When ovsdb-server is starting, it performs some DB steps such as creating and upgrading the OvS DB. When we are running as 'non-root' user, the 'runuser' tool is used to manage the privileges. However, when this happens during systemd boot, we observe the following errors in journald:
Jun 21 07:32:57 virt systemd[1]: session-c1.scope: Failed to add PIDs to scope's control group: No such process Jun 21 07:32:57 virt systemd[1]: Failed to start Session c1 of user openvswitch. Jun 21 07:32:57 virt systemd[1]: session-c1.scope: Unit entered failed state. According to the analysis performed on openSUSE bugzilla[1], it seems that ovsdb-server.service creates (via the call to runuser) a user session and therefore call pam_systemd which in its turn tries to start a systemd user instance: "user@474.service". However "user@474.service" is supposed to be started after systemd-user-sessions.service which is supposed to be started after network.target. Additionally, ovsdb-server.service uses Before=network.target hence the deadlock. We can workaround this by switching to 'root' user when we are performing this pre-startup steps and fixup the DB permissions before we start the actual ovsdb-server daemon. [1]: https://bugzilla.suse.com/show_bug.cgi?id=1098630 Cc: Aaron Conole <acon...@redhat.com> Signed-off-by: Markos Chandras <mchand...@suse.de> --- Probably not the cleanest option so I am open to suggestions :) --- utilities/ovs-ctl.in | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in index 43c8f32b7..588f546fe 100755 --- a/utilities/ovs-ctl.in +++ b/utilities/ovs-ctl.in @@ -109,9 +109,15 @@ do_start_ovsdb () { if daemon_is_running ovsdb-server; then log_success_msg "ovsdb-server is already running" else - # Create initial database or upgrade database schema. - upgrade_db $DB_FILE $DB_SCHEMA || return 1 - + # Create initial database or upgrade database schema. The runuser calls + # in ovsdb_tool function will fail on system startup so we need to run + # as root and fix permissions later on. + [ "$OVS_USER" != "" ] && OVS_USER_OVSDB=${OVS_USER} + OVS_USER="" upgrade_db $DB_FILE $DB_SCHEMA || return 1 + if [ ! -z "${OVS_USER_OVSDB+x}" ]; then + OVS_USER=${OVS_USER_OVSDB} + chown -R "$OVS_USER" $etcdir $dbdir + fi # Start ovsdb-server. set ovsdb-server "$DB_FILE" for db in $EXTRA_DBS; do -- 2.18.0 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev