On Sat, Jun 03, 2017 at 11:10:00AM -0400, Aaron Conole wrote: > After this commit, the fedora RPM will create the openvswitch user, from the > non-static pool, for use as an Open vSwitch daemon user. This only happens > on install - not upgrade. This will be the default user:group > combination for the openvswitch daemons. > > To do this in a way that doesn't impact existing installations, the > /etc/openvswitch directory will be created during the installation, > rather than being provided as part of the rpm.
In the previous patch you add the user configuration to the sysconfig file and here it adds the same info again to another file which the user might change, getting us back to state today but now with 2 files. Perhaps we could adopt another approach that we have a default recommended configuration and then a file where the user can customize it? In this case we would create /etc/openvswitch/default.conf. If the user wants to change something, it replaces the variable in /etc/sysconfig/openvswitch as it works today. Since default.conf is owned by the system, we can assume it's not edited by the user. Then we ship /etc/openvswitch/default.conf with OVS_USER_ID="openvswitch:openvswitch" by default, so new installations will have the file state correct in the rpmdb. The %post appends to the end of /etc/sysconfig/openvswitch the variable replacing the default user id to root. Then on new installations we have /etc/openvswitch/default.conf with the recommended system options, nothing on /etc/sysconfig/openvswitch, no need to add root userid to the services. On upgrades, there will be the default.conf recommending to run as user, and /etc/sysconfig/openvswitch changing to root which the admin can comment out to move on, and system services are ok. What do you think? I am sure I missed something. fbl > > Signed-off-by: Aaron Conole <[email protected]> > --- > rhel/openvswitch-fedora.spec.in | 15 ++++++++++++++- > rhel/usr_lib_systemd_system_ovs-vswitchd.service | 1 + > rhel/usr_lib_systemd_system_ovsdb-server.service | 2 ++ > 3 files changed, 17 insertions(+), 1 deletion(-) > > diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in > index fe6f15f..f4da735 100644 > --- a/rhel/openvswitch-fedora.spec.in > +++ b/rhel/openvswitch-fedora.spec.in > @@ -92,6 +92,8 @@ Requires: openssl hostname iproute module-init-tools > #Upstream kernel commit 4f647e0a3c37b8d5086214128614a136064110c3 > #Requires: kernel >= 3.15.0-0 > > +Requires(post): /usr/bin/getent > +Requires(post): /usr/sbin/useradd > Requires(post): systemd-units > Requires(preun): systemd-units > Requires(postun): systemd-units > @@ -354,6 +356,16 @@ rm -rf $RPM_BUILD_ROOT > %endif > > %post > +if [ $1 -eq 1 ]; then > + getent passwd openvswitch >/dev/null || \ > + useradd -r -d / -s /sbin/nologin -c "Open vSwitch Daemons" > openvswitch > + echo "OVS_USER_ID=openvswitch:openvswitch" > \ > + %{_sysconfdir}/sysconfig/openvswitch-pre > + > + # In the case of upgrade, this is not needed. > + install -d -m 0755 -o openvswitch -g openvswitch /etc/openvswitch > +fi > + > %if 0%{?systemd_post:1} > %systemd_post %{name}.service > %else > @@ -480,7 +492,8 @@ fi > %defattr(-,root,root) > %{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash > %{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash > -%dir %{_sysconfdir}/openvswitch > +%ghost %{_sysconfdir}/openvswitch > +%ghost %{_sysconfdir}/sysconfig/openvswitch-pre > %config %ghost %{_sysconfdir}/openvswitch/conf.db > %ghost %{_sysconfdir}/openvswitch/.conf.db.~lock~ > %config %ghost %{_sysconfdir}/openvswitch/system-id.conf > diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service > b/rhel/usr_lib_systemd_system_ovs-vswitchd.service > index d63bf4d..0434d20 100644 > --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service > +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service > @@ -11,6 +11,7 @@ PartOf=openvswitch.service > Type=forking > Restart=on-failure > Environment="OVS_USER_ID=root:root" > +EnvironmentFile=-/etc/sysconfig/openvswitch-pre > EnvironmentFile=-/etc/sysconfig/openvswitch > ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > --no-ovsdb-server --no-monitor --system-id=random \ > diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service > b/rhel/usr_lib_systemd_system_ovsdb-server.service > index 67b50c8..8354087 100644 > --- a/rhel/usr_lib_systemd_system_ovsdb-server.service > +++ b/rhel/usr_lib_systemd_system_ovsdb-server.service > @@ -9,7 +9,9 @@ PartOf=openvswitch.service > Type=forking > Restart=on-failure > Environment="OVS_USER_ID=root:root" > +EnvironmentFile=-/etc/sysconfig/openvswitch-pre > EnvironmentFile=-/etc/sysconfig/openvswitch > +ExecStartPre=/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch > ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > --no-ovs-vswitchd --no-monitor --system-id=random \ > --ovs-user=${OVS_USER_ID} \ > -- > 2.9.4 > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev -- Flavio _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
