openstack
/
neutron-vpnaas
Code Issues Proposed changes

Execute neutron-vpn-netns-wrapper with rootwrap_config argument 

When neutron uses neutron-rootwrap as the root_helper, add
the --rootwrap_config parameter to neutron-vpn-netns-wrapper
execution to support environments where rootwrap.conf is not
in the default location.

Closes-Bug: #1822199
Change-Id: I0a345d1b1815560dc4dd35fa5c9a34055fc9fb08
(cherry picked from commit 7e9922858f)
This commit is contained in:
Stephen Ma 2019-03-29 09:31:03 -07:00 committed by stephen-ma
parent 092192df44
commit af71c17d51
3 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
neutron_vpnaas/services/vpn/device_drivers/ipsec.py
View File

@ -279,6 +279,13 @@ class BaseSwanProcess(object):
{'vpnservice': vpnservice, {'vpnservice': vpnservice,
'state_path': self.conf.state_path}) 'state_path': self.conf.state_path})
def _get_rootwrap_config(self):
if 'neutron-rootwrap' in cfg.CONF.AGENT.root_helper:
rh_tokens = cfg.CONF.AGENT.root_helper.split(' ')
if len(rh_tokens) == 3 and os.path.exists(rh_tokens[2]):
return rh_tokens[2]
return None
@abc.abstractmethod @abc.abstractmethod
def get_status(self): def get_status(self):
pass pass

3
neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py
View File

@ -28,6 +28,7 @@ class LibreSwanProcess(ipsec.OpenSwanProcess):
Libreswan needs nssdb initialised before running pluto daemon. Libreswan needs nssdb initialised before running pluto daemon.
""" """
def __init__(self, conf, process_id, vpnservice, namespace): def __init__(self, conf, process_id, vpnservice, namespace):
self._rootwrap_cfg = self._get_rootwrap_config()
super(LibreSwanProcess, self).__init__(conf, process_id, super(LibreSwanProcess, self).__init__(conf, process_id,
vpnservice, namespace) vpnservice, namespace)
@ -46,6 +47,8 @@ class LibreSwanProcess(ipsec.OpenSwanProcess):
return ip_wrapper.netns.execute( return ip_wrapper.netns.execute(
[NS_WRAPPER, [NS_WRAPPER,
'--mount_paths=%s' % mount_paths_str, '--mount_paths=%s' % mount_paths_str,
('--rootwrap_config=%s' % self._rootwrap_cfg
if self._rootwrap_cfg else ''),
'--cmd=%s,%s' % (self.binary, ','.join(cmd))], '--cmd=%s,%s' % (self.binary, ','.join(cmd))],
check_exit_code=check_exit_code, check_exit_code=check_exit_code,
extra_ok_codes=extra_ok_codes) extra_ok_codes=extra_ok_codes)

3
neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py
View File

@ -82,6 +82,7 @@ class StrongSwanProcess(ipsec.BaseSwanProcess):
self.DIALECT_MAP['v2'] = 'ikev2' self.DIALECT_MAP['v2'] = 'ikev2'
self.DIALECT_MAP['sha256'] = 'sha256' self.DIALECT_MAP['sha256'] = 'sha256'
self._strongswan_piddir = self._get_strongswan_piddir() self._strongswan_piddir = self._get_strongswan_piddir()
self._rootwrap_cfg = self._get_rootwrap_config()
LOG.debug("strongswan piddir is '%s'", (self._strongswan_piddir)) LOG.debug("strongswan piddir is '%s'", (self._strongswan_piddir))
super(StrongSwanProcess, self).__init__(conf, process_id, super(StrongSwanProcess, self).__init__(conf, process_id,
vpnservice, namespace) vpnservice, namespace)
@ -115,6 +116,8 @@ class StrongSwanProcess(ipsec.BaseSwanProcess):
[NS_WRAPPER, [NS_WRAPPER,
'--mount_paths=/etc:%s/etc,%s:%s/var/run' % ( '--mount_paths=/etc:%s/etc,%s:%s/var/run' % (
self.config_dir, self._strongswan_piddir, self.config_dir), self.config_dir, self._strongswan_piddir, self.config_dir),
('--rootwrap_config=%s' % self._rootwrap_cfg
if self._rootwrap_cfg else ''),
'--cmd=%s' % ','.join(cmd)], '--cmd=%s' % ','.join(cmd)],
check_exit_code=check_exit_code, check_exit_code=check_exit_code,
extra_ok_codes=extra_ok_codes) extra_ok_codes=extra_ok_codes)