healthcheck_port: run ss with both sudo & root as best effort

Privileged containers are running under the system pid namespace which makes 'ss' output different from the container user used to run the process. e.g. nova-compute is run as nova on the overcloud, but the container is privileged, so the previous patch with sudo didn't help to fix the healthcheck. The 'ss' needs to be run as root, not as nova. In this patch we run the ss twice, once as root, once with sudo, run sort to make sure we get uniq output; then grep is as before. Change-Id: Ia2897a6be3e000a9594103502b716431baa615b1 Co-Authored-By: Oliver Walsh <owalsh@redhat.com> Related-Bug: #1843555
2019-09-12 09:42:20 -04:00 · 2019-09-12 09:42:20 -04:00 · a27e7f04be
parent 3283218743
commit a27e7f04be
1 changed files with 4 additions and 2 deletions
--- a/healthcheck/common.sh
+++ b/healthcheck/common.sh
@ -43,9 +43,11 @@ healthcheck_port () {
    pids=$(pgrep -d '|' -f $process)
    # https://bugs.launchpad.net/tripleo/+bug/1843555
    # "ss" output is different if run as root vs as the user actually running
-    # the process. So we verify that the process is connected to the
+    # the process. So we also verify that the process is connected to the
    # port by using "sudo -u" to get the right output.
-    sudo -u $puser ss -ntp | grep -qE ":($ports).*,pid=($pids),"
+    # Note: the privileged containers have the correct ss output with root
+    # user; which is why we need to run with both users, as a best effort.
+    (ss -ntp; sudo -u $puser ss -ntp) | sort -u | grep -qE ":($ports).*,pid=($pids),"
 }

 healthcheck_listen () {