I got into this issue and I was testing the patch in a lab environment when I found some conflicting documentation between OVS and OVN.
This patch enforces that the system-id must be a UUID string, this is consistent with OVS documentation[0]:
"""
--system-id=<uuid> or --system-id=random
This specifies a unique system identifier to store into external-ids:system-id in the database’s Open_vSwitch table.[...]
"""
Now when we go to OVN RBAC documentation[1] we get the following:
"""
Suppose there are three machines in your deployment. machine_1 runs chassis_1 and has IP address machine_1-ip.[...]
NOTE: chassis_1 must be the same string as external_ids:system-id in the Open_vSwitch table (the chassis name) of machine_1. Same applies for chassis_2.
"""
One of the commits added testing for this functionality[2] and system-id is set to the same value of hostname[3]
If OVN RBAC starts using a UUID for the system-id (instead of a hostname), the certificates would need to be generated using that UUID which would be strange from the operations point of view.
Hello Everyone,
I got into this issue and I was testing the patch in a lab environment when I found some conflicting documentation between OVS and OVN.
This patch enforces that the system-id must be a UUID string, this is consistent with OVS documentation[0]:
"""
--system-id=<uuid> or --system-id=random
This specifies a unique system identifier to store into external- ids:system- id in the database’s Open_vSwitch table.[...]
"""
Now when we go to OVN RBAC documentation[1] we get the following:
"""
Suppose there are three machines in your deployment. machine_1 runs chassis_1 and has IP address machine_1-ip.[...]
NOTE: chassis_1 must be the same string as external_ ids:system- id in the Open_vSwitch table (the chassis name) of machine_1. Same applies for chassis_2.
"""
One of the commits added testing for this functionality[2] and system-id is set to the same value of hostname[3]
If OVN RBAC starts using a UUID for the system-id (instead of a hostname), the certificates would need to be generated using that UUID which would be strange from the operations point of view.
Best,
[0] https:/ /docs.openvswit ch.org/ en/latest/ ref/ovs- ctl.8/# options /docs.ovn. org/en/ latest/ tutorials/ ovn-rbac. html /github. com/ovn- org/ovn/ commit/ c948d6bb05b4d8d 34db7a88590eddb 4c6de2b3c4 /github. com/ovn- org/ovn/ blob/main/ tests/ovn- macros. at#L322- L323
[1] https:/
[2] https:/
[3] https:/