Comment 5 for bug 1923453

I think this is an upstream bug for neutron. It looks like neutron/cmd/ovs_cleanup.py is missing a call to agent_config.setup_privsep() in main():

diff --git a/neutron/cmd/ovs_cleanup.py b/neutron/cmd/ovs_cleanup.py
index c6290909a8..8e75317e08 100644
--- a/neutron/cmd/ovs_cleanup.py
+++ b/neutron/cmd/ovs_cleanup.py
@@ -58,6 +58,7 @@ def main():
     conf = setup_conf()
     conf()
     config.setup_logging()
+ agent_config.setup_privsep()
     do_main(conf)

The problem is the oslo.privsep library is not getting initialized. In other words, init() [1] is not getting called in oslo_privsep/priv_context.py, therefore _HELPER_COMMAND_PREFIX is not getting set to root_helper as defined in neutron.conf [2].

So we end up running:
Running privsep helper: ['sudo', 'privsep-helper', '--config-file', '/etc/neutron/neutron.conf', '--privsep_context', 'neutron.privileged.ovs_vsctl_cmd', '--privsep_sock_path', '/tmp/tmpvvymywvv/privsep.sock']

Where we should instead we should be running:
Running privsep helper: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/neutron/neutron.conf', '--privsep_context', 'neutron.privileged.ovs_vsctl_cmd', '--privsep_sock_path', '/tmp/tmpdq_rjxpi/privsep.sock']

[1] https://opendev.org/openstack/oslo.privsep/src/branch/stable/wallaby/oslo_privsep/priv_context.py#L107

[2] neutron.conf
[AGENT]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf