[solved] Rocky linuxbridge-agent privsep helper command exited non-zero

asked 2018-12-06 05:26:34 -0500

tjoen gravatar image

updated 2018-12-06 11:35:00 -0500

System LFS
Neutron-13.0.2 from releases.openstack.org/teams/neutron.html
provider network
Followed all steps from install guide (not without problems)
neutron-metadata-agent.service are all running except:

Active: failed (Result: exit-code)
ExecStart=/usr/bin/neutron-linuxbridge-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini
File "/usr/lib/python3.7/site-packages/oslo_privsep/priv_context.py", line 206, in _wrap
File "/usr/lib/python3.7/site-packages/oslo_privsep/priv_context.py", line 217, in start
channel = daemon.RootwrapClientChannel(context=self)
File "/usr/lib/python3.7/site-packages/oslo_privsep/daemon.py", line 327, in __init__
raise FailedToDropPrivileges(msg)
oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)

What to do?

edit retag flag offensive close merge delete


Check the Linuxbridge agent log for details about the failed privsep command. If you configure debug logging, you should see precisely which command privsep tried to execute, which should help you understand why it failed.

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-06 05:58:52 -0500 )edit

Why havan't I thought of that? PAM and sudo errors. Solved by

neutron ALL = (root) NOPASSWD: /usr/bin/privsep-helper
neutron ALL = (root) NOPASSWD: /usr/sbin/iptables-save

Is there a better sollution? Thank you for helping solving this. But a new problem I will post with new keyword

tjoen gravatar imagetjoen ( 2018-12-06 11:34:39 -0500 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2018-12-07 12:28:02 -0500

tjoen gravatar image

Kenel had option CONFIG_IP_NF_RAW missing. Whicj means that iptables-save -t raw gives error and that is causing next tw erors. Linuxbridge-agent is running

edit flag offensive delete link more


I suppose that these are the risks when you install OpenStack on top of a custom Linux distro. Congratulations, and good luck!

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-07 20:44:21 -0500 )edit

I understand. But for me the supported distros are too big and too complex and too old

tjoen gravatar imagetjoen ( 2018-12-13 12:35:58 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2018-12-06 05:20:34 -0500

Seen: 1,760 times

Last updated: Dec 06 '18