After this commit, the fedora RPM will create the openvswitch user, from the non-static pool, for use as an Open vSwitch daemon user. This only happens on install - not upgrade. This will be the default user:group combination for the openvswitch daemons.
To do this in a way that doesn't impact existing installations, the /etc/openvswitch directory will be created during the installation, rather than being provided as part of the rpm. Signed-off-by: Aaron Conole <[email protected]> --- rhel/openvswitch-fedora.spec.in | 15 ++++++++++++++- rhel/usr_lib_systemd_system_ovs-vswitchd.service | 1 + rhel/usr_lib_systemd_system_ovsdb-server.service | 2 ++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in index fe6f15f..f4da735 100644 --- a/rhel/openvswitch-fedora.spec.in +++ b/rhel/openvswitch-fedora.spec.in @@ -92,6 +92,8 @@ Requires: openssl hostname iproute module-init-tools #Upstream kernel commit 4f647e0a3c37b8d5086214128614a136064110c3 #Requires: kernel >= 3.15.0-0 +Requires(post): /usr/bin/getent +Requires(post): /usr/sbin/useradd Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -354,6 +356,16 @@ rm -rf $RPM_BUILD_ROOT %endif %post +if [ $1 -eq 1 ]; then + getent passwd openvswitch >/dev/null || \ + useradd -r -d / -s /sbin/nologin -c "Open vSwitch Daemons" openvswitch + echo "OVS_USER_ID=openvswitch:openvswitch" > \ + %{_sysconfdir}/sysconfig/openvswitch-pre + + # In the case of upgrade, this is not needed. + install -d -m 0755 -o openvswitch -g openvswitch /etc/openvswitch +fi + %if 0%{?systemd_post:1} %systemd_post %{name}.service %else @@ -480,7 +492,8 @@ fi %defattr(-,root,root) %{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash %{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash -%dir %{_sysconfdir}/openvswitch +%ghost %{_sysconfdir}/openvswitch +%ghost %{_sysconfdir}/sysconfig/openvswitch-pre %config %ghost %{_sysconfdir}/openvswitch/conf.db %ghost %{_sysconfdir}/openvswitch/.conf.db.~lock~ %config %ghost %{_sysconfdir}/openvswitch/system-id.conf diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service b/rhel/usr_lib_systemd_system_ovs-vswitchd.service index d63bf4d..0434d20 100644 --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service @@ -11,6 +11,7 @@ PartOf=openvswitch.service Type=forking Restart=on-failure Environment="OVS_USER_ID=root:root" +EnvironmentFile=-/etc/sysconfig/openvswitch-pre EnvironmentFile=-/etc/sysconfig/openvswitch ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ --no-ovsdb-server --no-monitor --system-id=random \ diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service index 67b50c8..8354087 100644 --- a/rhel/usr_lib_systemd_system_ovsdb-server.service +++ b/rhel/usr_lib_systemd_system_ovsdb-server.service @@ -9,7 +9,9 @@ PartOf=openvswitch.service Type=forking Restart=on-failure Environment="OVS_USER_ID=root:root" +EnvironmentFile=-/etc/sysconfig/openvswitch-pre EnvironmentFile=-/etc/sysconfig/openvswitch +ExecStartPre=/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ --no-ovs-vswitchd --no-monitor --system-id=random \ --ovs-user=${OVS_USER_ID} \ -- 2.9.4 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
