yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1776468] Re: neutron-netns-cleanup does not configure privsep correctly

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1776468@xxxxxxxxxxxxxxxxxx>
Date: Tue, 12 Jun 2018 21:41:27 -0000
Reply-to: Bug 1776468 <1776468@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Reviewed:  https://review.openstack.org/574703
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=5106dfe5217b5274305ab565e23dbd1548c1f756
Submitter: Zuul
Branch:    master

commit 5106dfe5217b5274305ab565e23dbd1548c1f756
Author: Miguel Angel Ajo <majopela@xxxxxxxxxx>
Date:   Tue Jun 12 14:02:58 2018 +0200

    Configure privsep helper in neutron-netns-cleanup
    
    This closes a bug that makes netns-cleanup crash when
    trying to invoke privsep helper, because the rootwrap
    config isn't correctly passed down to the privsep helper
    library.
    
    Closes-Bug: #1776468
    
    Change-Id: I8258a44a9e2542ec222ebac72c4b889858ab2fc2


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1776468

Title:
  neutron-netns-cleanup does not configure privsep correctly

Status in neutron:
  Fix Released

Bug description:
  It crashes when trying to invoke privsep:

  
  2018-06-12 10:37:05.932 1038529 INFO neutron.common.config [-] Logging enabled!
  2018-06-12 10:37:05.932 1038529 INFO neutron.common.config [-] /usr/bin/neutron-netns-cleanup version 13.0.0.0b2.dev174
  2018-06-12 10:37:05.932 1038529 DEBUG neutron.common.config [-] command line: /usr/bin/neutron-netns-cleanup --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent --agent-type l3 -d --force setup_logging /usr/lib/python2.7/site-packages/neutron/common/config.py:104
  2018-06-12 10:37:05.933 1038529 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/l3_agent.ini', '--config-dir', '/etc/neutron/conf.d/neutron-l3-agent', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpwc58JK/privsep.sock']
  2018-06-12 10:37:05.954 1038529 WARNING oslo.privsep.daemon [-] privsep log:
  2018-06-12 10:37:05.955 1038529 WARNING oslo.privsep.daemon [-] privsep log: We trust you have received the usual lecture from the local System
  2018-06-12 10:37:05.955 1038529 WARNING oslo.privsep.daemon [-] privsep log: Administrator. It usually boils down to these three things:
  2018-06-12 10:37:05.955 1038529 WARNING oslo.privsep.daemon [-] privsep log:
  2018-06-12 10:37:05.955 1038529 WARNING oslo.privsep.daemon [-] privsep log:     #1) Respect the privacy of others.
  2018-06-12 10:37:05.955 1038529 WARNING oslo.privsep.daemon [-] privsep log:     #2) Think before you type.
  2018-06-12 10:37:05.955 1038529 WARNING oslo.privsep.daemon [-] privsep log:     #3) With great power comes great responsibility.
  2018-06-12 10:37:05.955 1038529 WARNING oslo.privsep.daemon [-] privsep log:
  2018-06-12 10:37:05.956 1038529 WARNING oslo.privsep.daemon [-] privsep log: sudo: no tty present and no askpass program specified
  2018-06-12 10:37:05.955 1038529 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
  2018-06-12 10:37:05.961 1038529 CRITICAL neutron [-] Unhandled error: FailedToDropPrivileges: privsep helper command exited non-zero (1)
  2018-06-12 10:37:05.961 1038529 ERROR neutron Traceback (most recent call last):
  2018-06-12 10:37:05.961 1038529 ERROR neutron   File "/usr/bin/neutron-netns-cleanup", line 10, in <module>
  2018-06-12 10:37:05.961 1038529 ERROR neutron     sys.exit(main())
  2018-06-12 10:37:05.961 1038529 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/cmd/netns_cleanup.py", line 289, in main
  2018-06-12 10:37:05.961 1038529 ERROR neutron     cleanup_network_namespaces(conf)
  2018-06-12 10:37:05.961 1038529 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/cmd/netns_cleanup.py", line 259, in cleanup_network_namespaces
  2018-06-12 10:37:05.961 1038529 ERROR neutron     ip_lib.list_network_namespaces()
  2018-06-12 10:37:05.961 1038529 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/agent/linux/ip_lib.py", line 1100, in list_network_namespaces
  2018-06-12 10:37:05.961 1038529 ERROR neutron     return privileged.list_netns(**kwargs)
  2018-06-12 10:37:05.961 1038529 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_privsep/priv_context.py", line 206, in _wrap
  2018-06-12 10:37:05.961 1038529 ERROR neutron     self.start()
  2018-06-12 10:37:05.961 1038529 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_privsep/priv_context.py", line 217, in start
  2018-06-12 10:37:05.961 1038529 ERROR neutron     channel = daemon.RootwrapClientChannel(context=self)
  2018-06-12 10:37:05.961 1038529 ERROR neutron   File "/usr/lib/python2.7/site-packages/oslo_privsep/daemon.py", line 327, in __init__
  2018-06-12 10:37:05.961 1038529 ERROR neutron     raise FailedToDropPrivileges(msg)
  2018-06-12 10:37:05.961 1038529 ERROR neutron FailedToDropPrivileges: privsep helper command exited non-zero (1)
  2018-06-12 10:37:05.961 1038529 ERROR neutron

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1776468/+subscriptions
References

[Bug 1776468] [NEW] neutron-netns-cleanup does not configure privsep correctly
From: Miguel Angel Ajo, 2018-06-12