Browse Source
This change renames everything to Neutron while providing backwards compatible adjustments for Grizzly configuration files. implements blueprint: remove-use-of-quantum Change-Id: Ie7d07ba7c89857e13d4ddc8f0e9b68de020a3d19changes/05/189505/1
1159 changed files with 110133 additions and 109654 deletions
@ -1,4 +1,4 @@
|
||||
[DEFAULT] |
||||
test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 ${PYTHON:-python} -m subunit.run discover -t ./ quantum/tests/unit $LISTOPT $IDOPTION |
||||
test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 ${PYTHON:-python} -m subunit.run discover -t ./ neutron/tests/unit $LISTOPT $IDOPTION |
||||
test_id_option=--load-list $IDFILE |
||||
test_list_option=--list |
||||
|
@ -1,25 +1,25 @@
|
||||
# -- Welcome! |
||||
|
||||
You have come across a cloud computing network fabric controller. It has |
||||
identified itself as "Quantum." It aims to tame your (cloud) networking! |
||||
identified itself as "Neutron." It aims to tame your (cloud) networking! |
||||
|
||||
# -- External Resources: |
||||
|
||||
The homepage for Quantum is: http://launchpad.net/quantum . Use this |
||||
The homepage for Neutron is: http://launchpad.net/neutron . Use this |
||||
site for asking for help, and filing bugs. Code is available on github at |
||||
<http://github.com/openstack/quantum>. |
||||
<http://github.com/openstack/neutron>. |
||||
|
||||
The latest and most in-depth documentation on how to use Quantum is |
||||
The latest and most in-depth documentation on how to use Neutron is |
||||
available at: <http://docs.openstack.org>. This includes: |
||||
|
||||
Quantum Administrator Guide |
||||
Neutron Administrator Guide |
||||
http://docs.openstack.org/trunk/openstack-network/admin/content/ |
||||
|
||||
Quantum API Reference: |
||||
Neutron API Reference: |
||||
http://docs.openstack.org/api/openstack-network/2.0/content/ |
||||
|
||||
The start of some developer documentation is available at: |
||||
http://wiki.openstack.org/QuantumDevelopment |
||||
http://wiki.openstack.org/NeutronDevelopment |
||||
|
||||
For help using or hacking on Quantum, you can send mail to |
||||
For help using or hacking on Neutron, you can send mail to |
||||
<mailto:openstack-dev@lists.openstack.org>. |
||||
|
@ -0,0 +1,20 @@
|
||||
#!/usr/bin/env python |
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
||||
|
||||
# Copyright (c) 2012 OpenStack Foundation. |
||||
# All Rights Reserved. |
||||
# |
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may |
||||
# not use this file except in compliance with the License. You may obtain |
||||
# a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
||||
# License for the specific language governing permissions and limitations |
||||
# under the License. |
||||
|
||||
from neutron.agent.linux import dhcp |
||||
dhcp.Dnsmasq.lease_update() |
@ -0,0 +1,133 @@
|
||||
#!/usr/bin/env python |
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
||||
|
||||
# Copyright (c) 2012 OpenStack Foundation. |
||||
# All Rights Reserved. |
||||
# |
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may |
||||
# not use this file except in compliance with the License. You may obtain |
||||
# a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
||||
# License for the specific language governing permissions and limitations |
||||
# under the License. |
||||
|
||||
"""Root wrapper for Neutron |
||||
|
||||
Filters which commands neutron is allowed to run as another user. |
||||
|
||||
To use this, you should set the following in neutron.conf and the |
||||
various .ini files for the agent plugins: |
||||
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf |
||||
|
||||
You also need to let the neutron user run neutron-rootwrap as root in |
||||
/etc/sudoers: |
||||
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap |
||||
/etc/neutron/rootwrap.conf * |
||||
|
||||
Filter specs live in /etc/neutron/rootwrap.d/*.filters, or |
||||
other locations pointed to by /etc/neutron/rootwrap.conf. |
||||
To make allowed commands node-specific, your packaging should only |
||||
install apropriate .filters for commands which are needed on each |
||||
node. |
||||
""" |
||||
|
||||
from __future__ import print_function |
||||
|
||||
import ConfigParser |
||||
import logging |
||||
import os |
||||
import pwd |
||||
import signal |
||||
import subprocess |
||||
import sys |
||||
|
||||
|
||||
RC_UNAUTHORIZED = 99 |
||||
RC_NOCOMMAND = 98 |
||||
RC_BADCONFIG = 97 |
||||
RC_NOEXECFOUND = 96 |
||||
|
||||
|
||||
def _subprocess_setup(): |
||||
# Python installs a SIGPIPE handler by default. This is usually not what |
||||
# non-Python subprocesses expect. |
||||
signal.signal(signal.SIGPIPE, signal.SIG_DFL) |
||||
|
||||
|
||||
def _exit_error(execname, message, errorcode, log=True): |
||||
print("%s: %s" % (execname, message)) |
||||
if log: |
||||
logging.error(message) |
||||
sys.exit(errorcode) |
||||
|
||||
|
||||
if __name__ == '__main__': |
||||
# Split arguments, require at least a command |
||||
execname = sys.argv.pop(0) |
||||
if len(sys.argv) < 2: |
||||
_exit_error(execname, "No command specified", RC_NOCOMMAND, log=False) |
||||
|
||||
configfile = sys.argv.pop(0) |
||||
userargs = sys.argv[:] |
||||
|
||||
# Add ../ to sys.path to allow running from branch |
||||
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(execname), |
||||
os.pardir, os.pardir)) |
||||
if os.path.exists(os.path.join(possible_topdir, "neutron", "__init__.py")): |
||||
sys.path.insert(0, possible_topdir) |
||||
|
||||
from neutron.rootwrap import wrapper |
||||
|
||||
# Load configuration |
||||
try: |
||||
rawconfig = ConfigParser.RawConfigParser() |
||||
rawconfig.read(configfile) |
||||
config = wrapper.RootwrapConfig(rawconfig) |
||||
except ValueError as exc: |
||||
msg = "Incorrect value in %s: %s" % (configfile, exc.message) |
||||
_exit_error(execname, msg, RC_BADCONFIG, log=False) |
||||
except ConfigParser.Error: |
||||
_exit_error(execname, "Incorrect configuration file: %s" % configfile, |
||||
RC_BADCONFIG, log=False) |
||||
|
||||
if config.use_syslog: |
||||
wrapper.setup_syslog(execname, |
||||
config.syslog_log_facility, |
||||
config.syslog_log_level) |
||||
|
||||
# Execute command if it matches any of the loaded filters |
||||
filters = wrapper.load_filters(config.filters_path) |
||||
try: |
||||
filtermatch = wrapper.match_filter(filters, userargs, |
||||
exec_dirs=config.exec_dirs) |
||||
if filtermatch: |
||||
command = filtermatch.get_command(userargs, |
||||
exec_dirs=config.exec_dirs) |
||||
if config.use_syslog: |
||||
logging.info("(%s > %s) Executing %s (filter match = %s)" % ( |
||||
os.getlogin(), pwd.getpwuid(os.getuid())[0], |
||||
command, filtermatch.name)) |
||||
|
||||
obj = subprocess.Popen(command, |
||||
stdin=sys.stdin, |
||||
stdout=sys.stdout, |
||||
stderr=sys.stderr, |
||||
preexec_fn=_subprocess_setup, |
||||
env=filtermatch.get_environment(userargs)) |
||||
obj.wait() |
||||
sys.exit(obj.returncode) |
||||
|
||||
except wrapper.FilterMatchNotExecutable as exc: |
||||
msg = ("Executable not found: %s (filter match = %s)" |
||||
% (exc.match.exec_path, exc.match.name)) |
||||
_exit_error(execname, msg, RC_NOEXECFOUND, log=config.use_syslog) |
||||
|
||||
except wrapper.NoFilterMatched: |
||||
msg = ("Unauthorized command: %s (no filter matched)" |
||||
% ' '.join(userargs)) |
||||
_exit_error(execname, msg, RC_UNAUTHORIZED, log=config.use_syslog) |
@ -1,7 +1,7 @@
|
||||
Plugin API |
||||
========== |
||||
|
||||
.. automodule:: quantum.quantum_plugin_base_v2 |
||||
.. automodule:: neutron.neutron_plugin_base_v2 |
||||
|
||||
.. autoclass:: QuantumPluginBaseV2 |
||||
.. autoclass:: NeutronPluginBaseV2 |
||||
:members: |
||||
|
@ -0,0 +1,75 @@
|
||||
============== |
||||
neutron-server |
||||
============== |
||||
|
||||
-------------- |
||||
Neutron Server |
||||
-------------- |
||||
|
||||
:Author: openstack@lists.launchpad.net |
||||
:Date: 2012-04-05 |
||||
:Copyright: OpenStack Foundation |
||||
:Version: 2012.1 |
||||
:Manual section: 1 |
||||
:Manual group: cloud computing |
||||
|
||||
SYNOPSIS |
||||
======== |
||||
|
||||
neutron-server [options] |
||||
|
||||
DESCRIPTION |
||||
=========== |
||||
|
||||
neutron-server provides a webserver that exposes the Neutron API, and |
||||
passes all webservice calls to the Neutron plugin for processing. |
||||
|
||||
OPTIONS |
||||
======= |
||||
|
||||
--version show program's version number and exit |
||||
-h, --help show this help message and exit |
||||
-v, --verbose Print more verbose output |
||||
-d, --debug Print debugging output |
||||
--config-file=PATH Path to the config file to use, for example, |
||||
/etc/neutron/neutron.conf. When not specified |
||||
(the default), we generally look at the first argument |
||||
specified to be a config file, and if that is also |
||||
missing, we search standard directories for a config |
||||
file. (/etc/neutron/, |
||||
/usr/lib/pythonX/site-packages/neutron/) |
||||
|
||||
Logging Options: |
||||
The following configuration options are specific to logging |
||||
functionality for this program. |
||||
|
||||
--log-config=PATH If this option is specified, the logging configuration |
||||
file specified is used and overrides any other logging |
||||
options specified. Please see the Python logging |
||||
module documentation for details on logging |
||||
configuration files. |
||||
--log-date-format=FORMAT |
||||
Format string for %(asctime)s in log records. Default: |
||||
%Y-%m-%d %H:%M:%S |
||||
--use-syslog Output logs to syslog. |
||||
--log-file=PATH (Optional) Name of log file to output to. If not set, |
||||
logging will go to stdout. |
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in (will be |
||||
prepended to --logfile) |
||||
|
||||
FILES |
||||
======== |
||||
|
||||
plugins.ini file contains the plugin information |
||||
neutron.conf file contains configuration information in the form of python-gflags. |
||||
|
||||
SEE ALSO |
||||
======== |
||||
|
||||
* `OpenStack Neutron <http://neutron.openstack.org>`__ |
||||
|
||||
BUGS |
||||
==== |
||||
|
||||
* Neutron is sourced in Launchpad so you can view current bugs at `OpenStack Bugs <https://bugs.launchpad.net/neutron>`__ |
||||
|
@ -1,75 +0,0 @@
|
||||
============== |
||||
quantum-server |
||||
============== |
||||
|
||||
-------------- |
||||
Quantum Server |
||||
-------------- |
||||
|
||||
:Author: openstack@lists.launchpad.net |
||||
:Date: 2012-04-05 |
||||
:Copyright: OpenStack Foundation |
||||
:Version: 2012.1 |
||||
:Manual section: 1 |
||||
:Manual group: cloud computing |
||||
|
||||
SYNOPSIS |
||||
======== |
||||
|
||||
quantum-server [options] |
||||
|
||||
DESCRIPTION |
||||
=========== |
||||
|
||||
quantum-server provides a webserver that exposes the Quantum API, and |
||||
passes all webservice calls to the Quantum plugin for processing. |
||||
|
||||
OPTIONS |
||||
======= |
||||
|
||||
--version show program's version number and exit |
||||
-h, --help show this help message and exit |
||||
-v, --verbose Print more verbose output |
||||
-d, --debug Print debugging output |
||||
--config-file=PATH Path to the config file to use, for example, |
||||
/etc/quantum/quantum.conf. When not specified |
||||
(the default), we generally look at the first argument |
||||
specified to be a config file, and if that is also |
||||
missing, we search standard directories for a config |
||||
file. (/etc/quantum/, |
||||
/usr/lib/pythonX/site-packages/quantum/) |
||||
|
||||
Logging Options: |
||||
The following configuration options are specific to logging |
||||
functionality for this program. |
||||
|
||||
--log-config=PATH If this option is specified, the logging configuration |
||||
file specified is used and overrides any other logging |
||||
options specified. Please see the Python logging |
||||
module documentation for details on logging |
||||
configuration files. |
||||
--log-date-format=FORMAT |
||||
Format string for %(asctime)s in log records. Default: |
||||
%Y-%m-%d %H:%M:%S |
||||
--use-syslog Output logs to syslog. |
||||
--log-file=PATH (Optional) Name of log file to output to. If not set, |
||||
logging will go to stdout. |
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in (will be |
||||
prepended to --logfile) |
||||
|
||||
FILES |
||||
======== |
||||
|
||||
plugins.ini file contains the plugin information |
||||
quantum.conf file contains configuration information in the form of python-gflags. |
||||
|
||||
SEE ALSO |
||||
======== |
||||
|
||||
* `OpenStack Quantum <http://quantum.openstack.org>`__ |
||||
|
||||
BUGS |
||||
==== |
||||
|
||||
* Quantum is sourced in Launchpad so you can view current bugs at `OpenStack Bugs <https://bugs.launchpad.net/quantum>`__ |
||||
|
@ -1,24 +1,24 @@
|
||||
[composite:quantum] |
||||
[composite:neutron] |
||||
use = egg:Paste#urlmap |
||||
/: quantumversions |
||||
/v2.0: quantumapi_v2_0 |
||||
/: neutronversions |
||||
/v2.0: neutronapi_v2_0 |
||||
|
||||
[composite:quantumapi_v2_0] |
||||
use = call:quantum.auth:pipeline_factory |
||||
noauth = extensions quantumapiapp_v2_0 |
||||
keystone = authtoken keystonecontext extensions quantumapiapp_v2_0 |
||||
[composite:neutronapi_v2_0] |
||||
use = call:neutron.auth:pipeline_factory |
||||
noauth = extensions neutronapiapp_v2_0 |
||||
keystone = authtoken keystonecontext extensions neutronapiapp_v2_0 |
||||
|
||||
[filter:keystonecontext] |
||||
paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory |
||||
paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory |
||||
|
||||
[filter:authtoken] |
||||
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory |
||||
|
||||
[filter:extensions] |
||||
paste.filter_factory = quantum.api.extensions:plugin_aware_extension_middleware_factory |
||||
paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory |
||||
|
||||
[app:quantumversions] |
||||
paste.app_factory = quantum.api.versions:Versions.factory |
||||
[app:neutronversions] |
||||
paste.app_factory = neutron.api.versions:Versions.factory |
||||
|
||||
[app:quantumapiapp_v2_0] |
||||
paste.app_factory = quantum.api.v2.router:APIRouter.factory |
||||
[app:neutronapiapp_v2_0] |
||||
paste.app_factory = neutron.api.v2.router:APIRouter.factory |
||||
|
@ -0,0 +1,14 @@
|
||||
# neutron-rootwrap command filters for nodes on which neutron is |
||||
# expected to control network |
||||
# |
||||
# This file should be owned by (and only-writeable by) the root user |
||||
|
||||
# format seems to be |
||||
# cmd-name: filter-name, raw-command, user, args |
||||
|
||||
[Filters] |
||||
|
||||
# This is needed because we should ping |
||||
# from inside a namespace which requires root |
||||
ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+ |
||||
ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+ |
@ -0,0 +1,40 @@
|
||||
# neutron-rootwrap command filters for nodes on which neutron is |
||||
# expected to control network |
||||
# |
||||
# This file should be owned by (and only-writeable by) the root user |
||||
|
||||
# format seems to be |
||||
# cmd-name: filter-name, raw-command, user, args |
||||
|
||||
[Filters] |
||||
|
||||
# dhcp-agent |
||||
ip_exec_dnsmasq: DnsmasqNetnsFilter, ip, root |
||||
dnsmasq: DnsmasqFilter, /sbin/dnsmasq, root |
||||
dnsmasq_usr: DnsmasqFilter, /usr/sbin/dnsmasq, root |
||||
# dhcp-agent uses kill as well, that's handled by the generic KillFilter |
||||
# it looks like these are the only signals needed, per |
||||
# neutron/agent/linux/dhcp.py |
||||
kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP |
||||
kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP |
||||
|
||||
# dhcp-agent uses cat |
||||
cat: RegExpFilter, cat, root, cat, /proc/\d+/cmdline |
||||
ovs-vsctl: CommandFilter, ovs-vsctl, root |
||||
ivs-ctl: CommandFilter, ivs-ctl, root |
||||
|
||||
# metadata proxy |
||||
metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root |
||||
metadata_proxy_quantum: CommandFilter, quantum-ns-metadata-proxy, root |
||||
# If installed from source (say, by devstack), the prefix will be |
||||
# /usr/local instead of /usr/bin. |
||||
metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root |
||||
metadata_proxy_local_quantum: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root |
||||
# RHEL invocation of the metadata proxy will report /usr/bin/python |
||||
kill_metadata: KillFilter, root, /usr/bin/python, -9 |
||||
kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9 |
||||
kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9 |
||||
|
||||
# ip_lib |
||||
ip: IpFilter, ip, root |
||||
ip_exec: IpNetnsExecFilter, ip, root |
@ -0,0 +1,21 @@
|
||||
# neutron-rootwrap command filters for nodes on which neutron is |
||||
# expected to control network |
||||
# |
||||
# This file should be owned by (and only-writeable by) the root user |
||||
|
||||
# format seems to be |
||||
# cmd-name: filter-name, raw-command, user, args |
||||
|
||||
[Filters] |
||||
|
||||
# neutron/agent/linux/iptables_manager.py |
||||
# "iptables-save", ... |
||||
iptables-save: CommandFilter, iptables-save, root |
||||
iptables-restore: CommandFilter, iptables-restore, root |
||||
ip6tables-save: CommandFilter, ip6tables-save, root |
||||
ip6tables-restore: CommandFilter, ip6tables-restore, root |
||||
|
||||
# neutron/agent/linux/iptables_manager.py |
||||
# "iptables", "-A", ... |
||||
iptables: CommandFilter, iptables, root |
||||
ip6tables: CommandFilter, ip6tables, root |
@ -0,0 +1,41 @@
|
||||
# neutron-rootwrap command filters for nodes on which neutron is |
||||
# expected to control network |
||||
# |
||||
# This file should be owned by (and only-writeable by) the root user |
||||
|
||||
# format seems to be |
||||
# cmd-name: filter-name, raw-command, user, args |
||||
|
||||
[Filters] |
||||
|
||||
# arping |
||||
arping: CommandFilter, arping, root |
||||
|
||||
# l3_agent |
||||
sysctl: CommandFilter, sysctl, root |
||||
route: CommandFilter, route, root |
||||
|
||||
# metadata proxy |
||||
metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root |
||||
metadata_proxy_quantum: CommandFilter, quantum-ns-metadata-proxy, root |
||||
# If installed from source (say, by devstack), the prefix will be |
||||
# /usr/local instead of /usr/bin. |
||||
metadata_proxy_local: CommandFilter, /usr/local/bin/neuton-ns-metadata-proxy, root |
||||
metadata_proxy_local_quantum: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root |
||||
# RHEL invocation of the metadata proxy will report /usr/bin/python |
||||
kill_metadata: KillFilter, root, /usr/bin/python, -9 |
||||
kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9 |
||||
kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9 |
||||
|
||||
# ip_lib |
||||
ip: IpFilter, ip, root |
||||
ip_exec: IpNetnsExecFilter, ip, root |
||||
|
||||
# ovs_lib (if OVSInterfaceDriver is used) |
||||
ovs-vsctl: CommandFilter, ovs-vsctl, root |
||||
|
||||
# iptables_manager |
||||
iptables-save: CommandFilter, iptables-save, root |
||||
iptables-restore: CommandFilter, iptables-restore, root |
||||
ip6tables-save: CommandFilter, ip6tables-save, root |
||||
ip6tables-restore: CommandFilter, ip6tables-restore, root |
@ -0,0 +1,24 @@
|
||||
# neuton-rootwrap command filters for nodes on which neuton is |
||||
# expected to control network |
||||
# |
||||
# This file should be owned by (and only-writeable by) the root user |
||||
|
||||
# format seems to be |
||||
# cmd-name: filter-name, raw-command, user, args |
||||
|
||||
[Filters] |
||||
|
||||
# haproxy |
||||
haproxy: CommandFilter, haproxy, root |
||||
|
||||
# lbaas-agent uses kill as well, that's handled by the generic KillFilter |
||||
kill_haproxy_usr: KillFilter, root, /usr/sbin/haproxy, -9, -HUP |
||||
|
||||
# lbaas-agent uses cat |
||||
cat: RegExpFilter, cat, root, cat, /proc/\d+/cmdline |
||||
|
||||
ovs-vsctl: CommandFilter, ovs-vsctl, root |
||||
|
||||
# ip_lib |
||||
ip: IpFilter, ip, root |
||||
ip_exec: IpNetnsExecFilter, ip, root |