On Thu, Feb 11, 2021 at 4:59 PM Frode Nordahl <frode.nord...@canonical.com> wrote: > > Thank you Pedro, > > We built a test package [0] with this patch and received confirmation > it solved the problem. > > Acked-by: Frode Nordahl <frode.nord...@canonical.com>
Thanks for the patch. I applied this patch to master. Numan > > 0: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1914988 > > > On Thu, Feb 11, 2021 at 10:55 AM Pedro Guimaraes > <pedro.guimar...@canonical.com> wrote: > > > > If RBAC and IGMP snooping are enabled, ovn-controllers need to > > be able to register new entries to table IGMP_Group as requests > > are detected. > > > > For that, ovn-controllers need to have read/write access to > > IGMP_Group table. > > > > Signed-off-by: Pedro Guimaraes <pedro.guimar...@canonical.com> > > Reported-at: https://github.com/ovn-org/ovn/issues/77 > > --- > > northd/ovn-northd.c | 12 ++++++++++++ > > ovn-architecture.7.xml | 16 ++++++++++++++++ > > 2 files changed, 28 insertions(+) > > > > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c > > index b2b5f6a1b..39d798782 100644 > > --- a/northd/ovn-northd.c > > +++ b/northd/ovn-northd.c > > @@ -13009,6 +13009,10 @@ static const char *rbac_svc_monitor_auth[] = > > {""}; > > static const char *rbac_svc_monitor_auth_update[] = > > {"status"}; > > +static const char *rbac_igmp_group_auth[] = > > + {""}; > > +static const char *rbac_igmp_group_update[] = > > + {"address", "chassis", "datapath", "ports"}; > > > > static struct rbac_perm_cfg { > > const char *table; > > @@ -13067,6 +13071,14 @@ static struct rbac_perm_cfg { > > .update = rbac_svc_monitor_auth_update, > > .n_update = ARRAY_SIZE(rbac_svc_monitor_auth_update), > > .row = NULL > > + },{ > > + .table = "IGMP_Group", > > + .auth = rbac_igmp_group_auth, > > + .n_auth = ARRAY_SIZE(rbac_igmp_group_auth), > > + .insdel = true, > > + .update = rbac_igmp_group_update, > > + .n_update = ARRAY_SIZE(rbac_igmp_group_update), > > + .row = NULL > > },{ > > .table = NULL, > > .auth = NULL, > > diff --git a/ovn-architecture.7.xml b/ovn-architecture.7.xml > > index e5c9f9549..0eef9b739 100644 > > --- a/ovn-architecture.7.xml > > +++ b/ovn-architecture.7.xml > > @@ -2597,6 +2597,22 @@ > > modified by ovn-controller. > > </p> > > </dd> > > + > > + <dt><code>IGMP_Group</code></dt> > > + <dd> > > + <p> > > + <code>Authorization</code>: disabled (all clients are considered > > + to be authorized). > > + </p> > > + <p> > > + <code>Insert/Delete</code>: row insertion/deletion are permitted. > > + </p> > > + <p> > > + <code>Update</code>: The columns <code>address</code>, > > + <code>chassis</code>, <code>datapath</code>, and > > + <code>ports</code> may be modified by ovn-controller. > > + </p> > > + </dd> > > </dl> > > > > <p> > > -- > > 2.30.0 > > > > _______________________________________________ > > dev mailing list > > d...@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > > -- > Frode Nordahl > _______________________________________________ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
