@@ -4,3 +4,4 @@ openvswitch-kmod-rhel6.spec
openvswitch-kmod-fedora.spec
openvswitch.spec
openvswitch-fedora.spec
+usr_lib_systemd_system_ovs-vswitchd.service
@@ -28,6 +28,7 @@ EXTRA_DIST += \
rhel/usr_lib_systemd_system_openvswitch.service \
rhel/usr_lib_systemd_system_ovsdb-server.service \
rhel/usr_lib_systemd_system_ovs-vswitchd.service \
+ rhel/usr_lib_systemd_system_ovs-vswitchd.service.in \
rhel/usr_lib_systemd_system_ovn-controller.service \
rhel/usr_lib_systemd_system_ovn-controller-vtep.service \
rhel/usr_lib_systemd_system_ovn-northd.service \
@@ -58,7 +59,7 @@ RPMBUILD_TOP := $(abs_top_builddir)/rpm/rpmbuild
RPMBUILD_OPT ?= --without check
# Build user-space RPMs
-rpm-fedora: dist $(srcdir)/rhel/openvswitch-fedora.spec
+rpm-fedora: dist $(srcdir)/rhel/openvswitch-fedora.spec rhel/usr_lib_systemd_system_ovs-vswitchd.service
${MKDIR_P} ${RPMBUILD_TOP}/SOURCES
cp ${DIST_ARCHIVES} ${RPMBUILD_TOP}/SOURCES
rpmbuild ${RPMBUILD_OPT} \
@@ -94,6 +94,10 @@ Requires: openssl hostname iproute module-init-tools
Requires(post): /usr/bin/getent
Requires(post): /usr/sbin/useradd
+%if %{with dpdk}
+Requires(post): /usr/sbin/usermod
+Requires(post): /usr/sbin/groupadd
+%endif
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
@@ -362,6 +366,15 @@ if [ $1 -eq 1 ]; then
echo "OVS_USER_ID=openvswitch:openvswitch" > \
%{_sysconfdir}/sysconfig/openvswitch-pre
+%if %{with dpdk}
+ getent group hugetlbfs >/dev/null || \
+ groupadd hugetlbfs
+
+ usermod -a -G hugetlbfs openvswitch
+ echo "OVS_USER_ID=openvswitch:hugetlbfs" > \
+ %{_sysconfdir}/sysconfig/openvswitch-pre
+%endif
+
# In the case of upgrade, this is not needed.
install -d -m 0755 -o openvswitch -g openvswitch /etc/openvswitch
fi
similarity index 87%
rename from rhel/usr_lib_systemd_system_ovs-vswitchd.service
rename to rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
@@ -11,8 +11,12 @@ PartOf=openvswitch.service
Type=forking
Restart=on-failure
Environment="OVS_USER_ID=root:root"
+Environment="HOME=/var/run/openvswitch"
EnvironmentFile=-/etc/sysconfig/openvswitch-pre
EnvironmentFile=-/etc/sysconfig/openvswitch
+@begin_dpdk@
+ExecStartPre="/usr/sbin/chown :hugetlbfs /dev/hugepages"
+@end_dpdk@
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
--no-ovsdb-server --no-monitor --system-id=random \
--ovs-user=${OVS_USER_ID} \
After this commit, users may start a dpdk-enabled ovs setup as a non-root user. This is accomplished by exporting the $HOME directory, which dpdk uses to fill in it's semi-persistent RTE configuration. This change may be a bit controversial since it modifies /dev/hugepages as part of starting the ovs-vswitchd to set a hugetlbfs group ownership. This is used to enable writing to /dev/hugepages so that the dpdk_init will successfully complete. There is an alternate way of accomplishing this - namely to initialize DPDK before dropping privileges. However, this would mean that if DPDK ever grows an uninit / reinit function, non-root ovs likely could never use it. This does not change OvS+DPDK's SELinux requirements. It still must be disabled. Signed-off-by: Aaron Conole <aconole@redhat.com> --- rhel/.gitignore | 1 + rhel/automake.mk | 3 ++- rhel/openvswitch-fedora.spec.in | 13 +++++++++++++ ...rvice => usr_lib_systemd_system_ovs-vswitchd.service.in} | 4 ++++ 4 files changed, 20 insertions(+), 1 deletion(-) rename rhel/{usr_lib_systemd_system_ovs-vswitchd.service => usr_lib_systemd_system_ovs-vswitchd.service.in} (87%)