Browse Source

Initialize privsep in networking-ovn-metadata-agent

We were not initializing privsep in the metadata agent so we weren't
using any root helper to call it. In devstack this is not a problem
since 'stack' user can execute anything but in TripleO deployments
it won't work since user 'neutron' is only allowed to execute commands
through rootwrap/rootwrap-daemon. This patch initializes privsep which
whatever root_helper is configured.

Change-Id: I8b1552f5adfef4f3fb114445b463a4c77b25ac9c
Closes-Bug: #1737587
changes/97/527197/1
Daniel Alvarez 4 years ago
parent
commit
688c34a2dd
  1. 1
      networking_ovn/agent/metadata_agent.py
  2. 10
      networking_ovn/conf/agent/metadata/config.py

1
networking_ovn/agent/metadata_agent.py

@ -31,6 +31,7 @@ def main():
meta.register_meta_conf_opts(meta.OVS_OPTS, group='ovs')
config.init(sys.argv[1:])
config.setup_logging()
meta.setup_privsep()
utils.log_opt_values(LOG)
agt = agent.MetadataAgent(cfg.CONF)

10
networking_ovn/conf/agent/metadata/config.py

@ -13,9 +13,11 @@
# under the License.
import itertools
import shlex
from neutron_lib.utils import host
from oslo_config import cfg
from oslo_privsep import priv_context
from networking_ovn._i18n import _
@ -135,3 +137,11 @@ def list_metadata_agent_opts():
),
('ovs', OVS_OPTS)
]
def get_root_helper(conf):
return conf.AGENT.root_helper
def setup_privsep():
priv_context.init(root_helper=shlex.split(get_root_helper(cfg.CONF)))
Loading…
Cancel
Save