Reviewed: https://review.openstack.org/613591 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=32cc8b63d7bbe5cfc83b82a058d1c5832980f290 Submitter: Zuul Branch: master
commit 32cc8b63d7bbe5cfc83b82a058d1c5832980f290 Author: Oleg Bondarev <obonda...@mirantis.com> Date: Fri Oct 26 18:02:27 2018 +0400 Add capabilities for privsep CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH were added (like in nova) to fix agents on kernel 4.15. Please see bug for details Change-Id: Ieed6f5f6906036cdeaf2c3d96350eeae9559c0c7 Closes-Bug: #1800157 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1800157 Title: privsep: lack of capabilities on kernel 4.15 Status in neutron: Fix Released Bug description: l3 and dhcp agents are not functioning on kernel 4.15 due to privsep errors: 2018-10-25 09:10:38,747.747 24060 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/neutron/l3_agent.ini', '--config-file', '/etc/neutron/fwaas_driver.ini', '--config-file', '/etc/neutron/neutron.conf', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpS5k5y2/privsep.sock'] 2018-10-25 09:10:39,361.361 24060 WARNING oslo.privsep.daemon [-] privsep log: Error in sys.excepthook: 2018-10-25 09:10:39,363.363 24060 WARNING oslo.privsep.daemon [-] privsep log: Traceback (most recent call last): 2018-10-25 09:10:39,363.363 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/python2.7/dist-packages/oslo_log/log.py", line 193, in logging_excepthook 2018-10-25 09:10:39,364.364 24060 WARNING oslo.privsep.daemon [-] privsep log: getLogger(product_name).critical('Unhandled error', **extra) 2018-10-25 09:10:39,365.365 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/python2.7/logging/__init__.py", line 1481, in critical 2018-10-25 09:10:39,365.365 24060 WARNING oslo.privsep.daemon [-] privsep log: self.logger.critical(msg, *args, **kwargs) 2018-10-25 09:10:39,366.366 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/python2.7/logging/__init__.py", line 1212, in critical 2018-10-25 09:10:39,366.366 24060 WARNING oslo.privsep.daemon [-] privsep log: self._log(CRITICAL, msg, args, **kwargs) 2018-10-25 09:10:39,367.367 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/python2.7/logging/__init__.py", line 1286, in _log 2018-10-25 09:10:39,367.367 24060 WARNING oslo.privsep.daemon [-] privsep log: self.handle(record) 2018-10-25 09:10:39,368.368 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/python2.7/logging/__init__.py", line 1296, in handle 2018-10-25 09:10:39,368.368 24060 WARNING oslo.privsep.daemon [-] privsep log: self.callHandlers(record) 2018-10-25 09:10:39,369.369 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/python2.7/logging/__init__.py", line 1336, in callHandlers 2018-10-25 09:10:39,370.370 24060 WARNING oslo.privsep.daemon [-] privsep log: hdlr.handle(record) 2018-10-25 09:10:39,370.370 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/python2.7/logging/__init__.py", line 759, in handle 2018-10-25 09:10:39,371.371 24060 WARNING oslo.privsep.daemon [-] privsep log: self.emit(record) 2018-10-25 09:10:39,371.371 24060 WARNING oslo.privsep.daemon [-] privsep log: File "/usr/lib/python2.7/logging/handlers.py", line 414, in emit 2018-10-25 09:10:39,372.372 24060 WARNING oslo.privsep.daemon [-] privsep log: sres = os.stat(self.baseFilename) 2018-10-25 09:10:39,372.372 24060 WARNING oslo.privsep.daemon [-] privsep log: OSError: [Errno 13] Permission denied: '/var/log/neutron/neutron.log' ... 24060 ERROR neutron.agent.l3.agent FailedToDropPrivileges: Privsep daemon failed to start To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1800157/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp