On Thu, Nov 7, 2019 at 11:20 PM aginwala wrote:
> Thanks Frode for covering that. Added minor comments too your PR and you can
> send formal patch.
Thank you for the review Aliasgar, formal patch sent and it has
already been merged [0][1].
Cheers!
0:
Thanks Frode for covering that. Added minor comments too your PR and you
can send formal patch.
On Thu, Nov 7, 2019 at 2:00 PM Frode Nordahl
wrote:
> fwiw; I proposed this small note earlier this evening:
> https://github.com/ovn-org/ovn/pull/25
>
> tor. 7. nov. 2019, 21:47 skrev Ben
fwiw; I proposed this small note earlier this evening:
https://github.com/ovn-org/ovn/pull/25
tor. 7. nov. 2019, 21:47 skrev Ben Pfaff :
> Sure, anything helps.
>
> On Thu, Nov 07, 2019 at 12:27:44PM -0800, aginwala wrote:
> > Hi Ben:
> >
> > It seems RBAC doc
> >
>
Sure, anything helps.
On Thu, Nov 07, 2019 at 12:27:44PM -0800, aginwala wrote:
> Hi Ben:
>
> It seems RBAC doc
> http://docs.openvswitch.org/en/stable/tutorials/ovn-rbac/#configuring-rbac
> only talks
> about chassis and not mentioning about northd. I can submit a patch to
> update that as a
Hi Ben:
It seems RBAC doc
http://docs.openvswitch.org/en/stable/tutorials/ovn-rbac/#configuring-rbac
only talks
about chassis and not mentioning about northd. I can submit a patch to
update that as a todo for northd and mention the workaround until we add
formal support. Is that ok?
On Thu,
Have we documented this? Should we?
On Thu, Nov 07, 2019 at 10:20:22AM -0800, aginwala wrote:
> Hi:
>
> It is a known fact and have-been discussed before. We use the same
> workaround as you mentioned. Alternatively, you can also set role="" and it
> will work for both northd and ovn-controller
On Thu, Nov 7, 2019 at 7:20 PM aginwala wrote:
> Hi:
>
> It is a known fact and have-been discussed before. We use the same
> workaround as you mentioned. Alternatively, you can also set role="" and it
> will work for both northd and ovn-controller instead of separate listeners
> which is also a
Hi:
It is a known fact and have-been discussed before. We use the same
workaround as you mentioned. Alternatively, you can also set role="" and it
will work for both northd and ovn-controller instead of separate listeners
which is also a security loop-hole. In short, some work is needed here
to
Hello all,
TL;DR; When enabling the `ovn-controller` role on the SB DB `ovsdb-server`
listener, `ovn-northd` no longer has the necessary access to do its job
when you are unable to use the local unix socket for its connection to the
database.
AFAICT there is no northd-specifc or admin type role