...
|
...
|
@@ -72,7 +72,8 @@ NEUTRON_SERVICE_PROTOCOL=${NEUTRON_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
72
|
72
|
NEUTRON_AUTH_STRATEGY=${NEUTRON_AUTH_STRATEGY:-keystone}
|
73
|
73
|
NEUTRON_ROOTWRAP=$(get_rootwrap_location neutron)
|
74
|
74
|
NEUTRON_ROOTWRAP_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf
|
75
|
|
-NEUTRON_ROOTWRAP_DAEMON_CMD="sudo $NEUTRON_ROOTWRAP-daemon $NEUTRON_ROOTWRAP_CONF_FILE"
|
|
75
|
+NEUTRON_ROOTWRAP_CMD="$NEUTRON_ROOTWRAP $NEUTRON_ROOTWRAP_CONF_FILE"
|
|
76
|
+NEUTRON_ROOTWRAP_DAEMON_CMD="$NEUTRON_ROOTWRAP-daemon $NEUTRON_ROOTWRAP_CONF_FILE"
|
76
|
77
|
|
77
|
78
|
# This is needed because _neutron_ovs_base_configure_l3_agent will set
|
78
|
79
|
# external_network_bridge
|
...
|
...
|
@@ -125,6 +126,13 @@ function cleanup_neutron_new {
|
125
|
125
|
done
|
126
|
126
|
}
|
127
|
127
|
|
|
128
|
+# configure_root_helper_options() - Configure agent rootwrap helper options
|
|
129
|
+function configure_root_helper_options {
|
|
130
|
+ local conffile=$1
|
|
131
|
+ iniset $conffile agent root_helper "sudo $NEUTRON_ROOTWRAP_CMD"
|
|
132
|
+ iniset $conffile agent root_helper_daemon "sudo $NEUTRON_ROOTWRAP_DAEMON_CMD"
|
|
133
|
+}
|
|
134
|
+
|
128
|
135
|
# configure_neutron() - Set config files, create data dirs, etc
|
129
|
136
|
function configure_neutron_new {
|
130
|
137
|
sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR
|
...
|
...
|
@@ -185,6 +193,7 @@ function configure_neutron_new {
|
185
|
185
|
if is_service_enabled neutron-agent; then
|
186
|
186
|
iniset $NEUTRON_CORE_PLUGIN_CONF agent tunnel_types vxlan
|
187
|
187
|
iniset $NEUTRON_CORE_PLUGIN_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
|
188
|
+ configure_root_helper_options $NEUTRON_CORE_PLUGIN_CONF
|
188
|
189
|
|
189
|
190
|
# Configure the neutron agent
|
190
|
191
|
if [[ $NEUTRON_AGENT == "linuxbridge" ]]; then
|
...
|
...
|
@@ -208,7 +217,7 @@ function configure_neutron_new {
|
208
|
208
|
# make it so we have working DNS from guests
|
209
|
209
|
iniset $NEUTRON_DHCP_CONF DEFAULT dnsmasq_local_resolv True
|
210
|
210
|
|
211
|
|
- iniset $NEUTRON_DHCP_CONF agent root_helper_daemon "$NEUTRON_ROOTWRAP_DAEMON_CMD"
|
|
211
|
+ configure_root_helper_options $NEUTRON_DHCP_CONF
|
212
|
212
|
iniset $NEUTRON_DHCP_CONF DEFAULT interface_driver $NEUTRON_AGENT
|
213
|
213
|
neutron_plugin_configure_dhcp_agent $NEUTRON_DHCP_CONF
|
214
|
214
|
fi
|
...
|
...
|
@@ -217,7 +226,7 @@ function configure_neutron_new {
|
217
|
217
|
cp $NEUTRON_DIR/etc/l3_agent.ini.sample $NEUTRON_L3_CONF
|
218
|
218
|
iniset $NEUTRON_L3_CONF DEFAULT interface_driver $NEUTRON_AGENT
|
219
|
219
|
neutron_service_plugin_class_add router
|
220
|
|
- iniset $NEUTRON_L3_CONF agent root_helper_daemon "$NEUTRON_ROOTWRAP_DAEMON_CMD"
|
|
220
|
+ configure_root_helper_options $NEUTRON_L3_CONF
|
221
|
221
|
iniset $NEUTRON_L3_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
222
|
222
|
neutron_plugin_configure_l3_agent $NEUTRON_L3_CONF
|
223
|
223
|
fi
|
...
|
...
|
@@ -229,7 +238,8 @@ function configure_neutron_new {
|
229
|
229
|
iniset $NEUTRON_META_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
230
|
230
|
iniset $NEUTRON_META_CONF DEFAULT nova_metadata_ip $SERVICE_HOST
|
231
|
231
|
iniset $NEUTRON_META_CONF DEFAULT metadata_workers $API_WORKERS
|
232
|
|
- iniset $NEUTRON_META_CONF agent root_helper_daemon "$NEUTRON_ROOTWRAP_DAEMON_CMD"
|
|
232
|
+ # TODO(ihrachys) do we really need to set rootwrap for metadata agent?
|
|
233
|
+ configure_root_helper_options $NEUTRON_META_CONF
|
233
|
234
|
|
234
|
235
|
# TODO(dtroyer): remove the v2.0 hard code below
|
235
|
236
|
iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
|
...
|
...
|
@@ -254,12 +264,6 @@ function configure_neutron_new {
|
254
|
254
|
|
255
|
255
|
# configure_neutron_rootwrap() - configure Neutron's rootwrap
|
256
|
256
|
function configure_neutron_rootwrap {
|
257
|
|
- # Set the paths of certain binaries
|
258
|
|
- neutron_rootwrap=$(get_rootwrap_location neutron)
|
259
|
|
-
|
260
|
|
- # Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
|
261
|
|
- local rootwrap_sudoer_cmd="${neutron_rootwrap} $NEUTRON_CONF_DIR/rootwrap.conf"
|
262
|
|
-
|
263
|
257
|
# Deploy new rootwrap filters files (owned by root).
|
264
|
258
|
# Wipe any existing rootwrap.d files first
|
265
|
259
|
if [[ -d $NEUTRON_CONF_DIR/rootwrap.d ]]; then
|
...
|
...
|
@@ -276,7 +280,8 @@ function configure_neutron_rootwrap {
|
276
|
276
|
|
277
|
277
|
# Set up the rootwrap sudoers for Neutron
|
278
|
278
|
tempfile=`mktemp`
|
279
|
|
- echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudoer_cmd *" >$tempfile
|
|
279
|
+ echo "$STACK_USER ALL=(root) NOPASSWD: $NEUTRON_ROOTWRAP_CMD *" >$tempfile
|
|
280
|
+ echo "$STACK_USER ALL=(root) NOPASSWD: $NEUTRON_ROOTWRAP_DAEMON_CMD" >>$tempfile
|
280
|
281
|
chmod 0440 $tempfile
|
281
|
282
|
sudo chown root:root $tempfile
|
282
|
283
|
sudo mv $tempfile /etc/sudoers.d/neutron-rootwrap
|