Bug 1322522

Summary: neutron services trying to run as non-existent neutron user
Product: Red Hat OpenStack Reporter: Jason Montleon <jmontleo>
Component: openstack-neutronAssignee: Nir Magnezi <nmagnezi>
Status: CLOSED ERRATA QA Contact: GenadiC <gcheresh>
Severity: urgent Docs Contact:
Priority: high    
Version: 8.0 (Liberty)CC: adahms, amuller, chrisw, jlibosva, jmontleo, mburns, nyechiel, rhel-osp-director-maint, srevivo
Target Milestone: asyncKeywords: Rebase, ZStream
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-neutron-7.0.4-3.el7ost Doc Type: Bug Fix
Doc Text:
Previously, the openstack-neutron-common package did not require the shadow-utils package. This prevented the 'neutron' user from being created when the openstack-neutron-common package was installed, resulting in Neutron being unable to execute commands on hypervisors. With this update, the openstack-neutron-common package now requires the shadow-utils package, and the 'neutron' user is correctly created.
 Story Points: ---
Clone Of:
: 1328781 1328783 (view as bug list) Environment:
Last Closed: 2016-06-01 12:28:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1212602, 1328781, 1328783    

Description Jason Montleon 2016-03-30 15:55:52 UTC 
Description of problem:
During installation I hit the following error:

Notice: /Stage[main]/Neutron::Keystone::Auth/Keystone::Resource::Service_identity[neutron]/Keystone_user_role[neutron@service]/ensure: created
Error: Could not start Service[neutron-server]: Execution of '/bin/systemctl start neutron-server' returned 1: Job for neutron-server.service failed because the control process exited with error code. See "systemctl status neutron-server.service" and "journalctl -xe" for details.
Wrapped exception:
Execution of '/bin/systemctl start neutron-server' returned 1: Job for neutron-server.service failed because the control process exited with error code. See "systemctl status neutron-server.service" and "journalctl -xe" for details.
Error: /Stage[main]/Neutron::Server/Service[neutron-server]/ensure: change from stopped to running failed: Could not start Service[neutron-server]: Execution of '/bin/systemctl start neutron-server' returned 1: Job for neutron-server.service failed because the control process exited with error code. See "systemctl status neutron-server.service" and "journalctl -xe" for details.
Notice: /Stage[main]/Neutron::Server/Service[neutron-server]: Triggered 'refresh' from 15 events

Version-Release number of selected component (if applicable):
openstack-neutron-7.0.1-14.el7ost.noarch
openstack-puppet-modules-7.0.17-1.el7ost.noarch
instack-undercloud-2.2.7-1.el7ost.noarch

In /usr/lib/systemd/system/neutron-server.service, etc. the User=neutron is set.

In /etc/passwd there is no neutron user.

Changing the user to root, systemctl daemon-reload, and restarting the services, as does creating the neutron user and fixing permissions on a number of files, however neither manual approach should be necessary.
Comment 2 Mike Burns 2016-04-07 21:36:02 UTC 
This bug did not make the OSP 8.0 release.  It is being deferred to OSP 10.
Comment 3 Jason Montleon 2016-04-14 14:50:01 UTC 
This is happening because the user creation in %pre is not happening if the package is installed in a kickstart. If I reinstall it after the host reboots or i reinstall it during the kickstart %post script I get the user.

I think maybe your Requires(pre): shadow-utils is misplaced on openstack-neutron whereas the user is created when openstack-neutron-common is installed, which can probably happen before openstack-neutron.
Comment 4 Nir Magnezi 2016-04-17 14:13:05 UTC 
Submitted this spec update: https://review.gerrithub.io/#/c/273187

Some comments inline:

(In reply to Jason Montleon from comment #3)
> This is happening because the user creation in %pre is not happening if the
> package is installed in a kickstart. If I reinstall it after the host
> reboots or i reinstall it during the kickstart %post script I get the user.
> 

I understand what you are saying here, but how does the change suggested below should overcome this kickstack scenario?

> I think maybe your Requires(pre): shadow-utils is misplaced on
> openstack-neutron whereas the user is created when openstack-neutron-common
> is installed, which can probably happen before openstack-neutron.

The patch I submitted to moves shadow-utils to be a requirement of openstack-neutron-common.
Comment 5 Jason Montleon 2016-04-18 16:17:21 UTC 
If you move 'Requires(pre): shadow-utils' to openstack-neutron-common then even in a kickstart scenario it will not try to install openstack-neutron-common prior to shadow-utils being installed. As long as shadow-utils is installed and the appropriate utils are available the user should be created when openstack-neutron-common is installed.

Right now there is nothing to ensure shadow-utils is installed prior to openstack-neutron-common, so at least in my case it's allowing the installation of openstack-neutron-common prior to shadow-utils being installed. The 'exit 0' at the end of the %pre script is probably hiding the failure during the install, otherwise I expect I'd see an error about useradd not existing...
Comment 9 errata-xmlrpc 2016-06-01 12:28:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1196