1251211 – upgrading dnsmasq breaks neutron-dhcp-agent

Bug 1251211 - upgrading dnsmasq breaks neutron-dhcp-agent

Summary: upgrading dnsmasq breaks neutron-dhcp-agent

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-oslo-rootwrap
Sub Component:
Version:	7.0 (Kilo)
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	z3
Target Release:	7.0 (Kilo)
Assignee:	Pádraig Brady
QA Contact:	Itzik Brown
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1368476 (view as bug list)
Depends On:
Blocks:	track-osp6-osp7 1368473 1368475
TreeView+	depends on / blocked

Reported:	2015-08-06 17:33 UTC by Lars Kellogg-Stedman
Modified:	2023-02-22 23:02 UTC (History)
CC List:	7 users (show)
Fixed In Version:	python-oslo-rootwrap-1.6.0-2.el7ost
Doc Type:	Bug Fix
Doc Text:	Previously, due to mishandling of the renamed executables in the KillFilter, upgrading dnsmasq caused the neutron-dhcp-agent to break. With this release, the upgraded executables are handled correctly. As a result, the 'neutron-dhcp-agent' proceeds after the dnsmasq upgrade.
Clone Of:
Environment:
Last Closed:	2015-12-21 17:04:13 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
patch accepted upstream (6.55 KB, application/mbox) 2015-08-31 15:30 UTC, Pádraig Brady	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1482316	None	None	None	Never
OpenStack gerrit	210541	None	None	None	Never
Red Hat Product Errata	RHBA-2015:2676	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform 7 Bug Fix and Enhancement Advisory	2015-12-21 21:51:22 UTC

Description Lars Kellogg-Stedman 2015-08-06 17:33:58 UTC

neutron-dhcp-agent relies on a rootwrap KillFilter to determine whether or not it can kill an active dnsmasq process.  The standard filter looks like this:

    kill_dnsmasq: KillFilter, root, /sbin/dnsmasq, -9, -HUP
    kill_dnsmasq_usr: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP

KillFilter operates by checking /proc/<pid>/exe against the path
specified in the filter.  If the dnsmasq package on the system is
updated, rpm first renames the file, so it becomes something like:

    /usr/sbin/dnsmasq;55c362c5

And then deletes it, which leaves the corresponding /proc file looking
like this:

    # ls -l /proc/23224/exe 
    lrwxrwxrwx. 1 root root 0 Aug  6 09:31 /proc/23224/exe -> /usr/sbin/dnsmasq;55c362c5 (deleted)

From this point on, the dhcp-agent process will be unable to kill that
dnsmasq process.

Comment 4 Pádraig Brady 2015-08-31 15:30:14 UTC

Created attachment 1068675 [details]
patch accepted upstream

Comment 7 Itzik Brown 2015-12-07 06:52:33 UTC

Check with:
python-oslo-rootwrap-1.6.0-2.el7ost.noarch
python-neutron-2015.1.2-2.el7ost.noarch

How verified:
1. Created an network and a subnet
2. Checked dnsmasq PID 
3. Ran: yum reinstall dnsmasq
4. ls -l /proc/48216/exe 
lrwxrwxrwx. 1 root root 0 Dec  7 08:41 /proc/48216/exe -> /usr/sbin/dnsmasq;56652a46 (deleted)
5. Restarted dhcp agent: systemctl restart neutron-dhcp-agent 
6. Verified dnsmasq PID has been changed.

Comment 9 errata-xmlrpc 2015-12-21 17:04:13 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2015:2676

Comment 10 Victor Stinner 2016-08-24 16:11:40 UTC

*** Bug 1368475 has been marked as a duplicate of this bug. ***

Comment 11 Victor Stinner 2016-09-05 19:06:19 UTC

*** Bug 1368476 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.