[ovs-dev] [PATCH] redhat: Create /etc/openvswitch/* with openvswitch as user/group
Mark Michelson
mmichels at redhat.com
Wed Nov 29 17:29:26 UTC 2017
On Wed, Nov 29, 2017 at 11:15 AM Ben Pfaff <blp at ovn.org> wrote:
> On Wed, Nov 29, 2017 at 12:10:42PM -0500, Aaron Conole wrote:
> > Mark Michelson <mmichels at redhat.com> writes:
> >
> > > On Wed, Nov 29, 2017 at 10:54 AM Aaron Conole <aconole at redhat.com>
> wrote:
> > >
> > > Timothy Redaelli <tredaelli at redhat.com> writes:
> > >
> > > > Without this commit is not possible to upgrade an openvswitch
> release
> > > > that includes the commit ac416a3ab2d2 (for example 2.8.0) with
> another release
> > > > that includes the commit ac416a3ab2d2 (for example master or
> 2.8.1), because
> > > > rpm changes the user/group of /etc/openvswitch to root/root, but
> ovsdb-server
> > > > starts with the user openvswitch and so it doesn't have permissions
> to write in
> > > > /etc/openvswitch/conf.db.
> > > >
> > > > This patch tell rpm to use the openvswitch user and group for
> > > > /etc/openvswitch and /etc/openvswitch/default.conf.
> > > >
> > > > Reported-by: Mark Michelson <mmichels at redhat.com>
> > > > CC: aaron conole <aconole at redhat.com>
> > > > Fixes: ac416a3ab2d2 ("redhat: dynamically allocate and reference
> ovs user")
> > > > Signed-off-by: Timothy Redaelli <tredaelli at redhat.com>
> > > > ---
> > >
> > > Ugh. I guess this is only a problem if you install ovs 2.8, and then
> > > upgrade before creating the database?
> > >
> > > Regardless
> > >
> > > Acked-by: Aaron Conole <aconole at redhat.com>
> > >
> > > Nope, in my case I was installing OVS 2.8.0, starting openvswitch,
> ovn-central, and ovn-controller
> > > services. I added information to the external_ids column of the
> open_vswitch table so that the
> > > ovn-controller could connect to the OVN southbound database. I ensured
> that ovn-sbctl reported the
> > > chassis as expected.
> > >
> > > Then I performed the upgrade. After upgrading the RPMs,
> /etc/openvswitch's ownership had changed
> > > from openvswitch:openvswitch to root:root. Attempting to restart the
> ovs-vswitchd service at this point
> > > failed.
> >
> > Ouch. I thought I had confirmed the ability to upgrade again... somehow
> > I guess my testing wasn't sufficient.
>
> Now I'm concerned. Should I not have applied this? Does it need a
> revert?
>
No need to revert. There was just confusion over what needed to be done in
order to trigger the issue that is fixed by this patch.
More information about the dev
mailing list