* Update upstream OVS debian packaging to be on par with package
source in Debian/Ubuntu:
- Provide a openvswitch-switch-dpdk package that integrates with
the dpdk package in the distributions so that end users can opt
into a DPDK-enabled Open vSwitch binary.
- Provide systemd service files.
- Provide openvswitch-source package for reproducible integrated
build of for example OVN.
- Stop building shared library and subsequently remove
libopenvswitch and libopenvswitch-dev binary packages.
Co-authored-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Luca Boccassi <bluca@debian.org>
Co-authored-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Co-authored-by: James Page <james.page@ubuntu.com>
Signed-off-by: James Page <james.page@ubuntu.com>
Co-authored-by: Corey Bryant <corey.bryant@canonical.com>
Signed-off-by: Corey Bryant <corey.bryant@canonical.com>
Signed-off-by: Frode Nordahl <frode.nordahl@canonical.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
The packaging source in the OVS repository has drifted away from
what is currently in Debian and Ubuntu. This state is problematic
because from time to time someone tries to build packages from the
upstream OVS debian package source and then expect that package to
work with up-/down-grades from-/to/ distro versions.
To support the on-going work to remove the out of tree OVS kernel
driver from the repository [0], an update to the debian packaging
is also required. On the back of the discussion in [0] we agreed
that replacing the current version with what Debian and Ubuntu
is currently converging on would be preferable.
This commit is a first in a series to update the upstream OVS
debian packaging source to be up to date with what is currently
in Debian and Ubuntu.
0: https://mail.openvswitch.org/pipermail/ovs-dev/2022-June/394634.html
Signed-off-by: Frode Nordahl <frode.nordahl@canonical.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
It's always been OVS coding style to use spaces rather than tabs for
indentation, but some tabs have snuck in over time. This commit converts
them to spaces.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Current versions of systemd in Debian Stretch use
SYSTEMCTL_SKIP_REDIRECT instead of _SYSTEMCTL_SKIP_REDIRECT.
Provide both variables in the .init files.
Signed-off-by: Raymond Burkholder <ray@oneunified.net>
Suggested-by: Guru Shetty <guru@ovn.org>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
OVS 1.7 was released in July 2012, so by the time current OVS is released,
it will be almost four years old. I think that this is long enough to
remove special upgrade code.
It's almost impossible to do this upgrade in any case since there is
no overlap in the base kernel versions supported by the out of tree
modules in the two versions (the only possibility is running the new
version of OVS on the upstream module from Linux 3.3).
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
The latest Open vSwitch kernel module from Upstream linux does not
list "version". During debian package installation, we would see
a non-harmful error in the log. This patch suppresses it.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
After some experimentation on Ubuntu15.04, I see the
following behavior.
1. If you install openvswitch-switch with 'apt-get install',
then you automatically get a upstart and systemd config files
for openvswitch. The integration with 'interfaces' fails
because both the upstart and systemd jobs do not have logic
to handle it.
The above behavior will likely get fixed soon in upstream
Ubuntu.
2. If you install openvswitch-switch via the packages
created from the openvswitch repo, there is no systemd or
upstart conf files installed. But systemd notices this
and creates a runtime openvswitch conf file which does
nothing but call back the sysv startup script.
In the above case when you call
"/etc/init.d/openvswitch-switch start", it inturn calls
"/bin/systemctl start openvswitch-switch.service" and
that inturn again calls "/etc/init.d/openvswitch-switch start".
But the above for some reason simply hangs. It looks like a call
to ifup when invoked in this manner does not return.
I am not sure why this is happening.
We can avoid the above behavior completely by skipping the
systemctl redirect as done in this commit. This should fix
both 1. and 2. above.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
When using interfaces.d/<foobar>, interfaces are not picked up.
Let ifquery figure out the format of the interfaces files for us.
Signed-off-by: Jan Vansteenkiste <jan@vstone.eu>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Commit b2a0daa5bd (debian: Don't recreate bridges during manual restart.)
added a check on $RUNLEVEL to only create bridges and ports when the
system starts up. This fix does not work with systemd.
This commit uses a different approach to solve the same problem.
Reported-at: https://bugs.debian.org/686518
Reported-by: Philipp S. Schmidt <phils@in-panik.de>
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Tested-by: Philipp S. Schmidt <phils@in-panik.de>
Open vSwitch bridges and ports can be configured through
the /etc/network/interfaces script. During system startup,
Open vSwitch startup script reads the interfaces file
and creates the bridges and ports. During system shutdown,
the bridges and ports are removed.
The same behavior also can occur with a manual 'restart' of
Open vswitch (ex: service openvswitch-switch restart).
This behavior has come across as undesirable in some cases.
ex: When some one manually creates interfaces through ovs-vsctl
and then restarts Open vSwitch, that interface is lost.
This commit changes the startup script such that, interfaces
are created and deleted through the startup script only when
RUNLEVEL environment variable is set. This behavior will be
consistent with the OVS RHEL ifcfg-* scripts too.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Currently, when we upgrade openvswitch packages, we do a restart
of userspace daemons automatically. This does not replace the
kernel module.
But almost everytime, we want to use the new kernel module
that comes with the new version. This means that we need to
manually do a "force-reload-kmod". This step, reloads the
kernel module and also restarts the userspace daemons. This gives
us a total of two restarts of userspace daemons. This is quite
expensive in a hypervisor with hundreds of VMs sending real traffic.
This also hurts the controller as it gets two reconnections in a short
amount of time.
With this patch, during a package upgrade, if the kernel module
on disk is different than the one that is loaded, we will
automatically do a force-reload-kmod while openvswitch-switch
is installed. If not, we will just do a "restart" like before.
One can install the kernel package first and then install the userspace
packages in 2 separate steps to enforce a single 'force-reload-kmod'.
If anyone wants to just restart the userspace package instead of
force-reload-kmod, they can set the value of OVS_FORCE_RELOAD_KMOD=no
while installing the package.
Ex: OVS_FORCE_RELOAD_KMOD=no dpkg -i openvswitch-switch*
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
We use ovs-ctl from startup scripts to start, stop, restart,
force-reload-kmod OVS daemons. ovs-ctl gives quite a descriptive
o/p while running the above commands. But the o/p goes to stdout.
Sometimes, this output is quite useful to debug issues.
With this patch, we store the o/p of ovs-ctl when called from
startup scripts in /var/log/openvswitch/ovs-ctl.log
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Currently brcompat does not work on master due to recent
datapath changes. We have decided to remove it as it is
not used very widely.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Currently, there is an option to use the /etc/network/interfaces
file to configure Open vSwitch bridges and ports. To create and
destroy bridges, one has to manually run the following commands.
ifup --allow=ovs $list_of_bridges
ifdown --allow=ovs $list_of_bridges
This commit will automatically run the above two commands when
the system boots up and shuts down respectively through the
OVS startup script.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
ovs-ctl has a new command called "restart" which
saves and restores the openflow flows on bridges.
Use that command from the init scripts when doing
a "restart --save-flows=yes".
Also, the debian package postinst script can
set the variable OVS_RESTART_SAVE_FLOWS to "yes"
to ask for save and restore of flows.
Feature #13555.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Debian kernel maintainer Bastian Blank writes, at
http://bugs.debian.org/680537:
The netfilter rules are a shared resource. There is no synchronization,
so the admin have the last word. As kernel maintainer, I see it similar
to a configuration file, so §10.7 policy applies.
The purpose of openvswitch is to provide support for switching, not to
setup filter rules. This means it violates the principle of least
surprise.
I believe that the argument by analogy to configuration files is weak,
given that the Debian policy section in question is very specifically about
files, not about general principles. On the other hand, Debian does not
install any firewall by default, so the presence of a rule that blocks GRE
traffic is a sign that the administrator has taken an explicit action to
install a firewall that blocks GRE, and therefore it is rather rude to
override this. Therefore, this patch simply turns off this behavior on
Debian, given that in ordinary Debian installations it will have no
adverse effect on Open vSwitch.
Debian bug #680537.
CC: 680537@bugs.debian.org
Reported-by: Bastian Blank <waldi@debian.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Simon Horman <horms@verge.net.au>
Replaced all instances of Nicira Networks(, Inc) to Nicira, Inc.
Feature #10593
Signed-off-by: Raju Subramanian <rsubramanian@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The dh_installinit --error-handler option makes a lot of sense, but after
playing with it for a while I could not figure out a nice way to use it
only for openvswitch-switch without either duplicating the dh_installinit
fragments in postinst and prerm (the actual bug that was reported) or
omitting them for some package.
Also, we forgot to write the error handler function for the prerm.
This commit switches to a different way to avoid failing the install when
the kernel module is not available, without using --error-handler.
CC: 663051@bugs.debian.org
Reported-by: Thomas Goirand <zigo@debian.org>
Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
The init script ends with an explicit "exit 0" so nonzero exit codes from
"ovs-ctl status" were being lost.
Bug #9714.
Reported-by: Paul Ingram <paul@nicira.com>
CC: Sujatha Shetty <sshetty@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Rename this helper script to simply ovs-lib, since it's primarily
a library of helper functions.
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>
By registering an error-handler for the init script used
in openvswitch-switch.postinst and detecting if module insertion fails,
it is possible to avoid failure to install in the case where the
openvswitch_mod module is not available.
This is done without altering the behaviour that the start target
of the openvswitch-switch init script will fail if module insertion fails.
This patch also adds a friendly hint as as to why starting
openvswitch-switch has failed if it is due to failure to insert
the openvswtich_mod. This message is displayed as necessary both
on package install and other calls to the start target of the
init script.
[Ben Pfaff fixed up == to = in postinst]
On startup, some OVS initscripts insert an iptables rule to allow GRE
traffic (because GRE support is an important OVS feature). I noticed that,
each time I restarted OVS, this added another GRE-related rule to the
iptables chain. This is wasteful, because each additional rule increases
the time it takes to process a packet in the IP stack.
This commit avoids the problem by inserting an iptables rule when there
isn't already an appropriate rule. It also avoids inserting an iptables
rule if the iptables policy is ACCEPT, meaning that packets are accepted
by default; in such a case, if the GRE packet would be dropped, it is
because the system administrator made that decision explicitly.
Signed-off-by: Ben Pfaff <blp@nicira.com>
We had retained but deprecated the use of the older 'managers' column in the
'Open vSwitch' table for compatibility with applications that might still use
it, but that created more problems than it solved. This commit removes the
'managers' column from the schema, and removes all references to it from the
code, init scripts, documentation, and tests.
Until now, Open vSwitch "start" has always converted the database to the
current database schema. This compacts the database, which as a side
effect throws away useful information about the transactions that were
executed to bring the database into its current state. This can make
debugging database-related problems more difficult.
This commit changes the "start" command to only convert the database if
the database schema has changed. It also adds the database checksum to
the backup file name, to avoid overwriting backups in the case where the
checksum changed but the developer neglected to update the version number.
I tested an earlier version of the xenserver changes but not any version
of the Debian changes.
Store the OVS version in OVSDB. Additionally, if the "lsb_release"
command is available, store information about the system type and
version.
Bug #4576
The XenServer init script makes a backup before converting the OVSDB
database file. This may be useful for debugging, so do the same on
Debian. Also, store the schema version in the database.
Earlier, the /etc/openvswitch directory would get installed as part of
the init script's start sequence. However, as newer packages are added,
including some that create files in this directory during their init
script sequences, a race condition may occur.
This change ensures that the directory /etc/openvswitch is created even
before the init scripts execute. Thus, the race condition is avoided.
Brad pointed out that openvswitch-ipsec init script defined the variable
DIETIME but attempted to use it as DODTIME. This commit uses DODTIME,
since it's the name used by the openvswitch-switch init script. The
openvswitch-controller init script had the same issue.
As suggested by Ben, the "s" suffixes are removed from sleep commands,
since they are a GNU extension.
Reported-by: Brad Hall <brad@nicira.com>
The problem here is that the daemon is started/restarted on
package installation, but the module may not be present at that
time and (as far as I know) its bad form to fail the package installation
in that circumstance.
In keeping with the way ipvsadm handles a similar problem,
exit with a non-error exit status if the module can't be inserted.
The loud error message is still displayed.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
On overloaded XenServers the current default timeout of 5 seconds can
occasionally be reached, which causes VM startup to fail. This commit
fixes the problem by removing the default timeout and changing each
invocation of ovs-vsctl within the tree to specify its own timeout,
if appropriate.
Bug #3573.
Before this commit the init script did not change the cwd of
openvswitch processes it started. Thus, core files were created in
root directory. This patch changes the cwd of openvswitch to
a more reasonable location.
Sometimes it takes a moment for the OVS daemons to die. When that happens,
the "start" half of "openvswitch restart" can fail when ovsdb-tool
runs, because ovsdb-server will still have the lock on the database if it
has not exited yet. So this commit just makes the "stop" half wait for
the daemons to really die.
Bug #3369.
A number of the init scripts assumed that the package name was the same
as the binary, which is not always true. This fixes those issues as
well as some incorrect names in usage messages.
Reported-by: Ram Jothikumar <rjothikumar@nicira.com>
The new GRE implementation provides a complete drop in replacement
for the old Linux based implementation. Therefore, remove the
old implementation and rename "grenew" to "gre".
Init scripts that depend on items in /usr must have $remote_fs defined
in their Required-Start and Required-Stop fields. This will ensure that
/usr is mounted before a start or stop call is made.
Found by Lintian.
This commit cleans up the locations of a number of files and directories
used. These include:
- Config file lives in /etc/openvswitch/conf.db
- Logs go into /var/log/openvswitch
- ovsdb-server socket is /var/run/openvswitch/db.sock
- Schema goes into /usr/share/openvswitch/vswitch.ovsschema
- PID files go in /var/run/openvswitch
For XenServer, these additional changes are made:
- Cores go in /var/xen/openvswitch
- OVS binaries run in /var/xen/openvswitch
In addition, it attempts to cleanup the XenServer packaging. This
includes referring to the project as "openvswitch" as opposed to the
somewhat presumptuous "vswitch".
Note: Changes to the Debian packaging will be forthcoming.
ovsdb-server should be able to obtain its SSL configuration from the
database that it is serving out, instead of having to specify it on the
command line. This commit makes it so.
The XenServer init script has been upgrading the database before starting
ovsdb-server for some time now, but the corresponding change was never
made to the Debian init script. This commit fixes that.
