@@ -15,7 +15,8 @@ EXTRA_DIST += \
rhel/usr_lib_systemd_system_ovn-controller-vtep.service \
rhel/usr_lib_systemd_system_ovn-northd.service \
rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
- rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
+ rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \
+ rhel/usr_share_ovn_scripts_systemd_sysconfig.template
update_rhel_spec = \
$(AM_V_GEN)($(ro_shell) && sed -e 's,[@]VERSION[@],$(VERSION),g') \
@@ -186,6 +186,10 @@ make %{?_smp_mflags}
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
+install -p -D -m 0644 \
+ rhel/usr_share_ovn_scripts_systemd_sysconfig.template \
+ $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/ovn
+
for service in ovn-controller ovn-controller-vtep ovn-northd; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
@@ -319,6 +323,14 @@ fi
fi
%endif
+%post
+%if %{with libcapng}
+if [ $1 -eq 1 ]; then
+ sed -i 's:^#OVN_USER_ID=:OVN_USER_ID=:' %{_sysconfdir}/sysconfig/ovn
+ sed -i 's:\(.*su\).*:\1 ovn ovn:' %{_sysconfdir}/logrotate.d/ovn
+fi
+%endif
+
%post central
%if 0%{?systemd_post:1}
%systemd_post ovn-northd.service
@@ -413,6 +425,7 @@ if [ $1 -eq 1 ]; then
fi
%files
+%config(noreplace) %{_sysconfdir}/sysconfig/ovn
%{_bindir}/ovn-nbctl
%{_bindir}/ovn-sbctl
%{_bindir}/ovn-trace
@@ -38,10 +38,12 @@ Restart=on-failure
Environment=OVS_RUNDIR=%t/openvswitch
Environment=OVN_RUNDIR=%t/ovn
Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock
+EnvironmentFile=-/etc/sysconfig/ovn
Environment=VTEP_DB=unix:%t/openvswitch/db.sock
EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep
ExecStart=/usr/bin/ovn-controller-vtep -vconsole:emer -vsyslog:err -vfile:info \
--log-file=/var/log/ovn/ovn-controller-vtep.log \
+ --ovn-user=${OVN_USER_ID} \
--no-chdir --pidfile=${OVN_RUNDIR}/ovn-controller-vtep.pid \
--ovnsb-db=${OVN_DB} --vtep-db=${VTEP_DB}
@@ -24,8 +24,10 @@ Type=forking
PIDFile=/var/run/ovn/ovn-controller.pid
Restart=on-failure
Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch
+EnvironmentFile=-/etc/sysconfig/ovn
EnvironmentFile=-/etc/sysconfig/ovn-controller
ExecStart=/usr/share/ovn/scripts/ovn-ctl --no-monitor \
+ --ovn-user=${OVN_USER_ID} \
start_controller $OVN_CONTROLLER_OPTS
ExecStop=/usr/share/ovn/scripts/ovn-ctl stop_controller
@@ -21,8 +21,11 @@ After=syslog.target
Type=oneshot
RemainAfterExit=yes
Environment=OVN_RUNDIR=%t/ovn OVN_DBDIR=/var/lib/ovn
+EnvironmentFile=-/etc/sysconfig/ovn
EnvironmentFile=-/etc/sysconfig/ovn-northd
-ExecStart=/usr/share/ovn/scripts/ovn-ctl start_northd $OVN_NORTHD_OPTS
+ExecStartPre=-/usr/bin/chown -R ${OVN_USER_ID} ${OVN_DBDIR}
+ExecStart=/usr/share/ovn/scripts/ovn-ctl \
+ --ovn-user=${OVN_USER_ID} start_northd $OVN_NORTHD_OPTS
ExecStop=/usr/share/ovn/scripts/ovn-ctl stop_northd
[Install]
new file mode 100644
@@ -0,0 +1,13 @@
+### Configuration options for OVN
+#
+# Set "nice" priority at which to run ovn-northd:
+# --ovn-northd-priority=-10
+#
+# Set "nice" priority at which to run ovn-controller:
+# --ovn-controller-priority=-10
+#
+#
+OPTIONS=""
+
+# Uncomment and set the OVN User/Group value
+#OVN_USER_ID="openvswitch:openvswitch"
@@ -183,6 +183,18 @@ $cluster_remote_port
upgrade_db "$file" "$schema"
fi
+ # Set the owner of the ovn_dbdir (with -R option) to OVN_USER if set.
+ # This is required because the ovndbs are created with root permission
+ # if not present when create_cluster/upgrade_db is called.
+ INSTALL_USER="root"
+ INSTALL_GROUP="root"
+ [ "$OVN_USER" != "" ] && INSTALL_USER="${OVN_USER%:*}"
+ [ "${OVN_USER##*:}" != "" ] && INSTALL_GROUP="${OVN_USER##*:}"
+
+ chown -R $INSTALL_USER:$INSTALL_GROUP $ovn_dbdir
+ chown -R $INSTALL_USER:$INSTALL_GROUP $OVN_RUNDIR
+ chown -R $INSTALL_USER:$INSTALL_GROUP $ovn_logdir
+
set ovsdb-server
set "$@" $log --log-file=$logfile
set "$@" --remote=punix:$sock --pidfile=$db_pid_file