Remove the kernel driver specification for RHEL 6.x, 7.x, 8.x and Fedora.
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
The only way to configure settings on a remote (e.g. inactivity_probe)
is via --remote=db:DB,table,row. There is no way to do this via the
existing CLI options.
For a clustered DB with multiple servers listening on unique addresses
there is no way to store these entries in the DB as the DB is shared.
For example, three servers listening on 1.1.1.1, 1.1.1.2, and 1.1.1.3
respectively would require a Manager/Connection row each, but then
all three servers would try to listen on all three addresses.
It is possible for ovsdb-server to serve multiple databases. This
means that we can have a local "config" database in addition to
the main database we are serving (Open_vSwitch, OVN_Southbound, etc.)
and this patch adds a Local_Config schema that currently just mirrors
the Connection table and a Config table with a 'connections' row that
stores each Connection.
Signed-off-by: Terry Wilson <twilson@redhat.com>
Acked-by: Dumitru Ceara <dceara@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This commit adds support for DPDK v21.11, it includes the following
changes.
1. ci: Install python elftools for DPDK 21.02.
2. ci: Update meson requirement for DPDK 21.05.
3. netdev-dpdk: Fix build with 21.05.
4. ci: Compile DPDK in non developer mode.
http://patchwork.ozlabs.org/project/openvswitch/list/?series=242480&state=*
5. netdev-dpdk: Remove access to DPDK internals.
6. netdev-dpdk: Remove unused attribute from rte_flow rule.
7. netdev-dpdk: Fix mbuf macros namespace with 21.11-rc1.
8. netdev-dpdk: Fix vhost namespace with 21.11-rc2.
http://patchwork.ozlabs.org/project/openvswitch/list/?series=271159&state=*
In addition documentation and DPDK unit tests were also updated in this
commit for use with DPDK v21.11.
For credit all authors of the original commits to 'dpdk-latest' with the above
changes have been added as co-authors for this commit.
Signed-off-by: David Marchand <david.marchand@redhat.com>
Co-authored-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Tested-by: Emma Finn <emma.finn"intel.com>
Tested-by: Seamus Ryan <seamus.ryan@intel.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
In some cases, like building OvS packages in Jenkins, it may be
useful to set a custom version suffix that will correspond with
job's build number, etc. Currently, version number is explicitly
set to 1. This change adds a define "release_number" that may be
overridden during package bulding process:
rpmbuild -ba --define="release_number X" ...
Signed-off-by: Guzowski Adrian <adrian.guzowski@exatel.pl>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Now OvS supports building with dpdk 20.11, and uses
the '--with-dpdk=shared' option in fedora.spec. Then
change version of dpdk 17.05.1 to 20.11.
Note that dpdk-devel-20.11.x is not released in fedora
distro, but use '20.11' is fine.
Fixes: 252e1e576443 ("dpdk: Update to use DPDK v20.11.")
Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This patch adds an RPMBUILD_OPT so that user can enable
AF_XDP support in the rpm package by:
$ make rpm-fedora RPMBUILD_OPT="--with afxdp"
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
With DPDK 20.11, meson and pkgconfig are used instead of the old
Makefile-based system and so --with-dpdk option is changed to only
accept shared or static instead of the directory.
This commit uses --with-dpdk=shared since Fedora and RHEL ship shared
libraries of DPDK.
Fixes: 252e1e576443 ("dpdk: Update to use DPDK v20.11.")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
With the cited commit, we get an error from rpmbuild about installed
but not packaged /usr/lib64/libopenvswitchavx512.a.
Fix it by treating it as the other la files.
Fixes: 352b6c7116cd ("dpif-lookup: add avx512 gather implementation.")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Acked-by: Ian Stokes <ian.stokes@intel.com>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Acked-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Since Python 2 support was removed in 1ca0323e7c29 ("Require Python 3 and
remove support for Python 2."), python3-six is not needed anymore.
Moreover python3-six is not available on RHEL/CentOS7 without using EPEL
and so this patch is needed in order to release OVS 2.13 on RHEL7.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
A previous patch removed python2 support from ovs. So we can remove
this condition and make python3 mandatory for builds. Without this
patch, make rpm-fedora on centos 7 fails unless we pass
RPMBUILD_OPT="--with build_python3".
Signed-off-by: Numan Siddique <numans@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This workaround only applied to kernels earlier than 2.6.37, but OVS
only supports 3.10 and later.
As the original author of this code, I won't miss it.
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
A preceding commit removed the last remaining dependencies on OVN code,
so remove the OVN code.
Acked-by: Han Zhou <hzhou8@ebay.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Python 2 reaches end-of-life on January 1, 2020, which is only
a few months away. This means that OVS needs to stop depending
on in the next release that should occur roughly that same time.
Therefore, this commit removes all support for Python 2. It
also makes Python 3 a mandatory build dependency.
Some of the interesting consequences:
- HAVE_PYTHON, HAVE_PYTHON2, and HAVE_PYTHON3 conditionals have
been removed, since we now know that Python3 is available.
- $PYTHON and $PYTHON2 are removed, and $PYTHON3 is always
available.
- Many tests for Python 2 support have been removed, and the ones
that depended on Python 3 now run unconditionally. This allowed
several macros in the testsuite to be removed, making the code
clearer. This does make some of the changes to the testsuite
files large due to indentation level changes.
- #! lines for Python now use /usr/bin/python3 instead of
/usr/bin/python.
- Packaging depends on Python 3 packages.
Acked-by: Numan Siddique <nusiddiq@redhat.com>
Tested-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
So that is properly cleaned up after package is uninstalled.
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Currently we have rhel/openvswitch.spec.in that provides
sysv scripts. The fedora package provides systemd scripts.
If one upgrades openvswitch package from sysv to systemd,
you will end up in a situation where old OVS daemons are
running, but systemd does not know about it. One "restart"
is needed for systemd to see the old daemons. Another "restart"
or "force-reload-kmod" is needed to actually use the new
daemons.
This commit, just takes care of the first restart. The "real"
restart/force-reload-kmod will still have to be done outside
the package installation.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ansis Atteka <aatteka@ovn.org>
We currently have rhel/openvswitch.spec.in that automatically
enables openvswitch service when the package is installed using
chkconfig.
But fedora rpm may not enable openvswitch service automatically.
The macro currently being used in fedora rpm (systemd_post) will
look for preset files in /etc/systemd/system-preset/ to figure
out whether openvswitch service needs to be automatically enabled.
But, the fedora package does not provide such a file. The argument
is that people may want to install the package for binaries and
not necessarily to run OVS.
If someone now wants to install the fedora package and automatically
enable openvswitch, he will have to create a new package that OVS
package depends on to install the preset file. This is unwieldy.
This commit, provides a rpm build time option to enable the openvswitch
service automatically. If you now run the below command, openvswitch
service will be automatically enabled during package installation.
make rpm-fedora RPMBUILD_OPT="--with autoenable"
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ansis Atteka <aatteka@ovn.org>
Otherwise, Open vSwitch will fail to start with the following
error "libcap-ng is not configured at compile time" when it
attempts to downgrade to Open vSwitch user.
Also, if packages were built in a way where processes are
supposed to be running only as root, then there is no point
in creating "openvswitch" user in the first place.
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
While the header files added by this patch into Fedora's devel
rpm package can be considered private, the other devel packages
for RHEL/CentOS and Debian/Ubuntu distros include them.
So this patch simply makes the Fedora devel package consistent with
the other devel packages.
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
On Fedora Rawhide only python3-sphinx is available, but currently
python2-sphinx is used.
This commit changes the BuildRequires for sphinx to use
/usr/bin/sphinx-build directly instead of python2-sphinx in order to make
it work on current Fedora Rawhide too.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Currently many tests fails on mock/koji since /etc/resolv.conf is not
present. The unexpected warning causes them to abort.
After this patch an empty resolv.conf is created and used before issuing
"make check".
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Up until now, OVN rpms were generated as sub packages of OpenvSwitch.
This patch now splits it and makes OVN rpms independent.
A new spec file - ovn-fedora.spec.in is added for this.
The openvswitch-fedora.spec.in has been modified to create only
OpenvSwitch packages.
Since we are not splitting the OVN code, the spec files run the
same build procedure. Only the required binaries/files are copied
into the rpms.
The new package names will be ovn, ovn-common, ovn-central, ovn-host,
ovn-vtep and ovn-docker.
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Tested-By: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Since commit bc4fd439586f ("rhel: Ship ovs shared libraries, fedora")
openvswitch-devel RPM package includes both static and shared library.
This is against the Fedora Packaging Guidelines [1].
This commit prevent the static libraries and libtool archives to be shipped.
[1] https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
In commit d5cc46e3d185 ("ipsec: Use @PYTHON@ directly instead of
"/usr/bin/env python"") ovs-monitor-ipsec is installed in bin directory,
but it's supposed to be installed in script directory.
This commit removes also the manual copy of "ovs-monitor-ipsec" in spec file
since it's installed directly in "make install".
Fixes: d5cc46e3d185 ("ipsec: Use @PYTHON@ directly instead of "/usr/bin/env python"")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Currently the split package for ipsec is named
openvswitch-openvswitch-ipsec, but it should be named openvswitch-ipsec.
This commit changes the spec file in order to have the IPsec package as
openvswitch-ipsec instead of openvswitch-openvswitch-ipsec.
CC: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Fixes: bdddc715358e ("debian and rhel: Create IPsec package.")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch extends 4886d4d2495b (debian, rhel: Ship ovs shared libraries
and header files) to fedora, by packaging the shared libraries in
openvswitch and openvswitch-dvel RPM. These files are always packaged in
the RPMs built with rhel6 spec file.
VMware-BZ: #2036847
CC: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@redhat.com>
Starting from Fedora 29, the legacy network scripts are installed in
the "network-scripts" package and so the network scripts ("ifup-ovs",
"ifdown-ovs") should be installed only when the "network-scripts" package
is installed.
This commit introduces (on Fedora 29+) a new subpackage
(network-scripts-openvswitch). This subpackage is installed, by default, only
if the "network-scripts" package is installed too (reverse weak dependency).
Reported-by: Lubomir Rintel <lkundrak@v3.sk>
Reported-at: https://src.fedoraproject.org/rpms/openvswitch/pull-request/4
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
The /var/log/openvswitch directory is owned by the openvswitch user but
logrotate could be running as root or as another user. As a result of
which, rpmlint prints the following warning when building the spec file
on SUSE Linux Enterprise:
openvswitch.x86_64: W: suse-logrotate-user-writable-log-dir /var/log/openvswitch openvswitch:openvswitch 0750
The log directory is writable by unprivileged users. Please fix the
permissions so only root can write there or add the 'su' option
to your logrotate config
In order to fix that, we should run the logrotate script as the same
user which runs the various Open vSwitch daemons. If this is a new
installation, then this user is the 'openvswitch' one, but if we are
upgrading from an older release, then the user is normally 'root'.
As such, we set the initial user to 'root' and we fix this up in the
%post scriptlet.
Cc: Aaron Conole <aconole@redhat.com>
Cc: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Starting from Fedora 29, gcc and gcc-c++ won't be installed by default in
buildroot and so it's necessary to specify them explicitly in the spec file.
https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
This patch is a simple implementation for the proposal discussed in
https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/337038.html and
https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/340013.html.
It enables ovs-vswitchd and other utilities to use DNS names when specifying
OpenFlow and OVSDB remotes.
Below are some of the features and limitations of this patch:
- Resolving is asynchornous in daemon context, avoiding blocking main loop;
- Resolving is synchronous in general utility context;
- Both IPv4 and IPv6 are supported;
- The resolving API is thread-safe;
- Depends on the unbound library;
- When multiple ip addresses are returned, only the first one is used;
- /etc/nsswitch.conf isn't respected as unbound library doesn't look at it;
- For async-resolving, caller need to retry later; there is no callback.
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
ovs-sim is a funny utility since it only works from a build tree, not from
an installed OVS. That means that we shouldn't install its manpage when
we run "make install". But we do want to install the manpage when we're
inside ovs-sim itself, so that the user can invoke "man ovs-sim" from its
nested shell.
This commit makes this happen.
Suggested-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Roi Dayan <roid@mellanox.com>
The rpm doesn't invoke all of the required selinux helpers to enact labeling
or relabeling on all versions of Fedora/RHEL. According to:
https://fedoraproject.org/wiki/SELinux/IndependentPolicy
This commit switches to use the selinux rpm macros which will ensure that
all of the labels defined in the .fc.in file are applied properly.
Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Currently, Open vSwitch on linux embeds the logic of loading and unloading
kernel modules into the ovs-ctl and ovs-lib script files. This works, but
it means that there is no way to leverage extended filesystem attributes
to grant fine grain permissions relating to module loading.
The split out utility 'ovs-kmod-ctl' will be used in an upcoming commit
for RHEL-based distributions to have a separate transition domain that
will allow module loading to be given to a separate selinux domain from
the openvswitch_t domain.
Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Currently python-netifaces is needed for ovs-tcpdump that is installed
by openvswitch-test package.
This commit adds {python,python2}-netifaces as a dependency for the
openvswitch-test package.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
It's always been OVS coding style to use spaces rather than tabs for
indentation, but some tabs have snuck in over time. This commit converts
them to spaces.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
Commit 94cd8383e297 ("rhel: fix log directory permissions") restored the
old 755 permission on /var/log/openvswitch and this can result in the
exposure of sensitive information.
Since commit f624bf23b62a ("rhel: user/group openvswitch does not exist")
moved the user/group creations in %pre phase it's now possible to change
/var/log/openvswitch user/group to openvswitch:openvswitch and remove
the r/x bits for other again without having the "permission denied"
error when the logs are rotated.
CC: Aaron Conole <aconole@redhat.com>
Fixes: 94cd8383e297 ("rhel: fix log directory permissions")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Markos Chandras <mchandras@suse.de>
Currently python2 and python3 binaries are searched by following the
PATHs, but, on Fedora, the python2 package does not provides /bin/python2
and so if the PATH contains /bin before /usr/bin (for example by using
the ansible poc) then the resulting RPM file will require /bin/python2
instead of /usr/bin/python2 and this breaks some tools (for example
createrepo).
This patch specify the full path of python2 interpreter and,
if python3-openvswitch package is built, the full path of python3
interpreter.
Reported-by: Ansis Atteka <ansisatteka@gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-May/346796.html
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
These dependencies have been moved from the %post to the %pre scriptlet
in f624bf23b62a ("rhel: user/group openvswitch does not exist") and are
already provided by the shadow-utils package so we can simply drop
them.
Cc: Alan Pevec <alan.pevec@redhat.com>
Cc: Aaron Conole <aconole@redhat.com>
Signed-off-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Default ownership[1] for config files is failing on an empty system:
Running scriptlet: openvswitch-2.9.0-3.fc28.x86_64
warning: user openvswitch does not exist - using root
warning: group openvswitch does not exist - using root
...
Required user/group need to be created in %pre as documented in
Fedora guideline[2]
[1] 951d79e638
[2] https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation
Submitted-at: https://github.com/openvswitch/ovs/pull/223
Signed-off-by: Alan Pevec <alan.pevec@redhat.com>
Co-authored-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Russell Bryant <russell@ovn.org>
The sed package in RHEL/CentOS 7 only provides /bin/sed and not
/usr/bin/sed, but later versions (including Fedora) provide both.
Signed-off-by: Isaac Freeman <memotype@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
GitHub uses a library called Licensee to identify a project's license
type. It shows this information in the status bar and via the API if it
can unambiguously identify the license.
This commit creates a LICENSE file that stores the full text of the
Apache license. It also removes the COPYING file and transfers its
contents to a new "License" section in the README.
Collectively, these changes allow Licensee to successfully identify the
license type of Open vSwitch's codebase as Apache.
Submitted-at: https://github.com/openvswitch/ovs/pull/224
Signed-off-by: Andrea Kao <eirinikos@gmail.com>
[blp@ovn.org removed references to COPYING and updated Makefile.am]
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
The _Server database is valuable primarily because it provides database
clients a way to find out the details of changes to databases, schemas,
etc. in a granular, natural way. Until now, the only way that the server
could notify clients about these kinds of changes was to close the session;
when the client reconnects, it is expected to reassess the server's state.
One way to provide this kind of granular information would be to add
specific JSON-RPC requests to obtain notifications for different kinds of
changes, but since ovsdb-server already provides granular and flexible
notification support for databases, using a database for the purpose is
convenient and avoids duplicating functionality.
Initially this database only reports databases' names and schemas, but
when clustering support is added in a later commit it will also report
important aspects of clustering and cluster status. Thus, this database
also reduces the need to add JSON-RPC calls to retrieve information about
new features.
Signed-off-by: Ben Pfaff <blp@ovn.org>
The selinux policy currently builds manually, as a process that either
the user or distribution maintainer undertakes. That process consists
of:
1. Convert the intermediary files into their file form through
'make' statements at the top level.
2. Change to the selinux directory and issue the selinux "make -f"
directive.
This commit introduces a new target 'selinux-policy' which builds the
openvswitch-custom policy files.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
Currently, "make rpm-fedora" doesn't work correctly since the new ovsdb
manpages (ovsdb.5, ovsdb.7 and ovsdb-server.7) were added.
This patch adds the new ovsdb manpages in the %files list in the spec
file.
CC: Ben Pfaff <blp@ovn.org>
Fixes: 12b84d50e032 ("ovsdb: Improve documentation.")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
