Commit Graph

9 Commits (d568fee34be36ca17a9124fe6539f62d702d6359)

Author SHA1 Message Date
shihanzhang a5a8e2db49 Fix invalid facilities documented in rootwrap.conf
The values user0 and user1 do not map to valid facility values.
local1, etc.  Using user0 results in a  pri value that does not map
back to a facility of the same name in syslog.

RFC5424 suggest values values of local0 through local7.  Setting
syslog_log_facility to one of those values results in a message with a
priority that can be mapped back to the original string value.

This fix adjusts the comment in rootwrap.conf to suggest the local
prefix instead of the user prefix.

Change-Id: I835ad17c817b8623e382368b39b06944470be480
Closes-bug: #1280879
9 years ago
Jenkins 1bd456371f Merge "rename quantum into neutron" 10 years ago
Yong Sheng Gong 4a01e35f3f rename quantum into neutron
Bug #1200474

Change-Id: Ib83e58008fc53b57c4063057ce4c5707b55f0ff2
10 years ago
Thierry Carrez 042d15a314 Import Oslo's common rootwrap to Neutron
Use the common oslo-incubator rootwrap rather than maintain a
specific fork within Neutron.

- Migrated DnsmasqFilter use in dhcp.filters to the new EnvFilter
- Changed environment passing in ip_lib's netns.execute so that
  it can be properly matched using IpNetNsExecFilter + EnvFilter.
  It now calls "ip netns exec ns env A=B C=D command" instead of
  "A=B C=D ip netns exec ns command". Adjusted tests accordingly.

All the other changes are coming directly from the Oslo "rootwrap"
module sync.

- Neutron locates its rootwrap.conf in etc/ rather than in etc/neutron
- Neutron maintains a specific bin/quantum-rootwrap-xen-dom0 which
  requires additional config in rootwrap.conf

Both behaviors were preserved in this commit, but this may need to be
addressed in the future to simplify future oslo-rootwrap updates.

Implements bp: quantum-common-rootwrap

Change-Id: I02879942a9d1169a71aa4d684c1b9ec109a6de32
10 years ago
Mate Lakat 8d0f8e1b99 dom0 rootwrap - case insensitive xenapi section
As per change the config sections
became lowercase. This patch makes the quantum-rootwrap-xen-dom0
rootwrap to be case insensitive for the xenapi section.

This patch also changes the default config file to use a lowercase
xenapi section.

Fixes bug 1195781

Change-Id: Ic24feb1a9ad6f8823745b1febd4a0edd54e73498
10 years ago
Dirk Mueller d1a623bc97 Use exec_dirs for rootwrap commands
Avoid depending on platform specific paths for rootwrap
by using exec_dirs in rootwrap. Fixes rootwrap configuration
for SUSE.

Fixes bug #1156044

Change-Id: I54d082c543fd84b40db0caa3571300ac0bb07b57
10 years ago
Maru Newby 7ff0c53564 Add support for OVS l2 agent in XS/XCP domU.
* Config doc:

 * The Open vSwitch agent needs to be deployed on domU but
   interact with a dom0 bridge.
 * Add a root wrapper and associated XenAPI plugin to allow the
   agent to execute networking commands against dom0 from domU.
 * Update ovs_lib mac address discovery to use ip_lib to
   ensure that discovery works even for bridges not local to
   the agent (i.e. dom0 bridges).  A bridge configured with
   a dom0 root wrapper will execute ip link on dom0.
 * Update ip_lib to use a root helper by default to ensure that
   the 'ip' command will execute on dom0.
 * Remove obselete rpm spec and installer for dom0 agent.
 * Credit where credit is due - the XenAPI plugin and its
   packaging were largely copied from nova.
 * Supports blueprint xenapi-ovs

Change-Id: I7795446ee1267712c896f5cb3401f84fb1763ce7
10 years ago
Jiajun Liu 713d92e7b1 make rootwrap filters path consistent with other openstack project
Fixes bug 1050062.

Change-Id: I0c3fc84af8ed9bca2e0bd2f11cbc3b737b6a4001
11 years ago
John Dunning 193d699727 Update rootwrap; track changes in nova/cinder
Fix bug 1037815

Summary: Copy/paste the essential parts of the rootwrap
  mechanism from nova/cinder into quantum.  This includes
  the core changes to and which deal
  with loading filters from files pointed to by
Detailed changes:
  Transliterate the old rootwrap/* files to
  new format, and put the results in etc/quantum/rootwrap.d
  Delete the * files.
  Add conf to point to etc/quantum/rootwrap.d
  Add a unit test cribbed from nova to exercise the filter
  Add a unit test to exercise the actual filtered execution
Note that as written, this patch does not set the default
  execute mechanism (in the agent .ini files) to rootwrap,
  leaves it as sudo.  That can be done in a followon
  change, or in distro specific packaging.
Note also that there is still work to do around finishing
  and testing the filter specs themselves.  We've decided
  that that is out of scope for this patch.

Change-Id: I9aba6adc5ba40b6145be5fa38c5ece3b666ae5ca
11 years ago