This series attempts to introduce the ability to start and use Open vSwitch 'out of the box' as a non-root user. It does this by modifying the service files to pass the recently introduced --ovs-user argument around, and by making some minor tweaks to the passwd, group, and filesystem information.
I prefixed the packaging work with 'redhat', but if rpm or packaging is a preferred prefx for that work, I can respin. The more controversial changes are: * This adds another config file (/etc/sysconfig/openvswitch-pre) to the system * The dpdk support directly modifies /dev/hugepages with a call to chmod * A new user 'openvswitch', and up to two new groups 'openvswitch', and 'hugetlbfs' are created * A change to soexpand.pl to allow conditional inclusion of dpdk-related options After this series: > [root@wsfd-netdev60 ~]# yum install openvswitch-2.7.90-1.fc25.x86_64.rpm > Loaded plugins: product-id, search-disabled-repos, subscription-manager > This system is not registered to Red Hat Subscription Management. You can use > subscription-manager to register. > Examining openvswitch-2.7.90-1.fc25.x86_64.rpm: > openvswitch-2.7.90-1.fc25.x86_64 > Marking openvswitch-2.7.90-1.fc25.x86_64.rpm to be installed > Resolving Dependencies > --> Running transaction check > ---> Package openvswitch.x86_64 0:2.7.90-1.fc25 will be installed > --> Finished Dependency Resolution > > Dependencies Resolved > > ================================================================================ > Package Arch Version Repository > Size > ================================================================================ > Installing: > openvswitch x86_64 2.7.90-1.fc25 /openvswitch-2.7.90-1.fc25.x86_64 11 > M > > Transaction Summary > ================================================================================ > Install 1 Package > > Total size: 11 M > Installed size: 11 M > Is this ok [y/d/N]: y > Downloading packages: > Running transaction check > Running transaction test > Transaction test succeeded > Running transaction > Installing : openvswitch-2.7.90-1.fc25.x86_64 > 1/1 > Verifying : openvswitch-2.7.90-1.fc25.x86_64 > 1/1 > > Installed: > openvswitch.x86_64 0:2.7.90-1.fc25 > > > Complete! > [root@wsfd-netdev60 ~]# systemctl start openvswitch > [root@wsfd-netdev60 ~]# ps aux | grep ovs > openvsw+ 12642 0.0 0.0 47864 2296 ? S<s 10:57 0:00 > ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info > --remote=punix:/var/run/openvswitch/db.sock > --private-key=db:Open_vSwitch,SSL,private_key > --certificate=db:Open_vSwitch,SSL,certificate > --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --user > openvswitch:openvswitch --no-chdir > --log-file=/var/log/openvswitch/ovsdb-server.log > --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach > openvsw+ 12688 0.0 0.0 49588 10600 ? S<Ls 10:57 0:00 > ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err > -vfile:info --mlockall --user openvswitch:openvswitch --no-chdir > --log-file=/var/log/openvswitch/ovs-vswitchd.log > --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach CC: Leif Madsen <[email protected]> CC: Timothy Redaelli <[email protected]> CC: Flavio Leitner <[email protected]> CC: Ansis Atteka <[email protected]> CC: Markos Chandras <[email protected]> Aaron Conole (6): soexpand: enable dpdk specific blocks redhat: replace python3 with python package macro redhat: make the rpm aware of the lock file redhat: allow arbitrary user:group redhat: dynamically allocate and reference ovs user redhat: allow dpdk to also run as non-root user Makefile.am | 6 +++- build-aux/soexpand.pl | 23 ++++++++++++++-- rhel/.gitignore | 1 + rhel/automake.mk | 3 +- rhel/openvswitch-fedora.spec.in | 32 ++++++++++++++++++++-- ...usr_lib_systemd_system_ovs-vswitchd.service.in} | 8 ++++++ rhel/usr_lib_systemd_system_ovsdb-server.service | 5 ++++ ..._openvswitch_scripts_systemd_sysconfig.template | 3 ++ 8 files changed, 74 insertions(+), 7 deletions(-) rename rhel/{usr_lib_systemd_system_ovs-vswitchd.service => usr_lib_systemd_system_ovs-vswitchd.service.in} (71%) -- 2.9.4 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
