[lxc-devel] [pylxd/master] Fix container migration
zulcss on Github
lxc-bot at linuxcontainers.org
Fri Mar 4 14:02:57 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 352 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160304/56e5d355/attachment.bin>
-------------- next part --------------
From 00dda91f883904831e26be1da64c4e9212d2a2b7 Mon Sep 17 00:00:00 2001
From: Chuck Short <chuck.short at canonical.com>
Date: Thu, 3 Mar 2016 14:03:20 -0500
Subject: [PATCH 1/2] Fix container migration
nova-lxd expects the full container migation dict now
when doing migrations.
Signed-off-by: Chuck Short <chuck.short at canonical.com>
---
pylxd/deprecated/container.py | 8 +-------
pylxd/deprecated/tests/test_container.py | 9 +++++----
2 files changed, 6 insertions(+), 11 deletions(-)
diff --git a/pylxd/deprecated/container.py b/pylxd/deprecated/container.py
index 19bf4b7..ff9f518 100644
--- a/pylxd/deprecated/container.py
+++ b/pylxd/deprecated/container.py
@@ -119,16 +119,10 @@ def container_info(self, container):
def container_migrate(self, container):
action = {'migration': True}
- (state, data) = self.connection.get_object(
+ return self.connection.get_object(
'POST', '/1.0/containers/%s' % container,
json.dumps(action))
- return_data = {
- 'operation': str(data['operation'].split('/1.0/operations/')[-1]),
- }
- return_data.update(data['metadata'])
- return return_data
-
def container_migrate_sync(self, operation_id, container_secret):
return self.connection.get_ws(
'/1.0/operations/%s/websocket?secret=%s'
diff --git a/pylxd/deprecated/tests/test_container.py b/pylxd/deprecated/tests/test_container.py
index 5c57f36..2be4f22 100644
--- a/pylxd/deprecated/tests/test_container.py
+++ b/pylxd/deprecated/tests/test_container.py
@@ -122,10 +122,11 @@ def test_container_info(self, ms):
def test_container_migrate(self, ms):
ms.return_value = ('200', fake_api.fake_container_migrate())
self.assertEqual(
- {'control': 'fake_control',
- 'criu': 'fake_criu',
- 'fs': 'fake_fs',
- 'operation': '1234'},
+ ('200', {'type': 'sync', 'status': 'Success',
+ 'metadata': {'criu': 'fake_criu', 'fs':
+ 'fake_fs', 'control':
+ 'fake_control'}, 'operation':
+ '/1.0/operations/1234', 'status_code': 200}),
self.lxd.container_migrate('trusty-1'))
ms.assert_called_once_with('POST',
'/1.0/containers/trusty-1',
From 5d92fd0a0041c6236276a4714b9304e147292891 Mon Sep 17 00:00:00 2001
From: Chuck Short <chuck.short at canonical.com>
Date: Thu, 3 Mar 2016 20:41:18 -0500
Subject: [PATCH 2/2] Grab the certificate of the host
In more recent versions of LXD, a certificate is
required to authenicate against LXD to prevent
MITM attacks. Make an API call to allow parsing
the host certificate.
Signed-off-by: Chuck Short <chuck.short at canonical.com>
---
pylxd/deprecated/api.py | 3 +++
pylxd/deprecated/hosts.py | 8 ++++++++
2 files changed, 11 insertions(+)
diff --git a/pylxd/deprecated/api.py b/pylxd/deprecated/api.py
index bb0f115..18660d4 100644
--- a/pylxd/deprecated/api.py
+++ b/pylxd/deprecated/api.py
@@ -68,6 +68,9 @@ def get_lxd_version(self, data=None):
def get_kernel_version(self, data=None):
return self.hosts.get_kernel_version(data)
+ def get_host_certificate(self):
+ return self.hosts.get_certificate()
+
# images
def image_list(self):
return self.image.image_list()
diff --git a/pylxd/deprecated/hosts.py b/pylxd/deprecated/hosts.py
index 8e61894..2ea757f 100644
--- a/pylxd/deprecated/hosts.py
+++ b/pylxd/deprecated/hosts.py
@@ -108,3 +108,11 @@ def get_kernel_version(self, data):
return data['environment']['kernel_version']
except exceptions.PyLXDException as e:
print('Handling run-time error: {}'.format(e))
+
+ def get_certificate(self):
+ try:
+ (state, data) = self.connection.get_object('GET', '/1.0')
+ data = data.get('metadata')
+ return data['environment']['certificate']
+ except exceptions.PyLXDException as e:
+ print('Handling run-time error: {}'.format(e))
More information about the lxc-devel
mailing list