Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: b5081b6)
Added OvS permission workaround for enabling DPDK
authorSaravanan KR <skramaja@redhat.com>
Tue, 27 Jun 2017 13:47:43 +0000 (19:17 +0530)
committerSaravanan KR <skramaja@redhat.com>
Mon, 10 Jul 2017 10:42:05 +0000 (16:12 +0530)
The vhost sockets sockets are created with qemu permission, but ovs
runs with root permission. In order to allow ovs to access vhost sockets
reducing the ovs group permission from root to qemu. This is a temprovary
workaround, until ovs fixes the permission issue. The script supports
both ovs2.6 and ovs2.7 versions.

Change-Id: I172956390c19fc9824bf7590cd48bfcf6201191b

extraconfig/pre_network/host_config_and_reboot.yaml patch | blob | history
releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml [new file with mode: 0644] patch | blob

diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml
index 009a087..6ea5b69 100644 (file)
--- a/extraconfig/pre_network/host_config_and_reboot.yaml
+++ b/extraconfig/pre_network/host_config_and_reboot.yaml
@@ -178,6 +178,32 @@ resources:
           template: |
             #!/bin/bash
             set -x
+
+            # OvS Permission issue temporary workaround
+            # https://bugzilla.redhat.com/show_bug.cgi?id=1459436
+            # Actual solution from openvswitch - https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/333423.html
+            ovs_service_path="/usr/lib/systemd/system/ovs-vswitchd.service"
+
+            if grep -q 'RuntimeDirectoryMode' $ovs_service_path; then
+                sed -i 's/RuntimeDirectoryMode=.*/RuntimeDirectoryMode=0775/' $ovs_service_path
+            else
+                echo "RuntimeDirectoryMode=0775" >> $ovs_service_path
+            fi
+
+            if ! grep -Fxq "Group=qemu" $ovs_service_path ; then
+              echo "Group=qemu" >> $ovs_service_path
+            fi
+
+            if ! grep -Fxq "UMask=0002" $ovs_service_path ; then
+              echo "UMask=0002" >> $ovs_service_path
+            fi
+
+            ovs_ctl_path='/usr/share/openvswitch/scripts/ovs-ctl'
+            if ! grep -q "umask 0002 \&\& start_daemon \"\$OVS_VSWITCHD_PRIORITY\"" $ovs_ctl_path ; then
+              sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path
+            fi
+
+
             # DO NOT use --detailed-exitcodes
             puppet apply --logdest console \
               --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
diff --git a/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml
new file mode 100644 (file)
index 0000000..f8c06fd
--- /dev/null
+++ b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - Fixed the openvswitch permission to allow ovs to access vhost
+    sockets created by qemu. This is a workaround until openvswitch
+    provides the actual solution.
+