Changes - SailfishOS Open Build Service

Changes of Revision 2

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

[-] [+]	Added	openvswitch-dpdk.changes
@@ -0,0 +1,931 @@ +------------------------------------------------------------------- +Wed Sep 28 08:06:43 UTC 2016 - mchandras@suse.de + +- New upstream bugfix release 2.5.1 (bsc#1001657) + * DPDK: + - New appctl command 'dpif-netdev/pmd-rxq-show' to check the port/rxq + assignment. + - Type of log messages from PMD threads changed from INFO to DBG. + * ovs-pki: Changed message digest algorithm from SHA-1 to SHA-512 because + SHA-1 is no longer secure and some operating systems have started to + disable it in OpenSSL. + * Bug fixes + +------------------------------------------------------------------- +Tue Sep 6 10:11:49 UTC 2016 - mchandras@suse.de + +- Add new DPDK_OPTIONS environment variable to hold the dpdk + vswitchd options so that the systemd unit files can be used to + launch an ovs-vswitcd DPDK capable instance instead of doing + it manually. (bsc#987265) + * 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch + +------------------------------------------------------------------- +Sun Aug 14 11:05:59 CEST 2016 - ro@suse.de + +- enable openvswitch-dpdk on aarch64 since dpdk + builds on aarch64 now + +------------------------------------------------------------------- +Sun Aug 7 21:11:51 CEST 2016 - ro@suse.de + +- remove aarch from openvswitch-dpdk until we have a dpdk + that builds for aarch64 + +------------------------------------------------------------------- +Tue Jul 12 10:41:14 UTC 2016 - mchandras@suse.de + +- Add missing licenses (bsc#988513) +- Misc spec file cleanups highlighted by the spec-cleaner tool. +- Allow aarch64 builds for openvswitch-dpdk + +------------------------------------------------------------------- +Mon Jul 4 12:08:06 UTC 2016 - mchandras@suse.de + +- Allow the OvS daemon to run as non-root (bsc#987545) +- Add missing 'Conflicts' statements to all the subpackages as + required by the Factory review tools. + +------------------------------------------------------------------- +Wed Jun 29 15:17:07 UTC 2016 - mchandras@suse.de + +- Remove the ?_with_dpdk macro usage since this is not being set + without explicitly passing --with/--without during an OBS build. + This reverts back to using the %{with dpdk} style which is set + automatically based on %bcond_with* macros (bsc#989335). + +------------------------------------------------------------------- +Tue Jun 28 13:21:12 UTC 2016 - mchandras@suse.de + +- Fix subpackage dependencies to not require the non-existent python + DPDK subpackages (bsc#986835). We do not provide DPDK versions of + the python bindings so nothing should depend on these subpackages. + +------------------------------------------------------------------- +Wed Jun 22 15:07:01 UTC 2016 - jengelh@inai.de + +- Update rpm groups, acronym forms. + +------------------------------------------------------------------- +Tue Jun 21 14:10:15 UTC 2016 - mchandras@suse.de + +- Multiple fixes for the openvswitch-dpdk package (bsc#985878) + * Rename main package name to openvswitch-dpdk + * Do not build the python and kmp packages since they do not + depend on the DPDK capabilities + * Remove the open_virtual_switch capability. The + openvswitch-common will be used by reverse dependencies to + require either of the OvS packages. + * Provide virtual capabilities for all DPDK subpackages. + * Fix the dependencies in the python package to require either + of the OvS packages. + * Suggest the kmp package only if it's actually provided. + * Small cleanups. + +------------------------------------------------------------------- +Fri May 27 13:49:15 UTC 2016 - mchandras@suse.de + +- Add %check directive to run the openvswitch testsuite on demand. + The openvswitch contains hundreds of tests covering simple and + complex openvswitch configuration so it's beneficial to run them + during package builds. However, running the testsuite is not enabled + by default. Also add the following upstream patch: + * 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch + +------------------------------------------------------------------- +Thu May 26 15:40:04 UTC 2016 - mchandras@suse.de + +- Build a DPDK-enabled Open vSwitch (fate#319170) + * Apply the following changes to the openvswitch.spec file + - Add support for building with DPDK capabilities + - Add conflicts between the two packages. + - Add new 'open_virtual_switch-' capabilities for openvswitch, + openvswitch-switch, openvswitch-test packages which can be used + by reverse dependencies to select between the two openvswitch + implementations. + Add pre_checkin.sh to generate the openvswitch_dpdk.spec file + based on the openvswitch.spec one. + * Add upstream openvswitch-2.5.0-detect-dpdk-installation.patch + patch to detect and link against a DPDK installation. + +------------------------------------------------------------------- +Mon May 23 18:33:13 UTC 2016 - jengelh@inai.de + +- Keep %prep small for speedier `quilt setup`. Kill __DATE__ from + source. Drop all .la files that are in %_libdir. + +------------------------------------------------------------------- +Fri May 20 09:54:16 UTC 2016 - mchandras@suse.de + +- Add missing %dir directive for /var/log/openvswitch + +------------------------------------------------------------------- +Thu May 19 10:13:41 UTC 2016 - dmueller@suse.com + +- remove aarch64 conditional, no longer needed + +------------------------------------------------------------------- +Thu May 5 09:00:26 UTC 2016 - mchandras@suse.de + +- Multiple spec file and package fixes. + * Drop obsolete log-check-module-loop.patch patch. + * Drop conditional code for older openSUSE releases. This also removes + all of the sysvinit files which were pulled in when the package was + originally developed. + * Drop support for building the GUI. The GUI code has been removed in + 7868fbc6c97c2 ("ovsdbmonitor: Remove.") upstream commit and it does + not exist since v2.2.0 so drop the code in the spec file. + * Use the upstream systemd service files for the OVN components instead + of maintaining our own downstream. + * Drop the unofficial ipsec support. It hasn't been enabled in years. + * Drop support for building the upstream kernel module since it's being + shipped with the kernel package in latest releases. Restore the + %bcond_with kmp to make it easier to build the external kernel module + if needed. + * Fix some suse-missing-rclink rpmlint warnings for the ovn subpackage + * Base our service unit to the upstream one. + * Stop silently enabling the GRE protocol in iptables by default. + * Install the upstream sysconfig file to pass more information to the + openvswitch service unit. + * Use make install instead of %makeinstall + * Drop brcompat leftovers. + * spec-cleaner fixes + +------------------------------------------------------------------- +Fri Apr 1 10:39:26 UTC 2016 - dmueller@suse.com + +- address dimstars concerns + +------------------------------------------------------------------- +Tue Mar 22 18:06:40 UTC 2016 - mchandras@suse.de + +- Prevent systemd from autogenerating a service file for + openvswitch-switch which conflicts with the opevswitch + one. (bsc#966762) + +------------------------------------------------------------------- +Fri Mar 18 10:20:02 UTC 2016 - kmroz@suse.com + +- Add missing %defattr to ovn files section. + +------------------------------------------------------------------- +Tue Mar 8 13:16:03 UTC 2016 - kmroz@suse.com + +- Add additional install requirements for python-openvswitch-test + package. + +------------------------------------------------------------------- +Fri Mar 4 14:38:16 UTC 2016 - kmroz@suse.com + +- Add support for building both 2.4.0 and 2.5.0 from the same spec + file. Needed to fix SLE11 builds as OVS-2.5.0 no longer supports + python < 2.7. SLE11 SP3 and SP4 use python 2.6. +- Added: openvswitch-2.4.0.tar.gz + +------------------------------------------------------------------- +Thu Mar 3 13:47:04 UTC 2016 - kmroz@suse.com + +- New upstream version 2.5.0 (LTS) + - Dropped support for Python older than version 2.7. As a consequence, + using Open vSwitch 2.5 or later on XenServer 6.5 or earlier (which + have Python 2.4) requires first installing Python 2.7. + - OpenFlow: + * Group chaining (where one OpenFlow group triggers another) is + now supported. + * OpenFlow 1.4+ "importance" is now considered for flow eviction. + * OpenFlow 1.4+ OFPTC_EVICTION is now implemented. + * OpenFlow 1.4+ OFPTC_VACANCY_EVENTS is now implemented. + * OpenFlow 1.4+ OFPMP_TABLE_DESC is now implemented. + * Allow modifying the ICMPv4/ICMPv6 type and code fields.
[-] [+]	Changed	openvswitch.changes ^
@@ -1,4 +1,394 @@ ------------------------------------------------------------------- +Wed Sep 28 08:06:43 UTC 2016 - mchandras@suse.de + +- New upstream bugfix release 2.5.1 (bsc#1001657) + * DPDK: + - New appctl command 'dpif-netdev/pmd-rxq-show' to check the port/rxq + assignment. + - Type of log messages from PMD threads changed from INFO to DBG. + * ovs-pki: Changed message digest algorithm from SHA-1 to SHA-512 because + SHA-1 is no longer secure and some operating systems have started to + disable it in OpenSSL. + * Bug fixes + +------------------------------------------------------------------- +Tue Sep 6 10:11:49 UTC 2016 - mchandras@suse.de + +- Add new DPDK_OPTIONS environment variable to hold the dpdk + vswitchd options so that the systemd unit files can be used to + launch an ovs-vswitcd DPDK capable instance instead of doing + it manually. (bsc#987265) + * 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch + +------------------------------------------------------------------- +Sun Aug 14 11:05:59 CEST 2016 - ro@suse.de + +- enable openvswitch-dpdk on aarch64 since dpdk + builds on aarch64 now + +------------------------------------------------------------------- +Sun Aug 7 21:11:51 CEST 2016 - ro@suse.de + +- remove aarch from openvswitch-dpdk until we have a dpdk + that builds for aarch64 + +------------------------------------------------------------------- +Tue Jul 12 10:41:14 UTC 2016 - mchandras@suse.de + +- Add missing licenses (bsc#988513) +- Misc spec file cleanups highlighted by the spec-cleaner tool. +- Allow aarch64 builds for openvswitch-dpdk + +------------------------------------------------------------------- +Mon Jul 4 12:08:06 UTC 2016 - mchandras@suse.de + +- Allow the OvS daemon to run as non-root (bsc#987545) +- Add missing 'Conflicts' statements to all the subpackages as + required by the Factory review tools. + +------------------------------------------------------------------- +Wed Jun 29 15:17:07 UTC 2016 - mchandras@suse.de + +- Remove the ?_with_dpdk macro usage since this is not being set + without explicitly passing --with/--without during an OBS build. + This reverts back to using the %{with dpdk} style which is set + automatically based on %bcond_with* macros (bsc#989335). + +------------------------------------------------------------------- +Tue Jun 28 13:21:12 UTC 2016 - mchandras@suse.de + +- Fix subpackage dependencies to not require the non-existent python + DPDK subpackages (bsc#986835). We do not provide DPDK versions of + the python bindings so nothing should depend on these subpackages. + +------------------------------------------------------------------- +Wed Jun 22 15:07:01 UTC 2016 - jengelh@inai.de + +- Update rpm groups, acronym forms. + +------------------------------------------------------------------- +Tue Jun 21 14:10:15 UTC 2016 - mchandras@suse.de + +- Multiple fixes for the openvswitch-dpdk package (bsc#985878) + * Rename main package name to openvswitch-dpdk + * Do not build the python and kmp packages since they do not + depend on the DPDK capabilities + * Remove the open_virtual_switch capability. The + openvswitch-common will be used by reverse dependencies to + require either of the OvS packages. + * Provide virtual capabilities for all DPDK subpackages. + * Fix the dependencies in the python package to require either + of the OvS packages. + * Suggest the kmp package only if it's actually provided. + * Small cleanups. + +------------------------------------------------------------------- +Fri May 27 13:49:15 UTC 2016 - mchandras@suse.de + +- Add %check directive to run the openvswitch testsuite on demand. + The openvswitch contains hundreds of tests covering simple and + complex openvswitch configuration so it's beneficial to run them + during package builds. However, running the testsuite is not enabled + by default. Also add the following upstream patch: + * 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch + +------------------------------------------------------------------- +Thu May 26 15:40:04 UTC 2016 - mchandras@suse.de + +- Build a DPDK-enabled Open vSwitch (fate#319170) + * Apply the following changes to the openvswitch.spec file + - Add support for building with DPDK capabilities + - Add conflicts between the two packages. + - Add new 'open_virtual_switch-' capabilities for openvswitch, + openvswitch-switch, openvswitch-test packages which can be used + by reverse dependencies to select between the two openvswitch + implementations. + Add pre_checkin.sh to generate the openvswitch_dpdk.spec file + based on the openvswitch.spec one. + * Add upstream openvswitch-2.5.0-detect-dpdk-installation.patch + patch to detect and link against a DPDK installation. + +------------------------------------------------------------------- +Mon May 23 18:33:13 UTC 2016 - jengelh@inai.de + +- Keep %prep small for speedier `quilt setup`. Kill __DATE__ from + source. Drop all .la files that are in %_libdir. + +------------------------------------------------------------------- +Fri May 20 09:54:16 UTC 2016 - mchandras@suse.de + +- Add missing %dir directive for /var/log/openvswitch + +------------------------------------------------------------------- +Thu May 19 10:13:41 UTC 2016 - dmueller@suse.com + +- remove aarch64 conditional, no longer needed + +------------------------------------------------------------------- +Thu May 5 09:00:26 UTC 2016 - mchandras@suse.de + +- Multiple spec file and package fixes. + * Drop obsolete log-check-module-loop.patch patch. + * Drop conditional code for older openSUSE releases. This also removes + all of the sysvinit files which were pulled in when the package was + originally developed. + * Drop support for building the GUI. The GUI code has been removed in + 7868fbc6c97c2 ("ovsdbmonitor: Remove.") upstream commit and it does + not exist since v2.2.0 so drop the code in the spec file. + * Use the upstream systemd service files for the OVN components instead + of maintaining our own downstream. + * Drop the unofficial ipsec support. It hasn't been enabled in years. + * Drop support for building the upstream kernel module since it's being + shipped with the kernel package in latest releases. Restore the + %bcond_with kmp to make it easier to build the external kernel module + if needed. + * Fix some suse-missing-rclink rpmlint warnings for the ovn subpackage + * Base our service unit to the upstream one. + * Stop silently enabling the GRE protocol in iptables by default. + * Install the upstream sysconfig file to pass more information to the + openvswitch service unit. + * Use make install instead of %makeinstall + * Drop brcompat leftovers. + * spec-cleaner fixes + +------------------------------------------------------------------- +Fri Apr 1 10:39:26 UTC 2016 - dmueller@suse.com + +- address dimstars concerns + +------------------------------------------------------------------- +Tue Mar 22 18:06:40 UTC 2016 - mchandras@suse.de + +- Prevent systemd from autogenerating a service file for + openvswitch-switch which conflicts with the opevswitch + one. (bsc#966762) + +------------------------------------------------------------------- +Fri Mar 18 10:20:02 UTC 2016 - kmroz@suse.com + +- Add missing %defattr to ovn files section. + +------------------------------------------------------------------- +Tue Mar 8 13:16:03 UTC 2016 - kmroz@suse.com + +- Add additional install requirements for python-openvswitch-test + package. + +------------------------------------------------------------------- +Fri Mar 4 14:38:16 UTC 2016 - kmroz@suse.com + +- Add support for building both 2.4.0 and 2.5.0 from the same spec + file. Needed to fix SLE11 builds as OVS-2.5.0 no longer supports + python < 2.7. SLE11 SP3 and SP4 use python 2.6. +- Added: openvswitch-2.4.0.tar.gz + +------------------------------------------------------------------- +Thu Mar 3 13:47:04 UTC 2016 - kmroz@suse.com + +- New upstream version 2.5.0 (LTS) + - Dropped support for Python older than version 2.7. As a consequence, + using Open vSwitch 2.5 or later on XenServer 6.5 or earlier (which + have Python 2.4) requires first installing Python 2.7. + - OpenFlow: + * Group chaining (where one OpenFlow group triggers another) is + now supported. + * OpenFlow 1.4+ "importance" is now considered for flow eviction. + * OpenFlow 1.4+ OFPTC_EVICTION is now implemented. + * OpenFlow 1.4+ OFPTC_VACANCY_EVENTS is now implemented. + * OpenFlow 1.4+ OFPMP_TABLE_DESC is now implemented. + * Allow modifying the ICMPv4/ICMPv6 type and code fields.
[-] [+]	Added	openvswitch-dpdk.spec ^
@@ -0,0 +1,561 @@ +# +# spec file for package openvswitch-dpdk +# +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# +# needssslcertforbuild + + +# Disable building the external kernel datapath by default +%bcond_with kmp +# DPDK build disabled by default. It's enabled in the +# openvswitch-dpdk.spec file (generated by pre_checkin.sh) +%bcond_without dpdk +# The testsuite is somewhat fragile for continuous testing in OBS +# but keep it here as an option +%bcond_with check +# Do NOT edit this auto generated file! Edit openvswitch.spec instead +# and run 'pre_checkin.sh' before committing +Name: openvswitch-dpdk +Version: 2.5.1 +Release: 0 +Summary: An open source, production quality, multilayer virtual switch (DPDK) +# All code is Apache-2.0 except +# - lib/sflow* which is SISSL +# - utilities/bugtool which is LGPL-2.1 +License: Apache-2.0 and LGPL-2.1 and SISSL +Group: Productivity/Networking/System +Url: http://openvswitch.org/ +Source0: http://openvswitch.org/releases/openvswitch-%{version}.tar.gz +Source1: preamble +Source2: openvswitch-switch.logrotate +Source3: openvswitch.service +Source89: Module.supported.updates +# PATCH-FIX-UPSTREAM: openvswitch-2.5.0-detect-dpdk-installation.patch (fate#319170) +Patch0: openvswitch-2.5.0-detect-dpdk-installation.patch +# PATCH-FIX-UPSTREAM: 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch +Patch1: 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch +# PATCH-FIX-SUSE: 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch (bsc#987265) +Patch2: 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gcc +BuildRequires: glibc-devel +BuildRequires: graphviz +BuildRequires: libcap-ng-devel +BuildRequires: libtool +BuildRequires: make +BuildRequires: openssl +BuildRequires: perl +BuildRequires: pkgconfig +# Needed by the testsuite +BuildRequires: procps +BuildRequires: python-devel +BuildRequires: python-xml +BuildRequires: valgrind-devel +BuildRequires: pkgconfig(openssl) +Requires: logrotate +Requires: python +Provides: openvswitch-common = %{version} +Obsoletes: openvswitch-common < %{version} +Provides: openvswitch-controller = %{version} +Obsoletes: openvswitch-controller < %{version} +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%py_requires +%if %{with dpdk} +# We need to be a bit strict with the dpdk version since +# it's very possible for DPDK to change it's API between +# releases. OVS currently requires 2.2.0. We may have to +# provide multiple versions of dpdk if OVS and DPDK get +# out of sync too often. +BuildRequires: dpdk-devel = 2.2.0 +# We can't have openvswitch and openvswitch-dpdk in parallel +Conflicts: openvswitch +ExclusiveArch: aarch64 x86_64 %{ix86} +%endif + +%description +Open vSwitch is a production quality, multilayer virtual switch licensed under +the open source Apache 2.0 license. It is designed to enable massive network automation +through programmatic extension, while still supporting standard management interfaces +and protocols (e.g. NetFlow, sFlow, RSPAN, ERSPAN, CLI, LACP, 802.1ag). In addition, +it is designed to support distribution across multiple physical servers similar to +VMware’s vNetwork distributed vswitch or Cisco’s Nexus 1000V. + +%if ! %{with dpdk} +%if %{with kmp} +%package kmp +Summary: Open vSwitch kernel modules (DPDK) +License: GPL-2.0+ +Group: System/Kernel +BuildRequires: %{kernel_module_package_buildreqs} +%suse_kernel_module_package -p %{_sourcedir}/preamble ec2 xenpae vmi um + +%description kmp +Kernel modules supporting the openvswitch datapath. +%endif +%endif + +%package devel +Summary: Open vSwitch Devel Libraries (DPDK) +License: Apache-2.0 +Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} +Provides: openvswitch-any-devel = %{version} +%if %{with dpdk} +Conflicts: openvswitch-devel +%endif + +%description devel +Devel libraries and headers for Open vSwitch. + +%package switch +Summary: Open vSwitch switch implementations (DPDK) +License: Apache-2.0 +Group: Productivity/Networking/System +Requires: %{name} = %{version} +Requires: modutils +Requires: procps +Requires: python +# ovs-ctl / ovs-pki use /usr/bin/uuidgen: +Requires: util-linux +Requires(post): %fillup_prereq +Suggests: logrotate +Provides: openvswitch-any-switch = %{version} +%{?systemd_requires} +%if %{with dpdk} +Conflicts: openvswitch-switch +%endif +%if %{with kmp} +Suggests: openvswitch-kmp +%endif + +%description switch +openvswitch-switch provides the userspace components and utilities for +the Open vSwitch kernel-based switch. + +Open vSwitch is a full-featured software-based Ethernet switch. + +%package ovn +Summary: Open vSwitch - Open Virtual Network support (DPDK) +License: Apache-2.0 +Group: Productivity/Networking/System +Requires: %{name} = %{version} +Requires: %{name}-switch = %{version} +Requires: %{name}-vtep = %{version} +Provides: openvswitch-any-ovn = %{version} +%if %{with dpdk} +Conflicts: openvswitch-ovn +%endif + +%description ovn +OVN, the Open Virtual Network, is a system to support virtual network +abstraction. OVN complements the existing capabilities of OVS to add +native support for virtual network abstractions, such as virtual L2 and L3 +overlays and security groups. + +%package pki +Summary: Open vSwitch public key infrastructure dependency package (DPDK) +License: Apache-2.0 +Group: Productivity/Networking/System +Requires: %{name} = %{version} +Provides: openvswitch-any-pki = %{version} +%if %{with dpdk} +Conflicts: openvswitch-pki +%endif + +%description pki +openvswitch-pki provides PKI (public key infrastructure) support for +Open vSwitch switches and controllers, reducing the risk of +man-in-the-middle attacks on the Open vSwitch network infrastructure. + +Open vSwitch is a full-featured software-based Ethernet switch. + +%package vtep +Summary: Open vSwitch VTEP emulator (DPDK) +License: Apache-2.0 +Group: Productivity/Networking/System +Requires: %{name} = %{version} +Requires: %{name}-switch = %{version} +# Since openvswitch/scripts/ovs-vtep requires various ovs python modules. +Requires: python-openvswitch = %{version} +Provides: openvswitch-any-vtep = %{version} +%if %{with dpdk} +Conflicts: openvswitch-vtep +%endif + +%description vtep
[-] [+]	Changed	openvswitch.spec ^
@@ -1,7 +1,7 @@ # # spec file for package openvswitch # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -14,57 +14,62 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - - # needssslcertforbuild # IpSec build disabled temporarily (need to upgrade ipsec-tools): %define with_ipsec 1 -%define with_kmp 1 -%define with_kernel_kmp 1 -# Disable GUI building by default (heavy Qt4 dependencies): -%bcond_with gui +# Disable building the external kernel datapath by default +%bcond_with kmp +# DPDK build disabled by default. It's enabled in the +# openvswitch-dpdk.spec file (generated by pre_checkin.sh) +%bcond_with dpdk +# The testsuite is somewhat fragile for continuous testing in OBS +# but keep it here as an option +%bcond_with check Name: openvswitch -Version: 2.3.3 +Version: 2.5.1 Release: 0 Summary: An open source, production quality, multilayer virtual switch -License: Apache-2.0 +# All code is Apache-2.0 except +# - lib/sflow* which is SISSL +# - utilities/bugtool which is LGPL-2.1 +License: Apache-2.0 and LGPL-2.1 and SISSL Group: Productivity/Networking/System -Url: http://openswitch.org/ -Source0: http://openvswitch.org/releases/%{name}-%{version}.tar.gz +Url: http://openvswitch.org/ +Source0: http://openvswitch.org/releases/openvswitch-%{version}.tar.gz Source1: preamble -Source2: openvswitch-switch.init -Source3: openvswitch-switch.template -Source4: openvswitch-switch.logrotate -Source5: openvswitch-vtep.init +Source2: openvswitch-switch.logrotate +Source3: openvswitch.service Source6: openvswitch-ipsec.init -Source7: openvswitch.service Source8: openvswitch-ipsec.service -Source10: Module.supported -Source11: Module.supported.updates -Source99: README.packager -Patch2: log-check-module-loop.patch -Patch3: ovs-monitor-ipsec.patch +Source12: ovs-monitor-ipsec +Source89: Module.supported.updates +# PATCH-FIX-UPSTREAM: openvswitch-2.5.0-detect-dpdk-installation.patch (fate#319170) +Patch0: openvswitch-2.5.0-detect-dpdk-installation.patch +# PATCH-FIX-UPSTREAM: 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch +Patch1: 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch +# PATCH-FIX-SUSE: 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch (bsc#987265) +Patch2: 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes BuildRequires: gcc BuildRequires: glibc-devel BuildRequires: graphviz -BuildRequires: libopenssl-devel +BuildRequires: libcap-ng-devel BuildRequires: libtool BuildRequires: make BuildRequires: openssl BuildRequires: perl -BuildRequires: pkg-config +BuildRequires: pkgconfig +# Needed by the testsuite +BuildRequires: procps BuildRequires: python-devel BuildRequires: python-xml -%ifnarch aarch64 BuildRequires: valgrind-devel -%endif +BuildRequires: pkgconfig(openssl) Requires: logrotate -Requires: openssl Requires: python Provides: openvswitch-common = %{version} Obsoletes: openvswitch-common < %{version} @@ -72,6 +77,17 @@ Obsoletes: openvswitch-controller < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %py_requires +%if %{with dpdk} +# We need to be a bit strict with the dpdk version since +# it's very possible for DPDK to change it's API between +# releases. OVS currently requires 2.2.0. We may have to +# provide multiple versions of dpdk if OVS and DPDK get +# out of sync too often. +BuildRequires: dpdk-devel = 2.2.0 +# We can't have openvswitch and openvswitch-dpdk in parallel +Conflicts: openvswitch +ExclusiveArch: aarch64 x86_64 %{ix86} +%endif %description Open vSwitch is a production quality, multilayer virtual switch licensed under @@ -81,31 +97,32 @@ it is designed to support distribution across multiple physical servers similar to VMware’s vNetwork distributed vswitch or Cisco’s Nexus 1000V. +%if ! %{with dpdk} %if %{with kmp} - %package kmp Summary: Open vSwitch kernel modules License: GPL-2.0+ Group: System/Kernel -BuildRequires: %kernel_module_package_buildreqs -%if %{with kernel_kmp} -BuildRequires: kernel-source -%endif -%suse_kernel_module_package -p %_sourcedir/preamble ec2 xenpae vmi um +BuildRequires: %{kernel_module_package_buildreqs} +%suse_kernel_module_package -p %{_sourcedir}/preamble ec2 xenpae vmi um -%description -n %{name}-kmp +%description kmp Kernel modules supporting the openvswitch datapath. %endif +%endif %package devel Summary: Open vSwitch Devel Libraries License: Apache-2.0 -Group: Productivity/Networking/System +Group: Development/Libraries/C and C++ Requires: %{name} = %{version} +Provides: openvswitch-any-devel = %{version} +%if %{with dpdk} +Conflicts: openvswitch-devel +%endif -%description devel -Devel files for Open vSwitch. - +%description devel +Devel libraries and headers for Open vSwitch. %if %{with ipsec} %package ipsec @@ -114,11 +131,10 @@ Group: Productivity/Networking/System Requires: %{name} = %{version} Requires: %{name}-switch = %{version} -Requires: ipsec-tools >= 0.8 +Requires: strongswan-ipsec >= 5.1 Requires: python Requires: python-argparse Requires: python-openvswitch = %{version} -Requires: racoon >= 0.8 %description ipsec The ovs-monitor-ipsec script provides support for encrypting GRE @@ -131,18 +147,21 @@ Summary: Open vSwitch switch implementations License: Apache-2.0 Group: Productivity/Networking/System -Requires(pre): %fillup_prereq -Requires(pre): %insserv_prereq +Requires: %{name} = %{version} Requires: modutils -Requires: openvswitch = %{version} Requires: procps Requires: python # ovs-ctl / ovs-pki use /usr/bin/uuidgen: Requires: util-linux -Suggests: openvswitch-kmp +Requires(post): %fillup_prereq Suggests: logrotate -%if 0%{?suse_version} > 1230 +Provides: openvswitch-any-switch = %{version} %{?systemd_requires} +%if %{with dpdk} +Conflicts: openvswitch-switch +%endif +%if %{with kmp} +Suggests: openvswitch-kmp %endif %description switch @@ -151,11 +170,33 @@
[-] [+]	Added	0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch ^
@@ -0,0 +1,60 @@ +From fb496f92ca1eeead8760b5cdfd857165f64deadf Mon Sep 17 00:00:00 2001 +From: Numan Siddique <nusiddiq@redhat.com> +Date: Mon, 21 Dec 2015 12:31:14 +0530 +Subject: [PATCH] Remove broken pipe warning logs from ovsdb-server.log for ovn + tests + +Taken the fix from the commit d3292dd... (in ovn-controller-vtep.at) + +Signed-off-by: Numan Siddique <nusiddiq@redhat.com> +Signed-off-by: Russell Bryant <rbryant@redhat.com> +--- + tests/ovn-nbctl.at \| 10 +++++++++- + tests/ovn-sbctl.at \| 10 +++++++++- + 2 files changed, 18 insertions(+), 2 deletions(-) + +diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at +index 5358f1e..efad8a2 100644 +--- a/tests/ovn-nbctl.at ++++ b/tests/ovn-nbctl.at +@@ -16,7 +16,15 @@ m4_define([OVN_NBCTL_TEST_START], + + # OVN_NBCTL_TEST_STOP + m4_define([OVN_NBCTL_TEST_STOP], +- [AT_CHECK([check_logs $1]) ++ [# removes all 'Broken pipe' warning logs from ovsdb-server.log. this is in ++ # that ctl command (e.g. ovn-nbctl) exits right after committing the change ++ # to database. however, in reaction, some daemon (e.g. ovn-controller-vtep) ++ # may immediately update the database. this later update may cause database ++ # sending update back to ctl command if ctl has not proceeded to exit yet. ++ # and if ctl command exits before database calling send, the send from ++ # database will fail with 'Broken pipe' error. ++ AT_CHECK([check_logs "$1 ++/Broken pipe/d"]) + AT_CHECK([ovs-appctl -t ovsdb-server exit])]) + + +diff --git a/tests/ovn-sbctl.at b/tests/ovn-sbctl.at +index 9986d9a..4c7cf87 100644 +--- a/tests/ovn-sbctl.at ++++ b/tests/ovn-sbctl.at +@@ -25,7 +25,15 @@ m4_define([OVN_SBCTL_TEST_START], + + # OVN_SBCTL_TEST_STOP + m4_define([OVN_SBCTL_TEST_STOP], +- [AT_CHECK([check_logs $1]) ++ [# removes all 'Broken pipe' warning logs from ovsdb-server.log. this is in ++ # that ctl command (e.g. ovn-nbctl) exits right after committing the change ++ # to database. however, in reaction, some daemon (e.g. ovn-controller-vtep) ++ # may immediately update the database. this later update may cause database ++ # sending update back to ctl command if ctl has not proceeded to exit yet. ++ # and if ctl command exits before database calling send, the send from ++ # database will fail with 'Broken pipe' error. ++ AT_CHECK([check_logs "$1 ++/Broken pipe/d"]) + AT_CHECK([ovs-appctl -t ovn-northd exit]) + AT_CHECK([ovs-appctl -t ovsdb-server exit])]) + +-- +2.8.3 +
[-] [+]	Added	0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch ^
@@ -0,0 +1,51 @@ +From 49e6a7ece028a2a429ee7672e4225788e8bbb4a9 Mon Sep 17 00:00:00 2001 +From: Markos Chandras <mchandras@suse.de> +Date: Tue, 6 Sep 2016 11:06:56 +0100 +Subject: [PATCH] ovs-ctl: Add new DPDK_OPTIONS environment variable + +Add new DPDK_OPTIONS environment variable to hold the dpdk +vswitchd options so that the systemd unit files can be used to +launch an ovs-vswitcd DPDK capable instance instead of doing +it manually. + +A similar patch has been submitted upstream +http://openvswitch.org/pipermail/dev/2016-July/074150.html +but got rejected because the master (2.6 at the time) has been +fixed in a different way and DPDK options are now part of the +ovsdb. + +Signed-off-by: Markos Chandras <mchandras@suse.de> +--- + rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \| 3 +++ + utilities/ovs-ctl.in \| 4 +++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template +index 3050a07..8779c1e 100644 +--- a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template ++++ b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template +@@ -21,3 +21,6 @@ + # --ovsdb-server-wrapper=valgrind + # + OPTIONS="" ++# DPDK options to be passed along with --dpdk to ovs-vswitchd. For example: ++# DPDK_OPTIONS="-c 0x1 -n 4" ++DPDK_OPTIONS="" +diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in +index 0082bed..cec399c 100755 +--- a/utilities/ovs-ctl.in ++++ b/utilities/ovs-ctl.in +@@ -215,7 +215,9 @@ start_forwarding () { + fi + + # Start ovs-vswitchd. +- set ovs-vswitchd unix:"$DB_SOCK" ++ set ovs-vswitchd ++ [ -z "$DPDK_OPTIONS" ] \|\| set -- "$@" "--dpdk" $DPDK_OPTIONS "--" ++ set "$@" unix:"$DB_SOCK" + set "$@" -vconsole:emer -vsyslog:err -vfile:info + if test X"$MLOCKALL" != Xno; then + set "$@" --mlockall +-- +2.9.3 +
[-] [+]	Deleted	log-check-module-loop.patch ^
@@ -1,36 +0,0 @@ -Index: lib/vlog.c -=================================================================== ---- lib/vlog.c.orig -+++ lib/vlog.c -@@ -227,7 +227,7 @@ set_facility_level(enum vlog_facility fa - ovs_mutex_lock(&log_file_mutex); - if (!module) { - struct vlog_module mp; -- LIST_FOR_EACH (mp, list, &vlog_modules) { -+ LIST_FOR_EACH_CHECK (mp, list, &vlog_modules) { - mp->levels[facility] = level; - update_min_level(mp); - } -@@ -347,7 +347,7 @@ vlog_set_log_file(const char file_name) - log_writer = async_append_create(new_log_fd); - } - -- LIST_FOR_EACH (mp, list, &vlog_modules) { -+ LIST_FOR_EACH_CHECK (mp, list, &vlog_modules) { - update_min_level(mp); - } - ovs_mutex_unlock(&log_file_mutex); -Index: lib/list.h -=================================================================== ---- lib/list.h.orig -+++ lib/list.h -@@ -79,5 +79,9 @@ bool list_is_short(const struct list ); - ? ASSIGN_CONTAINER(NEXT, (ITER)->MEMBER.next, MEMBER), 1 \ - : 0); \ - (ITER) = (NEXT)) -+#define LIST_FOR_EACH_CHECK(ITER, MEMBER, LIST) \ -+ for (ASSIGN_CONTAINER(ITER, (LIST)->next, MEMBER); \ -+ &(ITER)->MEMBER != (LIST) && (ITER)->MEMBER.next != (ITER)->MEMBER.prev; \ -+ ASSIGN_CONTAINER(ITER, (ITER)->MEMBER.next, MEMBER)) - - #endif / list.h */
[-] [+]	Added	openvswitch-2.5.0-detect-dpdk-installation.patch ^
@@ -0,0 +1,153 @@ +From patchwork Tue Apr 12 10:44:15 2016 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Subject: [ovs-dev, v5] acinclude: Autodetect DPDK location when configuring OVS +From: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> +X-Patchwork-Id: 609339 +Message-Id: <1460457855-58572-1-git-send-email-bhanuprakash.bodireddy@intel.com> +To: blp@ovn.org +Cc: dev@openvswitch.org +Date: Tue, 12 Apr 2016 11:44:15 +0100 + +When using DPDK datapath, the OVS configure script requires the DPDK +build directory passed on --with-dpdk. This can be avoided if DPDK +library, headers are in standard compiler search paths. + +This patch fixes the problem by searching for DPDK libraries in standard +locations and configure OVS sources for dpdk datapath. + +If the install location is manually specified in "--with-dpdk" +autodiscovery shall be skipped. + +v4->v5 +- Minor code fixes and indentation changes as suggested by Ben + +Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodireddy@intel.com> +--- + acinclude.m4 \| 76 +++++++++++++++++++++++++++++++++++++++++------------------- + 1 file changed, 52 insertions(+), 24 deletions(-) + +diff --git a/acinclude.m4 b/acinclude.m4 +index f345c31..acd7ce7 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -163,27 +163,50 @@ AC_DEFUN([OVS_CHECK_DPDK], [ + [AC_HELP_STRING([--with-dpdk=/path/to/dpdk], + [Specify the DPDK build directory])]) + +- if test X"$with_dpdk" != X; then +- RTE_SDK=$with_dpdk ++ AC_MSG_CHECKING([whether dpdk datapath is enabled]) ++ if test -z "$with_dpdk" \|\| test "$with_dpdk" = no; then ++ AC_MSG_RESULT([no]) ++ DPDKLIB_FOUND=false ++ else ++ AC_MSG_RESULT([yes]) ++ case "$with_dpdk" in ++ yes) ++ DPDK_AUTO_DISCOVER="true" ++ DPDK_INCLUDE="/usr/local/include/dpdk -I/usr/include/dpdk" ++ ;; ++ ) ++ DPDK_AUTO_DISCOVER="false" ++ DPDK_INCLUDE="$with_dpdk/include" ++ # If 'with_dpdk' is passed install directory, point to headers ++ # installed in $DESTDIR/$prefix/include/dpdk ++ AC_CHECK_FILE([$DPDK_INCLUDE/rte_config.h], [], ++ [AC_CHECK_FILE([$DPDK_INCLUDE/dpdk/rte_config.h], ++ [DPDK_INCLUDE=$DPDK_INCLUDE/dpdk], [])]) ++ DPDK_LIB_DIR="$with_dpdk/lib" ++ ;; ++ esac + +- DPDK_INCLUDE=$RTE_SDK/include +- DPDK_LIB_DIR=$RTE_SDK/lib + DPDK_LIB="-ldpdk" + DPDK_EXTRA_LIB="" +- RTE_SDK_FULL=`readlink -f $RTE_SDK` +- +- AC_COMPILE_IFELSE( +- [AC_LANG_PROGRAM([#include <$RTE_SDK_FULL/include/rte_config.h> +-#if !RTE_LIBRTE_VHOST_USER +-#error +-#endif], [])], +- [], [AC_DEFINE([VHOST_CUSE], [1], [DPDK vhost-cuse support enabled, vhost-user disabled.]) +- DPDK_EXTRA_LIB="-lfuse"]) + + ovs_save_CFLAGS="$CFLAGS" + ovs_save_LDFLAGS="$LDFLAGS" +- LDFLAGS="$LDFLAGS -L$DPDK_LIB_DIR" + CFLAGS="$CFLAGS -I$DPDK_INCLUDE" ++ if test "$DPDK_AUTO_DISCOVER" = "false"; then ++ LDFLAGS="$LDFLAGS -L${DPDK_LIB_DIR}" ++ fi ++ ++ AC_COMPILE_IFELSE([ ++ AC_LANG_PROGRAM( ++ [ ++ #include <rte_config.h> ++#if !RTE_LIBRTE_VHOST_USER ++#error ++#endif ++ ], []) ++ ], [], ++ [AC_DEFINE([VHOST_CUSE], [1], [DPDK vhost-cuse support enabled, vhost-user disabled.]) ++ DPDK_EXTRA_LIB="-lfuse"]) + + # On some systems we have to add -ldl to link with dpdk + # +@@ -192,7 +215,7 @@ AC_DEFUN([OVS_CHECK_DPDK], [ + # Before each attempt the search cache must be unset, + # otherwise autoconf will stick with the old result + +- found=false ++ DPDKLIB_FOUND=false + save_LIBS=$LIBS + for extras in "" "-ldl"; do + LIBS="$DPDK_LIB $extras $save_LIBS $DPDK_EXTRA_LIB" +@@ -201,17 +224,25 @@ AC_DEFUN([OVS_CHECK_DPDK], [ + #include <rte_eal.h>], + [int rte_argc; char * rte_argv; + rte_eal_init(rte_argc, rte_argv);])], +- [found=true]) +- if $found; then ++ [DPDKLIB_FOUND=true]) ++ if $DPDKLIB_FOUND; then + break + fi + done +- if $found; then :; else +- AC_MSG_ERROR([cannot link with dpdk]) ++ ++ # If linking unsuccessful ++ if test "$DPDKLIB_FOUND" = "false" ; then ++ if $DPDK_AUTO_DISCOVER; then ++ AC_MSG_ERROR([Could not find DPDK library in default search path, Use --with-dpdk to specify the DPDK library installed in non-standard location]) ++ else ++ AC_MSG_ERROR([Could not find DPDK libraries in $DPDK_LIB_DIR]) ++ fi + fi + CFLAGS="$ovs_save_CFLAGS" + LDFLAGS="$ovs_save_LDFLAGS" +- OVS_LDFLAGS="$OVS_LDFLAGS -L$DPDK_LIB_DIR" ++ if test "$DPDK_AUTO_DISCOVER" = "false"; then ++ OVS_LDFLAGS="$OVS_LDFLAGS -L$DPDK_LIB_DIR" ++ fi + OVS_CFLAGS="$OVS_CFLAGS -I$DPDK_INCLUDE" + OVS_ENABLE_OPTION([-mssse3]) + +@@ -226,12 +257,9 @@ AC_DEFUN([OVS_CHECK_DPDK], [ + DPDK_vswitchd_LDFLAGS=-Wl,--whole-archive,$DPDK_LIB,--no-whole-archive + AC_SUBST([DPDK_vswitchd_LDFLAGS]) + AC_DEFINE([DPDK_NETDEV], [1], [System uses the DPDK module.]) +- +- else +- RTE_SDK= + fi + +- AM_CONDITIONAL([DPDK_NETDEV], test -n "$RTE_SDK") ++ AM_CONDITIONAL([DPDK_NETDEV], test "$DPDKLIB_FOUND" = true) + ]) + + dnl OVS_GREP_IFELSE(FILE, REGEX, [IF-MATCH], [IF-NO-MATCH])
[-] [+]	Deleted	ovs-monitor-ipsec.patch ^
@@ -1,23 +0,0 @@ ---- debian/ovs-monitor-ipsec.orig 2016-07-05 20:29:38.533614121 +0200 -+++ debian/ovs-monitor-ipsec 2016-07-05 20:30:19.973613403 +0200 -@@ -134,16 +134,16 @@ - self.commit() - - def reload(self): -- exitcode = subprocess.call([root_prefix + "/etc/init.d/racoon", -- "reload"]) -+ exitcode = subprocess.call([root_prefix + "/usr/sbin/racoonctl", -+ "reload-config"]) - if exitcode != 0: - # Racoon is finicky about its configuration file and will - # refuse to start if it sees something it doesn't like - # (e.g., a certificate file doesn't exist). Try restarting - # the process before giving up. - vlog.warn("attempting to restart racoon") -- exitcode = subprocess.call([root_prefix + "/etc/init.d/racoon", -- "restart"]) -+ exitcode = subprocess.call([root_prefix + "/usr/bin/systemctl", -+ "restart", "racoon"]) - if exitcode != 0: - vlog.warn("couldn't reload racoon") -
[-] [+]	Deleted	Module.supported ^
@@ -1 +0,0 @@ -- kernel/net/openvswitch/openvswitch
[-] [+]	Deleted	README.packager ^
@@ -1,17 +0,0 @@ - -This package is based on the Debian openvswitch package as the -original openvswitch package in the build service was next to useless -due of being based on the xenserver/ directory of the sources, which -tied the package completely to xen. - -Also, the original package was one big package depending even on Qt4. -This package splits in varius subpackages. - -The xen part was removed. If it needs to be added again, it needs to -be its subpackage. - -TODO: - -- [DONE] sysconfig is bogus, as the init scripts do not source it yet (uses debian defaults file) -- pki component does not have the postun postin scripts yet -
	Changed	openvswitch-2.5.1.tar.gz ^
[-] [+]	Changed	openvswitch-ipsec.init ^
@@ -71,12 +71,17 @@ } uninstall_mark_rule() { - iptables -D INPUT -t mangle $1 -j MARK --set-mark 1/1 \|\| return 0 + iptables -D INPUT -t mangle -i eth0 $1 -j MARK --set-mark 1/1 \ + -m comment --comment "103 mangle rule for ipsec" \|\| return 0 } install_mark_rule() { - if ( ! iptables -C INPUT -t mangle $1 -j MARK --set-mark 1/1 2> /dev/null); then - iptables -A INPUT -t mangle $1 -j MARK --set-mark 1/1 + if ( + ! iptables -C INPUT -i eth0 -t mangle -p esp -j MARK --set-mark 1/1 \ + -m comment --comment "103 mangle rule for ipsec" 2> /dev/null + ); then + iptables -A INPUT -t mangle -i eth0 $1 -j MARK --set-mark 1/1 \ + -m comment --comment "103 mangle rule for ipsec" fi } @@ -86,7 +91,7 @@ fi install_mark_rule "-p esp" - install_mark_rule "-p udp --dport 4500" +# install_mark_rule "-p udp --dport 4500" /usr/share/openvswitch/scripts/ovs-monitor-ipsec \ --pidfile=$PIDFILE --log-file --detach --monitor \ unix:/var/run/openvswitch/db.sock @@ -99,7 +104,7 @@ kill `cat $PIDFILE` fi uninstall_mark_rule "-p esp" - uninstall_mark_rule "-p udp --dport 4500" +# uninstall_mark_rule "-p udp --dport 4500" return 0 }
[-] [+]	Deleted	openvswitch-switch.init ^
@@ -1,119 +0,0 @@ -#! /bin/sh -# -# Copyright (C) 2011 Nicira Networks, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -### BEGIN INIT INFO -# Provides: openvswitch-switch -# Required-Start: $local_fs -# Required-Stop: $local_fs -# Default-Start: 2 3 5 -# Default-Stop: 0 1 6 -# Short-Description: Open vSwitch switch -### END INIT INFO - -(test -x /usr/sbin/ovs-vswitchd && test -x /usr/sbin/ovsdb-server) \|\| exit 0 - -. /etc/rc.status -rc_reset - -. /usr/share/openvswitch/scripts/ovs-lib -test -e /etc/sysconfig/openvswitch-switch && . /etc/sysconfig/openvswitch-switch - -if test X"$BRCOMPAT" = Xyes && test ! -x /usr/sbin/ovs-brcompatd; then - BRCOMPAT=no - log_warning_msg "ovs-brcompatd missing, disabling bridge compatibility" -fi - -ovs_ctl () { - set /usr/share/openvswitch/scripts/ovs-ctl "$@" - if test X"$BRCOMPAT" = Xyes; then - set "$@" --brcompat - fi - "$@" -} - -load_kmod () { - ovs_ctl load-kmod \|\| exit $? -} - -start () { - if ovs_ctl load-kmod; then - : - else - echo "Module has probably not been built for this kernel." - if ! test -d /usr/share/doc/openvswitch-datapath-source; then - echo "Install the openvswitch-datapath-source package, then read" - else - echo "For instructions, read" - fi - echo "/usr/share/doc/openvswitch-datapath-source/README.Debian" - fi - set ovs_ctl ${1-start} --system-id=random - if test X"$FORCE_COREFILES" != X; then - set "$@" --force-corefiles="$FORCE_COREFILES" - fi - "$@" \|\| exit $? - - ovs_ctl --protocol=gre enable-protocol -} - -stop () { - ovs_ctl stop -} - -case $1 in - start) - start - ;; - stop \| force-stop) - stop - ;; - reload \| force-reload) - # The OVS daemons keep up-to-date. - ;; - try-restart\|condrestart) - #restart the service if the service is already running - if test "$1" = "condrestart"; then - echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" - fi - $0 status - if test $? = 0; then - $0 restart - else - rc_reset # Not running is not a failure. - fi - rc_status # Remember status and be quiet - ;; - restart) - stop - start - ;; - status) - ovs_ctl status - exit $? - ;; - force-reload-kmod) - start force-reload-kmod - ;; - load-kmod) - load_kmod - ;; - *) - echo "Usage: $0 {start\|stop\|restart\|try-restart\|force-reload\|status\|force-stop\|force-reload-kmod\|load-kmod}" >&2 - exit 1 - ;; -esac - -exit 0
[-] [+]	Deleted	openvswitch-switch.template ^
@@ -1,10 +0,0 @@ -# This is a POSIX shell fragment -- sh -- - -OVS_CTL_OPTS='--delete-bridges' - -# FORCE_COREFILES: If 'yes' then core files will be enabled. -# FORCE_COREFILES=yes - -# BRCOMPAT: If 'yes' and the openvswitch-brcompat package is installed, then -# Linux bridge compatibility will be enabled. -# BRCOMPAT=no
[-] [+]	Deleted	openvswitch-vtep.init ^
@@ -1,78 +0,0 @@ -#!/bin/sh - -### BEGIN INIT INFO -# Provides: openvswitch-vtep -# Required-Start: $network $named $remote_fs $syslog -# Required-Stop: $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Open vSwitch VTEP emulator -# Description: Initializes the Open vSwitch VTEP emulator -### END INIT INFO - - -# Include defaults if available -default=/etc/default/openvswitch-vtep -if [ -f $default ] ; then - . $default -fi - -start () { - if [ "$ENABLE_OVS_VTEP" = "false" ]; then - exit 0 - fi - - update-rc.d -f openvswitch-switch remove >/dev/null 2>&1 - /etc/init.d/openvswitch-switch stop - - mkdir -p "/var/run/openvswitch" - - if [ ! -e "/etc/openvswitch/conf.db" ]; then - ovsdb-tool create /etc/openvswitch/conf.db /usr/share/openvswitch/vswitch.ovsschema - fi - - if [ ! -e "/etc/openvswitch/vtep.db" ]; then - ovsdb-tool create /etc/openvswitch/vtep.db /usr/share/openvswitch/vtep.ovsschema - fi - - if [ ! -e "/etc/openvswitch/ovsclient-cert.pem" ]; then - export RANDFILE="/root/.rnd" - cd /etc/openvswitch && ovs-pki req ovsclient && ovs-pki self-sign ovsclient - fi - - ovsdb-server --pidfile --detach --log-file --remote \ - punix:/var/run/openvswitch/db.sock \ - --remote=db:hardware_vtep,Global,managers \ - --private-key=/etc/openvswitch/ovsclient-privkey.pem \ - --certificate=/etc/openvswitch/ovsclient-cert.pem \ - --bootstrap-ca-cert=/etc/openvswitch/vswitchd.cacert \ - /etc/openvswitch/conf.db /etc/openvswitch/vtep.db - - modprobe openvswitch - - ovs-vswitchd --pidfile --detach --log-file \ - unix:/var/run/openvswitch/db.sock -} - -stop () { - /etc/init.d/openvswitch-switch stop -} - -case $1 in - start) - start - ;; - stop) - stop - ;; - restart\|force-reload) - stop - start - ;; - *) - echo "Usage: $0 {start\|stop\|restart\|force-reload}" >&2 - exit 1 - ;; -esac - -exit 0
[-] [+]	Changed	openvswitch.service ^
@@ -1,12 +1,14 @@ [Unit] Description=Open vSwitch -After=syslog.target +After=network-pre.target Before=network.service [Service] Type=oneshot -ExecStart=/etc/init.d/openvswitch-switch start -ExecStop=/etc/init.d/openvswitch-switch stop +EnvironmentFile=-/etc/sysconfig/openvswitch +ExecStart=/usr/share/openvswitch/scripts/ovs-ctl start \ + --system-id=random $OPTIONS +ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop RemainAfterExit=yes [Install]
[-] [+]	Added	ovs-monitor-ipsec ^
@@ -0,0 +1,687 @@ +#!/usr/bin/python +# Copyright (c) 2009-2015 Nicira, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# A daemon to monitor attempts to create GRE-over-IPsec tunnels. +# Uses racoon and setkey to support the configuration. Assumes that +# OVS has complete control over IPsec configuration for the box. + + +import argparse +import glob +import os +import re +import subprocess +import sys +from string import Template + +from ovs.db import error +from ovs.db import types +import ovs.daemon +import ovs.db.idl +import ovs.dirs +import ovs.unixctl +import ovs.unixctl.server +import ovs.util +import ovs.vlog + + +FILE_HEADER = "# Generated by ovs-monitor-ipsec...do not modify by hand!\n\n" + +vlog = ovs.vlog.Vlog("ovs-monitor-ipsec") +exiting = False +keyer = None +xfrm = None + + +def unixctl_xfrm_policies(conn, unused_argv, unused_aux): + global xfrm + policies = xfrm.get_policies() + conn.reply(str(policies)) + +def unixctl_xfrm_state(conn, unused_argv, unused_aux): + global xfrm + securities = xfrm.get_securities() + conn.reply(str(securities)) + +def unixctl_ipsec_status(conn, unused_argv, unused_aux): + global keyer + conns = keyer._get_strongswan_conns() + conn.reply(str(conns)) + +def unixctl_show(conn, unused_argv, unused_aux): + global keyer + global xfrm + policies = xfrm.get_policies() + securities = xfrm.get_securities() + keyer.show(conn, policies, securities) + +def unixctl_exit(conn, unused_argv, unused_aux): + global exiting + exiting = True + conn.reply(None) + + +class XFRM(object): + """This class is a simple wrapper around ip-xfrm (8) command line + utility. For now we are using this class only so that ovs-monitor-ipsec + could verify that IKE keying daemon has installed IPsec policies and + security associations into kernel.""" + + def __init__(self, ip_root_prefix): + self.IP = ip_root_prefix + "/sbin/ip" + + def get_policies(self): + """This function returns IPsec policies (from kernel) in a dictionary + where <key> is destination IPv4 address and <value> is SELECTOR of + the IPsec policy.""" + policies = {} + proc = subprocess.Popen([self.IP, 'xfrm', 'policy'], + stdout=subprocess.PIPE) + while True: + line = proc.stdout.readline().strip() + if line == '': + break + a = line.split(" ") + if len(a) >= 4 and a[0] == "src" and a[2] == "dst": + dst = (a[3].split("/"))[0] + if not dst in policies: + policies[dst] = [] + policies[dst].append(line) + src = (a[3].split("/"))[0] + if not src in policies: + policies[src] = [] + policies[src].append(line) + return policies + + def get_securities(self): + """This function returns IPsec security associations (from kernel) + in a dictionary where <key> is destination IPv4 address and <value> + is SELECTOR.""" + securities = {} + proc = subprocess.Popen([self.IP, 'xfrm', 'state'], + stdout=subprocess.PIPE) + while True: + line = proc.stdout.readline().strip() + if line == '': + break + a = line.split(" ") + if len(a) >= 4 and a[0] == "sel" and a[1] == "src" and a[3] == "dst": + remote_ip = a[4].rstrip().split("/")[0] + local_ip = a[2].rstrip().split("/")[0] + if not remote_ip in securities: + securities[remote_ip] = [] + securities[remote_ip].append(line) + if not local_ip in securities: + securities[local_ip] = [] + securities[local_ip].append(line) + return securities + + +class StrongSwanTunnel(object): + """This class represents IPsec tunnel in strongSwan""" + + transp_tmpl = {"ipsec_gre" : Template("""\ +conn $ifname-$version +$auth_section + leftsubnet=%dynamic[gre] + rightsubnet=%dynamic[gre] + +"""), "ipsec_gre64" : Template("""\ +conn $ifname-$version +$auth_section + leftsubnet=%dynamic[gre] + rightsubnet=%dynamic[gre] + +"""), "ipsec_geneve" : Template("""\ +conn $ifname-in-$version +$auth_section + rightsubnet=%dynamic[udp/%any] + leftsubnet=%dynamic[udp/6081] + +conn $ifname-out-$version +$auth_section + rightsubnet=%dynamic[udp/6081] + leftsubnet=%dynamic[udp/%any] + +"""), "ipsec_stt" : Template("""\ +conn $ifname-in-$version +$auth_section + rightsubnet=%dynamic[tcp/%any] + leftsubnet=%dynamic[tcp/7471] + +conn $ifname-out-$version +$auth_section + rightsubnet=%dynamic[tcp/7471] + leftsubnet=%dynamic[tcp/%any] + +"""), "ipsec_vxlan" : Template("""\ +conn $ifname-in-$version +$auth_section + rightsubnet=%dynamic[udp/%any] + leftsubnet=%dynamic[udp/4789] + +conn $ifname-out-$version +$auth_section + rightsubnet=%dynamic[udp/4789] + leftsubnet=%dynamic[udp/%any] + +""")} + + auth_tmpl = {"psk" : Template("""\ + left=$local_ip + right=$remote_ip + authby=psk"""), + "rsa" : Template("""\ + left=$local_ip + right=$remote_ip + rightcert=ovs-$remote_ip.pem + leftcert=$certificate""")} + + unixctl_config_tmpl = Template("""\ + Remote IP: $remote_ip + Tunnel Type: $tunnel_type + Local IP: $local_ip + Use SSL cert: $use_ssl_cert + My cert: $certificate + My key: $private_key
[-] [+]	Added	pre_checkin.sh ^
@@ -0,0 +1,19 @@ +#!/bin/sh + +# Start fresh +for f in spec changes; do + cp openvswitch.$f openvswitch-dpdk.$f \|\| exit 1 +done + +# +#- Add comment about generated file +#- Fix {,sub-}package name, description, summary +#- Enable the dpdk conditional build +sed -i -e "/^Name:.openvswitch$/i \ +# Do NOT edit this auto generated file! Edit openvswitch.spec instead\n\ +# and run 'pre_checkin.sh' before committing" \ +-e "/^#\sspec file/s/openvswitch$/&-dpdk/" \ +-e "/^Name:/s/openvswitch/&-dpdk/g" \ +-e "/^Summary:/s/^.$/&\ $DPDK$/g" \ +-e "/^%bcond_with\sdpdk/s/with/&out/" \ +openvswitch-dpdk.spec \|\| exit 1