Browse Source

Force container deletion if namespace does not exist in service_kill

When a service is stopped using "service_kill" script and the
namespace where the container is running does not exist, the
container processi should be forced to stop from the root namespace.

A namespace where a process is running, can be deleted whitout
stopping the mentioned process. "ip netns identify <PID>" then
returns an empty string (root namespace).

This patch will prevent an endless loop in Neutron DHCP agent. As
reported in the related bug, when a DHCP agent is resync, the DHCP
helper (metadata proxy) is stopped. In case this process stop raises
an exception (for example if the namespace does not exist), schedules
again a resync, creating an endless loop.

Change-Id: I9bac918fcde80e6a2336bc3cf1e6972512298118
Closes-Bug: #1868607
changes/17/714517/1
Rodolfo Alonso Hernandez 2 years ago
parent
commit
c516df9e51
  1. 10
      tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_kill.j2

10
tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_kill.j2

@ -17,13 +17,13 @@ SIG=$1
PID=$2
NETNS=$(ip netns identify ${PID})
{% if tripleo_systemd_wrapper_container_cli == 'podman' %}
if [ "x${NETNS}" == "x" ]; then
add_date "No network namespace detected, exiting"
exit 1
CLI="podman"
SIG=9
else
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
fi
{% if tripleo_systemd_wrapper_container_cli == 'podman' %}
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
{% elif tripleo_systemd_wrapper_container_cli == 'docker' %}
{% if tripleo_systemd_wrapper_docker_additional_sockets and tripleo_systemd_wrapper_docker_additional_sockets|length > 0-%}
export DOCKER_HOST=unix://{{ tripleo_systemd_wrapper_docker_additional_sockets[0] }}

Loading…
Cancel
Save