Stop storing and passing root_helper

Change-Id: I6566e17a1ce07a3bebf2a1a3653ad7e7f397f0b9
Depends-On: I1b729241aa76b2dcb053b51c69d28e1c5359b4f7
Partially-Implements: blueprint rootwrap-daemon-mode

neutron_lbaas/services/loadbalancer/agent/agent.py

@@ -54,7 +54,6 @@ def main():
     cfg.CONF.register_opts(interface.OPTS)
     config.register_interface_driver_opts_helper(cfg.CONF)
     config.register_agent_state_opts_helper(cfg.CONF)
-    config.register_root_helper(cfg.CONF)
 
     common_config.init(sys.argv[1:])
     config.setup_logging()

neutron_lbaas/services/loadbalancer/drivers/haproxy/namespace_driver.py

@@ -17,7 +17,6 @@ import shutil
 import socket
 
 import netaddr
-from neutron.agent.common import config
 from neutron.agent.linux import ip_lib
 from neutron.agent.linux import utils
 from neutron.common import exceptions
@@ -67,7 +66,6 @@ cfg.CONF.register_opts(OPTS, 'haproxy')
 class HaproxyNSDriver(agent_device_driver.AgentDeviceDriver):
     def __init__(self, conf, plugin_rpc):
         self.conf = conf
-        self.root_helper = config.get_root_helper(conf)
         self.state_path = conf.haproxy.loadbalancer_state_path
         try:
             vif_driver = importutils.import_object(conf.interface_driver, conf)
@@ -112,8 +110,7 @@ class HaproxyNSDriver(agent_device_driver.AgentDeviceDriver):
         cmd = ['haproxy', '-f', conf_path, '-p', pid_path]
         cmd.extend(extra_cmd_args)
 
-        ns = ip_lib.IPWrapper(root_helper=self.root_helper,
-                              namespace=namespace)
+        ns = ip_lib.IPWrapper(namespace=namespace)
         ns.netns.execute(cmd)
 
         # remember the pool<>port mapping
@@ -128,7 +125,7 @@ class HaproxyNSDriver(agent_device_driver.AgentDeviceDriver):
         pid_path = self._get_state_file_path(pool_id, 'pid')
 
         # kill the process
-        kill_pids_in_file(self.root_helper, pid_path)
+        kill_pids_in_file(pid_path)
 
         # unplug the ports
         if pool_id in self.pool_to_port_id:
@@ -137,8 +134,7 @@ class HaproxyNSDriver(agent_device_driver.AgentDeviceDriver):
         # delete all devices from namespace;
         # used when deleting orphans and port_id is not known for pool_id
         if cleanup_namespace:
-            ns = ip_lib.IPWrapper(root_helper=self.root_helper,
-                                  namespace=namespace)
+            ns = ip_lib.IPWrapper(namespace=namespace)
             for device in ns.get_devices(exclude_loopback=True):
                 self.vif_driver.unplug(device.name, namespace=namespace)
 
@@ -148,13 +144,12 @@ class HaproxyNSDriver(agent_device_driver.AgentDeviceDriver):
             shutil.rmtree(conf_dir)
 
         if delete_namespace:
-            ns = ip_lib.IPWrapper(root_helper=self.root_helper,
-                                  namespace=namespace)
+            ns = ip_lib.IPWrapper(namespace=namespace)
             ns.garbage_collect_namespace()
 
     def exists(self, pool_id):
         namespace = get_ns_name(pool_id)
-        root_ns = ip_lib.IPWrapper(root_helper=self.root_helper)
+        root_ns = ip_lib.IPWrapper()
 
         socket_path = self._get_state_file_path(pool_id, 'sock', False)
         if root_ns.netns.exists(namespace) and os.path.exists(socket_path):
@@ -250,9 +245,7 @@ class HaproxyNSDriver(agent_device_driver.AgentDeviceDriver):
         self.plugin_rpc.plug_vip_port(port['id'])
         interface_name = self.vif_driver.get_device_name(Wrap(port))
 
-        if ip_lib.device_exists(interface_name,
-                                root_helper=self.root_helper,
-                                namespace=namespace):
+        if ip_lib.device_exists(interface_name, namespace=namespace):
             if not reuse_existing:
                 raise exceptions.PreexistingDeviceFailure(
                     dev_name=interface_name
@@ -284,8 +277,7 @@ class HaproxyNSDriver(agent_device_driver.AgentDeviceDriver):
 
         if gw_ip:
             cmd = ['route', 'add', 'default', 'gw', gw_ip]
-            ip_wrapper = ip_lib.IPWrapper(root_helper=self.root_helper,
-                                          namespace=namespace)
+            ip_wrapper = ip_lib.IPWrapper(namespace=namespace)
             ip_wrapper.netns.execute(cmd, check_exit_code=False)
             # When delete and re-add the same vip, we need to
             # send gratuitous ARP to flush the ARP cache in the Router.
@@ -408,13 +400,13 @@ def get_ns_name(namespace_id):
     return NS_PREFIX + namespace_id
 
 
-def kill_pids_in_file(root_helper, pid_path):
+def kill_pids_in_file(pid_path):
     if os.path.exists(pid_path):
         with open(pid_path, 'r') as pids:
             for pid in pids:
                 pid = pid.strip()
                 try:
-                    utils.execute(['kill', '-9', pid], root_helper)
+                    utils.execute(['kill', '-9', pid], run_as_root=True)
                 except RuntimeError:
                     LOG.exception(
                         _LE('Unable to kill haproxy process: %s'),

neutron_lbaas/services/loadbalancer/drivers/haproxy/synchronous_namespace_driver.py

@@ -54,7 +54,6 @@ cfg.CONF.register_opts(namespace_driver.OPTS, 'haproxy')
 cfg.CONF.register_opts(lb_agent.OPTS, 'haproxy')
 cfg.CONF.register_opts(interface.OPTS)
 cfg.CONF.register_opts(config.INTERFACE_DRIVER_OPTS, 'haproxy')
-config.register_root_helper(cfg.CONF)
 
 
 def get_ns_name(namespace_id):
@@ -80,7 +79,6 @@ class HaproxyNSDriver(driver_base.LoadBalancerBaseDriver):
     def __init__(self, plugin):
         super(HaproxyNSDriver, self).__init__(plugin)
         self.conf = cfg.CONF
-        self.root_helper = config.get_root_helper(self.conf)
         self.state_path = os.path.join(
             self.conf.haproxy.loadbalancer_state_path, STATE_PATH_V2_APPEND)
         if not self.conf.haproxy.interface_driver:
@@ -176,8 +174,7 @@ class HaproxyNSDriver(driver_base.LoadBalancerBaseDriver):
 
         interface_name = self.vif_driver.get_device_name(port)
 
-        if ip_lib.device_exists(interface_name, self.root_helper,
-                                namespace):
+        if ip_lib.device_exists(interface_name, namespace):
             if not reuse_existing:
                 raise exceptions.PreexistingDeviceFailure(
                     dev_name=interface_name
@@ -212,8 +209,7 @@ class HaproxyNSDriver(driver_base.LoadBalancerBaseDriver):
 
         if gw_ip:
             cmd = ['route', 'add', 'default', 'gw', gw_ip]
-            ip_wrapper = ip_lib.IPWrapper(self.root_helper,
-                                          namespace=namespace)
+            ip_wrapper = ip_lib.IPWrapper(namespace=namespace)
             ip_wrapper.netns.execute(cmd, check_exit_code=False)
             # When delete and re-add the same vip, we need to
             # send gratuitous ARP to flush the ARP cache in the Router.
@@ -245,7 +241,7 @@ class HaproxyNSDriver(driver_base.LoadBalancerBaseDriver):
         cmd = ['haproxy', '-f', conf_path, '-p', pid_path]
         cmd.extend(extra_cmd_args)
 
-        ns = ip_lib.IPWrapper(self.root_helper, namespace)
+        ns = ip_lib.IPWrapper(namespace=namespace)
         ns.netns.execute(cmd)
 
         # remember deployed loadbalancer id
@@ -346,10 +342,10 @@ class HaproxyNSDriver(driver_base.LoadBalancerBaseDriver):
 
     def _cleanup_namespace(self, loadbalancer_id):
         namespace = get_ns_name(loadbalancer_id)
-        ns = ip_lib.IPWrapper(self.root_helper, namespace)
+        ns = ip_lib.IPWrapper(namespace=namespace)
         try:
             for device in ns.get_devices(exclude_loopback=True):
-                if ip_lib.device_exists(device.name, self.root_helper):
+                if ip_lib.device_exists(device.name):
                     self.vif_driver.unplug(device.name, namespace=namespace)
         except RuntimeError as re:
             LOG.warn(_LW('An error happend on namespace cleanup: '
@@ -359,7 +355,7 @@ class HaproxyNSDriver(driver_base.LoadBalancerBaseDriver):
     def _kill_processes(self, loadbalancer_id):
         pid_path = self._get_state_file_path(loadbalancer_id, 'haproxy.pid')
         # kill the process
-        namespace_driver.kill_pids_in_file(self.root_helper, pid_path)
+        namespace_driver.kill_pids_in_file(pid_path)
 
     def _unplug_vip_port(self, loadbalancer):
         namespace = get_ns_name(loadbalancer.id)
@@ -405,7 +401,7 @@ class HaproxyNSDriver(driver_base.LoadBalancerBaseDriver):
 
     def exists(self, loadbalancer):
         namespace = get_ns_name(loadbalancer.id)
-        root_ns = ip_lib.IPWrapper(self.root_helper)
+        root_ns = ip_lib.IPWrapper()
 
         socket_path = self._get_state_file_path(
             loadbalancer.id, 'haproxy_stats.sock', False)

neutron_lbaas/tests/unit/services/loadbalancer/drivers/haproxy/test_namespace_driver.py

@@ -31,7 +31,6 @@ class TestHaproxyNSDriver(base.BaseTestCase):
         conf.interface_driver = 'intdriver'
         conf.haproxy.user_group = 'test_group'
         conf.haproxy.send_gratuitous_arp = 3
-        conf.AGENT.root_helper = 'sudo_test'
         self.conf = conf
         self.mock_importer = mock.patch.object(namespace_driver,
                                                'importutils').start()
@@ -52,7 +51,7 @@ class TestHaproxyNSDriver(base.BaseTestCase):
         }
 
     def _ip_mock_call(self, ns=None):
-        kwargs = {'root_helper': self.conf.AGENT.root_helper}
+        kwargs = {}
         if ns:
             kwargs['namespace'] = ns
         return mock.call(**kwargs)
@@ -117,7 +116,7 @@ class TestHaproxyNSDriver(base.BaseTestCase):
 
             self.driver.undeploy_instance('pool_id', delete_namespace=True)
 
-            kill.assert_called_once_with('sudo_test', '/pool/pid')
+            kill.assert_called_once_with('/pool/pid')
             unplug.assert_called_once_with('qlbaas-pool_id', 'port_id')
             isdir.assert_called_once_with('/pool')
             rmtree.assert_called_once_with('/pool')
@@ -415,17 +414,17 @@ class TestHaproxyNSDriver(base.BaseTestCase):
             file_mock.__iter__.return_value = iter(['123'])
 
             path_exists.return_value = False
-            namespace_driver.kill_pids_in_file('sudo_test', 'test_path')
+            namespace_driver.kill_pids_in_file('test_path')
             path_exists.assert_called_once_with('test_path')
             self.assertFalse(mock_open.called)
             self.assertFalse(mock_execute.called)
 
             path_exists.return_value = True
             mock_execute.side_effect = RuntimeError
-            namespace_driver.kill_pids_in_file('sudo_test', 'test_path')
+            namespace_driver.kill_pids_in_file('test_path')
             self.assertTrue(mock_log.called)
             mock_execute.assert_called_once_with(
-                ['kill', '-9', '123'], 'sudo_test')
+                ['kill', '-9', '123'], run_as_root=True)
 
     def test_get_state_file_path(self):
         with mock.patch('os.makedirs') as mkdir:

neutron_lbaas/tests/unit/services/loadbalancer/drivers/haproxy/test_synchronous_driver.py

@@ -42,7 +42,6 @@ class TestHaproxyNSDriver(base.BaseTestCase):
         conf.interface_driver = 'intdriver'
         conf.haproxy.user_group = 'test_group'
         conf.haproxy.send_gratuitous_arp = 3
-        conf.AGENT.root_helper = 'sudo_test'
         conf.haproxy.periodic_interval = 10
         conf.host = 'host1'
         self.conf = conf
@@ -198,7 +197,7 @@ class TestHaproxyNSDriver(base.BaseTestCase):
                           'test_interface', '-c',
                           self.conf.haproxy.send_gratuitous_arp, '10.0.0.2']
             ip_wrap.assert_has_calls([
-                mock.call('sudo', namespace='test_ns'),
+                mock.call(namespace='test_ns'),
                 mock.call().netns.execute(cmd, check_exit_code=False),
                 mock.call().netns.execute(cmd_arping, check_exit_code=False),
             ])
@@ -232,7 +231,7 @@ class TestHaproxyNSDriver(base.BaseTestCase):
             self.driver._plug(self.context_mock, 'test_ns', test_port)
             cmd = ['route', 'add', 'default', 'gw', '10.0.0.1']
             expected = [
-                mock.call('sudo', namespace='test_ns'),
+                mock.call(namespace='test_ns'),
                 mock.call().netns.execute(cmd, check_exit_code=False)]
             self.assertEqual(expected, ip_wrap.mock_calls)
 
@@ -302,7 +301,7 @@ class TestHaproxyNSDriver(base.BaseTestCase):
                 'test_interface', ['10.0.0.2/24'], namespace='test_ns')
             cmd = ['route', 'add', 'default', 'gw', '10.0.0.1']
             ip_wrap.assert_has_calls([
-                mock.call('sudo', namespace='test_ns'),
+                mock.call(namespace='test_ns'),
                 mock.call().netns.execute(cmd, check_exit_code=False),
             ])
 
@@ -329,7 +328,7 @@ class TestHaproxyNSDriver(base.BaseTestCase):
             ns_name = ''.join([sync_driver.NS_PREFIX,
                               self._sample_in_loadbalancer().id])
             ip_wrap.assert_has_calls([
-                mock.call('sudo', ns_name),
+                mock.call(namespace=ns_name),
                 mock.call().netns.execute(cmd)
             ])
 
@@ -454,8 +453,7 @@ class TestHaproxyNSDriver(base.BaseTestCase):
             ip_wrap.return_value.get_devices.return_value = [device]
             device_exists.return_value = True
             self.driver._cleanup_namespace(self._sample_in_loadbalancer().id)
-            device_exists.assert_called_once_with(
-                device.name, self.driver.root_helper)
+            device_exists.assert_called_once_with(device.name)
             vif_driver.unplug.assert_any_calls(
                 [mock.call(device.name, ns_name.return_value)])
             self.assertEqual(1, vif_driver.unplug.call_count)
@@ -469,8 +467,7 @@ class TestHaproxyNSDriver(base.BaseTestCase):
             lb_id = self._sample_in_loadbalancer().id
             self.driver._kill_processes(lb_id)
             gsp.assert_called_once_with(lb_id, 'haproxy.pid')
-            kpif.assert_called_once_with(self.driver.root_helper,
-                                         '/test/path')
+            kpif.assert_called_once_with('/test/path')
 
     def test_unplug_vip_port(self):
         with contextlib.nested(
@@ -573,7 +570,7 @@ class TestHaproxyNSDriver(base.BaseTestCase):
                 [sync_driver.NS_PREFIX,
                  self._sample_in_loadbalancer().id])
             ip_wrap.assert_has_calls([
-                mock.call('sudo'),
+                mock.call(),
                 mock.call().netns.exists(lbns)
             ])
 
@@ -667,17 +664,17 @@ class TestHaproxyNSDriver(base.BaseTestCase):
             file_mock.__iter__.return_value = iter(['123'])
 
             path_exists.return_value = False
-            namespace_driver.kill_pids_in_file('sudo_test', 'test_path')
+            namespace_driver.kill_pids_in_file('test_path')
             path_exists.assert_called_once_with('test_path')
             self.assertFalse(mock_open.called)
             self.assertFalse(mock_execute.called)
 
             path_exists.return_value = True
             mock_execute.side_effect = RuntimeError
-            namespace_driver.kill_pids_in_file('sudo_test', 'test_path')
+            namespace_driver.kill_pids_in_file('test_path')
             self.assertTrue(mock_log.called)
             mock_execute.assert_called_once_with(
-                ['kill', '-9', '123'], 'sudo_test')
+                ['kill', '-9', '123'], run_as_root=True)
 
     # TODO(ptoohill) put samples in reusable location
     def _sample_in_loadbalancer(self):