From f5531f3bcb352ac9587e5c981013adab689edc9d Mon Sep 17 00:00:00 2001
From: Vladimir Kozhukalov <kozhukalov@gmail.com>
Date: Wed, 29 Jan 2025 04:31:05 -0600
Subject: [PATCH] Run ovn controller with non root openvswitch user

We recently updated the openvswitch chart to run
ovs db server as non root.

See: https://review.opendev.org/c/openstack/openstack-helm-infra/+/939580

Also ovn-kubernetes script ovnkube.sh that we are using for
lifecycle management of OVN components tries to update the
ownership of OVS run and config directories before start.

So we have to pass the correct username to the script
so it does not break the OVS files permissions.

Change-Id: Ie00dd2657c616645ec237c0880bbc552b3805236
---
 ovn/templates/daemonset-controller.yaml | 2 ++
 ovn/values.yaml                         | 1 +
 2 files changed, 3 insertions(+)

diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
index 7612ee9247..619b648921 100644
--- a/ovn/templates/daemonset-controller.yaml
+++ b/ovn/templates/daemonset-controller.yaml
@@ -110,6 +110,8 @@ spec:
             - ovn-controller
 {{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
           env:
+            - name: OVS_USER_ID
+              value: {{ .Values.conf.ovs_user_name }}
             - name: OVN_DAEMONSET_VERSION
               value: "3"
             - name: OVN_LOGLEVEL_CONTROLLER
diff --git a/ovn/values.yaml b/ovn/values.yaml
index ca60650fb3..550b360461 100644
--- a/ovn/values.yaml
+++ b/ovn/values.yaml
@@ -82,6 +82,7 @@ conf:
   #   br-private: eth0
   #   br-public: eth1
   auto_bridge_add: {}
+  ovs_user_name: openvswitch
 
 pod:
   # NOTE: should be same as nova.pod.use_fqdn.compute