[-]
[+]
|
Added |
openvswitch-dpdk.changes
|
|
[-]
[+]
|
Changed |
openvswitch.changes
^
|
|
[-]
[+]
|
Added |
openvswitch-dpdk.spec
^
|
|
[-]
[+]
|
Changed |
openvswitch.spec
^
|
|
[-]
[+]
|
Added |
0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch
^
|
@@ -0,0 +1,60 @@
+From fb496f92ca1eeead8760b5cdfd857165f64deadf Mon Sep 17 00:00:00 2001
+From: Numan Siddique <nusiddiq@redhat.com>
+Date: Mon, 21 Dec 2015 12:31:14 +0530
+Subject: [PATCH] Remove broken pipe warning logs from ovsdb-server.log for ovn
+ tests
+
+Taken the fix from the commit d3292dd... (in ovn-controller-vtep.at)
+
+Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
+Signed-off-by: Russell Bryant <rbryant@redhat.com>
+---
+ tests/ovn-nbctl.at | 10 +++++++++-
+ tests/ovn-sbctl.at | 10 +++++++++-
+ 2 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
+index 5358f1e..efad8a2 100644
+--- a/tests/ovn-nbctl.at
++++ b/tests/ovn-nbctl.at
+@@ -16,7 +16,15 @@ m4_define([OVN_NBCTL_TEST_START],
+
+ # OVN_NBCTL_TEST_STOP
+ m4_define([OVN_NBCTL_TEST_STOP],
+- [AT_CHECK([check_logs $1])
++ [# removes all 'Broken pipe' warning logs from ovsdb-server.log. this is in
++ # that *ctl command (e.g. ovn-nbctl) exits right after committing the change
++ # to database. however, in reaction, some daemon (e.g. ovn-controller-vtep)
++ # may immediately update the database. this later update may cause database
++ # sending update back to *ctl command if *ctl has not proceeded to exit yet.
++ # and if *ctl command exits before database calling send, the send from
++ # database will fail with 'Broken pipe' error.
++ AT_CHECK([check_logs "$1
++/Broken pipe/d"])
+ AT_CHECK([ovs-appctl -t ovsdb-server exit])])
+
+
+diff --git a/tests/ovn-sbctl.at b/tests/ovn-sbctl.at
+index 9986d9a..4c7cf87 100644
+--- a/tests/ovn-sbctl.at
++++ b/tests/ovn-sbctl.at
+@@ -25,7 +25,15 @@ m4_define([OVN_SBCTL_TEST_START],
+
+ # OVN_SBCTL_TEST_STOP
+ m4_define([OVN_SBCTL_TEST_STOP],
+- [AT_CHECK([check_logs $1])
++ [# removes all 'Broken pipe' warning logs from ovsdb-server.log. this is in
++ # that *ctl command (e.g. ovn-nbctl) exits right after committing the change
++ # to database. however, in reaction, some daemon (e.g. ovn-controller-vtep)
++ # may immediately update the database. this later update may cause database
++ # sending update back to *ctl command if *ctl has not proceeded to exit yet.
++ # and if *ctl command exits before database calling send, the send from
++ # database will fail with 'Broken pipe' error.
++ AT_CHECK([check_logs "$1
++/Broken pipe/d"])
+ AT_CHECK([ovs-appctl -t ovn-northd exit])
+ AT_CHECK([ovs-appctl -t ovsdb-server exit])])
+
+--
+2.8.3
+
|
[-]
[+]
|
Added |
0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch
^
|
@@ -0,0 +1,51 @@
+From 49e6a7ece028a2a429ee7672e4225788e8bbb4a9 Mon Sep 17 00:00:00 2001
+From: Markos Chandras <mchandras@suse.de>
+Date: Tue, 6 Sep 2016 11:06:56 +0100
+Subject: [PATCH] ovs-ctl: Add new DPDK_OPTIONS environment variable
+
+Add new DPDK_OPTIONS environment variable to hold the dpdk
+vswitchd options so that the systemd unit files can be used to
+launch an ovs-vswitcd DPDK capable instance instead of doing
+it manually.
+
+A similar patch has been submitted upstream
+http://openvswitch.org/pipermail/dev/2016-July/074150.html
+but got rejected because the master (2.6 at the time) has been
+fixed in a different way and DPDK options are now part of the
+ovsdb.
+
+Signed-off-by: Markos Chandras <mchandras@suse.de>
+---
+ rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template | 3 +++
+ utilities/ovs-ctl.in | 4 +++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
+index 3050a07..8779c1e 100644
+--- a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
++++ b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
+@@ -21,3 +21,6 @@
+ # --ovsdb-server-wrapper=valgrind
+ #
+ OPTIONS=""
++# DPDK options to be passed along with --dpdk to ovs-vswitchd. For example:
++# DPDK_OPTIONS="-c 0x1 -n 4"
++DPDK_OPTIONS=""
+diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
+index 0082bed..cec399c 100755
+--- a/utilities/ovs-ctl.in
++++ b/utilities/ovs-ctl.in
+@@ -215,7 +215,9 @@ start_forwarding () {
+ fi
+
+ # Start ovs-vswitchd.
+- set ovs-vswitchd unix:"$DB_SOCK"
++ set ovs-vswitchd
++ [ -z "$DPDK_OPTIONS" ] || set -- "$@" "--dpdk" $DPDK_OPTIONS "--"
++ set "$@" unix:"$DB_SOCK"
+ set "$@" -vconsole:emer -vsyslog:err -vfile:info
+ if test X"$MLOCKALL" != Xno; then
+ set "$@" --mlockall
+--
+2.9.3
+
|
[-]
[+]
|
Deleted |
log-check-module-loop.patch
^
|
@@ -1,36 +0,0 @@
-Index: lib/vlog.c
-===================================================================
---- lib/vlog.c.orig
-+++ lib/vlog.c
-@@ -227,7 +227,7 @@ set_facility_level(enum vlog_facility fa
- ovs_mutex_lock(&log_file_mutex);
- if (!module) {
- struct vlog_module *mp;
-- LIST_FOR_EACH (mp, list, &vlog_modules) {
-+ LIST_FOR_EACH_CHECK (mp, list, &vlog_modules) {
- mp->levels[facility] = level;
- update_min_level(mp);
- }
-@@ -347,7 +347,7 @@ vlog_set_log_file(const char *file_name)
- log_writer = async_append_create(new_log_fd);
- }
-
-- LIST_FOR_EACH (mp, list, &vlog_modules) {
-+ LIST_FOR_EACH_CHECK (mp, list, &vlog_modules) {
- update_min_level(mp);
- }
- ovs_mutex_unlock(&log_file_mutex);
-Index: lib/list.h
-===================================================================
---- lib/list.h.orig
-+++ lib/list.h
-@@ -79,5 +79,9 @@ bool list_is_short(const struct list *);
- ? ASSIGN_CONTAINER(NEXT, (ITER)->MEMBER.next, MEMBER), 1 \
- : 0); \
- (ITER) = (NEXT))
-+#define LIST_FOR_EACH_CHECK(ITER, MEMBER, LIST) \
-+ for (ASSIGN_CONTAINER(ITER, (LIST)->next, MEMBER); \
-+ &(ITER)->MEMBER != (LIST) && (ITER)->MEMBER.next != (ITER)->MEMBER.prev; \
-+ ASSIGN_CONTAINER(ITER, (ITER)->MEMBER.next, MEMBER))
-
- #endif /* list.h */
|
[-]
[+]
|
Added |
openvswitch-2.5.0-detect-dpdk-installation.patch
^
|
@@ -0,0 +1,153 @@
+From patchwork Tue Apr 12 10:44:15 2016
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: [ovs-dev, v5] acinclude: Autodetect DPDK location when configuring OVS
+From: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com>
+X-Patchwork-Id: 609339
+Message-Id: <1460457855-58572-1-git-send-email-bhanuprakash.bodireddy@intel.com>
+To: blp@ovn.org
+Cc: dev@openvswitch.org
+Date: Tue, 12 Apr 2016 11:44:15 +0100
+
+When using DPDK datapath, the OVS configure script requires the DPDK
+build directory passed on --with-dpdk. This can be avoided if DPDK
+library, headers are in standard compiler search paths.
+
+This patch fixes the problem by searching for DPDK libraries in standard
+locations and configure OVS sources for dpdk datapath.
+
+If the install location is manually specified in "--with-dpdk"
+autodiscovery shall be skipped.
+
+v4->v5
+- Minor code fixes and indentation changes as suggested by Ben
+
+Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com>
+---
+ acinclude.m4 | 76 +++++++++++++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 52 insertions(+), 24 deletions(-)
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index f345c31..acd7ce7 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -163,27 +163,50 @@ AC_DEFUN([OVS_CHECK_DPDK], [
+ [AC_HELP_STRING([--with-dpdk=/path/to/dpdk],
+ [Specify the DPDK build directory])])
+
+- if test X"$with_dpdk" != X; then
+- RTE_SDK=$with_dpdk
++ AC_MSG_CHECKING([whether dpdk datapath is enabled])
++ if test -z "$with_dpdk" || test "$with_dpdk" = no; then
++ AC_MSG_RESULT([no])
++ DPDKLIB_FOUND=false
++ else
++ AC_MSG_RESULT([yes])
++ case "$with_dpdk" in
++ yes)
++ DPDK_AUTO_DISCOVER="true"
++ DPDK_INCLUDE="/usr/local/include/dpdk -I/usr/include/dpdk"
++ ;;
++ *)
++ DPDK_AUTO_DISCOVER="false"
++ DPDK_INCLUDE="$with_dpdk/include"
++ # If 'with_dpdk' is passed install directory, point to headers
++ # installed in $DESTDIR/$prefix/include/dpdk
++ AC_CHECK_FILE([$DPDK_INCLUDE/rte_config.h], [],
++ [AC_CHECK_FILE([$DPDK_INCLUDE/dpdk/rte_config.h],
++ [DPDK_INCLUDE=$DPDK_INCLUDE/dpdk], [])])
++ DPDK_LIB_DIR="$with_dpdk/lib"
++ ;;
++ esac
+
+- DPDK_INCLUDE=$RTE_SDK/include
+- DPDK_LIB_DIR=$RTE_SDK/lib
+ DPDK_LIB="-ldpdk"
+ DPDK_EXTRA_LIB=""
+- RTE_SDK_FULL=`readlink -f $RTE_SDK`
+-
+- AC_COMPILE_IFELSE(
+- [AC_LANG_PROGRAM([#include <$RTE_SDK_FULL/include/rte_config.h>
+-#if !RTE_LIBRTE_VHOST_USER
+-#error
+-#endif], [])],
+- [], [AC_DEFINE([VHOST_CUSE], [1], [DPDK vhost-cuse support enabled, vhost-user disabled.])
+- DPDK_EXTRA_LIB="-lfuse"])
+
+ ovs_save_CFLAGS="$CFLAGS"
+ ovs_save_LDFLAGS="$LDFLAGS"
+- LDFLAGS="$LDFLAGS -L$DPDK_LIB_DIR"
+ CFLAGS="$CFLAGS -I$DPDK_INCLUDE"
++ if test "$DPDK_AUTO_DISCOVER" = "false"; then
++ LDFLAGS="$LDFLAGS -L${DPDK_LIB_DIR}"
++ fi
++
++ AC_COMPILE_IFELSE([
++ AC_LANG_PROGRAM(
++ [
++ #include <rte_config.h>
++#if !RTE_LIBRTE_VHOST_USER
++#error
++#endif
++ ], [])
++ ], [],
++ [AC_DEFINE([VHOST_CUSE], [1], [DPDK vhost-cuse support enabled, vhost-user disabled.])
++ DPDK_EXTRA_LIB="-lfuse"])
+
+ # On some systems we have to add -ldl to link with dpdk
+ #
+@@ -192,7 +215,7 @@ AC_DEFUN([OVS_CHECK_DPDK], [
+ # Before each attempt the search cache must be unset,
+ # otherwise autoconf will stick with the old result
+
+- found=false
++ DPDKLIB_FOUND=false
+ save_LIBS=$LIBS
+ for extras in "" "-ldl"; do
+ LIBS="$DPDK_LIB $extras $save_LIBS $DPDK_EXTRA_LIB"
+@@ -201,17 +224,25 @@ AC_DEFUN([OVS_CHECK_DPDK], [
+ #include <rte_eal.h>],
+ [int rte_argc; char ** rte_argv;
+ rte_eal_init(rte_argc, rte_argv);])],
+- [found=true])
+- if $found; then
++ [DPDKLIB_FOUND=true])
++ if $DPDKLIB_FOUND; then
+ break
+ fi
+ done
+- if $found; then :; else
+- AC_MSG_ERROR([cannot link with dpdk])
++
++ # If linking unsuccessful
++ if test "$DPDKLIB_FOUND" = "false" ; then
++ if $DPDK_AUTO_DISCOVER; then
++ AC_MSG_ERROR([Could not find DPDK library in default search path, Use --with-dpdk to specify the DPDK library installed in non-standard location])
++ else
++ AC_MSG_ERROR([Could not find DPDK libraries in $DPDK_LIB_DIR])
++ fi
+ fi
+ CFLAGS="$ovs_save_CFLAGS"
+ LDFLAGS="$ovs_save_LDFLAGS"
+- OVS_LDFLAGS="$OVS_LDFLAGS -L$DPDK_LIB_DIR"
++ if test "$DPDK_AUTO_DISCOVER" = "false"; then
++ OVS_LDFLAGS="$OVS_LDFLAGS -L$DPDK_LIB_DIR"
++ fi
+ OVS_CFLAGS="$OVS_CFLAGS -I$DPDK_INCLUDE"
+ OVS_ENABLE_OPTION([-mssse3])
+
+@@ -226,12 +257,9 @@ AC_DEFUN([OVS_CHECK_DPDK], [
+ DPDK_vswitchd_LDFLAGS=-Wl,--whole-archive,$DPDK_LIB,--no-whole-archive
+ AC_SUBST([DPDK_vswitchd_LDFLAGS])
+ AC_DEFINE([DPDK_NETDEV], [1], [System uses the DPDK module.])
+-
+- else
+- RTE_SDK=
+ fi
+
+- AM_CONDITIONAL([DPDK_NETDEV], test -n "$RTE_SDK")
++ AM_CONDITIONAL([DPDK_NETDEV], test "$DPDKLIB_FOUND" = true)
+ ])
+
+ dnl OVS_GREP_IFELSE(FILE, REGEX, [IF-MATCH], [IF-NO-MATCH])
|
[-]
[+]
|
Deleted |
ovs-monitor-ipsec.patch
^
|
@@ -1,23 +0,0 @@
---- debian/ovs-monitor-ipsec.orig 2016-07-05 20:29:38.533614121 +0200
-+++ debian/ovs-monitor-ipsec 2016-07-05 20:30:19.973613403 +0200
-@@ -134,16 +134,16 @@
- self.commit()
-
- def reload(self):
-- exitcode = subprocess.call([root_prefix + "/etc/init.d/racoon",
-- "reload"])
-+ exitcode = subprocess.call([root_prefix + "/usr/sbin/racoonctl",
-+ "reload-config"])
- if exitcode != 0:
- # Racoon is finicky about its configuration file and will
- # refuse to start if it sees something it doesn't like
- # (e.g., a certificate file doesn't exist). Try restarting
- # the process before giving up.
- vlog.warn("attempting to restart racoon")
-- exitcode = subprocess.call([root_prefix + "/etc/init.d/racoon",
-- "restart"])
-+ exitcode = subprocess.call([root_prefix + "/usr/bin/systemctl",
-+ "restart", "racoon"])
- if exitcode != 0:
- vlog.warn("couldn't reload racoon")
-
|
[-]
[+]
|
Deleted |
Module.supported
^
|
@@ -1 +0,0 @@
-- kernel/net/openvswitch/openvswitch
|
[-]
[+]
|
Deleted |
README.packager
^
|
@@ -1,17 +0,0 @@
-
-This package is based on the Debian openvswitch package as the
-original openvswitch package in the build service was next to useless
-due of being based on the xenserver/ directory of the sources, which
-tied the package completely to xen.
-
-Also, the original package was one big package depending even on Qt4.
-This package splits in varius subpackages.
-
-The xen part was removed. If it needs to be added again, it needs to
-be its subpackage.
-
-TODO:
-
-- [DONE] sysconfig is bogus, as the init scripts do not source it yet (uses debian defaults file)
-- pki component does not have the postun postin scripts yet
-
|
|
Changed |
openvswitch-2.5.1.tar.gz
^
|
[-]
[+]
|
Changed |
openvswitch-ipsec.init
^
|
@@ -71,12 +71,17 @@
}
uninstall_mark_rule() {
- iptables -D INPUT -t mangle $1 -j MARK --set-mark 1/1 || return 0
+ iptables -D INPUT -t mangle -i eth0 $1 -j MARK --set-mark 1/1 \
+ -m comment --comment "103 mangle rule for ipsec" || return 0
}
install_mark_rule() {
- if ( ! iptables -C INPUT -t mangle $1 -j MARK --set-mark 1/1 2> /dev/null); then
- iptables -A INPUT -t mangle $1 -j MARK --set-mark 1/1
+ if (
+ ! iptables -C INPUT -i eth0 -t mangle -p esp -j MARK --set-mark 1/1 \
+ -m comment --comment "103 mangle rule for ipsec" 2> /dev/null
+ ); then
+ iptables -A INPUT -t mangle -i eth0 $1 -j MARK --set-mark 1/1 \
+ -m comment --comment "103 mangle rule for ipsec"
fi
}
@@ -86,7 +91,7 @@
fi
install_mark_rule "-p esp"
- install_mark_rule "-p udp --dport 4500"
+# install_mark_rule "-p udp --dport 4500"
/usr/share/openvswitch/scripts/ovs-monitor-ipsec \
--pidfile=$PIDFILE --log-file --detach --monitor \
unix:/var/run/openvswitch/db.sock
@@ -99,7 +104,7 @@
kill `cat $PIDFILE`
fi
uninstall_mark_rule "-p esp"
- uninstall_mark_rule "-p udp --dport 4500"
+# uninstall_mark_rule "-p udp --dport 4500"
return 0
}
|
[-]
[+]
|
Deleted |
openvswitch-switch.init
^
|
@@ -1,119 +0,0 @@
-#! /bin/sh
-#
-# Copyright (C) 2011 Nicira Networks, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-### BEGIN INIT INFO
-# Provides: openvswitch-switch
-# Required-Start: $local_fs
-# Required-Stop: $local_fs
-# Default-Start: 2 3 5
-# Default-Stop: 0 1 6
-# Short-Description: Open vSwitch switch
-### END INIT INFO
-
-(test -x /usr/sbin/ovs-vswitchd && test -x /usr/sbin/ovsdb-server) || exit 0
-
-. /etc/rc.status
-rc_reset
-
-. /usr/share/openvswitch/scripts/ovs-lib
-test -e /etc/sysconfig/openvswitch-switch && . /etc/sysconfig/openvswitch-switch
-
-if test X"$BRCOMPAT" = Xyes && test ! -x /usr/sbin/ovs-brcompatd; then
- BRCOMPAT=no
- log_warning_msg "ovs-brcompatd missing, disabling bridge compatibility"
-fi
-
-ovs_ctl () {
- set /usr/share/openvswitch/scripts/ovs-ctl "$@"
- if test X"$BRCOMPAT" = Xyes; then
- set "$@" --brcompat
- fi
- "$@"
-}
-
-load_kmod () {
- ovs_ctl load-kmod || exit $?
-}
-
-start () {
- if ovs_ctl load-kmod; then
- :
- else
- echo "Module has probably not been built for this kernel."
- if ! test -d /usr/share/doc/openvswitch-datapath-source; then
- echo "Install the openvswitch-datapath-source package, then read"
- else
- echo "For instructions, read"
- fi
- echo "/usr/share/doc/openvswitch-datapath-source/README.Debian"
- fi
- set ovs_ctl ${1-start} --system-id=random
- if test X"$FORCE_COREFILES" != X; then
- set "$@" --force-corefiles="$FORCE_COREFILES"
- fi
- "$@" || exit $?
-
- ovs_ctl --protocol=gre enable-protocol
-}
-
-stop () {
- ovs_ctl stop
-}
-
-case $1 in
- start)
- start
- ;;
- stop | force-stop)
- stop
- ;;
- reload | force-reload)
- # The OVS daemons keep up-to-date.
- ;;
- try-restart|condrestart)
- #restart the service if the service is already running
- if test "$1" = "condrestart"; then
- echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
- fi
- $0 status
- if test $? = 0; then
- $0 restart
- else
- rc_reset # Not running is not a failure.
- fi
- rc_status # Remember status and be quiet
- ;;
- restart)
- stop
- start
- ;;
- status)
- ovs_ctl status
- exit $?
- ;;
- force-reload-kmod)
- start force-reload-kmod
- ;;
- load-kmod)
- load_kmod
- ;;
- *)
- echo "Usage: $0 {start|stop|restart|try-restart|force-reload|status|force-stop|force-reload-kmod|load-kmod}" >&2
- exit 1
- ;;
-esac
-
-exit 0
|
[-]
[+]
|
Deleted |
openvswitch-switch.template
^
|
@@ -1,10 +0,0 @@
-# This is a POSIX shell fragment -*- sh -*-
-
-OVS_CTL_OPTS='--delete-bridges'
-
-# FORCE_COREFILES: If 'yes' then core files will be enabled.
-# FORCE_COREFILES=yes
-
-# BRCOMPAT: If 'yes' and the openvswitch-brcompat package is installed, then
-# Linux bridge compatibility will be enabled.
-# BRCOMPAT=no
|
[-]
[+]
|
Deleted |
openvswitch-vtep.init
^
|
@@ -1,78 +0,0 @@
-#!/bin/sh
-
-### BEGIN INIT INFO
-# Provides: openvswitch-vtep
-# Required-Start: $network $named $remote_fs $syslog
-# Required-Stop: $remote_fs
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: Open vSwitch VTEP emulator
-# Description: Initializes the Open vSwitch VTEP emulator
-### END INIT INFO
-
-
-# Include defaults if available
-default=/etc/default/openvswitch-vtep
-if [ -f $default ] ; then
- . $default
-fi
-
-start () {
- if [ "$ENABLE_OVS_VTEP" = "false" ]; then
- exit 0
- fi
-
- update-rc.d -f openvswitch-switch remove >/dev/null 2>&1
- /etc/init.d/openvswitch-switch stop
-
- mkdir -p "/var/run/openvswitch"
-
- if [ ! -e "/etc/openvswitch/conf.db" ]; then
- ovsdb-tool create /etc/openvswitch/conf.db /usr/share/openvswitch/vswitch.ovsschema
- fi
-
- if [ ! -e "/etc/openvswitch/vtep.db" ]; then
- ovsdb-tool create /etc/openvswitch/vtep.db /usr/share/openvswitch/vtep.ovsschema
- fi
-
- if [ ! -e "/etc/openvswitch/ovsclient-cert.pem" ]; then
- export RANDFILE="/root/.rnd"
- cd /etc/openvswitch && ovs-pki req ovsclient && ovs-pki self-sign ovsclient
- fi
-
- ovsdb-server --pidfile --detach --log-file --remote \
- punix:/var/run/openvswitch/db.sock \
- --remote=db:hardware_vtep,Global,managers \
- --private-key=/etc/openvswitch/ovsclient-privkey.pem \
- --certificate=/etc/openvswitch/ovsclient-cert.pem \
- --bootstrap-ca-cert=/etc/openvswitch/vswitchd.cacert \
- /etc/openvswitch/conf.db /etc/openvswitch/vtep.db
-
- modprobe openvswitch
-
- ovs-vswitchd --pidfile --detach --log-file \
- unix:/var/run/openvswitch/db.sock
-}
-
-stop () {
- /etc/init.d/openvswitch-switch stop
-}
-
-case $1 in
- start)
- start
- ;;
- stop)
- stop
- ;;
- restart|force-reload)
- stop
- start
- ;;
- *)
- echo "Usage: $0 {start|stop|restart|force-reload}" >&2
- exit 1
- ;;
-esac
-
-exit 0
|
[-]
[+]
|
Changed |
openvswitch.service
^
|
@@ -1,12 +1,14 @@
[Unit]
Description=Open vSwitch
-After=syslog.target
+After=network-pre.target
Before=network.service
[Service]
Type=oneshot
-ExecStart=/etc/init.d/openvswitch-switch start
-ExecStop=/etc/init.d/openvswitch-switch stop
+EnvironmentFile=-/etc/sysconfig/openvswitch
+ExecStart=/usr/share/openvswitch/scripts/ovs-ctl start \
+ --system-id=random $OPTIONS
+ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop
RemainAfterExit=yes
[Install]
|
[-]
[+]
|
Added |
ovs-monitor-ipsec
^
|
@@ -0,0 +1,687 @@
+#!/usr/bin/python
+# Copyright (c) 2009-2015 Nicira, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# A daemon to monitor attempts to create GRE-over-IPsec tunnels.
+# Uses racoon and setkey to support the configuration. Assumes that
+# OVS has complete control over IPsec configuration for the box.
+
+
+import argparse
+import glob
+import os
+import re
+import subprocess
+import sys
+from string import Template
+
+from ovs.db import error
+from ovs.db import types
+import ovs.daemon
+import ovs.db.idl
+import ovs.dirs
+import ovs.unixctl
+import ovs.unixctl.server
+import ovs.util
+import ovs.vlog
+
+
+FILE_HEADER = "# Generated by ovs-monitor-ipsec...do not modify by hand!\n\n"
+
+vlog = ovs.vlog.Vlog("ovs-monitor-ipsec")
+exiting = False
+keyer = None
+xfrm = None
+
+
+def unixctl_xfrm_policies(conn, unused_argv, unused_aux):
+ global xfrm
+ policies = xfrm.get_policies()
+ conn.reply(str(policies))
+
+def unixctl_xfrm_state(conn, unused_argv, unused_aux):
+ global xfrm
+ securities = xfrm.get_securities()
+ conn.reply(str(securities))
+
+def unixctl_ipsec_status(conn, unused_argv, unused_aux):
+ global keyer
+ conns = keyer._get_strongswan_conns()
+ conn.reply(str(conns))
+
+def unixctl_show(conn, unused_argv, unused_aux):
+ global keyer
+ global xfrm
+ policies = xfrm.get_policies()
+ securities = xfrm.get_securities()
+ keyer.show(conn, policies, securities)
+
+def unixctl_exit(conn, unused_argv, unused_aux):
+ global exiting
+ exiting = True
+ conn.reply(None)
+
+
+class XFRM(object):
+ """This class is a simple wrapper around ip-xfrm (8) command line
+ utility. For now we are using this class only so that ovs-monitor-ipsec
+ could verify that IKE keying daemon has installed IPsec policies and
+ security associations into kernel."""
+
+ def __init__(self, ip_root_prefix):
+ self.IP = ip_root_prefix + "/sbin/ip"
+
+ def get_policies(self):
+ """This function returns IPsec policies (from kernel) in a dictionary
+ where <key> is destination IPv4 address and <value> is SELECTOR of
+ the IPsec policy."""
+ policies = {}
+ proc = subprocess.Popen([self.IP, 'xfrm', 'policy'],
+ stdout=subprocess.PIPE)
+ while True:
+ line = proc.stdout.readline().strip()
+ if line == '':
+ break
+ a = line.split(" ")
+ if len(a) >= 4 and a[0] == "src" and a[2] == "dst":
+ dst = (a[3].split("/"))[0]
+ if not dst in policies:
+ policies[dst] = []
+ policies[dst].append(line)
+ src = (a[3].split("/"))[0]
+ if not src in policies:
+ policies[src] = []
+ policies[src].append(line)
+ return policies
+
+ def get_securities(self):
+ """This function returns IPsec security associations (from kernel)
+ in a dictionary where <key> is destination IPv4 address and <value>
+ is SELECTOR."""
+ securities = {}
+ proc = subprocess.Popen([self.IP, 'xfrm', 'state'],
+ stdout=subprocess.PIPE)
+ while True:
+ line = proc.stdout.readline().strip()
+ if line == '':
+ break
+ a = line.split(" ")
+ if len(a) >= 4 and a[0] == "sel" and a[1] == "src" and a[3] == "dst":
+ remote_ip = a[4].rstrip().split("/")[0]
+ local_ip = a[2].rstrip().split("/")[0]
+ if not remote_ip in securities:
+ securities[remote_ip] = []
+ securities[remote_ip].append(line)
+ if not local_ip in securities:
+ securities[local_ip] = []
+ securities[local_ip].append(line)
+ return securities
+
+
+class StrongSwanTunnel(object):
+ """This class represents IPsec tunnel in strongSwan"""
+
+ transp_tmpl = {"ipsec_gre" : Template("""\
+conn $ifname-$version
+$auth_section
+ leftsubnet=%dynamic[gre]
+ rightsubnet=%dynamic[gre]
+
+"""), "ipsec_gre64" : Template("""\
+conn $ifname-$version
+$auth_section
+ leftsubnet=%dynamic[gre]
+ rightsubnet=%dynamic[gre]
+
+"""), "ipsec_geneve" : Template("""\
+conn $ifname-in-$version
+$auth_section
+ rightsubnet=%dynamic[udp/%any]
+ leftsubnet=%dynamic[udp/6081]
+
+conn $ifname-out-$version
+$auth_section
+ rightsubnet=%dynamic[udp/6081]
+ leftsubnet=%dynamic[udp/%any]
+
+"""), "ipsec_stt" : Template("""\
+conn $ifname-in-$version
+$auth_section
+ rightsubnet=%dynamic[tcp/%any]
+ leftsubnet=%dynamic[tcp/7471]
+
+conn $ifname-out-$version
+$auth_section
+ rightsubnet=%dynamic[tcp/7471]
+ leftsubnet=%dynamic[tcp/%any]
+
+"""), "ipsec_vxlan" : Template("""\
+conn $ifname-in-$version
+$auth_section
+ rightsubnet=%dynamic[udp/%any]
+ leftsubnet=%dynamic[udp/4789]
+
+conn $ifname-out-$version
+$auth_section
+ rightsubnet=%dynamic[udp/4789]
+ leftsubnet=%dynamic[udp/%any]
+
+""")}
+
+ auth_tmpl = {"psk" : Template("""\
+ left=$local_ip
+ right=$remote_ip
+ authby=psk"""),
+ "rsa" : Template("""\
+ left=$local_ip
+ right=$remote_ip
+ rightcert=ovs-$remote_ip.pem
+ leftcert=$certificate""")}
+
+ unixctl_config_tmpl = Template("""\
+ Remote IP: $remote_ip
+ Tunnel Type: $tunnel_type
+ Local IP: $local_ip
+ Use SSL cert: $use_ssl_cert
+ My cert: $certificate
+ My key: $private_key
|
[-]
[+]
|
Added |
pre_checkin.sh
^
|
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# Start fresh
+for f in spec changes; do
+ cp openvswitch.$f openvswitch-dpdk.$f || exit 1
+done
+
+#
+#- Add comment about generated file
+#- Fix {,sub-}package name, description, summary
+#- Enable the dpdk conditional build
+sed -i -e "/^Name:.*openvswitch$/i \
+# Do NOT edit this auto generated file! Edit openvswitch.spec instead\n\
+# and run 'pre_checkin.sh' before committing" \
+-e "/^#\s*spec file/s/openvswitch$/&-dpdk/" \
+-e "/^Name:/s/openvswitch/&-dpdk/g" \
+-e "/^Summary:/s/^.*$/&\ \(DPDK\)/g" \
+-e "/^%bcond_with\s*dpdk/s/with/&out/" \
+openvswitch-dpdk.spec || exit 1
|