Page MenuHomePhabricator

cloudvps: neutron: investigate keepalived warning
Closed, ResolvedPublic

Description

Today while checking logs for neutron in cloudnet2001-dev.codfw.wmnet, I found this warning related to keepalived:

Jan 21 12:52:54 cloudnet2001-dev sudo[16516]:  neutron : TTY=unknown ; PWD=/var/lib/neutron ; USER=root ; COMMAND=/usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf ip netns exec qrouter-5712e22e-134a-40d3-a75a-1c9b441717ad keepalived -P -f /var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad/keepalived.conf -p /var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad.pid -r /var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad.pid-vrrp
Jan 21 12:52:54 cloudnet2001-dev sudo[16516]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:52:54 cloudnet2001-dev Keepalived[16521]: Starting Keepalived v1.3.2 (12/03,2016)
Jan 21 12:52:54 cloudnet2001-dev Keepalived[16521]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Jan 21 12:52:54 cloudnet2001-dev Keepalived[16521]: Opening file '/var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad/keepalived.conf'.
Jan 21 12:52:54 cloudnet2001-dev Keepalived[16523]: Starting VRRP child process, pid=16524

I searched for this same warning in eqiad1 (cloudnet1003 and cloudnet1004) and couldn't find anything.

We don't seem to declare this user in puppet. Not sure if that's really required, since keepalived is being executed as root in the neutron netns.

Event Timeline

aborrero triaged this task as Low priority.Jan 21 2019, 1:02 PM
aborrero created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 21 2019, 1:02 PM
aborrero removed aborrero as the assignee of this task.Sep 25 2019, 3:12 PM
aborrero moved this task from Doing to Inbox on the cloud-services-team (Kanban) board.

Mentioned in SAL (#wikimedia-cloud) [2019-11-01T14:27:58Z] <jeh> failover cloudnet2002-dev's neutron router to cloudnet2003-dev - testing T214297

JHedden closed this task as Resolved.Fri, Nov 1, 3:36 PM
JHedden claimed this task.
JHedden added a subscriber: JHedden.

Confirmed that this warning can safely be ignored.

Neutron is building the keepalived configuration in /var/lib/neutron/ha_confs/<UUID>/keepalived.conf and does not have a method to define the script_user configuration variable.

Also note that neutron expects keepalived to be running as root:

newton /etc/neutron/rootwrap.d/l3.filters
# Keepalived
keepalived: CommandFilter, keepalived, root
kill_keepalived: KillFilter, root, /usr/sbin/keepalived, -HUP, -15, -9

Thanks for investigating this!