Skip to content

Commit

Permalink
Define root_helper variable under the [AGENT] section
Browse files Browse the repository at this point in the history 
Fixes bug 1105523

The patch set adds 2 new functions:
1. register_root_helper - this enables all wanting to use
the root_helper variable. This is under the section AGENT.
2. get_root_helper - this is a helper function that returns the
root_helper. This should be used when the application used to
have the root_helper defined under the section DEFAULT. This
ensures backward compatability.

Change-Id: Iba72c4fc89ba5329ea045483287012f82b306250
  • Loading branch information
Gary Kotton committed Feb 4, 2013
1 parent f4b1c5f commit 1b7565b
Show file tree
Hide file tree
Showing 23 changed files with 142 additions and 118 deletions.
5 changes: 0 additions & 5 deletions etc/dhcp_agent.ini
View file
Expand Up @@ -29,8 +29,3 @@ dhcp_driver = quantum.agent.linux.dhcp.Dnsmasq
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
# use_namespaces = True

# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
root_helper = sudo
5 changes: 0 additions & 5 deletions etc/l3_agent.ini
View file
Expand Up @@ -13,11 +13,6 @@ interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
# LinuxBridge
#interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver

# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
root_helper = sudo

# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
# use_namespaces = True
Expand Down
5 changes: 0 additions & 5 deletions etc/metadata_agent.ini
View file
Expand Up @@ -9,11 +9,6 @@ admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%

# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
root_helper = sudo

# Where to store metadata state files. This directory must be writable by the
# user executing the agent.
# state_path = /var/lib/quantum
Expand Down
6 changes: 6 additions & 0 deletions etc/quantum.conf
View file
Expand Up @@ -201,3 +201,9 @@ notification_topics = notifications
[SECURITYGROUP]
# If set to true this allows quantum to receive proxied security group calls from nova
# proxy_mode = False

[AGENT]
# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
# root_helper = sudo
4 changes: 0 additions & 4 deletions etc/quantum/plugins/linuxbridge/linuxbridge_conf.ini
View file
Expand Up @@ -57,7 +57,3 @@ reconnect_interval = 2
[AGENT]
# Agent's polling interval in seconds
polling_interval = 2
# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
root_helper = "sudo"
7 changes: 0 additions & 7 deletions etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
View file
Expand Up @@ -96,10 +96,6 @@ reconnect_interval = 2
[AGENT]
# Agent's polling interval in seconds
polling_interval = 2
# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
root_helper = sudo

#-----------------------------------------------------------------------------
# Sample Configurations.
Expand All @@ -114,7 +110,6 @@ root_helper = sudo
# integration_bridge = br-int
# bridge_mappings = default:br-eth1
# [AGENT]
# root_helper = sudo
# Add the following setting, if you want to log to a file
#
# 2. With tunneling.
Expand All @@ -126,5 +121,3 @@ root_helper = sudo
# integration_bridge = br-int
# tunnel_bridge = br-tun
# local_ip = 10.0.0.3
# [AGENT]
# root_helper = sudo
6 changes: 0 additions & 6 deletions etc/quantum/plugins/ryu/ryu.ini
View file
Expand Up @@ -45,9 +45,3 @@ tunnel_interface = eth0
# ovsdb_ip =
# ovsdb_interface =
ovsdb_interface = eth0

[AGENT]
# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
root_helper = sudo
29 changes: 29 additions & 0 deletions quantum/agent/common/config.py
View file
Expand Up @@ -18,6 +18,35 @@

from quantum.common import config
from quantum.openstack.common import cfg
from quantum.openstack.common import log as logging


LOG = logging.getLogger(__name__)


ROOT_HELPER_OPTS = [
cfg.StrOpt('root_helper', default='sudo',
help=_('Root helper application.')),
]


def register_root_helper(conf):
# The first call is to ensure backward compatibility
conf.register_opts(ROOT_HELPER_OPTS)
conf.register_opts(ROOT_HELPER_OPTS, 'AGENT')


def get_root_helper(conf):
root_helper = conf.AGENT.root_helper
if root_helper is not 'sudo':
return root_helper

root_helper = conf.root_helper
if root_helper is not 'sudo':
LOG.deprecated(_('DEFAULT.root_helper is deprecated!'))
return root_helper

return 'sudo'


def setup_conf():
Expand Down
12 changes: 7 additions & 5 deletions quantum/agent/dhcp_agent.py
View file
Expand Up @@ -43,8 +43,6 @@

class DhcpAgent(object):
OPTS = [
cfg.StrOpt('root_helper', default='sudo',
help=_("Root helper application.")),
cfg.IntOpt('resync_interval', default=30,
help=_("Interval to resync.")),
cfg.StrOpt('dhcp_driver',
Expand All @@ -58,6 +56,7 @@ def __init__(self, conf):
self.needs_resync = False
self.conf = conf
self.cache = NetworkCache()
self.root_helper = config.get_root_helper(conf)

self.dhcp_driver_cls = importutils.import_class(conf.dhcp_driver)
ctx = context.get_admin_context_without_session()
Expand Down Expand Up @@ -85,7 +84,7 @@ def call_driver(self, action, network):
# the base models.
driver = self.dhcp_driver_cls(self.conf,
network,
self.conf.root_helper,
self.root_helper,
self.device_manager,
namespace)
getattr(driver, action)()
Expand Down Expand Up @@ -394,6 +393,7 @@ class DeviceManager(object):

def __init__(self, conf, plugin):
self.conf = conf
self.root_helper = config.get_root_helper(conf)
self.plugin = plugin
if not conf.interface_driver:
LOG.error(_('You must specify an interface driver'))
Expand Down Expand Up @@ -427,7 +427,7 @@ def setup(self, network, reuse_existing=False):
namespace = None

if ip_lib.device_exists(interface_name,
self.conf.root_helper,
self.root_helper,
namespace):
if not reuse_existing:
raise exceptions.PreexistingDeviceFailure(
Expand All @@ -452,7 +452,8 @@ def setup(self, network, reuse_existing=False):

# ensure that the dhcp interface is first in the list
if namespace is None:
device = ip_lib.IPDevice(interface_name, self.conf.root_helper)
device = ip_lib.IPDevice(interface_name,
self.root_helper)
device.route.pullup_route(interface_name)

return interface_name
Expand Down Expand Up @@ -547,6 +548,7 @@ def start(self):
def main():
eventlet.monkey_patch()
cfg.CONF.register_opts(DhcpAgent.OPTS)
config.register_root_helper(cfg.CONF)
cfg.CONF.register_opts(DeviceManager.OPTS)
cfg.CONF.register_opts(DhcpLeaseRelay.OPTS)
cfg.CONF.register_opts(dhcp.OPTS)
Expand Down
39 changes: 19 additions & 20 deletions quantum/agent/l3_agent.py
View file
Expand Up @@ -111,8 +111,6 @@ def ns_name(self):
class L3NATAgent(manager.Manager):

OPTS = [
cfg.StrOpt('root_helper', default='sudo',
help=_("Root helper application.")),
cfg.StrOpt('external_network_bridge', default='br-ex',
help=_("Name of bridge used for external network "
"traffic.")),
Expand Down Expand Up @@ -150,6 +148,7 @@ def __init__(self, host, conf=None):
self.conf = conf
else:
self.conf = cfg.CONF
self.root_helper = config.get_root_helper(self.conf)
self.router_info = {}

if not self.conf.interface_driver:
Expand All @@ -173,17 +172,16 @@ def _destroy_all_router_namespaces(self):
"""Destroy all router namespaces on the host to eliminate
all stale linux devices, iptables rules, and namespaces.
"""
root_ip = ip_lib.IPWrapper(self.conf.root_helper)
for ns in root_ip.get_namespaces(self.conf.root_helper):
root_ip = ip_lib.IPWrapper(self.root_helper)
for ns in root_ip.get_namespaces(self.root_helper):
if ns.startswith(NS_PREFIX):
try:
self._destroy_router_namespace(ns)
except:
LOG.exception(_("Failed deleting namespace '%s'"), ns)

def _destroy_router_namespace(self, namespace):
ns_ip = ip_lib.IPWrapper(self.conf.root_helper,
namespace=namespace)
ns_ip = ip_lib.IPWrapper(self.root_helper, namespace=namespace)
for d in ns_ip.get_devices(exclude_loopback=True):
if d.name.startswith(INTERNAL_DEV_PREFIX):
# device is on default bridge
Expand All @@ -197,7 +195,7 @@ def _destroy_router_namespace(self, namespace):
#(TODO) Address the failure for the deletion of the namespace

def _create_router_namespace(self, ri):
ip_wrapper_root = ip_lib.IPWrapper(self.conf.root_helper)
ip_wrapper_root = ip_lib.IPWrapper(self.root_helper)
ip_wrapper = ip_wrapper_root.ensure_namespace(ri.ns_name())
ip_wrapper.netns.execute(['sysctl', '-w', 'net.ipv4.ip_forward=1'])

Expand All @@ -218,7 +216,7 @@ def _fetch_external_net_id(self):
raise

def _router_added(self, router_id, router=None):
ri = RouterInfo(router_id, self.conf.root_helper,
ri = RouterInfo(router_id, self.root_helper,
self.conf.use_namespaces, router)
self.router_info[router_id] = ri
if self.conf.use_namespaces:
Expand Down Expand Up @@ -251,15 +249,15 @@ def callback(pid_file):
pm = external_process.ProcessManager(
self.conf,
router_info.router_id,
self.conf.root_helper,
self.root_helper,
router_info.ns_name())
pm.enable(callback)

def _destroy_metadata_proxy(self, router_info):
pm = external_process.ProcessManager(
self.conf,
router_info.router_id,
self.conf.root_helper,
self.root_helper,
router_info.ns_name())
pm.disable()

Expand Down Expand Up @@ -364,12 +362,12 @@ def _send_gratuitous_arp_packet(self, ri, interface_name, ip_address):
ip_address]
try:
if self.conf.use_namespaces:
ip_wrapper = ip_lib.IPWrapper(self.conf.root_helper,
ip_wrapper = ip_lib.IPWrapper(self.root_helper,
namespace=ri.ns_name())
ip_wrapper.netns.execute(arping_cmd, check_exit_code=True)
else:
utils.execute(arping_cmd, check_exit_code=True,
root_helper=self.conf.root_helper)
root_helper=self.root_helper)
except Exception as e:
LOG.error(_("Failed sending gratuitous ARP: %s"), str(e))

Expand All @@ -384,7 +382,7 @@ def external_gateway_added(self, ri, ex_gw_port, internal_cidrs):
interface_name = self.get_external_device_name(ex_gw_port['id'])
ex_gw_ip = ex_gw_port['fixed_ips'][0]['ip_address']
if not ip_lib.device_exists(interface_name,
root_helper=self.conf.root_helper,
root_helper=self.root_helper,
namespace=ri.ns_name()):
self.driver.plug(ex_gw_port['network_id'],
ex_gw_port['id'], interface_name,
Expand All @@ -401,12 +399,12 @@ def external_gateway_added(self, ri, ex_gw_port, internal_cidrs):
if ex_gw_port['subnet']['gateway_ip']:
cmd = ['route', 'add', 'default', 'gw', gw_ip]
if self.conf.use_namespaces:
ip_wrapper = ip_lib.IPWrapper(self.conf.root_helper,
ip_wrapper = ip_lib.IPWrapper(self.root_helper,
namespace=ri.ns_name())
ip_wrapper.netns.execute(cmd, check_exit_code=False)
else:
utils.execute(cmd, check_exit_code=False,
root_helper=self.conf.root_helper)
root_helper=self.root_helper)

for (c, r) in self.external_gateway_nat_rules(ex_gw_ip,
internal_cidrs,
Expand All @@ -418,7 +416,7 @@ def external_gateway_removed(self, ri, ex_gw_port, internal_cidrs):

interface_name = self.get_external_device_name(ex_gw_port['id'])
if ip_lib.device_exists(interface_name,
root_helper=self.conf.root_helper,
root_helper=self.root_helper,
namespace=ri.ns_name()):
self.driver.unplug(interface_name,
bridge=self.conf.external_network_bridge,
Expand Down Expand Up @@ -458,7 +456,7 @@ def internal_network_added(self, ri, ex_gw_port, network_id, port_id,
internal_cidr, mac_address):
interface_name = self.get_internal_device_name(port_id)
if not ip_lib.device_exists(interface_name,
root_helper=self.conf.root_helper,
root_helper=self.root_helper,
namespace=ri.ns_name()):
self.driver.plug(network_id, port_id, interface_name, mac_address,
namespace=ri.ns_name(),
Expand All @@ -479,7 +477,7 @@ def internal_network_added(self, ri, ex_gw_port, network_id, port_id,
def internal_network_removed(self, ri, ex_gw_port, port_id, internal_cidr):
interface_name = self.get_internal_device_name(port_id)
if ip_lib.device_exists(interface_name,
root_helper=self.conf.root_helper,
root_helper=self.root_helper,
namespace=ri.ns_name()):
self.driver.unplug(interface_name, namespace=ri.ns_name(),
prefix=INTERNAL_DEV_PREFIX)
Expand All @@ -499,7 +497,7 @@ def internal_network_nat_rules(self, ex_gw_ip, internal_cidr):
def floating_ip_added(self, ri, ex_gw_port, floating_ip, fixed_ip):
ip_cidr = str(floating_ip) + '/32'
interface_name = self.get_external_device_name(ex_gw_port['id'])
device = ip_lib.IPDevice(interface_name, self.conf.root_helper,
device = ip_lib.IPDevice(interface_name, self.root_helper,
namespace=ri.ns_name())

if ip_cidr not in [addr['cidr'] for addr in device.addr.list()]:
Expand All @@ -516,7 +514,7 @@ def floating_ip_removed(self, ri, ex_gw_port, floating_ip, fixed_ip):
net = netaddr.IPNetwork(ip_cidr)
interface_name = self.get_external_device_name(ex_gw_port['id'])

device = ip_lib.IPDevice(interface_name, self.conf.root_helper,
device = ip_lib.IPDevice(interface_name, self.root_helper,
namespace=ri.ns_name())
device.addr.delete(net.version, ip_cidr)

Expand Down Expand Up @@ -616,6 +614,7 @@ def main():
eventlet.monkey_patch()
conf = cfg.CONF
conf.register_opts(L3NATAgent.OPTS)
config.register_root_helper(conf)
conf.register_opts(interface.OPTS)
conf.register_opts(external_process.OPTS)
conf()
Expand Down

0 comments on commit 1b7565b

Please sign in to comment.