When `ovn-controller` claims a virtual lport it will update the Port_Binding table with which chassis currently has claimed the port as well as recording information about the virtual parent lport [0].
When `ovn-controller` claims a lport it will also update the encap field of the Port_Binding table if set and an update is needed. The current RBAC rules does not allow for these updates. 0: https://github.com/ovn-org/ovn/blob/b7b0fbdab03ce8b39d5bdc114876e6b0d0683892/controller/pinctrl.c#L6150 Fixes: 054f4c85c ("Add a new logical switch port type - 'virtual'") Fixes: 6c8b9a132 (" ovn-controller: Store the local port bindings in the runtime data I-P state") Reported-At: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1917475 Signed-off-by: Frode Nordahl <[email protected]> --- northd/ovn-northd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index ac872aade..bafcb51e9 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -13251,7 +13251,7 @@ static const char *rbac_encap_update[] = static const char *rbac_port_binding_auth[] = {""}; static const char *rbac_port_binding_update[] = - {"chassis", "up"}; + {"chassis", "encap", "up", "virtual_parent"}; static const char *rbac_mac_binding_auth[] = {""}; -- 2.30.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
