This series attempts to introduce the ability to start and use Open vSwitch 'out of the box' as a non-root user. It does this by modifying the service files to pass the recently introduced --ovs-user argument around, and by making some minor tweaks to the passwd, group, and filesystem information.
I prefixed the packaging work with 'redhat', but if rpm or packaging is a preferred prefx for that work, I can respin. The more controversial changes are: * This modifies the /etc/sysconfig/ file on install. * The dpdk support directly modifies /dev/hugepages with a call to chmod * A new user 'openvswitch', and up to two new groups 'openvswitch', and 'hugetlbfs' are created * A change to soexpand.pl to allow conditional inclusion of dpdk-related options After this series: > [root at wsfd-netdev60 ~]# yum install openvswitch-2.7.90-1.fc25.x86_64.rpm > Loaded plugins: product-id, search-disabled-repos, subscription-manager > This system is not registered to Red Hat Subscription Management. You can use > subscription-manager to register. > Examining openvswitch-2.7.90-1.fc25.x86_64.rpm: > openvswitch-2.7.90-1.fc25.x86_64 > Marking openvswitch-2.7.90-1.fc25.x86_64.rpm to be installed > Resolving Dependencies > --> Running transaction check > ---> Package openvswitch.x86_64 0:2.7.90-1.fc25 will be installed > --> Finished Dependency Resolution > > Dependencies Resolved > > ================================================================================ > Package Arch Version Repository > Size > ================================================================================ > Installing: > openvswitch x86_64 2.7.90-1.fc25 /openvswitch-2.7.90-1.fc25.x86_64 11 > M > > Transaction Summary > ================================================================================ > Install 1 Package > > Total size: 11 M > Installed size: 11 M > Is this ok [y/d/N]: y > Downloading packages: > Running transaction check > Running transaction test > Transaction test succeeded > Running transaction > Installing : openvswitch-2.7.90-1.fc25.x86_64 > 1/1 > Verifying : openvswitch-2.7.90-1.fc25.x86_64 > 1/1 > > Installed: > openvswitch.x86_64 0:2.7.90-1.fc25 > > > Complete! > [root at wsfd-netdev60 ~]# systemctl start openvswitch > [root at wsfd-netdev60 ~]# ps aux | grep ovs > openvsw+ 12642 0.0 0.0 47864 2296 ? S<s 10:57 0:00 > ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info > --remote=punix:/var/run/openvswitch/db.sock > --private-key=db:Open_vSwitch,SSL,private_key > --certificate=db:Open_vSwitch,SSL,certificate > --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --user > openvswitch:openvswitch --no-chdir > --log-file=/var/log/openvswitch/ovsdb-server.log > --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach > openvsw+ 12688 0.0 0.0 49588 10600 ? S<Ls 10:57 0:00 > ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err > -vfile:info --mlockall --user openvswitch:openvswitch --no-chdir > --log-file=/var/log/openvswitch/ovs-vswitchd.log > --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach v1->v2: https://lists.linux-foundation.org/pipermail/ovs-dev/2017-June/333417.html The previous method used 3 different locations of configuration from environment variables: 1. The systemd file. 2. A new /etc/sysconfig/openvswitch-pre 3. The existing /etc/sysconfig/openvswitch Now, configuration is from two areas: 1. A new /etc/openvswitch/default.conf 2. The existing /etc/sysconfig/openvswitch As part of the install, we set the OVS_USER_ID to the new values. Additionally, for this series, the bugfixes were submitted separately. NOTE: Limited to no upgrade testing was performed. That is on my TODO list, and I'm currently conducting that effort. CC: Timothy Redaelli <tredae...@redhat.com> CC: Flavio Leitner <f...@sysclose.org> CC: Ansis Atteka <aatt...@ovn.org> CC: Markos Chandras <mchand...@suse.de> Aaron Conole (4): redhat: allow arbitrary user:group redhat: dynamically allocate and reference ovs user dpdkstrip: add a preprocessor tool for stripping dpdk blocks redhat: allow dpdk to also run as non-root user Makefile.am | 5 ++++ build-aux/dpdkstrip.pl | 35 ++++++++++++++++++++++ rhel/.gitignore | 1 + rhel/automake.mk | 4 ++- rhel/etc_openvswitch_default.conf | 5 ++++ rhel/openvswitch-fedora.spec.in | 30 +++++++++++++++++++ ...usr_lib_systemd_system_ovs-vswitchd.service.in} | 7 +++++ rhel/usr_lib_systemd_system_ovsdb-server.service | 4 +++ ..._openvswitch_scripts_systemd_sysconfig.template | 3 ++ 9 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 build-aux/dpdkstrip.pl create mode 100644 rhel/etc_openvswitch_default.conf rename rhel/{usr_lib_systemd_system_ovs-vswitchd.service => usr_lib_systemd_system_ovs-vswitchd.service.in} (75%) -- 2.9.4 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
