yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1247758] Re: Unauthorized command when using neutron-rootwrap for dhcp-agent

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Mark McClain <1247758@xxxxxxxxxxxxxxxxxx>
Date: Fri, 22 Nov 2013 21:34:05 -0000
Reply-to: Bug 1247758 <1247758@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Looks like you're using the Grizzly version of the rootwrap config.
Make sure you have the latest version of
etc/neutron/rootwrap.d/dhcp.filters

** Changed in: neutron
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1247758

Title:
  Unauthorized command when using neutron-rootwrap for dhcp-agent

Status in OpenStack Neutron (virtual network service):
  Invalid

Bug description:
  Hi list,

  I'm working under CentOS + Havana.

  When I try to start neutron-dhcp-agent, I get the following error:

  2013-11-01 13:47:05.110 21349 TRACE neutron.agent.dhcp_agent Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qdhcp-e3fffbcf-7e75-4187-b5e9-daa1a5e3bd74', 'env', 'NEUTRON_NETWORK_ID=e3fffbcf-7e75-4187-b5e9-daa1a5e3bd74', 'dnsmasq', '--no-hosts', '--no-resolv', '--strict-order', '--bind-interfaces', '--interface=ns-a66f8745-aa', '--except-interface=lo', '--pid-file=/var/lib/neutron/dhcp/e3fffbcf-7e75-4187-b5e9-daa1a5e3bd74/pid', '--dhcp-hostsfile=/var/lib/neutron/dhcp/e3fffbcf-7e75-4187-b5e9-daa1a5e3bd74/host', '--dhcp-optsfile=/var/lib/neutron/dhcp/e3fffbcf-7e75-4187-b5e9-daa1a5e3bd74/opts', '--leasefile-ro', '--dhcp-range=tag0,10.1.0.0,static,120s', '--dhcp-lease-max=65536', '--conf-file=', '--domain=openstacklocal']
  2013-11-01 13:47:05.110 21349 TRACE neutron.agent.dhcp_agent Exit code: 99
  2013-11-01 13:47:05.110 21349 TRACE neutron.agent.dhcp_agent Stdout: ''
  2013-11-01 13:47:05.110 21349 TRACE neutron.agent.dhcp_agent Stderr: 'WARNING:root:Skipping unknown filter class (DnsmasqFilter) specified in filter definitions\nWARNING:root:Skipping unknown filter class (DnsmasqNetnsFilter) specified in filter definitions\nWARNING:root:Skipping unknown filter class (DnsmasqFilter) specified in filter definitions\n/usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qdhcp-e3fffbcf-7e75-4187-b5e9-daa1a5e3bd74 env NEUTRON_NETWORK_ID=e3fffbcf-7e75-4187-b5e9-daa1a5e3bd74 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=ns-a66f8745-aa --except-interface=lo --pid-file=/var/lib/neutron/dhcp/e3fffbcf-7e75-4187-b5e9-daa1a5e3bd74/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/e3fffbcf-7e75-4187-b5e9-daa1a5e3bd74/host --dhcp-optsfile=/var/lib/neutron/dhcp/e3fffbcf-7e75-4187-b5e9-daa1a5e3bd74/opts --leasefile-ro --dhcp-range=tag0,10.1.0.0,static,120s --dhcp-lease-max=65536 --conf-file= --domain=openstacklocal (no filter matched)\n'
  2013-11-01 13:47:05.110 21349 TRACE neutron.agent.dhcp_agent

  
  This issue can be work around by setting  “root_helper=sudo”.

  But, I’m still really curios about why this happen and how to solve
  it, because we know “sudo” is not safe.

  Anyone has ideas?

  Thanks.
  -chen

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1247758/+subscriptions