diff --git a/neutron_vpnaas/services/vpn/device_drivers/ipsec.py b/neutron_vpnaas/services/vpn/device_drivers/ipsec.py index 84a861269..4656186da 100644 --- a/neutron_vpnaas/services/vpn/device_drivers/ipsec.py +++ b/neutron_vpnaas/services/vpn/device_drivers/ipsec.py @@ -20,6 +20,7 @@ import os import re import shutil import socket +import sys import eventlet import jinja2 @@ -175,6 +176,8 @@ class BaseSwanProcess(object, metaclass=abc.ABCMeta): "v1": "never" } + NS_WRAPPER = 'neutron-vpn-netns-wrapper' + STATUS_DICT = { 'erouted': constants.ACTIVE, 'unrouted': constants.DOWN @@ -234,6 +237,18 @@ class BaseSwanProcess(object, metaclass=abc.ABCMeta): psk = encodeutils.safe_decode(encoded_psk, incoming='utf_8') ipsec_site_conn['psk'] = PSK_BASE64_PREFIX + psk + def get_ns_wrapper(self): + """ + Check if we're inside a virtualenv. If we are, then we should + respect this and launch wrapper from venv as well. + """ + if (hasattr(sys, 'real_prefix') or + (hasattr(sys, 'base_prefix') and sys.base_prefix != sys.prefix)): + ns_wrapper = os.path.join(sys.prefix, "bin/", self.NS_WRAPPER) + else: + ns_wrapper = self.NS_WRAPPER + return ns_wrapper + def update_vpnservice(self, vpnservice): self.vpnservice = vpnservice self.translate_dialect() diff --git a/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py b/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py index 530f505b5..90731f7a4 100644 --- a/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py +++ b/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py @@ -19,8 +19,6 @@ from neutron.agent.linux import ip_lib from neutron_vpnaas.services.vpn.device_drivers import ipsec -NS_WRAPPER = 'neutron-vpn-netns-wrapper' - class LibreSwanProcess(ipsec.OpenSwanProcess): """Libreswan Process manager class. @@ -45,8 +43,9 @@ class LibreSwanProcess(ipsec.OpenSwanProcess): mount_paths_str = ','.join( "%s:%s" % (source, target) for source, target in mount_paths.items()) + ns_wrapper = self.get_ns_wrapper() return ip_wrapper.netns.execute( - [NS_WRAPPER, + [ns_wrapper, '--mount_paths=%s' % mount_paths_str, ('--rootwrap_config=%s' % self._rootwrap_cfg if self._rootwrap_cfg else ''), diff --git a/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py b/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py index 45cdf6b89..9deb80477 100644 --- a/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py +++ b/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py @@ -57,8 +57,6 @@ strongswan_opts = [ ] cfg.CONF.register_opts(strongswan_opts, 'strongswan') -NS_WRAPPER = 'neutron-vpn-netns-wrapper' - class StrongSwanProcess(ipsec.BaseSwanProcess): @@ -112,8 +110,9 @@ class StrongSwanProcess(ipsec.BaseSwanProcess): The namespace wrapper will bind /etc/ and /var/run """ ip_wrapper = ip_lib.IPWrapper(namespace=self.namespace) + ns_wrapper = self.get_ns_wrapper() return ip_wrapper.netns.execute( - [NS_WRAPPER, + [ns_wrapper, '--mount_paths=/etc:%s/etc,%s:%s/var/run' % ( self.config_dir, self._strongswan_piddir, self.config_dir), ('--rootwrap_config=%s' % self._rootwrap_cfg