From: Saravanan KR <skramaja@redhat.com>
Date: Tue, 27 Jun 2017 13:47:43 +0000 (+0530)
Subject: Added OvS permission workaround for enabling DPDK
X-Git-Tag: opnfv-6.0.0~405^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=d7738012e13668e992c8d35cdd23e8527305a88e;p=apex-tripleo-heat-templates.git

Added OvS permission workaround for enabling DPDK

The vhost sockets sockets are created with qemu permission, but ovs
runs with root permission. In order to allow ovs to access vhost sockets
reducing the ovs group permission from root to qemu. This is a temprovary
workaround, until ovs fixes the permission issue. The script supports
both ovs2.6 and ovs2.7 versions.

Change-Id: I172956390c19fc9824bf7590cd48bfcf6201191b
---

diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml
index 009a0879..6ea5b691 100644
--- a/extraconfig/pre_network/host_config_and_reboot.yaml
+++ b/extraconfig/pre_network/host_config_and_reboot.yaml
@@ -178,6 +178,32 @@ resources:
           template: |
             #!/bin/bash
             set -x
+
+            # OvS Permission issue temporary workaround
+            # https://bugzilla.redhat.com/show_bug.cgi?id=1459436
+            # Actual solution from openvswitch - https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/333423.html
+            ovs_service_path="/usr/lib/systemd/system/ovs-vswitchd.service"
+
+            if grep -q 'RuntimeDirectoryMode' $ovs_service_path; then
+                sed -i 's/RuntimeDirectoryMode=.*/RuntimeDirectoryMode=0775/' $ovs_service_path
+            else
+                echo "RuntimeDirectoryMode=0775" >> $ovs_service_path
+            fi
+
+            if ! grep -Fxq "Group=qemu" $ovs_service_path ; then
+              echo "Group=qemu" >> $ovs_service_path
+            fi
+
+            if ! grep -Fxq "UMask=0002" $ovs_service_path ; then
+              echo "UMask=0002" >> $ovs_service_path
+            fi
+
+            ovs_ctl_path='/usr/share/openvswitch/scripts/ovs-ctl'
+            if ! grep -q "umask 0002 \&\& start_daemon \"\$OVS_VSWITCHD_PRIORITY\"" $ovs_ctl_path ; then
+              sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path
+            fi
+
+
             # DO NOT use --detailed-exitcodes
             puppet apply --logdest console \
               --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
diff --git a/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml
new file mode 100644
index 00000000..f8c06fd6
--- /dev/null
+++ b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - Fixed the openvswitch permission to allow ovs to access vhost
+    sockets created by qemu. This is a workaround until openvswitch
+    provides the actual solution.
+