This reverts commit 5902b4ed6.
For end users that do not plan to use tunnels or use only selected
tunnels, it probably is a bad idea to punch firewall holes by default.
Opening holes like this may surprise the user.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
We use ovs-ctl from startup scripts to start, stop, restart,
force-reload-kmod OVS daemons. ovs-ctl gives quite a descriptive
o/p while running the above commands. But the o/p goes to stdout.
Sometimes, this output is quite useful to debug issues.
With this patch, we store the o/p of ovs-ctl when called from
startup scripts in /var/log/openvswitch/ovs-ctl.log
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
ovs-ctl has a new command called "restart" which
saves and restores the openflow flows on bridges.
Use that command from the init scripts when doing
a "restart --save-flows=yes".
Also, the debian package postinst script can
set the variable OVS_RESTART_SAVE_FLOWS to "yes"
to ask for save and restore of flows.
Feature #13555.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Replaced all instances of Nicira Networks(, Inc) to Nicira, Inc.
Feature #10593
Signed-off-by: Raju Subramanian <rsubramanian@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Typically Open vSwitch communicates with running processes using
unixctl. This patch converts ovs-xapi-sync to the strategy for
consistency.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Some users never restart OVS, they just reload the kernel module on
each new version. Since ovs-xapi-sync is a daemon, a restart is
required to use the new code. Therefore, without this patch, users
could unwittingly use stale versions of ovs-xapi-sync.
Bug #9919.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Diagnosed-by: Ben Pfaff <blp@nicira.com>
Rename this helper script to simply ovs-lib, since it's primarily
a library of helper functions.
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Otherwise its heartbeats start failing after the reload and the XenServer
reboots after a minute or so.
Thanks to Justin Pettit for figuring out that this was HA-related.
Bug #5706.
Reported-by: Henrik Amren <henrik@nicira.com>
On startup, some OVS initscripts insert an iptables rule to allow GRE
traffic (because GRE support is an important OVS feature). I noticed that,
each time I restarted OVS, this added another GRE-related rule to the
iptables chain. This is wasteful, because each additional rule increases
the time it takes to process a packet in the IP stack.
This commit avoids the problem by inserting an iptables rule when there
isn't already an appropriate rule. It also avoids inserting an iptables
rule if the iptables policy is ACCEPT, meaning that packets are accepted
by default; in such a case, if the GRE packet would be dropped, it is
because the system administrator made that decision explicitly.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Deleting the pidfile introduces a minor race: if some other process is
starting a daemon at the same time that the init script is stopping the
same daemon, then this could delete the new daemon's pidfile.
This is really a theoretical risk, because no one should be starting and
stopping a single daemon at the same time.
Early development versions of ovs-vswitchd didn't always restart
successfully, so we required confirmation if "restart" was invoked
interactively. Recent versions do just fine, so drop the confirmation
prompt.
Signed-off-by: Ben Pfaff <blp@nicira.com>
It seems possible that "restart" or a quick application of "stop" then
"start" could kill ovs-xapi-sync without starting it again, if
ovs-xapi-sync takes a little while to die, long enough for the next
instance of it to see that its pidfile is still open and locked.
I hope that this fixes some odd races that we've noticed in the "restart"
command.
Signed-off-by: Ben Pfaff <blp@nicira.com>
We had retained but deprecated the use of the older 'managers' column in the
'Open vSwitch' table for compatibility with applications that might still use
it, but that created more problems than it solved. This commit removes the
'managers' column from the schema, and removes all references to it from the
code, init scripts, documentation, and tests.
Until now, Open vSwitch "start" has always converted the database to the
current database schema. This compacts the database, which as a side
effect throws away useful information about the transactions that were
executed to bring the database into its current state. This can make
debugging database-related problems more difficult.
This commit changes the "start" command to only convert the database if
the database schema has changed. It also adds the database checksum to
the backup file name, to avoid overwriting backups in the case where the
checksum changed but the developer neglected to update the version number.
I tested an earlier version of the xenserver changes but not any version
of the Debian changes.
With commit 5692e3 (xenserver: Set fail_mode on internal bridges.), the
responsibilities of ovs-external-ids got expanded beyond just monitoring
external-ids. This commit renames the script to more accurately
describe its job.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Commit 404c169247 breaks compatibility with
XenServers older than 5.6 FP1. This commit removes the last vestiges of
support for those older XenServer versions.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Running "service openvswitch force-reload-kmod" will now save the kernel
configuration state of Open vSwitch interfaces, stop the vswitch, unload
the kernel module, reload the kernel module, restart the vswitch, and
restore kernel configuration state. It is a reasonably safe way to upgrade
or downgrade the Open vSwitch kernel module on a running system.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Commit 72dfb3b (xenserver: Add LSB init info to scripts.) added LSB init
info to the XenServer scripts. This was verified to work on XenServer
5.5, but newer versions of XenServer interpret these values and alter
when "openvswitch" gets called. This causes XenServer to not come up
with its networking configuration properly.
By removing the "Required-" parameters, OVS will properly come up. This
is just a temporary fix, and a more proper one will be forthcoming.
Otherwise, if the bridge module is loaded but no bridges exist, on all
but the most recent Linux kernels this prevents the Open vSwitch kernel
module from loading.
Signed-off-by: Ben Pfaff <blp@nicira.com>
On non-XenServer systems there is no $PRODUCT_VERSION to test for default
behavior, so use reasonable defaults in that case.
Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
On XenServer systems, the "network mode" (that is, whether the network
uses OpenvSwitch or the Linux bridge) is stored in
/etc/xensource/network.conf. On other systems, we can't expect it to be
there. This changes the init script to tolerate its absence, treating that
as meaning that Open vSwitch should be used (otherwise, why did the admin
install it?).
NETWORK_MODE can always be overridden in /etc/sysconfig/openvswitch anyway.
Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
[changed back to read /etc/xensource/network.conf if present]
Signed-off-by: Ben Pfaff <blp@nicira.com>
ovs-external-ids's job is to synchronize UUIDs between XAPI and OVSDB.
Non-XenServer systems don't have XAPI so they don't need ovs-external-ids.
Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Currently the scripts in xensever/ are intended specifically for XenServer,
but supporting other distros seems like a worthy goal, so this is a step
in the right direction.
It would be good to be able to determine a suitable system-type and
system-version, but those are less important than system-id.
Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
[changed not to set xs-system-uuid on non-XenServer systems]
[whitespace changes]
[changed to handle missing uuidgen, suggested by Justin Pettit]
Signed-off-by: Ben Pfaff <blp@nicira.com>
XenServer has its function library in /etc/init.d/functions but other
distros have it in different places. Currently this init script is
specifically intended for XenServer but adding compatibility with other
distros seems like a worthwhile goal.
Also, SuSE does not have the "action" function, so test whether it is
implemented and when not supply a fallback.
Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
[changed to only define action() if not already defined]
Signed-off-by: Ben Pfaff <blp@nicira.com>
XenServer itself does not use this information as part of startup, but
other distributions that may wish to derive their startup scripts from
these may need it.
Signed-off-by: Patrick Mullaney <pm.mullaney@gmail.com>
[updated some info in xenserver/etc_init.d_openvswitch-xapi-update]
[used Debian LSB info for xenserver/etc_init.d/openvswitch]
Signed-off-by: Ben Pfaff <blp@nicira.com>
Until now, nothing in the database has reported the Open vSwitch version
number. This commit adds that.
In addition, this commits moves the system type and version from
external-ids to individual columns, because we decided that these were
important enough not to relegate them to a grab-bag field.
The init script starts monitor-external-ids with --monitor when
configured to do so. Also made changes to guarantee that --monitor
actually restarts ovs-external-ids.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Renamed the monitor-external-ids script ovs-external-ids.
Hopefully this will make it clearer who owns it when someone does
ps xa.
Also removed trailing whitespace from ovs-external-ids.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
When the init script's reload function is called it will send a
SIGHUP to monitor-external-ids. This will cause
monitor-external-ids to re-generate everything.
Feature #3668.
On overloaded XenServers the current default timeout of 5 seconds can
occasionally be reached, which causes VM startup to fail. This commit
fixes the problem by removing the default timeout and changing each
invocation of ovs-vsctl within the tree to specify its own timeout,
if appropriate.
Bug #3573.
It's not necessary to explicitly delete the pidfile when stopping
monitor-external-ids through the init script, since the daemon will take
care of that.
vswitch.xml was updated to describe system-id and xs-system-uuid but the
implementation of this update was incomplete.
CC: Justin Pettit <jpettit@nicira.com>
CC: Jeremy Stribling <strib@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The monitor-external-ids daemon monitors the external_ids columns of the
Bridge and Interface OVSDB tables. Its primary responsibility is to
set the "bridge-id" and "iface-id" keys in the Bridge and Interface
tables, respectively. It also looks for the use of "network-uuids" in
the Bridge table and duplicates its value to the preferred
"xs-network-uuids".
Signed-off-by: Justin Pettit <jpettit@nicira.com>
The configuration schema defines the system-type and system-version
external-ids for the Open_vSwitch table. This commit adds support for
reporting them on XenServer.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Sometimes it takes a moment for the OVS daemons to die. When that happens,
the "start" half of "openvswitch restart" can fail when ovsdb-tool
runs, because ovsdb-server will still have the lock on the database if it
has not exited yet. So this commit just makes the "stop" half wait for
the daemons to really die.
Bug #3369.
I can't easily find anything that documents what commands Fedora init
scripts should support, but many of them support "reload" and
"force-reload". This commit adds support for them to the XenServer init
scripts. (The Debian init scripts already had support.)
Debian does document that reload and force-reload should be supported:
http://www.debian.org/doc/debian-policy/ch-opersys.html#s-writing-init
Reported-by: Reid Price <reid@nicira.com>
Bug #3266.
Just silently don't start OVS daemons if /etc/xensource/network.conf
contains a value of "bridge". This allows the init script to be called
regardless of whether OVS or bridge is configured.
