[ovs-dev] [PATCH 2/2] Add wrapper scripts for *ctl commands
Ben Pfaff
blp at ovn.org
Tue Aug 2 17:45:49 UTC 2016
On Tue, Aug 02, 2016 at 12:13:13PM -0500, Ryan Moats wrote:
>
> Russell Bryant <russell at ovn.org> wrote on 08/02/2016 12:00:08 PM:
>
> > From: Russell Bryant <russell at ovn.org>
> > To: Ben Pfaff <blp at ovn.org>
> > Cc: Ryan Moats/Omaha/IBM at IBMUS, ovs dev <dev at openvswitch.org>
> > Date: 08/02/2016 12:00 PM
> > Subject: Re: [ovs-dev] [PATCH 2/2] Add wrapper scripts for *ctl commands
> >
> > On Tue, Aug 2, 2016 at 12:03 PM, Ben Pfaff <blp at ovn.org> wrote:
> > On Tue, Aug 02, 2016 at 07:56:27AM -0400, Russell Bryant wrote:
> > > On Tue, Aug 2, 2016 at 12:20 AM, Ryan Moats <rmoats at us.ibm.com> wrote:
> > >
> > > > This commit creates wrapper scripts for the *ctl commands to use
> > > > --dry-run for those that have them, and to allow for log level
> > > > setting via ovs-appctl without allowing full access to ovs-appctl.
> > > > Tests have been added to make sure that the wrapper scripts
> > > > don't actually do anything when asked to perform a write operation.
> > > >
> > > > Signed-off-by: Ryan Moats <rmoats at us.ibm.com>
> > > >
> > >
> > > What's the motivation for all the new "read" scripts? It seems a bit
> > > confusing to install all of these. They're also not documented
> anywhere.
> >
> > My assumption had been that we'd put the options into the tree and then
> > that the one-liner redirection scripts would be an IBM customization.
> > After all, they need to customize somehow anyway to hide the read/write
> > versions in some off-$PATH place.
> >
> > +1 to this approach.
> >
> > --
> > Russell Bryant
>
> Obviously, I think this is somewhat short-sighted (or I wouldn't have
> proposed
> the patch)...
Everyone seems to be jumping to conclusions here really fast. Let's try
to get it right rather than just doing something.
Can we discuss how you will hide the r/w versions? And how you give
access to those versions to the software that really needs it? For
example, libvirt might call into ovs-vsctl to add ports (unless it has
direct OVSDB bindings--I doubt it), and XenServer definitely does, so if
they're not working and in $PATH then they'll break.
More information about the dev
mailing list