Bug 1489465

Summary: OVS-dpdk: /var/log/openvswitch has wrong permission when OVS gets changed to 2.8 from < 2.8
Product: Red Hat Enterprise Linux 7 Reporter: Jean-Tsung Hsiao <jhsiao>
Component: openvswitchAssignee: Aaron Conole <aconole>
Status: CLOSED ERRATA QA Contact: Jean-Tsung Hsiao <jhsiao>
Severity: high Docs Contact:
Priority: high    
Version: 7.4CC: aconole, atragler, jhsiao, kzhang, rcain, tredaelli
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 2.9.0-0.3.20171212git6625e43 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-19 10:19:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1475436    

Description Jean-Tsung Hsiao 2017-09-07 13:53:48 UTC 
Description of problem: OVS-dpdk: /var/log/openvswitch has wrong permission when OVS gets changed to 2.8 from < 2.8
 
With 2.7 or older releases /var/log/openvswitch directory has been owned by root,root. This doesn't get changed when changed to 2.8.

[root@netqe5 openvswitch]# ls -ld /var/log/openvswitch
drwxr-x---. 2 root root 4096 Sep  7 03:39 /var/log/openvswitch

The consequence is that ovs-vswitchd.log cannot be opened caused by permission denied.

2017-09-07T07:39:01.566Z|00198|vlog|WARN|failed to open /var/log/openvswitch/ovs-vswitchd.log for logging: Permission denied

-rw-r--r--.  1 openvswitch hugetlbfs    0 Sep  7 03:39 ovs-vswitchd.log

Same issue happened to ovsdb-server.log:

2017-09-07T07:39:01.564Z|00005|vlog|WARN|failed to open /var/log/openvswitch/ovsdb-server.log for logging: Permission denied

-rw-r--r--.  1 openvswitch hugetlbfs    0 Sep  7 03:39 ovsdb-server.log


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce: Reproducible
1. Either by upgrade or remove existing pre 2.8 OVS
2. Restart OVS
3. Check /var/log/openvswitch permission

Actual results:

It's owned by (root,root) as used to.

Expected results:

Should be owned by (openvswitch,hugetlbfs) with 2.8 OVS

Additional info:
Comment 2 Jean-Tsung Hsiao 2017-09-07 14:53:34 UTC 
By "rm -rf /var/log/openvswitch" and "systemctl restart openvswitch" we got the right ownership for /var/log/openvswitch:

[root@netqe19 log]# systemctl restart  openvswitch
[root@netqe19 log]# ls -ld openvswitch/
drwxr-x---. 2 openvswitch hugetlbfs 54 Sep  7 10:49 openvswitch/
Comment 4 Aaron Conole 2017-11-02 19:22:13 UTC 
94cd8383e2975a3da25028162bf5d69d308af6fb
Comment 5 Aaron Conole 2018-01-08 19:29:09 UTC 
*** Bug 1530348 has been marked as a duplicate of this bug. ***
Comment 8 Jean-Tsung Hsiao 2018-02-24 00:58:32 UTC 
When OVS changed from 2.7.3 to 2.9.0 permission for ovs-vswitchd.log and ovsdb-server.log got changed from root/root to openvswitch/hugetlbfs:

root@netqe6 openvswitch]# ls -lrt
total 48
-rw-r--r--. 1 root        root       104 Feb  1 03:45 ovs-vswitchd.log-20180202.gz
-rw-r--r--. 1 root        root       136 Feb  1 03:45 ovsdb-server.log-20180202.gz
-rw-r--r--. 1 root        root       102 Feb  2 03:13 ovs-vswitchd.log-20180203.gz
-rw-r--r--. 1 root        root       134 Feb  2 03:13 ovsdb-server.log-20180203.gz
-rw-r--r--. 1 root        root       104 Feb  3 03:14 ovs-vswitchd.log-20180204.gz
-rw-r--r--. 1 root        root       138 Feb  3 03:14 ovsdb-server.log-20180204.gz
-rw-r--r--. 1 root        root       104 Feb  4 03:29 ovs-vswitchd.log-20180205.gz
-rw-r--r--. 1 root        root       137 Feb  4 03:29 ovsdb-server.log-20180205.gz
-rw-r--r--. 1 openvswitch hugetlbfs 8880 Feb 23 18:00 ovs-vswitchd.log
-rw-r--r--. 1 openvswitch hugetlbfs 3844 Feb 23 18:00 ovsdb-server.log

Set the status to VERIFIED.
Comment 11 errata-xmlrpc 2018-03-19 10:19:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0550