openstack - 中子错误:oslo_privsep.daemon.FailedToDropPrivileges:privsep helper 命令退出非零(1
问题描述
在配置 Neutron (OpenStack Stein) 的过程中,我发现了这个错误
oslo_privsep.daemon.FailedToDropPrivileges: privsep helper 命令退出非零 (1)
中子-dhcp-agent.log:
2020-04-10 12:35:28.260 11675 INFO neutron.agent.dhcp.agent [-] Starting network f16e9457-1d03-44a2-b9e4-58666a06bca5 dhcp configuration
2020-04-10 12:35:28.260 11675 DEBUG neutron.agent.dhcp.agent [-] Calling driver for network: f16e9457-1d03-44a2-b9e4-58666a06bca5 action: enable call_driver /usr/lib/python3/dist-packages/neutron/agent/dhcp/agent.py:150
2020-04-10 12:35:28.261 11675 DEBUG neutron.agent.linux.utils [-] Unable to access /var/lib/neutron/dhcp/f16e9457-1d03-44a2-b9e4-58666a06bca5/pid get_value_from_file /usr/lib/python3/dist-packages/neutron/agent/linux/utils.py:261
2020-04-10 12:35:28.261 11675 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/dhcp_agent.ini', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmp17yerien/privsep.sock']
2020-04-10 12:35:29.339 11675 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent [-] Unable to enable dhcp for f16e9457-1d03-44a2-b9e4-58666a06bca5.: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent Traceback (most recent call last):
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/dhcp/agent.py", line 159, in call_driver
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent getattr(driver, action)(**action_kwargs)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/dhcp.py", line 218, in enable
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent common_utils.wait_until_true(self._enable, timeout=300)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/common/utils.py", line 691, in wait_until_true
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent while not predicate():
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/dhcp.py", line 229, in _enable
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent interface_name = self.device_manager.setup(self.network)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/dhcp.py", line 1516, in setup
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent ip_lib.IPWrapper().ensure_namespace(network.namespace)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 236, in ensure_namespace
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent if not self.netns.exists(name):
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 797, in exists
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent return network_namespace_exists(name)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 1005, in network_namespace_exists
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent output = list_network_namespaces(**kwargs)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 991, in list_network_namespaces
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent return privileged.list_netns(**kwargs)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 244, in _wrap
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent self.start()
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 255, in start
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent channel = daemon.RootwrapClientChannel(context=self)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/daemon.py", line 331, in __init__
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent raise FailedToDropPrivileges(msg)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent
neutron-linuxbridge-agent.log
2020-04-10 12:49:14.658 11278 INFO neutron.common.config [-] Logging enabled!
2020-04-10 12:49:14.659 11278 INFO neutron.common.config [-] /usr/bin/neutron-linuxbridge-agent version 14.0.4
2020-04-10 12:49:14.659 11278 DEBUG neutron.common.config [-] command line: /usr/bin/neutron-linuxbridge-agent --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/linuxbridge_agent.ini --log-file=/var/log/neutron/neutron-linuxbridge-agent.log setup_logging /usr/lib/python3/dist-packages/neutron/common/config.py:103
2020-04-10 12:49:14.660 11278 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface mappings: {'provider': 'wlp58s0'}
2020-04-10 12:49:14.661 11278 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Bridge mappings: {}
2020-04-10 12:49:14.662 11278 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmp2j9epw1d/privsep.sock']
2020-04-10 12:49:15.508 11278 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
2020-04-10 12:49:15.509 11278 CRITICAL neutron [-] Unhandled error: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:49:15.509 11278 ERROR neutron Traceback (most recent call last):
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/bin/neutron-linuxbridge-agent", line 10, in <module>
2020-04-10 12:49:15.509 11278 ERROR neutron sys.exit(main())
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/cmd/eventlet/plugins/linuxbridge_neutron_agent.py", line 21, in main
2020-04-10 12:49:15.509 11278 ERROR neutron agent_main.main()
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 1053, in main
2020-04-10 12:49:15.509 11278 ERROR neutron manager = LinuxBridgeManager(bridge_mappings, interface_mappings)
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 82, in __init__
2020-04-10 12:49:15.509 11278 ERROR neutron self.validate_interface_mappings()
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 97, in validate_interface_mappings
2020-04-10 12:49:15.509 11278 ERROR neutron if not ip_lib.device_exists(interface):
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 818, in device_exists
2020-04-10 12:49:15.509 11278 ERROR neutron return IPDevice(device_name, namespace=namespace).exists()
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 318, in exists
2020-04-10 12:49:15.509 11278 ERROR neutron return privileged.interface_exists(self.name, self.namespace)
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/privileged/agent/linux/ip_lib.py", line 50, in sync_inner
2020-04-10 12:49:15.509 11278 ERROR neutron return input_func(*args, **kwargs)
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 244, in _wrap
2020-04-10 12:49:15.509 11278 ERROR neutron self.start()
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 255, in start
2020-04-10 12:49:15.509 11278 ERROR neutron channel = daemon.RootwrapClientChannel(context=self)
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/daemon.py", line 331, in __init__
2020-04-10 12:49:15.509 11278 ERROR neutron raise FailedToDropPrivileges(msg)
2020-04-10 12:49:15.509 11278 ERROR neutron oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:49:15.509 11278 ERROR neutron
我发现这是中子特权情况,这是我的 sudoers 文件:
GNU nano 2.9.3 /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
neutron ALL=(ALL) NOPASSWD: ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
我正在使用 Ubuntu 18.04 的计算机上安装 Openstack。
解决方案
Troubleshoot the Rootwrap configuration following the Rootwrap - OpenStack wiki
Add the line below to the /etc/nova/nova.conf
:
rootwrap_config=/etc/nova/rootwrap.conf
Then
nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *
Finally restart the services
systemctl restart openstack-nova-compute.service
systemctl restart neutron-linuxbridge-agent.service
推荐阅读
- c# - 以目标目录路径为参数的静默安装
- python - 检查数据框是否有零元素
- ruby-on-rails - 后期模型中 before_save 的未定义方法错误
- javascript - JavaScript 中的解构赋值模式似乎并不清晰
- python - 源文件中的 pylint 忽略类
- sql - Excel 构建查询后 SQL 中的 Varbinary 列不匹配
- python - Google Colab GPU 上的 TensorFlow 模型精度更高
- linux - 如何在 Linux 上将包含当前日期的文件名减去 1 天
- android - 每当我创建一个新的领域类时,我都会收到迁移错误?
- entity-framework-core - dotnet core 2.0 在脚手架时复数?