Re: [ovs-discuss] ovsdb-server unix socket permission
> -Original Message- > From: Matthew Booth > Sent: Saturday, August 22, 2020 3:12 PM > To: Tony Liu > Cc: ovs-discuss@openvswitch.org; ovs-dev > Subject: Re: [ovs-discuss] ovsdb-server unix socket permission > > On Fri, 21 Aug 2020 at 20:40, Tony Liu wrote: > > > > Hi, > > > > The ovsdb-server UNIX socket permission is 0750. It works fine for OVS > > services, like ovs-vswitchd and ovn-controller who run as root. > > > > When integrate with OpenStack, neutron-ovn-metadata-agent running as > > user "neutron" needs to connect to ovsdb-server. > > TCP connection works fine. But, since it's local connection, it would > > be better to use UNIX socket to get better performance and avoid > > inactivity probe. > > Are you still using RAFT? If so I think you must connect to all tcp > endpoints, or leader-only operations will execute on the wrong node. I > know that locking specifically doesn't work unless all clients pick the > same node to lock on, which means they must all be connected to all > nodes. It has nothing to do with RAFT. This is the connection to local ovsdb-server on compute node. > > So, is there any option for ovsdb-server to create UNIX socket with > > permission 0777? Or any better option for the agent to connect to UNIX > > socket? > > Assuming you're not using RAFT, can you workaround by just chowning it? Yes, I can, then the caveat is that, since the socket is owned by ovsdb-server, when it restarts, the socket will be recreated and chown change will be lost. Thanks! Tony > > Matt > -- > Matthew Booth > Red Hat OpenStack Engineer, Compute DFG > > Phone: +442070094448 (UK) ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] ovsdb-server unix socket permission
On Fri, 21 Aug 2020 at 20:40, Tony Liu wrote: > > Hi, > > The ovsdb-server UNIX socket permission is 0750. It works > fine for OVS services, like ovs-vswitchd and ovn-controller > who run as root. > > When integrate with OpenStack, neutron-ovn-metadata-agent > running as user "neutron" needs to connect to ovsdb-server. > TCP connection works fine. But, since it's local connection, > it would be better to use UNIX socket to get better performance > and avoid inactivity probe. Are you still using RAFT? If so I think you must connect to all tcp endpoints, or leader-only operations will execute on the wrong node. I know that locking specifically doesn't work unless all clients pick the same node to lock on, which means they must all be connected to all nodes. > So, is there any option for ovsdb-server to create UNIX socket > with permission 0777? Or any better option for the agent to > connect to UNIX socket? Assuming you're not using RAFT, can you workaround by just chowning it? Matt -- Matthew Booth Red Hat OpenStack Engineer, Compute DFG Phone: +442070094448 (UK) ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] ovsdb-server unix socket permission
Hi, The ovsdb-server UNIX socket permission is 0750. It works fine for OVS services, like ovs-vswitchd and ovn-controller who run as root. When integrate with OpenStack, neutron-ovn-metadata-agent running as user "neutron" needs to connect to ovsdb-server. TCP connection works fine. But, since it's local connection, it would be better to use UNIX socket to get better performance and avoid inactivity probe. So, is there any option for ovsdb-server to create UNIX socket with permission 0777? Or any better option for the agent to connect to UNIX socket? Thanks! Tony ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss