@@ -23,6 +23,7 @@ EXTRA_DIST += \
rhel/usr_lib_udev_rules.d_91-vfio.rules \
rhel/usr_lib_systemd_system_openvswitch.service \
rhel/usr_lib_systemd_system_ovsdb-server.service \
+ rhel/usr_lib_systemd_system_ovsdb-server.socket \
rhel/usr_lib_systemd_system_ovs-vswitchd.service.in \
rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service \
rhel/usr_lib_systemd_system_openvswitch-ipsec.service
@@ -229,6 +229,9 @@ for service in openvswitch ovsdb-server ovs-vswitchd ovs-delete-transient-ports
rhel/usr_lib_systemd_system_${service}.service \
$RPM_BUILD_ROOT%{_unitdir}/${service}.service
done
+install -p -D -m 0644 \
+ rhel/usr_lib_systemd_system_ovsdb-server.socket \
+ $RPM_BUILD_ROOT%{_unitdir}/ovsdb-server.socket
install -m 0755 rhel/etc_init.d_openvswitch \
$RPM_BUILD_ROOT%{_datadir}/openvswitch/scripts/openvswitch.init
@@ -460,6 +463,7 @@ fi
%config(noreplace) %{_sysconfdir}/logrotate.d/openvswitch
%{_unitdir}/openvswitch.service
%{_unitdir}/ovsdb-server.service
+%{_unitdir}/ovsdb-server.socket
%{_unitdir}/ovs-vswitchd.service
%{_unitdir}/ovs-delete-transient-ports.service
%{_datadir}/openvswitch/scripts/openvswitch.init
@@ -1,8 +1,7 @@
[Unit]
Description=Open vSwitch Delete Transient Ports
-After=ovsdb-server.service
+After=ovsdb-server.socket
Before=ovs-vswitchd.service
-AssertPathExists=/run/openvswitch/db.sock
[Service]
Type=oneshot
@@ -1,10 +1,9 @@
[Unit]
Description=Open vSwitch Forwarding Unit
-After=ovsdb-server.service network-pre.target systemd-udev-settle.service
+After=ovsdb-server.socket network-pre.target systemd-udev-settle.service
Before=network.target network.service
-Requires=ovsdb-server.service
+Requires=ovsdb-server.socket
ReloadPropagatedFrom=ovsdb-server.service
-AssertPathIsReadWrite=/run/openvswitch/db.sock
PartOf=openvswitch.service
[Service]
@@ -2,6 +2,7 @@
Description=Open vSwitch Database Unit
After=syslog.target network-pre.target
Before=network.target network.service
+Requires=ovsdb-server.socket
Wants=ovs-delete-transient-ports.service
PartOf=openvswitch.service
new file mode 100644
@@ -0,0 +1,17 @@
+[Unit]
+Description=Open vSwitch Database Socket
+Before=ovsdb-server.service
+
+[Socket]
+# Read OVS_USER_ID to set socket group ownership below.
+# Note: /run/openvswitch.useropts is not available here because
+# it is generated by ovsdb-server.service, which starts after us.
+EnvironmentFile=/etc/openvswitch/default.conf
+EnvironmentFile=-/etc/sysconfig/openvswitch
+ListenStream=/run/openvswitch/db.sock
+Service=ovsdb-server.service
+SocketMode=0770
+ExecStartPost=-/bin/sh -c 'GRP="${OVS_USER_ID##*:}"; [ -n "$GRP" ] && [ "$GRP" != "root" ] && chgrp "$GRP" /run/openvswitch/db.sock || true'
+
+[Install]
+WantedBy=sockets.target
Add an ovsdb-server.socket unit that has systemd create and manage the /run/openvswitch/db.sock listening socket. This eliminates the window during ovsdb-server restarts when clients cannot connect to the database. The socket unit reads OVS_USER_ID from the same configuration files as the service unit (/etc/openvswitch/default.conf, /etc/sysconfig/openvswitch) and adjusts socket group ownership via ExecStartPost so that non-root OVS deployments can connect. Update service dependencies: - ovsdb-server.service: Requires=ovsdb-server.socket - ovs-vswitchd.service: After/Requires=ovsdb-server.socket instead of ovsdb-server.service, remove AssertPathIsReadWrite (socket exists before the service starts) - ovs-delete-transient-ports.service: After=ovsdb-server.socket, remove AssertPathExists (same reason) Co-authored-by: Lubomir Rintel <lkundrak@v3.sk> Signed-off-by: Lubomir Rintel <lkundrak@v3.sk> Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> --- rhel/automake.mk | 1 + rhel/openvswitch-fedora.spec.in | 4 ++++ ...md_system_ovs-delete-transient-ports.service | 3 +-- ...r_lib_systemd_system_ovs-vswitchd.service.in | 5 ++--- .../usr_lib_systemd_system_ovsdb-server.service | 1 + rhel/usr_lib_systemd_system_ovsdb-server.socket | 17 +++++++++++++++++ 6 files changed, 26 insertions(+), 5 deletions(-) create mode 100644 rhel/usr_lib_systemd_system_ovsdb-server.socket