Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1251211

Summary: upgrading dnsmasq breaks neutron-dhcp-agent
Product: Red Hat OpenStack Reporter: Lars Kellogg-Stedman <lars>
Component: python-oslo-rootwrapAssignee: Pádraig Brady <pbrady>
Status: CLOSED ERRATA QA Contact: Itzik Brown <itbrown>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0 (Kilo)CC: achernet, apevec, dnavale, lhh, oblaut, vstinner, yeylon
Target Milestone: z3Keywords: Triaged, ZStream
Target Release: 7.0 (Kilo)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-oslo-rootwrap-1.6.0-2.el7ost Doc Type: Bug Fix
Doc Text:
Previously, due to mishandling of the renamed executables in the KillFilter, upgrading dnsmasq caused the neutron-dhcp-agent to break. With this release, the upgraded executables are handled correctly. As a result, the 'neutron-dhcp-agent' proceeds after the dnsmasq upgrade.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-21 17:04:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1249564, 1368473, 1368475    
Attachments:
Description Flags
patch accepted upstream none

Description Lars Kellogg-Stedman 2015-08-06 17:33:58 UTC 
neutron-dhcp-agent relies on a rootwrap KillFilter to determine whether or not it can kill an active dnsmasq process.  The standard filter looks like this:

    kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP
    kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP

KillFilter operates by checking /proc/<pid>/exe against the path
specified in the filter.  If the dnsmasq package on the system is
updated, rpm first renames the file, so it becomes something like:

    /usr/sbin/dnsmasq;55c362c5

And then deletes it, which leaves the corresponding /proc file looking
like this:

    # ls -l /proc/23224/exe 
    lrwxrwxrwx. 1 root root 0 Aug  6 09:31 /proc/23224/exe -> /usr/sbin/dnsmasq;55c362c5 (deleted)

From this point on, the dhcp-agent process will be unable to kill that
dnsmasq process.
Comment 4 Pádraig Brady 2015-08-31 15:30:14 UTC 
Created attachment 1068675 [details]
patch accepted upstream
Comment 7 Itzik Brown 2015-12-07 06:52:33 UTC 
Check with:
python-oslo-rootwrap-1.6.0-2.el7ost.noarch
python-neutron-2015.1.2-2.el7ost.noarch

How verified:
1. Created an network and a subnet
2. Checked dnsmasq PID 
3. Ran: yum reinstall dnsmasq
4. ls -l /proc/48216/exe 
lrwxrwxrwx. 1 root root 0 Dec  7 08:41 /proc/48216/exe -> /usr/sbin/dnsmasq;56652a46 (deleted)
5. Restarted dhcp agent: systemctl restart neutron-dhcp-agent 
6. Verified dnsmasq PID has been changed.
Comment 9 errata-xmlrpc 2015-12-21 17:04:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2015:2676
Comment 10 Victor Stinner 2016-08-24 16:11:40 UTC 
*** Bug 1368475 has been marked as a duplicate of this bug. ***
Comment 11 Victor Stinner 2016-09-05 19:06:19 UTC 
*** Bug 1368476 has been marked as a duplicate of this bug. ***