To confirm this is the bug in /var/log/ovn/ovn-controller.log on the
hypervisors look for:.
2021-03-02T10:33:35.517Z|35359|ovsdb_idl|WARN|transaction error:
{"details":"RBAC rules for client
\"juju-eab186-zaza-d26c8c079cc7-11.project.serverstack\" role
\"ovn-controller\" prohibit modification of table
\"Port_Binding\".","error":"permission error"}
2021-03-02T10:33:35.518Z|35360|main|INFO|OVNSB commit failed, force recompute
next time.
To disabel rbac, on an ovn-central unit:
# sudo ovn-sbctl find connection
_uuid : a3b68994-4376-4506-81eb-e23d15641305
external_ids : {}
inactivity_probe : 60000
is_connected : false
max_backoff : []
other_config : {}
read_only : false
role : ""
status : {}
target : "pssl:16642"
_uuid : ee53c2b6-ed8b-4b21-9825-a4ecaf2bdc95
external_ids : {}
inactivity_probe : 60000
is_connected : false
max_backoff : []
other_config : {}
read_only : false
role : ovn-controller
status : {}
target : "pssl:6642"
Look for the 6642 listeners uuid. In this case 'ee53c2b6-ed8b-
4b21-9825-a4ecaf2bdc95'
Remove the role to disable rbac:
# sudo ovn-sbctl set connection ee53c2b6-ed8b-4b21-9825-a4ecaf2bdc95
role=''
Restart the ovn-controller service on the hypervisors.
To reenable rbac:
# sudo ovn-sbctl set connection e0cef788-df18-4b1b-a238-e8b79ea51c7c
role='ovn-controller'
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917475
Title:
RBAC Permissions too strict for Port_Binding table
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1917475/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
