#708 Allocating a static uid and gid for openvswitch
Closed: nothingtodo 2 years ago Opened 2 years ago by aconole.

The openvswitch upstream recently underwent changes to execute services as the non-root user 'openvswitch', with group 'hugetlbfs'. The openvswitch provides networking connectivity between physical network and virtual machines, and is able to manipulate and view traffic. I didn't see an existing user that seemed to fulfill this kind of role.


Sorry for not addressing this sooner.

I think I understand why a dynamic allocation doesn't work (it has to match between host and VMs) but that's something you need to tell us before we can make any kind of decision. There is a very limited pool from which we can make static allocations, so they need to be well-justified.

Metadata Update from @tibbs:
- Issue tagged with: meeting

2 years ago

We discussed this at this weeks meeting (http://meetbot.fedoraproject.org/fedora-meeting-1/2017-09-14/fpc.2017-09-14-16.00.txt):

  • x708 Allocating a static uid and gid for openvswitch (geppetto,
    16:24:18)

We are concerned with the backup/restore use-case. An administrator deploys Fedora, install openvswitch package which creates dynamic UID/GID, then it keeps a backup (yes, some people do that :). Well, if something bad happens and the administrator has to re-deploy Fedora, the new openvswitch package might select another UID/GID which will be different from the files in his backup.

Is that situation OK from the fedora's committee perspective?
Thanks

We discussed this at this weeks meeting (https://meetbot-raw.fedoraproject.org/fedora-meeting-2/2017-10-04/fpc.2017-10-04-17.00.txt:

  • x708 Allocating a static uid and gid for openvswitch (geppetto,
    17:12:06)
  • ACTION: We would need to know why it matters if the ID changes.
    Backup software understand ID's can change, and so save names/etc.
    (geppetto, 17:19:12)

Metadata Update from @james:
- Issue tagged with: needinfo

2 years ago

rsync doesn't know that, for instance. I believe many backup sofftware out there assume that you would be restoring data as-is. So, if you re-deploy system packages, one would expect the same UIDs.

@fbl Sorry, but that's not true. rsync does know that and restores ownership by user/group name by default. You actually have to add --numeric-ids if you want to go by uid/gid.

@rathann really? Because I had problems in past where I had to manually fix the uid/gids. Anyway, I'd be okay if you think it's not necessary.

No progress for 7 months, please reopen if you still think that we need to allocate uid/gid.

Metadata Update from @ignatenkobrain:
- Issue untagged with: meeting, needinfo
- Issue close_status updated to: nothingtodo
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata