during the configuration of Neutron (OpenStack Stein), I found this error
oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
All services are running but this error still appears as you can see here:
neutron-dhcp-agent.log:
2020-04-10 12:35:28.260 11675 INFO neutron.agent.dhcp.agent [-] Starting network f16e9457-1d03-44a2-b9e4-58666a06bca5 dhcp configuration
2020-04-10 12:35:28.260 11675 DEBUG neutron.agent.dhcp.agent [-] Calling driver for network: f16e9457-1d03-44a2-b9e4-58666a06bca5 action: enable call_driver /usr/lib/python3/dist-packages/neutron/agent/dhcp/agent.py:150
2020-04-10 12:35:28.261 11675 DEBUG neutron.agent.linux.utils [-] Unable to access /var/lib/neutron/dhcp/f16e9457-1d03-44a2-b9e4-58666a06bca5/pid get_value_from_file /usr/lib/python3/dist-packages/neutron/agent/linux/utils.py:261
2020-04-10 12:35:28.261 11675 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/dhcp_agent.ini', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmp17yerien/privsep.sock']
2020-04-10 12:35:29.339 11675 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent [-] Unable to enable dhcp for f16e9457-1d03-44a2-b9e4-58666a06bca5.: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent Traceback (most recent call last):
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/dhcp/agent.py", line 159, in call_driver
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent getattr(driver, action)(**action_kwargs)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/dhcp.py", line 218, in enable
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent common_utils.wait_until_true(self._enable, timeout=300)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/common/utils.py", line 691, in wait_until_true
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent while not predicate():
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/dhcp.py", line 229, in _enable
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent interface_name = self.device_manager.setup(self.network)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/dhcp.py", line 1516, in setup
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent ip_lib.IPWrapper().ensure_namespace(network.namespace)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 236, in ensure_namespace
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent if not self.netns.exists(name):
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 797, in exists
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent return network_namespace_exists(name)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 1005, in network_namespace_exists
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent output = list_network_namespaces(**kwargs)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 991, in list_network_namespaces
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent return privileged.list_netns(**kwargs)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 244, in _wrap
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent self.start()
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 255, in start
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent channel = daemon.RootwrapClientChannel(context=self)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/daemon.py", line 331, in __init__
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent raise FailedToDropPrivileges(msg)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:35:29.341 11675 ERROR neutron.agent.dhcp.agent
neutron-linuxbridge-agent.log
2020-04-10 12:49:14.658 11278 INFO neutron.common.config [-] Logging enabled!
2020-04-10 12:49:14.659 11278 INFO neutron.common.config [-] /usr/bin/neutron-linuxbridge-agent version 14.0.4
2020-04-10 12:49:14.659 11278 DEBUG neutron.common.config [-] command line: /usr/bin/neutron-linuxbridge-agent --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/linuxbridge_agent.ini --log-file=/var/log/neutron/neutron-linuxbridge-agent.log setup_logging /usr/lib/python3/dist-packages/neutron/common/config.py:103
2020-04-10 12:49:14.660 11278 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface mappings: {'provider': 'wlp58s0'}
2020-04-10 12:49:14.661 11278 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Bridge mappings: {}
2020-04-10 12:49:14.662 11278 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmp2j9epw1d/privsep.sock']
2020-04-10 12:49:15.508 11278 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
2020-04-10 12:49:15.509 11278 CRITICAL neutron [-] Unhandled error: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:49:15.509 11278 ERROR neutron Traceback (most recent call last):
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/bin/neutron-linuxbridge-agent", line 10, in <module>
2020-04-10 12:49:15.509 11278 ERROR neutron sys.exit(main())
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/cmd/eventlet/plugins/linuxbridge_neutron_agent.py", line 21, in main
2020-04-10 12:49:15.509 11278 ERROR neutron agent_main.main()
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 1053, in main
2020-04-10 12:49:15.509 11278 ERROR neutron manager = LinuxBridgeManager(bridge_mappings, interface_mappings)
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 82, in __init__
2020-04-10 12:49:15.509 11278 ERROR neutron self.validate_interface_mappings()
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 97, in validate_interface_mappings
2020-04-10 12:49:15.509 11278 ERROR neutron if not ip_lib.device_exists(interface):
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 818, in device_exists
2020-04-10 12:49:15.509 11278 ERROR neutron return IPDevice(device_name, namespace=namespace).exists()
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_lib.py", line 318, in exists
2020-04-10 12:49:15.509 11278 ERROR neutron return privileged.interface_exists(self.name, self.namespace)
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/lib/python3/dist-packages/neutron/privileged/agent/linux/ip_lib.py", line 50, in sync_inner
2020-04-10 12:49:15.509 11278 ERROR neutron return input_func(*args, **kwargs)
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 244, in _wrap
2020-04-10 12:49:15.509 11278 ERROR neutron self.start()
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/priv_context.py", line 255, in start
2020-04-10 12:49:15.509 11278 ERROR neutron channel = daemon.RootwrapClientChannel(context=self)
2020-04-10 12:49:15.509 11278 ERROR neutron File "/usr/local/lib/python3.6/dist-packages/oslo_privsep/daemon.py", line 331, in __init__
2020-04-10 12:49:15.509 11278 ERROR neutron raise FailedToDropPrivileges(msg)
2020-04-10 12:49:15.509 11278 ERROR neutron oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2020-04-10 12:49:15.509 11278 ERROR neutron
I found out that this is a neutron privileges situation, this is my sudoers file:
GNU nano 2.9.3 /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
neutron ALL=(ALL) NOPASSWD: ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
I'm installing Openstack on a computer with Ubuntu 18.04.
Troubleshoot the Rootwrap configuration following the Rootwrap - OpenStack wiki
Add the line below to the
/etc/nova/nova.conf
:Then
Finally restart the services