From d82366fe015c6be91d12f3b94fb65f9a03189109 Mon Sep 17 00:00:00 2001 From: Hong Hui Xiao Date: Thu, 2 Apr 2015 08:24:35 -0700 Subject: [PATCH] Always run dnsmasq as root Regarding https://review.openstack.org/#/c/145829/ The old code of DnsMasq will always get root_helper from neutron.agent.dhcp.agent. However, new code will only set run_as_root when namespace is used. That will cause permission error when namespace is disabled and dnsmasq need to be started. Change-Id: Ib00d6e54dba44dbbbec158b9e0518e6e42baceec Closes-Bug: #1428007 --- neutron/agent/linux/dhcp.py | 5 +++-- neutron/agent/linux/external_process.py | 6 ++++-- neutron/agent/linux/ip_lib.py | 4 ++-- neutron/tests/unit/agent/metadata/test_driver.py | 3 ++- neutron/tests/unit/test_linux_external_process.py | 7 ++++--- neutron/tests/unit/test_linux_ip_lib.py | 3 ++- 6 files changed, 17 insertions(+), 11 deletions(-) diff --git a/neutron/agent/linux/dhcp.py b/neutron/agent/linux/dhcp.py index 0e30f704618..55509cb84b2 100644 --- a/neutron/agent/linux/dhcp.py +++ b/neutron/agent/linux/dhcp.py @@ -208,7 +208,8 @@ class DhcpLocalProcess(DhcpBase): uuid=self.network.id, namespace=self.network.namespace, default_cmd_callback=cmd_callback, - pid_file=self.get_conf_file_name('pid')) + pid_file=self.get_conf_file_name('pid'), + run_as_root=True) def disable(self, retain_port=False): """Disable DHCP for this network by killing the local process.""" @@ -402,7 +403,7 @@ class Dnsmasq(DhcpLocalProcess): """Release a DHCP lease.""" cmd = ['dhcp_release', self.interface_name, ip, mac_address] ip_wrapper = ip_lib.IPWrapper(namespace=self.network.namespace) - ip_wrapper.netns.execute(cmd) + ip_wrapper.netns.execute(cmd, run_as_root=True) def _output_config_files(self): self._output_hosts_file() diff --git a/neutron/agent/linux/external_process.py b/neutron/agent/linux/external_process.py index 0dff4efa88a..f3ac93a7f09 100644 --- a/neutron/agent/linux/external_process.py +++ b/neutron/agent/linux/external_process.py @@ -60,7 +60,7 @@ class ProcessManager(MonitoredProcess): """ def __init__(self, conf, uuid, namespace=None, service=None, pids_path=None, default_cmd_callback=None, - cmd_addl_env=None, pid_file=None): + cmd_addl_env=None, pid_file=None, run_as_root=False): self.conf = conf self.uuid = uuid @@ -69,6 +69,7 @@ class ProcessManager(MonitoredProcess): self.cmd_addl_env = cmd_addl_env self.pids_path = pids_path or self.conf.external_pids self.pid_file = pid_file + self.run_as_root = run_as_root if service: self.service_pid_fname = 'pid.' + service @@ -86,7 +87,8 @@ class ProcessManager(MonitoredProcess): cmd = cmd_callback(self.get_pid_file_name()) ip_wrapper = ip_lib.IPWrapper(namespace=self.namespace) - ip_wrapper.netns.execute(cmd, addl_env=self.cmd_addl_env) + ip_wrapper.netns.execute(cmd, addl_env=self.cmd_addl_env, + run_as_root=self.run_as_root) elif reload_cfg: self.reload_cfg() diff --git a/neutron/agent/linux/ip_lib.py b/neutron/agent/linux/ip_lib.py index 330ea3dd650..1da4eb7c49f 100644 --- a/neutron/agent/linux/ip_lib.py +++ b/neutron/agent/linux/ip_lib.py @@ -559,9 +559,9 @@ class IpNetnsCommand(IpCommandBase): self._as_root([], ('delete', name), use_root_namespace=True) def execute(self, cmds, addl_env=None, check_exit_code=True, - extra_ok_codes=None): + extra_ok_codes=None, run_as_root=False): ns_params = [] - kwargs = {} + kwargs = {'run_as_root': run_as_root} if self._parent.namespace: kwargs['run_as_root'] = True ns_params = ['ip', 'netns', 'exec', self._parent.namespace] diff --git a/neutron/tests/unit/agent/metadata/test_driver.py b/neutron/tests/unit/agent/metadata/test_driver.py index 10cbc6d6786..864c1e9a94f 100644 --- a/neutron/tests/unit/agent/metadata/test_driver.py +++ b/neutron/tests/unit/agent/metadata/test_driver.py @@ -125,7 +125,8 @@ class TestMetadataDriverProcess(base.BaseTestCase): '--metadata_proxy_watch_log=false') ip_mock.assert_has_calls([ mock.call(namespace=router_ns), - mock.call().netns.execute(netns_execute_args, addl_env=None) + mock.call().netns.execute(netns_execute_args, addl_env=None, + run_as_root=False) ]) def test_spawn_metadata_proxy_with_agent_user(self): diff --git a/neutron/tests/unit/test_linux_external_process.py b/neutron/tests/unit/test_linux_external_process.py index c2dd542207e..99cd7d8f2f2 100644 --- a/neutron/tests/unit/test_linux_external_process.py +++ b/neutron/tests/unit/test_linux_external_process.py @@ -52,7 +52,8 @@ class TestProcessManager(base.BaseTestCase): callback.assert_called_once_with('pidfile') self.execute.assert_called_once_with(['the', 'cmd'], check_exit_code=True, - extra_ok_codes=None) + extra_ok_codes=None, + run_as_root=False) def test_enable_with_namespace(self): callback = mock.Mock() @@ -69,8 +70,8 @@ class TestProcessManager(base.BaseTestCase): callback.assert_called_once_with('pidfile') ip_lib.assert_has_calls([ mock.call.IPWrapper(namespace='ns'), - mock.call.IPWrapper().netns.execute(['the', 'cmd'], - addl_env=None)]) + mock.call.IPWrapper().netns.execute( + ['the', 'cmd'], addl_env=None, run_as_root=False)]) def test_enable_with_namespace_process_active(self): callback = mock.Mock() diff --git a/neutron/tests/unit/test_linux_ip_lib.py b/neutron/tests/unit/test_linux_ip_lib.py index 0ef1b88f7f7..80202ac8330 100644 --- a/neutron/tests/unit/test_linux_ip_lib.py +++ b/neutron/tests/unit/test_linux_ip_lib.py @@ -927,7 +927,8 @@ class TestIpNetnsCommand(TestIPCmdBase): self.netns_cmd.execute(['test']) execute.assert_called_once_with(['test'], check_exit_code=True, - extra_ok_codes=None) + extra_ok_codes=None, + run_as_root=False) class TestDeviceExists(base.BaseTestCase):