python-neutron-dynamic-routing 2:12.0.0-0ubuntu1 / usr / lib / python2.7 / dist-packages / neutron_dynamic_routing / tests / contrib / gate_hook.sh

This file is indexed.

/usr/lib/python2.7/dist-packages/neutron_dynamic_routing/tests/contrib/gate_hook.sh is in python-neutron-dynamic-routing 2:12.0.0-0ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/usr/bin/env bash

set -xe

PROJECT_NAME=neutron-dynamic-routing
GATE_DEST=$BASE/new
NEUTRON_PATH=$GATE_DEST/neutron
DR_PATH=$GATE_DEST/$PROJECT_NAME
DEVSTACK_PATH=$GATE_DEST/devstack
APPARMOR_PROFILE_PATH=/etc/apparmor.d
QUAGGA_CONFIG_PATH=/tmp/ctn_docker

VENV=${1:-"dsvm-functional"}

# NOTE(kakuma)
# Check apparmor to avoid the following error for docker operation.
#   "oci runtime error: apparmor failed to apply profile: no such file or directory"
# This is a temporary solution. This needs to be fixed in a better way.
function check_apparmor_for_docker {
    if [[ -d $APPARMOR_PROFILE_PATH ]]
    then
        if [[ ! -f $APPARMOR_PROFILE_PATH/docker ]]
        then
cat << EOF > /tmp/docker
#include <tunables/global>


profile docker-default flags=(attach_disconnected,mediate_deleted) {

  #include <abstractions/base>


  network,
  capability,
  file,
  umount,

  deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
  # deny write to files not in /proc/<number>/** or /proc/sys/**
  deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
  deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
  deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
  deny @{PROC}/sysrq-trigger rwklx,
  deny @{PROC}/mem rwklx,
  deny @{PROC}/kmem rwklx,
  deny @{PROC}/kcore rwklx,

  deny mount,

  deny /sys/[^f]*/** wklx,
  deny /sys/f[^s]*/** wklx,
  deny /sys/fs/[^c]*/** wklx,
  deny /sys/fs/c[^g]*/** wklx,
  deny /sys/fs/cg[^r]*/** wklx,
  deny /sys/firmware/efi/efivars/** rwklx,
  deny /sys/kernel/security/** rwklx,


  # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
  ptrace (trace,read) peer=docker-default,

}
EOF
            chmod 0644 /tmp/docker
            sudo chown root:root /tmp/docker
            sudo mv /tmp/docker $APPARMOR_PROFILE_PATH/docker
            sudo service apparmor restart
            sudo service docker restart
        fi
    fi
}

function configure_docker_test_env {
    local docker_pkg

    sudo bash -c 'echo "tempest ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers'
    sudo apt-get update
    if apt-cache search docker-engine | grep docker-engine; then
        docker_pkg=docker-engine
    else
        docker_pkg=docker.io
    fi
    sudo apt-get install -y $docker_pkg
}

function do_devstack_gate {
    local gate_retval
    set +e
    $GATE_DEST/devstack-gate/devstack-vm-gate.sh
    gate_retval=$?
    if [[ -d $QUAGGA_CONFIG_PATH ]]
    then
        sudo cp -r $QUAGGA_CONFIG_PATH /opt/stack/logs/bgp_dr_docker
    fi
    set -e
    return $gate_retval
}

if [[ "$VENV" == dsvm-functional* ]]
then
    # The following need to be set before sourcing
    # configure_for_func_testing.
    GATE_STACK_USER=stack
    IS_GATE=True

    source $DEVSTACK_PATH/functions
    source $NEUTRON_PATH/devstack/lib/ovs
    source $NEUTRON_PATH/tools/configure_for_func_testing.sh

    enable_plugin $PROJECT_NAME https://git.openstack.org/openstack/$PROJECT_NAME

    # Make the workspace owned by the stack user
    sudo chown -R $STACK_USER:$STACK_USER $BASE

elif [[ "$VENV" == dsvm-api* ]]
then
    export DEVSTACK_LOCAL_CONFIG+=$'\n'"NETWORK_API_EXTENSIONS=all"
    $GATE_DEST/devstack-gate/devstack-vm-gate.sh

elif [[ "$VENV" == dsvm-scenario* ]]
then
    sudo apt-get update
    sudo apt-get install -y --reinstall apparmor
    configure_docker_test_env
    check_apparmor_for_docker
    DEVSTACK_LOCAL_CONFIG+=$'\n'"NETWORK_API_EXTENSIONS=all"
    export DEVSTACK_LOCAL_CONFIG+=$'\n'"BGP_SCHEDULER_DRIVER=neutron_dynamic_routing.services.bgp.scheduler.bgp_dragent_scheduler.ChanceScheduler"

    do_devstack_gate

else
    echo "Unrecognized environment $VENV".
    exit 1
fi

APT Browse - Built by Thomas Orozco.