Bug 1459436
Summary: | Conclude on the openvswitch permission changes for dpdkvhostuserclient type | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Saravanan KR <skramaja> |
Component: | openstack-tripleo-heat-templates | Assignee: | Emilien Macchi <emacchi> |
Status: | CLOSED ERRATA | QA Contact: | Yariv <yrachman> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 11.0 (Ocata) | CC: | aconole, ailan, atelang, dbecker, ksundara, mburns, morazi, mprivozn, ohochman, rhel-osp-director-maint, trozet, tvignaud, twilson |
Target Milestone: | ga | Keywords: | Triaged |
Target Release: | 12.0 (Pike) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openstack-tripleo-heat-templates-7.0.0-0.20170821194253.el7ost | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-12-13 21:31:55 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Saravanan KR
2017-06-07 07:13:38 UTC
Alternatively, in the ODL deployments [1], instead of the new directory and ovs permission changes in the service file, the "user" and "group" values in the /etc/libvirt/qemu.conf[2] is set as "root". This change works (tested by Tim Roznet with ODL). We would like to understand if the same can by used for neutron ml2 based ovs-dpdk deployments too, if there is no other implications. [1] https://review.openstack.org/#/c/419648/19/extraconfig/pre_network/ovs_dpdk_config.yaml@71 [2] https://github.com/libvirt/libvirt/blob/master/src/qemu/qemu.conf#L360 I'm not an openvswitch expert, but I think that is needed because giving qemu access is good but not enough. ovs has to have access too. We should probably ask some openvswitch developer. It should also work for neutron ovs agent dpdk. I believe I tested it. Michal, Can you please throw some light on c#1 as well. we would like to understand if changing the permissions for user and group fields to root in /etc/libvirt/qemu.conf has other impacts ? (In reply to Saravanan KR from comment #1) > Alternatively, in the ODL deployments [1], instead of the new directory and > ovs permission changes in the service file, the "user" and "group" values in > the /etc/libvirt/qemu.conf[2] is set as "root". > Setting user = group = "root" results in qemu processes running under root:root privileges. Of course qemu can then access whatever path. However, my understanding is that you don't want to run qemu with root privileges, therefore you have to either: a) set user & group variables to something else (e.g. qemu:qemu), or b) not set at all (defaults to qemu:qemu on RHEL). I've recently proposed a change to Open vSwitch upstream at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/333423.html which makes ovs run with a group of hugetlbfs. Perhaps we could settle on a group ID that they could share; we could then use that for as our DAC id? Just throwing it out there. Patch create upstream. https://review.openstack.org/#/c/478163/ Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:3462 |