SHA256
1
0
forked from pool/openvswitch
Dominique Leuenberger 2020-06-02 12:43:07 +00:00 committed by Git OBS Bridge
commit 2da3307cdc
9 changed files with 960 additions and 504 deletions

View File

@ -0,0 +1,30 @@
From e54cce931bafa12176989a5d59e3839f1bcfdf0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
Date: Wed, 6 May 2020 16:32:28 +0200
Subject: [PATCH 1/2] Don't change permissions of /dev/hugepages
For SLES/openSUSE, don't change permissions of /dev/hugepages as that is
a system path. Sysadmin shoudl mount hugepages on a path and permission
of his choosing if OVS either manually or via hugeadm.
---
rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 4 ----
1 file changed, 4 deletions(-)
diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
index ff43dae96..08355d950 100644
--- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
+++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
@@ -16,10 +16,6 @@ EnvironmentFile=/etc/openvswitch/default.conf
EnvironmentFile=-/etc/sysconfig/openvswitch
EnvironmentFile=-/run/openvswitch.useropts
LimitSTACK=2M
-@begin_dpdk@
-ExecStartPre=-/bin/sh -c '/usr/bin/chown :$${OVS_USER_ID##*:} /dev/hugepages'
-ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
-@end_dpdk@
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
--no-ovsdb-server --no-monitor --system-id=random \
${OVS_USER_OPT} \
--
2.16.4

View File

@ -0,0 +1,41 @@
From 4de3a6e6fc67125a900913598344881c0b0bed71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
Date: Fri, 8 May 2020 11:15:57 +0200
Subject: [PATCH] Run openvswitch as openvswitch:openvswitch
Change default run configuration to unprivilieged user openvswitch and
group openvswitch. Expect any further customization from user in
sysconfig/openvswitch, including setting it back to privileged root:root
configuration.
---
rhel/etc_logrotate.d_openvswitch | 2 +-
rhel/etc_openvswitch_default.conf | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch
index f4302ffbc..eaf1fd5bf 100644
--- a/rhel/etc_logrotate.d_openvswitch
+++ b/rhel/etc_logrotate.d_openvswitch
@@ -6,7 +6,7 @@
# without warranty of any kind.
/var/log/openvswitch/*.log {
- su root root
+ su openvswitch openvswitch
daily
compress
sharedscripts
diff --git a/rhel/etc_openvswitch_default.conf b/rhel/etc_openvswitch_default.conf
index c74417db6..20d1f5f54 100644
--- a/rhel/etc_openvswitch_default.conf
+++ b/rhel/etc_openvswitch_default.conf
@@ -1,5 +1,4 @@
# DO NOT EDIT THIS FILE
# The following is the *default* configuration for the openvswitch user ID.
-# This is for backward compatibility.
-OVS_USER_ID="root:root"
+OVS_USER_ID="openvswitch:openvswitch"
--
2.16.4

View File

@ -0,0 +1,67 @@
From aa1869378cf512fd7aeee16c0a030264c2623270 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
Date: Fri, 8 May 2020 11:23:04 +0200
Subject: [PATCH] Run ovn as openvswitch:openvswitch
Change default run configuration to unprivilieged user openvswitch and
group openvswitch. Expect any further customization from user in
sysconfig/ovn.
---
rhel/etc_logrotate.d_ovn | 2 +-
rhel/usr_lib_systemd_system_ovn-controller-vtep.service | 1 +
rhel/usr_lib_systemd_system_ovn-controller.service | 1 +
rhel/usr_lib_systemd_system_ovn-northd.service | 1 +
4 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/rhel/etc_logrotate.d_ovn b/rhel/etc_logrotate.d_ovn
index a351ec303..4b26333fc 100644
--- a/rhel/etc_logrotate.d_ovn
+++ b/rhel/etc_logrotate.d_ovn
@@ -6,7 +6,7 @@
# without warranty of any kind.
/var/log/ovn/*.log {
- su root root
+ su openvswitch openvswitch
daily
compress
sharedscripts
diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
index 09ad0612c..dd6ff6675 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
@@ -35,6 +35,7 @@ After=openvswitch.service
[Service]
Type=simple
Restart=on-failure
+Environment=OVN_USER_ID=openvswitch:openvswitch
Environment=OVS_RUNDIR=%t/openvswitch
Environment=OVN_RUNDIR=%t/ovn
Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock
diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service b/rhel/usr_lib_systemd_system_ovn-controller.service
index 15d0ac853..c602760f1 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller.service
@@ -23,6 +23,7 @@ After=openvswitch.service
Type=forking
PIDFile=/var/run/ovn/ovn-controller.pid
Restart=on-failure
+Environment=OVN_USER_ID=openvswitch:openvswitch
Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch
EnvironmentFile=-/etc/sysconfig/ovn
EnvironmentFile=-/etc/sysconfig/ovn-controller
diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service b/rhel/usr_lib_systemd_system_ovn-northd.service
index d281f861c..d5c7dfa5f 100644
--- a/rhel/usr_lib_systemd_system_ovn-northd.service
+++ b/rhel/usr_lib_systemd_system_ovn-northd.service
@@ -20,6 +20,7 @@ After=syslog.target
[Service]
Type=oneshot
RemainAfterExit=yes
+Environment=OVN_USER_ID=openvswitch:openvswitch
Environment=OVN_RUNDIR=%t/ovn OVN_DBDIR=/var/lib/ovn
EnvironmentFile=-/etc/sysconfig/ovn
EnvironmentFile=-/etc/sysconfig/ovn-northd
--
2.16.4

View File

@ -0,0 +1,48 @@
From c349652c106b4c4e54e5a4a2f05546d35a801601 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
Date: Tue, 5 May 2020 18:41:30 +0200
Subject: [PATCH] rhel: Fix reload of OVS_USER_ID on startup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OVS_USER_ID was being picked up from a previously existing
openvswitch.useropts rendering innefective any configuration change
through sysconfig.
There is no explicit ordering between Exec* and Environment* stanzas of
systemd, full enviroment is always reloaded before each Exec. We make
sure that openvswitch.useropts is removed first so that a fresh
OVS_USER_ID can be picked up from config.
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
---
rhel/usr_lib_systemd_system_ovsdb-server.service | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service
index 4c170c09b..98338b9df 100644
--- a/rhel/usr_lib_systemd_system_ovsdb-server.service
+++ b/rhel/usr_lib_systemd_system_ovsdb-server.service
@@ -11,10 +11,16 @@ PIDFile=/var/run/openvswitch/ovsdb-server.pid
Restart=on-failure
EnvironmentFile=/etc/openvswitch/default.conf
EnvironmentFile=-/etc/sysconfig/openvswitch
+EnvironmentFile=-/run/openvswitch.useropts
+
+# Environment is reloaded for each Exec*, make sure to
+# remove openvswitch.useropts first to reload a fresh
+# OVS_USER_ID from default.conf or sysconfig.
+ExecStartPre=/usr/bin/rm -f /run/openvswitch.useropts
+
ExecStartPre=-/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch
-ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; /usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts'
+ExecStartPre=/bin/sh -c '/usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts'
ExecStartPre=/bin/sh -c 'if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVS_USER_OPT=--ovs-user=${OVS_USER_ID}" >> /run/openvswitch.useropts; fi'
-EnvironmentFile=-/run/openvswitch.useropts
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
--no-ovs-vswitchd --no-monitor --system-id=random \
${OVS_USER_OPT} \
--
2.16.4

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:13fd42703180b4b1146c7e97926d09225485868cc2fbbd58dc0c421b4b8fe8f8
size 8162771

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dd5f727427e36cab22bdeae61529d8c8fccacc53d968cfa7658f7f935ddda531
size 7233892

View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Mon May 4 11:38:26 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>
- Update openvswitch to 2.13.0.
* For a list of changes, check
https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS
* This version drops python2 binding support. Only python3 bindings
provided going forward.
* Tool ovs-vlan-bug-workaround is no longer provided.
- OVN was split to its own repo but is still built together with OVS and as
such from this same source package. OVN initial version is 20.03.
* For a list of changes, check
https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS
* Packages openvswitch-ovn* are renamed to ovn*.
* OVN now has its own sysconfig and log paths.
- Add OVS patch to be proposed upstream:
* 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
- Patch instead of post-processing configuration files to set running
credentials (bsc#1157338):
* 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
* 0001-Run-ovn-as-openvswitch-openvswitch.patch
- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs'
(bsc#1140835). System admin should mount hugepages on a path and permissions of
his choosing for OVS. Add patch:
* 0001-Don-t-change-permissions-of-dev-hugepages.patch
- Will no longer install udev rule to change group ownership of vfio devices to
'hugetlbfs'. Group name does not make much sense in this case and ownership of
vfio devices should be coordinated system wide or per device.
- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled.
OVS will now run under group 'openvswitch' whether compiled with DPDK support
or not.
- OVS persistent state is now saved on /var/lib/openvswitch instead of
/etc/openvswitch for new installs.
-------------------------------------------------------------------
Thu Feb 13 18:06:02 UTC 2020 - Dirk Mueller <dmueller@suse.com>

File diff suppressed because it is too large Load Diff

3
ovn-20.03.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:297b471dc2e77423d77eb525f036af814b979fe928363d70cbe75a328e381f4e
size 1362751