def get_nova_config_files(): global __NOVA_CONFIG_FILES if __NOVA_CONFIG_FILES is not None: return __NOVA_CONFIG_FILES NOVA_CONFIG_FILES = { NOVA_CONF: { 'hook_contexts': [ NetworkServiceContext(), NeutronGatewayContext(), SyslogContext(), context.WorkerConfigContext(), context.ZeroMQContext(), context.NotificationDriverContext(), NovaMetadataContext() ], 'services': ['nova-api-metadata'] }, NOVA_API_METADATA_AA_PROFILE_PATH: { 'services': ['nova-api-metadata'], 'hook_contexts': [context.AppArmorContext(NOVA_API_METADATA_AA_PROFILE)], }, VENDORDATA_FILE: { 'services': [], 'hook_contexts': [NovaMetadataJSONContext('neutron-common')], }, } return NOVA_CONFIG_FILES
def configure_apparmor(): '''Configure all apparmor profiles for the local unit''' profiles = deepcopy(APPARMOR_PROFILES) cmp_os_source = CompareOpenStackReleases(os_release('neutron-common')) if cmp_os_source >= 'newton': profiles.remove(NEUTRON_LBAAS_AA_PROFILE) profiles.append(NEUTRON_LBAASV2_AA_PROFILE) for profile in profiles: context.AppArmorContext(profile).setup_aa_profile()
NOVA_CONF: { 'hook_contexts': [ NetworkServiceContext(), NeutronGatewayContext(), SyslogContext(), context.WorkerConfigContext(), context.ZeroMQContext(), context.NotificationDriverContext(), NovaMetadataContext() ], 'services': ['nova-api-metadata'] }, NOVA_API_METADATA_AA_PROFILE_PATH: { 'services': ['nova-api-metadata'], 'hook_contexts': [context.AppArmorContext(NOVA_API_METADATA_AA_PROFILE)], }, VENDORDATA_FILE: { 'services': [], 'hook_contexts': [NovaMetadataJSONContext('neutron-common')], }, } NEUTRON_SHARED_CONFIG_FILES = { NEUTRON_DHCP_AGENT_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-dhcp-agent'] }, NEUTRON_DNSMASQ_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-dhcp-agent']
def get_config_files(): global __CONFIG_FILES if __CONFIG_FILES is not None: return __CONFIG_FILES NOVA_CONFIG_FILES = get_nova_config_files() NEUTRON_SHARED_CONFIG_FILES = { NEUTRON_DHCP_AGENT_CONF: { 'hook_contexts': [DHCPAgentContext()], 'services': ['neutron-dhcp-agent'] }, NEUTRON_DNSMASQ_CONF: { 'hook_contexts': [DHCPAgentContext()], 'services': ['neutron-dhcp-agent'] }, NEUTRON_METADATA_AGENT_CONF: { 'hook_contexts': [ NetworkServiceContext(), DHCPAgentContext(), context.WorkerConfigContext(), NeutronGatewayContext(), NovaMetadataContext() ], 'services': ['neutron-metadata-agent'] }, NEUTRON_DHCP_AA_PROFILE_PATH: { 'services': ['neutron-dhcp-agent'], 'hook_contexts': [context.AppArmorContext(NEUTRON_DHCP_AA_PROFILE)], }, NEUTRON_LBAAS_AA_PROFILE_PATH: { 'services': ['neutron-lbaas-agent'], 'hook_contexts': [context.AppArmorContext(NEUTRON_LBAAS_AA_PROFILE)], }, NEUTRON_LBAASV2_AA_PROFILE_PATH: { 'services': ['neutron-lbaasv2-agent'], 'hook_contexts': [context.AppArmorContext(NEUTRON_LBAASV2_AA_PROFILE)], }, NEUTRON_METADATA_AA_PROFILE_PATH: { 'services': ['neutron-metadata-agent'], 'hook_contexts': [context.AppArmorContext(NEUTRON_METADATA_AA_PROFILE)], }, NEUTRON_METERING_AA_PROFILE_PATH: { 'services': ['neutron-metering-agent'], 'hook_contexts': [context.AppArmorContext(NEUTRON_METERING_AA_PROFILE)], }, } NEUTRON_SHARED_CONFIG_FILES.update(NOVA_CONFIG_FILES) NEUTRON_OVS_CONFIG_FILES = { NEUTRON_CONF: { 'hook_contexts': [ context.AMQPContext(ssl_dir=NEUTRON_CONF_DIR), NeutronGatewayContext(), SyslogContext(), context.ZeroMQContext(), context.WorkerConfigContext(), context.NotificationDriverContext() ], 'services': [ 'neutron-l3-agent', 'neutron-dhcp-agent', 'neutron-metadata-agent', 'neutron-plugin-openvswitch-agent', 'neutron-plugin-metering-agent', 'neutron-metering-agent', 'neutron-lbaas-agent', 'neutron-vpn-agent' ] }, NEUTRON_L3_AGENT_CONF: { 'hook_contexts': [ NetworkServiceContext(), L3AgentContext(), NeutronGatewayContext() ], 'services': ['neutron-l3-agent', 'neutron-vpn-agent'] }, NEUTRON_METERING_AGENT_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-plugin-metering-agent', 'neutron-metering-agent'] }, NEUTRON_LBAAS_AGENT_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-lbaas-agent'] }, NEUTRON_VPNAAS_AGENT_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-vpn-agent'] }, NEUTRON_FWAAS_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-l3-agent', 'neutron-vpn-agent'] }, NEUTRON_ML2_PLUGIN_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-plugin-openvswitch-agent'] }, NEUTRON_OVS_AGENT_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-plugin-openvswitch-agent'] }, NEUTRON_OVS_AA_PROFILE_PATH: { 'services': ['neutron-plugin-openvswitch-agent'], 'hook_contexts': [context.AppArmorContext(NEUTRON_OVS_AA_PROFILE)], }, NEUTRON_L3_AA_PROFILE_PATH: { 'services': ['neutron-l3-agent', 'neutron-vpn-agent'], 'hook_contexts': [context.AppArmorContext(NEUTRON_L3_AA_PROFILE)], }, EXT_PORT_CONF: { 'hook_contexts': [ExternalPortContext()], 'services': ['ext-port'] }, PHY_NIC_MTU_CONF: { 'hook_contexts': [PhyNICMTUContext()], 'services': ['os-charm-phy-nic-mtu'] } } NEUTRON_OVS_CONFIG_FILES.update(NEUTRON_SHARED_CONFIG_FILES) NEUTRON_OVS_ODL_CONFIG_FILES = { NEUTRON_CONF: { 'hook_contexts': [ context.AMQPContext(ssl_dir=NEUTRON_CONF_DIR), NeutronGatewayContext(), SyslogContext(), context.ZeroMQContext(), context.WorkerConfigContext(), context.NotificationDriverContext() ], 'services': [ 'neutron-l3-agent', 'neutron-dhcp-agent', 'neutron-metadata-agent', 'neutron-plugin-metering-agent', 'neutron-metering-agent', 'neutron-lbaas-agent', 'neutron-vpn-agent' ] }, NEUTRON_L3_AGENT_CONF: { 'hook_contexts': [ NetworkServiceContext(), L3AgentContext(), NeutronGatewayContext() ], 'services': ['neutron-l3-agent', 'neutron-vpn-agent'] }, NEUTRON_METERING_AGENT_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-plugin-metering-agent', 'neutron-metering-agent'] }, NEUTRON_LBAAS_AGENT_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-lbaas-agent'] }, NEUTRON_VPNAAS_AGENT_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-vpn-agent'] }, NEUTRON_FWAAS_CONF: { 'hook_contexts': [NeutronGatewayContext()], 'services': ['neutron-l3-agent', 'neutron-vpn-agent'] }, EXT_PORT_CONF: { 'hook_contexts': [ExternalPortContext()], 'services': ['ext-port'] }, PHY_NIC_MTU_CONF: { 'hook_contexts': [PhyNICMTUContext()], 'services': ['os-charm-phy-nic-mtu'] } } NEUTRON_OVS_ODL_CONFIG_FILES.update(NEUTRON_SHARED_CONFIG_FILES) NEUTRON_NSX_CONFIG_FILES = { NEUTRON_CONF: { 'hook_contexts': [ context.AMQPContext(ssl_dir=NEUTRON_CONF_DIR), NeutronGatewayContext(), context.WorkerConfigContext(), SyslogContext() ], 'services': ['neutron-dhcp-agent', 'neutron-metadata-agent'] }, } NEUTRON_NSX_CONFIG_FILES.update(NEUTRON_SHARED_CONFIG_FILES) NEUTRON_N1KV_CONFIG_FILES = { NEUTRON_CONF: { 'hook_contexts': [ context.AMQPContext(ssl_dir=NEUTRON_CONF_DIR), NeutronGatewayContext(), context.WorkerConfigContext(), SyslogContext() ], 'services': [ 'neutron-l3-agent', 'neutron-dhcp-agent', 'neutron-metadata-agent' ] }, NEUTRON_L3_AGENT_CONF: { 'hook_contexts': [ NetworkServiceContext(), L3AgentContext(), NeutronGatewayContext() ], 'services': ['neutron-l3-agent'] }, } NEUTRON_N1KV_CONFIG_FILES.update(NEUTRON_SHARED_CONFIG_FILES) __CONFIG_FILES = { NSX: NEUTRON_NSX_CONFIG_FILES, OVS: NEUTRON_OVS_CONFIG_FILES, N1KV: NEUTRON_N1KV_CONFIG_FILES, OVS_ODL: NEUTRON_OVS_ODL_CONFIG_FILES } return __CONFIG_FILES