5dcf4e4521
Fix bug 1037815 Summary: Copy/paste the essential parts of the rootwrap mechanism from nova/cinder into quantum. This includes the core changes to filter.py and wrapper.py which deal with loading filters from files pointed to by rootwrap.conf Detailed changes: Transliterate the old rootwrap/*-agent.py files to new format, and put the results in etc/quantum/rootwrap.d Delete the *-agent.py files. Add conf to point to etc/quantum/rootwrap.d Add a unit test cribbed from nova to exercise the filter mechanism Add a unit test to exercise the actual filtered execution Note that as written, this patch does not set the default execute mechanism (in the agent .ini files) to rootwrap, leaves it as sudo. That can be done in a followon change, or in distro specific packaging. Note also that there is still work to do around finishing and testing the filter specs themselves. We've decided that that is out of scope for this patch. Change-Id: I9aba6adc5ba40b6145be5fa38c5ece3b666ae5ca
41 lines
1.4 KiB
INI
41 lines
1.4 KiB
INI
# Sample Configurations
|
|
|
|
[DATABASE]
|
|
# This line MUST be changed to actually run the plugin.
|
|
# Example:
|
|
# sql_connection = mysql://root:nova@127.0.0.1:3306/ovs_quantum
|
|
# Replace 127.0.0.1 above with the IP address of the database used by the
|
|
# main quantum server. (Leave it as is if the database runs on this host.)
|
|
sql_connection = sqlite://
|
|
# Database reconnection retry times - in event connectivity is lost
|
|
# set to -1 implies an infinite retry count
|
|
# sql_max_retries = 10
|
|
# Database reconnection interval in seconds - in event connectivity is lost
|
|
reconnect_interval = 2
|
|
|
|
[OVS]
|
|
# Do not change this parameter unless you have a good reason to.
|
|
# This is the name of the OVS integration bridge. There is one per hypervisor.
|
|
# The integration bridge acts as a virtual "patch port". All VM VIFs are
|
|
# attached to this bridge and then "patched" according to their network
|
|
# connectivity.
|
|
integration_bridge = br-int
|
|
|
|
[AGENT]
|
|
# Agent's polling interval in seconds
|
|
polling_interval = 2
|
|
# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
|
|
# root filter facility.
|
|
# Change to "sudo" to skip the filtering and just run the comand directly
|
|
root_helper = sudo
|
|
|
|
[OFC]
|
|
# Specify OpenFlow Controller Host, Port and Driver to connect.
|
|
host = 127.0.0.1
|
|
port = 8888
|
|
# Drivers are in quantum/plugins/nec/drivers/ .
|
|
driver = trema
|
|
# PacketFilter is available when it's enabled in this configuration
|
|
# and supported by the driver.
|
|
enable_packet_filter = true
|