[ovs-dev] [PATCH] redhat: Create /etc/openvswitch/* with openvswitch as user/group
Ben Pfaff
blp at ovn.org
Wed Nov 29 17:15:14 UTC 2017
On Wed, Nov 29, 2017 at 12:10:42PM -0500, Aaron Conole wrote:
> Mark Michelson <mmichels at redhat.com> writes:
>
> > On Wed, Nov 29, 2017 at 10:54 AM Aaron Conole <aconole at redhat.com> wrote:
> >
> > Timothy Redaelli <tredaelli at redhat.com> writes:
> >
> > > Without this commit is not possible to upgrade an openvswitch release
> > > that includes the commit ac416a3ab2d2 (for example 2.8.0) with another release
> > > that includes the commit ac416a3ab2d2 (for example master or 2.8.1), because
> > > rpm changes the user/group of /etc/openvswitch to root/root, but ovsdb-server
> > > starts with the user openvswitch and so it doesn't have permissions to write in
> > > /etc/openvswitch/conf.db.
> > >
> > > This patch tell rpm to use the openvswitch user and group for
> > > /etc/openvswitch and /etc/openvswitch/default.conf.
> > >
> > > Reported-by: Mark Michelson <mmichels at redhat.com>
> > > CC: aaron conole <aconole at redhat.com>
> > > Fixes: ac416a3ab2d2 ("redhat: dynamically allocate and reference ovs user")
> > > Signed-off-by: Timothy Redaelli <tredaelli at redhat.com>
> > > ---
> >
> > Ugh. I guess this is only a problem if you install ovs 2.8, and then
> > upgrade before creating the database?
> >
> > Regardless
> >
> > Acked-by: Aaron Conole <aconole at redhat.com>
> >
> > Nope, in my case I was installing OVS 2.8.0, starting openvswitch, ovn-central, and ovn-controller
> > services. I added information to the external_ids column of the open_vswitch table so that the
> > ovn-controller could connect to the OVN southbound database. I ensured that ovn-sbctl reported the
> > chassis as expected.
> >
> > Then I performed the upgrade. After upgrading the RPMs, /etc/openvswitch's ownership had changed
> > from openvswitch:openvswitch to root:root. Attempting to restart the ovs-vswitchd service at this point
> > failed.
>
> Ouch. I thought I had confirmed the ability to upgrade again... somehow
> I guess my testing wasn't sufficient.
Now I'm concerned. Should I not have applied this? Does it need a
revert?
More information about the dev
mailing list