From 672a4328a97d6dae98cec208851198040530bd35 Mon Sep 17 00:00:00 2001 From: Miguel Lavalle Date: Wed, 13 Feb 2019 12:29:36 -0600 Subject: [PATCH] Add rootwrap filters to kill state change monitor When deleting HA routers, the keepalived state change monitor has to be deleted. This patch adds rootwrap filters to allow deleting the state change monitor. Change-Id: Icfb208d9b51eaa41cf01af81f1ede7420a19cc93 Partial-Bug: #1795870 Partial-Bug: #1789434 (cherry picked from commit 25c432a05a57f794dcbb4f17ce224d914c65e071) (cherry picked from commit 6f3620aa88feef9527f8c9599dec049a831b49fa) --- etc/neutron/rootwrap.d/l3.filters | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/etc/neutron/rootwrap.d/l3.filters b/etc/neutron/rootwrap.d/l3.filters index a0a86e600c4..65ee5e09533 100644 --- a/etc/neutron/rootwrap.d/l3.filters +++ b/etc/neutron/rootwrap.d/l3.filters @@ -48,10 +48,21 @@ ip6tables-restore: CommandFilter, ip6tables-restore, root # Keepalived keepalived: CommandFilter, keepalived, root -kill_keepalived: KillFilter, root, /usr/sbin/keepalived, -HUP, -15, -9 +kill_keepalived: KillFilter, root, keepalived, -HUP, -15, -9 # l3 agent to delete floatingip's conntrack state conntrack: CommandFilter, conntrack, root # keepalived state change monitor keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root +# The following filters are used to kill the keepalived state change monitor. +# Since the monitor runs as a Python script, the system reports that the +# command of the process to be killed is python. +# TODO(mlavalle) These kill filters will be updated once we come up with a +# mechanism to kill using the name of the script being executed by Python +kill_keepalived_monitor_py: KillFilter, root, python, -15 +kill_keepalived_monitor_py27: KillFilter, root, python2.7, -15 +kill_keepalived_monitor_py3: KillFilter, root, python3, -15 +kill_keepalived_monitor_py35: KillFilter, root, python3.5, -15 +kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15 +kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15