openstack-manuals

dnsmasq no address available

Bug #1332544 reported by axel vanzaghi
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-manuals
Invalid
Undecided
Thomas Goirand

Bug Description

Hi,

I have found that maybe something is missing in the documation to use Dnsmasq in Neutron.

As my instances weren't able to get a dhcp lease, I investigated and saw that dnsmasq wasn't able to read files under /var/lib/neutron . In fact, dnsmasq is started as a nobody user and /var/lib/neutron is owned by neutron and has rights sets to 750 so dnsmasq can't access this folder.

So 3 solutions is available from now :
1) set rights of /var/lib/neutron to 755 to allow dnsmasq to access it
2) override dnsmasq default config with dnsmasq_config_file in dhcp_agent.ini to set it to another user who has right on this folder (like neutron)
3) change the dhcp_confs in dhcp_conf.ini to set to an accessible folder for nobody user.

regards,
Axel Vanzaghi
-----------------------------------
Built: 2014-06-20T10:00:52 00:00
git SHA: cf40d505946951121468a170753d83905d8bdb55
URL: http://docs.openstack.org/icehouse/install-guide/install/apt-debian/content/neutron-ml2-network-node.html
source File: file:/home/jenkins/workspace/openstack-manuals-tox-doc-publishdocs/doc/install-guide/section_neutron-ml2-network-node.xml
xml:id: neutron-ml2-network-node

Revision history for this message
Matt Kassawara (ionosphere80) wrote :

Your report contains links to the Debian version of the documentation. Were you trying to configure neutron on Debian?

Revision history for this message
axel vanzaghi (axellinkgm) wrote :

oh sorry I forgot to mention it but yes I'm configuring neutron on debian 7

Revision history for this message
Matt Kassawara (ionosphere80) wrote :

Tom,

Can you take a look at this issue? I haven't seen it on other distributions.

Thanks,
Matt

Changed in openstack-manuals:
assignee: nobody → Thomas Goirand (thomas-goirand)
Revision history for this message
Thomas Goirand (thomas-goirand) wrote :

Hi,

I don't think this should be fixed on the documentation, but in the packages.

Thomas

Revision history for this message
Tom Fifield (fifieldt) wrote :

Thanks Thomas. Have you lodged a bug upstream by any chance?>

Changed in openstack-manuals:
status: New → Incomplete
Revision history for this message
Don Bowman (donbowman) wrote :

For interest I have run into this on Ubuntu 14.04.
dnsmasq is run as user 'nobody', and gets
stat("/var/lib/neutron/dhcp/e2a6a633-45f4-4fcd-a842-0c5fb54b2fba/host", 0x7fff42977110) = -1 EACCES (Permission denied)

which silently fails (e.g. dnsmasq comes up but doesn't work) as it is invoked as:

dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tapef46bd92-2c --except-interface=lo --pid-file=/var/lib/neutron/dhcp/e2a6a633-45f4-4fcd-a842-0c5fb54b2fba/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/e2a6a633-45f4-4fcd-a842-0c5fb54b2fba/host --addn-hosts=/var/lib/neutron/dhcp/e2a6a633-45f4-4fcd-a842-0c5fb54b2fba/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/e2a6a633-45f4-4fcd-a842-0c5fb54b2fba/opts --leasefile-ro --dhcp-range=set:tag0,172.16.1.0,static,86400s --dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq.conf --server=107.150.57.202 --domain=stack

changing /etc/neutron/dnsmasq.conf to add 'user=neutron' causes it to work properly.

Revision history for this message
Thomas Goirand (thomas-goirand) wrote :

Hi,

In Debian, I have now added a chmod o+x /var/lib/neutron, which seems to fix the issue. However, the question is still pending: should neutron set user=neutron when starting dnsmasq?

FYI, the patch would be to add:

--user=neutron

in neutron/agent/linux/dhcp.py, in the spawn_process() method. I know that at least the Debian DSA are doing this (by patching the dhcp.py file manually), and it worked well. Note that I've raised the issue in the dev list, with no answer from anyone in Neutron.

Cheers,

Thomas

Revision history for this message
axel vanzaghi (axellinkgm) wrote :

Hello,

I just have reinstalled my entire OpenStack. The instance I launched has got its ip from DHCP so your fix works on Debian 7.

Thank you for all

Revision history for this message
Gauvain Pocentek (gpocentek) wrote :

Setting this bug as invalid. If you guys think that there is something to be done in neutron feel free to affect it to the neutron project.

Changed in openstack-manuals:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.