From b782a2c0f329653a94e9fcbb9de62659b47cd663 Mon Sep 17 00:00:00 2001
From: John Dunning <jrd@redhat.com>
Date: Tue, 11 Sep 2012 16:13:37 -0400
Subject: [PATCH] Update stack.sh to track quantum rootwrap

Resubmit of https://review.openstack.org/12822
Fix bugs 1044084 and 1048483

Copy new conf files into /etc at stack time.
iniset the agents' init files to include new rootwrap conf
Launch agents as regular user, not root
Fix service launch of ovs
Correctly handle qemu.conf permissions

Change-Id: Ib6b8a97698df1b816eecc18d1df11267cb027a3d
---
 stack.sh | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/stack.sh b/stack.sh
index 66b7dda2a3..545c07143d 100755
--- a/stack.sh
+++ b/stack.sh
@@ -769,6 +769,8 @@ if is_service_enabled q-agt; then
         else
             ### FIXME(dtroyer): Find RPMs for OpenVSwitch
             echo "OpenVSwitch packages need to be located"
+            # Fedora does not started OVS by default
+            restart_service openvswitch
         fi
     elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
        install_package bridge-utils
@@ -1230,6 +1232,13 @@ if is_service_enabled quantum; then
 
     Q_CONF_FILE=/etc/quantum/quantum.conf
     cp $QUANTUM_DIR/etc/quantum.conf $Q_CONF_FILE
+    Q_RR_CONF_FILE=/etc/quantum/rootwrap.conf
+    cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
+
+    # Copy over the config and filter bits
+    Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d
+    mkdir -p $Q_CONF_ROOTWRAP_D
+    cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
 fi
 
 # Quantum service (for controller node)
@@ -1336,6 +1345,8 @@ if is_service_enabled q-agt; then
         if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
             iniset /$Q_PLUGIN_CONF_FILE OVS bridge_mappings $OVS_BRIDGE_MAPPINGS
         fi
+        # Update config w/rootwrap
+        iniset /$Q_PLUGIN_CONF_FILE OVS root_helper #Q_RR_CONF_FILE
         AGENT_BINARY="$QUANTUM_DIR/bin/quantum-openvswitch-agent"
     elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
         # Setup physical network interface mappings.  Override
@@ -1347,6 +1358,8 @@ if is_service_enabled q-agt; then
         if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
             iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE physical_interface_mappings $LB_INTERFACE_MAPPINGS
         fi
+        # Update config w/rootwrap
+        iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE root_helper #Q_RR_CONF_FILE
         AGENT_BINARY="$QUANTUM_DIR/bin/quantum-linuxbridge-agent"
     fi
 fi
@@ -1367,6 +1380,9 @@ if is_service_enabled q-dhcp; then
 
     quantum_setup_keystone $Q_DHCP_CONF_FILE DEFAULT set_auth_url
 
+    # Update config w/rootwrap
+    iniset /$Q_DHCP_CONF_FILE DEFAULT root_helper #Q_RR_CONF_FILE
+
     if [[ "$Q_PLUGIN" = "openvswitch" ]]; then
         iniset $Q_DHCP_CONF_FILE DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
     elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
@@ -1548,8 +1564,7 @@ if is_service_enabled n-cpu; then
     QEMU_CONF=/etc/libvirt/qemu.conf
     if is_service_enabled quantum && [[ $Q_PLUGIN = "openvswitch" ]] && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF ; then
         # Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces
-        sudo chmod 666 $QEMU_CONF
-        sudo cat <<EOF >> /etc/libvirt/qemu.conf
+        cat <<EOF | sudo tee -a $QEMU_CONF
 cgroup_device_acl = [
     "/dev/null", "/dev/full", "/dev/zero",
     "/dev/random", "/dev/urandom",
@@ -1557,7 +1572,6 @@ cgroup_device_acl = [
     "/dev/rtc", "/dev/hpet","/dev/net/tun",
 ]
 EOF
-        sudo chmod 644 $QEMU_CONF
     fi
 
     if [[ "$os_PACKAGE" = "deb" ]]; then
@@ -2184,9 +2198,9 @@ elif is_service_enabled mysql && is_service_enabled nova; then
 fi
 
 # Start up the quantum agents if enabled
-screen_it q-agt "sudo python $AGENT_BINARY --config-file $Q_CONF_FILE --config-file /$Q_PLUGIN_CONF_FILE"
-screen_it q-dhcp "sudo python $AGENT_DHCP_BINARY --config-file $Q_CONF_FILE --config-file=$Q_DHCP_CONF_FILE"
-screen_it q-l3 "sudo python $AGENT_L3_BINARY --config-file $Q_CONF_FILE --config-file=$Q_L3_CONF_FILE"
+screen_it q-agt "python $AGENT_BINARY --config-file $Q_CONF_FILE --config-file /$Q_PLUGIN_CONF_FILE"
+screen_it q-dhcp "python $AGENT_DHCP_BINARY --config-file $Q_CONF_FILE --config-file=$Q_DHCP_CONF_FILE"
+screen_it q-l3 "python $AGENT_L3_BINARY --config-file $Q_CONF_FILE --config-file=$Q_L3_CONF_FILE"
 
 echo_summary "Starting Nova"
 # The group **libvirtd** is added to the current user in this script.