Added OvS permission workaround for enabling DPDK

The vhost sockets sockets are created with qemu permission, but ovs runs with root permission. In order to allow ovs to access vhost sockets reducing the ovs group permission from root to qemu. This is a temprovary workaround, until ovs fixes the permission issue. The script supports both ovs2.6 and ovs2.7 versions. Change-Id: I172956390c19fc9824bf7590cd48bfcf6201191b
2017-06-27 19:17:43 +05:30 · 2017-06-27 19:17:43 +05:30 · d7738012e1
commit d7738012e1
parent b5081b67e5
2 changed files with 32 additions and 0 deletions
--- a/extraconfig/pre_network/host_config_and_reboot.yaml
+++ b/extraconfig/pre_network/host_config_and_reboot.yaml
@ -178,6 +178,32 @@ resources:
          template: |
            #!/bin/bash
            set -x
+
+            # OvS Permission issue temporary workaround
+            # https://bugzilla.redhat.com/show_bug.cgi?id=1459436
+            # Actual solution from openvswitch - https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/333423.html
+            ovs_service_path="/usr/lib/systemd/system/ovs-vswitchd.service"
+
+            if grep -q 'RuntimeDirectoryMode' $ovs_service_path; then
+                sed -i 's/RuntimeDirectoryMode=.*/RuntimeDirectoryMode=0775/' $ovs_service_path
+            else
+                echo "RuntimeDirectoryMode=0775" >> $ovs_service_path
+            fi
+
+            if ! grep -Fxq "Group=qemu" $ovs_service_path ; then
+              echo "Group=qemu" >> $ovs_service_path
+            fi
+
+            if ! grep -Fxq "UMask=0002" $ovs_service_path ; then
+              echo "UMask=0002" >> $ovs_service_path
+            fi
+
+            ovs_ctl_path='/usr/share/openvswitch/scripts/ovs-ctl'
+            if ! grep -q "umask 0002 \&\& start_daemon \"\$OVS_VSWITCHD_PRIORITY\"" $ovs_ctl_path ; then
+              sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path
+            fi
+
+
            # DO NOT use --detailed-exitcodes
            puppet apply --logdest console \
              --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \
--- a/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml
+++ b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - Fixed the openvswitch permission to allow ovs to access vhost
+    sockets created by qemu. This is a workaround until openvswitch
+    provides the actual solution.
+