From patchwork Wed May 8 11:53:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= X-Patchwork-Id: 1097007 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44zZdM4HnJz9s4V for ; Wed, 8 May 2019 21:54:15 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id B667728C7; Wed, 8 May 2019 11:54:12 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 080F8C58 for ; Wed, 8 May 2019 11:54:12 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 7E8FB8FA for ; Wed, 8 May 2019 11:54:11 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id C2D8FADF2 for ; Wed, 8 May 2019 11:54:09 +0000 (UTC) From: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= To: dev@openvswitch.org Date: Wed, 8 May 2019 13:53:45 +0200 Message-Id: <20190508115348.7937-1-jcaamano@suse.com> X-Mailer: git-send-email 2.16.4 MIME-Version: 1.0 X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= Subject: [ovs-dev] [PATCH 1/4] ovn-controller-vtep: Fix wrong value for ovnsb-db argument X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Fix help output of ovn-controller-vtep that was suggesting the openvswitch database instead of the ovn southbound database for the ovnsb-db argument. Also fix the corresponding systemd unit that was passing the openvswitch database instead of the ovn southbound database for the ovnsb-db argument. Signed-off-by: Jaime Caamaño Ruiz --- ovn/controller-vtep/ovn-controller-vtep.c | 2 +- rhel/usr_lib_systemd_system_ovn-controller-vtep.service | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ovn/controller-vtep/ovn-controller-vtep.c b/ovn/controller-vtep/ovn-controller-vtep.c index 1fc6c8b2d..292a3f464 100644 --- a/ovn/controller-vtep/ovn-controller-vtep.c +++ b/ovn/controller-vtep/ovn-controller-vtep.c @@ -253,7 +253,7 @@ Options:\n\ -h, --help display this help message\n\ -o, --options list available options\n\ -V, --version display version information\n\ -", program_name, program_name, default_db(), default_db()); +", program_name, program_name, default_db(), default_sb_db()); stream_usage("database", true, false, true); daemon_usage(); vlog_usage(); diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service index 4ca684ac0..d6bfef1d4 100644 --- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service +++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service @@ -36,7 +36,7 @@ After=openvswitch.service Type=simple Restart=on-failure Environment=OVS_RUNDIR=%t/openvswitch -Environment=OVN_DB=unix:%t/openvswitch/db.sock +Environment=OVN_DB=unix:%t/openvswitch/ovnsb_db.sock Environment=VTEP_DB=unix:%t/openvswitch/db.sock EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep ExecStart=/usr/bin/ovn-controller-vtep -vconsole:emer -vsyslog:err -vfile:info \ From patchwork Wed May 8 11:53:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= X-Patchwork-Id: 1097008 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44zZf41Gchz9s4V for ; Wed, 8 May 2019 21:54:51 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 5697728D2; Wed, 8 May 2019 11:54:16 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id BBA8A28C9 for ; Wed, 8 May 2019 11:54:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3F9358F9 for ; Wed, 8 May 2019 11:54:14 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id B4FB0ADF2 for ; Wed, 8 May 2019 11:54:12 +0000 (UTC) From: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= To: dev@openvswitch.org Date: Wed, 8 May 2019 13:53:46 +0200 Message-Id: <20190508115348.7937-2-jcaamano@suse.com> X-Mailer: git-send-email 2.16.4 In-Reply-To: <20190508115348.7937-1-jcaamano@suse.com> References: <20190508115348.7937-1-jcaamano@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= Subject: [ovs-dev] [PATCH 2/4] rhel: start ovn-controller-vtep with ovn-ctl X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Use ovn-ctl to start ovn-controller-vtep from the corresponding systemd unit file. Signed-off-by: Jaime Caamaño Ruiz --- ovn/utilities/ovn-ctl | 10 +++++++++- rhel/usr_lib_systemd_system_ovn-controller-vtep.service | 12 ++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl index cca5facdc..a43533b69 100755 --- a/ovn/utilities/ovn-ctl +++ b/ovn/utilities/ovn-ctl @@ -346,7 +346,7 @@ start_controller () { } start_controller_vtep () { - set ovn-controller-vtep "unix:$DB_SOCK" + set ovn-controller-vtep set "$@" -vconsole:emer -vsyslog:err -vfile:info if test X"$OVN_CONTROLLER_SSL_KEY" != X; then set "$@" --private-key=$OVN_CONTROLLER_SSL_KEY @@ -360,6 +360,12 @@ start_controller_vtep () { if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT fi + if test X"$DB_SOCK" != X; then + set "$@" --vtep-db=$DB_SOCK + fi + if test X"$DB_SB_SOCK" != X; then + set "$@" --ovnsb-db=$DB_SB_SOCK + fi [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER" @@ -598,6 +604,8 @@ Options: File location options: --db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK) + --db-nb-sock=SOCKET OVN_Northbound db socket (default: $DB_NB_SOCK) + --db-sb-scok=SOCKET OVN_Southbound db socket (default: $DB_SB_SOCK) --db-nb-file=FILE OVN_Northbound db file (default: $DB_NB_FILE) --db-sb-file=FILE OVN_Southbound db file (default: $DB_SB_FILE) --db-nb-schema=FILE OVN_Northbound db file (default: $DB_NB_SCHEMA) diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service index d6bfef1d4..5f69c57bb 100644 --- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service +++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service @@ -33,16 +33,16 @@ Requires=openvswitch.service After=openvswitch.service [Service] -Type=simple +Type=forking +PIDFile=/var/run/openvswitch/ovn-controller-vtep.pid Restart=on-failure -Environment=OVS_RUNDIR=%t/openvswitch Environment=OVN_DB=unix:%t/openvswitch/ovnsb_db.sock Environment=VTEP_DB=unix:%t/openvswitch/db.sock EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep -ExecStart=/usr/bin/ovn-controller-vtep -vconsole:emer -vsyslog:err -vfile:info \ - --log-file=/var/log/openvswitch/ovn-controller-vtep.log \ - --no-chdir --pidfile=${OVS_RUNDIR}/ovn-controller-vtep.pid \ - --ovnsb-db=${OVN_DB} --vtep-db=${VTEP_DB} +ExecStart=/usr/share/openvswitch/scripts/ovn-ctl \ + --db-sb-sock=${OVN_DB} --db-sock=${VTEP_DB} \ + start_controller_vtep +ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_controller_vtep [Install] WantedBy=multi-user.target From patchwork Wed May 8 11:53:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= X-Patchwork-Id: 1097009 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44zZfs6HlBz9s9T for ; Wed, 8 May 2019 21:55:31 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 0545528D9; Wed, 8 May 2019 11:54:18 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 084CE28D0 for ; Wed, 8 May 2019 11:54:17 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E3D858FA for ; Wed, 8 May 2019 11:54:15 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 64958ADF7 for ; Wed, 8 May 2019 11:54:14 +0000 (UTC) From: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= To: dev@openvswitch.org Date: Wed, 8 May 2019 13:53:47 +0200 Message-Id: <20190508115348.7937-3-jcaamano@suse.com> X-Mailer: git-send-email 2.16.4 In-Reply-To: <20190508115348.7937-1-jcaamano@suse.com> References: <20190508115348.7937-1-jcaamano@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= Subject: [ovs-dev] [PATCH 3/4] rhel: secure openvswitch useropts X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org The openvswitch useropts file is being stored in a directory where the openvswitch user has write permissions. The openvswitch user can then manipulate the file to change the user under which switchd daemon runs. This patch changes the file to /var/openvswitch.useropts preventing any manipulation. Signed-off-by: Jaime Caamaño Ruiz --- rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 2 +- rhel/usr_lib_systemd_system_ovsdb-server.service | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in index edd76493c..87abe3a89 100644 --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in @@ -14,7 +14,7 @@ Restart=on-failure Environment=XDG_RUNTIME_DIR=/var/run/openvswitch EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=-/etc/sysconfig/openvswitch -EnvironmentFile=-/run/openvswitch/useropts +EnvironmentFile=-/run/openvswitch.useropts LimitSTACK=2M @begin_dpdk@ ExecStartPre=-/bin/sh -c '/usr/bin/chown :$${OVS_USER_ID##*:} /dev/hugepages' diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service index 41ac2dded..d4b605a75 100644 --- a/rhel/usr_lib_systemd_system_ovsdb-server.service +++ b/rhel/usr_lib_systemd_system_ovsdb-server.service @@ -12,8 +12,8 @@ Restart=on-failure EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=-/etc/sysconfig/openvswitch ExecStartPre=/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch -ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch/useropts; if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVSUSER=--ovs-user=${OVS_USER_ID}" > /run/openvswitch/useropts; fi' -EnvironmentFile=-/run/openvswitch/useropts +ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVSUSER=--ovs-user=${OVS_USER_ID}" > /run/openvswitch.useropts; fi' +EnvironmentFile=-/run/openvswitch.useropts ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ --no-ovs-vswitchd --no-monitor --system-id=random \ ${OVSUSER} \ From patchwork Wed May 8 11:53:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= X-Patchwork-Id: 1097010 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44zZgl0mvlz9s4V for ; Wed, 8 May 2019 21:56:18 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id A921028E2; Wed, 8 May 2019 11:54:20 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id BE02A28D1 for ; Wed, 8 May 2019 11:54:17 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id ECC3A8FC for ; Wed, 8 May 2019 11:54:16 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 76E8CADF2 for ; Wed, 8 May 2019 11:54:15 +0000 (UTC) From: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= To: dev@openvswitch.org Date: Wed, 8 May 2019 13:53:48 +0200 Message-Id: <20190508115348.7937-4-jcaamano@suse.com> X-Mailer: git-send-email 2.16.4 In-Reply-To: <20190508115348.7937-1-jcaamano@suse.com> References: <20190508115348.7937-1-jcaamano@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: =?utf-8?q?Jaime_Caama=C3=B1o_Ruiz?= Subject: [ovs-dev] [PATCH 4/4] rhel: run ovn with the same user as ovs X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Both ovn and ovs share the same log and run directories which are owned by the user running ovs so it makes sense that ovn runs under that user too to diminish security concerns and possible problems with log rotation. Signed-off-by: Jaime Caamaño Ruiz --- rhel/usr_lib_systemd_system_ovn-controller-vtep.service | 2 ++ rhel/usr_lib_systemd_system_ovn-controller.service | 2 ++ rhel/usr_lib_systemd_system_ovn-northd.service | 6 +++++- rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 4 ++-- rhel/usr_lib_systemd_system_ovsdb-server.service | 9 +++++---- 5 files changed, 16 insertions(+), 7 deletions(-) diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service index 5f69c57bb..b1e239f57 100644 --- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service +++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service @@ -39,8 +39,10 @@ Restart=on-failure Environment=OVN_DB=unix:%t/openvswitch/ovnsb_db.sock Environment=VTEP_DB=unix:%t/openvswitch/db.sock EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep +EnvironmentFile=/run/openvswitch.useropts ExecStart=/usr/share/openvswitch/scripts/ovn-ctl \ --db-sb-sock=${OVN_DB} --db-sock=${VTEP_DB} \ + --ovn-user=${OVS_USER_ID} \ start_controller_vtep ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_controller_vtep diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service b/rhel/usr_lib_systemd_system_ovn-controller.service index cf65988fe..335cd5a52 100644 --- a/rhel/usr_lib_systemd_system_ovn-controller.service +++ b/rhel/usr_lib_systemd_system_ovn-controller.service @@ -24,7 +24,9 @@ Type=forking PIDFile=/var/run/openvswitch/ovn-controller.pid Restart=on-failure EnvironmentFile=-/etc/sysconfig/ovn-controller +EnvironmentFile=/run/openvswitch.useropts ExecStart=/usr/share/openvswitch/scripts/ovn-ctl --no-monitor \ + --ovn-user=${OVS_USER_ID} \ start_controller $OVN_CONTROLLER_OPTS ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_controller diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service b/rhel/usr_lib_systemd_system_ovn-northd.service index 3c44600a0..ff510fbde 100644 --- a/rhel/usr_lib_systemd_system_ovn-northd.service +++ b/rhel/usr_lib_systemd_system_ovn-northd.service @@ -24,7 +24,11 @@ Type=oneshot RemainAfterExit=yes Environment=OVS_RUNDIR=%t/openvswitch OVS_DBDIR=/var/lib/openvswitch EnvironmentFile=-/etc/sysconfig/ovn-northd -ExecStart=/usr/share/openvswitch/scripts/ovn-ctl start_northd $OVN_NORTHD_OPTS +EnvironmentFile=/run/openvswitch.useropts +ExecStartPre=/usr/bin/chown -R ${OVS_USER_ID} ${OVS_DBDIR} +ExecStart=/usr/share/openvswitch/scripts/ovn-ctl \ + --ovs-user=${OVS_USER_ID} --ovn-user=${OVS_USER_ID} \ + start_northd $OVN_NORTHD_OPTS ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_northd [Install] diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in index 87abe3a89..ff43dae96 100644 --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in @@ -22,11 +22,11 @@ ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages @end_dpdk@ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ --no-ovsdb-server --no-monitor --system-id=random \ - ${OVSUSER} \ + ${OVS_USER_OPT} \ start $OPTIONS ExecStop=/usr/share/openvswitch/scripts/ovs-ctl --no-ovsdb-server stop ExecReload=/usr/share/openvswitch/scripts/ovs-ctl --no-ovsdb-server \ --no-monitor --system-id=random \ - ${OVSUSER} \ + ${OVS_USER_OPT} \ restart $OPTIONS TimeoutSec=300 diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service index d4b605a75..9bb37fd06 100644 --- a/rhel/usr_lib_systemd_system_ovsdb-server.service +++ b/rhel/usr_lib_systemd_system_ovsdb-server.service @@ -12,15 +12,16 @@ Restart=on-failure EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=-/etc/sysconfig/openvswitch ExecStartPre=/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch -ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVSUSER=--ovs-user=${OVS_USER_ID}" > /run/openvswitch.useropts; fi' -EnvironmentFile=-/run/openvswitch.useropts +ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; /usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts' +ExecStartPre=/bin/sh -c 'if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVS_USER_OPT=--ovs-user=${OVS_USER_ID}" >> /run/openvswitch.useropts; fi' +EnvironmentFile=/run/openvswitch.useropts ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ --no-ovs-vswitchd --no-monitor --system-id=random \ - ${OVSUSER} \ + ${OVS_USER_OPT} \ start $OPTIONS ExecStop=/usr/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd stop ExecReload=/usr/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd \ - ${OVSUSER} \ + ${OVS_USER_OPT} \ --no-monitor restart $OPTIONS RuntimeDirectory=openvswitch RuntimeDirectoryMode=0755