Force container deletion if namespace does not exist in service_kill
When a service is stopped using "service_kill" script and the
namespace where the container is running does not exist, the
container process should be forced to stop from the root namespace.
A namespace where a process is running, can be deleted whitout
stopping the mentioned process. "ip netns identify <PID>" then
returns an empty string (root namespace).
If the namespace where a container was executed is deleted,
"service_kill" script should execute a container related command
from the root namespace. To access to the root namespace from
inside a container, running in another namespace, it is necessary
to gain access via "nsenter", specifying the parameter "--all" to
access to all namespaces of the target process.
This patch will prevent an endless loop in Neutron DHCP agent. As
reported in the related bug, when a DHCP agent is resync, the DHCP
helper (metadata proxy) is stopped. In case this process stop raises
an exception (for example if the namespace does not exist), schedules
again a resync, creating an endless loop.
This patch combines [1] and [2] in this repository.
[1]https://review.opendev.org/#/c/714517/
[2]https://review.opendev.org/#/c/730657/
Change-Id: Ifb7dbfb93a7cf0b50ef15652d83d87f65bdb6221
Closes-Bug: #1868607
(cherry picked from commit 0bc1383a60
)
This commit is contained in:
parent
d84a48bbd4
commit
05f19f2c59
|
@ -17,13 +17,13 @@ SIG=$1
|
|||
PID=$2
|
||||
NETNS=$(ip netns identify ${PID})
|
||||
|
||||
if [ "x${NETNS}" == "x" ]; then
|
||||
add_date "No network namespace detected, exiting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
{% if container_cli == 'podman' %}
|
||||
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
|
||||
if [ "x${NETNS}" == "x" ]; then
|
||||
CLI="nsenter --all --preserve-credentials -t 1 podman"
|
||||
SIG=9
|
||||
else
|
||||
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
|
||||
fi
|
||||
{% elif container_cli == 'docker' %}
|
||||
{% if docker_additional_sockets and docker_additional_sockets|length > 0-%}
|
||||
export DOCKER_HOST=unix://{{ docker_additional_sockets[0] }}
|
||||
|
|
Loading…
Reference in New Issue