neutron

neutron-keepalived-state-change run neutron-rootwrap-daemon anyway regardless of config

Bug #2052367 reported by LIU Yulong
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Confirmed
Medium
LIU Yulong

Bug Description

neutron-keepalived-state-change run neutron-rootwrap-daemon anyway regardless of config

https://review.opendev.org/q/topic:%22bug/1680183%22
It is the series of patches which replace "ip -o monitor" to pyroute2 python native process.

But we noticed that the neutron-keepalived-state-change run neutron-rootwrap-daemon anyway. It is not configurable.

A example process structure is:
root 30474 1 0 10:23 ? 00:00:00 /usr/bin/python /bin/neutron-keepalived-state-change --router_id=0a3f589a-40f7-400c-8cb7-e915c255dec1 --namespace=qrouter-0a3f589a-40f7-400c-8cb7-e915c255dec1 --conf_dir=/var/lib/neutron/ha_confs/0a3f589a-40f7-400c-8cb7-e915c255dec1 --log-file=/var/lib/neutron/ha_confs/0a3f589a-40f7-400c-8cb7-e915c255dec1/neutron-keepalived-state-change.log --monitor_interface=ha-1c854712-f1 --monitor_cidr=169.254.0.167/24 --pid_file=/var/lib/neutron/external/pids/0a3f589a-40f7-400c-8cb7-e915c255dec1.monitor.pid.neutron-keepalived-state-change-monitor --state_path=/var/lib/neutron --user=993 --group=990
root 30478 30474 0 10:23 ? 00:00:00 sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
root 30482 30478 0 10:23 ? 00:00:00 /usr/bin/python /bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
root 30479 30474 0 10:23 ? 00:00:00 /usr/bin/python /bin/neutron-keepalived-state-change --router_id=0a3f589a-40f7-400c-8cb7-e915c255dec1 --namespace=qrouter-0a3f589a-40f7-400c-8cb7-e915c255dec1 --conf_dir=/var/lib/neutron/ha_confs/0a3f589a-40f7-400c-8cb7-e915c255dec1 --log-file=/var/lib/neutron/ha_confs/0a3f589a-40f7-400c-8cb7-e915c255dec1/neutron-keepalived-state-change.log --monitor_interface=ha-1c854712-f1 --monitor_cidr=169.254.0.167/24 --pid_file=/var/lib/neutron/external/pids/0a3f589a-40f7-400c-8cb7-e915c255dec1.monitor.pid.neutron-keepalived-state-change-monitor --state_path=/var/lib/neutron --user=993 --group=990

We can see that the neutron-rootwrap-daemon did not spawn the "neutron-keepalived-state-change" sub-process.

And that "sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf" will run into a zombie process finally.

neutron-keepalived-state-change.log LOGs:

2024-02-04 10:23:21.022 30449 INFO neutron.common.config [-] Logging enabled!
2024-02-04 10:23:21.023 30449 INFO neutron.common.config [-] /bin/neutron-keepalived-state-change version 13.7.2.dev20240202170237
2024-02-04 10:23:21.023 30449 DEBUG neutron.common.config [-] command line: /bin/neutron-keepalived-state-change --router_id=0a3f589a-40f7-400c-8cb7-e915c255dec1 --namespace=qrouter-0a3f589a-40f7-400c-8cb7-e915c255dec1 --conf_dir=/var/lib/neutron/ha_confs/0a3f589a-40f7-400c-8cb7-e915c255dec1 --log-file=/var/lib/neutron/ha_confs/0a3f589a-40f7-400c-8cb7-e915c255dec1/neutron-keepalived-state-change.log --monitor_interface=ha-1c854712-f1 --monitor_cidr=169.254.0.167/24 --pid_file=/var/lib/neutron/external/pids/0a3f589a-40f7-400c-8cb7-e915c255dec1.monitor.pid.neutron-keepalived-state-change-monitor --state_path=/var/lib/neutron --user=993 --group=990 setup_logging /usr/lib/python/site-packages/neutron/common/config.py:106
2024-02-04 10:23:21.033 30474 DEBUG neutron.agent.linux.utils [-] Running command (rootwrap daemon): ['ip', 'netns', 'exec', 'qrouter-0a3f589a-40f7-400c-8cb7-e915c255dec1', 'ip', 'addr', 'show', 'ha-1c854712-f1'] execute_rootwrap_daemon /usr/lib/python/site-packages/neutron/agent/linux/utils.py:103
2024-02-04 10:23:21.043 30474 DEBUG oslo_rootwrap.client [-] Popen for ['sudo', 'neutron-rootwrap-daemon', '/etc/neutron/rootwrap.conf'] command has been instantiated _initialize /usr/lib/python/site-packages/oslo_rootwrap/client.py:73
2024-02-04 10:23:21.185 30474 INFO oslo_rootwrap.client [-] Spawned new rootwrap daemon process with pid=30478
2024-02-04 10:23:21.232 30474 DEBUG neutron.agent.l3.keepalived_state_change [-] Wrote router 0a3f589a-40f7-400c-8cb7-e915c255dec1 state master write_state_change /usr/lib/python/site-packages/neutron/agent/l3/keepalived_state_change.py:123
2024-02-04 10:23:21.235 30474 DEBUG neutron.agent.l3.keepalived_state_change [-] Notified agent router 0a3f589a-40f7-400c-8cb7-e915c255dec1, state master notify_agent /usr/lib/python/site-packages/neutron/agent/l3/keepalived_state_change.py:137
2024-02-04 10:23:21.236 30474 DEBUG neutron.agent.l3.keepalived_state_change [-] Initial status of router 0a3f589a-40f7-400c-8cb7-e915c255dec1 is master handle_initial_state /usr/lib/python/site-packages/neutron/agent/l3/keepalived_state_change.py:114

So the code of
https://github.com/openstack/neutron/blob/master/neutron/agent/l3/ha_router.py#L433-L444
should add some configurable options to decide whether run neutron-rootwrap-daemon the neutron-keepalived-state-change.

Revision history for this message
LIU Yulong (dragon889) wrote (last edit ):

Alright, it is point to an old bug:
https://bugs.launchpad.net/neutron/+bug/1825152
https://review.opendev.org/c/openstack/neutron/+/653378

Neutron should disable root_helper_daemon by default.

Miguel Lavalle (minsel)
Changed in neutron:
importance: Undecided → Medium
status: New → Confirmed
assignee: nobody → LIU Yulong (dragon889)
Revision history for this message
LIU Yulong (dragon889) wrote :

patch [1] mentioned on commont #1, does not solve the problem.

The neutron-rootwrap-daemon process still spawned for state-change.

[1]https://review.opendev.org/c/openstack/neutron/+/653378

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/907944

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/907944
Committed: https://opendev.org/openstack/neutron/commit/9065cdf78e0a5f5d9752820707b0d7101f4a3292
Submitter: "Zuul (22348)"
Branch: master

commit 9065cdf78e0a5f5d9752820707b0d7101f4a3292
Author: LIU Yulong <email address hidden>
Date: Tue Feb 6 13:51:37 2024 +0800

    Register root_helper config for state change

    Add config options for neutron-keepalived-state-change python bin
    daemon. And it will be possible to not run root neutron-rootwrap-daemon
    for it after fix of
    https://review.opendev.org/c/openstack/neutron/+/653378

    Related-Bug: #2052367
    Change-Id: I15060c9c6b1c2c11b3a7d692f945e27ffec9e854

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.