Browse Source

Merge "Kill all processes running in a namespace before deletion" into stable/stein

tags/14.2.0
Zuul 2 months ago
committed by Gerrit Code Review
parent
commit
c24edb770c
5 changed files with 53 additions and 2 deletions
  1. +5
    -1
      etc/neutron/rootwrap.d/debug.filters
  2. +9
    -0
      neutron/agent/linux/ip_lib.py
  3. +2
    -1
      neutron/privileged/__init__.py
  4. +2
    -0
      neutron/tests/common/net_helpers.py
  5. +35
    -0
      neutron/tests/functional/privileged/agent/linux/test_ip_lib.py

+ 5
- 1
etc/neutron/rootwrap.d/debug.filters View File

@@ -15,4 +15,8 @@
ping: RegExpFilter, ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
ping_alt: RegExpFilter, ping, root, ping, -c, \d+, -w, \d+, [0-9\.]+
ping6: RegExpFilter, ping6, root, ping6, -w, \d+, -c, \d+, [0-9A-Fa-f:]+
ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+
ping6_alt: RegExpFilter, ping6, root, ping6, -c, \d+, -w, \d+, [0-9A-Fa-f:]+

# "sleep" command, only for testing
sleep: RegExpFilter, sleep, root, sleep, \d+
kill_sleep: KillFilter, root, sleep, -9

+ 9
- 0
neutron/agent/linux/ip_lib.py View File

@@ -1017,6 +1017,15 @@ def network_namespace_exists(namespace, try_is_ready=False, **kwargs):
return False


def list_namespace_pids(namespace):
"""List namespace process PIDs

:param namespace: (string) the name of the namespace
:return: (tuple)
"""
return privileged.list_ns_pids(namespace)


def ensure_device_is_ready(device_name, namespace=None):
dev = IPDevice(device_name, namespace=namespace)
try:


+ 2
- 1
neutron/privileged/__init__.py View File

@@ -25,5 +25,6 @@ default = priv_context.PrivContext(
capabilities=[caps.CAP_SYS_ADMIN,
caps.CAP_NET_ADMIN,
caps.CAP_DAC_OVERRIDE,
caps.CAP_DAC_READ_SEARCH],
caps.CAP_DAC_READ_SEARCH,
caps.CAP_SYS_PTRACE],
)

+ 2
- 0
neutron/tests/common/net_helpers.py View File

@@ -583,6 +583,8 @@ class NamespaceFixture(fixtures.Fixture):

def destroy(self):
if self.ip_wrapper.netns.exists(self.name):
for pid in ip_lib.list_namespace_pids(self.name):
utils.kill_process(pid, signal.SIGKILL, run_as_root=True)
self.ip_wrapper.netns.delete(self.name)




+ 35
- 0
neutron/tests/functional/privileged/agent/linux/test_ip_lib.py View File

@@ -12,14 +12,17 @@
# License for the specific language governing permissions and limitations
# under the License.

import functools
import random

import eventlet
from oslo_utils import uuidutils
import testtools

from neutron.agent.linux import ip_lib
from neutron.common import utils as common_utils
from neutron.privileged.agent.linux import ip_lib as priv_ip_lib
from neutron.tests.common import net_helpers
from neutron.tests.functional import base as functional_base


@@ -455,3 +458,35 @@ class GetIpAddressesTestCase(functional_base.BaseSudoTestCase):
self.assertEqual(interfaces[int_name]['cidr'], cidr)
self.assertEqual(interfaces[int_name]['scope'],
ip_lib.IP_ADDRESS_SCOPE[ip_address['scope']])


class ListNamespacePids(functional_base.BaseSudoTestCase):

def setUp(self):
super(ListNamespacePids, self).setUp()
self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name

@staticmethod
def _run_sleep(namespace):
ip_wrapper = ip_lib.IPWrapper(namespace=namespace)
ip_wrapper.netns.execute(['sleep', '100'], check_exit_code=False)

def _check_pids(self, num_pids, namespace=None):
namespace = self.namespace if not namespace else namespace
self.pids = priv_ip_lib.list_ns_pids(namespace)
return len(self.pids) == num_pids

def test_list_namespace_pids(self):
eventlet.spawn_n(self._run_sleep, self.namespace)

try:
check_pids = functools.partial(self._check_pids, 1)
common_utils.wait_until_true(check_pids, timeout=5)
except common_utils.WaitTimeout:
self.fail('Process no found in namespace %s' % self.namespace)

def test_list_namespace_pids_nothing_running_inside(self):
self.assertTrue(self._check_pids(0))

def test_list_namespace_not_created(self):
self.assertTrue(self._check_pids(0, namespace='othernamespace'))

Loading…
Cancel
Save