[Bug 1866187] [NEW] dnsmasq needs access to /var/lib/neutron/dhcp

[Albert Damen]

Public bug reported:

I installed a fresh test cloud in focal. After creating some networks
and subnets, neutron-dhcp-agent complained:

sudo journalctl -u neutron-dhcp-agent -e
Mar 05 11:43:53 network dnsmasq[13211]: failed to load names from /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/addn_hosts: Permission denied
Mar 05 11:43:53 network dnsmasq[13211]: cannot read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/host: Permission denied
Mar 05 11:43:53 network dnsmasq[13211]: cannot read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/opts: Permission denied

dnsmasq runs as user nobody and needs to read several files under
/var/lib/neutron/dhcp/<guid>

/var/lib/neutron/dhcp and /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-
66e7cf3effad have mode 750

Changing UMask=0027 to UMask=0022 in /lib/systemd/system/neutron-dhcp-
agent.service, deleting /var/lib/neutron/dhcp and restarting neutron-
dhcp-agent solves the problem.

sudo journalctl -u neutron-dhcp-agent -e
Mar 05 13:44:49 network dnsmasq-dhcp[15266]: DHCP, static leases only on 10.101.3.0, lease time 1d
Mar 05 13:44:49 network dnsmasq-dhcp[15266]: DHCP, static leases only on 10.101.2.0, lease time 1d
Mar 05 13:44:49 network dnsmasq[15266]: read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/addn_hosts - 3 addresses
Mar 05 13:44:49 network dnsmasq-dhcp[15266]: read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/host
Mar 05 13:44:49 network dnsmasq-dhcp[15266]: read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/opts


neutron-dhcp-agent:
  Installed: 2:16.0.0~b2~git2020020712.d5b33ffc77-0ubuntu1
neutron-linuxbridge-agent:
  Installed: 2:16.0.0~b2~git2020020712.d5b33ffc77-0ubuntu1

** Affects: neutron (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1866187

Title:
  dnsmasq needs access to /var/lib/neutron/dhcp

Status in neutron package in Ubuntu:
  New

Bug description:
  I installed a fresh test cloud in focal. After creating some networks
  and subnets, neutron-dhcp-agent complained:

  sudo journalctl -u neutron-dhcp-agent -e
  Mar 05 11:43:53 network dnsmasq[13211]: failed to load names from /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/addn_hosts: Permission denied
  Mar 05 11:43:53 network dnsmasq[13211]: cannot read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/host: Permission denied
  Mar 05 11:43:53 network dnsmasq[13211]: cannot read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/opts: Permission denied

  dnsmasq runs as user nobody and needs to read several files under
  /var/lib/neutron/dhcp/<guid>

  /var/lib/neutron/dhcp and /var/lib/neutron/dhcp/10ba1f15-651e-4ef6
  -aced-66e7cf3effad have mode 750

  Changing UMask=0027 to UMask=0022 in /lib/systemd/system/neutron-dhcp-
  agent.service, deleting /var/lib/neutron/dhcp and restarting neutron-
  dhcp-agent solves the problem.

  sudo journalctl -u neutron-dhcp-agent -e
  Mar 05 13:44:49 network dnsmasq-dhcp[15266]: DHCP, static leases only on 10.101.3.0, lease time 1d
  Mar 05 13:44:49 network dnsmasq-dhcp[15266]: DHCP, static leases only on 10.101.2.0, lease time 1d
  Mar 05 13:44:49 network dnsmasq[15266]: read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/addn_hosts - 3 addresses
  Mar 05 13:44:49 network dnsmasq-dhcp[15266]: read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/host
  Mar 05 13:44:49 network dnsmasq-dhcp[15266]: read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/opts

  
  neutron-dhcp-agent:
    Installed: 2:16.0.0~b2~git2020020712.d5b33ffc77-0ubuntu1
  neutron-linuxbridge-agent:
    Installed: 2:16.0.0~b2~git2020020712.d5b33ffc77-0ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1866187/+subscriptions