Fuel for OpenStack

Neutron l3 agent unable to list network namespaces

Series 4.1.x
Bug #1414239

Bug #1414239 reported by Kevin Benton on 2015-01-24

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Fuel for OpenStack	Fix Released	High	Ryan Moe	Fuel for OpenStack 6.1
4.1.x	In Progress	High	Ryan Moe	Fuel for OpenStack 4.1.1-updates
5.0.x	Fix Committed	High	Ryan Moe	Fuel for OpenStack 5.0-updates
5.1.x	Fix Committed	High	Ryan Moe	Fuel for OpenStack 5.1.1-updates
6.0.x	Fix Committed	High	Ryan Moe	Fuel for OpenStack 6.0-updates

Bug Description

The Neutron L3 agent does not use the root_helper to check for the existence of a namespace.
The permissions on /var/run/netns do not allow non-root users to see if namespaces exist. [1]

This causes the L3 agent to throw exceptions when it tries to create a namespace that actually already exists so the interfaces don't get setup properly.[2]

Neutron Kilo will come with an option to use the root_helper for namespace reading. Unfortunately that won't be back-ported to Juno so the permissions on the namespace directory need to be adjusted to allow neutron to list the files.

1. http://paste.openstack.org/show/161056/
2. http://paste.openstack.org/show/161057/

Bartłomiej Piotrowski (bpiotrowski) on 2015-01-27

Changed in fuel:
importance:	Undecided → High
assignee:	nobody → Fuel Library Team (fuel-library)
milestone:	none → 6.1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-04: Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/152751

Changed in fuel:
assignee:	Fuel Library Team (fuel-library) → Ryan Moe (rmoe)
status:	New → In Progress

Ryan Moe (rmoe) on 2015-02-11

summary:

- neutron l3 agent doesn't work in 6.0
+ Neutron l3 agent unable to list network namespaces

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-16: Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/152751
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=5f2d498bcd3338825c3d5da83a8ea8503afa95ed
Submitter: Jenkins
Branch: master

commit 5f2d498bcd3338825c3d5da83a8ea8503afa95ed
Author: Ryan Moe <email address hidden>
Date: Tue Feb 3 16:32:32 2015 -0800

Set umask to 0022 for OCF scripts that add network namespaces

    When ns_haproxy or ns_IPaddr2 create the first network namespace
    /var/run/netns will have permissions of 751 due to the umask
    being 0026 at that time. This will cause the problems with
    Neutron agents described in the referenced bug.

Change-Id: Ib8d1f485272ef843e935f43b1b40d7db6b0c2e78
Closes-bug: #1414239

Changed in fuel:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-17: Fix proposed to fuel-library (stable/6.0)

Fix proposed to branch: stable/6.0
Review: https://review.openstack.org/156550

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-18: Fix merged to fuel-library (stable/6.0)

Reviewed: https://review.openstack.org/156550
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=5dcf599284ab8390abc8bdd0e023bc2495c5ac77
Submitter: Jenkins
Branch: stable/6.0

commit 5dcf599284ab8390abc8bdd0e023bc2495c5ac77
Author: Vladimir Kuklin <email address hidden>
Date: Tue Feb 17 14:22:18 2015 +0300

Set umask to 0022 for OCF scripts that add network namespaces

Change-Id: Ib8d1f485272ef843e935f43b1b40d7db6b0c2e78
Closes-bug: #1414239

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-19: Fix proposed to fuel-library (stable/5.1)

Fix proposed to branch: stable/5.1
Review: https://review.openstack.org/157473

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-19: Fix proposed to fuel-library (stable/5.0)

Fix proposed to branch: stable/5.0
Review: https://review.openstack.org/157475

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-19: Fix proposed to fuel-library (stable/4.1)

Fix proposed to branch: stable/4.1
Review: https://review.openstack.org/157479

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-28: Fix merged to fuel-library (stable/5.1)

Reviewed: https://review.openstack.org/157473
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=cf15fe0afc87a3db2ef061d5c3bdc50291778a61
Submitter: Jenkins
Branch: stable/5.1

commit cf15fe0afc87a3db2ef061d5c3bdc50291778a61
Author: Ryan Moe <email address hidden>
Date: Tue Feb 3 16:32:32 2015 -0800

Set umask to 0022 for OCF scripts that add network namespaces

Change-Id: Ib8d1f485272ef843e935f43b1b40d7db6b0c2e78
Closes-bug: #1414239

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-09: Fix merged to fuel-library (stable/5.0)

Reviewed: https://review.openstack.org/157475
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=7f80b93b7fb742e065e5eff72b790dd1552edb62
Submitter: Jenkins
Branch: stable/5.0

commit 7f80b93b7fb742e065e5eff72b790dd1552edb62
Author: Ryan Moe <email address hidden>
Date: Tue Feb 3 16:32:32 2015 -0800

Set umask to 0022 for OCF scripts that add network namespaces

Change-Id: Ib8d1f485272ef843e935f43b1b40d7db6b0c2e78
Closes-bug: #1414239

Revision history for this message

Alexander Nevenchannyy (anevenchannyy) wrote on 2015-05-20:

#10

Verified on MOS 6.1 ISO #429
Steps to Verify:
root@node-1:/# sudo -u neutron ip netns list
qrouter-55f0eced-af80-41e0-8afa-b31ff5bcffb8
haproxy
vrouter
root@node-1:/# ip netns list
qrouter-55f0eced-af80-41e0-8afa-b31ff5bcffb8
haproxy
vrouter