neutron-dhcp-agent relies on a rootwrap KillFilter to determine whether or not it can kill an active dnsmasq process. The standard filter looks like this: kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP KillFilter operates by checking /proc/<pid>/exe against the path specified in the filter. If the dnsmasq package on the system is updated, rpm first renames the file, so it becomes something like: /usr/sbin/dnsmasq;55c362c5 And then deletes it, which leaves the corresponding /proc file looking like this: # ls -l /proc/23224/exe lrwxrwxrwx. 1 root root 0 Aug 6 09:31 /proc/23224/exe -> /usr/sbin/dnsmasq;55c362c5 (deleted) From this point on, the dhcp-agent process will be unable to kill that dnsmasq process.
Created attachment 1068675 [details] patch accepted upstream
Check with: python-oslo-rootwrap-1.6.0-2.el7ost.noarch python-neutron-2015.1.2-2.el7ost.noarch How verified: 1. Created an network and a subnet 2. Checked dnsmasq PID 3. Ran: yum reinstall dnsmasq 4. ls -l /proc/48216/exe lrwxrwxrwx. 1 root root 0 Dec 7 08:41 /proc/48216/exe -> /usr/sbin/dnsmasq;56652a46 (deleted) 5. Restarted dhcp agent: systemctl restart neutron-dhcp-agent 6. Verified dnsmasq PID has been changed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2015:2676
*** Bug 1368475 has been marked as a duplicate of this bug. ***
*** Bug 1368476 has been marked as a duplicate of this bug. ***