Public bug reported: When using Openstack Ussuri with OVN 20.03 and adding a floating IP address to a port the ovn-controller on the hypervisor repeatedly reports:
2021-03-02T10:33:35.517Z|35359|ovsdb_idl|WARN|transaction error: {"details":"RBAC rules for client \"juju-eab186-zaza-d26c8c079cc7-11.project.serverstack\" role \"ovn-controller\" prohibit modification of table \"Port_Binding\".","error":"permission error"} 2021-03-02T10:33:35.518Z|35360|main|INFO|OVNSB commit failed, force recompute next time. The seams to be because the ovn-controller needs to update the virtual_parent attribute of the port binding *2 but that is not included in the list of permissions allowed by the ovn-controller role *1 *1 https://github.com/ovn-org/ovn/blob/aa8ef5588c119fa8615d78288a7db7e3df2d6fbe/northd/ovn-northd.c#L11331-L11332 *2 https://pastebin.ubuntu.com/p/4CfcxgDgdm/ Disabling rbac by changing the role to "" and stopping and starting the southbound db listener results in the port being immediately updated and the floating IP can be accessed. ** Affects: ovn (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1917475 Title: RBAC Permissions too strict for Port_Binding table To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1917475/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs