Comment 7 for bug 1298405

This was only an issue on CentOS.

Pacemaker has a hard-coded umask of 0026. The resource agent for the neutron-l3-agent inherits this umask and so do the python processes it launches. The ns-metadata-proxy (launched by the l3-agent) writes its pid file as root:root and because of the inherited umask the permissions end up 0751. When the l3-agent stops it attempts to kill the ns-metadata-proxy by reading the pid file and killing the process. The file read happens as the neutron user who does not have read permissions to the pid file.

This leaves an ns-metadata-proxy process running on the system with an exclusive lock to its pid file. When the l3-agent is started again it will attempt to spawn another ns-metadata-proxy and lock the same pid file as the existing process. This call[0] will block indefinitely in this case. This prevents the l3-agent from creating the interfaces for the router. Related bug is here: https://bugs.launchpad.net/neutron/+bug/1315507

[0] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/daemon.py#L40