Public bug reported: Hi,
I've tested this on both 20.03 and 20.06. Looking into ovn-architecture.xml: https://github.com/ovn-org/ovn/blob/master/ovn-architecture.7.xml#L2530 It states that once RBAC is enabled, ovn-controllers will have access to some of the tables and that is hardcoded within OVN. That means once RBAC is enabled, IGMP_Group table is out of reach for ovn-controllers and will cause the following issue: 2021-02-06T17:17:40.916Z|00028|ovsdb_idl|WARN|transaction error: {"details":"RBAC rules for client "REDACTED" role "ovn-controller" prohibit row insertion into table "IGMP_Group".","error":"permission error"} Reported on upstream repo: https://github.com/ovn-org/ovn/issues/77 Proposed patch: https://github.com/phvalguima/ovn/commit/3419d9946c51b413f816ceb82372677e4afdbe9d ** Affects: ovn (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914988 Title: IGMP Snooping does not work with RBAC enabled ovn-controllers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1914988/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs