kuryr-libnetwork

  1. Bug #2048064
  2. Activity log

Activity log for bug #2048064

Date Who What changed Old value New value Message
2024-01-04 10:02:44 Alexey 'Fenuks' Rusetsky bug added bug
2024-01-04 10:05:57 Alexey 'Fenuks' Rusetsky description On Ubuntu 20.04 (Focal) OpenVSwitch creates it's sockets with room-only privileges: srwxr-x--- 1 root root 0 08-07 04:25 /var/run/openvswitch/db.sock kuryr-libnetwork can not connect to it, throwing errors: ERROR kuryr_libnetwork.controllers [-] ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (Permission denied) One possible fix is to use network socket: --- a/libexec/kuryr/ovs 2023-11-03 19:54:59.691657959 +0000 +++ b/libexec/kuryr/ovs 2024-01-04 05:53:35.636326065 +0000 @@ -13,6 +13,7 @@ INT_BRIDGE="br-int" HYBRID_PLUG="'ovs_hybrid_plug': True" +DB='--db=tcp:127.0.0.1:6640' OPERATION=$1 PORT=$2 @@ -22,7 +23,7 @@ ovs_bind_port() { echo "plugging veth $VETH (Neutron port $PORT)..." - ovs-vsctl -- --may-exist add-port $INT_BRIDGE $VETH -- \ + ovs-vsctl ${DB} -- --may-exist add-port $INT_BRIDGE $VETH -- \ set interface $VETH external_ids:attached-mac=$MAC_ADDRESS \ external_ids:iface-id=$PORT external_ids:vm-uuid=$CONTAINER_UUID \ external_ids:iface-status=active external_ids:owner=kuryr @@ -30,14 +31,14 @@ ovs_unbind_port() { echo "unplugging port $PORT..." - MYPORT=`ovs-vsctl --data=bare --no-heading --columns=name \ + MYPORT=`ovs-vsctl ${DB} --data=bare --no-heading --columns=name \ find interface external_ids:iface-id=$PORT \ external_ids:owner=kuryr` if [ -z "$MYPORT" ]; then echo >&2 "Failed to find port $PORT." exit 1 fi - ovs-vsctl del-port $INT_BRIDGE $MYPORT + ovs-vsctl ${DB} del-port $INT_BRIDGE $MYPORT } ovs_hybrid_bind_port() { @@ -63,7 +64,7 @@ ip link set $br_name up # connect one end to the ovs integration bridge - ovs-vsctl add-port $INT_BRIDGE $veth_ovs -- \ + ovs-vsctl ${DB} add-port $INT_BRIDGE $veth_ovs -- \ set interface $veth_ovs external_ids:attached-mac=$MAC_ADDRESS \ external_ids:iface-id=$PORT external_ids:vm-id=$CONTAINER_UUID \ external_ids:iface-status=active external_ids:owner=kuryr @@ -79,7 +80,7 @@ veth_ovs="qvo"${PORT:0:11} ip link set dev $veth_lb nomaster - ovs-vsctl del-port $veth_ovs + ovs-vsctl ${DB} del-port $veth_ovs ip link delete $veth_lb type veth ip link set $br_name down Zun and Kiryr installed using openstack-ansible for 2023.1. Kuryr service is run as unprivileged user kuryr. On Ubuntu 20.04 (Focal) OpenVSwitch creates it's sockets with root-only privileges: srwxr-x--- 1 root root 0 08-07 04:25 /var/run/openvswitch/db.sock kuryr-libnetwork can not connect to it, throwing errors: ERROR kuryr_libnetwork.controllers [-] ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (Permission denied) One possible fix is to use network socket: --- a/libexec/kuryr/ovs 2023-11-03 19:54:59.691657959 +0000 +++ b/libexec/kuryr/ovs 2024-01-04 05:53:35.636326065 +0000 @@ -13,6 +13,7 @@  INT_BRIDGE="br-int"  HYBRID_PLUG="'ovs_hybrid_plug': True" +DB='--db=tcp:127.0.0.1:6640'  OPERATION=$1  PORT=$2 @@ -22,7 +23,7 @@  ovs_bind_port() {      echo "plugging veth $VETH (Neutron port $PORT)..." - ovs-vsctl -- --may-exist add-port $INT_BRIDGE $VETH -- \ + ovs-vsctl ${DB} -- --may-exist add-port $INT_BRIDGE $VETH -- \          set interface $VETH external_ids:attached-mac=$MAC_ADDRESS \          external_ids:iface-id=$PORT external_ids:vm-uuid=$CONTAINER_UUID \          external_ids:iface-status=active external_ids:owner=kuryr @@ -30,14 +31,14 @@  ovs_unbind_port() {      echo "unplugging port $PORT..." - MYPORT=`ovs-vsctl --data=bare --no-heading --columns=name \ + MYPORT=`ovs-vsctl ${DB} --data=bare --no-heading --columns=name \          find interface external_ids:iface-id=$PORT \          external_ids:owner=kuryr`      if [ -z "$MYPORT" ]; then          echo >&2 "Failed to find port $PORT."          exit 1      fi - ovs-vsctl del-port $INT_BRIDGE $MYPORT + ovs-vsctl ${DB} del-port $INT_BRIDGE $MYPORT  }  ovs_hybrid_bind_port() { @@ -63,7 +64,7 @@      ip link set $br_name up      # connect one end to the ovs integration bridge - ovs-vsctl add-port $INT_BRIDGE $veth_ovs -- \ + ovs-vsctl ${DB} add-port $INT_BRIDGE $veth_ovs -- \          set interface $veth_ovs external_ids:attached-mac=$MAC_ADDRESS \          external_ids:iface-id=$PORT external_ids:vm-id=$CONTAINER_UUID \          external_ids:iface-status=active external_ids:owner=kuryr @@ -79,7 +80,7 @@      veth_ovs="qvo"${PORT:0:11}      ip link set dev $veth_lb nomaster - ovs-vsctl del-port $veth_ovs + ovs-vsctl ${DB} del-port $veth_ovs      ip link delete $veth_lb type veth      ip link set $br_name down
2024-01-04 11:24:48 Alexey 'Fenuks' Rusetsky bug task added kuryr-libnetwork