[Bug 1866187] Re: dnsmasq needs access to /var/lib/neutron/dhcp

Fri Mar 27 22:07:05 UTC 2020

I re-installed the neutron node from scratch, with neutron
2:16.0.0~b3~git2020032420.a0e1b5804e-0ubuntu2

Now neutron-common postinst does chmod 0750 /var/lib/neutron which makes
the dhcp files unreadable:

Mar 27 20:36:15 network dnsmasq[6218]: failed to load names from /var/lib/neutron/dhcp/53519892-89b9-42cc-be0d-413938ed5230/addn_hosts: Permission denied
Mar 27 20:36:15 network dnsmasq[6218]: cannot read /var/lib/neutron/dhcp/53519892-89b9-42cc-be0d-413938ed5230/host: Permission denied
Mar 27 20:36:15 network dnsmasq[6218]: cannot read /var/lib/neutron/dhcp/53519892-89b9-42cc-be0d-413938ed5230/opts: Permission denied

ubuntu at network:~$ sudo ls -la /var/lib/neutron/dhcp
total 16
drwxr-xr-x 4 neutron neutron 4096 Mar 27 20:35 .
drwxr-x--- 8 neutron neutron 4096 Mar 27 20:35 ..
drwxr-xr-x 2 neutron neutron 4096 Mar 27 20:36 2dd85a27-8ea0-4656-b872-6d2008e298c3
drwxr-xr-x 2 neutron neutron 4096 Mar 27 20:36 53519892-89b9-42cc-be0d-413938ed5230

ubuntu at network:~$ cat /var/lib/neutron/dhcp/53519892-89b9-42cc-be0d-413938ed5230/host 
cat: /var/lib/neutron/dhcp/53519892-89b9-42cc-be0d-413938ed5230/host: Permission denied

After changing /var/lib/neutron/ to mode 755 (or 751) dnsmasq works fine
again

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1866187

Title:
  dnsmasq needs access to /var/lib/neutron/dhcp

Status in neutron package in Ubuntu:
  Triaged

Bug description:
  I installed a fresh test cloud in focal. After creating some networks
  and subnets, neutron-dhcp-agent complained:

  sudo journalctl -u neutron-dhcp-agent -e
  Mar 05 11:43:53 network dnsmasq[13211]: failed to load names from /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/addn_hosts: Permission denied
  Mar 05 11:43:53 network dnsmasq[13211]: cannot read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/host: Permission denied
  Mar 05 11:43:53 network dnsmasq[13211]: cannot read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/opts: Permission denied

  dnsmasq runs as user nobody and needs to read several files under
  /var/lib/neutron/dhcp/<guid>

  /var/lib/neutron/dhcp and /var/lib/neutron/dhcp/10ba1f15-651e-4ef6
  -aced-66e7cf3effad have mode 750

  Changing UMask=0027 to UMask=0022 in /lib/systemd/system/neutron-dhcp-
  agent.service, deleting /var/lib/neutron/dhcp and restarting neutron-
  dhcp-agent solves the problem.

  sudo journalctl -u neutron-dhcp-agent -e
  Mar 05 13:44:49 network dnsmasq-dhcp[15266]: DHCP, static leases only on 10.101.3.0, lease time 1d
  Mar 05 13:44:49 network dnsmasq-dhcp[15266]: DHCP, static leases only on 10.101.2.0, lease time 1d
  Mar 05 13:44:49 network dnsmasq[15266]: read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/addn_hosts - 3 addresses
  Mar 05 13:44:49 network dnsmasq-dhcp[15266]: read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/host
  Mar 05 13:44:49 network dnsmasq-dhcp[15266]: read /var/lib/neutron/dhcp/10ba1f15-651e-4ef6-aced-66e7cf3effad/opts

  neutron-dhcp-agent:
    Installed: 2:16.0.0~b2~git2020020712.d5b33ffc77-0ubuntu1
  neutron-linuxbridge-agent:
    Installed: 2:16.0.0~b2~git2020020712.d5b33ffc77-0ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1866187/+subscriptions