[victoria]oslo_privsep.daemon.FailedToDropPrivileges
Hi, everyone: I tried to build an instance on the compute node but failed. I am sure that every necessary connection has been built. And I found the same error information on the controller node and the compute node , in /var/log/neutron/linuxbride-agent.log That is information: INFO neutron.common.config [-] Logging enabled! 2021-04-07 11:30:52.866 2182 INFO neutron.common.config [-] /usr/bin/neutron-linuxbridge-agent version 17.1.0 2021-04-07 11:30:52.867 2182 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface mappings: {'provider': 'ens160'} 2021-04-07 11:30:52.867 2182 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Bridge mappings: {} 2021-04-07 11:30:52.868 2182 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--config-dir', '/etc/neutron/conf.d/neutron-linuxbridge-agent', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpm5d0ytiv/privsep.sock'] 2021-04-07 11:30:53.346 2182 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1) 2021-04-07 11:30:53.346 2182 CRITICAL neutron [-] Unhandled error: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1) 2021-04-07 11:30:53.346 2182 ERROR neutron Traceback (most recent call last): 2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/bin/neutron-linuxbridge-agent", line 10, in <module> 2021-04-07 11:30:53.346 2182 ERROR neutron sys.exit(main()) 2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/cmd/eventlet/plugins/linuxbridge_neutron_agent.py", line 28, in main 2021-04-07 11:30:53.346 2182 ERROR neutron agent_main.main() 2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 1052, in main 2021-04-07 11:30:53.346 2182 ERROR neutron manager = LinuxBridgeManager(bridge_mappings, interface_mappings) 2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 79, in __init__ 2021-04-07 11:30:53.346 2182 ERROR neutron self.validate_interface_mappings() 2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 94, in validate_interface_mappings 2021-04-07 11:30:53.346 2182 ERROR neutron if not ip_lib.device_exists(interface): 2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 748, in device_exists 2021-04-07 11:30:53.346 2182 ERROR neutron return IPDevice(device_name, namespace=namespace).exists() 2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 328, in exists 2021-04-07 11:30:53.346 2182 ERROR neutron return privileged.interface_exists(self.name, self.namespace) 2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 246, in _wrap 2021-04-07 11:30:53.346 2182 ERROR neutron self.start() 2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 258, in start 2021-04-07 11:30:53.346 2182 ERROR neutron channel = daemon.RootwrapClientChannel(context=self) 2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/daemon.py", line 367, in __init__ 2021-04-07 11:30:53.346 2182 ERROR neutron raise FailedToDropPrivileges(msg) 2021-04-07 11:30:53.346 2182 ERROR neutron oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1) 2021-04-07 11:30:53.346 2182 ERROR neutron And it is the configuration in /etc/sudoer.d/neutron below: Defaults:neutron !requiretty neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf I googled for the solution but they didn’t matter. How can I solve this problem? Thanks for your advicement!
Hello: This is indeed a problem with the execution privileges of the user running those commands. What deployment tool are you using? What is the user that runs the LB agent? The problem is, I think, that the privsep daemon is not properly starting. Try to execute manually the command you see in the logs. That will start the privsep daemon. If it doesn't work, check the privsep log and fix the permissions. ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--config-dir', '/etc/neutron/conf.d/neutron-linuxbridge-agent', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpm5d0ytiv/privsep.sock'] Regards. On Wed, Apr 7, 2021 at 5:51 AM 朝阳未烈 <379035389@qq.com> wrote:
Hi, everyone:
I tried to build an instance on the* compute node *but failed. I am sure that every necessary connection has been built.
And I found the same error information on the *controller node* and the *compute node* , in */var/log/neutron/linuxbride-agent.log*
That is information:
INFO neutron.common.config [-] Logging enabled!
2021-04-07 11:30:52.866 2182 INFO neutron.common.config [-] /usr/bin/neutron-linuxbridge-agent version 17.1.0
2021-04-07 11:30:52.867 2182 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface mappings: {'provider': 'ens160'}
2021-04-07 11:30:52.867 2182 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Bridge mappings: {}
2021-04-07 11:30:52.868 2182 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--config-dir', '/etc/neutron/conf.d/neutron-linuxbridge-agent', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpm5d0ytiv/privsep.sock']
2021-04-07 11:30:53.346 2182 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
2021-04-07 11:30:53.346 2182 CRITICAL neutron [-] Unhandled error: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2021-04-07 11:30:53.346 2182 ERROR neutron Traceback (most recent call last):
2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/bin/neutron-linuxbridge-agent", line 10, in <module>
2021-04-07 11:30:53.346 2182 ERROR neutron sys.exit(main())
2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/cmd/eventlet/plugins/linuxbridge_neutron_agent.py", line 28, in main
2021-04-07 11:30:53.346 2182 ERROR neutron agent_main.main()
2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 1052, in main
2021-04-07 11:30:53.346 2182 ERROR neutron manager = LinuxBridgeManager(bridge_mappings, interface_mappings)
2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 79, in __init__
2021-04-07 11:30:53.346 2182 ERROR neutron self.validate_interface_mappings()
2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 94, in validate_interface_mappings
2021-04-07 11:30:53.346 2182 ERROR neutron if not ip_lib.device_exists(interface):
2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 748, in device_exists
2021-04-07 11:30:53.346 2182 ERROR neutron return IPDevice(device_name, namespace=namespace).exists()
2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 328, in exists
2021-04-07 11:30:53.346 2182 ERROR neutron return privileged.interface_exists(self.name, self.namespace)
2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 246, in _wrap
2021-04-07 11:30:53.346 2182 ERROR neutron self.start()
2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 258, in start
2021-04-07 11:30:53.346 2182 ERROR neutron channel = daemon.RootwrapClientChannel(context=self)
2021-04-07 11:30:53.346 2182 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/daemon.py", line 367, in __init__
2021-04-07 11:30:53.346 2182 ERROR neutron raise FailedToDropPrivileges(msg)
2021-04-07 11:30:53.346 2182 ERROR neutron oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2021-04-07 11:30:53.346 2182 ERROR neutron
And it is the configuration in* /etc/sudoer.d/neutron *below:
*Defaults:neutron !requiretty*
*neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf **
*neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf*
I googled for the solution but they didn’t matter. How can I solve this problem? Thanks for your advicement!
participants (2)
-
Rodolfo Alonso Hernandez
-
朝阳未烈