1595177 – netns-cleanup does not work because it's not configuring privsep properly at boot

Bug 1595177 - netns-cleanup does not work because it's not configuring privsep properly at boot

Summary: netns-cleanup does not work because it's not configuring privsep properly at ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron
Sub Component:
Version:	13.0 (Queens)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z1
Target Release:	13.0 (Queens)
Assignee:	Slawek Kaplonski
QA Contact:	Federico Ressi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-06-26 09:54 UTC by Miguel Angel Ajo
Modified:	2018-07-19 13:54 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-neutron-12.0.2-0.20180421011363.0ec54fd.el7ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-07-19 13:53:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	575091	0	None	None	None	2018-06-26 09:54:20 UTC
Red Hat Product Errata	RHBA-2018:2215	0	None	None	None	2018-07-19 13:54:14 UTC

Description Miguel Angel Ajo 2018-06-26 09:54:21 UTC

Description of problem:

2018-06-26 08:48:15.703 841502 INFO neutron.common.config [-] Logging enabled!
2018-06-26 08:48:15.704 841502 INFO neutron.common.config [-] /usr/bin/neutron-netns-cleanup version 12.0.2.dev22
2018-06-26 08:48:15.704 841502 DEBUG neutron.common.config [-] command line: /usr/bin/neutron-netns-cleanup --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent --log-file=/var/log/neutron/netns-cleanup-l3.log setup_logging /usr/lib/python2.7/site-packages/neutron/common/config.py:104
2018-06-26 08:48:15.706 841502 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/l3_agent.ini', '--config-dir', '/etc/neutron/conf.d/neutron-l3-agent', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpxj1BNu/privsep.sock']
2018-06-26 08:48:15.730 841502 WARNING oslo.privsep.daemon [-] privsep log:
2018-06-26 08:48:15.730 841502 WARNING oslo.privsep.daemon [-] privsep log: We trust you have received the usual lecture from the local System
2018-06-26 08:48:15.731 841502 WARNING oslo.privsep.daemon [-] privsep log: Administrator. It usually boils down to these three things:
2018-06-26 08:48:15.731 841502 WARNING oslo.privsep.daemon [-] privsep log:
2018-06-26 08:48:15.731 841502 WARNING oslo.privsep.daemon [-] privsep log:     #1) Respect the privacy of others.
2018-06-26 08:48:15.732 841502 WARNING oslo.privsep.daemon [-] privsep log:     #2) Think before you type.
2018-06-26 08:48:15.732 841502 WARNING oslo.privsep.daemon [-] privsep log:     #3) With great power comes great responsibility.
2018-06-26 08:48:15.732 841502 WARNING oslo.privsep.daemon [-] privsep log:
2018-06-26 08:48:18.618 841502 CRITICAL neutron [-] Unhandled error: KeyboardInterrupt
2018-06-26 08:48:18.618 841502 ERROR neutron Traceback (most recent call last):
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/bin/neutron-netns-cleanup", line 10, in <module>
2018-06-26 08:48:18.618 841502 ERROR neutron     sys.exit(main())
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/cmd/netns_cleanup.py", line 289, in main
2018-06-26 08:48:18.618 841502 ERROR neutron     cleanup_network_namespaces(conf)
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/cmd/netns_cleanup.py", line 259, in cleanup_network_namespaces
2018-06-26 08:48:18.618 841502 ERROR neutron     ip_lib.list_network_namespaces()
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/agent/linux/ip_lib.py", line 1051, in list_network_namespaces
2018-06-26 08:48:18.618 841502 ERROR neutron     return privileged.list_netns(**kwargs)
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_privsep/priv_context.py", line 206, in _wrap
2018-06-26 08:48:18.618 841502 ERROR neutron     self.start()
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_privsep/priv_context.py", line 217, in start
2018-06-26 08:48:18.618 841502 ERROR neutron     channel = daemon.RootwrapClientChannel(context=self)
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_privsep/daemon.py", line 323, in __init__
2018-06-26 08:48:18.618 841502 ERROR neutron     if proc.wait() != 0:
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib64/python2.7/subprocess.py", line 1376, in wait
2018-06-26 08:48:18.618 841502 ERROR neutron     pid, sts = _eintr_retry_call(os.waitpid, self.pid, 0)
2018-06-26 08:48:18.618 841502 ERROR neutron   File "/usr/lib64/python2.7/subprocess.py", line 478, in _eintr_retry_call
2018-06-26 08:48:18.618 841502 ERROR neutron     return func(*args)


Version-Release number of selected component (if applicable):

$ rpm -qa | grep neutron
python-neutron-12.0.2-0.20180421011362.0ec54fd.el7ost.noarch

How reproducible:
Alwa

Steps to Reproduce:
1. Run netns cleanup inside a container

`paunch debug --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_4.json --action print-cmd --container neutron_l3_agent --interactive ` bash

2. kolla_set_configs
3. neutron-ovs-cleanup --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent --log-file=/var/log/neutron/netns-cleanup-l3.log --debug


Actual results:

Sudo will ask you for password (user neutron)

Expected results:

It runs without issues.

Additional info:

Comment 17 errata-xmlrpc 2018-07-19 13:53:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2215

Note You need to log in before you can comment on or make changes to this bug.