Public bug reported:
When using Openstack Ussuri with OVN 20.03 and adding a floating IP
address to a port the ovn-controller on the hypervisor repeatedly
reports:
2021-03-02T10:33:35.517Z|35359|ovsdb_idl|WARN|transaction error:
{"details":"RBAC rules for client
\"juju-eab186-zaza-d26c8c079cc7-11.project.serverstack\" role
\"ovn-controller\" prohibit modification of table
\"Port_Binding\".","error":"permission error"}
2021-03-02T10:33:35.518Z|35360|main|INFO|OVNSB commit failed, force recompute
next time.
The seams to be because the ovn-controller needs to update the
virtual_parent attribute of the port binding *2 but that is not included
in the list of permissions allowed by the ovn-controller role *1
*1
https://github.com/ovn-org/ovn/blob/aa8ef5588c119fa8615d78288a7db7e3df2d6fbe/northd/ovn-northd.c#L11331-L11332
*2 https://pastebin.ubuntu.com/p/4CfcxgDgdm/
Disabling rbac by changing the role to "" and stopping and starting the
southbound db listener results in the port being immediately updated and
the floating IP can be accessed.
** Affects: ovn (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917475
Title:
RBAC Permissions too strict for Port_Binding table
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1917475/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
