Include additional filters_path in rootwrap.conf
Neutron plugins (for ex. TaaS) using their own rootwrap filters install those filter files in /var/lib/openstack/etc/neutron/rootwrap.d directory. Therefore this path should be added to neutron values.conf file to let these plugins function correctly. Change-Id: Ia76153b50e2e22cb606b8c0f811119b3f71217d2
This commit is contained in:
Deepak Tiwari
Tin Lam
parent
243f74f10d
commit
adee9c4fe4
neutron
@ -166,9 +166,6 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
||||||
{{- if ( has "ovs_agent" $value.pods ) }}
|
{{- if ( has "ovs_agent" $value.pods ) }}
|
||||||
{{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }}
|
|
||||||
## if taas is not enabled, do not include taas.filters
|
|
||||||
{{- else }}
|
|
||||||
{{- $filePrefix := replace "_" "-" $key }}
|
{{- $filePrefix := replace "_" "-" $key }}
|
||||||
{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
|
{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
|
||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
@ -177,7 +174,6 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
|
||||||
- name: run
|
- name: run
|
||||||
mountPath: /run
|
mountPath: /run
|
||||||
{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
|
||||||
@ -247,9 +243,6 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
||||||
{{- if ( has "ovs_agent" $value.pods ) }}
|
{{- if ( has "ovs_agent" $value.pods ) }}
|
||||||
{{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }}
|
|
||||||
## if taas is not enabled, do not include taas.filters
|
|
||||||
{{- else }}
|
|
||||||
{{- $filePrefix := replace "_" "-" $key }}
|
{{- $filePrefix := replace "_" "-" $key }}
|
||||||
{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
|
{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
|
||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
@ -258,7 +251,6 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
|
||||||
- name: run
|
- name: run
|
||||||
mountPath: /run
|
mountPath: /run
|
||||||
{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
|
||||||
|
|||||||
@ -117,9 +117,6 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
||||||
{{- if ( has "sriov_agent" $value.pods ) }}
|
{{- if ( has "sriov_agent" $value.pods ) }}
|
||||||
{{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }}
|
|
||||||
## if taas is not enabled, do not include taas.filters
|
|
||||||
{{- else }}
|
|
||||||
{{- $filePrefix := replace "_" "-" $key }}
|
{{- $filePrefix := replace "_" "-" $key }}
|
||||||
{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
|
{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
|
||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
@ -128,7 +125,6 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
|
||||||
- name: run
|
- name: run
|
||||||
mountPath: /run
|
mountPath: /run
|
||||||
{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
|
||||||
@ -196,9 +192,6 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
|
||||||
{{- if ( has "sriov_agent" $value.pods ) }}
|
{{- if ( has "sriov_agent" $value.pods ) }}
|
||||||
{{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }}
|
|
||||||
## if taas is not enabled, do not include taas.filters
|
|
||||||
{{- else }}
|
|
||||||
{{- $filePrefix := replace "_" "-" $key }}
|
{{- $filePrefix := replace "_" "-" $key }}
|
||||||
{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
|
{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
|
||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
@ -207,7 +200,6 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
|
||||||
- name: run
|
- name: run
|
||||||
mountPath: /run
|
mountPath: /run
|
||||||
{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
|
||||||
|
|||||||
@ -1261,7 +1261,7 @@ conf:
|
|||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
# List of directories to load filter definitions from (separated by ',').
|
# List of directories to load filter definitions from (separated by ',').
|
||||||
# These directories MUST all be only writeable by root !
|
# These directories MUST all be only writeable by root !
|
||||||
filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap
|
filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap,/var/lib/openstack/etc/neutron/rootwrap.d
|
||||||
|
|
||||||
# List of directories to search executables in, in case filters do not
|
# List of directories to search executables in, in case filters do not
|
||||||
# explicitely specify a full path (separated by ',')
|
# explicitely specify a full path (separated by ',')
|
||||||
@ -1691,23 +1691,6 @@ conf:
|
|||||||
# NOTE: A second `--config-file` arg can also be added above. Since
|
# NOTE: A second `--config-file` arg can also be added above. Since
|
||||||
# many neutron components are installed like that (eg: by devstack).
|
# many neutron components are installed like that (eg: by devstack).
|
||||||
# Adjust to suit local requirements.
|
# Adjust to suit local requirements.
|
||||||
taas:
|
|
||||||
pods:
|
|
||||||
- ovs_agent
|
|
||||||
- sriov_agent
|
|
||||||
content: |
|
|
||||||
# neutron-rootwrap command filters for nodes on which neutron
|
|
||||||
# tap-as-a-service(taas) is eanbled. Taas uses this command
|
|
||||||
# as part of its flow control.
|
|
||||||
|
|
||||||
# format seems to be
|
|
||||||
# cmd-name: filter-name, raw-command, user, args
|
|
||||||
|
|
||||||
[Filters]
|
|
||||||
|
|
||||||
# This is needed to allow taas to insert/remove vlan id to the
|
|
||||||
# target vf under /sys/class/net/[device-name]/device/sriov/[vf-index]/[mirror]
|
|
||||||
i40e_sysfs_command: RegExpFilter, i40e_sysfs_command, root, i40e_sysfs_command, \w+, .+, .+
|
|
||||||
linux_vxlan:
|
linux_vxlan:
|
||||||
pods:
|
pods:
|
||||||
- bagpipe_bgp
|
- bagpipe_bgp
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user