Execute neutron-vpn-netns-wrapper with rootwrap_config argument
When neutron uses neutron-rootwrap as the root_helper, add
the --rootwrap_config parameter to neutron-vpn-netns-wrapper
execution to support environments where rootwrap.conf is not
in the default location.
Closes-Bug: #1822199
Change-Id: I0a345d1b1815560dc4dd35fa5c9a34055fc9fb08
(cherry picked from commit 7e9922858f
)
This commit is contained in:
parent
a758545cef
commit
4c2ee078b2
|
@ -279,6 +279,13 @@ class BaseSwanProcess(object):
|
||||||
{'vpnservice': vpnservice,
|
{'vpnservice': vpnservice,
|
||||||
'state_path': self.conf.state_path})
|
'state_path': self.conf.state_path})
|
||||||
|
|
||||||
|
def _get_rootwrap_config(self):
|
||||||
|
if 'neutron-rootwrap' in cfg.CONF.AGENT.root_helper:
|
||||||
|
rh_tokens = cfg.CONF.AGENT.root_helper.split(' ')
|
||||||
|
if len(rh_tokens) == 3 and os.path.exists(rh_tokens[2]):
|
||||||
|
return rh_tokens[2]
|
||||||
|
return None
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def get_status(self):
|
def get_status(self):
|
||||||
pass
|
pass
|
||||||
|
|
|
@ -29,6 +29,7 @@ class LibreSwanProcess(ipsec.OpenSwanProcess):
|
||||||
"""
|
"""
|
||||||
# pylint: disable=useless-super-delegation
|
# pylint: disable=useless-super-delegation
|
||||||
def __init__(self, conf, process_id, vpnservice, namespace):
|
def __init__(self, conf, process_id, vpnservice, namespace):
|
||||||
|
self._rootwrap_cfg = self._get_rootwrap_config()
|
||||||
super(LibreSwanProcess, self).__init__(conf, process_id,
|
super(LibreSwanProcess, self).__init__(conf, process_id,
|
||||||
vpnservice, namespace)
|
vpnservice, namespace)
|
||||||
|
|
||||||
|
@ -47,6 +48,8 @@ class LibreSwanProcess(ipsec.OpenSwanProcess):
|
||||||
return ip_wrapper.netns.execute(
|
return ip_wrapper.netns.execute(
|
||||||
[NS_WRAPPER,
|
[NS_WRAPPER,
|
||||||
'--mount_paths=%s' % mount_paths_str,
|
'--mount_paths=%s' % mount_paths_str,
|
||||||
|
('--rootwrap_config=%s' % self._rootwrap_cfg
|
||||||
|
if self._rootwrap_cfg else ''),
|
||||||
'--cmd=%s,%s' % (self.binary, ','.join(cmd))],
|
'--cmd=%s,%s' % (self.binary, ','.join(cmd))],
|
||||||
check_exit_code=check_exit_code,
|
check_exit_code=check_exit_code,
|
||||||
extra_ok_codes=extra_ok_codes)
|
extra_ok_codes=extra_ok_codes)
|
||||||
|
|
|
@ -82,6 +82,7 @@ class StrongSwanProcess(ipsec.BaseSwanProcess):
|
||||||
self.DIALECT_MAP['v2'] = 'ikev2'
|
self.DIALECT_MAP['v2'] = 'ikev2'
|
||||||
self.DIALECT_MAP['sha256'] = 'sha256'
|
self.DIALECT_MAP['sha256'] = 'sha256'
|
||||||
self._strongswan_piddir = self._get_strongswan_piddir()
|
self._strongswan_piddir = self._get_strongswan_piddir()
|
||||||
|
self._rootwrap_cfg = self._get_rootwrap_config()
|
||||||
LOG.debug("strongswan piddir is '%s'", (self._strongswan_piddir))
|
LOG.debug("strongswan piddir is '%s'", (self._strongswan_piddir))
|
||||||
super(StrongSwanProcess, self).__init__(conf, process_id,
|
super(StrongSwanProcess, self).__init__(conf, process_id,
|
||||||
vpnservice, namespace)
|
vpnservice, namespace)
|
||||||
|
@ -115,6 +116,8 @@ class StrongSwanProcess(ipsec.BaseSwanProcess):
|
||||||
[NS_WRAPPER,
|
[NS_WRAPPER,
|
||||||
'--mount_paths=/etc:%s/etc,%s:%s/var/run' % (
|
'--mount_paths=/etc:%s/etc,%s:%s/var/run' % (
|
||||||
self.config_dir, self._strongswan_piddir, self.config_dir),
|
self.config_dir, self._strongswan_piddir, self.config_dir),
|
||||||
|
('--rootwrap_config=%s' % self._rootwrap_cfg
|
||||||
|
if self._rootwrap_cfg else ''),
|
||||||
'--cmd=%s' % ','.join(cmd)],
|
'--cmd=%s' % ','.join(cmd)],
|
||||||
check_exit_code=check_exit_code,
|
check_exit_code=check_exit_code,
|
||||||
extra_ok_codes=extra_ok_codes)
|
extra_ok_codes=extra_ok_codes)
|
||||||
|
|
Loading…
Reference in New Issue