[ovs-dev] [PATCH] redhat: Create /etc/openvswitch/* with openvswitch as user/group

Ben Pfaff blp at ovn.org
Wed Nov 29 17:15:14 UTC 2017


On Wed, Nov 29, 2017 at 12:10:42PM -0500, Aaron Conole wrote:
> Mark Michelson <mmichels at redhat.com> writes:
> 
> > On Wed, Nov 29, 2017 at 10:54 AM Aaron Conole <aconole at redhat.com> wrote:
> >
> >  Timothy Redaelli <tredaelli at redhat.com> writes:
> >
> >  > Without this commit is not possible to upgrade an openvswitch release
> >  > that includes the commit ac416a3ab2d2 (for example 2.8.0) with another release
> >  > that includes the commit ac416a3ab2d2 (for example master or 2.8.1), because
> >  > rpm changes the user/group of /etc/openvswitch to root/root, but ovsdb-server
> >  > starts with the user openvswitch and so it doesn't have permissions to write in
> >  > /etc/openvswitch/conf.db.
> >  >
> >  > This patch tell rpm to use the openvswitch user and group for
> >  > /etc/openvswitch and /etc/openvswitch/default.conf.
> >  >
> >  > Reported-by: Mark Michelson <mmichels at redhat.com>
> >  > CC: aaron conole <aconole at redhat.com>
> >  > Fixes: ac416a3ab2d2 ("redhat: dynamically allocate and reference ovs user")
> >  > Signed-off-by: Timothy Redaelli <tredaelli at redhat.com>
> >  > ---
> >
> >  Ugh.  I guess this is only a problem if you install ovs 2.8, and then
> >  upgrade before creating the database?
> >
> >  Regardless
> >
> >  Acked-by: Aaron Conole <aconole at redhat.com>
> >
> > Nope, in my case I was installing OVS 2.8.0, starting openvswitch, ovn-central, and ovn-controller
> > services. I added information to the external_ids column of the open_vswitch table so that the
> > ovn-controller could connect to the OVN southbound database. I ensured that ovn-sbctl reported the
> > chassis as expected.
> >
> > Then I performed the upgrade. After upgrading the RPMs, /etc/openvswitch's ownership had changed
> > from openvswitch:openvswitch to root:root.  Attempting to restart the ovs-vswitchd service at this point
> > failed.
> 
> Ouch.  I thought I had confirmed the ability to upgrade again... somehow
> I guess my testing wasn't sufficient.

Now I'm concerned.  Should I not have applied this?  Does it need a
revert?


More information about the dev mailing list