Bug 1251211 - upgrading dnsmasq breaks neutron-dhcp-agent
upgrading dnsmasq breaks neutron-dhcp-agent
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-oslo-rootwrap (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
unspecified Severity unspecified
: z3
: 7.0 (Kilo)
Assigned To: Pádraig Brady
Itzik Brown
: Triaged, ZStream
: 1368476 (view as bug list)
Depends On:
Blocks: track-osp6-osp7 1368473 1368475
  Show dependency treegraph
 
Reported: 2015-08-06 13:33 EDT by Lars Kellogg-Stedman
Modified: 2016-09-05 15:10 EDT (History)
7 users (show)

See Also:
Fixed In Version: python-oslo-rootwrap-1.6.0-2.el7ost
Doc Type: Bug Fix
Doc Text:
Previously, due to mishandling of the renamed executables in the KillFilter, upgrading dnsmasq caused the neutron-dhcp-agent to break. With this release, the upgraded executables are handled correctly. As a result, the 'neutron-dhcp-agent' proceeds after the dnsmasq upgrade.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-21 12:04:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch accepted upstream (6.55 KB, application/mbox)
2015-08-31 11:30 EDT, Pádraig Brady
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1482316 None None None Never
OpenStack gerrit 210541 None None None Never

  None (edit)
Description Lars Kellogg-Stedman 2015-08-06 13:33:58 EDT
neutron-dhcp-agent relies on a rootwrap KillFilter to determine whether or not it can kill an active dnsmasq process.  The standard filter looks like this:

    kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP
    kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP

KillFilter operates by checking /proc/<pid>/exe against the path
specified in the filter.  If the dnsmasq package on the system is
updated, rpm first renames the file, so it becomes something like:

    /usr/sbin/dnsmasq;55c362c5

And then deletes it, which leaves the corresponding /proc file looking
like this:

    # ls -l /proc/23224/exe 
    lrwxrwxrwx. 1 root root 0 Aug  6 09:31 /proc/23224/exe -> /usr/sbin/dnsmasq;55c362c5 (deleted)

From this point on, the dhcp-agent process will be unable to kill that
dnsmasq process.
Comment 4 Pádraig Brady 2015-08-31 11:30:14 EDT
Created attachment 1068675 [details]
patch accepted upstream
Comment 7 Itzik Brown 2015-12-07 01:52:33 EST
Check with:
python-oslo-rootwrap-1.6.0-2.el7ost.noarch
python-neutron-2015.1.2-2.el7ost.noarch

How verified:
1. Created an network and a subnet
2. Checked dnsmasq PID 
3. Ran: yum reinstall dnsmasq
4. ls -l /proc/48216/exe 
lrwxrwxrwx. 1 root root 0 Dec  7 08:41 /proc/48216/exe -> /usr/sbin/dnsmasq;56652a46 (deleted)
5. Restarted dhcp agent: systemctl restart neutron-dhcp-agent 
6. Verified dnsmasq PID has been changed.
Comment 9 errata-xmlrpc 2015-12-21 12:04:13 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2015:2676
Comment 10 Victor Stinner 2016-08-24 12:11:40 EDT
*** Bug 1368475 has been marked as a duplicate of this bug. ***
Comment 11 Victor Stinner 2016-09-05 15:06:19 EDT
*** Bug 1368476 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.