Re: [ovs-dev] [PATCH] sandbox: ovn rbac support for sandbox environment
On Tue, Jun 13, 2017 at 1:24 PM, Ben Pfaff wrote: > On Tue, Jun 13, 2017 at 01:13:31PM -0400, Russell Bryant wrote: >> On Mon, Jun 12, 2017 at 6:42 PM, Lance Richardson >> wrote: >> > Enable OVN_Southbound RBAC by default in the sandbox environment, >> > provide a new option "--no-ovn-rbac" to disable it. >> > >> > Signed-off-by: Lance Richardson >> > --- >> > tutorial/ovs-sandbox | 17 + >> > 1 file changed, 13 insertions(+), 4 deletions(-) >> >> Thanks for the patch. It seems to work fine for me. I applied this to >> master. >> >> I noticed that the backup southbound database is generating a lot of >> errors in the log, though it's unrelated to this patch. I believe it >> was caused by the earlier patch to make ovs-sandbox use SSL by >> default. >> >> 2017-06-13T17:04:07.433Z|7|socket_util|ERR|6642: bind: Address >> already in use >> 2017-06-13T17:04:07.433Z|8|ovsdb_jsonrpc_server|ERR|pssl:6642: >> listen failed: Address already in use >> >> I'm not sure the best way to clean this up. Perhaps we could just run >> each southbound db in its own net namespace. > > Maybe run it on a different port? I was thinking it wouldn't work because we're setting up the ssl connection in the OVN_Southbound db, which is replicated between the two, so they're both trying to listen on the same port. If we can set up the connection only as command line args instead of through the db, a different port would work. -- Russell Bryant ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] sandbox: ovn rbac support for sandbox environment
> From: "Russell Bryant" > To: "Lance Richardson" > Cc: "ovs dev" > Sent: Tuesday, 13 June, 2017 1:13:31 PM > Subject: Re: [ovs-dev] [PATCH] sandbox: ovn rbac support for sandbox > environment > > On Mon, Jun 12, 2017 at 6:42 PM, Lance Richardson > wrote: > > Enable OVN_Southbound RBAC by default in the sandbox environment, > > provide a new option "--no-ovn-rbac" to disable it. > > > > Signed-off-by: Lance Richardson > > --- > > tutorial/ovs-sandbox | 17 + > > 1 file changed, 13 insertions(+), 4 deletions(-) > > Thanks for the patch. It seems to work fine for me. I applied this to > master. > > I noticed that the backup southbound database is generating a lot of > errors in the log, though it's unrelated to this patch. I believe it > was caused by the earlier patch to make ovs-sandbox use SSL by > default. > > 2017-06-13T17:04:07.433Z|7|socket_util|ERR|6642: bind: Address > already in use > 2017-06-13T17:04:07.433Z|8|ovsdb_jsonrpc_server|ERR|pssl:6642: > listen failed: Address already in use > I see.. before SSL was enabled, a separate AF_UNIX socket was used for each southbound db, with SSL enabled we do have a collision. It's not clear to me what you can do with the backup db in the sandbox environment other than use ovn-sbctl to inspect its contents as mentioned in the script. If that's it, maybe we could simply remove this option when starting the backup ovsdb-server (the AF_UNIX socket is still available): --remote=db:OVN_Southbound,SB_Global,connections \ > I'm not sure the best way to clean this up. Perhaps we could just run > each southbound db in its own net namespace. Hopefully we can find a way that avoids needing administrative privileges... > > -- > Russell Bryant > ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] sandbox: ovn rbac support for sandbox environment
On Tue, Jun 13, 2017 at 01:13:31PM -0400, Russell Bryant wrote: > On Mon, Jun 12, 2017 at 6:42 PM, Lance Richardson wrote: > > Enable OVN_Southbound RBAC by default in the sandbox environment, > > provide a new option "--no-ovn-rbac" to disable it. > > > > Signed-off-by: Lance Richardson > > --- > > tutorial/ovs-sandbox | 17 + > > 1 file changed, 13 insertions(+), 4 deletions(-) > > Thanks for the patch. It seems to work fine for me. I applied this to > master. > > I noticed that the backup southbound database is generating a lot of > errors in the log, though it's unrelated to this patch. I believe it > was caused by the earlier patch to make ovs-sandbox use SSL by > default. > > 2017-06-13T17:04:07.433Z|7|socket_util|ERR|6642: bind: Address > already in use > 2017-06-13T17:04:07.433Z|8|ovsdb_jsonrpc_server|ERR|pssl:6642: > listen failed: Address already in use > > I'm not sure the best way to clean this up. Perhaps we could just run > each southbound db in its own net namespace. Maybe run it on a different port? ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH] sandbox: ovn rbac support for sandbox environment
On Mon, Jun 12, 2017 at 6:42 PM, Lance Richardson wrote: > Enable OVN_Southbound RBAC by default in the sandbox environment, > provide a new option "--no-ovn-rbac" to disable it. > > Signed-off-by: Lance Richardson > --- > tutorial/ovs-sandbox | 17 + > 1 file changed, 13 insertions(+), 4 deletions(-) Thanks for the patch. It seems to work fine for me. I applied this to master. I noticed that the backup southbound database is generating a lot of errors in the log, though it's unrelated to this patch. I believe it was caused by the earlier patch to make ovs-sandbox use SSL by default. 2017-06-13T17:04:07.433Z|7|socket_util|ERR|6642: bind: Address already in use 2017-06-13T17:04:07.433Z|8|ovsdb_jsonrpc_server|ERR|pssl:6642: listen failed: Address already in use I'm not sure the best way to clean this up. Perhaps we could just run each southbound db in its own net namespace. -- Russell Bryant ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev