openstack/neutron
Code Issues Proposed changes
OpenStack Networking (Neutron)
9,289 Commits 10 Branches 89 Tags 1 GiB
Python 99.7%
Shell 0.3%
80bea7a386
Go to file
Cedric Brandily 80bea7a386 Allow metadata proxy running with nobody user/group 
Currently metadata proxy cannot run with nobody user/group as metadata
proxy requires to connect to metadata_proxy_socket when queried.

This change allows to run metadata proxy with nobody user/group by
allowing to choose the metadata_proxy_socket mode with the new option
metadata_proxy_socket_mode (4 choices) in order to adapt socket
permissions to metadata proxy user/group.

This change refactors also where options are defined to enable
metadata_proxy_user/group options in the metadata agent.

In practice:
* if metadata_proxy_user is agent effective user or root, then:
  * metadata proxy is allowed to use rootwrap (unsecure)
  * set metadata_proxy_socket_mode = user (0o644)
* else if metadata_proxy_group is agent effective group, then:
  * metadata proxy is not allowed to use rootwrap (secure)
  * set metadata_proxy_socket_mode = group (0o664)
  * set metadata_proxy_log_watch = false
* else:
  * metadata proxy has lowest permissions (securest) but metadata proxy
    socket can be opened by everyone
  * set metadata_proxy_socket_mode = all (0o666)
  * set metadata_proxy_log_watch = false

An alternative is to set metadata_proxy_socket_mode = deduce, in such
case metadata agent uses previous rules to choose the correct mode.

DocImpact
Closes-Bug: #1427228
Change-Id: I235a0cc4f0cbd55ae4ec1570daf2ebbb6a72441d
2015-04-06 18:31:37 +02:00
bin adopt namespace-less oslo imports 2015-02-20 17:36:47 -08:00
doc Update core reviewer responsibilities 2015-04-01 14:02:39 +00:00
etc Allow metadata proxy running with nobody user/group 2015-04-06 18:31:37 +02:00
neutron Allow metadata proxy running with nobody user/group 2015-04-06 18:31:37 +02:00
rally-jobs Run more Rally benchmark on every patch 2015-03-18 10:38:44 +00:00
tools Merge "tests: don't rely on configuration files outside tests directory" 2015-04-01 16:21:15 +00:00
.coveragerc Update .coveragerc after the removal of Cisco Nexus monolithic plugin 2015-03-31 02:25:06 +00:00
.gitignore Add support for retargetable functional api testing 2015-01-06 02:37:59 +00:00
.gitreview Rename quantum to neutron in .gitreview. 2013-07-06 12:25:09 -04:00
.mailmap Add mailmap entry 2014-05-16 13:40:04 -04:00
.pylintrc Remove 'free' exclusions from pylint 2015-03-06 09:37:00 -05:00
.testr.conf Add an explicit tox job for functional tests 2014-02-05 17:11:52 +00:00
babel.cfg Use babel to generate translation file 2013-01-24 00:20:32 +08:00
CONTRIBUTING.rst Workflow documentation is now in infra-manual 2014-12-05 03:30:37 +00:00
HACKING.rst oslo: migrate to namespace-less import paths 2015-02-05 15:09:32 +01:00
LICENSE Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to 2011-08-08 12:31:04 -07:00
MANIFEST.in Rename Quantum to Neutron 2013-07-06 15:02:43 -04:00
openstack-common.conf Migrate to oslo.log 2015-03-12 11:22:56 +01:00
README.rst Updated the README.rst 2014-12-02 14:33:30 -06:00
requirements.txt Updated from global requirements 2015-03-21 00:10:47 +00:00
run_tests.sh Revert "monkey patch stdlib before importing other modules" 2015-02-11 17:26:33 -08:00
setup.cfg Merge "Add L3 router plugin shim for Brocade MLX" 2015-03-26 23:15:58 +00:00
setup.py Updated from global requirements 2014-04-30 02:41:29 +00:00
test-requirements.txt Updated from global requirements 2015-03-21 00:10:47 +00:00
TESTING.rst Add full-stack tests framework 2015-03-26 20:21:40 +02:00
tox.ini Simplify retargetable test framework 2015-03-31 20:13:04 +00:00

README.rst

Welcome!

You have come across a cloud computing network fabric controller. It has identified itself as "Neutron." It aims to tame your (cloud) networking!

External Resources:

The homepage for Neutron is: http://launchpad.net/neutron. Use this site for asking for help, and filing bugs. Code is available on git.openstack.org at <http://git.openstack.org/cgit/openstack/neutron>.

The latest and most in-depth documentation on how to use Neutron is available at: <http://docs.openstack.org>. This includes:

Neutron Administrator Guide

http://docs.openstack.org/admin-guide-cloud/content/ch_networking.html

Neutron API Reference:

http://docs.openstack.org/api/openstack-network/2.0/content/

Current Neutron developer documentation is available at:

http://wiki.openstack.org/NeutronDevelopment

For help on usage and hacking of Neutron, please send mail to <mailto:openstack-dev@lists.openstack.org>.

For information on how to contribute to Neutron, please see the contents of the CONTRIBUTING.rst file.