Browse Source

Rename Quantum to Neutron

This change renames everything to Neutron while providing backwards
compatible adjustments for Grizzly configuration files.

implements blueprint: remove-use-of-quantum

Change-Id: Ie7d07ba7c89857e13d4ddc8f0e9b68de020a3d19
changes/71/35671/8
Mark McClain 8 years ago
parent
commit
ee3fe4e836
  1. 5
      .bzrignore
  2. 3
      .gitignore
  3. 3
      .pylintrc
  4. 2
      .testr.conf
  5. 30
      HACKING.rst
  6. 10
      MANIFEST.in
  7. 16
      README.rst
  8. 12
      TESTING
  9. 20
      bin/neutron-dhcp-agent-dnsmasq-lease-update
  10. 133
      bin/neutron-rootwrap
  11. 2
      bin/quantum-check-nvp-config
  12. 2
      bin/quantum-db-manage
  13. 2
      bin/quantum-debug
  14. 2
      bin/quantum-dhcp-agent
  15. 2
      bin/quantum-dhcp-agent-dnsmasq-lease-update
  16. 2
      bin/quantum-hyperv-agent
  17. 2
      bin/quantum-l3-agent
  18. 2
      bin/quantum-lbaas-agent
  19. 2
      bin/quantum-linuxbridge-agent
  20. 2
      bin/quantum-metadata-agent
  21. 2
      bin/quantum-mlnx-agent
  22. 2
      bin/quantum-nec-agent
  23. 2
      bin/quantum-netns-cleanup
  24. 2
      bin/quantum-ns-metadata-proxy
  25. 2
      bin/quantum-openvswitch-agent
  26. 2
      bin/quantum-ovs-cleanup
  27. 22
      bin/quantum-rootwrap
  28. 14
      bin/quantum-rpc-zmq-receiver
  29. 2
      bin/quantum-ryu-agent
  30. 2
      bin/quantum-server
  31. 12
      bin/quantum-usage-audit
  32. 16
      doc/pom.xml
  33. 22
      doc/source/conf.py
  34. 2
      doc/source/devref/common.rst
  35. 4
      doc/source/devref/index.rst
  36. 4
      doc/source/devref/plugin-api.rst
  37. 20
      doc/source/index.rst
  38. 75
      doc/source/man/neutron-server.rst
  39. 75
      doc/source/man/quantum-server.rst
  40. 26
      etc/api-paste.ini
  41. 10
      etc/dhcp_agent.ini
  42. 0
      etc/init.d/neutron-server
  43. 10
      etc/l3_agent.ini
  44. 8
      etc/lbaas_agent.ini
  45. 6
      etc/metadata_agent.ini
  46. 0
      etc/neutron.conf
  47. 0
      etc/neutron/plugins/bigswitch/restproxy.ini
  48. 0
      etc/neutron/plugins/brocade/brocade.ini
  49. 0
      etc/neutron/plugins/cisco/cisco_plugins.ini
  50. 0
      etc/neutron/plugins/hyperv/hyperv_neutron_plugin.ini
  51. 0
      etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
  52. 0
      etc/neutron/plugins/metaplugin/metaplugin.ini
  53. 0
      etc/neutron/plugins/midonet/midonet.ini
  54. 0
      etc/neutron/plugins/ml2/ml2_conf.ini
  55. 0
      etc/neutron/plugins/mlnx/mlnx_conf.ini
  56. 0
      etc/neutron/plugins/nec/nec.ini
  57. 0
      etc/neutron/plugins/nicira/nvp.ini
  58. 0
      etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
  59. 0
      etc/neutron/plugins/plumgrid/plumgrid.ini
  60. 0
      etc/neutron/plugins/ryu/ryu.ini
  61. 14
      etc/neutron/rootwrap.d/debug.filters
  62. 40
      etc/neutron/rootwrap.d/dhcp.filters
  63. 21
      etc/neutron/rootwrap.d/iptables-firewall.filters
  64. 41
      etc/neutron/rootwrap.d/l3.filters
  65. 24
      etc/neutron/rootwrap.d/lbaas-haproxy.filters
  66. 18
      etc/neutron/rootwrap.d/linuxbridge-plugin.filters
  67. 12
      etc/neutron/rootwrap.d/nec-plugin.filters
  68. 20
      etc/neutron/rootwrap.d/openvswitch-plugin.filters
  69. 21
      etc/neutron/rootwrap.d/ryu-plugin.filters
  70. 1
      etc/quantum
  71. 14
      etc/quantum/rootwrap.d/debug.filters
  72. 38
      etc/quantum/rootwrap.d/dhcp.filters
  73. 21
      etc/quantum/rootwrap.d/iptables-firewall.filters
  74. 39
      etc/quantum/rootwrap.d/l3.filters
  75. 24
      etc/quantum/rootwrap.d/lbaas-haproxy.filters
  76. 18
      etc/quantum/rootwrap.d/linuxbridge-plugin.filters
  77. 12
      etc/quantum/rootwrap.d/nec-plugin.filters
  78. 20
      etc/quantum/rootwrap.d/openvswitch-plugin.filters
  79. 21
      etc/quantum/rootwrap.d/ryu-plugin.filters
  80. 21
      neutron/__init__.py
  81. 0
      neutron/agent/__init__.py
  82. 0
      neutron/agent/common/__init__.py
  83. 99
      neutron/agent/common/config.py
  84. 806
      neutron/agent/dhcp_agent.py
  85. 0
      neutron/agent/firewall.py
  86. 793
      neutron/agent/l3_agent.py
  87. 0
      neutron/agent/linux/__init__.py
  88. 149
      neutron/agent/linux/daemon.py
  89. 463
      neutron/agent/linux/dhcp.py
  90. 107
      neutron/agent/linux/external_process.py
  91. 385
      neutron/agent/linux/interface.py
  92. 447
      neutron/agent/linux/ip_lib.py
  93. 315
      neutron/agent/linux/iptables_firewall.py
  94. 394
      neutron/agent/linux/iptables_manager.py
  95. 352
      neutron/agent/linux/ovs_lib.py
  96. 91
      neutron/agent/linux/utils.py
  97. 0
      neutron/agent/metadata/__init__.py
  98. 240
      neutron/agent/metadata/agent.py
  99. 175
      neutron/agent/metadata/namespace_proxy.py
  100. 183
      neutron/agent/netns_cleanup_util.py

5
.bzrignore

@ -3,10 +3,15 @@ quantum.egg-info
quantum_tests.sqlite
quantum.sqlite
*.quantum-venv
neutron.egg-info
neutron_tests.sqlite
neutron.sqlite
*.neutron-venv
.venv
dist/
ChangeLog
*.pid
*.log
neutron/vcsversion.py
quantum/vcsversion.py
.ropeproject

3
.gitignore

@ -8,6 +8,9 @@ dist/
doc/build
*.DS_Store
*.pyc
neutron.egg-info/
neutron/vcsversion.py
neutron/versioninfo
quantum.egg-info/
quantum/vcsversion.py
quantum/versioninfo

3
.pylintrc

@ -23,7 +23,8 @@ argument-rgx=[a-z_][a-z0-9_]{1,30}$
# and be lowecased with underscores
method-rgx=([a-z_][a-z0-9_]{2,50}|setUp|tearDown)$
# Module names matching quantum-* are ok (files in bin/)
# Module names matching neutron-* are ok (files in bin/)
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|(neutron-[a-z0-9_-]+))$
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|(quantum-[a-z0-9_-]+))$
# Don't require docstrings on tests.

2
.testr.conf

@ -1,4 +1,4 @@
[DEFAULT]
test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 ${PYTHON:-python} -m subunit.run discover -t ./ quantum/tests/unit $LISTOPT $IDOPTION
test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 ${PYTHON:-python} -m subunit.run discover -t ./ neutron/tests/unit $LISTOPT $IDOPTION
test_id_option=--load-list $IDFILE
test_list_option=--list

30
HACKING.rst

@ -1,4 +1,4 @@
Quantum Style Commandments
Neutron Style Commandments
==========================
- Step 1: Read http://www.python.org/dev/peps/pep-0008/
@ -35,13 +35,13 @@ Example::
The following imports,
from quantum.api import networks
from quantum import wsgi
from neutron.api import networks
from neutron import wsgi
are considered equivalent for ordering purposes to
import quantum.api.networks
import quantum.wsgi
import neutron.api.networks
import neutron.wsgi
- Organize your imports according to the following template
@ -52,7 +52,7 @@ Example::
\n
{{third-party lib imports in human alphabetical order}}
\n
{{quantum imports in human alphabetical order}}
{{neutron imports in human alphabetical order}}
\n
\n
{{begin your code}}
@ -71,13 +71,13 @@ Example::
import testtools
import webob.exc
import quantum.api.networks
from quantum.api import ports
from quantum.db import models
from quantum.extensions import multiport
from quantum.openstack.common import log as logging
import quantum.manager
from quantum import service
import neutron.api.networks
from neutron.api import ports
from neutron.db import models
from neutron.extensions import multiport
from neutron.openstack.common import log as logging
import neutron.manager
from neutron import service
Docstrings
@ -202,8 +202,8 @@ submitted bug fix does have a unit test, be sure to add a new one that fails
without the patch and passes with the patch.
All unittest classes must ultimately inherit from testtools.TestCase. In the
Quantum test suite, this should be done by inheriting from
quantum.tests.base.BaseTestCase.
Neutron test suite, this should be done by inheriting from
neutron.tests.base.BaseTestCase.
All setUp and tearDown methods must upcall using the super() method.
tearDown methods should be avoided and addCleanup calls should be preferred.

10
MANIFEST.in

@ -2,11 +2,11 @@ include AUTHORS
include README.rst
include ChangeLog
include LICENSE
include quantum/db/migration/README
include quantum/db/migration/alembic.ini
include quantum/db/migration/alembic_migrations/script.py.mako
include quantum/db/migration/alembic_migrations/versions/README
recursive-include quantum/locale *
include neutron/db/migration/README
include neutron/db/migration/alembic.ini
include neutron/db/migration/alembic_migrations/script.py.mako
include neutron/db/migration/alembic_migrations/versions/README
recursive-include neutron/locale *
exclude .gitignore
exclude .gitreview

16
README.rst

@ -1,25 +1,25 @@
# -- Welcome!
You have come across a cloud computing network fabric controller. It has
identified itself as "Quantum." It aims to tame your (cloud) networking!
identified itself as "Neutron." It aims to tame your (cloud) networking!
# -- External Resources:
The homepage for Quantum is: http://launchpad.net/quantum . Use this
The homepage for Neutron is: http://launchpad.net/neutron . Use this
site for asking for help, and filing bugs. Code is available on github at
<http://github.com/openstack/quantum>.
<http://github.com/openstack/neutron>.
The latest and most in-depth documentation on how to use Quantum is
The latest and most in-depth documentation on how to use Neutron is
available at: <http://docs.openstack.org>. This includes:
Quantum Administrator Guide
Neutron Administrator Guide
http://docs.openstack.org/trunk/openstack-network/admin/content/
Quantum API Reference:
Neutron API Reference:
http://docs.openstack.org/api/openstack-network/2.0/content/
The start of some developer documentation is available at:
http://wiki.openstack.org/QuantumDevelopment
http://wiki.openstack.org/NeutronDevelopment
For help using or hacking on Quantum, you can send mail to
For help using or hacking on Neutron, you can send mail to
<mailto:openstack-dev@lists.openstack.org>.

12
TESTING

@ -1,11 +1,11 @@
Testing Quantum
Testing Neutron
=============================================================
Overview
The unit tests are meant to cover as much code as possible and should
be executed without the service running. They are designed to test
the various pieces of the quantum tree to make sure any new changes
the various pieces of the neutron tree to make sure any new changes
don't break existing functionality.
Running tests
@ -30,17 +30,17 @@ Running individual tests
class separating it from the module path with a colon.
For example, the following would run only the JSONV2TestCase tests from
quantum/tests/unit/test_api_v2.py:
neutron/tests/unit/test_api_v2.py:
$ ./run_tests.sh quantum.tests.unit.test_api_v2:JSONV2TestCase
$ ./run_tests.sh neutron.tests.unit.test_api_v2:JSONV2TestCase
or
$ ./tox quantum.tests.unit.test_api_v2:JSONV2TestCase
$ ./tox neutron.tests.unit.test_api_v2:JSONV2TestCase
Adding more tests
Quantum has a fast growing code base and there is plenty of areas that
Neutron has a fast growing code base and there is plenty of areas that
need to be covered by unit tests.
To get a grasp of the areas where unit tests are needed, you can check

20
bin/neutron-dhcp-agent-dnsmasq-lease-update

@ -0,0 +1,20 @@
#!/usr/bin/env python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright (c) 2012 OpenStack Foundation.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron.agent.linux import dhcp
dhcp.Dnsmasq.lease_update()

133
bin/neutron-rootwrap

@ -0,0 +1,133 @@
#!/usr/bin/env python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright (c) 2012 OpenStack Foundation.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Root wrapper for Neutron
Filters which commands neutron is allowed to run as another user.
To use this, you should set the following in neutron.conf and the
various .ini files for the agent plugins:
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
You also need to let the neutron user run neutron-rootwrap as root in
/etc/sudoers:
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap
/etc/neutron/rootwrap.conf *
Filter specs live in /etc/neutron/rootwrap.d/*.filters, or
other locations pointed to by /etc/neutron/rootwrap.conf.
To make allowed commands node-specific, your packaging should only
install apropriate .filters for commands which are needed on each
node.
"""
from __future__ import print_function
import ConfigParser
import logging
import os
import pwd
import signal
import subprocess
import sys
RC_UNAUTHORIZED = 99
RC_NOCOMMAND = 98
RC_BADCONFIG = 97
RC_NOEXECFOUND = 96
def _subprocess_setup():
# Python installs a SIGPIPE handler by default. This is usually not what
# non-Python subprocesses expect.
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
def _exit_error(execname, message, errorcode, log=True):
print("%s: %s" % (execname, message))
if log:
logging.error(message)
sys.exit(errorcode)
if __name__ == '__main__':
# Split arguments, require at least a command
execname = sys.argv.pop(0)
if len(sys.argv) < 2:
_exit_error(execname, "No command specified", RC_NOCOMMAND, log=False)
configfile = sys.argv.pop(0)
userargs = sys.argv[:]
# Add ../ to sys.path to allow running from branch
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(execname),
os.pardir, os.pardir))
if os.path.exists(os.path.join(possible_topdir, "neutron", "__init__.py")):
sys.path.insert(0, possible_topdir)
from neutron.rootwrap import wrapper
# Load configuration
try:
rawconfig = ConfigParser.RawConfigParser()
rawconfig.read(configfile)
config = wrapper.RootwrapConfig(rawconfig)
except ValueError as exc:
msg = "Incorrect value in %s: %s" % (configfile, exc.message)
_exit_error(execname, msg, RC_BADCONFIG, log=False)
except ConfigParser.Error:
_exit_error(execname, "Incorrect configuration file: %s" % configfile,
RC_BADCONFIG, log=False)
if config.use_syslog:
wrapper.setup_syslog(execname,
config.syslog_log_facility,
config.syslog_log_level)
# Execute command if it matches any of the loaded filters
filters = wrapper.load_filters(config.filters_path)
try:
filtermatch = wrapper.match_filter(filters, userargs,
exec_dirs=config.exec_dirs)
if filtermatch:
command = filtermatch.get_command(userargs,
exec_dirs=config.exec_dirs)
if config.use_syslog:
logging.info("(%s > %s) Executing %s (filter match = %s)" % (
os.getlogin(), pwd.getpwuid(os.getuid())[0],
command, filtermatch.name))
obj = subprocess.Popen(command,
stdin=sys.stdin,
stdout=sys.stdout,
stderr=sys.stderr,
preexec_fn=_subprocess_setup,
env=filtermatch.get_environment(userargs))
obj.wait()
sys.exit(obj.returncode)
except wrapper.FilterMatchNotExecutable as exc:
msg = ("Executable not found: %s (filter match = %s)"
% (exc.match.exec_path, exc.match.name))
_exit_error(execname, msg, RC_NOEXECFOUND, log=config.use_syslog)
except wrapper.NoFilterMatched:
msg = ("Unauthorized command: %s (no filter matched)"
% ' '.join(userargs))
_exit_error(execname, msg, RC_UNAUTHORIZED, log=config.use_syslog)

2
bin/quantum-check-nvp-config

@ -23,7 +23,7 @@ import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.plugins.nicira.check_nvp_config import main
from neutron.plugins.nicira.check_nvp_config import main
main(sys.argv)

2
bin/quantum-db-manage

@ -20,7 +20,7 @@ import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.db.migration.cli import main
from neutron.db.migration.cli import main
main()

2
bin/quantum-debug

@ -16,5 +16,5 @@
# License for the specific language governing permissions and limitations
# under the License.
from quantum.debug.shell import main
from neutron.debug.shell import main
main()

2
bin/quantum-dhcp-agent

@ -16,5 +16,5 @@
# License for the specific language governing permissions and limitations
# under the License.
from quantum.agent.dhcp_agent import main
from neutron.agent.dhcp_agent import main
main()

2
bin/quantum-dhcp-agent-dnsmasq-lease-update

@ -16,5 +16,5 @@
# License for the specific language governing permissions and limitations
# under the License.
from quantum.agent.linux import dhcp
from neutron.agent.linux import dhcp
dhcp.Dnsmasq.lease_update()

2
bin/quantum-hyperv-agent

@ -20,7 +20,7 @@ import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.plugins.hyperv.agent.hyperv_quantum_agent import main
from neutron.plugins.hyperv.agent.hyperv_neutron_agent import main
main()

2
bin/quantum-l3-agent

@ -16,5 +16,5 @@
# License for the specific language governing permissions and limitations
# under the License.
from quantum.agent.l3_agent import main
from neutron.agent.l3_agent import main
main()

2
bin/quantum-lbaas-agent

@ -20,7 +20,7 @@ import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.services.loadbalancer.drivers.haproxy.agent import main
from neutron.services.loadbalancer.drivers.haproxy.agent import main
main()

2
bin/quantum-linuxbridge-agent

@ -19,6 +19,6 @@
import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.plugins.linuxbridge.agent.linuxbridge_quantum_agent import main
from neutron.plugins.linuxbridge.agent.linuxbridge_neutron_agent import main
main()

2
bin/quantum-metadata-agent

@ -16,5 +16,5 @@
# License for the specific language governing permissions and limitations
# under the License.
from quantum.agent.metadata.agent import main
from neutron.agent.metadata.agent import main
main()

2
bin/quantum-mlnx-agent

@ -19,7 +19,7 @@ import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.plugins.mlnx.agent.eswitch_quantum_agent import main
from neutron.plugins.mlnx.agent.eswitch_neutron_agent import main
main()

2
bin/quantum-nec-agent

@ -19,6 +19,6 @@
import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.plugins.nec.agent.nec_quantum_agent import main
from neutron.plugins.nec.agent.nec_neutron_agent import main
main()

2
bin/quantum-netns-cleanup

@ -16,5 +16,5 @@
# License for the specific language governing permissions and limitations
# under the License.
from quantum.agent.netns_cleanup_util import main
from neutron.agent.netns_cleanup_util import main
main()

2
bin/quantum-ns-metadata-proxy

@ -16,5 +16,5 @@
# License for the specific language governing permissions and limitations
# under the License.
from quantum.agent.metadata.namespace_proxy import main
from neutron.agent.metadata.namespace_proxy import main
main()

2
bin/quantum-openvswitch-agent

@ -19,6 +19,6 @@
import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.plugins.openvswitch.agent.ovs_quantum_agent import main
from neutron.plugins.openvswitch.agent.ovs_neutron_agent import main
main()

2
bin/quantum-ovs-cleanup

@ -20,7 +20,7 @@ import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.agent.ovs_cleanup_util import main
from neutron.agent.ovs_cleanup_util import main
main()

22
bin/quantum-rootwrap

@ -16,21 +16,21 @@
# License for the specific language governing permissions and limitations
# under the License.
"""Root wrapper for Quantum
"""Root wrapper for Neutron
Filters which commands quantum is allowed to run as another user.
Filters which commands neutron is allowed to run as another user.
To use this, you should set the following in quantum.conf and the
To use this, you should set the following in neutron.conf and the
various .ini files for the agent plugins:
root_helper=sudo quantum-rootwrap /etc/quantum/rootwrap.conf
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
You also need to let the quantum user run quantum-rootwrap as root in
You also need to let the neutron user run neutron-rootwrap as root in
/etc/sudoers:
quantum ALL = (root) NOPASSWD: /usr/bin/quantum-rootwrap
/etc/quantum/rootwrap.conf *
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap
/etc/neutron/rootwrap.conf *
Filter specs live in /etc/quantum/rootwrap.d/*.filters, or
other locations pointed to by /etc/quantum/rootwrap.conf.
Filter specs live in /etc/neutron/rootwrap.d/*.filters, or
other locations pointed to by /etc/neutron/rootwrap.conf.
To make allowed commands node-specific, your packaging should only
install apropriate .filters for commands which are needed on each
node.
@ -78,10 +78,10 @@ if __name__ == '__main__':
# Add ../ to sys.path to allow running from branch
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(execname),
os.pardir, os.pardir))
if os.path.exists(os.path.join(possible_topdir, "quantum", "__init__.py")):
if os.path.exists(os.path.join(possible_topdir, "neutron", "__init__.py")):
sys.path.insert(0, possible_topdir)
from quantum.rootwrap import wrapper
from neutron.rootwrap import wrapper
# Load configuration
try:

14
bin/quantum-rpc-zmq-receiver

@ -22,19 +22,19 @@ import contextlib
import os
import sys
# If ../quantum/__init__.py exists, add ../ to Python search path, so that
# If ../neutron/__init__.py exists, add ../ to Python search path, so that
# it will override what happens to be installed in /usr/(local/)lib/python...
POSSIBLE_TOPDIR = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
os.pardir,
os.pardir))
if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'quantum', '__init__.py')):
if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'neutron', '__init__.py')):
sys.path.insert(0, POSSIBLE_TOPDIR)
from oslo.config import cfg
from quantum.openstack.common import log as logging
from quantum.openstack.common import rpc
from quantum.openstack.common.rpc import impl_zmq
from neutron.openstack.common import log as logging
from neutron.openstack.common import rpc
from neutron.openstack.common.rpc import impl_zmq
CONF = cfg.CONF
CONF.register_opts(rpc.rpc_opts)
@ -42,8 +42,8 @@ CONF.register_opts(impl_zmq.zmq_opts)
def main():
CONF(sys.argv[1:], project='quantum')
logging.setup("quantum")
CONF(sys.argv[1:], project='neutron')
logging.setup("neutron")
with contextlib.closing(impl_zmq.ZmqProxy(CONF)) as reactor:
reactor.consume_in_thread()

2
bin/quantum-ryu-agent

@ -19,6 +19,6 @@
import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.plugins.ryu.agent.ryu_quantum_agent import main
from neutron.plugins.ryu.agent.ryu_neutron_agent import main
main()

2
bin/quantum-server

@ -22,6 +22,6 @@ eventlet.monkey_patch()
import os
import sys
sys.path.insert(0, os.getcwd())
from quantum.server import main as server
from neutron.server import main as server
server()

12
bin/quantum-usage-audit

@ -23,17 +23,17 @@ subnets.
from oslo.config import cfg
from quantum import context
from quantum import manager
from quantum.common import config
from quantum.openstack.common.notifier import api as notifier_api
from neutron import context
from neutron import manager
from neutron.common import config
from neutron.openstack.common.notifier import api as notifier_api
if __name__ == '__main__':
cfg.CONF(project='quantum')
cfg.CONF(project='neutron')
config.setup_logging(cfg.CONF)
context = context.get_admin_context()
plugin = manager.QuantumManager.get_plugin()
plugin = manager.NeutronManager.get_plugin()
for network in plugin.get_networks(context):
notifier_api.notify(context,
notifier_api.publisher_id('network'),

16
doc/pom.xml

@ -92,28 +92,28 @@
<sectionLabelIncludesComponentLabel>0</sectionLabelIncludesComponentLabel>
<postProcess>
<!-- Copies the figures to the correct location for webhelp -->
<copy todir="${basedir}/target/docbkx/webhelp/quantum-api-1.0/figures">
<fileset dir="${basedir}/source/docbkx/quantum-api-1.0/figures">
<copy todir="${basedir}/target/docbkx/webhelp/neutron-api-1.0/figures">
<fileset dir="${basedir}/source/docbkx/neutron-api-1.0/figures">
<include name="**/*.png" />
</fileset>
</copy>
<!-- New stuff -->
<copy
todir="${basedir}/target/docbkx/webhelp/trunk/developer/quantum-api-1.0">
todir="${basedir}/target/docbkx/webhelp/trunk/developer/neutron-api-1.0">
<fileset
dir="${basedir}/target/docbkx/webhelp/quantum-api-1.0/quantum-api-guide/">
dir="${basedir}/target/docbkx/webhelp/neutron-api-1.0/neutron-api-guide/">
<include name="**/*" />
</fileset>
</copy>
<!--Moves PDFs to the needed placement -->
<move failonerror="false"
file="${basedir}/target/docbkx/pdf/quantum-api-1.0/quantum-api-guide.pdf"
tofile="${basedir}/target/docbkx/webhelp/trunk/developer/quantum-api-1.0/quantum-api-guide-trunk.pdf"/>
file="${basedir}/target/docbkx/pdf/neutron-api-1.0/neutron-api-guide.pdf"
tofile="${basedir}/target/docbkx/webhelp/trunk/developer/neutron-api-1.0/neutron-api-guide-trunk.pdf"/>
<!--Deletes leftover uneeded directories -->
<delete
dir="${basedir}/target/docbkx/webhelp/quantum-api-1.0"/>
dir="${basedir}/target/docbkx/webhelp/neutron-api-1.0"/>
</postProcess>
</configuration>
</execution>
@ -123,7 +123,7 @@
<xincludeSupported>true</xincludeSupported>
<sourceDirectory>source/docbkx</sourceDirectory>
<includes>
quantum-api-1.0/quantum-api-guide.xml
neutron-api-1.0/neutron-api-guide.xml
</includes>
<profileSecurity>reviewer</profileSecurity>
<branding>openstack</branding>

22
doc/source/conf.py

@ -34,8 +34,8 @@ import sys
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
QUANTUM_DIR = os.path.abspath(os.path.join(BASE_DIR, "..", ".."))
sys.path.insert(0, QUANTUM_DIR)
NEUTRON_DIR = os.path.abspath(os.path.join(BASE_DIR, "..", ".."))
sys.path.insert(0, NEUTRON_DIR)
# -- General configuration ---------------------------------------------------
@ -68,7 +68,7 @@ source_suffix = '.rst'
master_doc = 'index'
# General information about the project.
project = u'Quantum'
project = u'Neutron'
copyright = u'2011-present, OpenStack Foundation.'
# The version info for the project you're documenting, acts as replacement for
@ -76,10 +76,10 @@ copyright = u'2011-present, OpenStack Foundation.'
# built documents.
#
# Version info
from quantum.version import version_info as quantum_version
release = quantum_version.release_string()
from neutron.version import version_info as neutron_version
release = neutron_version.release_string()
# The short X.Y version.
version = quantum_version.version_string()
version = neutron_version.version_string()
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
@ -116,7 +116,7 @@ show_authors = True
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
modindex_common_prefix = ['quantum.']
modindex_common_prefix = ['neutron.']
# -- Options for man page output --------------------------------------------
@ -124,7 +124,7 @@ modindex_common_prefix = ['quantum.']
# List of tuples 'sourcefile', 'target', u'title', u'Authors name', 'manual'
man_pages = [
('man/quantum-server', 'quantum-server', u'Quantum Server',
('man/neutron-server', 'neutron-server', u'Neutron Server',
[u'OpenStack'], 1)
]
@ -203,7 +203,7 @@ html_last_updated_fmt = os.popen(git_cmd).read()
#html_file_suffix = ''
# Output file base name for HTML help builder.
htmlhelp_basename = 'quantumdoc'
htmlhelp_basename = 'neutrondoc'
# -- Options for LaTeX output ------------------------------------------------
@ -218,8 +218,8 @@ htmlhelp_basename = 'quantumdoc'
# (source start file, target name, title, author,
# documentclass [howto/manual]).
latex_documents = [
('index', 'Quantum.tex', u'Quantum Documentation',
u'Quantum development team', 'manual'),
('index', 'Neutron.tex', u'Neutron Documentation',
u'Neutron development team', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of

2
doc/source/devref/common.rst

@ -19,7 +19,7 @@ Open Stack Common
=================
A number of modules used are from the openstack-common project.
The imported files are in 'quantum/openstack-common.conf'.
The imported files are in 'neutron/openstack-common.conf'.
More information can be found at `OpenStack Common`_.
.. _`OpenStack Common`: https://launchpad.net/openstack-common

4
doc/source/devref/index.rst

@ -18,6 +18,6 @@
Developer Guide
===============
The `Quantum Wiki`_ is a very good place to start.
The `Neutron Wiki`_ is a very good place to start.
.. _`Quantum wiki`: http://wiki.openstack.org/Quantum
.. _`Neutron wiki`: http://wiki.openstack.org/Neutron

4
doc/source/devref/plugin-api.rst

@ -1,7 +1,7 @@
Plugin API
==========
.. automodule:: quantum.quantum_plugin_base_v2
.. automodule:: neutron.neutron_plugin_base_v2
.. autoclass:: QuantumPluginBaseV2
.. autoclass:: NeutronPluginBaseV2
:members:

20
doc/source/index.rst

@ -14,27 +14,27 @@
License for the specific language governing permissions and limitations
under the License.
Welcome to Quantum's developer documentation!
Welcome to Neutron's developer documentation!
=============================================
Quantum is an OpenStack project to provide "network connectivity as a service"
Neutron is an OpenStack project to provide "network connectivity as a service"
between interface devices (e.g., vNICs) managed by other Openstack services
(e.g., nova). It implements the `Quantum API Guide`_.
(e.g., nova). It implements the `Neutron API Guide`_.
.. _`Quantum API Guide`: http://docs.openstack.org/incubation/openstack-network/developer/quantum-api-1.0/content/
.. _`Neutron API Guide`: http://docs.openstack.org/incubation/openstack-network/developer/quantum-api-1.0/content/
This document describes Quantum for contributors of the project, and assumes
that you are already familiar with Quantum from an `end-user perspective`_.
This document describes Neutron for contributors of the project, and assumes
that you are already familiar with Neutron from an `end-user perspective`_.
.. _`end-user perspective`: http://docs.openstack.org/trunk/openstack-network/admin/content/index.html
This documentation is generated by the Sphinx toolkit and lives in the source
tree. Additional documentation on Quantum and other components of OpenStack
can be found on the `OpenStack wiki`_. The `Quantum Development wiki`_ is a very good
tree. Additional documentation on Neutron and other components of OpenStack
can be found on the `OpenStack wiki`_. The `Neutron Development wiki`_ is a very good
place to start.
.. _`OpenStack wiki`: http://wiki.openstack.org
.. _`Quantum Development wiki`: http://wiki.openstack.org/QuantumDevelopment
.. _`Neutron Development wiki`: http://wiki.openstack.org/NeutronDevelopment
Enjoy!
@ -53,4 +53,4 @@ Man Pages
.. toctree::
man/quantum-server
man/neutron-server

75
doc/source/man/neutron-server.rst

@ -0,0 +1,75 @@
==============
neutron-server
==============
--------------
Neutron Server
--------------
:Author: openstack@lists.launchpad.net
:Date: 2012-04-05
:Copyright: OpenStack Foundation
:Version: 2012.1
:Manual section: 1
:Manual group: cloud computing
SYNOPSIS
========
neutron-server [options]
DESCRIPTION
===========
neutron-server provides a webserver that exposes the Neutron API, and
passes all webservice calls to the Neutron plugin for processing.
OPTIONS
=======
--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose Print more verbose output
-d, --debug Print debugging output
--config-file=PATH Path to the config file to use, for example,
/etc/neutron/neutron.conf. When not specified
(the default), we generally look at the first argument
specified to be a config file, and if that is also
missing, we search standard directories for a config
file. (/etc/neutron/,
/usr/lib/pythonX/site-packages/neutron/)
Logging Options:
The following configuration options are specific to logging
functionality for this program.
--log-config=PATH If this option is specified, the logging configuration
file specified is used and overrides any other logging
options specified. Please see the Python logging
module documentation for details on logging
configuration files.
--log-date-format=FORMAT
Format string for %(asctime)s in log records. Default:
%Y-%m-%d %H:%M:%S
--use-syslog Output logs to syslog.
--log-file=PATH (Optional) Name of log file to output to. If not set,
logging will go to stdout.
--log-dir=LOG_DIR (Optional) The directory to keep log files in (will be
prepended to --logfile)
FILES
========
plugins.ini file contains the plugin information
neutron.conf file contains configuration information in the form of python-gflags.
SEE ALSO
========
* `OpenStack Neutron <http://neutron.openstack.org>`__
BUGS
====
* Neutron is sourced in Launchpad so you can view current bugs at `OpenStack Bugs <https://bugs.launchpad.net/neutron>`__

75
doc/source/man/quantum-server.rst

@ -1,75 +0,0 @@
==============
quantum-server
==============
--------------
Quantum Server
--------------
:Author: openstack@lists.launchpad.net
:Date: 2012-04-05
:Copyright: OpenStack Foundation
:Version: 2012.1
:Manual section: 1
:Manual group: cloud computing
SYNOPSIS
========
quantum-server [options]
DESCRIPTION
===========
quantum-server provides a webserver that exposes the Quantum API, and
passes all webservice calls to the Quantum plugin for processing.
OPTIONS
=======
--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose Print more verbose output
-d, --debug Print debugging output
--config-file=PATH Path to the config file to use, for example,
/etc/quantum/quantum.conf. When not specified
(the default), we generally look at the first argument
specified to be a config file, and if that is also
missing, we search standard directories for a config
file. (/etc/quantum/,
/usr/lib/pythonX/site-packages/quantum/)
Logging Options:
The following configuration options are specific to logging
functionality for this program.
--log-config=PATH If this option is specified, the logging configuration
file specified is used and overrides any other logging
options specified. Please see the Python logging
module documentation for details on logging
configuration files.
--log-date-format=FORMAT
Format string for %(asctime)s in log records. Default:
%Y-%m-%d %H:%M:%S
--use-syslog Output logs to syslog.
--log-file=PATH (Optional) Name of log file to output to. If not set,
logging will go to stdout.
--log-dir=LOG_DIR (Optional) The directory to keep log files in (will be
prepended to --logfile)
FILES
========
plugins.ini file contains the plugin information
quantum.conf file contains configuration information in the form of python-gflags.
SEE ALSO
========
* `OpenStack Quantum <http://quantum.openstack.org>`__
BUGS
====
* Quantum is sourced in Launchpad so you can view current bugs at `OpenStack Bugs <https://bugs.launchpad.net/quantum>`__

26
etc/api-paste.ini

@ -1,24 +1,24 @@
[composite:quantum]
[composite:neutron]
use = egg:Paste#urlmap
/: quantumversions
/v2.0: quantumapi_v2_0
/: neutronversions
/v2.0: neutronapi_v2_0
[composite:quantumapi_v2_0]
use = call:quantum.auth:pipeline_factory
noauth = extensions quantumapiapp_v2_0
keystone = authtoken keystonecontext extensions quantumapiapp_v2_0
[composite:neutronapi_v2_0]
use = call:neutron.auth:pipeline_factory
noauth = extensions neutronapiapp_v2_0
keystone = authtoken keystonecontext extensions neutronapiapp_v2_0
[filter:keystonecontext]
paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory
paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
[filter:extensions]
paste.filter_factory = quantum.api.extensions:plugin_aware_extension_middleware_factory
paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory
[app:quantumversions]
paste.app_factory = quantum.api.versions:Versions.factory
[app:neutronversions]
paste.app_factory = neutron.api.versions:Versions.factory
[app:quantumapiapp_v2_0]
paste.app_factory = quantum.api.v2.router:APIRouter.factory
[app:neutronapiapp_v2_0]
paste.app_factory = neutron.api.v2.router:APIRouter.factory

10
etc/dhcp_agent.ini

@ -2,7 +2,7 @@
# Show debugging output in log (sets DEBUG log level output)
# debug = true
# The DHCP agent will resync its state with Quantum to recover from any
# The DHCP agent will resync its state with Neutron to recover from any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
# resync_interval = 5
@ -11,16 +11,16 @@
# matches you plugin.
# OVS based plugins(OVS, Ryu, NEC, NVP, BigSwitch/Floodlight)
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS
# as OpenFlow switch and check port status
#ovs_use_veth = True
# LinuxBridge
#interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
#interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires
# no additional setup of the DHCP server.
dhcp_driver = quantum.agent.linux.dhcp.Dnsmasq
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
@ -35,7 +35,7 @@ dhcp_driver = quantum.agent.linux.dhcp.Dnsmasq
# Allows for serving metadata requests coming from a dedicated metadata
# access network whose cidr is 169.254.169.254/16 (or larger prefix), and
# is connected to a Quantum router from which the VMs send metadata
# is connected to a Neutron router from which the VMs send metadata
# request. In this case DHCP Option 121 will not be injected in VMs, as
# they will be able to reach 169.254.169.254 through a router.
# This option requires enable_isolated_metadata = True

0
etc/init.d/quantum-server → etc/init.d/neutron-server

10
etc/l3_agent.ini

@ -6,12 +6,12 @@
# matches your plugin.
# OVS based plugins (OVS, Ryu, NEC) that supports L3 agent
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# OVS based plugins(Ryu, NEC) that use OVS
# as OpenFlow switch and check port status
#ovs_use_veth = True
# LinuxBridge
#interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
#interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
@ -30,7 +30,7 @@ interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
# Indicates that this L3 agent should also handle routers that do not have
# an external network gateway configured. This option should be True only
# for a single agent in a Quantum deployment, and may be False for all agents
# for a single agent in a Neutron deployment, and may be False for all agents
# if all routers must have an external network gateway
# handle_internal_only_routers = True
@ -38,7 +38,7 @@ interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
# empty value for the linux bridge
# external_network_bridge = br-ex
# TCP Port used by Quantum metadata server
# TCP Port used by Neutron metadata server
# metadata_port = 9697
# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0
@ -54,4 +54,4 @@ interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
# enable_metadata_proxy, which is true by default, can be set to False
# if the Nova metadata server is not available
# enable_metadata_proxy = True
# enable_metadata_proxy = True

8
etc/lbaas_agent.ini

@ -2,22 +2,22 @@
# Show debugging output in log (sets DEBUG log level output)
# debug = true
# The LBaaS agent will resync its state with Quantum to recover from any
# The LBaaS agent will resync its state with Neutron to recover from any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
# periodic_interval = 10
# OVS based plugins(OVS, Ryu, NEC, NVP, BigSwitch/Floodlight)
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS
# as OpenFlow switch and check port status
# ovs_use_veth = True
# LinuxBridge
# interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
# The agent requires a driver to manage the loadbalancer. HAProxy is the
# opensource version.
#device_driver = quantum.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
#device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).

6
etc/metadata_agent.ini

@ -2,7 +2,7 @@
# Show debugging output in log (sets DEBUG log level output)
# debug = True
# The Quantum user information for accessing the Quantum API.
# The Neutron user information for accessing the Neutron API.
auth_url = http://localhost:35357/v2.0
auth_region = RegionOne
admin_tenant_name = %SERVICE_TENANT_NAME%
@ -18,8 +18,8 @@ admin_password = %SERVICE_PASSWORD%
# TCP Port used by Nova metadata server
# nova_metadata_port = 8775
# When proxying metadata requests, Quantum signs the Instance-ID header with a
# When proxying metadata requests, Neutron signs the Instance-ID header with a
# shared secret to prevent spoofing. You may select any string for a secret,
# but it must match here and in the configuration used by the Nova Metadata
# Server. NOTE: Nova uses a different key: quantum_metadata_proxy_shared_secret
# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret
# metadata_proxy_shared_secret =

0
etc/quantum.conf → etc/neutron.conf

0
etc/quantum/plugins/bigswitch/restproxy.ini → etc/neutron/plugins/bigswitch/restproxy.ini

0
etc/quantum/plugins/brocade/brocade.ini → etc/neutron/plugins/brocade/brocade.ini

0
etc/quantum/plugins/cisco/cisco_plugins.ini → etc/neutron/plugins/cisco/cisco_plugins.ini

0
etc/quantum/plugins/hyperv/hyperv_quantum_plugin.ini → etc/neutron/plugins/hyperv/hyperv_neutron_plugin.ini

0
etc/quantum/plugins/linuxbridge/linuxbridge_conf.ini → etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini

0
etc/quantum/plugins/metaplugin/metaplugin.ini → etc/neutron/plugins/metaplugin/metaplugin.ini

0
etc/quantum/plugins/midonet/midonet.ini → etc/neutron/plugins/midonet/midonet.ini

0
etc/quantum/plugins/ml2/ml2_conf.ini → etc/neutron/plugins/ml2/ml2_conf.ini

0
etc/quantum/plugins/mlnx/mlnx_conf.ini → etc/neutron/plugins/mlnx/mlnx_conf.ini

0
etc/quantum/plugins/nec/nec.ini → etc/neutron/plugins/nec/nec.ini

0
etc/quantum/plugins/nicira/nvp.ini → etc/neutron/plugins/nicira/nvp.ini

0
etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini → etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

0
etc/quantum/plugins/plumgrid/plumgrid.ini → etc/neutron/plugins/plumgrid/plumgrid.ini

0
etc/quantum/plugins/ryu/ryu.ini → etc/neutron/plugins/ryu/ryu.ini

14
etc/neutron/rootwrap.d/debug.filters

@ -0,0 +1,14 @@
# neutron-rootwrap command filters for nodes on which neutron is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# This is needed because we should ping
# from inside a namespace which requires root
ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+

40
etc/neutron/rootwrap.d/dhcp.filters

@ -0,0 +1,40 @@
# neutron-rootwrap command filters for nodes on which neutron is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# dhcp-agent
ip_exec_dnsmasq: DnsmasqNetnsFilter, ip, root
dnsmasq: DnsmasqFilter, /sbin/dnsmasq, root
dnsmasq_usr: DnsmasqFilter, /usr/sbin/dnsmasq, root
# dhcp-agent uses kill as well, that's handled by the generic KillFilter
# it looks like these are the only signals needed, per
# neutron/agent/linux/dhcp.py
kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP
kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
# dhcp-agent uses cat
cat: RegExpFilter, cat, root, cat, /proc/\d+/cmdline
ovs-vsctl: CommandFilter, ovs-vsctl, root
ivs-ctl: CommandFilter, ivs-ctl, root
# metadata proxy
metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
metadata_proxy_quantum: CommandFilter, quantum-ns-metadata-proxy, root
# If installed from source (say, by devstack), the prefix will be
# /usr/local instead of /usr/bin.
metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root
metadata_proxy_local_quantum: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
# RHEL invocation of the metadata proxy will report /usr/bin/python
kill_metadata: KillFilter, root, /usr/bin/python, -9
kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
# ip_lib
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root

21
etc/neutron/rootwrap.d/iptables-firewall.filters

@ -0,0 +1,21 @@
# neutron-rootwrap command filters for nodes on which neutron is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# neutron/agent/linux/iptables_manager.py
# "iptables-save", ...
iptables-save: CommandFilter, iptables-save, root
iptables-restore: CommandFilter, iptables-restore, root
ip6tables-save: CommandFilter, ip6tables-save, root
ip6tables-restore: CommandFilter, ip6tables-restore, root
# neutron/agent/linux/iptables_manager.py
# "iptables", "-A", ...
iptables: CommandFilter, iptables, root
ip6tables: CommandFilter, ip6tables, root

41
etc/neutron/rootwrap.d/l3.filters

@ -0,0 +1,41 @@
# neutron-rootwrap command filters for nodes on which neutron is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# arping
arping: CommandFilter, arping, root
# l3_agent
sysctl: CommandFilter, sysctl, root
route: CommandFilter, route, root
# metadata proxy
metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
metadata_proxy_quantum: CommandFilter, quantum-ns-metadata-proxy, root
# If installed from source (say, by devstack), the prefix will be
# /usr/local instead of /usr/bin.
metadata_proxy_local: CommandFilter, /usr/local/bin/neuton-ns-metadata-proxy, root
metadata_proxy_local_quantum: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
# RHEL invocation of the metadata proxy will report /usr/bin/python
kill_metadata: KillFilter, root, /usr/bin/python, -9
kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
# ip_lib
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root
# ovs_lib (if OVSInterfaceDriver is used)
ovs-vsctl: CommandFilter, ovs-vsctl, root
# iptables_manager
iptables-save: CommandFilter, iptables-save, root
iptables-restore: CommandFilter, iptables-restore, root
ip6tables-save: CommandFilter, ip6tables-save, root
ip6tables-restore: CommandFilter, ip6tables-restore, root

24
etc/neutron/rootwrap.d/lbaas-haproxy.filters

@ -0,0 +1,24 @@
# neuton-rootwrap command filters for nodes on which neuton is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# haproxy
haproxy: CommandFilter, haproxy, root
# lbaas-agent uses kill as well, that's handled by the generic KillFilter
kill_haproxy_usr: KillFilter, root, /usr/sbin/haproxy, -9, -HUP
# lbaas-agent uses cat
cat: RegExpFilter, cat, root, cat, /proc/\d+/cmdline
ovs-vsctl: CommandFilter, ovs-vsctl, root
# ip_lib
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root

18
etc/neutron/rootwrap.d/linuxbridge-plugin.filters

@ -0,0 +1,18 @@
# neuton-rootwrap command filters for nodes on which neuton is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# linuxbridge-agent
# unclear whether both variants are necessary, but I'm transliterating
# from the old mechanism
brctl: CommandFilter, brctl, root
# ip_lib
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root

12
etc/neutron/rootwrap.d/nec-plugin.filters

@ -0,0 +1,12 @@
# neuton-rootwrap command filters for nodes on which neuton is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# nec_neutron_agent
ovs-vsctl: CommandFilter, ovs-vsctl, root

20
etc/neutron/rootwrap.d/openvswitch-plugin.filters

@ -0,0 +1,20 @@
# neutron-rootwrap command filters for nodes on which neutron is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# openvswitch-agent
# unclear whether both variants are necessary, but I'm transliterating
# from the old mechanism
ovs-vsctl: CommandFilter, ovs-vsctl, root
ovs-ofctl: CommandFilter, ovs-ofctl, root
xe: CommandFilter, xe, root
# ip_lib
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root

21
etc/neutron/rootwrap.d/ryu-plugin.filters

@ -0,0 +1,21 @@
# neutron-rootwrap command filters for nodes on which neutron is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# ryu-agent
# unclear whether both variants are necessary, but I'm transliterating
# from the old mechanism
# neutron/plugins/ryu/agent/ryu_neutron_agent.py:
# "ovs-vsctl", "--timeout=2", ...
ovs-vsctl: CommandFilter, ovs-vsctl, root
# neutron/plugins/ryu/agent/ryu_neutron_agent.py:
# "xe", "vif-param-get", ...
xe: CommandFilter, xe, root

1
etc/quantum

@ -0,0 +1 @@
neutron

14
etc/quantum/rootwrap.d/debug.filters

@ -1,14 +0,0 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# This is needed because we should ping
# from inside a namespace which requires root
ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+

38
etc/quantum/rootwrap.d/dhcp.filters

@ -1,38 +0,0 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# dhcp-agent
ip_exec_dnsmasq: DnsmasqNetnsFilter, ip, root
dnsmasq: DnsmasqFilter, /sbin/dnsmasq, root
dnsmasq_usr: DnsmasqFilter, /usr/sbin/dnsmasq, root
# dhcp-agent uses kill as well, that's handled by the generic KillFilter
# it looks like these are the only signals needed, per
# quantum/agent/linux/dhcp.py
kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP
kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
# dhcp-agent uses cat
cat: RegExpFilter, cat, root, cat, /proc/\d+/cmdline
ovs-vsctl: CommandFilter, ovs-vsctl, root
ivs-ctl: CommandFilter, ivs-ctl, root
# metadata proxy
metadata_proxy: CommandFilter, quantum-ns-metadata-proxy, root
# If installed from source (say, by devstack), the prefix will be
# /usr/local instead of /usr/bin.
metadata_proxy_local: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
# RHEL invocation of the metadata proxy will report /usr/bin/python
kill_metadata: KillFilter, root, /usr/bin/python, -9
kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
# ip_lib
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root

21
etc/quantum/rootwrap.d/iptables-firewall.filters

@ -1,21 +0,0 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# quantum/agent/linux/iptables_manager.py
# "iptables-save", ...
iptables-save: CommandFilter, iptables-save, root
iptables-restore: CommandFilter, iptables-restore, root
ip6tables-save: CommandFilter, ip6tables-save, root
ip6tables-restore: CommandFilter, ip6tables-restore, root
# quantum/agent/linux/iptables_manager.py
# "iptables", "-A", ...
iptables: CommandFilter, iptables, root
ip6tables: CommandFilter, ip6tables, root

39
etc/quantum/rootwrap.d/l3.filters

@ -1,39 +0,0 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# arping
arping: CommandFilter, arping, root
# l3_agent
sysctl: CommandFilter, sysctl, root
route: CommandFilter, route, root
# metadata proxy
metadata_proxy: CommandFilter, quantum-ns-metadata-proxy, root
# If installed from source (say, by devstack), the prefix will be
# /usr/local instead of /usr/bin.
metadata_proxy_local: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
# RHEL invocation of the metadata proxy will report /usr/bin/python
kill_metadata: KillFilter, root, /usr/bin/python, -9
kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
# ip_lib
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root
# ovs_lib (if OVSInterfaceDriver is used)
ovs-vsctl: CommandFilter, ovs-vsctl, root
# iptables_manager
iptables-save: CommandFilter, iptables-save, root
iptables-restore: CommandFilter, iptables-restore, root
ip6tables-save: CommandFilter, ip6tables-save, root
ip6tables-restore: CommandFilter, ip6tables-restore, root

24
etc/quantum/rootwrap.d/lbaas-haproxy.filters

@ -1,24 +0,0 @@
# quantum-rootwrap command filters for nodes on which quantum is
# expected to control network
#
# This file should be owned by (and only-writeable by) the root user
# format seems to be
# cmd-name: filter-name, raw-command, user, args
[Filters]
# haproxy
haproxy: CommandFilter, haproxy, root
# lbaas-agent uses kill as well, that's handled by the generic KillFilter
kill_haproxy_usr: KillFilter, root, /usr/sbin/haproxy, -9, -HUP
# lbaas-agent uses cat
cat: RegExpFilter, cat, root, cat, /proc/\d+/cmdline
ovs-vsctl: CommandFilter, ovs-vsctl, root
# ip_lib
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root

18
etc/quantum/rootwrap.d/linuxbridge-plugin.filters

@ -1,18 +0,0 @@
# quantum-rootwrap command filters for nodes on which quantum is