Merge "Implement neutron venv support"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
db828457ec
@ -90,6 +90,7 @@
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- neutron-logs
|
||||
|
||||
- name: Create the neutron provider networks facts
|
||||
provider_networks:
|
||||
provider_networks: "{{ provider_networks }}"
|
||||
@ -99,15 +100,37 @@
|
||||
tags:
|
||||
- neutron-provider-networks
|
||||
- neutron-config
|
||||
|
||||
- name: Set provider network fact(s)
|
||||
set_fact:
|
||||
neutron_provider_networks: "{{ pndata }}"
|
||||
neutron_overlay_network: "{{ container_networks.tunnel_address|default({}) }}"
|
||||
_provider_networks: "{{ pndata }}"
|
||||
_overlay_network: "{{ container_networks.tunnel_address|default({}) }}"
|
||||
tags:
|
||||
- neutron-provider-networks
|
||||
- neutron-config
|
||||
|
||||
- name: set local_ip fact (is_metal)
|
||||
set_fact:
|
||||
_local_ip: "{{ hostvars[inventory_hostname]['ansible_' + _overlay_network.bridge|replace('-', '_')]['ipv4']['address'] }}"
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- neutron-config
|
||||
|
||||
- name: set local_ip fact (container)
|
||||
set_fact:
|
||||
_local_ip: "{{ _overlay_network.address|default(ansible_ssh_host) }}"
|
||||
when: not is_metal | bool
|
||||
tags:
|
||||
- neutron-config
|
||||
roles:
|
||||
- { role: "os_neutron", tags: [ "os-neutron" ] }
|
||||
- role: "os_neutron"
|
||||
neutron_venv_tag: "{{ openstack_release }}"
|
||||
neutron_galera_address: "{{ galera_address }}"
|
||||
neutron_local_ip: "{{ _local_ip }}"
|
||||
neutron_overlay_network: "{{ _overlay_network }}"
|
||||
neutron_provider_networks: "{{ _provider_networks }}"
|
||||
tags:
|
||||
- "os-neutron"
|
||||
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
|
||||
- role: "rsyslog_client"
|
||||
rsyslog_client_log_rotate_file: neutron_log_rotate
|
||||
@ -124,7 +147,6 @@
|
||||
- "system-crontab-coordination"
|
||||
vars:
|
||||
galera_address: "{{ internal_lb_vip_address }}"
|
||||
neutron_galera_address: "{{ internal_lb_vip_address }}"
|
||||
ansible_hostname: "{{ container_name }}"
|
||||
is_metal: "{{ properties.is_metal|default(false) }}"
|
||||
bind_prefix: "{{ provider_network_bind_prefix|default('') }}"
|
||||
|
||||
@ -19,6 +19,25 @@ is_metal: true
|
||||
## Verbosity Options
|
||||
debug: False
|
||||
verbose: True
|
||||
|
||||
# Name of the virtual env to deploy into
|
||||
neutron_venv_tag: untagged
|
||||
neutron_venv_bin: "/openstack/venvs/neutron-{{ neutron_venv_tag }}/bin"
|
||||
|
||||
# Set this to enable or disable installing in a venv
|
||||
neutron_venv_enabled: true
|
||||
|
||||
# The bin path defaults to the venv path however if installation in a
|
||||
# venv is disabled the bin path will be dynamically set based on the
|
||||
# system path used when the installing.
|
||||
neutron_bin: "{{ neutron_venv_bin }}"
|
||||
|
||||
# Set the lib dir path to that of the local python path where neutron is installed.
|
||||
# This is used for role access to the db migrations.
|
||||
# Example:
|
||||
# neutron_lib_dir: "/usr/local/lib/python2.7/dist-packages/neutron"
|
||||
neutron_lib_dir: "{{ neutron_bin | dirname }}/lib/python2.7/site-packages/neutron"
|
||||
|
||||
neutron_fatal_deprecations: False
|
||||
|
||||
## neutron User / Group
|
||||
@ -250,6 +269,8 @@ neutron_vxlan_group: ""
|
||||
# network_vlan_ranges: "vlan:1:1,vlan:1024:1025"
|
||||
# network_vxlan_ranges: "1:1000"
|
||||
|
||||
neutron_vxlan_enabled: true
|
||||
|
||||
neutron_dhcp_domain: openstacklocal
|
||||
neutron_dhcp_delete_namespaces: True
|
||||
# Comma-separated list of DNS servers which will be used by dnsmasq as forwarders.
|
||||
@ -273,6 +294,9 @@ neutron_rpc_response_timeout: 60
|
||||
# "create_subnet": "rule:admin_or_network_owner"
|
||||
# "get_subnet": "rule:admin_or_owner or rule:shared"
|
||||
|
||||
# neutron_local_ip is used for the VXLAN local tunnel endpoint
|
||||
neutron_local_ip: 127.0.0.1
|
||||
|
||||
neutron_apt_packages:
|
||||
- conntrack
|
||||
- dnsmasq-base
|
||||
@ -286,6 +310,11 @@ neutron_apt_packages:
|
||||
neutron_apt_remove_packages:
|
||||
- conntrackd
|
||||
|
||||
# neutron packages that must be installed before anything else
|
||||
neutron_requires_pip_packages:
|
||||
- virtualenv
|
||||
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
|
||||
|
||||
neutron_pip_packages:
|
||||
- configobj
|
||||
- cliff
|
||||
|
||||
@ -18,6 +18,7 @@ import re
|
||||
import subprocess
|
||||
from ansible.module_utils.basic import *
|
||||
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: neutron_migrations_facts
|
||||
@ -38,45 +39,89 @@ options:
|
||||
- This is the OpenStack release you're running, used when
|
||||
searching for migration revisions in the neutron code.
|
||||
default: liberty
|
||||
library_path:
|
||||
description:
|
||||
- Local path to the location where the neutron python package
|
||||
is installed.
|
||||
default: /usr/local/lib/python2.7/dist-packages/neutron
|
||||
bin_path:
|
||||
description:
|
||||
- Local path to the where the neutron binaries are.
|
||||
default: /usr/local/bin
|
||||
author: Rcbops
|
||||
"""
|
||||
|
||||
|
||||
EXAMPLES = """
|
||||
- name: Gather neutron migration facts
|
||||
neutron_migrations_facts:
|
||||
release: mitaka
|
||||
"""
|
||||
|
||||
MIGRATIONS = {'expand': {'revision': None, 'head': None},
|
||||
'contract': {'revision': None, 'head': None}}
|
||||
|
||||
MIGRATIONS = {
|
||||
'expand': {
|
||||
'revision': None,
|
||||
'head': None
|
||||
},
|
||||
'contract': {
|
||||
'revision': None,
|
||||
'head': None
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
def get_branch(release, revision):
|
||||
migrations_dir = '/usr/local/lib/python2.7/dist-packages/neutron/db/' \
|
||||
'migration/alembic_migrations/versions/%s/' % release
|
||||
def get_branch(release, revision, library_path):
|
||||
migrations_dir = (
|
||||
'%s/db/migration/alembic_migrations/versions/%s/' % (
|
||||
library_path,
|
||||
release,
|
||||
)
|
||||
)
|
||||
for branch in MIGRATIONS.keys():
|
||||
for file in os.listdir('%s/%s' % (migrations_dir, branch)):
|
||||
migration_dir = os.path.join(get_abs_path(migrations_dir), branch)
|
||||
for file in os.listdir(migration_dir):
|
||||
if file.endswith('.py') and file.split('_')[0] == revision:
|
||||
return branch
|
||||
|
||||
|
||||
def get_abs_path(path):
|
||||
return os.path.abspath(
|
||||
os.path.expanduser(
|
||||
path
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
release=dict(
|
||||
type='str',
|
||||
default='liberty'
|
||||
),
|
||||
library_path=dict(
|
||||
type='str',
|
||||
default='/usr/local/lib/python2.7/dist-packages/neutron'
|
||||
),
|
||||
bin_path=dict(
|
||||
type='str',
|
||||
default='/usr/local/bin'
|
||||
)
|
||||
),
|
||||
supports_check_mode=False
|
||||
)
|
||||
state_change = False
|
||||
|
||||
command = [
|
||||
'%s/neutron-db-manage' % get_abs_path(module.params['bin_path']),
|
||||
'current'
|
||||
]
|
||||
|
||||
try:
|
||||
current = subprocess.check_output(['neutron-db-manage', 'current'])
|
||||
current = subprocess.check_output(command)
|
||||
except subprocess.CalledProcessError as e:
|
||||
message = 'neutron fact collection failed: "%s".' % e
|
||||
module.fail_json(msg=message)
|
||||
module.fail_json(msg='neutron fact collection failed: "%s".' % e)
|
||||
|
||||
for line in current.splitlines():
|
||||
head = False
|
||||
@ -85,17 +130,25 @@ def main():
|
||||
revision = match.group(1)
|
||||
if match.group(2):
|
||||
head = True
|
||||
branch = get_branch(module.params['release'], revision)
|
||||
|
||||
branch = get_branch(
|
||||
release=module.params['release'],
|
||||
revision=revision,
|
||||
library_path=get_abs_path(module.params['library_path'])
|
||||
)
|
||||
if branch is None:
|
||||
message = 'neutron fact collection failed: unable to find ' \
|
||||
'migration with revision %s' % revision
|
||||
module.fail_json(msg=message)
|
||||
module.fail_json(
|
||||
msg='neutron fact collection failed: unable to find'
|
||||
' migration with revision %s' % revision
|
||||
)
|
||||
|
||||
MIGRATIONS[branch]['revision'] = revision
|
||||
MIGRATIONS[branch]['head'] = head
|
||||
|
||||
module.exit_json(changed=state_change,
|
||||
ansible_facts={'neutron_migrations': MIGRATIONS})
|
||||
module.exit_json(
|
||||
changed=state_change,
|
||||
ansible_facts={'neutron_migrations': MIGRATIONS}
|
||||
)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
||||
@ -42,6 +42,8 @@
|
||||
- name: Get neutron migrations facts
|
||||
neutron_migrations_facts:
|
||||
release: liberty
|
||||
library_path: "{{ neutron_lib_dir }}"
|
||||
bin_path: "{{ neutron_bin }}"
|
||||
tags:
|
||||
- neutron-db-setup
|
||||
- neutron-upgrade
|
||||
@ -54,7 +56,8 @@
|
||||
|
||||
- name: Perform a Neutron DB online upgrade (expand)
|
||||
command: |
|
||||
neutron-db-manage --config-file {{ neutron_db_config }}
|
||||
{{ neutron_bin }}/neutron-db-manage
|
||||
--config-file {{ neutron_db_config }}
|
||||
--config-file {{ neutron_db_plugin }}
|
||||
upgrade --expand
|
||||
sudo: yes
|
||||
@ -78,7 +81,8 @@
|
||||
|
||||
- name: Perform a Neutron DB offline upgrade (contract)
|
||||
command: |
|
||||
neutron-db-manage --config-file {{ neutron_db_config }}
|
||||
{{ neutron_bin }}/neutron-db-manage
|
||||
--config-file {{ neutron_db_config }}
|
||||
--config-file {{ neutron_db_plugin }}
|
||||
upgrade --contract
|
||||
sudo: yes
|
||||
|
||||
@ -34,6 +34,7 @@
|
||||
delay: 2
|
||||
with_items: neutron_apt_packages
|
||||
tags:
|
||||
- neutron-install
|
||||
- neutron-apt-packages
|
||||
|
||||
- name: remove specific apt packages
|
||||
@ -46,9 +47,43 @@
|
||||
delay: 2
|
||||
with_items: neutron_apt_remove_packages
|
||||
tags:
|
||||
- neutron-install
|
||||
- neutron-apt-packages
|
||||
|
||||
- name: Install pip packages
|
||||
- name: Install requires pip packages
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
extra_args: "{{ pip_install_options|default('') }}"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items:
|
||||
- "{{ neutron_requires_pip_packages }}"
|
||||
tags:
|
||||
- neutron-install
|
||||
- neutron-pip-packages
|
||||
|
||||
- name: Install pip packages (venv)
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
virtualenv: "{{ neutron_venv_bin | dirname }}"
|
||||
virtualenv_site_packages: "no"
|
||||
extra_args: "{{ pip_install_options|default('') }}"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items:
|
||||
- "{{ neutron_pip_packages }}"
|
||||
when: neutron_venv_enabled | bool
|
||||
tags:
|
||||
- neutron-install
|
||||
- neutron-pip-packages
|
||||
|
||||
- name: Install pip packages (no venv)
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
@ -59,5 +94,7 @@
|
||||
delay: 2
|
||||
with_items:
|
||||
- "{{ neutron_pip_packages }}"
|
||||
when: not neutron_venv_enabled | bool
|
||||
tags:
|
||||
- neutron-pip-packages
|
||||
- neutron-install
|
||||
- neutron-pip-packages
|
||||
@ -17,8 +17,8 @@
|
||||
# kilo_revision: true
|
||||
|
||||
- name: "Drop AT&T neutron ha tool"
|
||||
copy:
|
||||
src: "neutron-ha-tool.py"
|
||||
template:
|
||||
src: "neutron-ha-tool.py.j2"
|
||||
dest: "/opt/neutron-ha-tool.py"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
|
||||
@ -84,29 +84,29 @@
|
||||
- neutron-config
|
||||
|
||||
- name: Drop neutron Configs
|
||||
copy:
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ neutron_system_user_name }}"
|
||||
group: "{{ neutron_system_group_name }}"
|
||||
with_items:
|
||||
- { src: "rootwrap.d/debug.filters", dest: "/etc/neutron/rootwrap.d/debug.filters" }
|
||||
- { src: "rootwrap.d/ipset-firewall.filters", dest: "/etc/neutron/rootwrap.d/ipset-firewall.filters" }
|
||||
- { src: "rootwrap.d/iptables-firewall.filters", dest: "/etc/neutron/rootwrap.d/iptables-firewall.filters" }
|
||||
- { src: "rootwrap.d/nec-plugin.filters", dest: "/etc/neutron/rootwrap.d/nec-plugin.filters" }
|
||||
- { src: "rootwrap.d/openvswitch-plugin.filters", dest: "/etc/neutron/rootwrap.d/openvswitch-plugin.filters" }
|
||||
- { src: "rootwrap.d/ryu-plugin.filters", dest: "/etc/neutron/rootwrap.d/ryu-plugin.filters" }
|
||||
- { src: "rootwrap.d/lbaas-haproxy.filters", dest: "/etc/neutron/rootwrap.d/lbaas-haproxy.filters" }
|
||||
- { src: "rootwrap.d/vpnaas.filters", dest: "/etc/neutron/rootwrap.d/vpnaas.filters" }
|
||||
- { src: "rootwrap.d/ebtables.filters", dest: "/etc/neutron/rootwrap.d/ebtables.filters" }
|
||||
- { src: "rootwrap.d/debug.filters.j2", dest: "/etc/neutron/rootwrap.d/debug.filters" }
|
||||
- { src: "rootwrap.d/ipset-firewall.filters.j2", dest: "/etc/neutron/rootwrap.d/ipset-firewall.filters" }
|
||||
- { src: "rootwrap.d/iptables-firewall.filters.j2", dest: "/etc/neutron/rootwrap.d/iptables-firewall.filters" }
|
||||
- { src: "rootwrap.d/nec-plugin.filters.j2", dest: "/etc/neutron/rootwrap.d/nec-plugin.filters" }
|
||||
- { src: "rootwrap.d/openvswitch-plugin.filters.j2", dest: "/etc/neutron/rootwrap.d/openvswitch-plugin.filters" }
|
||||
- { src: "rootwrap.d/ryu-plugin.filters.j2", dest: "/etc/neutron/rootwrap.d/ryu-plugin.filters" }
|
||||
- { src: "rootwrap.d/lbaas-haproxy.filters.j2", dest: "/etc/neutron/rootwrap.d/lbaas-haproxy.filters" }
|
||||
- { src: "rootwrap.d/vpnaas.filters.j2", dest: "/etc/neutron/rootwrap.d/vpnaas.filters" }
|
||||
- { src: "rootwrap.d/ebtables.filters.j2", dest: "/etc/neutron/rootwrap.d/ebtables.filters" }
|
||||
notify:
|
||||
- Restart neutron services
|
||||
tags:
|
||||
- neutron-config
|
||||
|
||||
- name: Drop neutron agent filters
|
||||
copy:
|
||||
src: "{{ item.value.service_rootwrap }}"
|
||||
template:
|
||||
src: "{{ item.value.service_rootwrap }}.j2"
|
||||
dest: "/etc/neutron/{{ item.value.service_rootwrap }}"
|
||||
owner: "{{ neutron_system_user_name }}"
|
||||
group: "{{ neutron_system_group_name }}"
|
||||
@ -143,3 +143,19 @@
|
||||
- name: Setup PLUMgrid config
|
||||
include: plumgrid_config.yml
|
||||
when: neutron_plugin_type == 'plumgrid'
|
||||
|
||||
- name: Get neutron command path
|
||||
command: which neutron
|
||||
register: neutron_command_path
|
||||
when:
|
||||
- not neutron_venv_enabled | bool
|
||||
tags:
|
||||
- neutron-command-bin
|
||||
|
||||
- name: Set neutron command path
|
||||
set_fact:
|
||||
neutron_bin: "{{ neutron_command_path.stdout | dirname }}"
|
||||
when:
|
||||
- not neutron_venv_enabled | bool
|
||||
tags:
|
||||
- neutron-command-bin
|
||||
|
||||
@ -40,6 +40,7 @@
|
||||
owner: "{{ item.owner|default(neutron_system_user_name) }}"
|
||||
group: "{{ item.group|default(neutron_system_group_name) }}"
|
||||
with_items:
|
||||
- { path: "/openstack", owner: "root", group: "root" }
|
||||
- { path: "/etc/neutron" }
|
||||
- { path: "/etc/neutron/plugins" }
|
||||
- { path: "/etc/neutron/plugins/{{ neutron_plugin_type }}" }
|
||||
@ -53,6 +54,19 @@
|
||||
tags:
|
||||
- neutron-dirs
|
||||
|
||||
- name: Create neutron venv dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
owner: "{{ item.owner|default(neutron_system_user_name) }}"
|
||||
group: "{{ item.group|default(neutron_system_group_name) }}"
|
||||
with_items:
|
||||
- { path: "/openstack/venvs", mode: "0755", owner: "root", group: "root" }
|
||||
- { path: "{{ neutron_venv_bin }}" }
|
||||
when: neutron_venv_enabled | bool
|
||||
tags:
|
||||
- neutron-dirs
|
||||
|
||||
- name: Test for log directory or link
|
||||
shell: |
|
||||
if [ -h "/var/log/neutron" ]; then
|
||||
|
||||
@ -33,4 +33,7 @@
|
||||
retries: 5
|
||||
delay: 2
|
||||
when:
|
||||
inventory_hostname in groups['neutron_server']
|
||||
- inventory_hostname in groups['neutron_server']
|
||||
tags:
|
||||
- neutron-install
|
||||
- neutron-pip-packages
|
||||
|
||||
@ -21,6 +21,14 @@ from collections import OrderedDict
|
||||
import logging
|
||||
from logging.handlers import SysLogHandler
|
||||
import os
|
||||
|
||||
{% if neutron_venv_enabled | bool %}
|
||||
|
||||
activate_this = os.path.expanduser("{{ neutron_venv_bin }}/activate_this.py")
|
||||
execfile(activate_this, dict(__file__=activate_this))
|
||||
|
||||
{% endif %}
|
||||
|
||||
import random
|
||||
import sys
|
||||
import time
|
||||
@ -12,7 +12,7 @@ respawn
|
||||
respawn limit 10 5
|
||||
|
||||
# Set the RUNBIN environment variable
|
||||
env RUNBIN="/usr/local/bin/{{ program_name }}"
|
||||
env RUNBIN="{{ neutron_bin }}/{{ program_name }}"
|
||||
|
||||
# Change directory to service users home
|
||||
chdir "{{ service_home }}"
|
||||
@ -24,6 +24,11 @@ pre-start script
|
||||
|
||||
mkdir -p "/var/lock/{{ program_name }}"
|
||||
chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}"
|
||||
|
||||
{% if neutron_venv_enabled | bool -%}
|
||||
. {{ neutron_venv_bin }}/activate
|
||||
{%- endif %}
|
||||
|
||||
end script
|
||||
|
||||
# Post stop actions
|
||||
|
||||
@ -146,7 +146,7 @@ service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsec
|
||||
[agent]
|
||||
polling_interval = {{ neutron_agent_polling_interval|default(5) }}
|
||||
report_interval = {{ neutron_report_interval|int }}
|
||||
root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
|
||||
root_helper = sudo {{ neutron_bin }}/neutron-rootwrap /etc/neutron/rootwrap.conf
|
||||
|
||||
# Messaging service
|
||||
[oslo_messaging_rabbit]
|
||||
|
||||
@ -30,7 +30,7 @@ network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }}
|
||||
|
||||
# ML2 VXLAN networks
|
||||
[ml2_type_vxlan]
|
||||
vxlan_group = {{ neutron_vxlan_group|default('') }}
|
||||
vxlan_group = {{ neutron_vxlan_group }}
|
||||
vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }}
|
||||
|
||||
{% endif %}
|
||||
@ -41,23 +41,13 @@ vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }}
|
||||
# Linux bridge agent VXLAN networks
|
||||
[vxlan]
|
||||
|
||||
{% if neutron_overlay_network %}
|
||||
{% if neutron_vxlan_enabled | bool %}
|
||||
|
||||
enable_vxlan = True
|
||||
vxlan_group = {{ neutron_vxlan_group|default('') }}
|
||||
vxlan_group = {{ neutron_vxlan_group }}
|
||||
|
||||
{% if (is_metal == true or is_metal == "True") and neutron_overlay_network.bridge is defined %}
|
||||
{% set on_metal_tunnel_bridge = 'ansible_' + neutron_overlay_network.bridge|replace('-', '_') %}
|
||||
|
||||
# VXLAN local tunnel endpoint (bare metal)
|
||||
local_ip = {{ hostvars[inventory_hostname][on_metal_tunnel_bridge]['ipv4']['address'] }}
|
||||
|
||||
{% else %}
|
||||
|
||||
# VXLAN local tunnel endpoint (container)
|
||||
local_ip = {{ neutron_overlay_network.address }}
|
||||
|
||||
{% endif %}
|
||||
# VXLAN local tunnel endpoint
|
||||
local_ip = {{ neutron_local_ip }}
|
||||
|
||||
l2_population = {{ neutron_l2_population }}
|
||||
|
||||
|
||||
@ -40,7 +40,7 @@ metadata_mode = local
|
||||
# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
|
||||
# root filter facility.
|
||||
# Change to "sudo" to skip the filtering and just run the comand directly
|
||||
root_helper_name = /usr/bin/neutron-rootwrap
|
||||
root_helper_name = {{ neutron_bin }}/neutron-rootwrap
|
||||
|
||||
[keystone_authtoken]
|
||||
admin_user = {{ neutron_service_user_name }}
|
||||
|
||||
@ -10,7 +10,7 @@ filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap
|
||||
# explicitely specify a full path (separated by ',')
|
||||
# If not specified, defaults to system PATH environment variable.
|
||||
# These directories MUST all be only writeable by root !
|
||||
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
|
||||
exec_dirs={{ neutron_bin }},/sbin,/usr/sbin,/bin,/usr/bin
|
||||
|
||||
# Enable logging to syslog
|
||||
# Default value is False
|
||||
|
||||
@ -25,7 +25,8 @@ dhcp_release: CommandFilter, dhcp_release, root
|
||||
metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
|
||||
# If installed from source (say, by devstack), the prefix will be
|
||||
# /usr/local instead of /usr/bin.
|
||||
metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root
|
||||
|
||||
metadata_proxy_local: CommandFilter, {{ neutron_bin }}/neutron-ns-metadata-proxy, root
|
||||
# RHEL invocation of the metadata proxy will report /usr/bin/python
|
||||
kill_metadata: KillFilter, root, python, -9
|
||||
kill_metadata7: KillFilter, root, python2.7, -9
|
||||
@ -20,7 +20,8 @@ radvd: CommandFilter, radvd, root
|
||||
metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
|
||||
# If installed from source (say, by devstack), the prefix will be
|
||||
# /usr/local instead of /usr/bin.
|
||||
metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root
|
||||
|
||||
metadata_proxy_local: CommandFilter, {{ neutron_bin }}/neutron-ns-metadata-proxy, root
|
||||
# RHEL invocation of the metadata proxy will report /usr/bin/python
|
||||
kill_metadata: KillFilter, root, python, -9
|
||||
kill_metadata7: KillFilter, root, python2.7, -9
|
||||
@ -1,4 +1,6 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
# Defaults:{{ neutron_system_user_name }}!requiretty
|
||||
{{ neutron_system_user_name }} ALL = (root) NOPASSWD: /usr/local/bin/{{ neutron_service_name }}-rootwrap
|
||||
Defaults:{{ neutron_system_user_name }} !requiretty
|
||||
Defaults:{{ neutron_system_user_name }} secure_path="{{ neutron_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
|
||||
{{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/{{ neutron_service_name }}-rootwrap
|
||||
|
||||
Loading…
Reference in New Issue
Block a user