Page MenuHomePhabricator
Create Task
Maniphest T214297

cloudvps: neutron: investigate keepalived warning
Closed, ResolvedPublic
Actions

Description

Today while checking logs for neutron in cloudnet2001-dev.codfw.wmnet, I found this warning related to keepalived:

Jan 21 12:52:54 cloudnet2001-dev sudo[16516]:  neutron : TTY=unknown ; PWD=/var/lib/neutron ; USER=root ; COMMAND=/usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf ip netns exec qrouter-5712e22e-134a-40d3-a75a-1c9b441717ad keepalived -P -f /var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad/keepalived.conf -p /var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad.pid -r /var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad.pid-vrrp
Jan 21 12:52:54 cloudnet2001-dev sudo[16516]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:52:54 cloudnet2001-dev Keepalived[16521]: Starting Keepalived v1.3.2 (12/03,2016)
Jan 21 12:52:54 cloudnet2001-dev Keepalived[16521]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Jan 21 12:52:54 cloudnet2001-dev Keepalived[16521]: Opening file '/var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad/keepalived.conf'.
Jan 21 12:52:54 cloudnet2001-dev Keepalived[16523]: Starting VRRP child process, pid=16524

I searched for this same warning in eqiad1 (cloudnet1003 and cloudnet1004) and couldn't find anything.

We don't seem to declare this user in puppet. Not sure if that's really required, since keepalived is being executed as root in the neutron netns.

Related Objects
Search...

Event Timeline

aborrero triaged this task as Low priority.Jan 21 2019, 1:02 PM
aborrero created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 21 2019, 1:02 PM
aborrero edited parent tasks, added: T214299: cloudvps: neutron: upgrade jessie -> stretch; removed: T212302: CloudVPS: upgrade: jessie -> stretch & mitaka -> newton.Jan 21 2019, 1:07 PM
bd808 moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.Jul 11 2019, 4:30 PM
aborrero removed aborrero as the assignee of this task.Sep 25 2019, 3:12 PM
aborrero moved this task from Doing to Inbox on the cloud-services-team (Kanban) board.
Stashbot added a comment.Nov 1 2019, 2:28 PM

Mentioned in SAL (#wikimedia-cloud) [2019-11-01T14:27:58Z] <jeh> failover cloudnet2002-dev's neutron router to cloudnet2003-dev - testing T214297

JHedden closed this task as Resolved.Nov 1 2019, 3:36 PM
JHedden claimed this task.
JHedden subscribed.

Confirmed that this warning can safely be ignored.

Neutron is building the keepalived configuration in /var/lib/neutron/ha_confs/<UUID>/keepalived.conf and does not have a method to define the script_user configuration variable.

Also note that neutron expects keepalived to be running as root:

newton /etc/neutron/rootwrap.d/l3.filters
# Keepalived
keepalived: CommandFilter, keepalived, root
kill_keepalived: KillFilter, root, /usr/sbin/keepalived, -HUP, -15, -9
aborrero added a comment.Nov 4 2019, 11:56 AM

Thanks for investigating this!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL