The values user0 and user1 do not map to valid facility values.
local1, etc. Using user0 results in a pri value that does not map
back to a facility of the same name in syslog.
RFC5424 suggest values values of local0 through local7. Setting
syslog_log_facility to one of those values results in a message with a
priority that can be mapped back to the original string value.
This fix adjusts the comment in rootwrap.conf to suggest the local
prefix instead of the user prefix.
Change-Id: I835ad17c817b8623e382368b39b06944470be480
Closes-bug: #1280879
Use the common oslo-incubator rootwrap rather than maintain a
specific fork within Neutron.
- Migrated DnsmasqFilter use in dhcp.filters to the new EnvFilter
- Changed environment passing in ip_lib's netns.execute so that
it can be properly matched using IpNetNsExecFilter + EnvFilter.
It now calls "ip netns exec ns env A=B C=D command" instead of
"A=B C=D ip netns exec ns command". Adjusted tests accordingly.
All the other changes are coming directly from the Oslo "rootwrap"
module sync.
Notes:
- Neutron locates its rootwrap.conf in etc/ rather than in etc/neutron
- Neutron maintains a specific bin/quantum-rootwrap-xen-dom0 which
requires additional config in rootwrap.conf
Both behaviors were preserved in this commit, but this may need to be
addressed in the future to simplify future oslo-rootwrap updates.
Implements bp: quantum-common-rootwrap
Change-Id: I02879942a9d1169a71aa4d684c1b9ec109a6de32
As per change https://review.openstack.org/33429 the config sections
became lowercase. This patch makes the quantum-rootwrap-xen-dom0
rootwrap to be case insensitive for the xenapi section.
This patch also changes the default config file to use a lowercase
xenapi section.
Fixes bug 1195781
Change-Id: Ic24feb1a9ad6f8823745b1febd4a0edd54e73498
Avoid depending on platform specific paths for rootwrap
by using exec_dirs in rootwrap. Fixes rootwrap configuration
for SUSE.
Fixes bug #1156044
Change-Id: I54d082c543fd84b40db0caa3571300ac0bb07b57
* Config doc: http://wiki.openstack.org/QuantumDevstackOvsXcp
* The Open vSwitch agent needs to be deployed on domU but
interact with a dom0 bridge.
* Add a root wrapper and associated XenAPI plugin to allow the
agent to execute networking commands against dom0 from domU.
* Update ovs_lib mac address discovery to use ip_lib to
ensure that discovery works even for bridges not local to
the agent (i.e. dom0 bridges). A bridge configured with
a dom0 root wrapper will execute ip link on dom0.
* Update ip_lib to use a root helper by default to ensure that
the 'ip' command will execute on dom0.
* Remove obselete rpm spec and installer for dom0 agent.
* Credit where credit is due - the XenAPI plugin and its
packaging were largely copied from nova.
* Supports blueprint xenapi-ovs
Change-Id: I7795446ee1267712c896f5cb3401f84fb1763ce7
Fix bug 1037815
Summary: Copy/paste the essential parts of the rootwrap
mechanism from nova/cinder into quantum. This includes
the core changes to filter.py and wrapper.py which deal
with loading filters from files pointed to by
rootwrap.conf
Detailed changes:
Transliterate the old rootwrap/*-agent.py files to
new format, and put the results in etc/quantum/rootwrap.d
Delete the *-agent.py files.
Add conf to point to etc/quantum/rootwrap.d
Add a unit test cribbed from nova to exercise the filter
mechanism
Add a unit test to exercise the actual filtered execution
Note that as written, this patch does not set the default
execute mechanism (in the agent .ini files) to rootwrap,
leaves it as sudo. That can be done in a followon
change, or in distro specific packaging.
Note also that there is still work to do around finishing
and testing the filter specs themselves. We've decided
that that is out of scope for this patch.
Change-Id: I9aba6adc5ba40b6145be5fa38c5ece3b666ae5ca