diff --git a/lib/neutron b/lib/neutron index 5678769255..b4d0b8cad4 100755 --- a/lib/neutron +++ b/lib/neutron @@ -908,7 +908,7 @@ function _configure_neutron_l3_agent { Q_L3_ROUTER_PER_TENANT=$Q_USE_NAMESPACE if is_service_enabled q-vpn; then - cp $NEUTRON_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE + cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE fi cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE @@ -1034,22 +1034,28 @@ function _neutron_service_plugin_class_add { fi } +# _neutron_deploy_rootwrap_filters() - deploy rootwrap filters to $Q_CONF_ROOTWRAP_D (owned by root). +function _neutron_deploy_rootwrap_filters { + local srcdir=$1 + mkdir -p -m 755 $Q_CONF_ROOTWRAP_D + sudo cp -pr $srcdir/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/ + sudo chown -R root:root $Q_CONF_ROOTWRAP_D + sudo chmod 644 $Q_CONF_ROOTWRAP_D/* +} + # _neutron_setup_rootwrap() - configure Neutron's rootwrap function _neutron_setup_rootwrap { if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then return fi - # Deploy new rootwrap filters files (owned by root). # Wipe any existing ``rootwrap.d`` files first Q_CONF_ROOTWRAP_D=$NEUTRON_CONF_DIR/rootwrap.d if [[ -d $Q_CONF_ROOTWRAP_D ]]; then sudo rm -rf $Q_CONF_ROOTWRAP_D fi - # Deploy filters to ``$NEUTRON_CONF_DIR/rootwrap.d`` - mkdir -p -m 755 $Q_CONF_ROOTWRAP_D - cp -pr $NEUTRON_DIR/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/ - sudo chown -R root:root $Q_CONF_ROOTWRAP_D - sudo chmod 644 $Q_CONF_ROOTWRAP_D/* + + _neutron_deploy_rootwrap_filters $NEUTRON_DIR + # Set up ``rootwrap.conf``, pointing to ``$NEUTRON_CONF_DIR/rootwrap.d`` # location moved in newer versions, prefer new location if test -r $NEUTRON_DIR/etc/neutron/rootwrap.conf; then diff --git a/lib/neutron_plugins/services/firewall b/lib/neutron_plugins/services/firewall index a1c13ed153..61a148e596 100644 --- a/lib/neutron_plugins/services/firewall +++ b/lib/neutron_plugins/services/firewall @@ -13,7 +13,7 @@ function neutron_fwaas_configure_common { function neutron_fwaas_configure_driver { FWAAS_DRIVER_CONF_FILENAME=/etc/neutron/fwaas_driver.ini - cp $NEUTRON_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME + cp $NEUTRON_FWAAS_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver" diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer index bd9dc8731b..f465cc94b4 100644 --- a/lib/neutron_plugins/services/loadbalancer +++ b/lib/neutron_plugins/services/loadbalancer @@ -17,6 +17,7 @@ function neutron_agent_lbaas_install_agent_packages { function neutron_agent_lbaas_configure_common { _neutron_service_plugin_class_add $LBAAS_PLUGIN + _neutron_deploy_rootwrap_filters $NEUTRON_LBAAS_DIR } function neutron_agent_lbaas_configure_agent { @@ -25,7 +26,7 @@ function neutron_agent_lbaas_configure_agent { LBAAS_AGENT_CONF_FILENAME="$LBAAS_AGENT_CONF_PATH/lbaas_agent.ini" - cp $NEUTRON_DIR/etc/lbaas_agent.ini $LBAAS_AGENT_CONF_FILENAME + cp $NEUTRON_LBAAS_DIR/etc/lbaas_agent.ini $LBAAS_AGENT_CONF_FILENAME # ovs_use_veth needs to be set before the plugin configuration # occurs to allow plugins to override the setting. diff --git a/lib/neutron_plugins/services/vpn b/lib/neutron_plugins/services/vpn index 07f1f35d9a..7e80b5b5f8 100644 --- a/lib/neutron_plugins/services/vpn +++ b/lib/neutron_plugins/services/vpn @@ -16,6 +16,7 @@ function neutron_vpn_install_agent_packages { function neutron_vpn_configure_common { _neutron_service_plugin_class_add $VPN_PLUGIN + _neutron_deploy_rootwrap_filters $NEUTRON_VPNAAS_DIR } function neutron_vpn_stop {