance launch.

Also sets the DIB_EXTLINUX variable because there is no grub2
for this distro.

Change-Id: Iffd57bce1484c43c2cffcbdb37b602185216e63a
2015-03-03 23:09:45 -08:00
Jan Grant
e88be20f1d Fix race in svc-map
The construction of the combined svc-map-services file uses the host's
/tmp directory to store a work-in-progress file. That file's left behind
after it's done with.

There's a potential race here; together with problems that may arise
if two users attempt to run devtest on the same system.

This patch fixes this by creating the temporary file specifically under
$TMP_MOUNT_PATH.

Change-Id: Iecbdc583e37bed542249c316919c3712c28c7440
2015-03-03 15:29:52 -08:00
Ian Wienand
36b59c001c Standarise tracing for scripts
There is a wide variety of tracing options through the various shell
scripts.  Some use "set -eux", others explicity set xtrace and others
do nothing.  There is a "-x" option to bin/disk-image-create but it
doesn't flow down to the many scripts it calls.

This adds a global integer variable set by disk-image-create
DIB_DEBUG_TRACE.  All scripts have a stanza added to detect this and
turn on tracing.  Any other tracing methods are rolled into this.  So
the standard header is

---
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
    set -x
fi
set -eu
set -o pipefail
---

Multiple -x options can be specified to dib-create-image, which
increases the value of DIB_DEBUG_TRACE.  If script authors feel their
script should only trace at higher levels, they should modify the
"-gt" value.  If they feel it should trace by default, they can modify
the default value also.

Changes to pachset 16 : scripts which currently trace themselves by
default have retained this behaviour with DIB_DEBUG_TRACE defaulting
to "1".  This was done by running [1] on patch set 15.  See the thread
beginning at [2]

dib-lint is also updated to look for the variable being matched.

[1] https://gist.github.com/ianw/71bbda9e6acc74ccd0fd
[2] http://lists.openstack.org/pipermail/openstack-dev/2014-November/051575.html

Change-Id: I6c5a962260741dcf6f89da9a33b96372a719b7b0
2015-02-12 10:41:32 +11:00
Gregory Haynes
c4bbb6f3bc Create docs site containing element READMEs
We currently do not have the ability to create a docs site which
outlines all the elements.

Change-Id: I77ccf61e0c4b1509b3e7ce9b8f15ea5ccfd50d9b
2015-02-10 11:45:35 -08:00
Gregory Haynes
2626606980 Migrate to new package-installs
We have a new package-installs file format. Migrating existing
package-installs files to the new format.

Change-Id: I57d4a007efee9624e60c41357cefa627d8c7373f
2014-12-01 21:32:13 -08:00
Gregory Haynes
fd0708286c Check python with flake8 instead of dib-lint
We check python files with dib-lint rather than flake8 which have
conflicting opinions. This means weve been (forcibly) writing non pep8
python.

Also fixing pep8 issues so tests pass.

Change-Id: Idc9db40334f6e15738a7802c06697270df68741c
2014-11-21 09:04:52 -08:00
Jenkins
9d252ba318 Merge "Handle extra spaces in merge-svc-map-files" 2014-10-24 07:42:02 +00:00
James Slagle
ccd292c10a svc-map requires PyYAML
svc-map requires PyYAML, so install it. It's not always installed on all base
images.

Change-Id: I7ce5325e8afa0047f67153baa1fc7d4a90196c88
2014-10-21 16:13:16 -04:00
Michael Kerrin
730e7bd76e Handle extra spaces in merge-svc-map-files
During internal testing we are getting the following error from
merge-svc-map-files
File "/tmp/image.K2MYCphY/hooks/extra-data.d/10-merge-svc-map-files", line 54, in main
    with open(data_path, 'r') as dataFile:
IOError: [Errno 21] Is a directory: '...diskimage-builder/elements/svc-map'

Somehow IMAGE_ELEMENT contains a extra white space that manifests itself
as an element without a name. It is very hard to find where this is coming from so
instead this patch makes merge-svc-map-files more robost to this situation

Change-Id: Id1500ead8a77d691408617dcdc4e095bc5775be8
2014-10-20 18:16:39 +01:00
Ryan Brady
c8037cc73f Fix $DISTRO_NAME usage for centos7 element
In both of the changed files in this patch, the $DISTRO_NAME usage
is checking against "centos".  The valid value for the centos7
element for $DISTRO_NAME is "centos7"[1].

[1] http://git.io/8IvuTw

Change-Id: I0c4a4b2ecf87c7a9283d10071f6feb494a6c716a
2014-10-01 21:42:47 -04:00
Ryan Brady
e1853a7d5b Add svc-map element.
Adds a new svc-map element which can be used to install
services based on an in element 'svc-map' YAML config
file format.

This change is intended to decouple elements from DIB
and allow new elements to support multiple distributions
(with various service naming schemes) without having to
constantly maintain DIB's various bin/map-services files.

This patch ensures all of the YAML files are compiled into
a single file without namespaces.  The YAML compilation
process occurs during image creation time and errors if
conflicting mappings are found.

Change-Id: Id11433ea342aace71a358936a7ca3151ec11d506
2014-09-26 12:00:38 -04:00