Re: [ovs-dev] [RFC] lib/automake.mk: remove runtime directories
On Tue, Mar 21, 2017 at 02:20:30PM -0400, Aaron Conole wrote: > Aaron Conole writes: > > > The Open vSwitch run, log, and DB directories are installed as part of the > > normal `make install` process. However, this means they are created with > > user and group ownership that may conflict with the desired user. For > > example, running `make install` as root will install those files as > > root:root, whereas the runtime user desired may be openvswitch:openvswitch. > > > > Since these directories are automatically created as part of the ovs-ctl > > command, and with the correct user:group permissions, it makes sense to > > delay creation until these directories are actually required. > > > > Signed-off-by: Aaron Conole > > --- > > I was about to submit this with a fixup to the rhel side, but I dug into > an older mailing list discussion where at least it seems like Ben wanted > the make install to create these runtime directories[1], presumably to > alleviate concerns with adding these mkdir type directives to each > distro. > > I'm not sure how best to proceed with this effort, since I want to > enable non-root ovs 'out of the box'. If that has to be done > distro-specific (and I should simply modify the .spec file for this), > then that may be acceptable for me. I think the issue encountered in > [1] is due to not using ovs-ctl to start the daemons. Perhaps it will > still be required from the fedora side to create these directories - I'm > not sure. > > Thoughts? > > 1: https://mail.openvswitch.org/pipermail/ovs-dev/2013-July/273197.html I'm OK with making ovs-ctl the primary way to create the directories, if we document in Documentation/intro/install/general.rst how to use ovs-ctl. Currently we only document there how to start all the daemons by hand; that once made sense but it seems dated now. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [RFC] lib/automake.mk: remove runtime directories
Flavio Leitner writes: > On Wed, Mar 22, 2017 at 12:43:29PM -0400, Eric Garver wrote: >> On Tue, Mar 21, 2017 at 02:20:30PM -0400, Aaron Conole wrote: >> > Aaron Conole writes: >> > >> > > The Open vSwitch run, log, and DB directories are installed as part of >> > > the >> > > normal `make install` process. However, this means they are created with >> > > user and group ownership that may conflict with the desired user. For >> > > example, running `make install` as root will install those files as >> > > root:root, whereas the runtime user desired may be >> > > openvswitch:openvswitch. >> > > >> > > Since these directories are automatically created as part of the ovs-ctl >> > > command, and with the correct user:group permissions, it makes sense to >> > > delay creation until these directories are actually required. >> > > >> > > Signed-off-by: Aaron Conole >> > > --- >> > >> > I was about to submit this with a fixup to the rhel side, but I dug into >> > an older mailing list discussion where at least it seems like Ben wanted >> > the make install to create these runtime directories[1], presumably to >> > alleviate concerns with adding these mkdir type directives to each >> > distro. >> > >> > I'm not sure how best to proceed with this effort, since I want to >> > enable non-root ovs 'out of the box'. If that has to be done >> > distro-specific (and I should simply modify the .spec file for this), >> > then that may be acceptable for me. I think the issue encountered in >> > [1] is due to not using ovs-ctl to start the daemons. Perhaps it will >> > still be required from the fedora side to create these directories - I'm >> > not sure. >> > >> > Thoughts? >> > >> > 1: https://mail.openvswitch.org/pipermail/ovs-dev/2013-July/273197.html >> >> Seems the perm changes should be part of the distro specific stuff. >> Don't they also have to create the users/groups? > > They seem to be two separate problems. If an user is using "make > install", most probably it needs to be root anyways and who knows > which user he/she wants to use. True - but that means after installing with `make install`, doing something like: useradd openvswitch && /path/to/ovs-ctl --ovs-user='openvswitch:nobody' start will encounter errors related to the installed directories. The user can go ahead and change those permissions. Maybe that is the approach that makes the most sense. > On a distribution level, it doesn't matter much what make install does > because RPM can fix permissions, create a standard user/groups, fix the > initialization, and so on. I think that's probably going to be the avenue I continue to pursue in this effort. I was trying to be as generic as possible, but probably this case needs to be fixed up on a per-distribution (and even operating system) basis. Thanks for the feedback, Flavio and Eric! ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [RFC] lib/automake.mk: remove runtime directories
On Wed, Mar 22, 2017 at 12:43:29PM -0400, Eric Garver wrote: > On Tue, Mar 21, 2017 at 02:20:30PM -0400, Aaron Conole wrote: > > Aaron Conole writes: > > > > > The Open vSwitch run, log, and DB directories are installed as part of the > > > normal `make install` process. However, this means they are created with > > > user and group ownership that may conflict with the desired user. For > > > example, running `make install` as root will install those files as > > > root:root, whereas the runtime user desired may be > > > openvswitch:openvswitch. > > > > > > Since these directories are automatically created as part of the ovs-ctl > > > command, and with the correct user:group permissions, it makes sense to > > > delay creation until these directories are actually required. > > > > > > Signed-off-by: Aaron Conole > > > --- > > > > I was about to submit this with a fixup to the rhel side, but I dug into > > an older mailing list discussion where at least it seems like Ben wanted > > the make install to create these runtime directories[1], presumably to > > alleviate concerns with adding these mkdir type directives to each > > distro. > > > > I'm not sure how best to proceed with this effort, since I want to > > enable non-root ovs 'out of the box'. If that has to be done > > distro-specific (and I should simply modify the .spec file for this), > > then that may be acceptable for me. I think the issue encountered in > > [1] is due to not using ovs-ctl to start the daemons. Perhaps it will > > still be required from the fedora side to create these directories - I'm > > not sure. > > > > Thoughts? > > > > 1: https://mail.openvswitch.org/pipermail/ovs-dev/2013-July/273197.html > > Seems the perm changes should be part of the distro specific stuff. > Don't they also have to create the users/groups? They seem to be two separate problems. If an user is using "make install", most probably it needs to be root anyways and who knows which user he/she wants to use. On a distribution level, it doesn't matter much what make install does because RPM can fix permissions, create a standard user/groups, fix the initialization, and so on. -- Flavio ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [RFC] lib/automake.mk: remove runtime directories
On Tue, Mar 21, 2017 at 02:20:30PM -0400, Aaron Conole wrote: > Aaron Conole writes: > > > The Open vSwitch run, log, and DB directories are installed as part of the > > normal `make install` process. However, this means they are created with > > user and group ownership that may conflict with the desired user. For > > example, running `make install` as root will install those files as > > root:root, whereas the runtime user desired may be openvswitch:openvswitch. > > > > Since these directories are automatically created as part of the ovs-ctl > > command, and with the correct user:group permissions, it makes sense to > > delay creation until these directories are actually required. > > > > Signed-off-by: Aaron Conole > > --- > > I was about to submit this with a fixup to the rhel side, but I dug into > an older mailing list discussion where at least it seems like Ben wanted > the make install to create these runtime directories[1], presumably to > alleviate concerns with adding these mkdir type directives to each > distro. > > I'm not sure how best to proceed with this effort, since I want to > enable non-root ovs 'out of the box'. If that has to be done > distro-specific (and I should simply modify the .spec file for this), > then that may be acceptable for me. I think the issue encountered in > [1] is due to not using ovs-ctl to start the daemons. Perhaps it will > still be required from the fedora side to create these directories - I'm > not sure. > > Thoughts? > > 1: https://mail.openvswitch.org/pipermail/ovs-dev/2013-July/273197.html Seems the perm changes should be part of the distro specific stuff. Don't they also have to create the users/groups? ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [RFC] lib/automake.mk: remove runtime directories
Aaron Conole writes: > The Open vSwitch run, log, and DB directories are installed as part of the > normal `make install` process. However, this means they are created with > user and group ownership that may conflict with the desired user. For > example, running `make install` as root will install those files as > root:root, whereas the runtime user desired may be openvswitch:openvswitch. > > Since these directories are automatically created as part of the ovs-ctl > command, and with the correct user:group permissions, it makes sense to > delay creation until these directories are actually required. > > Signed-off-by: Aaron Conole > --- I was about to submit this with a fixup to the rhel side, but I dug into an older mailing list discussion where at least it seems like Ben wanted the make install to create these runtime directories[1], presumably to alleviate concerns with adding these mkdir type directives to each distro. I'm not sure how best to proceed with this effort, since I want to enable non-root ovs 'out of the box'. If that has to be done distro-specific (and I should simply modify the .spec file for this), then that may be acceptable for me. I think the issue encountered in [1] is due to not using ovs-ctl to start the daemons. Perhaps it will still be required from the fedora side to create these directories - I'm not sure. Thoughts? 1: https://mail.openvswitch.org/pipermail/ovs-dev/2013-July/273197.html ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [RFC] lib/automake.mk: remove runtime directories
Markos Chandras writes: > Hi Aaron, > > On 03/09/2017 03:35 PM, Aaron Conole wrote: >> The Open vSwitch run, log, and DB directories are installed as part of the >> normal `make install` process. However, this means they are created with >> user and group ownership that may conflict with the desired user. For >> example, running `make install` as root will install those files as >> root:root, whereas the runtime user desired may be openvswitch:openvswitch. >> >> Since these directories are automatically created as part of the ovs-ctl >> command, and with the correct user:group permissions, it makes sense to >> delay creation until these directories are actually required. >> >> Signed-off-by: Aaron Conole > > It looks reasonable to me. Thanks! > > Reviewed-by: Markos Chandras Thanks Markos. I'm planning on submitting this as a full PATCH once I've double checked that it doesn't break any of my existing test scripts and rpm builds. -Aaron ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [RFC] lib/automake.mk: remove runtime directories
Hi Aaron, On 03/09/2017 03:35 PM, Aaron Conole wrote: > The Open vSwitch run, log, and DB directories are installed as part of the > normal `make install` process. However, this means they are created with > user and group ownership that may conflict with the desired user. For > example, running `make install` as root will install those files as > root:root, whereas the runtime user desired may be openvswitch:openvswitch. > > Since these directories are automatically created as part of the ovs-ctl > command, and with the correct user:group permissions, it makes sense to > delay creation until these directories are actually required. > > Signed-off-by: Aaron Conole It looks reasonable to me. Thanks! Reviewed-by: Markos Chandras -- markos SUSE LINUX GmbH | GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) Maxfeldstr. 5, D-90409, Nürnberg ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
