Amit Aviram has uploaded a new change for review. Change subject: hsm: add uploaded image verification ......................................................................
hsm: add uploaded image verification In the new image upload flow, a VDSM's image is being generated and data is being sent into the created volume inside. As this flow is risky in cases where the data is a QCOW file with an invalid backing file, or wrong disk format is sent, VDSM should verify the image in the upload process. This patch adds a verb for upload verification, which verifies that there is no backing file for a QCOW image, and that the format of the uploaded image fits to what the user has specified. Change-Id: Ibf85061536eb4ddff021539c742a674f183a8984 Signed-off-by: Amit Aviram <aavi...@redhat.com> --- M lib/api/vdsmapi-schema.json M lib/vdsm/storage/exception.py M vdsm/API.py M vdsm/storage/hsm.py 4 files changed, 50 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/46/55746/1 diff --git a/lib/api/vdsmapi-schema.json b/lib/api/vdsmapi-schema.json index 1016993..d0c246d 100644 --- a/lib/api/vdsmapi-schema.json +++ b/lib/api/vdsmapi-schema.json @@ -8505,6 +8505,29 @@ 'returns': 'UUID'} ## +# @Volume.verify_upload: +# +# Verify an uploaded image's volume. The verification includes comparing +# the uploaded image's format with the format that is specified in the +# image's volume's metadata, and if the format is QCOW, verifying that +# it has no backingfile. if one of the verifications above fails, an +# error will be raised. +# +# @volumeID: The UUID of the Volume +# +# @storagepoolID: The Storage Pool associated with the Volume +# +# @storagedomainID: The Storage Domain associated with the Volume +# +# @imageID: The Image associated with the Volume +# +# Since: 4.18.0 +## +{'command': {'class': 'Volume', 'name': 'verify_upload'}, + 'data': {'volumeID': 'UUID', 'storagepoolID': 'UUID', + 'storagedomainID': 'UUID', 'imageID': 'UUID'}} + +## # @Volume.extendSize: # # Extends the virtual size of a volume. diff --git a/lib/vdsm/storage/exception.py b/lib/vdsm/storage/exception.py index 5194a87..677d736 100644 --- a/lib/vdsm/storage/exception.py +++ b/lib/vdsm/storage/exception.py @@ -1224,6 +1224,14 @@ message = "Image daemon is unsupported" +class ImageVerificationError(StorageException): + code = 484 + message = "Image verification failed" + + def __init__(self, reason): + self.value = "reason=%s" % reason + + ################################################# # LVM related Exceptions ################################################# diff --git a/vdsm/API.py b/vdsm/API.py index 60bf9ed..0ad1a06 100644 --- a/vdsm/API.py +++ b/vdsm/API.py @@ -827,6 +827,10 @@ self._imgUUID, [self._UUID], postZero, force) + def verify_upload(self): + return self._irs.verifyUpload(self._sdUUID, self._spUUID, + self._imgUUID, self._UUID) + def extendSize(self, newSize): return self._irs.extendVolumeSize( self._spUUID, self._sdUUID, self._imgUUID, self._UUID, newSize) diff --git a/vdsm/storage/hsm.py b/vdsm/storage/hsm.py index 117023d..940d80e 100644 --- a/vdsm/storage/hsm.py +++ b/vdsm/storage/hsm.py @@ -1551,6 +1551,21 @@ self._spmSchedule(spUUID, "purgeImage_%s" % imgUUID, pool.purgeImage, sdUUID, imgUUID, volsByImg) + @public + def verifyUpload(self, sdUUID, spUUID, imgUUID, volUUID): + dom = sdCache.produce(sdUUID=sdUUID) + vol = dom.produceVolume(imgUUID, volUUID) + vol_metadata = vol.getInfo() + vol_qemu_info = qemuimg.info(vol.getVolumePath()) + + if vol_metadata["format"].lower() != vol_qemu_info["format"].lower(): + raise se.ImageVerificationError( + "Image format is different than the " + "format specified by the user") + if "backingfile" in vol_metadata and vol_metadata["backingfile"]: + raise se.ImageVerificationError( + "Backingfile is not allowed for an uploaded image") + def validateImageMove(self, srcDom, dstDom, imgUUID): """ Determines if the image move is legal. -- To view, visit https://gerrit.ovirt.org/55746 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibf85061536eb4ddff021539c742a674f183a8984 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Amit Aviram <aavi...@redhat.com> _______________________________________________ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches