diff --git a/rhel/automake.mk b/rhel/automake.mk index 39e216b015..a46e6579b3 100644 --- a/rhel/automake.mk +++ b/rhel/automake.mk @@ -15,7 +15,8 @@ EXTRA_DIST += \ rhel/usr_lib_systemd_system_ovn-controller-vtep.service \ rhel/usr_lib_systemd_system_ovn-northd.service \ rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \ - rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml + rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \ + rhel/usr_share_ovn_scripts_systemd_sysconfig.template update_rhel_spec = \ $(AM_V_GEN)($(ro_shell) && sed -e 's,[@]VERSION[@],$(VERSION),g') \ diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in index cbca87511d..14035de9aa 100644 --- a/rhel/ovn-fedora.spec.in +++ b/rhel/ovn-fedora.spec.in @@ -186,6 +186,10 @@ make %{?_smp_mflags} rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT +install -p -D -m 0644 \ + rhel/usr_share_ovn_scripts_systemd_sysconfig.template \ + $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/ovn + for service in ovn-controller ovn-controller-vtep ovn-northd; do install -p -D -m 0644 \ rhel/usr_lib_systemd_system_${service}.service \ @@ -319,6 +323,14 @@ fi fi %endif +%post +%if %{with libcapng} +if [ $1 -eq 1 ]; then + sed -i 's:^#OVN_USER_ID=:OVN_USER_ID=:' %{_sysconfdir}/sysconfig/ovn + sed -i 's:\(.*su\).*:\1 ovn ovn:' %{_sysconfdir}/logrotate.d/ovn +fi +%endif + %post central %if 0%{?systemd_post:1} %systemd_post ovn-northd.service @@ -413,6 +425,7 @@ if [ $1 -eq 1 ]; then fi %files +%config(noreplace) %{_sysconfdir}/sysconfig/ovn %{_bindir}/ovn-nbctl %{_bindir}/ovn-sbctl %{_bindir}/ovn-trace diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service index 832849488f..09ad0612cc 100644 --- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service +++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service @@ -38,10 +38,12 @@ Restart=on-failure Environment=OVS_RUNDIR=%t/openvswitch Environment=OVN_RUNDIR=%t/ovn Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock +EnvironmentFile=-/etc/sysconfig/ovn Environment=VTEP_DB=unix:%t/openvswitch/db.sock EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep ExecStart=/usr/bin/ovn-controller-vtep -vconsole:emer -vsyslog:err -vfile:info \ --log-file=/var/log/ovn/ovn-controller-vtep.log \ + --ovn-user=${OVN_USER_ID} \ --no-chdir --pidfile=${OVN_RUNDIR}/ovn-controller-vtep.pid \ --ovnsb-db=${OVN_DB} --vtep-db=${VTEP_DB} diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service b/rhel/usr_lib_systemd_system_ovn-controller.service index 6c8f33a270..15d0ac8530 100644 --- a/rhel/usr_lib_systemd_system_ovn-controller.service +++ b/rhel/usr_lib_systemd_system_ovn-controller.service @@ -24,8 +24,10 @@ Type=forking PIDFile=/var/run/ovn/ovn-controller.pid Restart=on-failure Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch +EnvironmentFile=-/etc/sysconfig/ovn EnvironmentFile=-/etc/sysconfig/ovn-controller ExecStart=/usr/share/ovn/scripts/ovn-ctl --no-monitor \ + --ovn-user=${OVN_USER_ID} \ start_controller $OVN_CONTROLLER_OPTS ExecStop=/usr/share/ovn/scripts/ovn-ctl stop_controller diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service b/rhel/usr_lib_systemd_system_ovn-northd.service index 82c23cee4e..d281f861c0 100644 --- a/rhel/usr_lib_systemd_system_ovn-northd.service +++ b/rhel/usr_lib_systemd_system_ovn-northd.service @@ -21,8 +21,11 @@ After=syslog.target Type=oneshot RemainAfterExit=yes Environment=OVN_RUNDIR=%t/ovn OVN_DBDIR=/var/lib/ovn +EnvironmentFile=-/etc/sysconfig/ovn EnvironmentFile=-/etc/sysconfig/ovn-northd -ExecStart=/usr/share/ovn/scripts/ovn-ctl start_northd $OVN_NORTHD_OPTS +ExecStartPre=-/usr/bin/chown -R ${OVN_USER_ID} ${OVN_DBDIR} +ExecStart=/usr/share/ovn/scripts/ovn-ctl \ + --ovn-user=${OVN_USER_ID} start_northd $OVN_NORTHD_OPTS ExecStop=/usr/share/ovn/scripts/ovn-ctl stop_northd [Install] diff --git a/rhel/usr_share_ovn_scripts_systemd_sysconfig.template b/rhel/usr_share_ovn_scripts_systemd_sysconfig.template new file mode 100644 index 0000000000..4543d1bc91 --- /dev/null +++ b/rhel/usr_share_ovn_scripts_systemd_sysconfig.template @@ -0,0 +1,13 @@ +### Configuration options for OVN +# +# Set "nice" priority at which to run ovn-northd: +# --ovn-northd-priority=-10 +# +# Set "nice" priority at which to run ovn-controller: +# --ovn-controller-priority=-10 +# +# +OPTIONS="" + +# Uncomment and set the OVN User/Group value +#OVN_USER_ID="openvswitch:openvswitch" diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl index 6e11bf944b..c955aa1776 100755 --- a/utilities/ovn-ctl +++ b/utilities/ovn-ctl @@ -183,6 +183,18 @@ $cluster_remote_port upgrade_db "$file" "$schema" fi + # Set the owner of the ovn_dbdir (with -R option) to OVN_USER if set. + # This is required because the ovndbs are created with root permission + # if not present when create_cluster/upgrade_db is called. + INSTALL_USER="root" + INSTALL_GROUP="root" + [ "$OVN_USER" != "" ] && INSTALL_USER="${OVN_USER%:*}" + [ "${OVN_USER##*:}" != "" ] && INSTALL_GROUP="${OVN_USER##*:}" + + chown -R $INSTALL_USER:$INSTALL_GROUP $ovn_dbdir + chown -R $INSTALL_USER:$INSTALL_GROUP $OVN_RUNDIR + chown -R $INSTALL_USER:$INSTALL_GROUP $ovn_logdir + set ovsdb-server set "$@" $log --log-file=$logfile set "$@" --remote=punix:$sock --pidfile=$db_pid_file