[victoria]oslo_privsep.daemon.FailedToDropPrivileges

Rodolfo Alonso Hernandez ralonsoh at redhat.com
Wed Apr 7 07:24:24 UTC 2021 

Hello:

This is indeed a problem with the execution privileges of the user running
those commands.

What deployment tool are you using? What is the user that runs the LB agent?

The problem is, I think, that the privsep daemon is not properly starting.
Try to execute manually the command you see in the logs. That will start
the privsep daemon. If it doesn't work, check the privsep log and fix the
permissions.
['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf',
'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf',
'--config-file', '/etc/neutron/neutron.conf', '--config-file',
'/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--config-dir',
'/etc/neutron/conf.d/neutron-linuxbridge-agent', '--privsep_context',
'neutron.privileged.default', '--privsep_sock_path',
'/tmp/tmpm5d0ytiv/privsep.sock']

Regards.




On Wed, Apr 7, 2021 at 5:51 AM 朝阳未烈 <379035389 at qq.com> wrote:

> Hi, everyone:
>
> I tried to build an instance on the* compute node *but failed. I am sure
> that every necessary connection has been built.
>
> And I found the same error information on the *controller node* and the *compute
> node* , in */var/log/neutron/linuxbride-agent.log*
>
> That is information:
>
> INFO neutron.common.config [-] Logging enabled!
>
> 2021-04-07 11:30:52.866 2182 INFO neutron.common.config [-]
> /usr/bin/neutron-linuxbridge-agent version 17.1.0
>
> 2021-04-07 11:30:52.867 2182 INFO
> neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-]
> Interface mappings: {'provider': 'ens160'}
>
> 2021-04-07 11:30:52.867 2182 INFO
> neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-]
> Bridge mappings: {}
>
> 2021-04-07 11:30:52.868 2182 INFO oslo.privsep.daemon [-] Running privsep
> helper: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf',
> 'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf',
> '--config-file', '/etc/neutron/neutron.conf', '--config-file',
> '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--config-dir',
> '/etc/neutron/conf.d/neutron-linuxbridge-agent', '--privsep_context',
> 'neutron.privileged.default', '--privsep_sock_path',
> '/tmp/tmpm5d0ytiv/privsep.sock']
>
> 2021-04-07 11:30:53.346 2182 CRITICAL oslo.privsep.daemon [-] privsep
> helper command exited non-zero (1)
>
> 2021-04-07 11:30:53.346 2182 CRITICAL neutron [-] Unhandled error:
> oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited
> non-zero (1)
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron Traceback (most recent call
> last):
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron   File
> "/usr/bin/neutron-linuxbridge-agent", line 10, in <module>
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron     sys.exit(main())
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron   File
> "/usr/lib/python3.6/site-packages/neutron/cmd/eventlet/plugins/linuxbridge_neutron_agent.py",
> line 28, in main
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron     agent_main.main()
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron   File
> "/usr/lib/python3.6/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py",
> line 1052, in main
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron     manager =
> LinuxBridgeManager(bridge_mappings, interface_mappings)
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron   File
> "/usr/lib/python3.6/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py",
> line 79, in __init__
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron
> self.validate_interface_mappings()
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron   File
> "/usr/lib/python3.6/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py",
> line 94, in validate_interface_mappings
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron     if not
> ip_lib.device_exists(interface):
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron   File
> "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 748,
> in device_exists
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron     return
> IPDevice(device_name, namespace=namespace).exists()
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron   File
> "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 328,
> in exists
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron     return
> privileged.interface_exists(self.name, self.namespace)
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron   File
> "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 246,
> in _wrap
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron     self.start()
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron   File
> "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 258,
> in start
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron     channel =
> daemon.RootwrapClientChannel(context=self)
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron   File
> "/usr/lib/python3.6/site-packages/oslo_privsep/daemon.py", line 367, in
> __init__
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron     raise
> FailedToDropPrivileges(msg)
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron
> oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited
> non-zero (1)
>
> 2021-04-07 11:30:53.346 2182 ERROR neutron
>
>
>
>
>
> And it is the configuration in* /etc/sudoer.d/neutron *below:
>
>
>
> *Defaults:neutron !requiretty*
>
> *neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap
> /etc/neutron/rootwrap.conf **
>
> *neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon
> /etc/neutron/rootwrap.conf*
>
>
>
>
>
> I googled for the solution but they didn’t matter. How can I solve this
> problem? Thanks for your advicement!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210407/8a9c2c6d/attachment.html>

More information about the openstack-discuss mailing list