Comment 0 for bug 1917475

When using Openstack Ussuri with OVN 20.03 and adding a floating IP address to a port the ovn-controller on the hypervisor repeatedly reports:

2021-03-02T10:33:35.517Z|35359|ovsdb_idl|WARN|transaction error: {"details":"RBAC rules for client \"juju-eab186-zaza-d26c8c079cc7-11.project.serverstack\" role \"ovn-controller\" prohibit modification of table \"Port_Binding\".","error":"permission error"}
2021-03-02T10:33:35.518Z|35360|main|INFO|OVNSB commit failed, force recompute next time.

The seams to be because the ovn-controller needs to update the virtual_parent attribute of the port binding *2 but that is not included in the list of permissions allowed by the ovn-controller role *1

*1 https://github.com/ovn-org/ovn/blob/aa8ef5588c119fa8615d78288a7db7e3df2d6fbe/northd/ovn-northd.c#L11331-L11332
*2 https://pastebin.ubuntu.com/p/4CfcxgDgdm/

Disabling rbac by changing the role to "" and stopping and starting the southbound db listener results in the port being immediately updated and the floating IP can be accessed.