From d0d13633cd383a320535c4cdbda52ae79055a9b9 Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Fri, 27 Mar 2015 15:55:56 +0000 Subject: neutron: Remove rootwrap files not needed They are now being installed with neutron --- openstack/etc/neutron/rootwrap.conf | 34 --------------- .../etc/neutron/rootwrap.d/cisco-apic.filters | 16 -------- openstack/etc/neutron/rootwrap.d/debug.filters | 14 ------- openstack/etc/neutron/rootwrap.d/dhcp.filters | 35 ---------------- .../etc/neutron/rootwrap.d/ipset-firewall.filters | 12 ------ .../neutron/rootwrap.d/iptables-firewall.filters | 21 ---------- openstack/etc/neutron/rootwrap.d/l3.filters | 48 ---------------------- .../etc/neutron/rootwrap.d/lbaas-haproxy.filters | 26 ------------ .../neutron/rootwrap.d/linuxbridge-plugin.filters | 19 --------- .../etc/neutron/rootwrap.d/nec-plugin.filters | 12 ------ openstack/etc/neutron/rootwrap.d/ofagent.filters | 16 -------- .../neutron/rootwrap.d/openvswitch-plugin.filters | 22 ---------- openstack/etc/neutron/rootwrap.d/vpnaas.filters | 13 ------ 13 files changed, 288 deletions(-) delete mode 100644 openstack/etc/neutron/rootwrap.conf delete mode 100644 openstack/etc/neutron/rootwrap.d/cisco-apic.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/debug.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/dhcp.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/ipset-firewall.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/iptables-firewall.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/l3.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/lbaas-haproxy.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/linuxbridge-plugin.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/nec-plugin.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/ofagent.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/openvswitch-plugin.filters delete mode 100644 openstack/etc/neutron/rootwrap.d/vpnaas.filters diff --git a/openstack/etc/neutron/rootwrap.conf b/openstack/etc/neutron/rootwrap.conf deleted file mode 100644 index ab5f4393..00000000 --- a/openstack/etc/neutron/rootwrap.conf +++ /dev/null @@ -1,34 +0,0 @@ -# Configuration for neutron-rootwrap -# This file should be owned by (and only-writeable by) the root user - -[DEFAULT] -# List of directories to load filter definitions from (separated by ','). -# These directories MUST all be only writeable by root ! -filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap - -# List of directories to search executables in, in case filters do not -# explicitely specify a full path (separated by ',') -# If not specified, defaults to system PATH environment variable. -# These directories MUST all be only writeable by root ! -exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin - -# Enable logging to syslog -# Default value is False -use_syslog=False - -# Which syslog facility to use. -# Valid values include auth, authpriv, syslog, local0, local1... -# Default value is 'syslog' -syslog_log_facility=syslog - -# Which messages to log. -# INFO means log all usage -# ERROR means only log unsuccessful attempts -syslog_log_level=ERROR - -[xenapi] -# XenAPI configuration is only required by the L2 agent if it is to -# target a XenServer/XCP compute host's dom0. -xenapi_connection_url= -xenapi_connection_username=root -xenapi_connection_password= diff --git a/openstack/etc/neutron/rootwrap.d/cisco-apic.filters b/openstack/etc/neutron/rootwrap.d/cisco-apic.filters deleted file mode 100644 index 69e4afcc..00000000 --- a/openstack/etc/neutron/rootwrap.d/cisco-apic.filters +++ /dev/null @@ -1,16 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -# cisco-apic filters -lldpctl: CommandFilter, lldpctl, root - -# ip_lib filters -ip: IpFilter, ip, root -ip_exec: IpNetnsExecFilter, ip, root diff --git a/openstack/etc/neutron/rootwrap.d/debug.filters b/openstack/etc/neutron/rootwrap.d/debug.filters deleted file mode 100644 index b61d9601..00000000 --- a/openstack/etc/neutron/rootwrap.d/debug.filters +++ /dev/null @@ -1,14 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -# This is needed because we should ping -# from inside a namespace which requires root -ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+ -ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+ diff --git a/openstack/etc/neutron/rootwrap.d/dhcp.filters b/openstack/etc/neutron/rootwrap.d/dhcp.filters deleted file mode 100644 index 0712ec13..00000000 --- a/openstack/etc/neutron/rootwrap.d/dhcp.filters +++ /dev/null @@ -1,35 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -# dhcp-agent -dnsmasq: EnvFilter, dnsmasq, root, NEUTRON_NETWORK_ID= -# dhcp-agent uses kill as well, that's handled by the generic KillFilter -# it looks like these are the only signals needed, per -# neutron/agent/linux/dhcp.py -kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP -kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP - -ovs-vsctl: CommandFilter, ovs-vsctl, root -ivs-ctl: CommandFilter, ivs-ctl, root -mm-ctl: CommandFilter, mm-ctl, root -dhcp_release: CommandFilter, dhcp_release, root - -# metadata proxy -metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root -# If installed from source (say, by devstack), the prefix will be -# /usr/local instead of /usr/bin. -metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root -# RHEL invocation of the metadata proxy will report /usr/bin/python -kill_metadata: KillFilter, root, python, -9 -kill_metadata7: KillFilter, root, python2.7, -9 - -# ip_lib -ip: IpFilter, ip, root -ip_exec: IpNetnsExecFilter, ip, root diff --git a/openstack/etc/neutron/rootwrap.d/ipset-firewall.filters b/openstack/etc/neutron/rootwrap.d/ipset-firewall.filters deleted file mode 100644 index 52c66373..00000000 --- a/openstack/etc/neutron/rootwrap.d/ipset-firewall.filters +++ /dev/null @@ -1,12 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] -# neutron/agent/linux/iptables_firewall.py -# "ipset", "-A", ... -ipset: CommandFilter, ipset, root diff --git a/openstack/etc/neutron/rootwrap.d/iptables-firewall.filters b/openstack/etc/neutron/rootwrap.d/iptables-firewall.filters deleted file mode 100644 index b8a6ab5b..00000000 --- a/openstack/etc/neutron/rootwrap.d/iptables-firewall.filters +++ /dev/null @@ -1,21 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -# neutron/agent/linux/iptables_manager.py -# "iptables-save", ... -iptables-save: CommandFilter, iptables-save, root -iptables-restore: CommandFilter, iptables-restore, root -ip6tables-save: CommandFilter, ip6tables-save, root -ip6tables-restore: CommandFilter, ip6tables-restore, root - -# neutron/agent/linux/iptables_manager.py -# "iptables", "-A", ... -iptables: CommandFilter, iptables, root -ip6tables: CommandFilter, ip6tables, root diff --git a/openstack/etc/neutron/rootwrap.d/l3.filters b/openstack/etc/neutron/rootwrap.d/l3.filters deleted file mode 100644 index be69b32c..00000000 --- a/openstack/etc/neutron/rootwrap.d/l3.filters +++ /dev/null @@ -1,48 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -# arping -arping: CommandFilter, arping, root - -# l3_agent -sysctl: CommandFilter, sysctl, root -route: CommandFilter, route, root -radvd: CommandFilter, radvd, root - -# metadata proxy -metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root -# If installed from source (say, by devstack), the prefix will be -# /usr/local instead of /usr/bin. -metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root -# RHEL invocation of the metadata proxy will report /usr/bin/python -kill_metadata: KillFilter, root, python, -9 -kill_metadata7: KillFilter, root, python2.7, -9 -kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -9, -HUP -kill_radvd: KillFilter, root, /sbin/radvd, -9, -HUP - -# ip_lib -ip: IpFilter, ip, root -ip_exec: IpNetnsExecFilter, ip, root - -# ovs_lib (if OVSInterfaceDriver is used) -ovs-vsctl: CommandFilter, ovs-vsctl, root - -# iptables_manager -iptables-save: CommandFilter, iptables-save, root -iptables-restore: CommandFilter, iptables-restore, root -ip6tables-save: CommandFilter, ip6tables-save, root -ip6tables-restore: CommandFilter, ip6tables-restore, root - -# Keepalived -keepalived: CommandFilter, keepalived, root -kill_keepalived: KillFilter, root, /usr/sbin/keepalived, -HUP, -15, -9 - -# l3 agent to delete floatingip's conntrack state -conntrack: CommandFilter, conntrack, root diff --git a/openstack/etc/neutron/rootwrap.d/lbaas-haproxy.filters b/openstack/etc/neutron/rootwrap.d/lbaas-haproxy.filters deleted file mode 100644 index b4e1ecba..00000000 --- a/openstack/etc/neutron/rootwrap.d/lbaas-haproxy.filters +++ /dev/null @@ -1,26 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -# haproxy -haproxy: CommandFilter, haproxy, root - -# lbaas-agent uses kill as well, that's handled by the generic KillFilter -kill_haproxy_usr: KillFilter, root, /usr/sbin/haproxy, -9, -HUP - -ovs-vsctl: CommandFilter, ovs-vsctl, root -mm-ctl: CommandFilter, mm-ctl, root - -# ip_lib -ip: IpFilter, ip, root -ip_exec: IpNetnsExecFilter, ip, root -route: CommandFilter, route, root - -# arping -arping: CommandFilter, arping, root diff --git a/openstack/etc/neutron/rootwrap.d/linuxbridge-plugin.filters b/openstack/etc/neutron/rootwrap.d/linuxbridge-plugin.filters deleted file mode 100644 index 03df3959..00000000 --- a/openstack/etc/neutron/rootwrap.d/linuxbridge-plugin.filters +++ /dev/null @@ -1,19 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -# linuxbridge-agent -# unclear whether both variants are necessary, but I'm transliterating -# from the old mechanism -brctl: CommandFilter, brctl, root -bridge: CommandFilter, bridge, root - -# ip_lib -ip: IpFilter, ip, root -ip_exec: IpNetnsExecFilter, ip, root diff --git a/openstack/etc/neutron/rootwrap.d/nec-plugin.filters b/openstack/etc/neutron/rootwrap.d/nec-plugin.filters deleted file mode 100644 index 89c4cfe3..00000000 --- a/openstack/etc/neutron/rootwrap.d/nec-plugin.filters +++ /dev/null @@ -1,12 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -# nec_neutron_agent -ovs-vsctl: CommandFilter, ovs-vsctl, root diff --git a/openstack/etc/neutron/rootwrap.d/ofagent.filters b/openstack/etc/neutron/rootwrap.d/ofagent.filters deleted file mode 100644 index 11e42564..00000000 --- a/openstack/etc/neutron/rootwrap.d/ofagent.filters +++ /dev/null @@ -1,16 +0,0 @@ -# neutron-rootwrap command filters for nodes on which -# neutron-ofagent-agent is expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -# ovs_lib -ovs-vsctl: CommandFilter, ovs-vsctl, root - -# ip_lib -ip: IpFilter, ip, root -ip_exec: IpNetnsExecFilter, ip, root diff --git a/openstack/etc/neutron/rootwrap.d/openvswitch-plugin.filters b/openstack/etc/neutron/rootwrap.d/openvswitch-plugin.filters deleted file mode 100644 index b63a83b9..00000000 --- a/openstack/etc/neutron/rootwrap.d/openvswitch-plugin.filters +++ /dev/null @@ -1,22 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -# openvswitch-agent -# unclear whether both variants are necessary, but I'm transliterating -# from the old mechanism -ovs-vsctl: CommandFilter, ovs-vsctl, root -ovs-ofctl: CommandFilter, ovs-ofctl, root -kill_ovsdb_client: KillFilter, root, /usr/bin/ovsdb-client, -9 -ovsdb-client: CommandFilter, ovsdb-client, root -xe: CommandFilter, xe, root - -# ip_lib -ip: IpFilter, ip, root -ip_exec: IpNetnsExecFilter, ip, root diff --git a/openstack/etc/neutron/rootwrap.d/vpnaas.filters b/openstack/etc/neutron/rootwrap.d/vpnaas.filters deleted file mode 100644 index 7848136b..00000000 --- a/openstack/etc/neutron/rootwrap.d/vpnaas.filters +++ /dev/null @@ -1,13 +0,0 @@ -# neutron-rootwrap command filters for nodes on which neutron is -# expected to control network -# -# This file should be owned by (and only-writeable by) the root user - -# format seems to be -# cmd-name: filter-name, raw-command, user, args - -[Filters] - -ip: IpFilter, ip, root -ip_exec: IpNetnsExecFilter, ip, root -openswan: CommandFilter, ipsec, root -- cgit v1.2.1