Copy/remove the strongswan.d config as root
The strongswan.d config dir (usually /etc/strongswan.d) is usually owned by root but the neutron-vpn-agent may run as non-root so the files need to be copied as root to not get a "permission denied" error. Change-Id: I40785f8c89b304efdf0f95469ec5a2d57b0cad60 Closes-Bug: #1586986
This commit is contained in:
parent
764344f710
commit
beff6e945c
|
@ -8,9 +8,11 @@
|
|||
|
||||
[Filters]
|
||||
|
||||
cp: RegExpFilter, cp, root, cp, -a, .*, .*/strongswan.d
|
||||
ip: IpFilter, ip, root
|
||||
ip_exec: IpNetnsExecFilter, ip, root
|
||||
ipsec: CommandFilter, ipsec, root
|
||||
rm: RegExpFilter, rm, root, rm, -rf, (.*/strongswan.d|.*/ipsec/[0-9a-z-]+)
|
||||
strongswan: CommandFilter, strongswan, root
|
||||
neutron_netns_wrapper: CommandFilter, neutron-vpn-netns-wrapper, root
|
||||
neutron_netns_wrapper_local: CommandFilter, /usr/local/bin/neutron-vpn-netns-wrapper, root
|
||||
|
|
|
@ -25,6 +25,7 @@ import eventlet
|
|||
import jinja2
|
||||
import netaddr
|
||||
from neutron.agent.linux import ip_lib
|
||||
from neutron.agent.linux import utils as agent_utils
|
||||
from neutron.api.v2 import attributes
|
||||
from neutron.common import rpc as n_rpc
|
||||
from neutron.common import utils as n_utils
|
||||
|
@ -226,7 +227,8 @@ class BaseSwanProcess(object):
|
|||
|
||||
def remove_config(self):
|
||||
"""Remove whole config file."""
|
||||
shutil.rmtree(self.config_dir, ignore_errors=True)
|
||||
agent_utils.execute(
|
||||
cmd=["rm", "-rf", self.config_dir], run_as_root=True)
|
||||
|
||||
def _get_config_filename(self, kind):
|
||||
config_dir = self.etc_dir
|
||||
|
|
|
@ -14,11 +14,11 @@
|
|||
# under the License.
|
||||
|
||||
import os
|
||||
import shutil
|
||||
|
||||
from oslo_config import cfg
|
||||
|
||||
from neutron.agent.linux import ip_lib
|
||||
from neutron.agent.linux import utils
|
||||
from neutron.plugins.common import constants
|
||||
|
||||
from neutron_vpnaas._i18n import _
|
||||
|
@ -111,9 +111,12 @@ class StrongSwanProcess(ipsec.BaseSwanProcess):
|
|||
extra_ok_codes=extra_ok_codes)
|
||||
|
||||
def copy_and_overwrite(self, from_path, to_path):
|
||||
# NOTE(toabctl): the agent may run as non-root user, so rm/copy as root
|
||||
if os.path.exists(to_path):
|
||||
shutil.rmtree(to_path)
|
||||
shutil.copytree(from_path, to_path)
|
||||
utils.execute(
|
||||
cmd=["rm", "-rf", to_path], run_as_root=True)
|
||||
utils.execute(
|
||||
cmd=["cp", "-a", from_path, to_path], run_as_root=True)
|
||||
|
||||
def ensure_configs(self):
|
||||
"""Generate config files which are needed for StrongSwan.
|
||||
|
|
Loading…
Reference in New Issue