neutron

  1. Bug #1872940
  2. Comment #1

Comment 1 for bug 1872940

Revision history for this message
Ian Kumlien (pomac) wrote :

Yes, the current code (since 2015) states:
        return ip_wrapper.netns.execute(
            [ns_wrapper,
             '--mount_paths=/etc:%s/etc,%s:%s/var/run' % (
                 self.config_dir, self._strongswan_piddir, self.config_dir),
             ('--rootwrap_config=%s' % self._rootwrap_cfg
                 if self._rootwrap_cfg else ''),
             '--cmd=%s' % ','.join(cmd)],
--

But it should be /run not /var/run but due to legacy we can't say if /var/run should be removed...

Would something like this work:
--- a/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py
+++ b/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py
@@ -113,8 +113,8 @@ class StrongSwanProcess(ipsec.BaseSwanProcess):
         ns_wrapper = self.get_ns_wrapper()
         return ip_wrapper.netns.execute(
             [ns_wrapper,
- '--mount_paths=/etc:%s/etc,%s:%s/var/run' % (
- self.config_dir, self._strongswan_piddir, self.config_dir),
+ '--mount_paths=/etc:%s/etc,%s:%s/var/run,%s:%s/run' % (
+ self.config_dir, self._strongswan_piddir, self.config_dir, self._strongswan_piddir, self.config_dir),
              ('--rootwrap_config=%s' % self._rootwrap_cfg
                  if self._rootwrap_cfg else ''),
              '--cmd=%s' % ','.join(cmd)],

---

Completely untested.