Convert ext filesystem resizes to privsep.

This patch introduces the first code in the privsep directory which
_does_not_ run with escalated premissions. This is a requirement because
the privsep code has a restricted python path when executing. This
pattern will be used for other methods which are only sometimes
escalated.

Change-Id: Ie09e40d6476dcabda2d599e96701d419e3e8bdf0
blueprint: hurrah-for-privsep

1 files changed, 25 insertions, 0 deletions

diff --git a/nova/privsep/fs.py b/nova/privsep/fs.py
index e637a05e3d..34e56690b4 100644
--- a/nova/privsep/fs.py
+++ b/nova/privsep/fs.py
@@ -18,10 +18,14 @@ Helpers for filesystem related routines.
 """
 
 from oslo_concurrency import processutils
+from oslo_log import log as logging
 
 import nova.privsep
 
 
+LOG = logging.getLogger(__name__)
+
+
 @nova.privsep.sys_admin_pctxt.entrypoint
 def mount(fstype, device, mountpoint, options):
     mount_cmd = ['mount']
@@ -123,3 +127,24 @@ def remove_device_maps(device):
 def get_filesystem_type(device):
     return processutils.execute('blkid', '-o', 'value', '-s', 'TYPE', device,
                                 check_exit_code=[0, 2])
+
+
+@nova.privsep.sys_admin_pctxt.entrypoint
+def resize2fs(image, check_exit_code):
+    unprivileged_resize2fs(image, check_exit_code)
+
+
+# NOTE(mikal): this method is deliberately not wrapped in a privsep entrypoint
+def unprivileged_resize2fs(image, check_exit_code):
+    try:
+        processutils.execute('e2fsck',
+                             '-fp',
+                             image,
+                             check_exit_code=[0, 1, 2])
+    except processutils.ProcessExecutionError as exc:
+        LOG.debug("Checking the file system with e2fsck has failed, "
+                  "the resize will be aborted. (%s)", exc)
+    else:
+        processutils.execute('resize2fs',
+                             image,
+                             check_exit_code=check_exit_code)