Dirk Mueller
604489e1db
- Update openvswitch to 2.13.0.
* For a list of changes, check
https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS
* This version drops python2 binding support. Only python3 bindings
provided going forward.
* Tool ovs-vlan-bug-workaround is no longer provided.
- OVN was split to its own repo but is still built together with OVS and as
such from this same source package. OVN initial version is 20.03.
* For a list of changes, check
https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS
* Packages openvswitch-ovn* are renamed to ovn*.
* OVN now has its own sysconfig and log paths.
- Add OVS patch to be proposed upstream:
* 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
- Patch instead of post-processing configuration files to set running
credentials (bsc#1157338):
* 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
* 0001-Run-ovn-as-openvswitch-openvswitch.patch
- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs'
(bsc#1140835). System admin should mount hugepages on a path and permissions of
his choosing for OVS. Add patch:
* 0001-dont-change-permissions-of-dev-hugepages.patch
- Will no longer install udev rule to change group ownership of vfio devices to
'hugetlbfs'. Group name does not make much sense in this case and ownership of
vfio devices should be coordinated system wide or per device.
- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled.
OVS will now run under group 'openvswitch' whether compiled with DPDK support
or not.
- OVS persistent state is now saved on /var/lib/openvswitch instead of
/etc/openvswitch for new installs.
OBS-URL: https://build.opensuse.org/request/show/802898
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=196
42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
From 4de3a6e6fc67125a900913598344881c0b0bed71 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
|
|
Date: Fri, 8 May 2020 11:15:57 +0200
|
|
Subject: [PATCH] Run openvswitch as openvswitch:openvswitch
|
|
|
|
Change default run configuration to unprivilieged user openvswitch and
|
|
group openvswitch. Expect any further customization from user in
|
|
sysconfig/openvswitch, including setting it back to privileged root:root
|
|
configuration.
|
|
---
|
|
rhel/etc_logrotate.d_openvswitch | 2 +-
|
|
rhel/etc_openvswitch_default.conf | 3 +--
|
|
2 files changed, 2 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch
|
|
index f4302ffbc..eaf1fd5bf 100644
|
|
--- a/rhel/etc_logrotate.d_openvswitch
|
|
+++ b/rhel/etc_logrotate.d_openvswitch
|
|
@@ -6,7 +6,7 @@
|
|
# without warranty of any kind.
|
|
|
|
/var/log/openvswitch/*.log {
|
|
- su root root
|
|
+ su openvswitch openvswitch
|
|
daily
|
|
compress
|
|
sharedscripts
|
|
diff --git a/rhel/etc_openvswitch_default.conf b/rhel/etc_openvswitch_default.conf
|
|
index c74417db6..20d1f5f54 100644
|
|
--- a/rhel/etc_openvswitch_default.conf
|
|
+++ b/rhel/etc_openvswitch_default.conf
|
|
@@ -1,5 +1,4 @@
|
|
# DO NOT EDIT THIS FILE
|
|
|
|
# The following is the *default* configuration for the openvswitch user ID.
|
|
-# This is for backward compatibility.
|
|
-OVS_USER_ID="root:root"
|
|
+OVS_USER_ID="openvswitch:openvswitch"
|
|
--
|
|
2.16.4
|
|
|