just adding this for context if i manually exec into the container as root(so that i can spawn the privsep damon process) and invoke the failing command via python it fails in the same way
sean@cloud:~$ docker exec -it -u root neutron_l3_agent bash
(neutron-l3-agent)[root@cloud /]# python3
Python 3.9.2 (default, Feb 28 2021, 17:03:44)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from neutron.agent.linux import ip_lib
>>> ip_lib.delete_ip_address("172.20.0.79/32", "qg-4bb9d20b-a0", namespace="qrouter-edf1cc99-879a-4fe5-a7b2-d19acb8fdcbf")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/var/lib/kolla/venv/lib/python3.9/site-packages/neutron/agent/linux/ip_lib.py", line 834, in delete_ip_address
privileged.delete_ip_address(
File "/var/lib/kolla/venv/lib/python3.9/site-packages/oslo_privsep/priv_context.py", line 271, in _wrap
return self.channel.remote_call(name, args, kwargs,
File "/var/lib/kolla/venv/lib/python3.9/site-packages/oslo_privsep/daemon.py", line 215, in remote_call
raise exc_type(*result[2])
neutron.privileged.agent.linux.ip_lib.InterfaceOperationNotSupported: Operation not supported on interface qg-4bb9d20b-a0, namespace qrouter-edf1cc99-879a-4fe5-a7b2-d19acb8fdcbf.
however i can add and remove the IP via the commandline
sudo ip netns exec qrouter-edf1cc99-879a-4fe5-a7b2-d19acb8fdcbf bash
root@cloud:/home/sean# ip a show qg-4bb9d20b-a0
365: qg-4bb9d20b-a0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:16:8f:4d brd ff:ff:ff:ff:ff:ff
inet 172.20.0.114/24 brd 172.20.0.255 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.142/32 brd 172.20.0.142 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.79/32 brd 172.20.0.79 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.143/32 brd 172.20.0.143 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe16:8f4d/64 scope link
valid_lft forever preferred_lft forever
root@cloud:/home/sean# ip a del 172.20.0.79/32 dev qg-4bb9d20b-a0
root@cloud:/home/sean# ip a show qg-4bb9d20b-a0
365: qg-4bb9d20b-a0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:16:8f:4d brd ff:ff:ff:ff:ff:ff
inet 172.20.0.114/24 brd 172.20.0.255 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.142/32 brd 172.20.0.142 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.143/32 brd 172.20.0.143 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe16:8f4d/64 scope link
valid_lft forever preferred_lft forever
root@cloud:/home/sean# ip a add 172.20.0.79/32 dev qg-4bb9d20b-a0
root@cloud:/home/sean# ip a show qg-4bb9d20b-a0
365: qg-4bb9d20b-a0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:16:8f:4d brd ff:ff:ff:ff:ff:ff
inet 172.20.0.114/24 brd 172.20.0.255 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.142/32 brd 172.20.0.142 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.143/32 brd 172.20.0.143 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.79/32 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe16:8f4d/64 scope link
valid_lft forever preferred_lft forever
just adding this for context if i manually exec into the container as root(so that i can spawn the privsep damon process) and invoke the failing command via python it fails in the same way
sean@cloud:~$ docker exec -it -u root neutron_l3_agent bash l3-agent) [root@cloud /]# python3 delete_ ip_address( "172.20. 0.79/32" , "qg-4bb9d20b-a0", namespace= "qrouter- edf1cc99- 879a-4fe5- a7b2-d19acb8fdc bf") kolla/venv/ lib/python3. 9/site- packages/ neutron/ agent/linux/ ip_lib. py", line 834, in delete_ip_address delete_ ip_address( kolla/venv/ lib/python3. 9/site- packages/ oslo_privsep/ priv_context. py", line 271, in _wrap remote_ call(name, args, kwargs, kolla/venv/ lib/python3. 9/site- packages/ oslo_privsep/ daemon. py", line 215, in remote_call *result[ 2]) privileged. agent.linux. ip_lib. InterfaceOperat ionNotSupported : Operation not supported on interface qg-4bb9d20b-a0, namespace qrouter- edf1cc99- 879a-4fe5- a7b2-d19acb8fdc bf.
(neutron-
Python 3.9.2 (default, Feb 28 2021, 17:03:44)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from neutron.agent.linux import ip_lib
>>> ip_lib.
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/var/lib/
privileged.
File "/var/lib/
return self.channel.
File "/var/lib/
raise exc_type(
neutron.
however i can add and remove the IP via the commandline edf1cc99- 879a-4fe5- a7b2-d19acb8fdc bf bash
sudo ip netns exec qrouter-
root@cloud: /home/sean# ip a show qg-4bb9d20b-a0 MULTICAST, UP,LOWER_ UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 3eff:fe16: 8f4d/64 scope link /home/sean# ip a del 172.20.0.79/32 dev qg-4bb9d20b-a0 /home/sean# ip a show qg-4bb9d20b-a0 MULTICAST, UP,LOWER_ UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 3eff:fe16: 8f4d/64 scope link /home/sean# ip a add 172.20.0.79/32 dev qg-4bb9d20b-a0 /home/sean# ip a show qg-4bb9d20b-a0 MULTICAST, UP,LOWER_ UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 3eff:fe16: 8f4d/64 scope link
365: qg-4bb9d20b-a0: <BROADCAST,
link/ether fa:16:3e:16:8f:4d brd ff:ff:ff:ff:ff:ff
inet 172.20.0.114/24 brd 172.20.0.255 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.142/32 brd 172.20.0.142 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.79/32 brd 172.20.0.79 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.143/32 brd 172.20.0.143 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
root@cloud:
root@cloud:
365: qg-4bb9d20b-a0: <BROADCAST,
link/ether fa:16:3e:16:8f:4d brd ff:ff:ff:ff:ff:ff
inet 172.20.0.114/24 brd 172.20.0.255 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.142/32 brd 172.20.0.142 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.143/32 brd 172.20.0.143 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
root@cloud:
root@cloud:
365: qg-4bb9d20b-a0: <BROADCAST,
link/ether fa:16:3e:16:8f:4d brd ff:ff:ff:ff:ff:ff
inet 172.20.0.114/24 brd 172.20.0.255 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.142/32 brd 172.20.0.142 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.143/32 brd 172.20.0.143 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet 172.20.0.79/32 scope global qg-4bb9d20b-a0
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever