Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2020-06-02 14:43:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openvswitch" Tue Jun 2 14:43:07 2020 rev:48 rq:807822 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2020-02-14 16:39:23.783653350 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.3606/openvswitch.changes 2020-06-02 14:43:58.780534309 +0200 @@ -1,0 +2,34 @@ +Mon May 4 11:38:26 UTC 2020 - Jaime Caamaño Ruiz <jcaam...@suse.com> + +- Update openvswitch to 2.13.0. + * For a list of changes, check + https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS + * This version drops python2 binding support. Only python3 bindings + provided going forward. + * Tool ovs-vlan-bug-workaround is no longer provided. +- OVN was split to its own repo but is still built together with OVS and as + such from this same source package. OVN initial version is 20.03. + * For a list of changes, check + https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS + * Packages openvswitch-ovn* are renamed to ovn*. + * OVN now has its own sysconfig and log paths. +- Add OVS patch to be proposed upstream: + * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch +- Patch instead of post-processing configuration files to set running + credentials (bsc#1157338): + * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch + * 0001-Run-ovn-as-openvswitch-openvswitch.patch +- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs' + (bsc#1140835). System admin should mount hugepages on a path and permissions of + his choosing for OVS. Add patch: + * 0001-Don-t-change-permissions-of-dev-hugepages.patch +- Will no longer install udev rule to change group ownership of vfio devices to + 'hugetlbfs'. Group name does not make much sense in this case and ownership of + vfio devices should be coordinated system wide or per device. +- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled. + OVS will now run under group 'openvswitch' whether compiled with DPDK support + or not. +- OVS persistent state is now saved on /var/lib/openvswitch instead of + /etc/openvswitch for new installs. + +------------------------------------------------------------------- Old: ---- openvswitch-2.12.0.tar.gz New: ---- 0001-Don-t-change-permissions-of-dev-hugepages.patch 0001-Run-openvswitch-as-openvswitch-openvswitch.patch 0001-Run-ovn-as-openvswitch-openvswitch.patch 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch openvswitch-2.13.0.tar.gz ovn-20.03.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openvswitch.spec ++++++ ++++ 1453 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openvswitch/openvswitch.spec ++++ and /work/SRC/openSUSE:Factory/.openvswitch.new.3606/openvswitch.spec ++++++ 0001-Don-t-change-permissions-of-dev-hugepages.patch ++++++ >From e54cce931bafa12176989a5d59e3839f1bcfdf0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaam...@suse.com> Date: Wed, 6 May 2020 16:32:28 +0200 Subject: [PATCH 1/2] Don't change permissions of /dev/hugepages For SLES/openSUSE, don't change permissions of /dev/hugepages as that is a system path. Sysadmin shoudl mount hugepages on a path and permission of his choosing if OVS either manually or via hugeadm. --- rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 4 ---- 1 file changed, 4 deletions(-) diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in index ff43dae96..08355d950 100644 --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in @@ -16,10 +16,6 @@ EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=-/etc/sysconfig/openvswitch EnvironmentFile=-/run/openvswitch.useropts LimitSTACK=2M -@begin_dpdk@ -ExecStartPre=-/bin/sh -c '/usr/bin/chown :$${OVS_USER_ID##*:} /dev/hugepages' -ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages -@end_dpdk@ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ --no-ovsdb-server --no-monitor --system-id=random \ ${OVS_USER_OPT} \ -- 2.16.4 ++++++ 0001-Run-openvswitch-as-openvswitch-openvswitch.patch ++++++ >From 4de3a6e6fc67125a900913598344881c0b0bed71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaam...@suse.com> Date: Fri, 8 May 2020 11:15:57 +0200 Subject: [PATCH] Run openvswitch as openvswitch:openvswitch Change default run configuration to unprivilieged user openvswitch and group openvswitch. Expect any further customization from user in sysconfig/openvswitch, including setting it back to privileged root:root configuration. --- rhel/etc_logrotate.d_openvswitch | 2 +- rhel/etc_openvswitch_default.conf | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch index f4302ffbc..eaf1fd5bf 100644 --- a/rhel/etc_logrotate.d_openvswitch +++ b/rhel/etc_logrotate.d_openvswitch @@ -6,7 +6,7 @@ # without warranty of any kind. /var/log/openvswitch/*.log { - su root root + su openvswitch openvswitch daily compress sharedscripts diff --git a/rhel/etc_openvswitch_default.conf b/rhel/etc_openvswitch_default.conf index c74417db6..20d1f5f54 100644 --- a/rhel/etc_openvswitch_default.conf +++ b/rhel/etc_openvswitch_default.conf @@ -1,5 +1,4 @@ # DO NOT EDIT THIS FILE # The following is the *default* configuration for the openvswitch user ID. -# This is for backward compatibility. -OVS_USER_ID="root:root" +OVS_USER_ID="openvswitch:openvswitch" -- 2.16.4 ++++++ 0001-Run-ovn-as-openvswitch-openvswitch.patch ++++++ >From aa1869378cf512fd7aeee16c0a030264c2623270 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaam...@suse.com> Date: Fri, 8 May 2020 11:23:04 +0200 Subject: [PATCH] Run ovn as openvswitch:openvswitch Change default run configuration to unprivilieged user openvswitch and group openvswitch. Expect any further customization from user in sysconfig/ovn. --- rhel/etc_logrotate.d_ovn | 2 +- rhel/usr_lib_systemd_system_ovn-controller-vtep.service | 1 + rhel/usr_lib_systemd_system_ovn-controller.service | 1 + rhel/usr_lib_systemd_system_ovn-northd.service | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) diff --git a/rhel/etc_logrotate.d_ovn b/rhel/etc_logrotate.d_ovn index a351ec303..4b26333fc 100644 --- a/rhel/etc_logrotate.d_ovn +++ b/rhel/etc_logrotate.d_ovn @@ -6,7 +6,7 @@ # without warranty of any kind. /var/log/ovn/*.log { - su root root + su openvswitch openvswitch daily compress sharedscripts diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service index 09ad0612c..dd6ff6675 100644 --- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service +++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service @@ -35,6 +35,7 @@ After=openvswitch.service [Service] Type=simple Restart=on-failure +Environment=OVN_USER_ID=openvswitch:openvswitch Environment=OVS_RUNDIR=%t/openvswitch Environment=OVN_RUNDIR=%t/ovn Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service b/rhel/usr_lib_systemd_system_ovn-controller.service index 15d0ac853..c602760f1 100644 --- a/rhel/usr_lib_systemd_system_ovn-controller.service +++ b/rhel/usr_lib_systemd_system_ovn-controller.service @@ -23,6 +23,7 @@ After=openvswitch.service Type=forking PIDFile=/var/run/ovn/ovn-controller.pid Restart=on-failure +Environment=OVN_USER_ID=openvswitch:openvswitch Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch EnvironmentFile=-/etc/sysconfig/ovn EnvironmentFile=-/etc/sysconfig/ovn-controller diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service b/rhel/usr_lib_systemd_system_ovn-northd.service index d281f861c..d5c7dfa5f 100644 --- a/rhel/usr_lib_systemd_system_ovn-northd.service +++ b/rhel/usr_lib_systemd_system_ovn-northd.service @@ -20,6 +20,7 @@ After=syslog.target [Service] Type=oneshot RemainAfterExit=yes +Environment=OVN_USER_ID=openvswitch:openvswitch Environment=OVN_RUNDIR=%t/ovn OVN_DBDIR=/var/lib/ovn EnvironmentFile=-/etc/sysconfig/ovn EnvironmentFile=-/etc/sysconfig/ovn-northd -- 2.16.4 ++++++ 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch ++++++ >From c349652c106b4c4e54e5a4a2f05546d35a801601 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaam...@suse.com> Date: Tue, 5 May 2020 18:41:30 +0200 Subject: [PATCH] rhel: Fix reload of OVS_USER_ID on startup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OVS_USER_ID was being picked up from a previously existing openvswitch.useropts rendering innefective any configuration change through sysconfig. There is no explicit ordering between Exec* and Environment* stanzas of systemd, full enviroment is always reloaded before each Exec. We make sure that openvswitch.useropts is removed first so that a fresh OVS_USER_ID can be picked up from config. Signed-off-by: Jaime Caamaño Ruiz <jcaam...@suse.com> --- rhel/usr_lib_systemd_system_ovsdb-server.service | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service index 4c170c09b..98338b9df 100644 --- a/rhel/usr_lib_systemd_system_ovsdb-server.service +++ b/rhel/usr_lib_systemd_system_ovsdb-server.service @@ -11,10 +11,16 @@ PIDFile=/var/run/openvswitch/ovsdb-server.pid Restart=on-failure EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=-/etc/sysconfig/openvswitch +EnvironmentFile=-/run/openvswitch.useropts + +# Environment is reloaded for each Exec*, make sure to +# remove openvswitch.useropts first to reload a fresh +# OVS_USER_ID from default.conf or sysconfig. +ExecStartPre=/usr/bin/rm -f /run/openvswitch.useropts + ExecStartPre=-/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch -ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; /usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts' +ExecStartPre=/bin/sh -c '/usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts' ExecStartPre=/bin/sh -c 'if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVS_USER_OPT=--ovs-user=${OVS_USER_ID}" >> /run/openvswitch.useropts; fi' -EnvironmentFile=-/run/openvswitch.useropts ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ --no-ovs-vswitchd --no-monitor --system-id=random \ ${OVS_USER_OPT} \ -- 2.16.4 ++++++ openvswitch-2.12.0.tar.gz -> openvswitch-2.13.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/openvswitch/openvswitch-2.12.0.tar.gz /work/SRC/openSUSE:Factory/.openvswitch.new.3606/openvswitch-2.13.0.tar.gz differ: char 5, line 1