Previously, if --private-key or another option that requires SSL support
was used, but OVS was built without OpenSSL support, then OVS would fail
with an error message that the specified option was not supported. This
confused users because it made them think that the option had been removed:
http://openvswitch.org/pipermail/discuss/2011-April/005034.html
This commit improves the error message: OVS will now report that it was
built without SSL support. This should be make the problem clear to users.
Reported-by: Aaron Rosen <arosen@clemson.edu>
Feature #5325.
Until now, it has been the responsibility of an individual daemon to call
die_if_already_running() at an appropriate time. A long time ago, this
had to happen *before* daemonizing, because once the process daemonized
itself there was no way to report failure to the process that originally
started the daemon. With the introduction of daemonize_start(), this is
now possible, but we haven't been taking advantage of it.
Therefore, this commit integrates the die_if_already_running() call into
daemonize_start() and deletes the calls to it from individual daemons.
In each of the cases converted here, an shash was used simply to maintain
a set of strings, with the shash_nodes' 'data' values set to NULL. This
commit converts them to use sset instead.
Only the time connected (if connected) or disconnected (if disconnected) is
currently reported for each manager. Change to reporting both in seconds since
the last connect and disconnect events respectively. An empty value indicates
no previous connection or disconnection.
This can help diagnose certain connectivity problems, e.g. flapping.
Requested-by: Peter Balland <peter@nicira.com>
Bug #4833.
Commit 0b3e7a8b71 (ovsdb-server: Write manager status information to Manager
table.) attempted to provide managers with the ability to debug manager-related
connection problems, but it turns out that reporting "time_in_state" is not
very useful, because the state is constantly changing. What people really want
is the time each manager has been connected or disconnected, depending on the
current connection state.
Replace "time_in_state" key with "time_connected" and "time_disconnected"
keys. Only one exists at a time, and time is in seconds.
Bug #4833.
"warning: 'parse_db_string_column' defined but not used"
This commit fixes the above warning when compiling on systems which
do not have SSL support. It also causes query_db_string() to
always be compiled on these systems as it is not SSL specific and
may be useful in the future.
Other modules that accept options use this style and I don't see a reason
for the daemon code to be different. The style used by the daemon code
until now runs the risk of ending up with conflicting values accidentally,
which would be confusing.
This commit makes the status of manager connections visible via the Manager
table in the database. Two new columns have been created for this purpose:
'is_connected' and 'status'. The former is a boolean flag, and the latter is a
string-string map which may contain the keys "last_error", "state", and
"time_in_state".
Requested-by: Keith Amidon <keith@nicira.com>
Reviewed by: Ben Pfaff.
Feature #3692.
ovsdb-server tries to read from a column named 'probe_interval' in the Manager
table, but the column is actually named 'inactivity_probe', so a
user-configured probe interval will never be used.
Stress options allow developers testing Open vSwitch to trigger behavior
that otherwise would occur only in corner cases. Developers and testers
can thereby more easily discover bugs that would otherwise manifest only
rarely or nondeterministically. Stress options may cause surprising
behavior even when they do not actually reveal bugs, so they should only be
enabled as part of testing Open vSwitch.
This commit implements the framework and adds a few example stress options.
This commit started from code written by Andrew Lambeth.
Suggested-by: Henrik Amren <henrik@nicira.com>
CC: Andrew Lambeth <wal@nicira.com>
If "ovs-appctl exit" happens to hit ovsdb-server or ovs-vswitchd at a
moment when nothing else is happening to wake the daemon up, it can take a
long time for them to exit.
This seems to account for occasional "make check" failures on Nicira's
internal builds. It probably fixes some Debian automatic build failures
as well.
I'm retaining the "managers" column in the Open_vSwitch table for now, but
I hope that applications transition to using "manager_options" eventually
so that we could drop it.
CC: Andrew Lambeth <wal@nicira.com>
CC: Jeremy Stribling <strib@nicira.com>
OpenSSL is picky about the order in which keys and certificates are
changed: you have to change the certificate first, then the key. It
doesn't document this, but deep in the source code, in a function that sets
a new certificate, it has this comment:
/* don't fail for a cert/key mismatch, just free
* current private key (when switching to a different
* cert & key, first this function should be used,
* then ssl_set_pkey */
Brilliant, guys, thanks a lot.
Bug #2921.
Adding a macro to define the vlog module in use adds a level of
indirection, which makes it easier to change how the vlog module must be
defined. A followup commit needs to do that, so getting these widespread
changes out of the way first should make that commit easier to review.
Since the timeval module now initializes itself on-demand, there is no
longer any need to initialize it explicitly, or to provide an interface to
do so.
ovsdb-server should be able to obtain its SSL configuration from the
database that it is serving out, instead of having to specify it on the
command line. This commit makes it so.
If the database grows fairly large, and we've written a fair number of
transactions to it, and it's been a while since the database was compacted,
then (after the next commit) compact the database.
Also, compact the database online if the "ovsdb-server/compact" command is
issued via unixctl. I suspect that this feature will rarely if ever be
used in practice, but it's easier to test than compacting automatically.
Bug #2391.
When --monitor is used, administrators sometimes become confused about the
presence of two copies of each process. This commit attempts to clarify
the situation by making the monitoring process change its process name, as
seen in /proc/$pid/cmdline and in "ps", to clearly indicate what is going
on.
CC: Dan Wendlandt <dan@nicira.com>
This module, which catches segmentation faults and prints a backtrace
before exiting, was useful for a while, but I believe that it has now
outlived its purpose. It is altogether better to have a core dump from
which one can extract much more information than a usually-poor backtrace,
and core dumps are much better integrated into a typical Unix system.
In addition, the "fault" module was of course not all that portable.
There are conflicting pressures in startup of a daemon process:
* The parent process should exit with an error code if the daemon
cannot start up successfully.
* Some startup actions must be performed in the child process, not in
the parent. The most obvious of these are file locking, since
child processes do not inherit locks, and anything that requires
knowing the child process's PID (e.g. unixctl sockets).
Until now, this conflict has usually been handled by giving up part of the
first property, i.e. in some cases the parent process would exit
successfully and the child immediately afterward exit with a failure code.
This commit introduces a better approach, by allowing daemons to perform
startup work in the child and only then signal the parent that they have
successfully started. If the child instead exits without signaling
success, the parent passes this exit code along to its own parent.
This commit also modifies the daemons that can usefully take advantage of
this new feature to do so.
Some systems complain when certain functions' return values are not
checked. This commit fixes those warnings.
Creating ignore() function suggested by Ben Pfaff.
Before this commit, "ovsdb-server --detach" would detach after it opened
the database file, which meant that the child process did not hold the
file lock on the database file (because a forked child process does not
inherit its parents' locks). This commit fixes the problem by making
ovsdb-server open the database only after it has detached. This fix, in
turn, required that daemonize() not chdir to /, because this would break
databases whose names are given relative to the current directory, and so
this commit also changes ovsdb-server to do so later.
An upcoming commit will add support for replicating tables across JSON-RPC
connection. As a prerequisite ovsdb itself must support basic replication.
This commit adds that support and then reimplements the ovsdb file storage
in terms of that replication.
