Can't run commands within dhcp namespaces(created by neutron): " from overcloud controller(Containerized Services)

Bug #1694906 reported by yatin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Medium
Brent Eagles

Bug Description

Description:
============
Not able to execute commands within network namespaces(ip netns exec <qdhcp-namespace> ip a) on overcloud controller(Containerized)

Steps to reproduce:
===================
1) Install Containerized Overcloud using tripleo-quickstart, I used following overcloud deploy command:-
Release used: master-tripleo-ci

openstack overcloud deploy \
    --templates /usr/share/openstack-tripleo-heat-templates \
    --libvirt-type qemu --control-flavor oooq_control --compute-flavor oooq_compute --ceph-storage-flavor oooq_ceph --block-storage-flavor oooq_blockstorage --swift-storage-flavor oooq_objectstorage --timeout 90 -e /home/stack/cloud-names.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/net-single-nic-with-vlans.yaml -e /home/stack/network-environment.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/low-memory-usage.yaml -e /home/stack/enable-tls.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/tls-endpoints-public-ip.yaml -e /home/stack/inject-trust-anchor.yaml -e /home/stack/cloud-names.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/docker.yaml --validation-warnings-fatal --ntp-server pool.ntp.org

2) Login to undercloud(stack user) and Create flavor, image, network and then a VM on overcloud
source overcloudrc
curl -O http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
openstack image create --disk-format qcow2 --container-format bare --public --file ./cirros-0.3.5-x86_64-disk.img cirros
openstack flavor create --public m1.extra_tiny --id auto --ram 256 --disk 0 --vcpus 1 --rxtx-factor 1
openstack security group rule create default --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
openstack security group rule create --protocol icmp default
openstack network create net1
openstack subnet create subnet1 --network net1 --subnet-range 192.0.2.0/24
netid=$(openstack network show net1 -f value -c id)
nova boot --nic net-id=$netid --image cirros --flavor m1.extra_tiny testvm
# Wait for some time for VM to be in ACTIVE state

# Login to overcloud controller node to run commands in neutron namespaces
# Login as root
# List network namespaces
ip netns
# run command within namespace found, namespace would be named qdhcp-<network-id>
ip netns exec <qdhcp namespace> ip a
ip netns exec <qdhcp namespace> ping <vm ip>

Expected result:
===============
Both commands should return some output

Actual result:
==============
Both command gives below Error:-
[root@overcloud-controller-0 ~]# ip netns exec qdhcp-5c73dc75-bf29-4a0a-bd9c-b37f5c593229 ip a
RTNETLINK answers: Invalid argument
setting the network namespace "qdhcp-5c73dc75-bf29-4a0a-bd9c-b37f5c593229" failed: Invalid argument

# Some more info:-

I am able to run above commands with "docker exec -it <neutron dhcp container> sudo ip netns exec <qdhcp namespace> ip a
Also check file permission on controller and in docker container: ls -l /var/run/netns/<qdchp namespace>
On controller something below:-
----------. 1 root root 0 May 31 10:01 qdhcp-5c73dc75-bf29-4a0a-bd9c-b37f5c593229
On Container something below:
-r--r--r--. 1 root root 0 May 31 10:01 qdhcp-5c73dc75-bf29-4a0a-bd9c-b37f5c593229

NOTE: sudo command can't be run in container, i somehow updated sudoers file within container and executed netns commands
devname=$(sudo docker inspect -f '{{ .GraphDriver.Data.DeviceName }}' neutron_dhcp)
sudo dmsetup info $devname

# Get minor number for the device
minornum=$(sudo dmsetup info $devname |grep Major|cut -d"," -f 3)
Hence the docker device for container is dm-<minor number>

# Mount the device and you can access container file system.

Changed in tripleo:
status: New → Triaged
importance: Undecided → Medium
milestone: none → pike-3
Changed in tripleo:
milestone: pike-3 → pike-rc1
Changed in tripleo:
milestone: pike-rc1 → queens-1
Changed in tripleo:
milestone: queens-1 → queens-2
Changed in tripleo:
milestone: queens-2 → queens-3
Changed in tripleo:
milestone: queens-3 → queens-rc1
Changed in tripleo:
milestone: queens-rc1 → rocky-1
Revision history for this message
Brent Eagles (beagles) wrote :

From the description, this problem should be resolved by https://review.openstack.org/#/c/542858/

Changed in tripleo:
assignee: nobody → Brent Eagles (beagles)
milestone: rocky-1 → queens-rc1
status: Triaged → Fix Released
Revision history for this message
yatin (yatinkarel) wrote :

Yes, on latest deployment i checked, it's working. Thanks.

[root@overcloud-controller-foo-0 ~]# ip netns exec qdhcp-c0738e41-5800-4ced-b213-4735169b26e5 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
51: tapbba0e044-b2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000
    link/ether fa:16:3e:6e:0c:a4 brd ff:ff:ff:ff:ff:ff
    inet 192.0.2.2/24 brd 192.0.2.255 scope global tapbba0e044-b2
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe6e:ca4/64 scope link
       valid_lft forever preferred_lft forever

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.