1

在配置 Neutron (OpenStack Stein) 的过程中,我发现了这个错误

oslo_privsep.daemon.FailedToDropPrivileges: privsep helper 命令退出非零 (1)

所有服务都在运行,但此错误仍然出现,如您在此处看到的: 在此处输入图像描述

中子-dhcp-agent.log:

2020-04-10 12:35:28.260 11675 INFO neutron.agent.dhcp.agent [-] Starting network f16e9457-1d03-44a2-b9e4-58666a06bca5 dhcp configuration
2020-04-10 12:35:28.260 11675 DEBUG neutron.agent.dhcp.agent [-] Calling driver for network: f16e9457-1d03-44a2-b9e4-58666a06bca5 action: enable call_driver /usr/lib/python3/dist-packages/neutron/agent/dhcp/agent.py:150
2020-04-10 12:35:28.261 11675 DEBUG neutron.agent.linux.utils [-] Unable to access /var/lib/neutron/dhcp/f16e9457-1d03-44a2-b9e4-58666a06bca5/pid get_value_from_file /usr/lib/python3/dist-packages/neutron/agent/linux/utils.py:261
2020-04-10 12:35:28.261 11675 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/dhcp_agent.ini', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmp17yerien/privsep.sock']
2020-04-10 12:35:29.339 11675 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent [-] Unable to enable dhcp for f16e9457-1d03-44a2-b9e4-58666a06bca5.: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent Traceback (most recent call last):
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/lib/python3/dist-packages/neutron/agent/dhcp/agent.py", line 159, in call_driver
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     getattr(driver, action)(**action_kwargs)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/lib/python3/dist-packages/neutron/agent/linux/dhcp.py", line 218, in enable
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     common_utils.wait_until_true(self._enable, timeout=300)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/lib/python3/dist-packages/neutron/common/utils.py", line 691, in wait_until_true
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     while not predicate():
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/lib/python3/dist-packages/neutron/agent/linux/dhcp.py", line 229, in _enable
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     interface_name = self.device_manager.setup(self.network)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/lib/python3/dist-packages/neutron/agent/linux/dhcp.py", line 1516, in setup
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     ip_lib.IPWrapper().ensure_namespace(network.namespace)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 236, in ensure_namespace
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     if not self.netns.exists(name):
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 797, in exists
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     return network_namespace_exists(name)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 1005, in network_namespace_exists
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     output = list_network_namespaces(**kwargs)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 991, in list_network_namespaces
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     return privileged.list_netns(**kwargs)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 244, in _wrap
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     self.start()
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 255, in start
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     channel = daemon.RootwrapClientChannel(context=self)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent   File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/daemon.py", line 331, in __init__
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent     raise FailedToDropPrivileges(msg)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent

neutron-linuxbridge-agent.log

2020-04-10 12:49:14.658 11278 INFO neutron.common.config [-] Logging enabled!
2020-04-10 12:49:14.659 11278 INFO neutron.common.config [-] /usr/bin/neutron-linuxbridge-agent version 14.0.4
2020-04-10 12:49:14.659 11278 DEBUG neutron.common.config [-] command line: /usr/bin/neutron-linuxbridge-agent --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/linuxbridge_agent.ini --log-file=/var/log/neutron/neutron-linuxbridge-agent.log setup_logging /usr/lib/python3/dist-packages/neutron/common/config.py:103
2020-04-10 12:49:14.660 11278 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface mappings: {'provider': 'wlp58s0'}
2020-04-10 12:49:14.661 11278 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Bridge mappings: {}
2020-04-10 12:49:14.662 11278 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmp2j9epw1d/privsep.sock']
2020-04-10 12:49:15.508 11278 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
2020-04-10 12:49:15.509 11278 CRITICAL neutron [-] Unhandled error: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:49:15.509 11278 ERROR neutron Traceback (most recent call last):
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/bin/neutron-linuxbridge-agent", line 10, in <module>
2020-04-10 12:49:15.509 11278 ERROR neutron     sys.exit(main())
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/lib/python3/dist-packages/neutron/cmd/eventlet/plugins/linuxbridge_neutron_agent.py", line 21, in main
2020-04-10 12:49:15.509 11278 ERROR neutron     agent_main.main()
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 1053, in main
2020-04-10 12:49:15.509 11278 ERROR neutron     manager = LinuxBridgeManager(bridge_mappings, interface_mappings)
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 82, in __init__
2020-04-10 12:49:15.509 11278 ERROR neutron     self.validate_interface_mappings()
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 97, in validate_interface_mappings
2020-04-10 12:49:15.509 11278 ERROR neutron     if not ip_lib.device_exists(interface):
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 818, in device_exists
2020-04-10 12:49:15.509 11278 ERROR neutron     return IPDevice(device_name, namespace=namespace).exists()
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 318, in exists
2020-04-10 12:49:15.509 11278 ERROR neutron     return privileged.interface_exists(self.name, self.namespace)
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/lib/python3/dist-packages/neutron/privileged/agent/linux/ip_lib.py", line 50, in sync_inner
2020-04-10 12:49:15.509 11278 ERROR neutron     return input_func(*args, **kwargs)
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 244, in _wrap
2020-04-10 12:49:15.509 11278 ERROR neutron     self.start()
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 255, in start
2020-04-10 12:49:15.509 11278 ERROR neutron     channel = daemon.RootwrapClientChannel(context=self)
2020-04-10 12:49:15.509 11278 ERROR neutron   File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/daemon.py", line 331, in __init__
2020-04-10 12:49:15.509 11278 ERROR neutron     raise FailedToDropPrivileges(msg)
2020-04-10 12:49:15.509 11278 ERROR neutron oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:49:15.509 11278 ERROR neutron 

我发现这是中子特权情况,这是我的 sudoers 文件:

  GNU nano 2.9.3                                                                                                                  /etc/sudoers                                                                                                                            

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
neutron         ALL=(ALL)       NOPASSWD: ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

我正在使用 Ubuntu 18.04 的计算机上安装 Openstack。

4

1 回答 1

1

Troubleshoot the Rootwrap configuration following the Rootwrap - OpenStack wiki

Add the line below to the /etc/nova/nova.conf:

rootwrap_config=/etc/nova/rootwrap.conf

Then

nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *

Finally restart the services

systemctl restart openstack-nova-compute.service
systemctl restart neutron-linuxbridge-agent.service
于 2020-12-16T16:48:51.987 回答