A named network namespace is an object at /var/run/netns/NAME that can be opened.
When calling:
ip netns list
It is opening the files in /var/run/netns as namespace objects. The errors are caused when a file descriptor exists in /var/run/netns which is just an ordinary file. I.e:
From Jeffrey's example the problematic files are identified by the 000 permissions which seem to be just a plain empty file like what you would make with the touch command.
Where as the typical namespace file looks like an empty file, it is actually a file descriptor that keeps a name space open and can't be read like a normal file:
So I think the problem comes down an issue with the way a namespace is being deleted and due to a race condition instead of a namespace being completely removed it is replace by a standard empty file with 000 permissions.
In testing I have found that the problematic namespaces appear to be locked by one of the neutron agent docker containers and can't be removed without shutting them down.
As per the man page:
http:// man7.org/ linux/man- pages/man8/ ip-netns. 8.html
A named network namespace is an object at /var/run/netns/NAME that can be opened.
When calling:
ip netns list
It is opening the files in /var/run/netns as namespace objects. The errors are caused when a file descriptor exists in /var/run/netns which is just an ordinary file. I.e:
[root@network01 netns]# ip netns df15-41ed- b625-ad89315566 8e fd11-4ea9- bcc1-e5ff92806a 5c 6a7c-4dee- 8541-c1c97e1822 23 28ea-4fad- 8f6b-298d63313e d6 8def-4ecd- 88e0-16a6ba1725 01 ab75-4f19- a1eb-162b40635a 7f 3f92788c- ab75-4f19- a1eb-162b40635a 7f 374de265- 8def-4ecd- 88e0-16a6ba1725 01 df15-41ed- b625-ad89315566 8e fd11-4ea9- bcc1-e5ff92806a 5c 6a7c-4dee- 8541-c1c97e1822 23 28ea-4fad- 8f6b-298d63313e d6 8def-4ecd- 88e0-16a6ba1725 01 ab75-4f19- a1eb-162b40635a 7f 3f92788c- ab75-4f19- a1eb-162b40635a 7f 374de265- 8def-4ecd- 88e0-16a6ba1725 01
qdhcp-48073cb3-
qdhcp-b4510557-
qdhcp-d304d7f1-
qdhcp-114ffc50-
snat-374de265-
snat-3f92788c-
qrouter-
qrouter-
[root@network01 netns]# touch /var/run/netns/test
[root@network01 netns]# ip netns
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
test
qdhcp-48073cb3-
qdhcp-b4510557-
qdhcp-d304d7f1-
qdhcp-114ffc50-
snat-374de265-
snat-3f92788c-
qrouter-
qrouter-
From Jeffrey's example the problematic files are identified by the 000 permissions which seem to be just a plain empty file like what you would make with the touch command.
Where as the typical namespace file looks like an empty file, it is actually a file descriptor that keeps a name space open and can't be read like a normal file:
[root@network01 netns]# ls -la /var/run/ netns/qdhcp- 114ffc50- 28ea-4fad- 8f6b-298d63313e d6 netns/qdhcp- 114ffc50- 28ea-4fad- 8f6b-298d63313e d6 netns/qdhcp- 114ffc50- 28ea-4fad- 8f6b-298d63313e d6 netns/qdhcp- 114ffc50- 28ea-4fad- 8f6b-298d63313e d6: empty netns/qdhcp- 114ffc50- 28ea-4fad- 8f6b-298d63313e d6 netns/qdhcp- 114ffc50- 28ea-4fad- 8f6b-298d63313e d6: Invalid argument
-r--r--r-- 1 root root 0 Aug 30 04:36 /var/run/
[root@network01 netns]# file /var/run/
/var/run/
[root@network01 netns]# cat /var/run/
cat: /var/run/
So I think the problem comes down an issue with the way a namespace is being deleted and due to a race condition instead of a namespace being completely removed it is replace by a standard empty file with 000 permissions.
In testing I have found that the problematic namespaces appear to be locked by one of the neutron agent docker containers and can't be removed without shutting them down.