The current rootwrap.conf file is outdated and doesn't include some
parameters. This change updates the content to make it consistent with
the latest example file in oslo.rootwrap.
Change-Id: I0b40b0bea4bbcbc78490dbfa3877cdd3a26ac298
Options for XenAPI support are supposed to have been deprecated, but
actually they were removed by the deprecation patch[1]. This change is
a partial revert of that patch[1], and ensures that these options are
loaded, so that warning messages about these deprecated options appear
in logs.
This change also removes these deprecated options from the example
rootwrap conf file.
[1] a6dbf97242
Change-Id: Id024dabf276e492268e723e526d7a787156eb9c1
Set a big timeout for rootwrap daemon in functional and fullstack
tests. The value defined in 7800, the same as the Zuul jobs
timeout.
This timeout increase will prevent the daemon to close when
executing a test root command, as described in the bug. An
unexpected rootwrap daemon closure is not considered as a normal
event during the test execution.
The default value set in the configuration file is 600 seconds, the
same as daemon default value. This timeout is increased only when
OS_SUDO_TESTING=1, that means functional and fullstack tests, when
using the script "tools/deploy_rootwrap.sh".
Change-Id: I691300a4e9a7cccd8887bc8f95ba9cea32988bac
Closes-Bug: #1850558
This patch adds possibility to configure kill hooks used to kill
external processes, like dnsmasq or keepalived.
Change-Id: I29dfbedfb7167982323dcff1c4554ee780cc48db
Closes-Bug: #1825943
This update will allow for local executables that require root
privileges, such as dibbler-client for IPv6 Prefix Delegation.
Change-Id: Id7aebb50e60b1cc64c113be63c599387be5f1765
When working with OVN i found on Fedora 21 that
my ovs-vsctl is installed in /usr/local/bin, since this wasnt in
rootwrap DHCP didnt work properly.
This change adds it to rootwrap
Change-Id: Ib3646933744ca6b20ecd5ad0cedcedb4f1fa5f12
The values user0 and user1 do not map to valid facility values.
local1, etc. Using user0 results in a pri value that does not map
back to a facility of the same name in syslog.
RFC5424 suggest values values of local0 through local7. Setting
syslog_log_facility to one of those values results in a message with a
priority that can be mapped back to the original string value.
This fix adjusts the comment in rootwrap.conf to suggest the local
prefix instead of the user prefix.
Change-Id: I835ad17c817b8623e382368b39b06944470be480
Closes-bug: #1280879
Use the common oslo-incubator rootwrap rather than maintain a
specific fork within Neutron.
- Migrated DnsmasqFilter use in dhcp.filters to the new EnvFilter
- Changed environment passing in ip_lib's netns.execute so that
it can be properly matched using IpNetNsExecFilter + EnvFilter.
It now calls "ip netns exec ns env A=B C=D command" instead of
"A=B C=D ip netns exec ns command". Adjusted tests accordingly.
All the other changes are coming directly from the Oslo "rootwrap"
module sync.
Notes:
- Neutron locates its rootwrap.conf in etc/ rather than in etc/neutron
- Neutron maintains a specific bin/quantum-rootwrap-xen-dom0 which
requires additional config in rootwrap.conf
Both behaviors were preserved in this commit, but this may need to be
addressed in the future to simplify future oslo-rootwrap updates.
Implements bp: quantum-common-rootwrap
Change-Id: I02879942a9d1169a71aa4d684c1b9ec109a6de32
As per change https://review.openstack.org/33429 the config sections
became lowercase. This patch makes the quantum-rootwrap-xen-dom0
rootwrap to be case insensitive for the xenapi section.
This patch also changes the default config file to use a lowercase
xenapi section.
Fixes bug 1195781
Change-Id: Ic24feb1a9ad6f8823745b1febd4a0edd54e73498
Avoid depending on platform specific paths for rootwrap
by using exec_dirs in rootwrap. Fixes rootwrap configuration
for SUSE.
Fixes bug #1156044
Change-Id: I54d082c543fd84b40db0caa3571300ac0bb07b57
* Config doc: http://wiki.openstack.org/QuantumDevstackOvsXcp
* The Open vSwitch agent needs to be deployed on domU but
interact with a dom0 bridge.
* Add a root wrapper and associated XenAPI plugin to allow the
agent to execute networking commands against dom0 from domU.
* Update ovs_lib mac address discovery to use ip_lib to
ensure that discovery works even for bridges not local to
the agent (i.e. dom0 bridges). A bridge configured with
a dom0 root wrapper will execute ip link on dom0.
* Update ip_lib to use a root helper by default to ensure that
the 'ip' command will execute on dom0.
* Remove obselete rpm spec and installer for dom0 agent.
* Credit where credit is due - the XenAPI plugin and its
packaging were largely copied from nova.
* Supports blueprint xenapi-ovs
Change-Id: I7795446ee1267712c896f5cb3401f84fb1763ce7
Fix bug 1037815
Summary: Copy/paste the essential parts of the rootwrap
mechanism from nova/cinder into quantum. This includes
the core changes to filter.py and wrapper.py which deal
with loading filters from files pointed to by
rootwrap.conf
Detailed changes:
Transliterate the old rootwrap/*-agent.py files to
new format, and put the results in etc/quantum/rootwrap.d
Delete the *-agent.py files.
Add conf to point to etc/quantum/rootwrap.d
Add a unit test cribbed from nova to exercise the filter
mechanism
Add a unit test to exercise the actual filtered execution
Note that as written, this patch does not set the default
execute mechanism (in the agent .ini files) to rootwrap,
leaves it as sudo. That can be done in a followon
change, or in distro specific packaging.
Note also that there is still work to do around finishing
and testing the filter specs themselves. We've decided
that that is out of scope for this patch.
Change-Id: I9aba6adc5ba40b6145be5fa38c5ece3b666ae5ca
Takashi Kajinami