[ovs-dev] [PATCH] utilities: Run ovsdb-server pre-startup DB steps as root
Markos Chandras
mchandras at suse.de
Mon Jul 16 10:31:48 UTC 2018
When ovsdb-server is starting, it performs some DB steps such as
creating and upgrading the OvS DB. When we are running as
'non-root' user, the 'runuser' tool is used to manage the privileges.
However, when this happens during systemd boot, we observe the following
errors in journald:
Jun 21 07:32:57 virt systemd[1]: session-c1.scope: Failed to add PIDs to scope's control group: No such process
Jun 21 07:32:57 virt systemd[1]: Failed to start Session c1 of user openvswitch.
Jun 21 07:32:57 virt systemd[1]: session-c1.scope: Unit entered failed state.
According to the analysis performed on openSUSE bugzilla[1], it seems
that ovsdb-server.service creates (via the call to runuser) a user
session and therefore call pam_systemd which in its turn tries to start
a systemd user instance: "user at 474.service". However "user at 474.service"
is supposed to be started after systemd-user-sessions.service which is
supposed to be started after network.target. Additionally,
ovsdb-server.service uses Before=network.target hence the deadlock.
We can workaround this by switching to 'root' user when we are
performing this pre-startup steps and fixup the DB permissions before
we start the actual ovsdb-server daemon.
[1]: https://bugzilla.suse.com/show_bug.cgi?id=1098630
Cc: Aaron Conole <aconole at redhat.com>
Signed-off-by: Markos Chandras <mchandras at suse.de>
---
Probably not the cleanest option so I am open to suggestions :)
---
utilities/ovs-ctl.in | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
index 43c8f32b7..588f546fe 100755
--- a/utilities/ovs-ctl.in
+++ b/utilities/ovs-ctl.in
@@ -109,9 +109,15 @@ do_start_ovsdb () {
if daemon_is_running ovsdb-server; then
log_success_msg "ovsdb-server is already running"
else
- # Create initial database or upgrade database schema.
- upgrade_db $DB_FILE $DB_SCHEMA || return 1
-
+ # Create initial database or upgrade database schema. The runuser calls
+ # in ovsdb_tool function will fail on system startup so we need to run
+ # as root and fix permissions later on.
+ [ "$OVS_USER" != "" ] && OVS_USER_OVSDB=${OVS_USER}
+ OVS_USER="" upgrade_db $DB_FILE $DB_SCHEMA || return 1
+ if [ ! -z "${OVS_USER_OVSDB+x}" ]; then
+ OVS_USER=${OVS_USER_OVSDB}
+ chown -R "$OVS_USER" $etcdir $dbdir
+ fi
# Start ovsdb-server.
set ovsdb-server "$DB_FILE"
for db in $EXTRA_DBS; do
--
2.18.0
More information about the dev
mailing list