Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1228096 - rootwrap daemon mode should be enabled
rootwrap daemon mode should be enabled
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
urgent Severity urgent
: ga
: 7.0 (Kilo)
Assigned To: Ihar Hrachyshka
Eran Kuris
:
Depends On: 1230438 1230900
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-04 04:08 EDT by Ihar Hrachyshka
Modified: 2016-04-26 10:39 EDT (History)
8 users (show)

See Also:
Fixed In Version: openstack-neutron-2015.1.0-8.el7ost
Doc Type: Release Note
Doc Text:
In Kilo, Neutron services now can rely on so called rootwrap daemon to execute external commands like 'ip' or 'sysctl'. The daemon pre-caches rootwrap filters and drastically improves overall agent performance. For RHEL-OSP7, rootwrap daemon is enabled by default. If you want to avoid using it and stick to another root privilege separation mechanism like 'sudo', then make sure you also disable the daemon by setting 'root_helper_daemon =' in [agent] section of your neutron.conf file.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-05 09:24:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2015:1548 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2015-08-05 13:07:06 EDT

  None (edit)
Description Ihar Hrachyshka 2015-06-04 04:08:28 EDT 
Kilo introduced a new feature for neutron: rootwrap daemon mode, that drastically enhances performance for agents that extensively call to external tools like ip or sysctl or radvd (it means e.g. ovs or l3 agent).

It would be great to see the feature enabled by default since OSP7.
Comment 4 Ihar Hrachyshka 2015-06-04 09:36:58 EDT 
Ofer, the daemon is spawned by neutron itself, and is not controlled by any external system (like systemd). The idea is that neutron spawns it once, and then communicate with it using a local UNIX socket.

To test the setup, you just upgrade the package and make sure that agents still behave correctly (l2, l3), updating ports and bridges and namespaces based on user actions. Any regression or integration tests would do it.
Comment 5 Ihar Hrachyshka 2015-06-05 05:57:51 EDT 
Targeting to GA as per Livnat and Nir.
Comment 8 Eran Kuris 2015-06-21 07:12:18 EDT 
Verified on OSP7 on rhel 7 
# rpm -qa |grep neutron 
openstack-neutron-common-2015.1.0-8.el7ost.noarch
python-neutron-lbaas-2015.1.0-5.el7ost.noarch
python-neutron-fwaas-2015.1.0-3.el7ost.noarch
python-neutronclient-2.4.0-1.el7ost.noarch
openstack-neutron-fwaas-2015.1.0-3.el7ost.noarch
python-neutron-2015.1.0-8.el7ost.noarch
openstack-neutron-openvswitch-2015.1.0-8.el7ost.noarch
openstack-neutron-2015.1.0-8.el7ost.noarch
openstack-neutron-ml2-2015.1.0-8.el7ost.noarch
openstack-neutron-lbaas-2015.1.0-5.el7ost.noarch


Configured setup with 2 VM  , router .
checked full connectivity internal network and external network  with floating IP .
Comment 10 errata-xmlrpc 2015-08-05 09:24:47 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1548
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.