openstack/neutron-vpnaas
Code Issues Proposed changes

Run neutron-vpn-netns-wrapper in venv

Browse Source 
When neutron is installed inside venv, neutron-vpn-netns-wrapper
is placed inside venv as well. Currently vpn creation will fail due to
missing wrapper inside $PATH. So we should respect venvs and launch
neutron-vpn-netns-wrapper from the venv when applicable.

Closes-Bug: 1848201
Change-Id: I9c50bfc2cefdd97c6d54e8bfabe97748c8dfce13
This commit is contained in:
Dmitriy Rabotyagov 2019-10-11 13:26:52 +03:00 committed by Dongcan Ye
parent 6188fcf580
commit e0fb6700b1
3 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
neutron_vpnaas/services/vpn/device_drivers/ipsec.py
View File

@ -20,6 +20,7 @@ import os
import re import re
import shutil import shutil
import socket import socket
import sys
import eventlet import eventlet
import jinja2 import jinja2
@ -175,6 +176,8 @@ class BaseSwanProcess(object, metaclass=abc.ABCMeta):
"v1": "never" "v1": "never"
} }
NS_WRAPPER = 'neutron-vpn-netns-wrapper'
STATUS_DICT = { STATUS_DICT = {
'erouted': constants.ACTIVE, 'erouted': constants.ACTIVE,
'unrouted': constants.DOWN 'unrouted': constants.DOWN
@ -234,6 +237,18 @@ class BaseSwanProcess(object, metaclass=abc.ABCMeta):
psk = encodeutils.safe_decode(encoded_psk, incoming='utf_8') psk = encodeutils.safe_decode(encoded_psk, incoming='utf_8')
ipsec_site_conn['psk'] = PSK_BASE64_PREFIX + psk ipsec_site_conn['psk'] = PSK_BASE64_PREFIX + psk
def get_ns_wrapper(self):
"""
Check if we're inside a virtualenv. If we are, then we should
respect this and launch wrapper from venv as well.
"""
if (hasattr(sys, 'real_prefix') or
(hasattr(sys, 'base_prefix') and sys.base_prefix != sys.prefix)):
ns_wrapper = os.path.join(sys.prefix, "bin/", self.NS_WRAPPER)
else:
ns_wrapper = self.NS_WRAPPER
return ns_wrapper
def update_vpnservice(self, vpnservice): def update_vpnservice(self, vpnservice):
self.vpnservice = vpnservice self.vpnservice = vpnservice
self.translate_dialect() self.translate_dialect()

5
neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py
View File

@ -19,8 +19,6 @@ from neutron.agent.linux import ip_lib
from neutron_vpnaas.services.vpn.device_drivers import ipsec from neutron_vpnaas.services.vpn.device_drivers import ipsec
NS_WRAPPER = 'neutron-vpn-netns-wrapper'
class LibreSwanProcess(ipsec.OpenSwanProcess): class LibreSwanProcess(ipsec.OpenSwanProcess):
"""Libreswan Process manager class. """Libreswan Process manager class.
@ -45,8 +43,9 @@ class LibreSwanProcess(ipsec.OpenSwanProcess):
mount_paths_str = ','.join( mount_paths_str = ','.join(
"%s:%s" % (source, target) "%s:%s" % (source, target)
for source, target in mount_paths.items()) for source, target in mount_paths.items())
ns_wrapper = self.get_ns_wrapper()
return ip_wrapper.netns.execute( return ip_wrapper.netns.execute(
[NS_WRAPPER, [ns_wrapper,
'--mount_paths=%s' % mount_paths_str, '--mount_paths=%s' % mount_paths_str,
('--rootwrap_config=%s' % self._rootwrap_cfg ('--rootwrap_config=%s' % self._rootwrap_cfg
if self._rootwrap_cfg else ''), if self._rootwrap_cfg else ''),

5
neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py
View File

@ -57,8 +57,6 @@ strongswan_opts = [
] ]
cfg.CONF.register_opts(strongswan_opts, 'strongswan') cfg.CONF.register_opts(strongswan_opts, 'strongswan')
NS_WRAPPER = 'neutron-vpn-netns-wrapper'
class StrongSwanProcess(ipsec.BaseSwanProcess): class StrongSwanProcess(ipsec.BaseSwanProcess):
@ -112,8 +110,9 @@ class StrongSwanProcess(ipsec.BaseSwanProcess):
The namespace wrapper will bind /etc/ and /var/run The namespace wrapper will bind /etc/ and /var/run
""" """
ip_wrapper = ip_lib.IPWrapper(namespace=self.namespace) ip_wrapper = ip_lib.IPWrapper(namespace=self.namespace)
ns_wrapper = self.get_ns_wrapper()
return ip_wrapper.netns.execute( return ip_wrapper.netns.execute(
[NS_WRAPPER, [ns_wrapper,
'--mount_paths=/etc:%s/etc,%s:%s/var/run' % ( '--mount_paths=/etc:%s/etc,%s:%s/var/run' % (
self.config_dir, self._strongswan_piddir, self.config_dir), self.config_dir, self._strongswan_piddir, self.config_dir),
('--rootwrap_config=%s' % self._rootwrap_cfg ('--rootwrap_config=%s' % self._rootwrap_cfg