tripleo

metadata-proxy process is not killed when running in a virtual environment

Bug #1398591 reported by Stephen Ma
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Stephen Ma

Bug Description

When the neutron-l3-agent is running in a virtual environment. It forks off metadata proxy processes that are also ran the same virtual environment. When it comes time to kill the metadata proxy process, the l3 agent fails to do so because of rootwrap failures (exit code is 99, rootwrap reports "no filters matched"). The files 80-neutron-dhcp-agent and 80-neutron-networking from the tripleo-image-elements repo is supposed to replace the path "/usr/bin/python" with the value of NEUTRON_VENV_DIR in the /etc/neutron/rootwrap.d/l3.filter and /etc/neutron/rootwrap.d/dhcp.filter.

A later change in neutron (Change Id I987dd87e19c218846a48e58b61679b4153d97f66) modified the two filter files. "/usr/bin/python" is now replaced with "python". So the substitution made by 80-neutron-dhcp-agent and 80-neutron-router never take place. Consequently, the metadata-proxy processes can't never be killed.

See original description
Stephen Ma (stephen-ma)
Changed in tripleo:
assignee: nobody → Stephen Ma (stephen-ma)
Stephen Ma (stephen-ma)
description: updated
OpenStack Infra (hudson-openstack)
Changed in tripleo:
status: New → In Progress
Revision history for this message
Stephen Ma (stephen-ma) wrote :

Submitted code review https://review.openstack.org/#/c/138579/ to fix this problem.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-image-elements (master)

Reviewed: https://review.openstack.org/138579
Committed: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=d1c9cbebe5e94e9616dc7ee41cd94ace25cdb36e
Submitter: Jenkins
Branch: master

commit d1c9cbebe5e94e9616dc7ee41cd94ace25cdb36e
Author: Stephen Ma <email address hidden>
Date: Tue Dec 2 22:47:52 2014 +0000

    Change the kill_metadata executable strings in Neutron

    The scripts 80-neutron-dhcp-agent and 80-neutron-router modifies
    the neutron rootwrap filter files l3.filters and dhcp.filters.
    They replaces the string "/usr/bin/python" with the path to
    the python found in the NEUTRON_VENV_DIR/bin directory.

    The neutron patch https://review.openstack.org/#/c/118296
    replaced "/usr/bin/python" with "python" in the kill_metadata
    filters. As a result, the 80-neutron-dhcp-agent and 80-neutron-
    router scripts need to be modified to make the same replacement
    of "/usr/bin/python" with "python".

    If this were not corrected, the neutron L3 agent will get a
    rootwrap error (no filters matched) when it tries to kill a
    metadata-proxy process and caused the cleanup of a deleted
    router to fail.

    Closes-Bug: #1398591
    Change-Id: Id520ea27f2803447eff654d14ba8cbb388502a52

Changed in tripleo:
status: In Progress → Fix Committed
Gregory Haynes (greghaynes)
Changed in tripleo:
importance: Undecided → High
Derek Higgins (derekh)
Changed in tripleo:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.