912809b0fa
Fibre Channel devices can go into Linkdown or Offline mode after a many times being PCI pass through to virsh domains. We need to make sure that the HBA we are attempting to pass through to the virsh domain is actually in port_state="Online". If the HBA isn't online, then every volume attachment via that HBA will fail 100% of the time. This patch adds a test against the requested HBA(s) and makes sure that they are Online. If all the requested HBA(s) are not Online, then the script will fail. Change-Id: Icf05bc3ed6adb842006852f1804696fc416c0d26
54 lines
2.1 KiB
Bash
Executable File
54 lines
2.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright (C) 2015 Hewlett-Packard Development Company, L.P.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
#
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# This script is to restrict which commands the FC passthrough is allowed
|
|
# to run using its key.
|
|
# To use it, copy it to /usr/local/bin/fc_commands.sh
|
|
# Then update the user's .ssh/authorize key file with the following line:
|
|
# command="/usr/local/bin/fc_commands.sh",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa <fc-passthrough-public-key> fc-passthrough
|
|
#
|
|
# If you override the default values for some parameters in the
|
|
# invoke_fc_passthrough.sh script, you will need to update the
|
|
# list of ALLOWED_CMDS. For example: PROVIDER_RC & FC_PCI_VAR_NAME.
|
|
# This script assumes the default values.
|
|
|
|
SSH_ORIGINAL_COMMAND=${SSH_ORIGINAL_COMMAND:-$1}
|
|
IFS=$'\n'
|
|
ALLOWED_CMDS="
|
|
^source keystonerc_jenkins \&\& nova list$
|
|
^source keystonerc_jenkins \&\& nova show [a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+-[a-f0-9]+$
|
|
^virsh nodedev-dettach pci_0000_[02][51]_00_[23]$
|
|
^virsh nodedev-reattach pci_0000_[02][51]_00_[23]$
|
|
^scp -t /tmp/$
|
|
^virsh attach-device instance-[0-9a-f]* /tmp/tmp.*_fcoe.xml$
|
|
^echo \\\$fc_pci_device$
|
|
^systool -c fc_host -v$
|
|
^systool -c fc_host -v | grep -B12 'Online' | grep 'Class Device path' | grep '.*'$"
|
|
|
|
#Don't allow any sudo commands
|
|
if [[ ! $SSH_ORIGINAL_COMMAND =~ sudo ]]; then
|
|
for CMD in $ALLOWED_CMDS
|
|
do
|
|
if [[ $SSH_ORIGINAL_COMMAND =~ $CMD ]]; then
|
|
eval $SSH_ORIGINAL_COMMAND
|
|
# exit with the invoked command's return code for benefit of the caller
|
|
exit $?
|
|
fi
|
|
done
|
|
fi
|