mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-09-01 06:45:17 +00:00
Code Issues Releases Wiki Activity

rhel: run ovn with the same user as ovs

Browse Source 
Both ovn and ovs share the same log and run directories which are owned
by the user running ovs so it makes sense that ovn runs under that user
too to diminish security concerns and possible problems with log rotation.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This commit is contained in:
Jaime Caamaño Ruiz
2019-05-08 13:53:48 +02:00
committed by Ben Pfaff
parent 27e25e18c1
commit 94e1e8be31
5 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rhel/usr_lib_systemd_system_ovn-controller-vtep.service
View File

@@ -39,8 +39,10 @@ Restart=on-failure
Environment=OVN_DB=unix:%t/openvswitch/ovnsb_db.sock Environment=OVN_DB=unix:%t/openvswitch/ovnsb_db.sock
Environment=VTEP_DB=unix:%t/openvswitch/db.sock Environment=VTEP_DB=unix:%t/openvswitch/db.sock
EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep
EnvironmentFile=/run/openvswitch.useropts
ExecStart=/usr/share/openvswitch/scripts/ovn-ctl \ ExecStart=/usr/share/openvswitch/scripts/ovn-ctl \
--db-sb-sock=${OVN_DB} --db-sock=${VTEP_DB} \ --db-sb-sock=${OVN_DB} --db-sock=${VTEP_DB} \
--ovn-user=${OVS_USER_ID} \
start_controller_vtep start_controller_vtep
ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_controller_vtep ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_controller_vtep

2
rhel/usr_lib_systemd_system_ovn-controller.service
View File

@@ -24,7 +24,9 @@ Type=forking
PIDFile=/var/run/openvswitch/ovn-controller.pid PIDFile=/var/run/openvswitch/ovn-controller.pid
Restart=on-failure Restart=on-failure
EnvironmentFile=-/etc/sysconfig/ovn-controller EnvironmentFile=-/etc/sysconfig/ovn-controller
EnvironmentFile=/run/openvswitch.useropts
ExecStart=/usr/share/openvswitch/scripts/ovn-ctl --no-monitor \ ExecStart=/usr/share/openvswitch/scripts/ovn-ctl --no-monitor \
--ovn-user=${OVS_USER_ID} \
start_controller $OVN_CONTROLLER_OPTS start_controller $OVN_CONTROLLER_OPTS
ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_controller ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_controller

6
rhel/usr_lib_systemd_system_ovn-northd.service
View File

@@ -24,7 +24,11 @@ Type=oneshot
RemainAfterExit=yes RemainAfterExit=yes
Environment=OVS_RUNDIR=%t/openvswitch OVS_DBDIR=/var/lib/openvswitch Environment=OVS_RUNDIR=%t/openvswitch OVS_DBDIR=/var/lib/openvswitch
EnvironmentFile=-/etc/sysconfig/ovn-northd EnvironmentFile=-/etc/sysconfig/ovn-northd
ExecStart=/usr/share/openvswitch/scripts/ovn-ctl start_northd $OVN_NORTHD_OPTS EnvironmentFile=/run/openvswitch.useropts
ExecStartPre=/usr/bin/chown -R ${OVS_USER_ID} ${OVS_DBDIR}
ExecStart=/usr/share/openvswitch/scripts/ovn-ctl \
--ovs-user=${OVS_USER_ID} --ovn-user=${OVS_USER_ID} \
start_northd $OVN_NORTHD_OPTS
ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_northd ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_northd
[Install] [Install]

4
rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
View File

@@ -22,11 +22,11 @@ ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
@end_dpdk@ @end_dpdk@
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
--no-ovsdb-server --no-monitor --system-id=random \ --no-ovsdb-server --no-monitor --system-id=random \
${OVSUSER} \ ${OVS_USER_OPT} \
start $OPTIONS start $OPTIONS
ExecStop=/usr/share/openvswitch/scripts/ovs-ctl --no-ovsdb-server stop ExecStop=/usr/share/openvswitch/scripts/ovs-ctl --no-ovsdb-server stop
ExecReload=/usr/share/openvswitch/scripts/ovs-ctl --no-ovsdb-server \ ExecReload=/usr/share/openvswitch/scripts/ovs-ctl --no-ovsdb-server \
--no-monitor --system-id=random \ --no-monitor --system-id=random \
${OVSUSER} \ ${OVS_USER_OPT} \
restart $OPTIONS restart $OPTIONS
TimeoutSec=300 TimeoutSec=300

9
rhel/usr_lib_systemd_system_ovsdb-server.service
View File

@@ -12,15 +12,16 @@ Restart=on-failure
EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=/etc/openvswitch/default.conf
EnvironmentFile=-/etc/sysconfig/openvswitch EnvironmentFile=-/etc/sysconfig/openvswitch
ExecStartPre=/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch ExecStartPre=/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch
ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVSUSER=--ovs-user=${OVS_USER_ID}" > /run/openvswitch.useropts; fi' ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; /usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts'
EnvironmentFile=-/run/openvswitch.useropts ExecStartPre=/bin/sh -c 'if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVS_USER_OPT=--ovs-user=${OVS_USER_ID}" >> /run/openvswitch.useropts; fi'
EnvironmentFile=/run/openvswitch.useropts
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
--no-ovs-vswitchd --no-monitor --system-id=random \ --no-ovs-vswitchd --no-monitor --system-id=random \
${OVSUSER} \ ${OVS_USER_OPT} \
start $OPTIONS start $OPTIONS
ExecStop=/usr/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd stop ExecStop=/usr/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd stop
ExecReload=/usr/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd \ ExecReload=/usr/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd \
${OVSUSER} \ ${OVS_USER_OPT} \
--no-monitor restart $OPTIONS --no-monitor restart $OPTIONS
RuntimeDirectory=openvswitch RuntimeDirectory=openvswitch
RuntimeDirectoryMode=0755 RuntimeDirectoryMode=0755