| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 94cd8383e297 ("rhel: fix log directory permissions") restored the
old 755 permission on /var/log/openvswitch and this can result in the
exposure of sensitive information.
Since commit f624bf23b62a ("rhel: user/group openvswitch does not exist")
moved the user/group creations in %pre phase it's now possible to change
/var/log/openvswitch user/group to openvswitch:openvswitch and remove
the r/x bits for other again without having the "permission denied"
error when the logs are rotated.
CC: Aaron Conole <aconole@redhat.com>
Fixes: 94cd8383e297 ("rhel: fix log directory permissions")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
|
|
|
|
|
|
| |
Currently in /etc/sysconfig/openvswitch it's not clear that
force-corefiles is enabled by default.
This patch adds a comment explaining that force-corefiles is, by
default, set to yes.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently python2 and python3 binaries are searched by following the
PATHs, but, on Fedora, the python2 package does not provides /bin/python2
and so if the PATH contains /bin before /usr/bin (for example by using
the ansible poc) then the resulting RPM file will require /bin/python2
instead of /usr/bin/python2 and this breaks some tools (for example
createrepo).
This patch specify the full path of python2 interpreter and,
if python3-openvswitch package is built, the full path of python3
interpreter.
Reported-by: Ansis Atteka <ansisatteka@gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-May/346796.html
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These dependencies have been moved from the %post to the %pre scriptlet
in f624bf23b62a ("rhel: user/group openvswitch does not exist") and are
already provided by the shadow-utils package so we can simply drop
them.
Cc: Alan Pevec <alan.pevec@redhat.com>
Cc: Aaron Conole <aconole@redhat.com>
Signed-off-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Default ownership[1] for config files is failing on an empty system:
Running scriptlet: openvswitch-2.9.0-3.fc28.x86_64
warning: user openvswitch does not exist - using root
warning: group openvswitch does not exist - using root
...
Required user/group need to be created in %pre as documented in
Fedora guideline[2]
[1] https://github.com/openvswitch/ovs/commit/951d79e638ecdb3b1dcd19df1adb2ff91fe61af8
[2] https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation
Submitted-at: https://github.com/openvswitch/ovs/pull/223
Signed-off-by: Alan Pevec <alan.pevec@redhat.com>
Co-authored-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
| |
The sed package in RHEL/CentOS 7 only provides /bin/sed and not
/usr/bin/sed, but later versions (including Fedora) provide both.
Signed-off-by: Isaac Freeman <memotype@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently (at least on RHEL 7.5) openvswitch fails to start (with DPDK
enabled) as non-root, since chown fails and "/dev/hugepages" group is not
changed.
Commit tested on Fedora 28 and RHEL 7.5, both as root as non-root user.
From man 5 systemd.service:
To pass a literal dollar sign, use "$$". Variables whose value is not known
at expansion time are treated as empty strings. Note that the first argument
(i.e. the program to execute) may not be a variable.
CC: Aaron Conole <aconole@redhat.com>
Fixes: 4299145c1095 ("rhel: don't drop capabilities when running as root")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GitHub uses a library called Licensee to identify a project's license
type. It shows this information in the status bar and via the API if it
can unambiguously identify the license.
This commit creates a LICENSE file that stores the full text of the
Apache license. It also removes the COPYING file and transfers its
contents to a new "License" section in the README.
Collectively, these changes allow Licensee to successfully identify the
license type of Open vSwitch's codebase as Apache.
Submitted-at: https://github.com/openvswitch/ovs/pull/224
Signed-off-by: Andrea Kao <eirinikos@gmail.com>
[blp@ovn.org removed references to COPYING and updated Makefile.am]
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, regardless of which user is being set as the running user,
Open vSwitch daemons on RHEL systems drop capabilities. This means the
very powerful CAP_SYS_ADMIN is dropped, even when the user is 'root'.
For the majority of use cases this behavior works, as the user can
enable or disable various configurations, regardless of which datapath
functions are desired. However, when using certain DPDK PMDs, the
enablement and configuration calls require CAP_SYS_ADMIN.
Instead of retaining CAP_SYS_ADMIN in all cases, which would practically
nullify the uid/gid and privilege drop, we don't pass the --ovs-user
option to the daemons. This shunts the capability and privilege
dropping code.
Reported-by: Marcos Felipe Schwarz <marcos.f.sch@gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-January/045955.html
Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-By: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The _Server database is valuable primarily because it provides database
clients a way to find out the details of changes to databases, schemas,
etc. in a granular, natural way. Until now, the only way that the server
could notify clients about these kinds of changes was to close the session;
when the client reconnects, it is expected to reassess the server's state.
One way to provide this kind of granular information would be to add
specific JSON-RPC requests to obtain notifications for different kinds of
changes, but since ovsdb-server already provides granular and flexible
notification support for databases, using a database for the purpose is
convenient and avoids duplicating functionality.
Initially this database only reports databases' names and schemas, but
when clustering support is added in a later commit it will also report
important aspects of clustering and cluster status. Thus, this database
also reduces the need to add JSON-RPC calls to retrieve information about
new features.
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Whenever a DPDK port is added to or deleted from an OVS bridge, the bridge
interface is reconfigured with the lowest MAC address among the connected DPDK
ports. When changing the MAC address, OVS performs a sequences of events
UP -> DOWN -> UP on the bridge interface. In deployments of OVS in RHEL
distribution this results in loosing Linux networking configuration attached to
the bridge interface (e.g. static routes).
This patch changes the interface configuration scripts used in a RHEL deployment
to trigger post-up operations on the bridge device after a change of MAC address.
Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera@ericsson.com>
Signed-off-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The selinux policy currently builds manually, as a process that either
the user or distribution maintainer undertakes. That process consists
of:
1. Convert the intermediary files into their file form through
'make' statements at the top level.
2. Change to the selinux directory and issue the selinux "make -f"
directive.
This commit introduces a new target 'selinux-policy' which builds the
openvswitch-custom policy files.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch c49889cf3e "rhel: Ensure proper OVS kernel modules load after upgrade"
did not address the RHEL 6 kmod rpm spec file. This patch addresses
that error.
Fixes: c49889cf3e ("rhel: Ensure proper OVS kernel modules...")
CC: Ansis Atteka <ansisatteka@gmail.com>
CC: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, "rpmbuild -bb rhel/openvswitch.spec" doesn't work correctly
since the new ovsdb manpages (ovsdb.5, ovsdb.7 and ovsdb-server.7) were
added.
This patch adds the new ovsdb manpages in the %files list in the spec
file.
CC: Ben Pfaff <blp@ovn.org>
Fixes: 12b84d50e032 ("ovsdb: Improve documentation.")
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
autoconf, automake and libtool are required for ./boot.sh.
python-sphinx is required to prevent an error where ovs-test.8 is
otherwise not generated.
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add post install and post un-install scripts to make sure that the
openvswitch kernel modules are correctly written with the weak-modules
utility. This ensures that after an upgrade to a newer kernel the
correct openvswitch kernel modules from a previous installation will
be found by the depmod search path.
Suggested-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Since you can't use "ovs-ctl force-reload-kmod" on Fedora/RHEL, due to
systemd dependencies, this commit adds the "force-reload-kmod" feature on
ovs-systemd-reload.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
|
|
|
|
|
|
|
|
|
| |
To avoid code duplication use the functions from ovs-lib.in
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, "make rpm-fedora" doesn't work correctly since the new ovsdb
manpages (ovsdb.5, ovsdb.7 and ovsdb-server.7) were added.
This patch adds the new ovsdb manpages in the %files list in the spec
file.
CC: Ben Pfaff <blp@ovn.org>
Fixes: 12b84d50e032 ("ovsdb: Improve documentation.")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this commit is not possible to upgrade an openvswitch release
that includes the commit ac416a3ab2d2 (for example 2.8.0) with another release
that includes the commit ac416a3ab2d2 (for example master or 2.8.1), because
rpm changes the user/group of /etc/openvswitch to root/root, but ovsdb-server
starts with the user openvswitch and so it doesn't have permissions to write in
/etc/openvswitch/conf.db.
This patch tell rpm to use the openvswitch user and group for
/etc/openvswitch and /etc/openvswitch/default.conf.
Reported-by: Mark Michelson <mmichels@redhat.com>
CC: aaron conole <aconole@redhat.com>
Fixes: ac416a3ab2d2 ("redhat: dynamically allocate and reference ovs user")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Tested-by: Mark Michelson <mmichels@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Presently, logrotate script, searches for the pid files in /var/log/openvswitch
and passes the pid file name (without .pid) as target to ovs-appctl. This approach
doesn't work for OVN DB servers since the ctl files are generated as "ovnnb_db.ctl"
and "ovnsb_db.ctl". So search for the .ctl files instead and use them as target to
ovs-appctl.
Suggested-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Mark Michelson <mmichels@redhat.com>
|
|
|
|
|
|
|
|
| |
Perl is unfashionable and Python is more widely available and understood,
so this commit converts one of the OVS uses of Perl into Python.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reload procedure will trigger a script that saves the flows and tlv
maps (using ovs-save) then it restarts ovsdb-server, it stops ovs-vswitchd,
it sets other_config:flow-restore-wait=true (to wait till flow restore is
finished), it starts ovs-vswitchd, it restore the backupped flows/tlv
maps and it removes other_config:flow-restore-wait=true (logic mostly ripped
from ovs-ctl).
It uses systemctl with --job-mode=ignore-dependencies to restart ovsdb-server
and stop and start ovs-vswitchd in order to avoid systemd to restart the other
components due to dependencies (as explained in rhel/README.RHEL.rst).
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
|
|
|
|
|
|
|
|
|
|
|
| |
python-* package names are deprecated on Fedora
(https://fedoraproject.org/wiki/Packaging:Naming#Python2_binary_package_naming)
so use python2-sphinx, when available, instead.
CC: Lance Richardson <lrichard@redhat.com>
Fixes: cd6121410b52 ("rhel: add python-sphinx as a build dependency")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
Using the dependencies feature of systemd ovs-delete-transient-ports.service
is only started once and so transient ports are only deleted only the first
time after boot.
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the logrotate script runs, and Open vSwitch is running as a non-root
user, the /var/log/openvswitch directory doesn't have other rx bits set.
This means the reopen attempt will fail with "permission denied", even though
the default logrotate configuration creates a new log file with the
appropriate attributes.
This change sets the r/x bits for other on /var/log/openvswitch
Signed-off-by: Aaron Conole <aconole@redhat.com>
Tested-by: Jean Hsiao <jhsiao@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Markos Chandras <mchandras@suse.de>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We still use SysV scripts for RHEL. Currently, invoking
/etc/init.d/openvswitch will redirect the calls to
dynamically generated systemd scripts. In the above case when you call
"/etc/init.d/openvswitch-switch start", it inturn calls
"/bin/systemctl start openvswitch-switch.service" and
that inturn again calls "/etc/init.d/openvswitch-switch start"
This patch avoids it. This is similar to what was done to
Debian in commit 873d85653d8 (debian: Skip systemctl redirect.)
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The commit 7bc1aae71e89 ("rhel: make the selinux policy intermediate")
broke the centos RPM builds. This commit ensures that the centos rpmbuild
will first create the openvswitch-custom.te file, and then create the
final policy files.
Fixes: 7bc1aae71e89 ("rhel: make the selinux policy intermediate")
Reported-by: Ansis Atteka <aatteka@ovn.org>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This will be used by an upcoming commit to have @begin_ and @end_ dpdk
blocks to keep dpdk specific policy decisions only active when dpdk is
used.
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Ansis Atteka <aatteka@ovn.org>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Tested-by: Jean Hsiao <jhsiao@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upgrade from older Open vSwitch versions on RHEL will try, as much as
possible, to preserve the system. This means no new users or groups are
created. As an effect, it's possible for the chown to fail, because the
hugetlbfs group may not exist. While it did on my systems, it was not
there on others.
This change allows the ExecStartPre commands to fail. In the case that the
user doesn't use DPDK, it won't matter anyway.
Fixes: e3e738a3d058 ('redhat: allow dpdk to also run as non-root user')
Signed-off-by: Aaron Conole <aconole@redhat.com>
Reported-by: Jean-Tsung Hsiao <jhsiao@redhat.com>
Tested-by: Jean-Tsung Hsiao <jhsiao@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
| |
This commit builds on the non-root ovs work and adds a udev rule which will
automatically set the group permissions of vfio devices.
Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After this commit, users may start a dpdk-enabled ovs setup as a
non-root user. This is accomplished by exporting the $HOME directory,
which dpdk uses to fill in it's semi-persistent RTE configuration.
This change may be a bit controversial since it modifies /dev/hugepages
as part of starting the ovs-vswitchd to set a hugetlbfs group
ownership. This is used to enable writing to /dev/hugepages so that the
dpdk_init will successfully complete. There is an alternate way of
accomplishing this - namely to initialize DPDK before dropping
privileges. However, this would mean that if DPDK ever grows an uninit
/ reinit function, non-root ovs likely could never use it.
This does not change OvS+DPDK's SELinux requirements. It still must be
disabled.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
| |
This commit changes the service file from static configuration to an
autogenerated file, produced during the build. This will be relevant in a
future commit.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After this commit, the fedora RPM will create the openvswitch user, from the
non-static pool, for use as an Open vSwitch daemon user. This only happens
on install - not upgrade. This will be the default user:group
combination for the openvswitch daemons.
To do this in a way that doesn't impact existing installations, the
/etc/openvswitch directory will be created during the installation,
rather than being provided as part of the rpm.
Acked-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Under rpm based distributions, the only user:group that the rhel daemons run
as is 'root:root'. This is fine as a default, but as part of a security
procedure, users may want to run as an alternate uid/gid. This commit
adds an OVS_USER_ID environment variable for systemd, which defaults to
root:root, but can be overridden by changing the /etc/sysconfig/openvswitch
environment file.
Acked-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change stops the use of OVS's monitor for the ovn-controller and
ovn-controller-vtep systemd services. Instead, the services use the
systemd Restart option to restart the services automatically if they
fail.
This patch changes the ovn-controller service Type from "oneshot" to
"forking". The Restart option is incompatible with oneshot services. The
patch does not change the ovn-controller-vtep service type from
"simple", however.
Signed-off-by: Mark Michelson <mmichels@redhat.com>
Acked-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrading to DPDK 17.05.1 stable release adds new
significant features relevant to OVS, including,
but not limited to:
- tun/tap PMD,
- VFIO hotplug support,
- Generic flow API.
Following changes are applied:
- netdev-dpdk: Changes required by DPDK API modifications.
- doc: Because of DPDK API changes, backward compatibility
with previous DPDK releases will be broken, thus all
relevant documentation entries are updated.
- .travis: DPDK version change from 16.11.1 to 17.05.1.
- rhel/openvswitch-fedora.spec.in: DPDK version change
from 16.11 to 17.05.1
Signed-off-by: Michal Weglicki <michalx.weglicki@intel.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Mark Kavanagh <mark.b.kavanagh@intel.com>
Tested-by: Ian Stokes <ian.stokes@intel.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
| |
Replace systemctk with systemctl
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During initialization, it's possible that the startup time takes longer
than the systemd default provided. Set this to be 5 minutes. If we
take longer than 5 minutes, maybe something is wrong.
As an example of long initialization, enable DPDK, and allocate large
numbers of hugepages before starting ovs-vswitchd. The vswitchd can
take two or more minutes to start. During that time, systemd will decide
that the startup time took too long, and kill the parent process, leading
eventually to an error like:
ovs|00011|daemon_unix|EMER|pipe write failed (Broken pipe)
And a systemd log like:
ovs-vswitchd.service start operation timed out. Terminating.
The 5 minutes setting has been observed to work on a system where 400G
of hugepages were allocated.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Markos Chandras <mchandras@suse.de>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The policy is to use %files to track installed files.
If %files is not used the resulting file is not owned by any package.
Before this commit:
# rpm -qf /usr/lib/ocf/resource.d/ovn/ovndb-servers
file /usr/lib/ocf/resource.d/ovn/ovndb-servers is not owned by any package
After this commit:
# rpm -qf /usr/lib/ocf/resource.d/ovn/ovndb-servers
openvswitch-ovn-common-2.7.90-1.fc26.x86_64
Fixes: a4245b7869c8 ("ovn: Add ovn db servers ocf script in fedora packager")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The Open vSwitch log directory and files are currently set world readable.
However, since only Open vSwitch users and processes need to access this
directory and these files there is no need to allow the world to access them,
since it can result in the exposure of sensitive information.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible to race with the udev service, such that dpdk ports are
not finished being bound until after ovs-vswitchd has been started.
This means that attempts to use the port will fail. While it is
possible to work around this for some NICs using port hotplug, not all
port types are supported (for instance vfio), and it requires manual
intervention.
Fixes: 36af136b690c ("rhel-systemd: Delay shutting down the services")
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1397299
Suggested-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Tested-by: Karthik Sundaravel <ksundara@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the db lockfile will cause the openvswitch directory to
linger after uninstall because the rpm database isn't aware that it
should be treated as part of the system. This commit informs the rpmdb
properly as a 'ghost' so that when the package is uninstalled, it will
be removed automatically. This means that if no extra files exist in
/etc/openvswitch, the whole directory will be removed from /etc/.
Acked-by: Flavio Leitner <fbl@sysclose.org>
Reviewed-by: Markos Chandras <mchandra@suse.de>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
| |
Fixes: 55f36be59122 ("rhel: Firewall service files for OVN.")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Miguel Angel Ajo <majopela@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the equivalent change of 2f4f43bfddfd ("rhel: fix the fedora
spec") for the regular openvswitch.spec. From that patch:
When commit d0c961a99f57 ("lib/automake.mk: don't install runtime
directories") landed, it broke RPM based builds since the requisite
directories were no longer available. This commit adds those
directories back when making RPMs so that the packagemanager can see
them.
Fixes: d0c961a99f57 ("lib/automake.mk: don't install runtime directories")
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Greg Rose <gvrose8192@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Similar to commit 5771f4765734 ("fedora: do not restart the
service on a pkg upgrade"), this change eliminates the
automatic restart of OVN services after upgrade.
Note that the post-uninstall scriptlet affected by this change
is executed from the previously installed package when upgrading,
so existing installations need to go through two package upgrades
before this change will take effect.
Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Russell Bryant <rbryant@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RPM build makefile targets are helpful during development and testing,
but I personally almost never want the tests to run when I use them.
Leave tests on by default in the spec file for when the package is built by
distro build systems, but disable it by default in the Makefile targets and
update the documentation accordingly.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Lance Richardson <lrichard@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When commit d0c961a99f57 ("lib/automake.mk: don't install
runtime directories") landed, it broke RPM based builds since
the requisite directories were no longer available. This commit
adds those directories back when making RPMs so that the package
manager can see them.
Fixes: d0c961a99f57 ("lib/automake.mk: don't install runtime directories")
Reported-by: Lance Richardson <lrichard@redhat.com>
Tested-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Russell Bryant <rbryant@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The python-sphinx package is now required in order to build
man pages, add this package as a build requirement.
Reported-by: Leif Madsen <lmadsen@redhat.com>
Signed-off-by: Lance Richardson <lrichard@redhat.com>
Acked-By: Leif Madsen <lmadsen@redhat.com>
Tested-By: Leif Madsen <lmadsen@redhat.com>
Signed-off-by: Russell Bryant <rbryant@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Otherwise, through the "make rpm-fedora" build fedora package will be error:
error: Installed (but unpackaged) file(s) found:
/usr/bin/ovn-detrace
/usr/share/man/man1/ovn-detrace.1.gz
Signed-off-by: Guoshuai Li <ligs@dtdream.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|