[ovs-dev] [PATCH] sandbox: ovn rbac support for sandbox environment

Russell Bryant russell at ovn.org
Tue Jun 13 17:30:44 UTC 2017


On Tue, Jun 13, 2017 at 1:24 PM, Ben Pfaff <blp at ovn.org> wrote:
> On Tue, Jun 13, 2017 at 01:13:31PM -0400, Russell Bryant wrote:
>> On Mon, Jun 12, 2017 at 6:42 PM, Lance Richardson <lrichard at redhat.com> wrote:
>> > Enable OVN_Southbound RBAC by default in the sandbox environment,
>> > provide a new option "--no-ovn-rbac" to disable it.
>> >
>> > Signed-off-by: Lance Richardson <lrichard at redhat.com>
>> > ---
>> >  tutorial/ovs-sandbox | 17 +++++++++++++----
>> >  1 file changed, 13 insertions(+), 4 deletions(-)
>>
>> Thanks for the patch.  It seems to work fine for me.  I applied this to master.
>>
>> I noticed that the backup southbound database is generating a lot of
>> errors in the log, though it's unrelated to this patch.  I believe it
>> was caused by the earlier patch to make ovs-sandbox use SSL by
>> default.
>>
>> 2017-06-13T17:04:07.433Z|00007|socket_util|ERR|6642: bind: Address
>> already in use
>> 2017-06-13T17:04:07.433Z|00008|ovsdb_jsonrpc_server|ERR|pssl:6642:
>> listen failed: Address already in use
>>
>> I'm not sure the best way to clean this up.  Perhaps we could just run
>> each southbound db in its own net namespace.
>
> Maybe run it on a different port?

I was thinking it wouldn't work because we're setting up the ssl
connection in the OVN_Southbound db, which is replicated between the
two, so they're both trying to listen on the same port.  If we can set
up the connection only as command line args instead of through the db,
a different port would work.

-- 
Russell Bryant


More information about the dev mailing list