Message ID | 700192e933993be74b4c26c3e97ceada5e75415d.1582799491.git.lorenzo.bianconi@redhat.com |
---|---|
State | Accepted |
Headers | show |
Series | [ovs-dev,ovn] controller: grant cap_net_admin to ovn-controller | expand |
On Thu, Feb 27, 2020 at 4:04 PM Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote: > > ovn-controller is currently running as non-root so it is not allowed to > configure system networking breaking ovn QoS support. Fix the issue > granting CAP_NET_ADMIN capability to ovn-controller process > > Tested-by: Ying Xu <yinxu@redhat.com> > Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Acked-by: Numan Siddique <numans@ovn.org> Thanks Numan > --- > controller/ovn-controller.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c > index cacaaa578..53d80806f 100644 > --- a/controller/ovn-controller.c > +++ b/controller/ovn-controller.c > @@ -1733,7 +1733,7 @@ main(int argc, char *argv[]) > char *ovs_remote = parse_options(argc, argv); > fatal_ignore_sigpipe(); > > - daemonize_start(false); > + daemonize_start(true); > > char *abs_unixctl_path = get_abs_unix_ctl_path(); > retval = unixctl_server_create(abs_unixctl_path, &unixctl); > -- > 2.24.1 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
I've merged the change to master and branch-20.03. On 2/27/20 2:37 PM, Numan Siddique wrote: > On Thu, Feb 27, 2020 at 4:04 PM Lorenzo Bianconi > <lorenzo.bianconi@redhat.com> wrote: >> >> ovn-controller is currently running as non-root so it is not allowed to >> configure system networking breaking ovn QoS support. Fix the issue >> granting CAP_NET_ADMIN capability to ovn-controller process >> >> Tested-by: Ying Xu <yinxu@redhat.com> >> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> > > Acked-by: Numan Siddique <numans@ovn.org> > > Thanks > Numan > >> --- >> controller/ovn-controller.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c >> index cacaaa578..53d80806f 100644 >> --- a/controller/ovn-controller.c >> +++ b/controller/ovn-controller.c >> @@ -1733,7 +1733,7 @@ main(int argc, char *argv[]) >> char *ovs_remote = parse_options(argc, argv); >> fatal_ignore_sigpipe(); >> >> - daemonize_start(false); >> + daemonize_start(true); >> >> char *abs_unixctl_path = get_abs_unix_ctl_path(); >> retval = unixctl_server_create(abs_unixctl_path, &unixctl); >> -- >> 2.24.1 >> >> _______________________________________________ >> dev mailing list >> dev@openvswitch.org >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >> > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
Does this need a backport to OVS 2.12? On Thu, Feb 27, 2020 at 04:27:33PM -0500, Mark Michelson wrote: > I've merged the change to master and branch-20.03. > > On 2/27/20 2:37 PM, Numan Siddique wrote: > > On Thu, Feb 27, 2020 at 4:04 PM Lorenzo Bianconi > > <lorenzo.bianconi@redhat.com> wrote: > > > > > > ovn-controller is currently running as non-root so it is not allowed to > > > configure system networking breaking ovn QoS support. Fix the issue > > > granting CAP_NET_ADMIN capability to ovn-controller process > > > > > > Tested-by: Ying Xu <yinxu@redhat.com> > > > Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> > > > > Acked-by: Numan Siddique <numans@ovn.org> > > > > Thanks > > Numan > > > > > --- > > > controller/ovn-controller.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c > > > index cacaaa578..53d80806f 100644 > > > --- a/controller/ovn-controller.c > > > +++ b/controller/ovn-controller.c > > > @@ -1733,7 +1733,7 @@ main(int argc, char *argv[]) > > > char *ovs_remote = parse_options(argc, argv); > > > fatal_ignore_sigpipe(); > > > > > > - daemonize_start(false); > > > + daemonize_start(true); > > > > > > char *abs_unixctl_path = get_abs_unix_ctl_path(); > > > retval = unixctl_server_create(abs_unixctl_path, &unixctl); > > > -- > > > 2.24.1 > > > > > > _______________________________________________ > > > dev mailing list > > > dev@openvswitch.org > > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > > > _______________________________________________ > > dev mailing list > > dev@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Yes, thank you Ben. On 2/28/20 2:22 PM, Ben Pfaff wrote: > Does this need a backport to OVS 2.12? > > On Thu, Feb 27, 2020 at 04:27:33PM -0500, Mark Michelson wrote: >> I've merged the change to master and branch-20.03. >> >> On 2/27/20 2:37 PM, Numan Siddique wrote: >>> On Thu, Feb 27, 2020 at 4:04 PM Lorenzo Bianconi >>> <lorenzo.bianconi@redhat.com> wrote: >>>> >>>> ovn-controller is currently running as non-root so it is not allowed to >>>> configure system networking breaking ovn QoS support. Fix the issue >>>> granting CAP_NET_ADMIN capability to ovn-controller process >>>> >>>> Tested-by: Ying Xu <yinxu@redhat.com> >>>> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> >>> >>> Acked-by: Numan Siddique <numans@ovn.org> >>> >>> Thanks >>> Numan >>> >>>> --- >>>> controller/ovn-controller.c | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c >>>> index cacaaa578..53d80806f 100644 >>>> --- a/controller/ovn-controller.c >>>> +++ b/controller/ovn-controller.c >>>> @@ -1733,7 +1733,7 @@ main(int argc, char *argv[]) >>>> char *ovs_remote = parse_options(argc, argv); >>>> fatal_ignore_sigpipe(); >>>> >>>> - daemonize_start(false); >>>> + daemonize_start(true); >>>> >>>> char *abs_unixctl_path = get_abs_unix_ctl_path(); >>>> retval = unixctl_server_create(abs_unixctl_path, &unixctl); >>>> -- >>>> 2.24.1 >>>> >>>> _______________________________________________ >>>> dev mailing list >>>> dev@openvswitch.org >>>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >>>> >>> _______________________________________________ >>> dev mailing list >>> dev@openvswitch.org >>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >>> >> >> _______________________________________________ >> dev mailing list >> dev@openvswitch.org >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
Applied, thanks. On Fri, Feb 28, 2020 at 02:43:44PM -0500, Mark Michelson wrote: > Yes, thank you Ben. > > On 2/28/20 2:22 PM, Ben Pfaff wrote: > > Does this need a backport to OVS 2.12? > > > > On Thu, Feb 27, 2020 at 04:27:33PM -0500, Mark Michelson wrote: > > > I've merged the change to master and branch-20.03. > > > > > > On 2/27/20 2:37 PM, Numan Siddique wrote: > > > > On Thu, Feb 27, 2020 at 4:04 PM Lorenzo Bianconi > > > > <lorenzo.bianconi@redhat.com> wrote: > > > > > > > > > > ovn-controller is currently running as non-root so it is not allowed to > > > > > configure system networking breaking ovn QoS support. Fix the issue > > > > > granting CAP_NET_ADMIN capability to ovn-controller process > > > > > > > > > > Tested-by: Ying Xu <yinxu@redhat.com> > > > > > Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> > > > > > > > > Acked-by: Numan Siddique <numans@ovn.org> > > > > > > > > Thanks > > > > Numan > > > > > > > > > --- > > > > > controller/ovn-controller.c | 2 +- > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c > > > > > index cacaaa578..53d80806f 100644 > > > > > --- a/controller/ovn-controller.c > > > > > +++ b/controller/ovn-controller.c > > > > > @@ -1733,7 +1733,7 @@ main(int argc, char *argv[]) > > > > > char *ovs_remote = parse_options(argc, argv); > > > > > fatal_ignore_sigpipe(); > > > > > > > > > > - daemonize_start(false); > > > > > + daemonize_start(true); > > > > > > > > > > char *abs_unixctl_path = get_abs_unix_ctl_path(); > > > > > retval = unixctl_server_create(abs_unixctl_path, &unixctl); > > > > > -- > > > > > 2.24.1 > > > > > > > > > > _______________________________________________ > > > > > dev mailing list > > > > > dev@openvswitch.org > > > > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > > > > > > > _______________________________________________ > > > > dev mailing list > > > > dev@openvswitch.org > > > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > > > > > > > > _______________________________________________ > > > dev mailing list > > > dev@openvswitch.org > > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > >
diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index cacaaa578..53d80806f 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -1733,7 +1733,7 @@ main(int argc, char *argv[]) char *ovs_remote = parse_options(argc, argv); fatal_ignore_sigpipe(); - daemonize_start(false); + daemonize_start(true); char *abs_unixctl_path = get_abs_unix_ctl_path(); retval = unixctl_server_create(abs_unixctl_path, &unixctl);