yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1844688] Re: "radvd" daemon does not work by default in some containers

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1844688@xxxxxxxxxxxxxxxxxx>
Date: Sat, 19 Oct 2019 02:06:01 -0000
Reply-to: Bug 1844688 <1844688@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/683207
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=6a5a75d5a6d4af08310774cef1b091d2ce2551d4
Submitter: Zuul
Branch:    master

commit 6a5a75d5a6d4af08310774cef1b091d2ce2551d4
Author: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
Date:   Thu Sep 19 17:12:59 2019 +0000

    Add radvd_user config option
    
    In some deployments, the "neutron" user does not have the permissions
    to modify the kernel interfaces. In those cases the radvd user should
    be defined. This patch introduces a new config option: "radvd_user".
    
    This config option is the username passed to radvd, used to drop root
    privileges and change user ID to username and group ID to the primary
    group of username. If no user specified (by default is an empty string),
    the user executing the L3 agent will be passed. If "root" specified,
    because radvd is spawned as root, no "username" parameter will be
    passed.
    
    Change-Id: Ie9a6fbf04d453a3c1c0bddf9ecaa3d4d6467e8ff
    Closes-Bug: #1844688


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1844688

Title:
  "radvd" daemon does not work by default in some containers

Status in neutron:
  Fix Released

Bug description:
  Since [1], the radvd daemon is spawned with parameter "-u username".
  This drops the root privileges and changes the user ID to "username".

  In some deployments (e.g. TripleO), the "neutron" user does not have,
  inside the L3 agent container, the permissions to modify the host
  kernel interfaces (from journal.log):

  wrz 13 13:08:15 controller-2 radvd[904324]: failed to set LinkMTU (1500) for qr-7befc0a3-04: Permission denied
  wrz 13 13:08:15 controller-2 radvd[904324]: failed to set CurHopLimit (64) for qr-7befc0a3-04: Permission denied

  This problem was found in Rocky.

  [1]
  https://review.opendev.org/#/q/Ic5d976ba71a966a537d1f31888f82997a7ccb0de

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1844688/+subscriptions

References

[Bug 1844688] [NEW] "radvd" daemon does not work by default in some containers
From: Rodolfo Alonso, 2019-09-19