Accepting request 802898 from home:jaicaa:branches:network

- Update openvswitch to 2.13.0. 
  * For a list of changes, check
    https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS 
  * This version drops python2 binding support. Only python3 bindings
    provided going forward.
  * Tool ovs-vlan-bug-workaround is no longer provided.
- OVN was split to its own repo but is still built together with OVS and as
  such from this same source package. OVN initial version is 20.03.
  * For a list of changes, check
    https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS
  * Packages openvswitch-ovn* are renamed to ovn*.
  * OVN now has its own sysconfig and log paths.
- Add OVS patch to be proposed upstream:
  * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
- Patch instead of post-processing configuration files to set running
  credentials (bsc#1157338):
  * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
  * 0001-Run-ovn-as-openvswitch-openvswitch.patch
- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs'
  (bsc#1140835). System admin should mount hugepages on a path and permissions of
  his choosing for OVS. Add patch:
  * 0001-dont-change-permissions-of-dev-hugepages.patch
- Will no longer install udev rule to change group ownership of vfio devices to
  'hugetlbfs'. Group name does not make much sense in this case and ownership of
  vfio devices should be coordinated system wide or per device.
- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled.
  OVS will now run under group 'openvswitch' whether compiled with DPDK support
  or not.
- OVS persistent state is now saved on /var/lib/openvswitch instead of
  /etc/openvswitch for new installs.

OBS-URL: https://build.opensuse.org/request/show/802898
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=196

0001-Don-t-change-permissions-of-dev-hugepages.patch

@@ -0,0 +1,30 @@
+From e54cce931bafa12176989a5d59e3839f1bcfdf0c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
+Date: Wed, 6 May 2020 16:32:28 +0200
+Subject: [PATCH 1/2] Don't change permissions of /dev/hugepages
+
+For SLES/openSUSE, don't change permissions of /dev/hugepages as that is
+a system path. Sysadmin shoudl mount hugepages on a path and permission
+of his choosing if OVS either manually or via hugeadm.
+---
+ rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
+index ff43dae96..08355d950 100644
+--- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
++++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
+@@ -16,10 +16,6 @@ EnvironmentFile=/etc/openvswitch/default.conf
+ EnvironmentFile=-/etc/sysconfig/openvswitch
+ EnvironmentFile=-/run/openvswitch.useropts
+ LimitSTACK=2M
+-@begin_dpdk@
+-ExecStartPre=-/bin/sh -c '/usr/bin/chown :$${OVS_USER_ID##*:} /dev/hugepages'
+-ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
+-@end_dpdk@
+ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
+           --no-ovsdb-server --no-monitor --system-id=random \
+           ${OVS_USER_OPT} \
+-- 
+2.16.4
+

0001-Run-openvswitch-as-openvswitch-openvswitch.patch

@@ -0,0 +1,41 @@
+From 4de3a6e6fc67125a900913598344881c0b0bed71 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
+Date: Fri, 8 May 2020 11:15:57 +0200
+Subject: [PATCH] Run openvswitch as openvswitch:openvswitch
+
+Change default run configuration to unprivilieged user openvswitch and
+group openvswitch. Expect any further customization from user in
+sysconfig/openvswitch, including setting it back to privileged root:root
+configuration.
+---
+ rhel/etc_logrotate.d_openvswitch  | 2 +-
+ rhel/etc_openvswitch_default.conf | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch
+index f4302ffbc..eaf1fd5bf 100644
+--- a/rhel/etc_logrotate.d_openvswitch
++++ b/rhel/etc_logrotate.d_openvswitch
+@@ -6,7 +6,7 @@
+ # without warranty of any kind.
+ 
+ /var/log/openvswitch/*.log {
+-    su root root
++    su openvswitch openvswitch
+     daily
+     compress
+     sharedscripts
+diff --git a/rhel/etc_openvswitch_default.conf b/rhel/etc_openvswitch_default.conf
+index c74417db6..20d1f5f54 100644
+--- a/rhel/etc_openvswitch_default.conf
++++ b/rhel/etc_openvswitch_default.conf
+@@ -1,5 +1,4 @@
+ # DO NOT EDIT THIS FILE
+ 
+ # The following is the *default* configuration for the openvswitch user ID.
+-# This is for backward compatibility.
+-OVS_USER_ID="root:root"
++OVS_USER_ID="openvswitch:openvswitch"
+-- 
+2.16.4
+

0001-Run-ovn-as-openvswitch-openvswitch.patch

@@ -0,0 +1,67 @@
+From aa1869378cf512fd7aeee16c0a030264c2623270 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
+Date: Fri, 8 May 2020 11:23:04 +0200
+Subject: [PATCH] Run ovn as openvswitch:openvswitch
+
+Change default run configuration to unprivilieged user openvswitch and
+group openvswitch. Expect any further customization from user in
+sysconfig/ovn.
+---
+ rhel/etc_logrotate.d_ovn                                | 2 +-
+ rhel/usr_lib_systemd_system_ovn-controller-vtep.service | 1 +
+ rhel/usr_lib_systemd_system_ovn-controller.service      | 1 +
+ rhel/usr_lib_systemd_system_ovn-northd.service          | 1 +
+ 4 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/rhel/etc_logrotate.d_ovn b/rhel/etc_logrotate.d_ovn
+index a351ec303..4b26333fc 100644
+--- a/rhel/etc_logrotate.d_ovn
++++ b/rhel/etc_logrotate.d_ovn
+@@ -6,7 +6,7 @@
+ # without warranty of any kind.
+ 
+ /var/log/ovn/*.log {
+-    su root root
++    su openvswitch openvswitch
+     daily
+     compress
+     sharedscripts
+diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
+index 09ad0612c..dd6ff6675 100644
+--- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
++++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
+@@ -35,6 +35,7 @@ After=openvswitch.service
+ [Service]
+ Type=simple
+ Restart=on-failure
++Environment=OVN_USER_ID=openvswitch:openvswitch
+ Environment=OVS_RUNDIR=%t/openvswitch
+ Environment=OVN_RUNDIR=%t/ovn
+ Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock
+diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service b/rhel/usr_lib_systemd_system_ovn-controller.service
+index 15d0ac853..c602760f1 100644
+--- a/rhel/usr_lib_systemd_system_ovn-controller.service
++++ b/rhel/usr_lib_systemd_system_ovn-controller.service
+@@ -23,6 +23,7 @@ After=openvswitch.service
+ Type=forking
+ PIDFile=/var/run/ovn/ovn-controller.pid
+ Restart=on-failure
++Environment=OVN_USER_ID=openvswitch:openvswitch
+ Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch
+ EnvironmentFile=-/etc/sysconfig/ovn
+ EnvironmentFile=-/etc/sysconfig/ovn-controller
+diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service b/rhel/usr_lib_systemd_system_ovn-northd.service
+index d281f861c..d5c7dfa5f 100644
+--- a/rhel/usr_lib_systemd_system_ovn-northd.service
++++ b/rhel/usr_lib_systemd_system_ovn-northd.service
+@@ -20,6 +20,7 @@ After=syslog.target
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
++Environment=OVN_USER_ID=openvswitch:openvswitch
+ Environment=OVN_RUNDIR=%t/ovn OVN_DBDIR=/var/lib/ovn
+ EnvironmentFile=-/etc/sysconfig/ovn
+ EnvironmentFile=-/etc/sysconfig/ovn-northd
+-- 
+2.16.4
+

0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch

@@ -0,0 +1,48 @@
+From c349652c106b4c4e54e5a4a2f05546d35a801601 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
+Date: Tue, 5 May 2020 18:41:30 +0200
+Subject: [PATCH] rhel: Fix reload of OVS_USER_ID on startup
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+OVS_USER_ID was being picked up from a previously existing
+openvswitch.useropts rendering innefective any configuration change
+through sysconfig.
+
+There is no explicit ordering between Exec* and Environment* stanzas of
+systemd, full enviroment is always reloaded before each Exec. We make
+sure that openvswitch.useropts is removed first so that a fresh
+OVS_USER_ID can be picked up from config.
+
+Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
+---
+ rhel/usr_lib_systemd_system_ovsdb-server.service | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service
+index 4c170c09b..98338b9df 100644
+--- a/rhel/usr_lib_systemd_system_ovsdb-server.service
++++ b/rhel/usr_lib_systemd_system_ovsdb-server.service
+@@ -11,10 +11,16 @@ PIDFile=/var/run/openvswitch/ovsdb-server.pid
+ Restart=on-failure
+ EnvironmentFile=/etc/openvswitch/default.conf
+ EnvironmentFile=-/etc/sysconfig/openvswitch
++EnvironmentFile=-/run/openvswitch.useropts
++
++# Environment is reloaded for each Exec*, make sure to
++# remove openvswitch.useropts first to reload a fresh
++# OVS_USER_ID from default.conf or sysconfig.
++ExecStartPre=/usr/bin/rm -f /run/openvswitch.useropts
++
+ ExecStartPre=-/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch
+-ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; /usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts'
++ExecStartPre=/bin/sh -c '/usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts'
+ ExecStartPre=/bin/sh -c 'if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVS_USER_OPT=--ovs-user=${OVS_USER_ID}" >> /run/openvswitch.useropts; fi'
+-EnvironmentFile=-/run/openvswitch.useropts
+ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
+           --no-ovs-vswitchd --no-monitor --system-id=random \
+           ${OVS_USER_OPT} \
+-- 
+2.16.4
+

openvswitch-2.12.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:13fd42703180b4b1146c7e97926d09225485868cc2fbbd58dc0c421b4b8fe8f8
-size 8162771

openvswitch-2.13.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dd5f727427e36cab22bdeae61529d8c8fccacc53d968cfa7658f7f935ddda531
+size 7233892

openvswitch.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Mon May  4 11:38:26 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>
+
+- Update openvswitch to 2.13.0. 
+  * For a list of changes, check
+    https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS 
+  * This version drops python2 binding support. Only python3 bindings
+    provided going forward.
+  * Tool ovs-vlan-bug-workaround is no longer provided.
+- OVN was split to its own repo but is still built together with OVS and as
+  such from this same source package. OVN initial version is 20.03.
+  * For a list of changes, check
+    https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS
+  * Packages openvswitch-ovn* are renamed to ovn*.
+  * OVN now has its own sysconfig and log paths.
+- Add OVS patch to be proposed upstream:
+  * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
+- Patch instead of post-processing configuration files to set running
+  credentials (bsc#1157338):
+  * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
+  * 0001-Run-ovn-as-openvswitch-openvswitch.patch
+- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs'
+  (bsc#1140835). System admin should mount hugepages on a path and permissions of
+  his choosing for OVS. Add patch:
+  * 0001-dont-change-permissions-of-dev-hugepages.patch
+- Will no longer install udev rule to change group ownership of vfio devices to
+  'hugetlbfs'. Group name does not make much sense in this case and ownership of
+  vfio devices should be coordinated system wide or per device.
+- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled.
+  OVS will now run under group 'openvswitch' whether compiled with DPDK support
+  or not.
+- OVS persistent state is now saved on /var/lib/openvswitch instead of
+  /etc/openvswitch for new installs.
+
 -------------------------------------------------------------------
 Thu Feb 13 18:06:02 UTC 2020 - Dirk Mueller <dmueller@suse.com>
 

ovn-20.03.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:297b471dc2e77423d77eb525f036af814b979fe928363d70cbe75a328e381f4e
+size 1362751