This bug was fixed in the package ovn - 20.12.0-0ubuntu3~cloud0
---
ovn (20.12.0-0ubuntu3~cloud0) focal-wallaby; urgency=medium
.
* New update for the Ubuntu Cloud Archive.
.
ovn (20.12.0-0ubuntu3) hirsute; urgency=medium
.
* Add RBAC rules for IGMP_Group table (LP:
This bug was fixed in the package ovn - 20.12.0-0ubuntu3
---
ovn (20.12.0-0ubuntu3) hirsute; urgency=medium
* Add RBAC rules for IGMP_Group table (LP: #1914988):
- d/p/lp-1914988-Add-IGMP_Group-to-ovn-controller-RBAC.patch
-
Testing has completed successfully for hirsute-proposed and wallaby-
proposed. Test results from "Patchset 5 Nov 02 3:05 PM" of the charm-
octavia review above.
focal-wallaby-ha-ovn https://openstack-ci-
reports.ubuntu.com/artifacts/d85/815543/5/check/focal-wallaby-ha-
ovn/d85d874/ : SUCCESS in
** Changed in: ovn (Ubuntu Focal)
Importance: Undecided => High
** Changed in: ovn (Ubuntu Groovy)
Importance: Undecided => High
** Changed in: ovn (Ubuntu Hirsute)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Testing for this SRU is running here:
https://review.opendev.org/c/openstack/charm-octavia/+/815543
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917475
Title:
RBAC Permissions too strict for
** Changed in: cloud-archive
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917475
Title:
RBAC Permissions too strict for Port_Binding table
To manage
Just a comment on wallaby-proposed packages, I installed those on all
ovn-related units and don't see errors about RBAC anymore, and I also didn't
notice any other collateral effect.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The RBAC rules are installed into the database by ovn-northd on the
central units. Depending on which order you upgraded the packages you
may need to force the controllers to reconnect.
As for ovn-*ctl hanging, that is a sign you are attempting to talk to a
non-leader instance of the database.
Just upgrading the packages (from focal-wallaby-proposed) did not help.
I upgraded on all ovn-chassis (even the octavia ones), all ovn-central,
all ovn-chassis-gateway. I also deleted the LB and recreated completely.
On a separate note, when I try to run "ovn-sbctl find connection" the
command
Ok, I'll try to update from proposed and test. Thank you!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917475
Title:
RBAC Permissions too strict for Port_Binding table
To manage notifications
Andre, we are currently in the bit odd situation where it is fix
released for focal but only fix committed for hirsute/focal-wallaby. The
good news is that the fix is available in -proposed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
I seem to be having this problem on a focal / wallaby deployment, although I
don't have that exact message (about prohibit update of port_binding), I only
have:
root@srv2dell001p:/var/log/ovn# grep -i perm ovn-controller.log
Hello Liam, or anyone else affected,
Accepted ovn into hirsute-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ovn/20.12.0-0ubuntu3
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Also affects: cloud-archive
Importance: Undecided
Status: New
** Also affects: cloud-archive/wallaby
Importance: Undecided
Status: New
** Changed in: cloud-archive
Status: New => Fix Released
** Changed in: cloud-archive
Status: Fix Released => Fix Committed
** Merge proposal linked:
https://code.launchpad.net/~fnordahl/ubuntu/+source/ovn/+git/ovn/+merge/409046
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917475
Title:
RBAC Permissions too strict
** Description changed:
- When using Openstack Ussuri with OVN 20.03 and adding a floating IP
- address to a unbound port the ovn-controller on the hypervisor
- repeatedly reports:
+ [Impact]
+ The OpenStack Octavia service will not work after upgrade to Hirsute.
+
+ [Test Plan]
+ Execute the
** Changed in: ovn (Ubuntu Impish)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917475
Title:
RBAC Permissions too strict for Port_Binding table
To
@Dariusz, the RBAC rules are in the ovn-northd binary and is applied to
the database. Do you have the updated packages installed on the central
nodes and are you sure the ovn-northd and possibly the ovn-sb-ovsdb
services have restarted after the package upgrade?
--
You received this bug
I had exactly the same issue right now on Focal with 20.03.2-0ubuntu0.20.04.1
3 of 6 ovn-controller nodes were reported as "XXX". After restarting all of
failing ones, only 2 of 3 reconnected without issues.
The last one ovn-controller was still having problems. The only thing which
worked was a
** Changed in: ovn (Ubuntu)
Status: In Progress => Fix Committed
** Also affects: ovn (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: ovn (Ubuntu Hirsute)
Importance: Undecided
Status: New
** Also affects: ovn (Ubuntu Focal)
Importance: Undecided
I can confirm that on Bionic upgrading to
20.03.2-0ubuntu0.20.04.1~cloud0 fixed this issue
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917475
Title:
RBAC Permissions too strict for Port_Binding
Thank you for adding the extended detail, Camille!
I would like to note that the fix for this is now in -proposed on Focal
and is just around the corner to be promoted to -updates. The SRU can be
tracked in bug 1924981.
--
You received this bug notification because you are a member of Ubuntu
To confirm this is the bug in /var/log/ovn/ovn-controller.log on the
hypervisors look for:.
2021-03-02T10:33:35.517Z|35359|ovsdb_idl|WARN|transaction error:
{"details":"RBAC rules for client
\"juju-eab186-zaza-d26c8c079cc7-11.project.serverstack\" role
\"ovn-controller\" prohibit modification
Fixes has been applied upstream for all versions of OVN and we are
awaiting upstream to cut point releases to get these and other updates
into Ubuntu. We are also working on extending the upstream tests to
encompass testing with RBAC by default.
While waiting for that I have picked the relevant
https://patchwork.ozlabs.org/project/ovn/list/?series=232350
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917475
Title:
RBAC Permissions too strict for Port_Binding table
To manage notifications
https://patchwork.ozlabs.org/project/ovn/patch/20210302172353.1020143-1-frode.nord...@canonical.com/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917475
Title:
RBAC Permissions too strict for
** Description changed:
When using Openstack Ussuri with OVN 20.03 and adding a floating IP
- address to a port the ovn-controller on the hypervisor repeatedly
- reports:
+ address to a unbound port the ovn-controller on the hypervisor
+ repeatedly reports:
27 matches
Mail list logo
