add user and group to ovn container image to rebuild for dpdk file ac…

…cess update ovn-controler script to chown ovs bridge socket files so that libvirt pod can read fix #1982
vexxhost · Oct 28, 2024 · c2c572c · c2c572c
1 parent a4b05aa
commit c2c572c
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 0 deletions.
diff --git a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
@@ -169,5 +169,8 @@ do
   then
     ovs-vsctl --may-exist add-port $bridge $iface
     migrate_ip_from_nic $iface $bridge
+  # update bridge socket file to non root owner 42424
+  chown 42424:42424 /var/run/openvswitch/*.mgmt
+  chown 42424:42424 /var/run/openvswitch/*.snoop
   fi
 done
diff --git a/charts/patches/ovn/0003-update-ovs-bridge-socket-file-ownship-to-non-root.patch b/charts/patches/ovn/0003-update-ovs-bridge-socket-file-ownship-to-non-root.patch
@@ -0,0 +1,25 @@
+From ae76ebd037c455456801f9563b3dccc66aebef8c Mon Sep 17 00:00:00 2001
+From: Yaguang Tang <[email protected]>
+Date: Mon, 28 Oct 2024 16:26:39 +0800
+Subject: [PATCH] update ovs bridge socket file ownship to non root
+
+---
+ charts/ovn/templates/bin/_ovn-controller-init.sh.tpl | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
+index b1960212..8da8416f 100644
+--- a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
++++ b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
+@@ -169,5 +169,8 @@ do
+   then
+     ovs-vsctl --may-exist add-port $bridge $iface
+     migrate_ip_from_nic $iface $bridge
++  # update bridge socket file to non root owner 42424
++  chown 42424:42424 /var/run/openvswitch/*.mgmt
++  chown 42424:42424 /var/run/openvswitch/*.snoop
+   fi
+ done
+-- 
+2.39.5 (Apple Git-154)
+
diff --git a/images/ovn/Dockerfile b/images/ovn/Dockerfile
@@ -34,3 +34,11 @@ EOF
 COPY --from=ovn-kubernetes --link /src/dist/images/ovndb-raft-functions.sh /root/ovndb-raft-functions.sh
 COPY --from=ovn-kubernetes --link /src/dist/images/ovnkube.sh /root/ovnkube.sh
 COPY --from=ovn-kubernetes --link /usr/bin/ovn-kube-util /usr/bin/ovn-kube-util
+
+ARG PROJECT=ovn
+ENV OVS_USER_ID=42424
+RUN \
+    groupadd -g 42424 ${PROJECT} && \
+    useradd -u 42424 -g 42424 -M -d /var/lib/${PROJECT} -s /sbin/nologin -c "${PROJECT} User" ${PROJECT} && \
+    mkdir -p /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/run/${PROJECT} && \
+    chown -Rv ${PROJECT}:${PROJECT} /etc/${PROJECT} /var/log/${PROJECT} /var/lib/${PROJECT} /var/run/${PROJECT}