Bug 1595177

Summary: netns-cleanup does not work because it's not configuring privsep properly at boot
Product: Red Hat OpenStack Reporter: Miguel Angel Ajo <majopela>
Component: openstack-neutronAssignee: Slawek Kaplonski <skaplons>
Status: CLOSED ERRATA QA Contact: Federico Ressi <fressi>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: amuller, chrisw, nyechiel, ragiman, srevivo
Target Milestone: z1Keywords: Triaged, ZStream
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-neutron-12.0.2-0.20180421011363.0ec54fd.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-07-19 13:53:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miguel Angel Ajo 2018-06-26 09:54:21 UTC 
Description of problem:

2018-06-26 08:48:15.703 841502 INFO neutron.common.config [-] Logging enabled!
2018-06-26 08:48:15.704 841502 INFO neutron.common.config [-] /usr/bin/neutron-netns-cleanup version 12.0.2.dev22
2018-06-26 08:48:15.704 841502 DEBUG neutron.common.config [-] command line: /usr/bin/neutron-netns-cleanup --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent --log-file=/var/log/neutron/netns-cleanup-l3.log setup_logging /usr/lib/python2.7/site-packages/neutron/common/config.py:104
2018-06-26 08:48:15.706 841502 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/l3_agent.ini', '--config-dir', '/etc/neutron/conf.d/neutron-l3-agent', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpxj1BNu/privsep.sock']
2018-06-26 08:48:15.730 841502 WARNING oslo.privsep.daemon [-] privsep log:
2018-06-26 08:48:15.730 841502 WARNING oslo.privsep.daemon [-] privsep log: We trust you have received the usual lecture from the local System
2018-06-26 08:48:15.731 841502 WARNING oslo.privsep.daemon [-] privsep log: Administrator. It usually boils down to these three things:
2018-06-26 08:48:15.731 841502 WARNING oslo.privsep.daemon [-] privsep log:
2018-06-26 08:48:15.731 841502 WARNING oslo.privsep.daemon [-] privsep log:     #1) Respect the privacy of others.
2018-06-26 08:48:15.732 841502 WARNING oslo.privsep.daemon [-] privsep log:     #2) Think before you type.
2018-06-26 08:48:15.732 841502 WARNING oslo.privsep.daemon [-] privsep log:     #3) With great power comes great responsibility.
2018-06-26 08:48:15.732 841502 WARNING oslo.privsep.daemon [-] privsep log:
2018-06-26 08:48:18.618 841502 CRITICAL neutron [-] Unhandled error: KeyboardInterrupt
2018-06-26 08:48:18.618 841502 ERROR neutron Traceback (most recent call last):
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/bin/neutron-netns-cleanup", line 10, in <module>
2018-06-26 08:48:18.618 841502 ERROR neutron     sys.exit(main())
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/cmd/netns_cleanup.py", line 289, in main
2018-06-26 08:48:18.618 841502 ERROR neutron     cleanup_network_namespaces(conf)
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/cmd/netns_cleanup.py", line 259, in cleanup_network_namespaces
2018-06-26 08:48:18.618 841502 ERROR neutron     ip_lib.list_network_namespaces()
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/agent/linux/ip_lib.py", line 1051, in list_network_namespaces
2018-06-26 08:48:18.618 841502 ERROR neutron     return privileged.list_netns(**kwargs)
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_privsep/priv_context.py", line 206, in _wrap
2018-06-26 08:48:18.618 841502 ERROR neutron     self.start()
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_privsep/priv_context.py", line 217, in start
2018-06-26 08:48:18.618 841502 ERROR neutron     channel = daemon.RootwrapClientChannel(context=self)
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_privsep/daemon.py", line 323, in __init__
2018-06-26 08:48:18.618 841502 ERROR neutron     if proc.wait() != 0:
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib64/python2.7/subprocess.py", line 1376, in wait
2018-06-26 08:48:18.618 841502 ERROR neutron     pid, sts = _eintr_retry_call(os.waitpid, self.pid, 0)
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib64/python2.7/subprocess.py", line 478, in _eintr_retry_call
2018-06-26 08:48:18.618 841502 ERROR neutron     return func(*args)


Version-Release number of selected component (if applicable):

$ rpm -qa | grep neutron
python-neutron-12.0.2-0.20180421011362.0ec54fd.el7ost.noarch

How reproducible:
Alwa

Steps to Reproduce:
1. Run netns cleanup inside a container

`paunch debug --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_4.json --action print-cmd --container neutron_l3_agent --interactive ` bash

2. kolla_set_configs
3. neutron-ovs-cleanup --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent --log-file=/var/log/neutron/netns-cleanup-l3.log --debug


Actual results:

Sudo will ask you for password (user neutron)

Expected results:

It runs without issues.

Additional info:
Comment 17 errata-xmlrpc 2018-07-19 13:53:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2215