From 6f3620aa88feef9527f8c9599dec049a831b49fa Mon Sep 17 00:00:00 2001 From: Miguel Lavalle Date: Wed, 13 Feb 2019 12:29:36 -0600 Subject: [PATCH] Add rootwrap filters to kill state change monitor When deleting HA routers, the keepalived state change monitor has to be deleted. This patch adds rootwrap filters to allow deleting the state change monitor. Change-Id: Icfb208d9b51eaa41cf01af81f1ede7420a19cc93 Partial-Bug: #1795870 Partial-Bug: #1789434 (cherry picked from commit 25c432a05a57f794dcbb4f17ce224d914c65e071) --- etc/neutron/rootwrap.d/l3.filters | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/etc/neutron/rootwrap.d/l3.filters b/etc/neutron/rootwrap.d/l3.filters index 0b13ad1967e..62e19a310d4 100644 --- a/etc/neutron/rootwrap.d/l3.filters +++ b/etc/neutron/rootwrap.d/l3.filters @@ -57,10 +57,21 @@ ip6tables-restore: CommandFilter, ip6tables-restore, root # Keepalived keepalived: CommandFilter, keepalived, root -kill_keepalived: KillFilter, root, /usr/sbin/keepalived, -HUP, -15, -9 +kill_keepalived: KillFilter, root, keepalived, -HUP, -15, -9 # l3 agent to delete floatingip's conntrack state conntrack: CommandFilter, conntrack, root # keepalived state change monitor keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root +# The following filters are used to kill the keepalived state change monitor. +# Since the monitor runs as a Python script, the system reports that the +# command of the process to be killed is python. +# TODO(mlavalle) These kill filters will be updated once we come up with a +# mechanism to kill using the name of the script being executed by Python +kill_keepalived_monitor_py: KillFilter, root, python, -15 +kill_keepalived_monitor_py27: KillFilter, root, python2.7, -15 +kill_keepalived_monitor_py3: KillFilter, root, python3, -15 +kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15 +kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15 +kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15