Run neutron-vpn-netns-wrapper in venv

When neutron is installed inside venv, neutron-vpn-netns-wrapper is placed inside venv as well. Currently vpn creation will fail due to missing wrapper inside $PATH. So we should respect venvs and launch neutron-vpn-netns-wrapper from the venv when applicable. Closes-Bug: 1848201 Change-Id: I9c50bfc2cefdd97c6d54e8bfabe97748c8dfce13
2019-10-11 13:26:52 +03:00 · 2019-10-11 13:26:52 +03:00 · e0fb6700b1
commit e0fb6700b1
parent 6188fcf580
3 changed files with 19 additions and 6 deletions
--- a/neutron_vpnaas/services/vpn/device_drivers/ipsec.py
+++ b/neutron_vpnaas/services/vpn/device_drivers/ipsec.py
@ -20,6 +20,7 @@ import os
 import re
 import shutil
 import socket
+import sys

 import eventlet
 import jinja2
@ -175,6 +176,8 @@ class BaseSwanProcess(object, metaclass=abc.ABCMeta):
        "v1": "never"
    }

+    NS_WRAPPER = 'neutron-vpn-netns-wrapper'
+
    STATUS_DICT = {
        'erouted': constants.ACTIVE,
        'unrouted': constants.DOWN
@ -234,6 +237,18 @@ class BaseSwanProcess(object, metaclass=abc.ABCMeta):
            psk = encodeutils.safe_decode(encoded_psk, incoming='utf_8')
            ipsec_site_conn['psk'] = PSK_BASE64_PREFIX + psk

+    def get_ns_wrapper(self):
+        """
+        Check if we're inside a virtualenv. If we are, then we should
+        respect this and launch wrapper from venv as well.
+        """
+        if (hasattr(sys, 'real_prefix') or
+            (hasattr(sys, 'base_prefix') and sys.base_prefix != sys.prefix)):
+            ns_wrapper = os.path.join(sys.prefix, "bin/", self.NS_WRAPPER)
+        else:
+            ns_wrapper = self.NS_WRAPPER
+        return ns_wrapper
+
    def update_vpnservice(self, vpnservice):
        self.vpnservice = vpnservice
        self.translate_dialect()
--- a/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py
+++ b/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py
@ -19,8 +19,6 @@ from neutron.agent.linux import ip_lib

 from neutron_vpnaas.services.vpn.device_drivers import ipsec

-NS_WRAPPER = 'neutron-vpn-netns-wrapper'
-

 class LibreSwanProcess(ipsec.OpenSwanProcess):
    """Libreswan Process manager class.
@ -45,8 +43,9 @@ class LibreSwanProcess(ipsec.OpenSwanProcess):
        mount_paths_str = ','.join(
            "%s:%s" % (source, target)
            for source, target in mount_paths.items())
+        ns_wrapper = self.get_ns_wrapper()
        return ip_wrapper.netns.execute(
-            [NS_WRAPPER,
+            [ns_wrapper,
             '--mount_paths=%s' % mount_paths_str,
             ('--rootwrap_config=%s' % self._rootwrap_cfg
                 if self._rootwrap_cfg else ''),
--- a/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py
+++ b/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py
@ -57,8 +57,6 @@ strongswan_opts = [
 ]
 cfg.CONF.register_opts(strongswan_opts, 'strongswan')

-NS_WRAPPER = 'neutron-vpn-netns-wrapper'
-

 class StrongSwanProcess(ipsec.BaseSwanProcess):

@ -112,8 +110,9 @@ class StrongSwanProcess(ipsec.BaseSwanProcess):
        The namespace wrapper will bind /etc/ and /var/run
        """
        ip_wrapper = ip_lib.IPWrapper(namespace=self.namespace)
+        ns_wrapper = self.get_ns_wrapper()
        return ip_wrapper.netns.execute(
-            [NS_WRAPPER,
+            [ns_wrapper,
             '--mount_paths=/etc:%s/etc,%s:%s/var/run' % (
                 self.config_dir, self._strongswan_piddir, self.config_dir),
             ('--rootwrap_config=%s' % self._rootwrap_cfg