When using Openstack Ussuri with OVN 20.03 and adding a floating IP address to a port the ovn-controller on the hypervisor repeatedly reports:
2021-03-02T10:33:35.517Z|35359|ovsdb_idl|WARN|transaction error: {"details":"RBAC rules for client \"juju-eab186-zaza-d26c8c079cc7-11.project.serverstack\" role \"ovn-controller\" prohibit modification of table \"Port_Binding\".","error":"permission error"}
2021-03-02T10:33:35.518Z|35360|main|INFO|OVNSB commit failed, force recompute next time.
The seams to be because the ovn-controller needs to update the virtual_parent attribute of the port binding *2 but that is not included in the list of permissions allowed by the ovn-controller role *1
Disabling rbac by changing the role to "" and stopping and starting the southbound db listener results in the port being immediately updated and the floating IP can be accessed.
When using Openstack Ussuri with OVN 20.03 and adding a floating IP address to a port the ovn-controller on the hypervisor repeatedly reports:
2021-03- 02T10:33: 35.517Z| 35359|ovsdb_ idl|WARN| transaction error: {"details":"RBAC rules for client \"juju- eab186- zaza-d26c8c079c c7-11.project. serverstack\ " role \"ovn-controller\" prohibit modification of table \"Port_ Binding\ ".","error" :"permission error"} 02T10:33: 35.518Z| 35360|main| INFO|OVNSB commit failed, force recompute next time.
2021-03-
The seams to be because the ovn-controller needs to update the virtual_parent attribute of the port binding *2 but that is not included in the list of permissions allowed by the ovn-controller role *1
*1 https:/ /github. com/ovn- org/ovn/ blob/aa8ef5588c 119fa8615d78288 a7db7e3df2d6fbe /northd/ ovn-northd. c#L11331- L11332 /pastebin. ubuntu. com/p/4CfcxgDgd m/
*2 https:/
Disabling rbac by changing the role to "" and stopping and starting the southbound db listener results in the port being immediately updated and the floating IP can be accessed.