[ovs-dev] [PATCH] sandbox: ovn rbac support for sandbox environment
Lance Richardson
lrichard at redhat.com
Tue Jun 13 17:30:39 UTC 2017
> From: "Russell Bryant" <russell at ovn.org>
> To: "Lance Richardson" <lrichard at redhat.com>
> Cc: "ovs dev" <dev at openvswitch.org>
> Sent: Tuesday, 13 June, 2017 1:13:31 PM
> Subject: Re: [ovs-dev] [PATCH] sandbox: ovn rbac support for sandbox environment
>
> On Mon, Jun 12, 2017 at 6:42 PM, Lance Richardson <lrichard at redhat.com>
> wrote:
> > Enable OVN_Southbound RBAC by default in the sandbox environment,
> > provide a new option "--no-ovn-rbac" to disable it.
> >
> > Signed-off-by: Lance Richardson <lrichard at redhat.com>
> > ---
> > tutorial/ovs-sandbox | 17 +++++++++++++----
> > 1 file changed, 13 insertions(+), 4 deletions(-)
>
> Thanks for the patch. It seems to work fine for me. I applied this to
> master.
>
> I noticed that the backup southbound database is generating a lot of
> errors in the log, though it's unrelated to this patch. I believe it
> was caused by the earlier patch to make ovs-sandbox use SSL by
> default.
>
> 2017-06-13T17:04:07.433Z|00007|socket_util|ERR|6642: bind: Address
> already in use
> 2017-06-13T17:04:07.433Z|00008|ovsdb_jsonrpc_server|ERR|pssl:6642:
> listen failed: Address already in use
>
I see.. before SSL was enabled, a separate AF_UNIX socket was used
for each southbound db, with SSL enabled we do have a collision.
It's not clear to me what you can do with the backup db in the
sandbox environment other than use ovn-sbctl to inspect its
contents as mentioned in the script. If that's it, maybe we
could simply remove this option when starting the backup ovsdb-server
(the AF_UNIX socket is still available):
--remote=db:OVN_Southbound,SB_Global,connections \
> I'm not sure the best way to clean this up. Perhaps we could just run
> each southbound db in its own net namespace.
Hopefully we can find a way that avoids needing administrative privileges...
>
> --
> Russell Bryant
>
More information about the dev
mailing list