Thank you Pedro, We built a test package [0] with this patch and received confirmation it solved the problem.
Acked-by: Frode Nordahl <[email protected]> 0: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1914988 On Thu, Feb 11, 2021 at 10:55 AM Pedro Guimaraes <[email protected]> wrote: > > If RBAC and IGMP snooping are enabled, ovn-controllers need to > be able to register new entries to table IGMP_Group as requests > are detected. > > For that, ovn-controllers need to have read/write access to > IGMP_Group table. > > Signed-off-by: Pedro Guimaraes <[email protected]> > Reported-at: https://github.com/ovn-org/ovn/issues/77 > --- > northd/ovn-northd.c | 12 ++++++++++++ > ovn-architecture.7.xml | 16 ++++++++++++++++ > 2 files changed, 28 insertions(+) > > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c > index b2b5f6a1b..39d798782 100644 > --- a/northd/ovn-northd.c > +++ b/northd/ovn-northd.c > @@ -13009,6 +13009,10 @@ static const char *rbac_svc_monitor_auth[] = > {""}; > static const char *rbac_svc_monitor_auth_update[] = > {"status"}; > +static const char *rbac_igmp_group_auth[] = > + {""}; > +static const char *rbac_igmp_group_update[] = > + {"address", "chassis", "datapath", "ports"}; > > static struct rbac_perm_cfg { > const char *table; > @@ -13067,6 +13071,14 @@ static struct rbac_perm_cfg { > .update = rbac_svc_monitor_auth_update, > .n_update = ARRAY_SIZE(rbac_svc_monitor_auth_update), > .row = NULL > + },{ > + .table = "IGMP_Group", > + .auth = rbac_igmp_group_auth, > + .n_auth = ARRAY_SIZE(rbac_igmp_group_auth), > + .insdel = true, > + .update = rbac_igmp_group_update, > + .n_update = ARRAY_SIZE(rbac_igmp_group_update), > + .row = NULL > },{ > .table = NULL, > .auth = NULL, > diff --git a/ovn-architecture.7.xml b/ovn-architecture.7.xml > index e5c9f9549..0eef9b739 100644 > --- a/ovn-architecture.7.xml > +++ b/ovn-architecture.7.xml > @@ -2597,6 +2597,22 @@ > modified by ovn-controller. > </p> > </dd> > + > + <dt><code>IGMP_Group</code></dt> > + <dd> > + <p> > + <code>Authorization</code>: disabled (all clients are considered > + to be authorized). > + </p> > + <p> > + <code>Insert/Delete</code>: row insertion/deletion are permitted. > + </p> > + <p> > + <code>Update</code>: The columns <code>address</code>, > + <code>chassis</code>, <code>datapath</code>, and > + <code>ports</code> may be modified by ovn-controller. > + </p> > + </dd> > </dl> > > <p> > -- > 2.30.0 > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev -- Frode Nordahl _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
