Rename Quantum to Neutron

This change renames everything to Neutron while providing backwards
compatible adjustments for Grizzly configuration files.

implements blueprint: remove-use-of-quantum

Change-Id: Ie7d07ba7c89857e13d4ddc8f0e9b68de020a3d19

.bzrignore

@@ -3,10 +3,15 @@ quantum.egg-info
 quantum_tests.sqlite
 quantum.sqlite
 *.quantum-venv
+neutron.egg-info
+neutron_tests.sqlite
+neutron.sqlite
+*.neutron-venv
 .venv
 dist/
 ChangeLog
 *.pid
 *.log
+neutron/vcsversion.py
 quantum/vcsversion.py
 .ropeproject

.gitignore

@@ -8,6 +8,9 @@ dist/
 doc/build
 *.DS_Store
 *.pyc
+neutron.egg-info/
+neutron/vcsversion.py
+neutron/versioninfo
 quantum.egg-info/
 quantum/vcsversion.py
 quantum/versioninfo

.pylintrc

@@ -23,7 +23,8 @@ argument-rgx=[a-z_][a-z0-9_]{1,30}$
 # and be lowecased with underscores
 method-rgx=([a-z_][a-z0-9_]{2,50}|setUp|tearDown)$
 
-# Module names matching quantum-* are ok (files in bin/)
+# Module names matching neutron-* are ok (files in bin/)
+module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|(neutron-[a-z0-9_-]+))$
 module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|(quantum-[a-z0-9_-]+))$
 
 # Don't require docstrings on tests.

.testr.conf

@@ -1,4 +1,4 @@
 [DEFAULT]
-test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 ${PYTHON:-python} -m subunit.run discover -t ./ quantum/tests/unit $LISTOPT $IDOPTION
+test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 ${PYTHON:-python} -m subunit.run discover -t ./ neutron/tests/unit $LISTOPT $IDOPTION
 test_id_option=--load-list $IDFILE
 test_list_option=--list

HACKING.rst

@@ -1,4 +1,4 @@
-Quantum Style Commandments
+Neutron Style Commandments
 ==========================
 
 - Step 1: Read http://www.python.org/dev/peps/pep-0008/
@@ -35,13 +35,13 @@ Example::
 
   The following imports,
 
-  from quantum.api import networks
-  from quantum import wsgi
+  from neutron.api import networks
+  from neutron import wsgi
 
   are considered equivalent for ordering purposes to
 
-  import quantum.api.networks
-  import quantum.wsgi
+  import neutron.api.networks
+  import neutron.wsgi
 
 - Organize your imports according to the following template
 
@@ -52,7 +52,7 @@ Example::
   \n
   {{third-party lib imports in human alphabetical order}}
   \n
-  {{quantum imports in human alphabetical order}}
+  {{neutron imports in human alphabetical order}}
   \n
   \n
   {{begin your code}}
@@ -71,13 +71,13 @@ Example::
   import testtools
   import webob.exc
 
-  import quantum.api.networks
-  from quantum.api import ports
-  from quantum.db import models
-  from quantum.extensions import multiport
-  from quantum.openstack.common import log as logging
-  import quantum.manager
-  from quantum import service
+  import neutron.api.networks
+  from neutron.api import ports
+  from neutron.db import models
+  from neutron.extensions import multiport
+  from neutron.openstack.common import log as logging
+  import neutron.manager
+  from neutron import service
 
 
 Docstrings
@@ -202,8 +202,8 @@ submitted bug fix does have a unit test, be sure to add a new one that fails
 without the patch and passes with the patch.
 
 All unittest classes must ultimately inherit from testtools.TestCase. In the
-Quantum test suite, this should be done by inheriting from
-quantum.tests.base.BaseTestCase.
+Neutron test suite, this should be done by inheriting from
+neutron.tests.base.BaseTestCase.
 
 All setUp and tearDown methods must upcall using the super() method.
 tearDown methods should be avoided and addCleanup calls should be preferred.

MANIFEST.in

@@ -2,11 +2,11 @@ include AUTHORS
 include README.rst
 include ChangeLog
 include LICENSE
-include quantum/db/migration/README
-include quantum/db/migration/alembic.ini
-include quantum/db/migration/alembic_migrations/script.py.mako
-include quantum/db/migration/alembic_migrations/versions/README
-recursive-include quantum/locale *
+include neutron/db/migration/README
+include neutron/db/migration/alembic.ini
+include neutron/db/migration/alembic_migrations/script.py.mako
+include neutron/db/migration/alembic_migrations/versions/README
+recursive-include neutron/locale *
 
 exclude .gitignore
 exclude .gitreview

README.rst

@@ -1,25 +1,25 @@
 # -- Welcome!
 
   You have come across a cloud computing network fabric controller.  It has
-  identified itself as "Quantum."  It aims to tame your (cloud) networking!
+  identified itself as "Neutron."  It aims to tame your (cloud) networking!
 
 # -- External Resources:
 
- The homepage for Quantum is: http://launchpad.net/quantum .  Use this
+ The homepage for Neutron is: http://launchpad.net/neutron .  Use this
  site for asking for help, and filing bugs. Code is available on github at
- <http://github.com/openstack/quantum>.
+ <http://github.com/openstack/neutron>.
 
- The latest and most in-depth documentation on how to use Quantum is
+ The latest and most in-depth documentation on how to use Neutron is
  available at: <http://docs.openstack.org>.  This includes:
 
- Quantum Administrator Guide
+ Neutron Administrator Guide
  http://docs.openstack.org/trunk/openstack-network/admin/content/
 
- Quantum API Reference:
+ Neutron API Reference:
  http://docs.openstack.org/api/openstack-network/2.0/content/
 
  The start of some developer documentation is available at:
- http://wiki.openstack.org/QuantumDevelopment
+ http://wiki.openstack.org/NeutronDevelopment
 
- For help using or hacking on Quantum, you can send mail to
+ For help using or hacking on Neutron, you can send mail to
  <mailto:openstack-dev@lists.openstack.org>.

TESTING

@@ -1,11 +1,11 @@
-Testing Quantum
+Testing Neutron
 =============================================================
 
 Overview
 
     The unit tests are meant to cover as much code as possible and should
     be executed without the service running. They are designed to test
-    the various pieces of the quantum tree to make sure any new changes
+    the various pieces of the neutron tree to make sure any new changes
     don't break existing functionality.
 
 Running tests
@@ -30,17 +30,17 @@ Running individual tests
     class separating it from the module path with a colon.
 
     For example, the following would run only the JSONV2TestCase tests from
-    quantum/tests/unit/test_api_v2.py:
+    neutron/tests/unit/test_api_v2.py:
 
-      $ ./run_tests.sh quantum.tests.unit.test_api_v2:JSONV2TestCase
+      $ ./run_tests.sh neutron.tests.unit.test_api_v2:JSONV2TestCase
 
     or
 
-      $ ./tox quantum.tests.unit.test_api_v2:JSONV2TestCase
+      $ ./tox neutron.tests.unit.test_api_v2:JSONV2TestCase
 
 Adding more tests
 
-    Quantum has a fast growing code base and there is plenty of areas that
+    Neutron has a fast growing code base and there is plenty of areas that
     need to be covered by unit tests.
 
     To get a grasp of the areas where unit tests are needed, you can check

bin/neutron-dhcp-agent-dnsmasq-lease-update

@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 OpenStack Foundation.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron.agent.linux import dhcp
+dhcp.Dnsmasq.lease_update()

bin/neutron-rootwrap

@@ -0,0 +1,133 @@
+#!/usr/bin/env python
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 OpenStack Foundation.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""Root wrapper for Neutron
+
+   Filters which commands neutron is allowed to run as another user.
+
+   To use this, you should set the following in neutron.conf and the
+   various .ini files for the agent plugins:
+   root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
+
+   You also need to let the neutron user run neutron-rootwrap as root in
+     /etc/sudoers:
+   neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap
+                                  /etc/neutron/rootwrap.conf *
+
+   Filter specs live in /etc/neutron/rootwrap.d/*.filters, or
+   other locations pointed to by /etc/neutron/rootwrap.conf.
+   To make allowed commands node-specific, your packaging should only
+   install apropriate .filters for commands which are needed on each
+   node.
+"""
+
+from __future__ import print_function
+
+import ConfigParser
+import logging
+import os
+import pwd
+import signal
+import subprocess
+import sys
+
+
+RC_UNAUTHORIZED = 99
+RC_NOCOMMAND = 98
+RC_BADCONFIG = 97
+RC_NOEXECFOUND = 96
+
+
+def _subprocess_setup():
+    # Python installs a SIGPIPE handler by default. This is usually not what
+    # non-Python subprocesses expect.
+    signal.signal(signal.SIGPIPE, signal.SIG_DFL)
+
+
+def _exit_error(execname, message, errorcode, log=True):
+    print("%s: %s" % (execname, message))
+    if log:
+        logging.error(message)
+    sys.exit(errorcode)
+
+
+if __name__ == '__main__':
+    # Split arguments, require at least a command
+    execname = sys.argv.pop(0)
+    if len(sys.argv) < 2:
+        _exit_error(execname, "No command specified", RC_NOCOMMAND, log=False)
+
+    configfile = sys.argv.pop(0)
+    userargs = sys.argv[:]
+
+    # Add ../ to sys.path to allow running from branch
+    possible_topdir = os.path.normpath(os.path.join(os.path.abspath(execname),
+                                                    os.pardir, os.pardir))
+    if os.path.exists(os.path.join(possible_topdir, "neutron", "__init__.py")):
+        sys.path.insert(0, possible_topdir)
+
+    from neutron.rootwrap import wrapper
+
+    # Load configuration
+    try:
+        rawconfig = ConfigParser.RawConfigParser()
+        rawconfig.read(configfile)
+        config = wrapper.RootwrapConfig(rawconfig)
+    except ValueError as exc:
+        msg = "Incorrect value in %s: %s" % (configfile, exc.message)
+        _exit_error(execname, msg, RC_BADCONFIG, log=False)
+    except ConfigParser.Error:
+        _exit_error(execname, "Incorrect configuration file: %s" % configfile,
+                    RC_BADCONFIG, log=False)
+
+    if config.use_syslog:
+        wrapper.setup_syslog(execname,
+                             config.syslog_log_facility,
+                             config.syslog_log_level)
+
+    # Execute command if it matches any of the loaded filters
+    filters = wrapper.load_filters(config.filters_path)
+    try:
+        filtermatch = wrapper.match_filter(filters, userargs,
+                                           exec_dirs=config.exec_dirs)
+        if filtermatch:
+            command = filtermatch.get_command(userargs,
+                                              exec_dirs=config.exec_dirs)
+            if config.use_syslog:
+                logging.info("(%s > %s) Executing %s (filter match = %s)" % (
+                    os.getlogin(), pwd.getpwuid(os.getuid())[0],
+                    command, filtermatch.name))
+
+            obj = subprocess.Popen(command,
+                                   stdin=sys.stdin,
+                                   stdout=sys.stdout,
+                                   stderr=sys.stderr,
+                                   preexec_fn=_subprocess_setup,
+                                   env=filtermatch.get_environment(userargs))
+            obj.wait()
+            sys.exit(obj.returncode)
+
+    except wrapper.FilterMatchNotExecutable as exc:
+        msg = ("Executable not found: %s (filter match = %s)"
+               % (exc.match.exec_path, exc.match.name))
+        _exit_error(execname, msg, RC_NOEXECFOUND, log=config.use_syslog)
+
+    except wrapper.NoFilterMatched:
+        msg = ("Unauthorized command: %s (no filter matched)"
+               % ' '.join(userargs))
+        _exit_error(execname, msg, RC_UNAUTHORIZED, log=config.use_syslog)

bin/quantum-check-nvp-config

@@ -23,7 +23,7 @@ import os
 import sys
 sys.path.insert(0, os.getcwd())
 
-from quantum.plugins.nicira.check_nvp_config import main
+from neutron.plugins.nicira.check_nvp_config import main
 
 
 main(sys.argv)

bin/quantum-db-manage

@@ -20,7 +20,7 @@ import os
 import sys
 sys.path.insert(0, os.getcwd())
 
-from quantum.db.migration.cli import main
+from neutron.db.migration.cli import main
 
 
 main()

bin/quantum-debug

@@ -16,5 +16,5 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from quantum.debug.shell import main
+from neutron.debug.shell import main
 main()

bin/quantum-dhcp-agent

@@ -16,5 +16,5 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from quantum.agent.dhcp_agent import main
+from neutron.agent.dhcp_agent import main
 main()

bin/quantum-dhcp-agent-dnsmasq-lease-update

@@ -16,5 +16,5 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from quantum.agent.linux import dhcp
+from neutron.agent.linux import dhcp
 dhcp.Dnsmasq.lease_update()

bin/quantum-hyperv-agent

@@ -20,7 +20,7 @@ import os
 import sys
 sys.path.insert(0, os.getcwd())
 
-from quantum.plugins.hyperv.agent.hyperv_quantum_agent import main
+from neutron.plugins.hyperv.agent.hyperv_neutron_agent import main
 
 
 main()

bin/quantum-l3-agent

@@ -16,5 +16,5 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from quantum.agent.l3_agent import main
+from neutron.agent.l3_agent import main
 main()

bin/quantum-lbaas-agent

@@ -20,7 +20,7 @@ import os
 import sys
 sys.path.insert(0, os.getcwd())
 
-from quantum.services.loadbalancer.drivers.haproxy.agent import main
+from neutron.services.loadbalancer.drivers.haproxy.agent import main
 
 
 main()

bin/quantum-linuxbridge-agent

@@ -19,6 +19,6 @@
 import os
 import sys
 sys.path.insert(0, os.getcwd())
-from quantum.plugins.linuxbridge.agent.linuxbridge_quantum_agent import main
+from neutron.plugins.linuxbridge.agent.linuxbridge_neutron_agent import main
 
 main()

bin/quantum-metadata-agent

@@ -16,5 +16,5 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from quantum.agent.metadata.agent import main
+from neutron.agent.metadata.agent import main
 main()

bin/quantum-mlnx-agent

@@ -19,7 +19,7 @@ import os
 import sys
 sys.path.insert(0, os.getcwd())
 
-from quantum.plugins.mlnx.agent.eswitch_quantum_agent import main
+from neutron.plugins.mlnx.agent.eswitch_neutron_agent import main
 
 
 main()

bin/quantum-nec-agent

@@ -19,6 +19,6 @@
 import os
 import sys
 sys.path.insert(0, os.getcwd())
-from quantum.plugins.nec.agent.nec_quantum_agent import main
+from neutron.plugins.nec.agent.nec_neutron_agent import main
 
 main()

bin/quantum-netns-cleanup

@@ -16,5 +16,5 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from quantum.agent.netns_cleanup_util import main
+from neutron.agent.netns_cleanup_util import main
 main()

bin/quantum-ns-metadata-proxy

@@ -16,5 +16,5 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from quantum.agent.metadata.namespace_proxy import main
+from neutron.agent.metadata.namespace_proxy import main
 main()

bin/quantum-openvswitch-agent

@@ -19,6 +19,6 @@
 import os
 import sys
 sys.path.insert(0, os.getcwd())
-from quantum.plugins.openvswitch.agent.ovs_quantum_agent import main
+from neutron.plugins.openvswitch.agent.ovs_neutron_agent import main
 
 main()

bin/quantum-ovs-cleanup

@@ -20,7 +20,7 @@ import os
 import sys
 sys.path.insert(0, os.getcwd())
 
-from quantum.agent.ovs_cleanup_util import main
+from neutron.agent.ovs_cleanup_util import main
 
 
 main()

bin/quantum-rootwrap

@@ -16,21 +16,21 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-"""Root wrapper for Quantum
+"""Root wrapper for Neutron
 
-   Filters which commands quantum is allowed to run as another user.
+   Filters which commands neutron is allowed to run as another user.
 
-   To use this, you should set the following in quantum.conf and the
+   To use this, you should set the following in neutron.conf and the
    various .ini files for the agent plugins:
-   root_helper=sudo quantum-rootwrap /etc/quantum/rootwrap.conf
+   root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
 
-   You also need to let the quantum user run quantum-rootwrap as root in
+   You also need to let the neutron user run neutron-rootwrap as root in
      /etc/sudoers:
-   quantum ALL = (root) NOPASSWD: /usr/bin/quantum-rootwrap
-                                  /etc/quantum/rootwrap.conf *
+   neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap
+                                  /etc/neutron/rootwrap.conf *
 
-   Filter specs live in /etc/quantum/rootwrap.d/*.filters, or
-   other locations pointed to by /etc/quantum/rootwrap.conf.
+   Filter specs live in /etc/neutron/rootwrap.d/*.filters, or
+   other locations pointed to by /etc/neutron/rootwrap.conf.
    To make allowed commands node-specific, your packaging should only
    install apropriate .filters for commands which are needed on each
    node.
@@ -78,10 +78,10 @@ if __name__ == '__main__':
     # Add ../ to sys.path to allow running from branch
     possible_topdir = os.path.normpath(os.path.join(os.path.abspath(execname),
                                                     os.pardir, os.pardir))
-    if os.path.exists(os.path.join(possible_topdir, "quantum", "__init__.py")):
+    if os.path.exists(os.path.join(possible_topdir, "neutron", "__init__.py")):
         sys.path.insert(0, possible_topdir)
 
-    from quantum.rootwrap import wrapper
+    from neutron.rootwrap import wrapper
 
     # Load configuration
     try:

bin/quantum-rpc-zmq-receiver

@@ -22,19 +22,19 @@ import contextlib
 import os
 import sys
 
-# If ../quantum/__init__.py exists, add ../ to Python search path, so that
+# If ../neutron/__init__.py exists, add ../ to Python search path, so that
 # it will override what happens to be installed in /usr/(local/)lib/python...
 POSSIBLE_TOPDIR = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
                                    os.pardir,
                                    os.pardir))
-if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'quantum', '__init__.py')):
+if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'neutron', '__init__.py')):
     sys.path.insert(0, POSSIBLE_TOPDIR)
 
 from oslo.config import cfg
 
-from quantum.openstack.common import log as logging
-from quantum.openstack.common import rpc
-from quantum.openstack.common.rpc import impl_zmq
+from neutron.openstack.common import log as logging
+from neutron.openstack.common import rpc
+from neutron.openstack.common.rpc import impl_zmq
 
 CONF = cfg.CONF
 CONF.register_opts(rpc.rpc_opts)
@@ -42,8 +42,8 @@ CONF.register_opts(impl_zmq.zmq_opts)
 
 
 def main():
-    CONF(sys.argv[1:], project='quantum')
-    logging.setup("quantum")
+    CONF(sys.argv[1:], project='neutron')
+    logging.setup("neutron")
 
     with contextlib.closing(impl_zmq.ZmqProxy(CONF)) as reactor:
         reactor.consume_in_thread()

bin/quantum-ryu-agent

@@ -19,6 +19,6 @@
 import os
 import sys
 sys.path.insert(0, os.getcwd())
-from quantum.plugins.ryu.agent.ryu_quantum_agent import main
+from neutron.plugins.ryu.agent.ryu_neutron_agent import main
 
 main()

bin/quantum-server

@@ -22,6 +22,6 @@ eventlet.monkey_patch()
 import os
 import sys
 sys.path.insert(0, os.getcwd())
-from quantum.server import main as server
+from neutron.server import main as server
 
 server()

bin/quantum-usage-audit

@@ -23,17 +23,17 @@ subnets.
 
 from oslo.config import cfg
 
-from quantum import context
-from quantum import manager
-from quantum.common import config
-from quantum.openstack.common.notifier import api as notifier_api
+from neutron import context
+from neutron import manager
+from neutron.common import config
+from neutron.openstack.common.notifier import api as notifier_api
 
 if __name__ == '__main__':
-    cfg.CONF(project='quantum')
+    cfg.CONF(project='neutron')
     config.setup_logging(cfg.CONF)
 
     context = context.get_admin_context()
-    plugin = manager.QuantumManager.get_plugin()
+    plugin = manager.NeutronManager.get_plugin()
     for network in plugin.get_networks(context):
         notifier_api.notify(context,
                             notifier_api.publisher_id('network'),

doc/pom.xml

@@ -92,28 +92,28 @@
                             <sectionLabelIncludesComponentLabel>0</sectionLabelIncludesComponentLabel>
                             <postProcess>
                                 <!-- Copies the figures to the correct location for webhelp -->
-                                <copy todir="${basedir}/target/docbkx/webhelp/quantum-api-1.0/figures">
-                                    <fileset dir="${basedir}/source/docbkx/quantum-api-1.0/figures">
+                                <copy todir="${basedir}/target/docbkx/webhelp/neutron-api-1.0/figures">
+                                    <fileset dir="${basedir}/source/docbkx/neutron-api-1.0/figures">
                                         <include name="**/*.png" />
                                     </fileset>
                                 </copy>
                                 
                                 <!-- New stuff -->
                                 <copy
-                                    todir="${basedir}/target/docbkx/webhelp/trunk/developer/quantum-api-1.0">
+                                    todir="${basedir}/target/docbkx/webhelp/trunk/developer/neutron-api-1.0">
                                     <fileset
-                                        dir="${basedir}/target/docbkx/webhelp/quantum-api-1.0/quantum-api-guide/">
+                                        dir="${basedir}/target/docbkx/webhelp/neutron-api-1.0/neutron-api-guide/">
                                         <include name="**/*" />
                                     </fileset>
                                 </copy>
                                 <!--Moves PDFs to the needed placement -->
                                 <move failonerror="false"
-                                    file="${basedir}/target/docbkx/pdf/quantum-api-1.0/quantum-api-guide.pdf"
-                                    tofile="${basedir}/target/docbkx/webhelp/trunk/developer/quantum-api-1.0/quantum-api-guide-trunk.pdf"/>
+                                    file="${basedir}/target/docbkx/pdf/neutron-api-1.0/neutron-api-guide.pdf"
+                                    tofile="${basedir}/target/docbkx/webhelp/trunk/developer/neutron-api-1.0/neutron-api-guide-trunk.pdf"/>
 
                                 <!--Deletes leftover uneeded directories -->
                                 <delete
-                                    dir="${basedir}/target/docbkx/webhelp/quantum-api-1.0"/>
+                                    dir="${basedir}/target/docbkx/webhelp/neutron-api-1.0"/>
                             </postProcess>
                         </configuration>
                     </execution>
@@ -123,7 +123,7 @@
                     <xincludeSupported>true</xincludeSupported>
                     <sourceDirectory>source/docbkx</sourceDirectory>
                     <includes>
-                        quantum-api-1.0/quantum-api-guide.xml
+                        neutron-api-1.0/neutron-api-guide.xml
                     </includes>
                     <profileSecurity>reviewer</profileSecurity>
                     <branding>openstack</branding>

doc/source/conf.py

@@ -34,8 +34,8 @@ import sys
 # add these directories to sys.path here. If the directory is relative to the
 # documentation root, use os.path.abspath to make it absolute, like shown here.
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-QUANTUM_DIR = os.path.abspath(os.path.join(BASE_DIR, "..", ".."))
-sys.path.insert(0, QUANTUM_DIR)
+NEUTRON_DIR = os.path.abspath(os.path.join(BASE_DIR, "..", ".."))
+sys.path.insert(0, NEUTRON_DIR)
 
 # -- General configuration ---------------------------------------------------
 
@@ -68,7 +68,7 @@ source_suffix = '.rst'
 master_doc = 'index'
 
 # General information about the project.
-project = u'Quantum'
+project = u'Neutron'
 copyright = u'2011-present, OpenStack Foundation.'
 
 # The version info for the project you're documenting, acts as replacement for
@@ -76,10 +76,10 @@ copyright = u'2011-present, OpenStack Foundation.'
 # built documents.
 #
 # Version info
-from quantum.version import version_info as quantum_version
-release = quantum_version.release_string()
+from neutron.version import version_info as neutron_version
+release = neutron_version.release_string()
 # The short X.Y version.
-version = quantum_version.version_string()
+version = neutron_version.version_string()
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
@@ -116,7 +116,7 @@ show_authors = True
 pygments_style = 'sphinx'
 
 # A list of ignored prefixes for module index sorting.
-modindex_common_prefix = ['quantum.']
+modindex_common_prefix = ['neutron.']
 
 # -- Options for man page output --------------------------------------------
 
@@ -124,7 +124,7 @@ modindex_common_prefix = ['quantum.']
 # List of tuples 'sourcefile', 'target', u'title', u'Authors name', 'manual'
 
 man_pages = [
-    ('man/quantum-server', 'quantum-server', u'Quantum Server',
+    ('man/neutron-server', 'neutron-server', u'Neutron Server',
      [u'OpenStack'], 1)
 ]
 
@@ -203,7 +203,7 @@ html_last_updated_fmt = os.popen(git_cmd).read()
 #html_file_suffix = ''
 
 # Output file base name for HTML help builder.
-htmlhelp_basename = 'quantumdoc'
+htmlhelp_basename = 'neutrondoc'
 
 
 # -- Options for LaTeX output ------------------------------------------------
@@ -218,8 +218,8 @@ htmlhelp_basename = 'quantumdoc'
 # (source start file, target name, title, author,
 # documentclass [howto/manual]).
 latex_documents = [
-    ('index', 'Quantum.tex', u'Quantum Documentation',
-     u'Quantum development team', 'manual'),
+    ('index', 'Neutron.tex', u'Neutron Documentation',
+     u'Neutron development team', 'manual'),
 ]
 
 # The name of an image file (relative to this directory) to place at the top of

doc/source/devref/common.rst

@@ -19,7 +19,7 @@ Open Stack Common
 =================
 
 A number of modules used are from the openstack-common project.
-The imported files are in 'quantum/openstack-common.conf'.
+The imported files are in 'neutron/openstack-common.conf'.
 More information can be found at `OpenStack Common`_.
 
 .. _`OpenStack Common`: https://launchpad.net/openstack-common

doc/source/devref/index.rst

@@ -18,6 +18,6 @@
 Developer Guide
 ===============
 
-The `Quantum Wiki`_ is a very good place to start.
+The `Neutron Wiki`_ is a very good place to start.
 
-.. _`Quantum wiki`: http://wiki.openstack.org/Quantum
+.. _`Neutron wiki`: http://wiki.openstack.org/Neutron

doc/source/devref/plugin-api.rst

@@ -1,7 +1,7 @@
 Plugin API
 ==========
 
-.. automodule:: quantum.quantum_plugin_base_v2
+.. automodule:: neutron.neutron_plugin_base_v2
 
-.. autoclass:: QuantumPluginBaseV2
+.. autoclass:: NeutronPluginBaseV2
     :members:

doc/source/index.rst

@@ -14,27 +14,27 @@
       License for the specific language governing permissions and limitations
       under the License.
 
-Welcome to Quantum's developer documentation!
+Welcome to Neutron's developer documentation!
 =============================================
 
-Quantum is an OpenStack project to provide "network connectivity as a service"
+Neutron is an OpenStack project to provide "network connectivity as a service"
 between interface devices (e.g., vNICs) managed by other Openstack services
-(e.g., nova). It implements the `Quantum API Guide`_.
+(e.g., nova). It implements the `Neutron API Guide`_.
 
-.. _`Quantum API Guide`: http://docs.openstack.org/incubation/openstack-network/developer/quantum-api-1.0/content/
+.. _`Neutron API Guide`: http://docs.openstack.org/incubation/openstack-network/developer/quantum-api-1.0/content/
 
-This document describes Quantum for contributors of the project, and assumes
-that you are already familiar with Quantum from an `end-user perspective`_.
+This document describes Neutron for contributors of the project, and assumes
+that you are already familiar with Neutron from an `end-user perspective`_.
 
 .. _`end-user perspective`: http://docs.openstack.org/trunk/openstack-network/admin/content/index.html
 
 This documentation is generated by the Sphinx toolkit and lives in the source
-tree.  Additional documentation on Quantum and other components of OpenStack
-can be found on the `OpenStack wiki`_. The `Quantum Development wiki`_ is a very good
+tree.  Additional documentation on Neutron and other components of OpenStack
+can be found on the `OpenStack wiki`_. The `Neutron Development wiki`_ is a very good
 place to start.
 
 .. _`OpenStack wiki`: http://wiki.openstack.org
-.. _`Quantum Development wiki`: http://wiki.openstack.org/QuantumDevelopment
+.. _`Neutron Development wiki`: http://wiki.openstack.org/NeutronDevelopment
 
 Enjoy!
 
@@ -53,4 +53,4 @@ Man Pages
 
 .. toctree::
 
-    man/quantum-server
+    man/neutron-server

doc/source/man/neutron-server.rst

@@ -0,0 +1,75 @@
+==============
+neutron-server
+==============
+
+--------------
+Neutron Server
+--------------
+
+:Author: openstack@lists.launchpad.net
+:Date:   2012-04-05
+:Copyright: OpenStack Foundation
+:Version: 2012.1
+:Manual section: 1
+:Manual group: cloud computing
+
+SYNOPSIS
+========
+
+  neutron-server [options]
+
+DESCRIPTION
+===========
+
+neutron-server provides a webserver that exposes the Neutron API, and
+passes all webservice calls to the Neutron plugin for processing.
+
+OPTIONS
+=======
+
+  --version             show program's version number and exit
+  -h, --help            show this help message and exit
+  -v, --verbose         Print more verbose output
+  -d, --debug           Print debugging output
+  --config-file=PATH    Path to the config file to use, for example,
+                        /etc/neutron/neutron.conf. When not specified
+                        (the default), we generally look at the first argument
+                        specified to be a config file, and if that is also
+                        missing, we search standard directories for a config
+                        file. (/etc/neutron/,
+                        /usr/lib/pythonX/site-packages/neutron/)
+
+  Logging Options:
+    The following configuration options are specific to logging
+    functionality for this program.
+
+    --log-config=PATH   If this option is specified, the logging configuration
+                        file specified is used and overrides any other logging
+                        options specified. Please see the Python logging
+                        module documentation for details on logging
+                        configuration files.
+    --log-date-format=FORMAT
+                        Format string for %(asctime)s in log records. Default:
+                        %Y-%m-%d %H:%M:%S
+    --use-syslog        Output logs to syslog.
+    --log-file=PATH     (Optional) Name of log file to output to. If not set,
+                        logging will go to stdout.
+    --log-dir=LOG_DIR   (Optional) The directory to keep log files in (will be
+                        prepended to --logfile)
+
+FILES
+========
+
+plugins.ini file contains the plugin information
+neutron.conf file contains configuration information in the form of python-gflags.
+
+SEE ALSO
+========
+
+* `OpenStack Neutron <http://neutron.openstack.org>`__
+
+BUGS
+====
+
+* Neutron is sourced in Launchpad so you can view current bugs at `OpenStack Bugs <https://bugs.launchpad.net/neutron>`__
+

doc/source/man/quantum-server.rst

@@ -1,75 +0,0 @@
-==============
-quantum-server
-==============
-
---------------
-Quantum Server
---------------
-
-:Author: openstack@lists.launchpad.net
-:Date:   2012-04-05
-:Copyright: OpenStack Foundation
-:Version: 2012.1
-:Manual section: 1
-:Manual group: cloud computing
-
-SYNOPSIS
-========
-
-  quantum-server [options]
-
-DESCRIPTION
-===========
-
-quantum-server provides a webserver that exposes the Quantum API, and
-passes all webservice calls to the Quantum plugin for processing.
-
-OPTIONS
-=======
-
-  --version             show program's version number and exit
-  -h, --help            show this help message and exit
-  -v, --verbose         Print more verbose output
-  -d, --debug           Print debugging output
-  --config-file=PATH    Path to the config file to use, for example,
-                        /etc/quantum/quantum.conf. When not specified
-                        (the default), we generally look at the first argument
-                        specified to be a config file, and if that is also
-                        missing, we search standard directories for a config
-                        file. (/etc/quantum/,
-                        /usr/lib/pythonX/site-packages/quantum/)
-
-  Logging Options:
-    The following configuration options are specific to logging
-    functionality for this program.
-
-    --log-config=PATH   If this option is specified, the logging configuration
-                        file specified is used and overrides any other logging
-                        options specified. Please see the Python logging
-                        module documentation for details on logging
-                        configuration files.
-    --log-date-format=FORMAT
-                        Format string for %(asctime)s in log records. Default:
-                        %Y-%m-%d %H:%M:%S
-    --use-syslog        Output logs to syslog.
-    --log-file=PATH     (Optional) Name of log file to output to. If not set,
-                        logging will go to stdout.
-    --log-dir=LOG_DIR   (Optional) The directory to keep log files in (will be
-                        prepended to --logfile)
-
-FILES
-========
-
-plugins.ini file contains the plugin information
-quantum.conf file contains configuration information in the form of python-gflags.
-
-SEE ALSO
-========
-
-* `OpenStack Quantum <http://quantum.openstack.org>`__
-
-BUGS
-====
-
-* Quantum is sourced in Launchpad so you can view current bugs at `OpenStack Bugs <https://bugs.launchpad.net/quantum>`__
-

etc/api-paste.ini

@@ -1,24 +1,24 @@
-[composite:quantum]
+[composite:neutron]
 use = egg:Paste#urlmap
-/: quantumversions
-/v2.0: quantumapi_v2_0
+/: neutronversions
+/v2.0: neutronapi_v2_0
 
-[composite:quantumapi_v2_0]
-use = call:quantum.auth:pipeline_factory
-noauth = extensions quantumapiapp_v2_0
-keystone = authtoken keystonecontext extensions quantumapiapp_v2_0
+[composite:neutronapi_v2_0]
+use = call:neutron.auth:pipeline_factory
+noauth = extensions neutronapiapp_v2_0
+keystone = authtoken keystonecontext extensions neutronapiapp_v2_0
 
 [filter:keystonecontext]
-paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory
+paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
 
 [filter:authtoken]
 paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
 
 [filter:extensions]
-paste.filter_factory = quantum.api.extensions:plugin_aware_extension_middleware_factory
+paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory
 
-[app:quantumversions]
-paste.app_factory = quantum.api.versions:Versions.factory
+[app:neutronversions]
+paste.app_factory = neutron.api.versions:Versions.factory
 
-[app:quantumapiapp_v2_0]
-paste.app_factory = quantum.api.v2.router:APIRouter.factory
+[app:neutronapiapp_v2_0]
+paste.app_factory = neutron.api.v2.router:APIRouter.factory

etc/dhcp_agent.ini

@@ -2,7 +2,7 @@
 # Show debugging output in log (sets DEBUG log level output)
 # debug = true
 
-# The DHCP agent will resync its state with Quantum to recover from any
+# The DHCP agent will resync its state with Neutron to recover from any
 # transient notification or rpc errors. The interval is number of
 # seconds between attempts.
 # resync_interval = 5
@@ -11,16 +11,16 @@
 # matches you plugin.
 
 # OVS based plugins(OVS, Ryu, NEC, NVP, BigSwitch/Floodlight)
-interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
 # OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS
 # as OpenFlow switch and check port status
 #ovs_use_veth = True
 # LinuxBridge
-#interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
+#interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
 
 # The agent can use other DHCP drivers.  Dnsmasq is the simplest and requires
 # no additional setup of the DHCP server.
-dhcp_driver = quantum.agent.linux.dhcp.Dnsmasq
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
 
 # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
 # iproute2 package that supports namespaces).
@@ -35,7 +35,7 @@ dhcp_driver = quantum.agent.linux.dhcp.Dnsmasq
 
 # Allows for serving metadata requests coming from a dedicated metadata
 # access network whose cidr is 169.254.169.254/16 (or larger prefix), and
-# is connected to a Quantum router from which the VMs send metadata
+# is connected to a Neutron router from which the VMs send metadata
 # request. In this case DHCP Option 121 will not be injected in VMs, as
 # they will be able to reach 169.254.169.254 through a router.
 # This option requires enable_isolated_metadata = True

etc/l3_agent.ini

@@ -6,12 +6,12 @@
 # matches your plugin.
 
 # OVS based plugins (OVS, Ryu, NEC) that supports L3 agent
-interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
 # OVS based plugins(Ryu, NEC) that use OVS
 # as OpenFlow switch and check port status
 #ovs_use_veth = True
 # LinuxBridge
-#interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
+#interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
 
 # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
 # iproute2 package that supports namespaces).
@@ -30,7 +30,7 @@ interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
 
 # Indicates that this L3 agent should also handle routers that do not have
 # an external network gateway configured.  This option should be True only
-# for a single agent in a Quantum deployment, and may be False for all agents
+# for a single agent in a Neutron deployment, and may be False for all agents
 # if all routers must have an external network gateway
 # handle_internal_only_routers = True
 
@@ -38,7 +38,7 @@ interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
 # empty value for the linux bridge
 # external_network_bridge = br-ex
 
-# TCP Port used by Quantum metadata server
+# TCP Port used by Neutron metadata server
 # metadata_port = 9697
 
 # Send this many gratuitous ARPs for HA setup. Set it below or equal to 0
@@ -54,4 +54,4 @@ interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
 
 # enable_metadata_proxy, which is true by default, can be set to False
 # if the Nova metadata server is not available
-# enable_metadata_proxy = True
+# enable_metadata_proxy = True

etc/lbaas_agent.ini

@@ -2,22 +2,22 @@
 # Show debugging output in log (sets DEBUG log level output)
 # debug = true
 
-# The LBaaS agent will resync its state with Quantum to recover from any
+# The LBaaS agent will resync its state with Neutron to recover from any
 # transient notification or rpc errors. The interval is number of
 # seconds between attempts.
 # periodic_interval = 10
 
 # OVS based plugins(OVS, Ryu, NEC, NVP, BigSwitch/Floodlight)
-interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
 # OVS based plugins(Ryu, NEC, NVP, BigSwitch/Floodlight) that use OVS
 # as OpenFlow switch and check port status
 # ovs_use_veth = True
 # LinuxBridge
-# interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
+# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
 
 # The agent requires a driver to manage the loadbalancer.  HAProxy is the
 # opensource version.
-#device_driver = quantum.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
+#device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
 
 # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
 # iproute2 package that supports namespaces).

etc/metadata_agent.ini

@@ -2,7 +2,7 @@
 # Show debugging output in log (sets DEBUG log level output)
 # debug = True
 
-# The Quantum user information for accessing the Quantum API.
+# The Neutron user information for accessing the Neutron API.
 auth_url = http://localhost:35357/v2.0
 auth_region = RegionOne
 admin_tenant_name = %SERVICE_TENANT_NAME%
@@ -18,8 +18,8 @@ admin_password = %SERVICE_PASSWORD%
 # TCP Port used by Nova metadata server
 # nova_metadata_port = 8775
 
-# When proxying metadata requests, Quantum signs the Instance-ID header with a
+# When proxying metadata requests, Neutron signs the Instance-ID header with a
 # shared secret to prevent spoofing.  You may select any string for a secret,
 # but it must match here and in the configuration used by the Nova Metadata
-# Server. NOTE: Nova uses a different key: quantum_metadata_proxy_shared_secret
+# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret
 # metadata_proxy_shared_secret =

etc/neutron/rootwrap.d/debug.filters

@@ -0,0 +1,14 @@
+# neutron-rootwrap command filters for nodes on which neutron is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# This is needed because we should ping
+# from inside a namespace which requires root
+ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
+ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+

etc/neutron/rootwrap.d/dhcp.filters

@@ -0,0 +1,40 @@
+# neutron-rootwrap command filters for nodes on which neutron is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# dhcp-agent
+ip_exec_dnsmasq: DnsmasqNetnsFilter, ip, root
+dnsmasq: DnsmasqFilter, /sbin/dnsmasq, root
+dnsmasq_usr: DnsmasqFilter, /usr/sbin/dnsmasq, root
+# dhcp-agent uses kill as well, that's handled by the generic KillFilter
+# it looks like these are the only signals needed, per
+# neutron/agent/linux/dhcp.py
+kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP
+kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
+
+# dhcp-agent uses cat
+cat: RegExpFilter, cat, root, cat, /proc/\d+/cmdline
+ovs-vsctl: CommandFilter, ovs-vsctl, root
+ivs-ctl: CommandFilter, ivs-ctl, root
+
+# metadata proxy
+metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
+metadata_proxy_quantum: CommandFilter, quantum-ns-metadata-proxy, root
+# If installed from source (say, by devstack), the prefix will be
+# /usr/local instead of /usr/bin.
+metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root
+metadata_proxy_local_quantum: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
+# RHEL invocation of the metadata proxy will report /usr/bin/python
+kill_metadata: KillFilter, root, /usr/bin/python, -9
+kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
+kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
+
+# ip_lib
+ip: IpFilter, ip, root
+ip_exec: IpNetnsExecFilter, ip, root

etc/neutron/rootwrap.d/iptables-firewall.filters

@@ -0,0 +1,21 @@
+# neutron-rootwrap command filters for nodes on which neutron is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# neutron/agent/linux/iptables_manager.py
+#   "iptables-save", ...
+iptables-save: CommandFilter, iptables-save, root
+iptables-restore: CommandFilter, iptables-restore, root
+ip6tables-save: CommandFilter, ip6tables-save, root
+ip6tables-restore: CommandFilter, ip6tables-restore, root
+
+# neutron/agent/linux/iptables_manager.py
+#   "iptables", "-A", ...
+iptables: CommandFilter, iptables, root
+ip6tables: CommandFilter, ip6tables, root

etc/neutron/rootwrap.d/l3.filters

@@ -0,0 +1,41 @@
+# neutron-rootwrap command filters for nodes on which neutron is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# arping
+arping: CommandFilter, arping, root
+
+# l3_agent
+sysctl: CommandFilter, sysctl, root
+route: CommandFilter, route, root
+
+# metadata proxy
+metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
+metadata_proxy_quantum: CommandFilter, quantum-ns-metadata-proxy, root
+# If installed from source (say, by devstack), the prefix will be
+# /usr/local instead of /usr/bin.
+metadata_proxy_local: CommandFilter, /usr/local/bin/neuton-ns-metadata-proxy, root
+metadata_proxy_local_quantum: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
+# RHEL invocation of the metadata proxy will report /usr/bin/python
+kill_metadata: KillFilter, root, /usr/bin/python, -9
+kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
+kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
+
+# ip_lib
+ip: IpFilter, ip, root
+ip_exec: IpNetnsExecFilter, ip, root
+
+# ovs_lib (if OVSInterfaceDriver is used)
+ovs-vsctl: CommandFilter, ovs-vsctl, root
+
+# iptables_manager
+iptables-save: CommandFilter, iptables-save, root
+iptables-restore: CommandFilter, iptables-restore, root
+ip6tables-save: CommandFilter, ip6tables-save, root
+ip6tables-restore: CommandFilter, ip6tables-restore, root

etc/neutron/rootwrap.d/lbaas-haproxy.filters

@@ -0,0 +1,24 @@
+# neuton-rootwrap command filters for nodes on which neuton is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# haproxy
+haproxy: CommandFilter, haproxy, root
+
+# lbaas-agent uses kill as well, that's handled by the generic KillFilter
+kill_haproxy_usr: KillFilter, root, /usr/sbin/haproxy, -9, -HUP
+
+# lbaas-agent uses cat
+cat: RegExpFilter, cat, root, cat, /proc/\d+/cmdline
+
+ovs-vsctl: CommandFilter, ovs-vsctl, root
+
+# ip_lib
+ip: IpFilter, ip, root
+ip_exec: IpNetnsExecFilter, ip, root

etc/neutron/rootwrap.d/linuxbridge-plugin.filters

@@ -0,0 +1,18 @@
+# neuton-rootwrap command filters for nodes on which neuton is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# linuxbridge-agent
+# unclear whether both variants are necessary, but I'm transliterating
+# from the old mechanism
+brctl: CommandFilter, brctl, root
+
+# ip_lib
+ip: IpFilter, ip, root
+ip_exec: IpNetnsExecFilter, ip, root

etc/neutron/rootwrap.d/nec-plugin.filters

@@ -0,0 +1,12 @@
+# neuton-rootwrap command filters for nodes on which neuton is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# nec_neutron_agent
+ovs-vsctl: CommandFilter, ovs-vsctl, root

etc/neutron/rootwrap.d/openvswitch-plugin.filters

@@ -0,0 +1,20 @@
+# neutron-rootwrap command filters for nodes on which neutron is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# openvswitch-agent
+# unclear whether both variants are necessary, but I'm transliterating
+# from the old mechanism
+ovs-vsctl: CommandFilter, ovs-vsctl, root
+ovs-ofctl: CommandFilter, ovs-ofctl, root
+xe: CommandFilter, xe, root
+
+# ip_lib
+ip: IpFilter, ip, root
+ip_exec: IpNetnsExecFilter, ip, root

etc/neutron/rootwrap.d/ryu-plugin.filters

@@ -0,0 +1,21 @@
+# neutron-rootwrap command filters for nodes on which neutron is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# ryu-agent
+# unclear whether both variants are necessary, but I'm transliterating
+# from the old mechanism
+
+# neutron/plugins/ryu/agent/ryu_neutron_agent.py:
+#   "ovs-vsctl", "--timeout=2", ...
+ovs-vsctl: CommandFilter, ovs-vsctl, root
+
+# neutron/plugins/ryu/agent/ryu_neutron_agent.py:
+#   "xe", "vif-param-get", ...
+xe: CommandFilter, xe, root

etc/quantum

@@ -0,0 +1 @@
+neutron

etc/quantum/rootwrap.d/debug.filters

@@ -1,14 +0,0 @@
-# quantum-rootwrap command filters for nodes on which quantum is
-# expected to control network
-#
-# This file should be owned by (and only-writeable by) the root user
-
-# format seems to be
-# cmd-name: filter-name, raw-command, user, args
-
-[Filters]
-
-# This is needed because we should ping
-# from inside a namespace which requires root
-ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
-ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+

etc/quantum/rootwrap.d/dhcp.filters

@@ -1,38 +0,0 @@
-# quantum-rootwrap command filters for nodes on which quantum is
-# expected to control network
-#
-# This file should be owned by (and only-writeable by) the root user
-
-# format seems to be
-# cmd-name: filter-name, raw-command, user, args
-
-[Filters]
-
-# dhcp-agent
-ip_exec_dnsmasq: DnsmasqNetnsFilter, ip, root
-dnsmasq: DnsmasqFilter, /sbin/dnsmasq, root
-dnsmasq_usr: DnsmasqFilter, /usr/sbin/dnsmasq, root
-# dhcp-agent uses kill as well, that's handled by the generic KillFilter
-# it looks like these are the only signals needed, per
-# quantum/agent/linux/dhcp.py
-kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP
-kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
-
-# dhcp-agent uses cat
-cat: RegExpFilter, cat, root, cat, /proc/\d+/cmdline
-ovs-vsctl: CommandFilter, ovs-vsctl, root
-ivs-ctl: CommandFilter, ivs-ctl, root
-
-# metadata proxy
-metadata_proxy: CommandFilter, quantum-ns-metadata-proxy, root
-# If installed from source (say, by devstack), the prefix will be
-# /usr/local instead of /usr/bin.
-metadata_proxy_local: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
-# RHEL invocation of the metadata proxy will report /usr/bin/python
-kill_metadata: KillFilter, root, /usr/bin/python, -9
-kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
-kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
-
-# ip_lib
-ip: IpFilter, ip, root
-ip_exec: IpNetnsExecFilter, ip, root

etc/quantum/rootwrap.d/iptables-firewall.filters

@@ -1,21 +0,0 @@
-# quantum-rootwrap command filters for nodes on which quantum is
-# expected to control network
-#
-# This file should be owned by (and only-writeable by) the root user
-
-# format seems to be
-# cmd-name: filter-name, raw-command, user, args
-
-[Filters]
-
-# quantum/agent/linux/iptables_manager.py
-#   "iptables-save", ...
-iptables-save: CommandFilter, iptables-save, root
-iptables-restore: CommandFilter, iptables-restore, root
-ip6tables-save: CommandFilter, ip6tables-save, root
-ip6tables-restore: CommandFilter, ip6tables-restore, root
-
-# quantum/agent/linux/iptables_manager.py
-#   "iptables", "-A", ...
-iptables: CommandFilter, iptables, root
-ip6tables: CommandFilter, ip6tables, root

etc/quantum/rootwrap.d/l3.filters

@@ -1,39 +0,0 @@
-# quantum-rootwrap command filters for nodes on which quantum is
-# expected to control network
-#
-# This file should be owned by (and only-writeable by) the root user
-
-# format seems to be
-# cmd-name: filter-name, raw-command, user, args
-
-[Filters]
-
-# arping
-arping: CommandFilter, arping, root
-
-# l3_agent
-sysctl: CommandFilter, sysctl, root
-route: CommandFilter, route, root
-
-# metadata proxy
-metadata_proxy: CommandFilter, quantum-ns-metadata-proxy, root
-# If installed from source (say, by devstack), the prefix will be
-# /usr/local instead of /usr/bin.
-metadata_proxy_local: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
-# RHEL invocation of the metadata proxy will report /usr/bin/python
-kill_metadata: KillFilter, root, /usr/bin/python, -9
-kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
-kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
-
-# ip_lib
-ip: IpFilter, ip, root
-ip_exec: IpNetnsExecFilter, ip, root
-
-# ovs_lib (if OVSInterfaceDriver is used)
-ovs-vsctl: CommandFilter, ovs-vsctl, root
-
-# iptables_manager
-iptables-save: CommandFilter, iptables-save, root
-iptables-restore: CommandFilter, iptables-restore, root
-ip6tables-save: CommandFilter, ip6tables-save, root
-ip6tables-restore: CommandFilter, ip6tables-restore, root

etc/quantum/rootwrap.d/lbaas-haproxy.filters

@@ -1,24 +0,0 @@
-# quantum-rootwrap command filters for nodes on which quantum is
-# expected to control network
-#
-# This file should be owned by (and only-writeable by) the root user
-
-# format seems to be
-# cmd-name: filter-name, raw-command, user, args
-
-[Filters]
-
-# haproxy
-haproxy: CommandFilter, haproxy, root
-
-# lbaas-agent uses kill as well, that's handled by the generic KillFilter
-kill_haproxy_usr: KillFilter, root, /usr/sbin/haproxy, -9, -HUP
-
-# lbaas-agent uses cat
-cat: RegExpFilter, cat, root, cat, /proc/\d+/cmdline
-
-ovs-vsctl: CommandFilter, ovs-vsctl, root
-
-# ip_lib
-ip: IpFilter, ip, root
-ip_exec: IpNetnsExecFilter, ip, root

etc/quantum/rootwrap.d/linuxbridge-plugin.filters

@@ -1,18 +0,0 @@
-# quantum-rootwrap command filters for nodes on which quantum is
-# expected to control network
-#