When `ovn-controller` claims a virtual lport it will update the Port_Binding table with which chassis currently has claimed the port as well as recording information about the virtual parent lport [0].
The current RBAC rules does not allow for the latter which makes this operation fail. 0: https://github.com/ovn-org/ovn/blob/b7b0fbdab03ce8b39d5bdc114876e6b0d0683892/controller/pinctrl.c#L6150 Fixes: 054f4c85c ("Add a new logical switch port type - 'virtual'") Reported-At: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1917475 Signed-off-by: Frode Nordahl <[email protected]> --- northd/ovn-northd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index ac872aade..dd2c8e243 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -13251,7 +13251,7 @@ static const char *rbac_encap_update[] = static const char *rbac_port_binding_auth[] = {""}; static const char *rbac_port_binding_update[] = - {"chassis", "up"}; + {"chassis", "up", "virtual_parent"}; static const char *rbac_mac_binding_auth[] = {""}; -- 2.30.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
