[Yahoo-eng-team] [Bug 1363773] Re: neutron-ns-metadata-proxy cannot be killed when running in virtual environment

[Thierry Carrez]

** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => juno-rc1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1363773

Title:
  neutron-ns-metadata-proxy cannot be killed when running in virtual
  environment

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  == Problem ==
  When running in virtual env, neutron-ns-metadata-proxy on DHCP node cannot be 
disabled properly when deleting a network.

  == Impact ==
  * Corresponding folder and files under /var/lib/neutron/dhcp/ are not cleaned 
up.
  * If neutron-dhcp-agent service is restarted in this unclean state, dnsmasq 
processes are restarted periodically (resync interval), because the failure of 
removing the deleted networks. (And because of bug 1345947, huge amount of NAK 
logs flood for dnsmasq.)

  == Root cause ==
  Killing neutron-ns-metadata-proxy is failed because of rootwrapper filter not 
matched in dhcp_filter.conf. Related logs are:
  Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'kill', 
'-9', '65832']
  Exit code: 99
  Stdout: ''
  Stderr: '/usr/bin/neutron-rootwrap: Unauthorized command: kill -9 65832 (no 
filter matched)\n'

  neutron-ns-metadata-proxy is started via ProcessManager, and in
  Virtual Environment, the python binary under virtual env is used
  instead of /usr/bin/python*.

  However, in dhcp_file.conf absolute path is specified for KillerFiler for 
neutron-ns-metadata-proxy:
  kill_metadata: KillFilter, root, /usr/bin/python, -9
  kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
  kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9

  == Proposed solution ==
  Do not specify absolute path in filter: use python (or python2.7, or 
python2.6) instead
  ======================================================================
  diff --git a/etc/neutron/rootwrap.d/dhcp.filters 
b/etc/neutron/rootwrap.d/dhcp.filters
  index 88d61e8..26c2ffa 100644
  --- a/etc/neutron/rootwrap.d/dhcp.filters
  +++ b/etc/neutron/rootwrap.d/dhcp.filters
  @@ -29,9 +29,9 @@ metadata_proxy_quantum: CommandFilter, 
quantum-ns-metadata-proxy, root
   metadata_proxy_local: CommandFilter, 
/usr/local/bin/neutron-ns-metadata-proxy, root
   metadata_proxy_local_quantum: CommandFilter, 
/usr/local/bin/quantum-ns-metadata-proxy, root
   # RHEL invocation of the metadata proxy will report /usr/bin/python
  -kill_metadata: KillFilter, root, /usr/bin/python, -9
  -kill_metadata7: KillFilter, root, /usr/bin/python2.7, -9
  -kill_metadata6: KillFilter, root, /usr/bin/python2.6, -9
  +kill_metadata: KillFilter, root, python, -9
  +kill_metadata7: KillFilter, root, python2.7, -9
  +kill_metadata6: KillFilter, root, python2.6, -9

   # ip_lib
   ip: IpFilter, ip, root

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1363773/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp