From 0bc1383a60c4ab249d16402c37adcea988b84c53 Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Tue, 26 May 2020 13:59:42 +0000 Subject: [PATCH] Force container deletion if namespace does not exist in service_kill When a service is stopped using "service_kill" script and the namespace where the container is running does not exist, the container process should be forced to stop from the root namespace. A namespace where a process is running, can be deleted whitout stopping the mentioned process. "ip netns identify " then returns an empty string (root namespace). If the namespace where a container was executed is deleted, "service_kill" script should execute a container related command from the root namespace. To access to the root namespace from inside a container, running in another namespace, it is necessary to gain access via "nsenter", specifying the parameter "--all" to access to all namespaces of the target process. This patch will prevent an endless loop in Neutron DHCP agent. As reported in the related bug, when a DHCP agent is resync, the DHCP helper (metadata proxy) is stopped. In case this process stop raises an exception (for example if the namespace does not exist), schedules again a resync, creating an endless loop. This patch combines [1] and [2] in this repository. [1]https://review.opendev.org/#/c/714517/ [2]https://review.opendev.org/#/c/730657/ Change-Id: Ifb7dbfb93a7cf0b50ef15652d83d87f65bdb6221 Closes-Bug: #1868607 --- deployment/neutron/kill-script | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/deployment/neutron/kill-script b/deployment/neutron/kill-script index c2ab55298b..e705ac5130 100644 --- a/deployment/neutron/kill-script +++ b/deployment/neutron/kill-script @@ -17,13 +17,13 @@ SIG=$1 PID=$2 NETNS=$(ip netns identify ${PID}) -if [ "x${NETNS}" == "x" ]; then - add_date "No network namespace detected, exiting" - exit 1 -fi - {% if container_cli == 'podman' %} -CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +if [ "x${NETNS}" == "x" ]; then + CLI="nsenter --all --preserve-credentials -t 1 podman" + SIG=9 +else + CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +fi {% elif container_cli == 'docker' %} {% if docker_additional_sockets and docker_additional_sockets|length > 0-%} export DOCKER_HOST=unix://{{ docker_additional_sockets[0] }}