From patchwork Wed Aug  8 14:36:10 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aaron Conole <aconole@redhat.com>
X-Patchwork-Id: 955086
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41lv8K35TWz9ryt
	for <incoming@patchwork.ozlabs.org>;
	Thu,  9 Aug 2018 00:36:17 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 52FEED32;
	Wed,  8 Aug 2018 14:36:14 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id F1C6FC3C
	for <dev@openvswitch.org>; Wed,  8 Aug 2018 14:36:12 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 697C97C1
	for <dev@openvswitch.org>; Wed,  8 Aug 2018 14:36:12 +0000 (UTC)
Received: from smtp.corp.redhat.com
	(int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 4EC2F7A7E7
	for <dev@openvswitch.org>; Wed,  8 Aug 2018 14:36:11 +0000 (UTC)
Received: from dhcp-25.97.bos.redhat.com (unknown [10.18.25.61])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 1C8842166BA0;
	Wed,  8 Aug 2018 14:36:11 +0000 (UTC)
From: Aaron Conole <aconole@redhat.com>
To: dev@openvswitch.org
Date: Wed,  8 Aug 2018 10:36:10 -0400
Message-Id: <20180808143610.29357-1-aconole@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.11.55.2]);
	Wed, 08 Aug 2018 14:36:11 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
	[10.11.55.2]);
	Wed, 08 Aug 2018 14:36:11 +0000 (UTC) for IP:'10.11.54.6'
	DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com'
	HELO:'smtp.corp.redhat.com' FROM:'aconole@redhat.com' RCPT:''
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Russell Bryant <rbryant@redhat.com>
Subject: [ovs-dev] [PATCH] ovn-ctl: allow configuring user:group for daemons
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

Add two options, one for controlling the ovs daemon user/group, and the
other for controlling the ovn daemon user/group.  This allows a fine-grained
split between OVN and OVS daemons, and keeps the syntax and user/group
separation from ovs-ctl when running ovn-ctl.

Signed-off-by: Aaron Conole <aconole@redhat.com>
---
 NEWS                        |  3 ++-
 ovn/utilities/ovn-ctl       | 14 ++++++++++++++
 ovn/utilities/ovn-ctl.8.xml |  2 ++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 7875f6673..64d4ed5e3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 Post-v2.10.0
 ---------------------
-
+   - ovn:
+     * ovn-ctl: allow passing user:group ids to the OVN daemons.
 
 v2.10.0 - xx xxx xxxx
 ---------------------
diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
index 296e5b82c..3ff0df68e 100755
--- a/ovn/utilities/ovn-ctl
+++ b/ovn/utilities/ovn-ctl
@@ -172,6 +172,8 @@ $cluster_remote_port
     set "$@" --remote=punix:$sock --pidfile=$pid
     set "$@" --unixctl=ovn${db}_db.ctl
 
+    [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
+
     if test X"$detach" != Xno; then
         set "$@" --detach --monitor
     else
@@ -293,6 +295,8 @@ start_northd () {
             set "$@" --log-file=$OVN_NORTHD_LOGFILE
         fi
 
+        [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
+
         set "$@" $OVN_NORTHD_LOG $ovn_northd_params
 
         OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_NORTHD_PRIORITY" "$OVN_NORTHD_WRAPPER" "$@"
@@ -314,6 +318,9 @@ start_controller () {
     if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
         set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
     fi
+
+    [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
+
     OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_CONTROLLER_PRIORITY" "$OVN_CONTROLLER_WRAPPER" "$@"
 }
 
@@ -332,6 +339,9 @@ start_controller_vtep () {
     if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
         set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
     fi
+
+    [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
+
     OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_CONTROLLER_PRIORITY" "$OVN_CONTROLLER_WRAPPER" "$@"
 }
 
@@ -429,6 +439,8 @@ set_defaults () {
 
     OVS_RUNDIR=${OVS_RUNDIR:-${rundir}}
     OVN_RUNDIR=${OVN_RUNDIR:-${OVS_RUNDIR}}
+    OVN_USER=
+    OVS_USER=
 
     OVN_CONTROLLER_LOG="-vconsole:emer -vsyslog:err -vfile:info"
     OVN_NORTHD_LOG="-vconsole:emer -vsyslog:err -vfile:info"
@@ -535,6 +547,8 @@ Options:
   --ovn-northd-logfile=STRING        ovn northd process log file (default: $OVN_NORTHD_LOGFILE)
   --ovn-nb-log=STRING             ovn NB ovsdb-server processes logging params (default: $OVN_NB_LOG)
   --ovn-sb-log=STRING             ovn SB ovsdb-server processes logging params (default: $OVN_SB_LOG)
+  --ovn-user="user[:group]"      pass the --user flag to the ovn daemons
+  --ovs-user="user[:group]"      pass the --user flag to ovs daemons
   -h, --help                     display this help message
 
 File location options:
diff --git a/ovn/utilities/ovn-ctl.8.xml b/ovn/utilities/ovn-ctl.8.xml
index 02235fe1e..3b0e67a45 100644
--- a/ovn/utilities/ovn-ctl.8.xml
+++ b/ovn/utilities/ovn-ctl.8.xml
@@ -44,6 +44,8 @@
     <p><code>--ovn-northd-wrapper=<var>WRAPPER</var></code></p>
     <p><code>--ovn-controller-priority=<var>NICE</var></code></p>
     <p><code>--ovn-controller-wrapper=<var>WRAPPER</var></code></p>
+    <p><code>--ovn-user=<var>USER:GROUP</var></code></p>
+    <p><code>--ovs-user=<var>USER:GROUP</var></code></p>
     <p><code>-h</code> | <code>--help</code></p>
 
     <h1>File location options</h1>