By registering an error-handler for the init script used
in openvswitch-switch.postinst and detecting if module insertion fails,
it is possible to avoid failure to install in the case where the
openvswitch_mod module is not available.
This is done without altering the behaviour that the start target
of the openvswitch-switch init script will fail if module insertion fails.
This patch also adds a friendly hint as as to why starting
openvswitch-switch has failed if it is due to failure to insert
the openvswtich_mod. This message is displayed as necessary both
on package install and other calls to the start target of the
init script.
[Ben Pfaff fixed up == to = in postinst]
On startup, some OVS initscripts insert an iptables rule to allow GRE
traffic (because GRE support is an important OVS feature). I noticed that,
each time I restarted OVS, this added another GRE-related rule to the
iptables chain. This is wasteful, because each additional rule increases
the time it takes to process a packet in the IP stack.
This commit avoids the problem by inserting an iptables rule when there
isn't already an appropriate rule. It also avoids inserting an iptables
rule if the iptables policy is ACCEPT, meaning that packets are accepted
by default; in such a case, if the GRE packet would be dropped, it is
because the system administrator made that decision explicitly.
Signed-off-by: Ben Pfaff <blp@nicira.com>
We had retained but deprecated the use of the older 'managers' column in the
'Open vSwitch' table for compatibility with applications that might still use
it, but that created more problems than it solved. This commit removes the
'managers' column from the schema, and removes all references to it from the
code, init scripts, documentation, and tests.
Until now, Open vSwitch "start" has always converted the database to the
current database schema. This compacts the database, which as a side
effect throws away useful information about the transactions that were
executed to bring the database into its current state. This can make
debugging database-related problems more difficult.
This commit changes the "start" command to only convert the database if
the database schema has changed. It also adds the database checksum to
the backup file name, to avoid overwriting backups in the case where the
checksum changed but the developer neglected to update the version number.
I tested an earlier version of the xenserver changes but not any version
of the Debian changes.
Store the OVS version in OVSDB. Additionally, if the "lsb_release"
command is available, store information about the system type and
version.
Bug #4576
The XenServer init script makes a backup before converting the OVSDB
database file. This may be useful for debugging, so do the same on
Debian. Also, store the schema version in the database.
Earlier, the /etc/openvswitch directory would get installed as part of
the init script's start sequence. However, as newer packages are added,
including some that create files in this directory during their init
script sequences, a race condition may occur.
This change ensures that the directory /etc/openvswitch is created even
before the init scripts execute. Thus, the race condition is avoided.
Brad pointed out that openvswitch-ipsec init script defined the variable
DIETIME but attempted to use it as DODTIME. This commit uses DODTIME,
since it's the name used by the openvswitch-switch init script. The
openvswitch-controller init script had the same issue.
As suggested by Ben, the "s" suffixes are removed from sleep commands,
since they are a GNU extension.
Reported-by: Brad Hall <brad@nicira.com>
The problem here is that the daemon is started/restarted on
package installation, but the module may not be present at that
time and (as far as I know) its bad form to fail the package installation
in that circumstance.
In keeping with the way ipvsadm handles a similar problem,
exit with a non-error exit status if the module can't be inserted.
The loud error message is still displayed.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
On overloaded XenServers the current default timeout of 5 seconds can
occasionally be reached, which causes VM startup to fail. This commit
fixes the problem by removing the default timeout and changing each
invocation of ovs-vsctl within the tree to specify its own timeout,
if appropriate.
Bug #3573.
Before this commit the init script did not change the cwd of
openvswitch processes it started. Thus, core files were created in
root directory. This patch changes the cwd of openvswitch to
a more reasonable location.
Sometimes it takes a moment for the OVS daemons to die. When that happens,
the "start" half of "openvswitch restart" can fail when ovsdb-tool
runs, because ovsdb-server will still have the lock on the database if it
has not exited yet. So this commit just makes the "stop" half wait for
the daemons to really die.
Bug #3369.
A number of the init scripts assumed that the package name was the same
as the binary, which is not always true. This fixes those issues as
well as some incorrect names in usage messages.
Reported-by: Ram Jothikumar <rjothikumar@nicira.com>
The new GRE implementation provides a complete drop in replacement
for the old Linux based implementation. Therefore, remove the
old implementation and rename "grenew" to "gre".
Init scripts that depend on items in /usr must have $remote_fs defined
in their Required-Start and Required-Stop fields. This will ensure that
/usr is mounted before a start or stop call is made.
Found by Lintian.
This commit cleans up the locations of a number of files and directories
used. These include:
- Config file lives in /etc/openvswitch/conf.db
- Logs go into /var/log/openvswitch
- ovsdb-server socket is /var/run/openvswitch/db.sock
- Schema goes into /usr/share/openvswitch/vswitch.ovsschema
- PID files go in /var/run/openvswitch
For XenServer, these additional changes are made:
- Cores go in /var/xen/openvswitch
- OVS binaries run in /var/xen/openvswitch
In addition, it attempts to cleanup the XenServer packaging. This
includes referring to the project as "openvswitch" as opposed to the
somewhat presumptuous "vswitch".
Note: Changes to the Debian packaging will be forthcoming.
ovsdb-server should be able to obtain its SSL configuration from the
database that it is serving out, instead of having to specify it on the
command line. This commit makes it so.
The XenServer init script has been upgrading the database before starting
ovsdb-server for some time now, but the corresponding change was never
made to the Debian init script. This commit fixes that.
Tested on a XenServer by running "kill -SEGV" on the daemon processes and
watching them restart automatically and by running plain "kill" and
watching them terminate normally.
Unloading kernel modules will destroy all of the datapaths, which is a
drastic action. So we are probably better off doing that only if the
user requests it explicitly.
This appears to work in that it creates the database on installation,
starts and stops the programs and loads and unloads the kernel modules at
the right times, but it has not been tested beyond that.
This implements the kernel portion of GRE on Linux. It consists
of a backported module that provides the GRE capabilities of 2.6.32
plus bug fixes to kernels 2.6.18+.
Until now, setting a netflow collector to a DNS name would cause
secchan to attempt to resolve that DNS name each time that the set of
netflow collectors is re-set. For the vswitch, this is every time that
the vswitch reconfigures itself.
Unfortunately, DNS lookup within secchan cannot work as currently
implemented, because it needs both an asynchronous DNS resolver library
and in-band control updates. Currently we have neither. Attempting to
look up DNS anyway just hangs.
This commit disables DNS lookup entirely, and updates the documentation to
change user expectations. DNS still won't work, but at least it won't
hang.
Bug #1609.
