Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1830857

Summary: conf.db should be in /var/lib/openvswitch
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Yedidyah Bar David <didi>
Component: openvswitch2.11Assignee: Timothy Redaelli <tredaelli>
Status: CLOSED EOL QA Contact: Bob Fubel <bfubel>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: RHEL 8.0CC: aconole, ctrautma, dholler, jhsiao, mmichels, ralongi, tredaelli
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://mail.openvswitch.org/pipermail/ovs-dev/2020-September/374813.html
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-10-08 17:49:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yedidyah Bar David 2020-05-04 06:51:00 UTC 
Description of problem:

conf.db is by default at /etc/openvswitch.

It should be at /var/lib/openvswitch , like ovnnb_db.db and ovnsb_db.db .

This is a database file. /etc is for configuration files.

I see that /etc/openvswitch is owned by openvswitch:openvswitch (and that ovsdb-server runs as user openvswitch), whereas /var/lib/openvswitch is owned by root:root (and that at least ovn-northd runs as root). I do not know much about OVS/OVN, nor specifically about its security model etc., so not sure what must run as root etc. For doing a minimal change, just for current bug, I tested this, and it seems to work:

mkdir /var/lib/openvswitch/ovsdb
chown openvswitch:openvswitch /var/lib/openvswitch/ovsdb

Add to /usr/lib/systemd/system/ovsdb-server.service this line, after [Service]:

Environment=OVS_DBDIR=/var/lib/openvswitch/ovsdb

Now, all services manage to start and use their db files under /var/lib/openvswitch.
Comment 4 Timothy Redaelli 2020-05-13 08:59:08 UTC 
(In reply to Yedidyah Bar David from comment #0)
> Description of problem:
> 
> conf.db is by default at /etc/openvswitch.
> 
> It should be at /var/lib/openvswitch , like ovnnb_db.db and ovnsb_db.db .
> 
> This is a database file. /etc is for configuration files.
> 
> I see that /etc/openvswitch is owned by openvswitch:openvswitch (and that
> ovsdb-server runs as user openvswitch), whereas /var/lib/openvswitch is
> owned by root:root (and that at least ovn-northd runs as root). I do not
> know much about OVS/OVN, nor specifically about its security model etc., so
> not sure what must run as root etc. For doing a minimal change, just for
> current bug, I tested this, and it seems to work:

On recent ovn builds (since 2.11.1-30) also ovn runs as non-root user

> mkdir /var/lib/openvswitch/ovsdb
> chown openvswitch:openvswitch /var/lib/openvswitch/ovsdb
> 
> Add to /usr/lib/systemd/system/ovsdb-server.service this line, after
> [Service]:
> 
> Environment=OVS_DBDIR=/var/lib/openvswitch/ovsdb
> 
> Now, all services manage to start and use their db files under
> /var/lib/openvswitch.
Comment 5 Timothy Redaelli 2020-05-25 09:40:00 UTC 
I see that debian does something similar,
they symlink conf.db from /var/lib/openvswitch to /etc/openvswitch for backward compatibility:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681880
Comment 6 Timothy Redaelli 2020-09-10 13:39:36 UTC 
Patch sent upstream
Comment 8 ovs-bot 2024-10-08 17:49:14 UTC 
This bug did not meet the criteria for automatic migration and is being closed.
If the issue remains, please open a new ticket in https://issues.redhat.com/browse/FDP