[rhos-list] dnsmasq cannot start properly

Shixiong Shang (shshang) shshang at cisco.com
Mon Feb 18 22:09:58 UTC 2013 

Hi, Chris:

Thanks a lot for the quick response! I turned the SELinux to "Permissive" mode and now the error messages are different. Seems like the "dnsmasq" process still has hard time to access some files. But the good news is, at least the process started and loaded the right files from "/var/lib/quantum/dhcp" directory.

dmd at as-net1 ~]$ sudo tail -n 200 /var/log/messages | grep dnsmasq
Feb 18 12:41:31 as-net1 kernel: type=1400 audit(1361209291.261:42): avc:  denied  { read } for  pid=16963 comm="dnsmasq" name="sh" dev=dm-0 ino=1572867 scontext=unconfined_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
Feb 18 12:41:31 as-net1 kernel: type=1400 audit(1361209291.261:43): avc:  denied  { execute } for  pid=16963 comm="dnsmasq" name="bash" dev=dm-0 ino=1572905 scontext=unconfined_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Feb 18 12:41:31 as-net1 kernel: type=1400 audit(1361209291.261:44): avc:  denied  { read open } for  pid=16963 comm="dnsmasq" name="bash" dev=dm-0 ino=1572905 scontext=unconfined_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Feb 18 12:41:31 as-net1 kernel: type=1400 audit(1361209291.261:45): avc:  denied  { execute_no_trans } for  pid=16963 comm="dnsmasq" path="/bin/bash" dev=dm-0 ino=1572905 scontext=unconfined_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Feb 18 12:41:31 as-net1 kernel: type=1400 audit(1361209291.261:46): avc:  denied  { getattr } for  pid=16963 comm="sh" path="/bin/bash" dev=dm-0 ino=1572905 scontext=unconfined_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Feb 18 12:41:31 as-net1 kernel: type=1400 audit(1361209291.262:47): avc:  denied  { execute } for  pid=16963 comm="sh" name="quantum-dhcp-agent-dnsmasq-lease-update" dev=dm-0 ino=2102246 scontext=unconfined_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
Feb 18 12:41:31 as-net1 kernel: type=1400 audit(1361209291.262:48): avc:  denied  { read open } for  pid=16963 comm="sh" name="quantum-dhcp-agent-dnsmasq-lease-update" dev=dm-0 ino=2102246 scontext=unconfined_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
Feb 18 12:41:31 as-net1 kernel: type=1400 audit(1361209291.262:49): avc:  denied  { execute_no_trans } for  pid=16963 comm="sh" path="/usr/bin/quantum-dhcp-agent-dnsmasq-lease-update" dev=dm-0 ino=2102246 scontext=unconfined_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
Feb 18 12:41:31 as-net1 dnsmasq[16966]: started, version 2.48 cachesize 150
Feb 18 12:41:31 as-net1 dnsmasq[16966]: compile time options: IPv6 GNU-getopt DBus no-I18N DHCP TFTP
Feb 18 12:41:31 as-net1 dnsmasq[16966]: warning: no upstream servers configured
Feb 18 12:41:31 as-net1 dnsmasq-dhcp[16966]: DHCP, static leases only on 192.168.178.0, lease time 2m
Feb 18 12:41:31 as-net1 dnsmasq[16966]: cleared cache
Feb 18 12:41:31 as-net1 dnsmasq[16966]: read /var/lib/quantum/dhcp/6462a2a6-28cc-4472-907e-34bf02c9e81e/host
Feb 18 12:41:31 as-net1 dnsmasq[16966]: read /var/lib/quantum/dhcp/6462a2a6-28cc-4472-907e-34bf02c9e81e/opts
[dmd at as-net1 ~]$

Shixiong







On Feb 18, 2013, at 3:17 PM, Chris Wright <chrisw at redhat.com<mailto:chrisw at redhat.com>>
 wrote:

* Shixiong Shang (shshang) (shshang at cisco.com<mailto:shshang at cisco.com>) wrote:
Hi, guys:

I am using dnsmasq as DHCP server to assign IP address to VMs. The "dnsmasq" process seemed to start ok.

nobody    2919     1  0 23:16 ?        00:00:00 /usr/sbin/dnsmasq --strict-order --bind-interfaces --local=// --domain-needed --pid-file=/var/run/libvirt/network/default.pid --conf-file= --except-interface lo --listen-address 192.168.122.1 --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases --dhcp-lease-max=253 --dhcp-no-override --dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile --addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts

This is the libvirt dnsmasq for running locally (un)managed libvirt
based VMs, NAT'd to the host interface.


However, I noticed that, all three config files referred by dnsmasq process were all empty. Based on dhcp_agent.ini file, dnsmasq should go to /var/lib/quantum for config files….Why did they load files from /var/lib/libvirt/dnsmasq?
[root at as-net1 bin]# cd /var/lib/libvirt/dnsmasq/
[root at as-net1 dnsmasq]# ls -lh
total 0
-rw-r--r--. 1 root root 0 Feb 17 23:14 default.addnhosts
-rw-r--r--. 1 root root 0 Feb 17 23:14 default.hostsfile
-rw-r--r--. 1 root root 0 Feb  4 10:03 default.leases


In addition, system log threw the following error message at the time when I restarted dhcp agent:

Feb 17 23:37:19 as-net1 kernel: type=1400 audit(1361162239.626:560): avc:  denied  { read } for  pid=13252 comm="dnsmasq" name="sh" dev=dm-0 ino=1572867 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file

This is SELinux...you can make sure selinux is in permissive mode

Feb 17 23:37:19 as-net1 dnsmasq[13251]: cannot run lease-init script /usr/bin/quantum-dhcp-agent-dnsmasq-lease-update: No such file or directory
Feb 17 23:37:19 as-net1 dnsmasq[13251]: FAILED to start up
Feb 17 23:37:22 as-net1 dnsmasq[13297]: cannot run lease-init script /usr/bin/quantum-dhcp-agent-dnsmasq-lease-update: No such file or directory
Feb 17 23:37:22 as-net1 dnsmasq[13297]: FAILED to start up

When I tried to execute the script manually, it gave me this traceback…..

[dmd at as-net1 bin]$ /usr/bin/quantum-dhcp-agent-dnsmasq-lease-update
Traceback (most recent call last):
 File "/usr/bin/quantum-dhcp-agent-dnsmasq-lease-update", line 20, in <module>
   dhcp.Dnsmasq.lease_update()
 File "/usr/lib/python2.6/site-packages/quantum/agent/linux/dhcp.py", line 341, in lease_update
   action = sys.argv[1]
IndexError: list index out of range

This may be related to the above, can take a deeper look shortly.

thanks,
-chris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhos-list/attachments/20130218/4201af9d/attachment.htm>

More information about the rhos-list mailing list