[neutron] Rely on PATH env set by devstack

This was missed as part of [1], neutron sets exec_dirs in rootwrap.conf differently so that also needs to be fixed. Without it neutron openvswitch jobs relying on neutron-keepalived-state-change scripts were failing when deployed with GLOBAL_VENV=True as binaries no longer found at /usr/local/bin. [1] https://review.opendev.org/c/openstack/devstack/+/558930 Closes-Bug: #2031415 Change-Id: I9aa56bff02594f253381ffe47a70949079f4c240
2023-08-28 10:52:26 +05:30 · 2023-08-28 10:52:26 +05:30 · ffc1b76f64
parent e2bd271790
commit ffc1b76f64
1 changed files with 4 additions and 1 deletions
--- a/lib/neutron
+++ b/lib/neutron
@ -1075,7 +1075,10 @@ function _neutron_setup_rootwrap {
        sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
    fi
    sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
-    sudo sed -e 's:^exec_dirs=\(.*\)$:exec_dirs=\1,/usr/local/bin:' -i $Q_RR_CONF_FILE
+    # Rely on $PATH set by devstack to determine what is safe to execute
+    # by rootwrap rather than use explicit whitelist of paths in
+    # rootwrap.conf
+    sudo sed -e 's/^exec_dirs=.*/#&/' -i $Q_RR_CONF_FILE

    # Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
    ROOTWRAP_SUDOER_CMD="$NEUTRON_ROOTWRAP $Q_RR_CONF_FILE *"