1830857 – conf.db should be in /var/lib/openvswitch

Bug 1830857 - conf.db should be in /var/lib/openvswitch

Summary: conf.db should be in /var/lib/openvswitch

Keywords:
Status:	ASSIGNED
Alias:	None
Product:	Red Hat Enterprise Linux Fast Datapath
Classification:	Red Hat
Component:	openvswitch2.11
Sub Component:
Version:	RHEL 8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Timothy Redaelli
QA Contact:	Bob Fubel
Docs Contact:
URL:	https://mail.openvswitch.org/pipermai...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-05-04 06:51 UTC by Yedidyah Bar David
Modified:	2023-07-13 07:25 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	FD-630	0	None	None	None	2022-02-22 06:02:48 UTC

Description Yedidyah Bar David 2020-05-04 06:51:00 UTC

Description of problem:

conf.db is by default at /etc/openvswitch.

It should be at /var/lib/openvswitch , like ovnnb_db.db and ovnsb_db.db .

This is a database file. /etc is for configuration files.

I see that /etc/openvswitch is owned by openvswitch:openvswitch (and that ovsdb-server runs as user openvswitch), whereas /var/lib/openvswitch is owned by root:root (and that at least ovn-northd runs as root). I do not know much about OVS/OVN, nor specifically about its security model etc., so not sure what must run as root etc. For doing a minimal change, just for current bug, I tested this, and it seems to work:

mkdir /var/lib/openvswitch/ovsdb
chown openvswitch:openvswitch /var/lib/openvswitch/ovsdb

Add to /usr/lib/systemd/system/ovsdb-server.service this line, after [Service]:

Environment=OVS_DBDIR=/var/lib/openvswitch/ovsdb

Now, all services manage to start and use their db files under /var/lib/openvswitch.

Comment 4 Timothy Redaelli 2020-05-13 08:59:08 UTC

(In reply to Yedidyah Bar David from comment #0)
> Description of problem:
> 
> conf.db is by default at /etc/openvswitch.
> 
> It should be at /var/lib/openvswitch , like ovnnb_db.db and ovnsb_db.db .
> 
> This is a database file. /etc is for configuration files.
> 
> I see that /etc/openvswitch is owned by openvswitch:openvswitch (and that
> ovsdb-server runs as user openvswitch), whereas /var/lib/openvswitch is
> owned by root:root (and that at least ovn-northd runs as root). I do not
> know much about OVS/OVN, nor specifically about its security model etc., so
> not sure what must run as root etc. For doing a minimal change, just for
> current bug, I tested this, and it seems to work:

On recent ovn builds (since 2.11.1-30) also ovn runs as non-root user

> mkdir /var/lib/openvswitch/ovsdb
> chown openvswitch:openvswitch /var/lib/openvswitch/ovsdb
> 
> Add to /usr/lib/systemd/system/ovsdb-server.service this line, after
> [Service]:
> 
> Environment=OVS_DBDIR=/var/lib/openvswitch/ovsdb
> 
> Now, all services manage to start and use their db files under
> /var/lib/openvswitch.

Comment 5 Timothy Redaelli 2020-05-25 09:40:00 UTC

I see that debian does something similar,
they symlink conf.db from /var/lib/openvswitch to /etc/openvswitch for backward compatibility:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681880

Comment 6 Timothy Redaelli 2020-09-10 13:39:36 UTC

Patch sent upstream

Note You need to log in before you can comment on or make changes to this bug.