[ovs-dev] ovn-ctl: allow configuring user:group for daemons

Message ID	20180808143610.29357-1-aconole@redhat.com
State	Accepted
Headers	show Return-Path: <ovs-dev-bounces@openvswitch.org> From: Aaron Conole <aconole@redhat.com> To: dev@openvswitch.org Date: Wed, 8 Aug 2018 10:36:10 -0400 Message-Id: <20180808143610.29357-1-aconole@redhat.com> Cc: Russell Bryant <rbryant@redhat.com> Subject: [ovs-dev] [PATCH] ovn-ctl: allow configuring user:group for daemons Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org
Series	[ovs-dev] ovn-ctl: allow configuring user:group for daemons \| expand [ovs-dev] ovn-ctl: allow configuring user:group for daemons

Message ID

20180808143610.29357-1-aconole@redhat.com

State

Accepted

Headers

From: Aaron Conole <aconole@redhat.com>
To: dev@openvswitch.org
Date: Wed,  8 Aug 2018 10:36:10 -0400
Message-Id: <20180808143610.29357-1-aconole@redhat.com>
Cc: Russell Bryant <rbryant@redhat.com>
Subject: [ovs-dev] [PATCH] ovn-ctl: allow configuring user:group for daemons
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

Series

[ovs-dev] ovn-ctl: allow configuring user:group for daemons | expand

Commit Message

Aaron Conole Aug. 8, 2018, 2:36 p.m. UTC

Add two options, one for controlling the ovs daemon user/group, and the
other for controlling the ovn daemon user/group.  This allows a fine-grained
split between OVN and OVS daemons, and keeps the syntax and user/group
separation from ovs-ctl when running ovn-ctl.

Signed-off-by: Aaron Conole <aconole@redhat.com>
---
 NEWS                        |  3 ++-
 ovn/utilities/ovn-ctl       | 14 ++++++++++++++
 ovn/utilities/ovn-ctl.8.xml |  2 ++
 3 files changed, 18 insertions(+), 1 deletion(-)

Comments

Ben Pfaff Aug. 21, 2018, 9:21 p.m. UTC | #1

On Wed, Aug 08, 2018 at 10:36:10AM -0400, Aaron Conole wrote:
> Add two options, one for controlling the ovs daemon user/group, and the
> other for controlling the ovn daemon user/group.  This allows a fine-grained
> split between OVN and OVS daemons, and keeps the syntax and user/group
> separation from ovs-ctl when running ovn-ctl.
> 
> Signed-off-by: Aaron Conole <aconole@redhat.com>

Seems reasonable, applied to master.

diff --git a/NEWS b/NEWS
index 7875f6673..64d4ed5e3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@ 
 Post-v2.10.0
 ---------------------
-
+   - ovn:
+     * ovn-ctl: allow passing user:group ids to the OVN daemons.
 
 v2.10.0 - xx xxx xxxx
 ---------------------
diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
index 296e5b82c..3ff0df68e 100755
--- a/ovn/utilities/ovn-ctl
+++ b/ovn/utilities/ovn-ctl
@@ -172,6 +172,8 @@  $cluster_remote_port
     set "$@" --remote=punix:$sock --pidfile=$pid
     set "$@" --unixctl=ovn${db}_db.ctl
 
+    [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
+
     if test X"$detach" != Xno; then
         set "$@" --detach --monitor
     else
@@ -293,6 +295,8 @@  start_northd () {
             set "$@" --log-file=$OVN_NORTHD_LOGFILE
         fi
 
+        [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
+
         set "$@" $OVN_NORTHD_LOG $ovn_northd_params
 
         OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_NORTHD_PRIORITY" "$OVN_NORTHD_WRAPPER" "$@"
@@ -314,6 +318,9 @@  start_controller () {
     if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
         set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
     fi
+
+    [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
+
     OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_CONTROLLER_PRIORITY" "$OVN_CONTROLLER_WRAPPER" "$@"
 }
 
@@ -332,6 +339,9 @@  start_controller_vtep () {
     if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
         set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
     fi
+
+    [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
+
     OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_CONTROLLER_PRIORITY" "$OVN_CONTROLLER_WRAPPER" "$@"
 }
 
@@ -429,6 +439,8 @@  set_defaults () {
 
     OVS_RUNDIR=${OVS_RUNDIR:-${rundir}}
     OVN_RUNDIR=${OVN_RUNDIR:-${OVS_RUNDIR}}
+    OVN_USER=
+    OVS_USER=
 
     OVN_CONTROLLER_LOG="-vconsole:emer -vsyslog:err -vfile:info"
     OVN_NORTHD_LOG="-vconsole:emer -vsyslog:err -vfile:info"
@@ -535,6 +547,8 @@  Options:
   --ovn-northd-logfile=STRING        ovn northd process log file (default: $OVN_NORTHD_LOGFILE)
   --ovn-nb-log=STRING             ovn NB ovsdb-server processes logging params (default: $OVN_NB_LOG)
   --ovn-sb-log=STRING             ovn SB ovsdb-server processes logging params (default: $OVN_SB_LOG)
+  --ovn-user="user[:group]"      pass the --user flag to the ovn daemons
+  --ovs-user="user[:group]"      pass the --user flag to ovs daemons
   -h, --help                     display this help message
 
 File location options:
diff --git a/ovn/utilities/ovn-ctl.8.xml b/ovn/utilities/ovn-ctl.8.xml
index 02235fe1e..3b0e67a45 100644
--- a/ovn/utilities/ovn-ctl.8.xml
+++ b/ovn/utilities/ovn-ctl.8.xml
@@ -44,6 +44,8 @@ 
     <p><code>--ovn-northd-wrapper=<var>WRAPPER</var></code></p>
     <p><code>--ovn-controller-priority=<var>NICE</var></code></p>
     <p><code>--ovn-controller-wrapper=<var>WRAPPER</var></code></p>
+    <p><code>--ovn-user=<var>USER:GROUP</var></code></p>
+    <p><code>--ovs-user=<var>USER:GROUP</var></code></p>
     <p><code>-h</code> | <code>--help</code></p>
 
     <h1>File location options</h1>

[ovs-dev] ovn-ctl: allow configuring user:group for daemons

Commit Message

Comments

Patch