From patchwork Fri May 8 06:04:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1285841 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49JKZ50BXyz9sSr for ; Fri, 8 May 2020 16:05:33 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 5035A87B4A; Fri, 8 May 2020 06:05:31 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ozVnjJu3vSQK; Fri, 8 May 2020 06:05:01 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 598EA87B43; Fri, 8 May 2020 06:05:01 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 37E19C088B; Fri, 8 May 2020 06:05:01 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id B38B6C07FF for ; Fri, 8 May 2020 06:04:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 96FFA8939F for ; Fri, 8 May 2020 06:04:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcbWfGDios9K for ; Fri, 8 May 2020 06:04:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay10.mail.gandi.net (relay10.mail.gandi.net [217.70.178.230]) by hemlock.osuosl.org (Postfix) with ESMTPS id A81648934C for ; Fri, 8 May 2020 06:04:44 +0000 (UTC) Received: from nusiddiq.home.org.com (unknown [115.99.89.246]) (Authenticated sender: numans@ovn.org) by relay10.mail.gandi.net (Postfix) with ESMTPSA id B93B924000A; Fri, 8 May 2020 06:04:39 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Fri, 8 May 2020 11:34:17 +0530 Message-Id: <20200508060417.246847-1-numans@ovn.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200508060325.246679-1-numans@ovn.org> References: <20200508060325.246679-1-numans@ovn.org> MIME-Version: 1.0 Cc: Dave Tucker Subject: [ovs-dev] [PATCH ovn 1/7] Remove XenServer Code X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Dave Tucker This code is used from the OVS tree and isn't required for compilation. Leaving it here could mistakenly lead to someone changing it and expecting it to have an effect. Submitted-at: https://github.com/ovn-org/ovn/pull/38 Signed-off-by: Dave Tucker Signed-off-by: Numan Siddique --- Makefile.am | 1 - xenserver/.gitignore | 1 - xenserver/GPLv2 | 339 ------ xenserver/LICENSE | 518 ---------- xenserver/README.rst | 175 ---- xenserver/automake.mk | 35 - xenserver/etc_init.d_openvswitch | 154 --- xenserver/etc_init.d_openvswitch-xapi-update | 80 -- xenserver/etc_logrotate.d_openvswitch | 21 - xenserver/etc_profile.d_openvswitch.sh | 48 - .../etc_xapi.d_plugins_openvswitch-cfg-update | 269 ----- xenserver/etc_xensource_scripts_vif | 265 ----- xenserver/openvswitch-xen.spec.in | 519 ---------- ..._xensource_libexec_InterfaceReconfigure.py | 972 ------------------ ...urce_libexec_InterfaceReconfigureBridge.py | 476 --------- ...rce_libexec_InterfaceReconfigureVswitch.py | 730 ------------- ...pt_xensource_libexec_interface-reconfigure | 739 ------------- ...xsconsole_plugins-base_XSFeatureVSwitch.py | 331 ------ ...sr_share_openvswitch_scripts_ovs-xapi-sync | 406 -------- ...are_openvswitch_scripts_sysconfig.template | 24 - 20 files changed, 6103 deletions(-) delete mode 100644 xenserver/.gitignore delete mode 100644 xenserver/GPLv2 delete mode 100644 xenserver/LICENSE delete mode 100644 xenserver/README.rst delete mode 100644 xenserver/automake.mk delete mode 100755 xenserver/etc_init.d_openvswitch delete mode 100755 xenserver/etc_init.d_openvswitch-xapi-update delete mode 100644 xenserver/etc_logrotate.d_openvswitch delete mode 100644 xenserver/etc_profile.d_openvswitch.sh delete mode 100755 xenserver/etc_xapi.d_plugins_openvswitch-cfg-update delete mode 100755 xenserver/etc_xensource_scripts_vif delete mode 100644 xenserver/openvswitch-xen.spec.in delete mode 100644 xenserver/opt_xensource_libexec_InterfaceReconfigure.py delete mode 100644 xenserver/opt_xensource_libexec_InterfaceReconfigureBridge.py delete mode 100644 xenserver/opt_xensource_libexec_InterfaceReconfigureVswitch.py delete mode 100755 xenserver/opt_xensource_libexec_interface-reconfigure delete mode 100644 xenserver/usr_lib_xsconsole_plugins-base_XSFeatureVSwitch.py delete mode 100755 xenserver/usr_share_openvswitch_scripts_ovs-xapi-sync delete mode 100644 xenserver/usr_share_openvswitch_scripts_sysconfig.template diff --git a/Makefile.am b/Makefile.am index af3fa1ed3..fbd4638a1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -499,7 +499,6 @@ include debian/automake.mk include lib/ovsdb_automake.mk include ipsec/automake.mk include rhel/automake.mk -include xenserver/automake.mk include tutorial/automake.mk include selinux/automake.mk include controller/automake.mk diff --git a/xenserver/.gitignore b/xenserver/.gitignore deleted file mode 100644 index 3679eea07..000000000 --- a/xenserver/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/openvswitch-xen.spec diff --git a/xenserver/GPLv2 b/xenserver/GPLv2 deleted file mode 100644 index d511905c1..000000000 --- a/xenserver/GPLv2 +++ /dev/null @@ -1,339 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/xenserver/LICENSE b/xenserver/LICENSE deleted file mode 100644 index 00fc4d8cb..000000000 --- a/xenserver/LICENSE +++ /dev/null @@ -1,518 +0,0 @@ -As a special exception to the GNU Lesser General Public License, you -may link, statically or dynamically, a "work that uses the Library" -with a publicly distributed version of the Library to produce an -executable file containing portions of the Library, and distribute -that executable file under terms of your choice, without any of the -additional requirements listed in clause 6 of the GNU Lesser General -Public License. By "a publicly distributed version of the Library", -we mean either the unmodified Library as distributed, or a -modified version of the Library that is distributed under the -conditions defined in clause 3 of the GNU Library General Public -License. This exception does not however invalidate any other reasons -why the executable file might be covered by the GNU Lesser General -Public License. - ------------- - - GNU LESSER GENERAL PUBLIC LICENSE - Version 2.1, February 1999 - - Copyright (C) 1991, 1999 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - -[This is the first released version of the Lesser GPL. It also counts - as the successor of the GNU Library Public License, version 2, hence - the version number 2.1.] - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -Licenses are intended to guarantee your freedom to share and change -free software--to make sure the software is free for all its users. - - This license, the Lesser General Public License, applies to some -specially designated software packages--typically libraries--of the -Free Software Foundation and other authors who decide to use it. You -can use it too, but we suggest you first think carefully about whether -this license or the ordinary General Public License is the better -strategy to use in any particular case, based on the explanations below. - - When we speak of free software, we are referring to freedom of use, -not price. Our General Public Licenses are designed to make sure that -you have the freedom to distribute copies of free software (and charge -for this service if you wish); that you receive source code or can get -it if you want it; that you can change the software and use pieces of -it in new free programs; and that you are informed that you can do -these things. - - To protect your rights, we need to make restrictions that forbid -distributors to deny you these rights or to ask you to surrender these -rights. These restrictions translate to certain responsibilities for -you if you distribute copies of the library or if you modify it. - - For example, if you distribute copies of the library, whether gratis -or for a fee, you must give the recipients all the rights that we gave -you. You must make sure that they, too, receive or can get the source -code. If you link other code with the library, you must provide -complete object files to the recipients, so that they can relink them -with the library after making changes to the library and recompiling -it. And you must show them these terms so they know their rights. - - We protect your rights with a two-step method: (1) we copyright the -library, and (2) we offer you this license, which gives you legal -permission to copy, distribute and/or modify the library. - - To protect each distributor, we want to make it very clear that -there is no warranty for the free library. Also, if the library is -modified by someone else and passed on, the recipients should know -that what they have is not the original version, so that the original -author's reputation will not be affected by problems that might be -introduced by others. - - Finally, software patents pose a constant threat to the existence of -any free program. We wish to make sure that a company cannot -effectively restrict the users of a free program by obtaining a -restrictive license from a patent holder. Therefore, we insist that -any patent license obtained for a version of the library must be -consistent with the full freedom of use specified in this license. - - Most GNU software, including some libraries, is covered by the -ordinary GNU General Public License. This license, the GNU Lesser -General Public License, applies to certain designated libraries, and -is quite different from the ordinary General Public License. We use -this license for certain libraries in order to permit linking those -libraries into non-free programs. - - When a program is linked with a library, whether statically or using -a shared library, the combination of the two is legally speaking a -combined work, a derivative of the original library. The ordinary -General Public License therefore permits such linking only if the -entire combination fits its criteria of freedom. The Lesser General -Public License permits more lax criteria for linking other code with -the library. - - We call this license the "Lesser" General Public License because it -does Less to protect the user's freedom than the ordinary General -Public License. It also provides other free software developers Less -of an advantage over competing non-free programs. These disadvantages -are the reason we use the ordinary General Public License for many -libraries. However, the Lesser license provides advantages in certain -special circumstances. - - For example, on rare occasions, there may be a special need to -encourage the widest possible use of a certain library, so that it becomes -a de-facto standard. To achieve this, non-free programs must be -allowed to use the library. A more frequent case is that a free -library does the same job as widely used non-free libraries. In this -case, there is little to gain by limiting the free library to free -software only, so we use the Lesser General Public License. - - In other cases, permission to use a particular library in non-free -programs enables a greater number of people to use a large body of -free software. For example, permission to use the GNU C Library in -non-free programs enables many more people to use the whole GNU -operating system, as well as its variant, the GNU/Linux operating -system. - - Although the Lesser General Public License is Less protective of the -users' freedom, it does ensure that the user of a program that is -linked with the Library has the freedom and the wherewithal to run -that program using a modified version of the Library. - - The precise terms and conditions for copying, distribution and -modification follow. Pay close attention to the difference between a -"work based on the library" and a "work that uses the library". The -former contains code derived from the library, whereas the latter must -be combined with the library in order to run. - - GNU LESSER GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License Agreement applies to any software library or other -program which contains a notice placed by the copyright holder or -other authorized party saying it may be distributed under the terms of -this Lesser General Public License (also called "this License"). -Each licensee is addressed as "you". - - A "library" means a collection of software functions and/or data -prepared so as to be conveniently linked with application programs -(which use some of those functions and data) to form executables. - - The "Library", below, refers to any such software library or work -which has been distributed under these terms. A "work based on the -Library" means either the Library or any derivative work under -copyright law: that is to say, a work containing the Library or a -portion of it, either verbatim or with modifications and/or translated -straightforwardly into another language. (Hereinafter, translation is -included without limitation in the term "modification".) - - "Source code" for a work means the preferred form of the work for -making modifications to it. For a library, complete source code means -all the source code for all modules it contains, plus any associated -interface definition files, plus the scripts used to control compilation -and installation of the library. - - Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running a program using the Library is not restricted, and output from -such a program is covered only if its contents constitute a work based -on the Library (independent of the use of the Library in a tool for -writing it). Whether that is true depends on what the Library does -and what the program that uses the Library does. - - 1. You may copy and distribute verbatim copies of the Library's -complete source code as you receive it, in any medium, provided that -you conspicuously and appropriately publish on each copy an -appropriate copyright notice and disclaimer of warranty; keep intact -all the notices that refer to this License and to the absence of any -warranty; and distribute a copy of this License along with the -Library. - - You may charge a fee for the physical act of transferring a copy, -and you may at your option offer warranty protection in exchange for a -fee. - - 2. You may modify your copy or copies of the Library or any portion -of it, thus forming a work based on the Library, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) The modified work must itself be a software library. - - b) You must cause the files modified to carry prominent notices - stating that you changed the files and the date of any change. - - c) You must cause the whole of the work to be licensed at no - charge to all third parties under the terms of this License. - - d) If a facility in the modified Library refers to a function or a - table of data to be supplied by an application program that uses - the facility, other than as an argument passed when the facility - is invoked, then you must make a good faith effort to ensure that, - in the event an application does not supply such function or - table, the facility still operates, and performs whatever part of - its purpose remains meaningful. - - (For example, a function in a library to compute square roots has - a purpose that is entirely well-defined independent of the - application. Therefore, Subsection 2d requires that any - application-supplied function or table used by this function must - be optional: if the application does not supply it, the square - root function must still compute square roots.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Library, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Library, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote -it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Library. - -In addition, mere aggregation of another work not based on the Library -with the Library (or with a work based on the Library) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may opt to apply the terms of the ordinary GNU General Public -License instead of this License to a given copy of the Library. To do -this, you must alter all the notices that refer to this License, so -that they refer to the ordinary GNU General Public License, version 2, -instead of to this License. (If a newer version than version 2 of the -ordinary GNU General Public License has appeared, then you can specify -that version instead if you wish.) Do not make any other change in -these notices. - - Once this change is made in a given copy, it is irreversible for -that copy, so the ordinary GNU General Public License applies to all -subsequent copies and derivative works made from that copy. - - This option is useful when you wish to copy part of the code of -the Library into a program that is not a library. - - 4. You may copy and distribute the Library (or a portion or -derivative of it, under Section 2) in object code or executable form -under the terms of Sections 1 and 2 above provided that you accompany -it with the complete corresponding machine-readable source code, which -must be distributed under the terms of Sections 1 and 2 above on a -medium customarily used for software interchange. - - If distribution of object code is made by offering access to copy -from a designated place, then offering equivalent access to copy the -source code from the same place satisfies the requirement to -distribute the source code, even though third parties are not -compelled to copy the source along with the object code. - - 5. A program that contains no derivative of any portion of the -Library, but is designed to work with the Library by being compiled or -linked with it, is called a "work that uses the Library". Such a -work, in isolation, is not a derivative work of the Library, and -therefore falls outside the scope of this License. - - However, linking a "work that uses the Library" with the Library -creates an executable that is a derivative of the Library (because it -contains portions of the Library), rather than a "work that uses the -library". The executable is therefore covered by this License. -Section 6 states terms for distribution of such executables. - - When a "work that uses the Library" uses material from a header file -that is part of the Library, the object code for the work may be a -derivative work of the Library even though the source code is not. -Whether this is true is especially significant if the work can be -linked without the Library, or if the work is itself a library. The -threshold for this to be true is not precisely defined by law. - - If such an object file uses only numerical parameters, data -structure layouts and accessors, and small macros and small inline -functions (ten lines or less in length), then the use of the object -file is unrestricted, regardless of whether it is legally a derivative -work. (Executables containing this object code plus portions of the -Library will still fall under Section 6.) - - Otherwise, if the work is a derivative of the Library, you may -distribute the object code for the work under the terms of Section 6. -Any executables containing that work also fall under Section 6, -whether or not they are linked directly with the Library itself. - - 6. As an exception to the Sections above, you may also combine or -link a "work that uses the Library" with the Library to produce a -work containing portions of the Library, and distribute that work -under terms of your choice, provided that the terms permit -modification of the work for the customer's own use and reverse -engineering for debugging such modifications. - - You must give prominent notice with each copy of the work that the -Library is used in it and that the Library and its use are covered by -this License. You must supply a copy of this License. If the work -during execution displays copyright notices, you must include the -copyright notice for the Library among them, as well as a reference -directing the user to the copy of this License. Also, you must do one -of these things: - - a) Accompany the work with the complete corresponding - machine-readable source code for the Library including whatever - changes were used in the work (which must be distributed under - Sections 1 and 2 above); and, if the work is an executable linked - with the Library, with the complete machine-readable "work that - uses the Library", as object code and/or source code, so that the - user can modify the Library and then relink to produce a modified - executable containing the modified Library. (It is understood - that the user who changes the contents of definitions files in the - Library will not necessarily be able to recompile the application - to use the modified definitions.) - - b) Use a suitable shared library mechanism for linking with the - Library. A suitable mechanism is one that (1) uses at run time a - copy of the library already present on the user's computer system, - rather than copying library functions into the executable, and (2) - will operate properly with a modified version of the library, if - the user installs one, as long as the modified version is - interface-compatible with the version that the work was made with. - - c) Accompany the work with a written offer, valid for at - least three years, to give the same user the materials - specified in Subsection 6a, above, for a charge no more - than the cost of performing this distribution. - - d) If distribution of the work is made by offering access to copy - from a designated place, offer equivalent access to copy the above - specified materials from the same place. - - e) Verify that the user has already received a copy of these - materials or that you have already sent this user a copy. - - For an executable, the required form of the "work that uses the -Library" must include any data and utility programs needed for -reproducing the executable from it. However, as a special exception, -the materials to be distributed need not include anything that is -normally distributed (in either source or binary form) with the major -components (compiler, kernel, and so on) of the operating system on -which the executable runs, unless that component itself accompanies -the executable. - - It may happen that this requirement contradicts the license -restrictions of other proprietary libraries that do not normally -accompany the operating system. Such a contradiction means you cannot -use both them and the Library together in an executable that you -distribute. - - 7. You may place library facilities that are a work based on the -Library side-by-side in a single library together with other library -facilities not covered by this License, and distribute such a combined -library, provided that the separate distribution of the work based on -the Library and of the other library facilities is otherwise -permitted, and provided that you do these two things: - - a) Accompany the combined library with a copy of the same work - based on the Library, uncombined with any other library - facilities. This must be distributed under the terms of the - Sections above. - - b) Give prominent notice with the combined library of the fact - that part of it is a work based on the Library, and explaining - where to find the accompanying uncombined form of the same work. - - 8. You may not copy, modify, sublicense, link with, or distribute -the Library except as expressly provided under this License. Any -attempt otherwise to copy, modify, sublicense, link with, or -distribute the Library is void, and will automatically terminate your -rights under this License. However, parties who have received copies, -or rights, from you under this License will not have their licenses -terminated so long as such parties remain in full compliance. - - 9. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Library or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Library (or any work based on the -Library), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Library or works based on it. - - 10. Each time you redistribute the Library (or any work based on the -Library), the recipient automatically receives a license from the -original licensor to copy, distribute, link with or modify the Library -subject to these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties with -this License. - - 11. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Library at all. For example, if a patent -license would not permit royalty-free redistribution of the Library by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Library. - -If any portion of this section is held invalid or unenforceable under any -particular circumstance, the balance of the section is intended to apply, -and the section as a whole is intended to apply in other circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 12. If the distribution and/or use of the Library is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Library under this License may add -an explicit geographical distribution limitation excluding those countries, -so that distribution is permitted only in or among countries not thus -excluded. In such case, this License incorporates the limitation as if -written in the body of this License. - - 13. The Free Software Foundation may publish revised and/or new -versions of the Lesser General Public License from time to time. -Such new versions will be similar in spirit to the present version, -but may differ in detail to address new problems or concerns. - -Each version is given a distinguishing version number. If the Library -specifies a version number of this License which applies to it and -"any later version", you have the option of following the terms and -conditions either of that version or of any later version published by -the Free Software Foundation. If the Library does not specify a -license version number, you may choose any version ever published by -the Free Software Foundation. - - 14. If you wish to incorporate parts of the Library into other free -programs whose distribution conditions are incompatible with these, -write to the author to ask for permission. For software which is -copyrighted by the Free Software Foundation, write to the Free -Software Foundation; we sometimes make exceptions for this. Our -decision will be guided by the two goals of preserving the free status -of all derivatives of our free software and of promoting the sharing -and reuse of software generally. - - NO WARRANTY - - 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO -WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. -EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR -OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY -KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE -LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME -THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN -WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY -AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU -FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR -CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE -LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING -RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A -FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF -SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH -DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Libraries - - If you develop a new library, and you want it to be of the greatest -possible use to the public, we recommend making it free software that -everyone can redistribute and change. You can do so by permitting -redistribution under these terms (or, alternatively, under the terms of the -ordinary General Public License). - - To apply these terms, attach the following notices to the library. It is -safest to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least the -"copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - -Also add information on how to contact you by electronic and paper mail. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the library, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the - library `Frob' (a library for tweaking knobs) written by James Random Hacker. - - , 1 April 1990 - Ty Coon, President of Vice - -That's all there is to it! diff --git a/xenserver/README.rst b/xenserver/README.rst deleted file mode 100644 index 8aa7cab7d..000000000 --- a/xenserver/README.rst +++ /dev/null @@ -1,175 +0,0 @@ -.. - Copyright (C) 2009, 2010, 2011 Nicira, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - - Convention for heading levels in OVN documentation: - - ======= Heading 0 (reserved for the title in a document) - ------- Heading 1 - ~~~~~~~ Heading 2 - +++++++ Heading 3 - ''''''' Heading 4 - - Avoid deeper levels because they do not render well. - -================ -XenServer README -================ - -This directory contains files for seamless integration of Open vSwitch on -Citrix XenServer hosts managed by the Citrix management tools. - -Files in this directory are licensed on a file-by-file basis. Refer to each -file for details. - -Most of the files in this directory are installed on a XenServer system under -the same name; underscores are replaced by slashes. The files are: - -etc_init.d_openvswitch - Initializes Open vSwitch at boot and shuts it down at shutdown. - -etc_init.d_openvswitch-xapi-update - Init script to ensure openvswitch-cfg-update is called for the current host - at boot. - -etc_logrotate.d_openvswitch - Ensures that logs in /var/log/openvswitch are rotated periodically and that - appropriate daemons reopen their log files at that point. - -etc_profile.d_openvswitch.sh - Open vSwitch-related shell functions for the administrator's convenience. - -etc_xapi.d_plugins_openvswitch-cfg-update - xapi plugin script to update the cache of configuration items in the - ovs-vswitchd configuration that are managed in the xapi database when - integrated with Citrix management tools. - -etc_xensource_scripts_vif - Open vSwitch-aware replacement for Citrix script of the same name. - -openvswitch-xen.spec - spec file for building RPMs to install on a XenServer host. - -opt_xensource_libexec_interface-reconfigure - Open vSwitch-aware replacements for Citrix script of the same names. - -opt_xensource_libexec_InterfaceReconfigureBridge.py - See above. - -opt_xensource_libexec_InterfaceReconfigure.py - See above. - -opt_xensource_libexec_InterfaceReconfigureVswitch.py - See above. - -usr_lib_xsconsole_plugins-base_XSFeatureVSwitch.py - xsconsole plugin to configure the pool-wide configuration keys used to - control Open vSwitch when integrated with Citrix management tools. - -usr_share_openvswitch_scripts_ovs-xapi-sync - Daemon to monitor the external_ids columns of the Bridge and Interface OVSDB - tables for changes that require interrogating XAPI. - -usr_share_openvswitch_scripts_sysconfig.template - Template for Open vSwitch's /etc/sysconfig/openvswitch configuration file. - -Open vSwitch installs a number of xen-bugtool extensions in -``/etc/xensource/bugtool`` to gather additional information useful for -debugging. The sources for the extensions are in -``../utilities/bugtool/plugins``: - -kernel-info/openvswitch.xml - Collect kernel information relevant to Open vSwitch, such as slabinfo. - -network-status/openvswitch.xml - Collect networking information relevant to Open vSwitch. Runs the following - scripts, which are described below: - - * ovs-bugtool-bfd-show - * ovs-bugtool-cfm-show - * ovs-bugtool-fdb-show - * ovs-bugtool-lacp-show - * ovs-bugtool-list-dbs - * ovs-bugtool-ovsdb-dump - * ovs-bugtool-tc-class-show - * ovs-bugtool-bond-show - * ovs-bugtool-ovs-ofctl-show - * ovs-bugtool-ovs-ofctl-dump-flows - * ovs-bugtool-ovs-appctl-dpif - * ovs-bugtool-coverage-show - * ovs-bugtool-memory-show - * ovs-bugtool-vsctl-show - * ovs-bugtool-conntrack-dump - -system-configuration/openvswitch.xml - Collect system configuration information relevant to Open vSwitch, including - timezone. Runs the following script which is described below: - - * ovs-bugtool-daemons-ver - -system-configuration.xml - Collect system configuration data. This category is configured to collect up - to 1Mb of data, take up to 60 seconds to collect data, run every time and is - hidden from display in XenCenter. - -A number of scripts are installed in ``/usr/share/openvswitch/scripts`` to -assist Open vSwitch's xen-bugtool extensions. The sources for the scripts are -located in ``../utilities/bugtool``: - -ovs-bugtool-bfd-show - Script to dump detailed BFD information for all enabled interfaces. - -ovs-bugtool-cfm-show - Script to dump detailed CFM information for all enabled interfaces. - -ovs-bugtool-fdb-show - Script to collect a summary of learned MACs for each bridge. - -ovs-bugtool-lacp-show - Script to dump detailed LACP information for all enabled ports. - -ovs-bugtool-list-dbs - Script to list the databases controlled by ovsdb-server. - -ovs-bugtool-ovsdb-dump - Script to dump contents of Open vSwitch configuration database in - comma-separated value format. - -ovs-bugtool-tc-class-show - Script to dump tc class configuration for all network interfaces. - -ovs-bugtool-ovs-ofctl-show - Script to dump information about flow tables and ports of each bridge. - -ovs-bugtool-ovs-ofctl-dump-flows - Script to dump openflow flows of each bridge. - -ovs-bugtool-ovs-appctl-dpif - Script to collect a summary of configured datapaths and datapath flows. - -ovs-bugtool-coverage-show - Script to count the number of times particular events occur during - ovs-vswitchd's runtime. - -ovs-bugtool-memory-show - Script to show some basic statistics about ovs-vswitchd's memory usage. - -ovs-bugtool-vsctl-show - Script to show a brief overview of the database contents. - -ovs-bugtool-conntrack-dump - Script to show all the connection entries in the tracker. - -ovs-bugtool-daemons-ver - Script to dump version information for all Open vSwitch daemons. diff --git a/xenserver/automake.mk b/xenserver/automake.mk deleted file mode 100644 index ead0f4a7c..000000000 --- a/xenserver/automake.mk +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright (C) 2009, 2010, 2011, 2012, 2014 Nicira, Inc. -# -# Copying and distribution of this file, with or without modification, -# are permitted in any medium without royalty provided the copyright -# notice and this notice are preserved. This file is offered as-is, -# without warranty of any kind. - -EXTRA_DIST += \ - xenserver/GPLv2 \ - xenserver/LICENSE \ - xenserver/README.rst \ - xenserver/automake.mk \ - xenserver/etc_init.d_openvswitch \ - xenserver/etc_init.d_openvswitch-xapi-update \ - xenserver/etc_logrotate.d_openvswitch \ - xenserver/etc_profile.d_openvswitch.sh \ - xenserver/etc_xapi.d_plugins_openvswitch-cfg-update \ - xenserver/etc_xensource_scripts_vif \ - xenserver/openvswitch-xen.spec \ - xenserver/openvswitch-xen.spec.in \ - xenserver/opt_xensource_libexec_InterfaceReconfigure.py \ - xenserver/opt_xensource_libexec_InterfaceReconfigureBridge.py \ - xenserver/opt_xensource_libexec_InterfaceReconfigureVswitch.py \ - xenserver/opt_xensource_libexec_interface-reconfigure \ - xenserver/usr_lib_xsconsole_plugins-base_XSFeatureVSwitch.py \ - xenserver/usr_share_openvswitch_scripts_ovs-xapi-sync \ - xenserver/usr_share_openvswitch_scripts_sysconfig.template - -FLAKE8_PYFILES += \ - xenserver/usr_share_openvswitch_scripts_ovs-xapi-sync - -$(srcdir)/xenserver/openvswitch-xen.spec: xenserver/openvswitch-xen.spec.in $(top_builddir)/config.status - $(AM_V_GEN)($(ro_shell) && sed -e 's,[@]VERSION[@],$(VERSION),g') \ - < $(srcdir)/xenserver/$(@F).in > $(@F).tmp || exit 1; \ - if cmp -s $(@F).tmp $@; then touch $@; rm $(@F).tmp; else mv $(@F).tmp $@; fi diff --git a/xenserver/etc_init.d_openvswitch b/xenserver/etc_init.d_openvswitch deleted file mode 100755 index 7d2103fa2..000000000 --- a/xenserver/etc_init.d_openvswitch +++ /dev/null @@ -1,154 +0,0 @@ -#!/bin/sh -# -# openvswitch -# -# chkconfig: 2345 09 91 -# description: Manage Open vSwitch kernel modules and user-space daemons - -# Copyright (C) 2009, 2010, 2011 Nicira, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -### BEGIN INIT INFO -# Provides: openvswitch-switch -# Required-Start: -# Required-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Open vSwitch switch -### END INIT INFO - -. /usr/share/openvswitch/scripts/ovs-lib || exit 1 -. /etc/xensource-inventory -test -e /etc/sysconfig/openvswitch && . /etc/sysconfig/openvswitch - -case `cat /etc/xensource/network.conf` in - vswitch|openvswitch) - ;; - bridge) - exit 0 - ;; - *) - echo "Open vSwitch disabled (/etc/xensource/network.conf is invalid)" >&2 - exit 0 - ;; -esac - -start_ovs_xapi_sync () { - if daemon_is_running ovs-xapi-sync; then - log_success_msg "ovs-xapi-sync is already running" - else - PYTHONPATH=/usr/share/openvswitch/python \ - /usr/share/openvswitch/scripts/ovs-xapi-sync \ - --log-file --pidfile --detach --monitor unix:/var/run/openvswitch/db.sock - fi -} - -start () { - set ovs_ctl ${1-start} - set "$@" --system-id="$INSTALLATION_UUID" - set "$@" --system-type="$PRODUCT_BRAND" - set "$@" --system-version="$PRODUCT_VERSION-$BUILD_NUMBER" - set "$@" --external-id=xs-system-uuid="$INSTALLATION_UUID" - set "$@" --daemon-cwd=/var/xen/openvswitch - if test X"$FORCE_COREFILES" != X; then - set "$@" --force-corefiles="$FORCE_COREFILES" - fi - if test X"$OVSDB_SERVER_PRIORITY" != X; then - set "$@" --ovsdb-server-priority="$OVSDB_SERVER_PRIORITY" - fi - if test X"$VSWITCHD_PRIORITY" != X; then - set "$@" --ovs-vswitchd-priority="$VSWITCHD_PRIORITY" - fi - if test X"$VSWITCHD_MLOCKALL" != X; then - set "$@" --mlockall="$VSWITCHD_MLOCKALL" - fi - if test ! -e /var/run/openvswitch.booted; then - touch /var/run/openvswitch.booted - set "$@" --delete-bridges - fi - set "$@" $OVS_CTL_OPTS - "$@" - - start_ovs_xapi_sync - - ovs_ctl --protocol=gre enable-protocol - - touch /var/lock/subsys/openvswitch -} - -force_reload_kmod () { - start force-reload-kmod - - # Restart the high-availability daemon if it is running. Otherwise - # it loses its heartbeat and reboots the system after a few minutes. - if pidof xhad >/dev/null && test -e /etc/xensource/xhad.conf; then - PATH=$PATH:/opt/xensource/xha - action "Stopping HA daemon" ha_stop_daemon - action "Starting HA daemon" ha_start_daemon - fi - - action "Stopping ovs-xapi-sync" stop_daemon ovs-xapi-sync - action "Starting ovs-xapi-sync" start_ovs_xapi_sync -} - -stop () { - ovs_ctl stop - stop_daemon ovs-xapi-sync - rm -f /var/lock/subsys/openvswitch -} - -restart () { - if [ "$1" = "--save-flows=yes" ]; then - stop_daemon ovs-xapi-sync - start restart - else - stop - start - fi -} - -case $1 in - start) - start - ;; - stop) - stop - ;; - restart) - shift - restart "$@" - ;; - reload|force-reload) - # The main OVS daemons keep up-to-date, but ovs-xapi-sync needs help. - if daemon_is_running ovs-xapi-sync; then - action "Configuring Open vSwitch external IDs" \ - ovs-appctl -t ovs-xapi-sync flush-cache - fi - ;; - status) - ovs_ctl status && daemon_status ovs-xapi-sync - ;; - version) - ovs_ctl version - ;; - force-reload-kmod) - force_reload_kmod - ;; - help) - printf "openvswitch [start|stop|restart|reload|force-reload|status|version]\n" - ;; - *) - printf "Unknown command: $1\n" - exit 1 - ;; -esac diff --git a/xenserver/etc_init.d_openvswitch-xapi-update b/xenserver/etc_init.d_openvswitch-xapi-update deleted file mode 100755 index 12a9db2a1..000000000 --- a/xenserver/etc_init.d_openvswitch-xapi-update +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash -# -# openvswitch-xapi-update -# -# chkconfig: 2345 95 01 -# description: Update Open vSwitch configuration from XAPI database at boot - -# Copyright (C) 2009, 2010 Nicira, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -### BEGIN INIT INFO -# Provides: openvswitch-xapi-update -# Required-Start: $network $remote_fs -# Required-Stop: $network -# Default-Start: 3 5 -# Default-Stop: -# Short-Description: openvswitch-xapi-update -# Description: reconfigures Open vSwitch based on XAPI configuration -### END INIT INFO - -. /etc/init.d/functions - -function do_host_call { - xe host-call-plugin host-uuid="$INSTALLATION_UUID" plugin="openvswitch-cfg-update" fn="update" >/dev/null -} - -function start { - if [ ! -f /etc/xensource-inventory ]; then - printf "openvswitch-xapi-update ERROR: XenSource inventory not present in /etc/xensource-inventory\n" - exit 1 - fi - - if test -e /etc/xensource/network.conf; then - NETWORK_MODE=$(cat /etc/xensource/network.conf) - fi - - case ${NETWORK_MODE:=openvswitch} in - vswitch|openvswitch) - ;; - bridge) - exit 0 - ;; - *) - echo "Open vSwitch disabled (/etc/xensource/network.conf is invalid)" >&2 - exit 0 - ;; - esac - - source /etc/xensource-inventory - action "Updating configuration" do_host_call -} - -case "$1" in - start) - start - ;; - stop) - # Nothing to do here. - ;; - restart) - start - ;; - help) - printf "openvswitch-xapi-update [start|stop|restart]\n" - ;; - *) - printf "Unknown command: $1\n" - exit 1 - ;; -esac diff --git a/xenserver/etc_logrotate.d_openvswitch b/xenserver/etc_logrotate.d_openvswitch deleted file mode 100644 index cd7b3a9d5..000000000 --- a/xenserver/etc_logrotate.d_openvswitch +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (C) 2009, 2010, 2011, 2012, 2017 Nicira, Inc. -# -# Copying and distribution of this file, with or without modification, -# are permitted in any medium without royalty provided the copyright -# notice and this notice are preserved. This file is offered as-is, -# without warranty of any kind. - -/var/log/openvswitch/*.log { - daily - compress - sharedscripts - missingok - postrotate - # Tell Open vSwitch daemons to reopen their log files - if [ -d /var/run/openvswitch ]; then - for pidfile in `cd /var/run/openvswitch && echo *.pid`; do - ovs-appctl -t "${pidfile%%.pid}" vlog/reopen 2>/dev/null || : - done - fi - endscript -} diff --git a/xenserver/etc_profile.d_openvswitch.sh b/xenserver/etc_profile.d_openvswitch.sh deleted file mode 100644 index 63b254359..000000000 --- a/xenserver/etc_profile.d_openvswitch.sh +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright (C) 2009, 2010, 2011 Nicira, Inc. -# -# Copying and distribution of this file, with or without modification, -# are permitted in any medium without royalty provided the copyright -# notice and this notice are preserved. This file is offered as-is, -# without warranty of any kind. - -alias vswitch='service openvswitch' -alias openvswitch='service openvswitch' - -function watchdp { - watch ovs-dpctl show "$@" -} - -function watchdpflows { - local grep="" - local dp=$1 - shift - if [ $# -gt 0 ]; then - grep="| grep $@" - fi - watch "ovs-dpctl dump-flows $dp $grep" -} - -function watchflows { - local grep="" - local dp=$1 - shift - bridge=$(ovs-dpctl show $dp | grep 'port 0:' | cut -d' ' -f 3) - if [ $# -gt 0 ]; then - grep="| grep $@" - fi - watch "ovs-ofctl dump-flows unix:/var/run/$bridge.mgmt $grep" -} - -function monitorlogs { - local grep="" - if [ $# -gt 0 ]; then - grep="| grep --line-buffered '^==> .* <==$" - for i in "$@"; do - grep="$grep\|$i" - done - grep="$grep'" - fi - cmd="tail -F /var/log/messages /var/log/openvswitch/ovs-vswitchd.log /var/log/openvswitch/ovsdb-server /var/log/xensource.log $grep | tee /var/log/monitorlogs.out" - printf "cmd: $cmd\n" - eval "$cmd" -} diff --git a/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update b/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update deleted file mode 100755 index e7404e3b0..000000000 --- a/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update +++ /dev/null @@ -1,269 +0,0 @@ -#!/usr/bin/env python -# -# xapi plugin script to update the cache of configuration items in the -# ovs-vswitchd configuration that are managed in the xapi database when -# integrated with Citrix management tools. - -# Copyright (C) 2009, 2010, 2011, 2012, 2013 Nicira, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# TBD: - error handling needs to be improved. Currently this can leave -# TBD: the system in a bad state if anything goes wrong. - -import XenAPIPlugin -import os -import subprocess -import syslog -import re - -vsctl = '/usr/bin/ovs-vsctl' -ofctl = '/usr/bin/ovs-ofctl' -cacert_filename = '/etc/openvswitch/vswitchd.cacert' -ovsdb_port = '6640' - - -# Delete the CA certificate, so that we go back to boot-strapping mode -def delete_cacert(): - try: - os.remove(cacert_filename) - except OSError: - # Ignore error if file doesn't exist - pass - - -def update(session, args): - # Refresh bridge network UUIDs in case this host joined or left a pool. - script = '/opt/xensource/libexec/interface-reconfigure' - try: - retval = subprocess.call([script, 'rewrite']) - if retval != 0: - syslog.syslog('%s exited with status %d' % (script, retval)) - except OSError, e: - syslog.syslog('%s: failed to execute (%s)' % (script, e.strerror)) - - pools = session.xenapi.pool.get_all() - # We assume there is only ever one pool... - if len(pools) == 0: - raise XenAPIPlugin.Failure('NO_POOL_FOR_HOST', []) - if len(pools) > 1: - raise XenAPIPlugin.Failure('MORE_THAN_ONE_POOL_FOR_HOST', []) - new_controller = False - pool = session.xenapi.pool.get_record(pools[0]) - controller = pool.get('vswitch_controller') - ret_str = '' - currentControllers = vswitchCurrentControllers() - - if not controller and currentControllers: - delete_cacert() - try: - emergency_reset(session, None) - except: - pass - removeControllerCfg() - ret_str += 'Successfully removed controller config. ' - # controller cannot be empty, otherwise, this will always be True. - elif controller and controller not in currentControllers: - delete_cacert() - try: - emergency_reset(session, None) - except: - pass - setControllerCfg(controller) - new_controller = True - ret_str += 'Successfully set controller to %s. ' % controller - - try: - pool_fail_mode = pool['other_config']['vswitch-controller-fail-mode'] - except KeyError, e: - pool_fail_mode = None - - bton = {} - - for rec in session.xenapi.network.get_all_records().values(): - try: - bton[rec['bridge']] = rec - except KeyError: - pass - - # If new controller, get management MAC addresses from XAPI now - # in case fail_mode set to secure which may affect XAPI access - mgmt_bridge = None - host_mgmt_mac = None - host_mgmt_device = None - pool_mgmt_macs = {} - if new_controller: - query = 'field "management"="true"' - recs = session.xenapi.PIF.get_all_records_where(query) - for rec in recs.itervalues(): - pool_mgmt_macs[rec.get('MAC')] = rec.get('device') - - dib_changed = False - fail_mode_changed = False - for bridge in vswitchCfgQuery(['list-br']).split(): - network = bton[bridge] - bridge = vswitchCfgQuery(['br-to-parent', bridge]) - - xapi_dib = network['other_config'].get('vswitch-disable-in-band') - if not xapi_dib: - xapi_dib = '' - - ovs_dib = vswitchCfgQuery(['--', '--if-exists', 'get', 'Bridge', - bridge, - 'other_config:disable-in-band']).strip('"') - - # Do nothing if setting is invalid, and warn the user. - if xapi_dib not in ['true', 'false', '']: - ret_str += '"' + xapi_dib + '"' + \ - ' is an invalid value for vswitch-disable-in-band on ' + \ - bridge + ' ' - - # Change bridge disable-in-band option if XAPI and OVS states differ. - elif xapi_dib != ovs_dib: - # 'true' or 'false' - if xapi_dib: - vswitchCfgMod(['--', 'set', 'Bridge', bridge, - 'other_config:disable-in-band=' + xapi_dib]) - # '' or None - else: - vswitchCfgMod(['--', 'remove', 'Bridge', bridge, - 'other_config', 'disable-in-band']) - dib_changed = True - - # Change bridge fail_mode if XAPI state differs from OVS state. - bridge_fail_mode = vswitchCfgQuery(['get', 'Bridge', - bridge, 'fail_mode']).strip('[]"') - - try: - other_config = bton[bridge]['other_config'] - fail_mode = other_config['vswitch-controller-fail-mode'] - except KeyError, e: - fail_mode = None - - if fail_mode not in ['secure', 'standalone']: - fail_mode = pool_fail_mode - - if fail_mode != 'secure': - fail_mode = 'standalone' - - if bridge_fail_mode != fail_mode: - vswitchCfgMod(['--', 'set', 'Bridge', bridge, - 'fail_mode=%s' % fail_mode]) - fail_mode_changed = True - - # Determine local mgmt MAC address if host being added to secure - # pool so we can add default flows to allow management traffic - if new_controller and fail_mode_changed and pool_fail_mode == 'secure': - oc = vswitchCfgQuery(['get', 'Bridge', bridge, 'other-config']) - m = re.match('.*hwaddr="([0-9a-fA-F:].*)".*', oc) - if m and m.group(1) in pool_mgmt_macs.keys(): - mgmt_bridge = bridge - host_mgmt_mac = m.group(1) - host_mgmt_device = pool_mgmt_macs[host_mgmt_mac] - - if (host_mgmt_mac is not None and mgmt_bridge is not None and - host_mgmt_device is not None): - tp = 'idle_timeout=0,priority=0' - port = vswitchCfgQuery(['get', 'interface', host_mgmt_device, - 'ofport']) - - addFlow(mgmt_bridge, '%s,in_port=%s,arp,nw_proto=1,actions=local' % - (tp, port)) - addFlow(mgmt_bridge, '%s,in_port=local,arp,dl_src=%s,actions=%s' % - (tp, host_mgmt_mac, port)) - addFlow(mgmt_bridge, '%s,in_port=%s,dl_dst=%s,actions=local' % - (tp, port, host_mgmt_mac)) - addFlow(mgmt_bridge, '%s,in_port=local,dl_src=%s,actions=%s' % - (tp, host_mgmt_mac, port)) - - if dib_changed: - ret_str += 'Updated in-band management. ' - if fail_mode_changed: - ret_str += 'Updated fail_mode. ' - - if ret_str != '': - return ret_str - else: - return 'No change to configuration' - - -def vswitchCurrentControllers(): - controllers = vswitchCfgQuery(['get-manager']) - - def parse_controller(controller): - if controller.startswith('ssl:'): - return controller.split(':')[1] - - return controller.split(':')[0] - - return [parse_controller(controller) - for controller in controllers.split('\n') - if controller] - - -def removeControllerCfg(): - vswitchCfgMod(['--', 'del-manager', - '--', 'del-ssl']) - - -def setControllerCfg(controller): - # /etc/xensource/xapi-ssl.pem is mentioned twice below because it - # contains both the private key and the certificate. - vswitchCfgMod(['--', 'del-manager', - '--', 'del-ssl', - '--', '--bootstrap', 'set-ssl', - '/etc/xensource/xapi-ssl.pem', - '/etc/xensource/xapi-ssl.pem', - cacert_filename, - '--', 'set-manager', 'ssl:' + controller + ':' + ovsdb_port]) - - -def vswitchCfgQuery(action_args): - cmd = [vsctl, '-vconsole:off'] + action_args - output = subprocess.Popen(cmd, stdout=subprocess.PIPE).communicate() - if len(output) == 0 or output[0] is None: - output = '' - else: - output = output[0].strip() - return output - - -def vswitchCfgMod(action_args): - cmd = [vsctl, '--timeout=5', '-vconsole:off'] + action_args - exitcode = subprocess.call(cmd) - if exitcode != 0: - raise XenAPIPlugin.Failure('VSWITCH_CONFIG_MOD_FAILURE', - [str(exitcode), str(action_args)]) - - -def emergency_reset(session, args): - cmd = [vsctl, '--timeout=5', 'emer-reset'] - exitcode = subprocess.call(cmd) - if exitcode != 0: - raise XenAPIPlugin.Failure('VSWITCH_EMER_RESET_FAILURE', - [str(exitcode)]) - - return 'Successfully reset configuration' - - -def addFlow(switch, flow): - cmd = [ofctl, 'add-flow', switch, flow] - exitcode = subprocess.call(cmd) - if exitcode != 0: - raise XenAPIPlugin.Failure('VSWITCH_ADD_FLOW_FAILURE', - [str(exitcode), str(switch), str(flow)]) - - -if __name__ == '__main__': - XenAPIPlugin.dispatch({'update': update, - 'emergency_reset': emergency_reset}) diff --git a/xenserver/etc_xensource_scripts_vif b/xenserver/etc_xensource_scripts_vif deleted file mode 100755 index 78434fb6c..000000000 --- a/xenserver/etc_xensource_scripts_vif +++ /dev/null @@ -1,265 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2008,2009 Citrix Systems, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as published -# by the Free Software Foundation; version 2.1 only. with the special -# exception on linking described in file LICENSE. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. - -# CA-23900: Warning: when VIFs are added to windows guests with PV drivers the backend vif device is registered, -# unregistered and then registered again. This causes the udev event to fire twice and this script runs twice. -# Since the first invocation of the script races with the device unregistration, spurious errors are possible -# which will be logged but are safe to ignore since the second script invocation should complete the operation. -# Note that each script invocation is run synchronously from udev and so the scripts don't race with each other. - -# Keep other-config/ keys in sync with device.ml:vif_udev_keys - -BRCTL="/usr/sbin/brctl" -IP="/sbin/ip" - -vsctl="/usr/bin/ovs-vsctl" - -handle_promiscuous() -{ - local arg=$(xenstore-read "${PRIVATE}/other-config/promiscuous" 2>/dev/null) - if [ $? -eq 0 -a -n "${arg}" ] ; then - case $NETWORK_MODE in - bridge) - case "${arg}" in - true|on) echo 1 > /sys/class/net/${dev}/brport/promisc ;; - *) echo 0 > /sys/class/net/${dev}/brport/promisc ;; - esac - ;; - openvswitch) - logger -t script-vif "${dev}: Promiscuous ports are not supported via Open vSwitch." - ;; - esac - fi -} - -handle_ethtool() -{ - local opt=$1 - local arg=$(xenstore-read "${PRIVATE}/other-config/ethtool-${opt}" 2>/dev/null) - if [ $? -eq 0 -a -n "${arg}" ] ; then - case "${arg}" in - true|on) /sbin/ethtool -K "${dev}" "${opt}" on ;; - false|off) /sbin/ethtool -K "${dev}" "${opt}" off ;; - *) logger -t scripts-vif "Unknown ethtool argument ${opt}=${arg} on ${dev}/${VIFUUID}" ;; - esac - fi -} - -handle_mtu() -{ - local mtu=$(xenstore-read "${PRIVATE}/MTU" 2>/dev/null) - if [ $? -eq 0 -a -n "${mtu}" ]; then - logger -t scripts-vif "Setting ${dev} MTU ${mtu}" - ${IP} link set "${dev}" mtu ${mtu} || logger -t scripts-vif "Failed to ip link set ${dev} mtu ${mtu}. Error code $?" - fi -} - -set_vif_external_id() -{ - local key=$1 - local value=$2 - - logger -t scripts-vif "vif${DOMID}.${DEVID} external-ids:\"${key}\"=\"${value}\"" - - echo "-- set interface vif${DOMID}.${DEVID} external-ids:\"${key}\"=\"${value}\"" -} - -handle_vswitch_vif_details() -{ - local vm=$(xenstore-read "/local/domain/$DOMID/vm" 2>/dev/null) - if [ $? -eq 0 -a -n "${vm}" ] ; then - local vm_uuid=$(xenstore-read "$vm/uuid" 2>/dev/null) - fi - if [ -n "${vm_uuid}" ] ; then - set_vif_external_id "xs-vm-uuid" "${vm_uuid}" - fi - - local vif_uuid=$(xenstore-read "${PRIVATE}/vif-uuid" 2>/dev/null) - if [ -n "${vif_uuid}" ] ; then - set_vif_external_id "xs-vif-uuid" "${vif_uuid}" - fi - - local vif_details= - local net_uuid=$(xenstore-read "${PRIVATE}/network-uuid" 2>/dev/null) - if [ -n "${net_uuid}" ] ; then - set_vif_external_id "xs-network-uuid" "${net_uuid}" - fi - local address=$(xenstore-read "/local/domain/$DOMID/device/vif/$DEVID/mac" 2>/dev/null) - if [ -n "${address}" ] ; then - set_vif_external_id "attached-mac" "${address}" - fi -} - -add_to_bridge() -{ - local address=$(xenstore-read "${PRIVATE}/bridge-MAC") - if [ $? -ne 0 -o -z "${address}" ]; then - logger -t scripts-vif "Failed to read ${PRIVATE}/bridge-MAC from xenstore" - exit 1 - fi - local bridge=$(xenstore-read "${PRIVATE}/bridge") - if [ $? -ne 0 -o -z "${bridge}" ]; then - logger -t scripts-vif "Failed to read ${PRIVATE}/bridge from xenstore" - exit 1 - fi - logger -t scripts-vif "Adding ${dev} to ${bridge} with address ${address}" - - ${IP} link set "${dev}" down || logger -t scripts-vif "Failed to ip link set ${dev} down" - ${IP} link set "${dev}" arp off || logger -t scripts-vif "Failed to ip link set ${dev} arp off" - ${IP} link set "${dev}" multicast off || logger -t scripts-vif "Failed to ip link set ${dev} multicast off" - ${IP} link set "${dev}" address "${address}" || logger -t scripts-vif "Failed to ip link set ${dev} address ${address}" - ${IP} addr flush "${dev}" || logger -t scripts-vif "Failed to ip addr flush ${dev}" - - case $NETWORK_MODE in - bridge) - ${BRCTL} setfd "${bridge}" 0 || logger -t scripts-vif "Failed to brctl setfd ${bridge} 0" - ${BRCTL} addif "${bridge}" "${dev}" || logger -t scripts-vif "Failed to brctl addif ${bridge} ${dev}" - ;; - openvswitch) - if [ "$TYPE" = "vif" ] ; then - local vif_details=$(handle_vswitch_vif_details $bridge) - fi - - $vsctl --timeout=30 -- --if-exists del-port $dev -- add-port $bridge $dev $vif_details - ;; - esac - - ${IP} link set "${dev}" up || logger -t scripts-vif "Failed to ip link set ${dev} up" -} - -remove_from_bridge() -{ - case $NETWORK_MODE in - bridge) - # Nothing to do - ;; - openvswitch) - $vsctl --timeout=30 -- del-port $dev - ;; - esac -} - -call_hook_script() { - local domid=$1 - local action=$2 - # Call the VIF hotplug hook if present - if [ -x /etc/xapi.d/vif-hotplug ]; then - local vm=$(xenstore-read "/local/domain/$domid/vm" 2>/dev/null) - if [ $? -eq 0 -a -n "${vm}" ] ; then - local vm_uuid=$(xenstore-read "$vm/uuid" 2>/dev/null) - fi - if [ -n "${vm_uuid}" ] ; then - logger -t scripts-vif "VM UUID ${vm_uuid}" - fi - - local vif_uuid=$(xenstore-read "${PRIVATE}/vif-uuid" 2>/dev/null) - if [ -n "${vif_uuid}" ] ; then - logger -t scripts-vif "VIF UUID ${vif_uuid}" - fi - if [ -n "${vif_uuid}" -a -n "${vm_uuid}" ] ; then - logger -t scripts-vif "Calling VIF hotplug hook for VM ${vm_uuid}, VIF ${vif_uuid}" - /etc/xapi.d/vif-hotplug -action "${action}" -vifuuid "${vif_uuid}" -vmuuid "${vm_uuid}" - fi - fi -} - -NETWORK_MODE=$(cat /etc/xensource/network.conf) -ACTION=$1 - -# Older versions of XenServer do not pass in the type as an argument -if [[ $# -lt 2 ]]; then - TYPE=vif -else - TYPE=$2 -fi - -case $NETWORK_MODE in - bridge|openvswitch) ;; - vswitch) NETWORK_MODE=openvswitch ;; - *) - logger -t scripts-vif "Unknown network mode $NETWORK_MODE" - exit 1 - ;; -esac - -case ${TYPE} in - vif) - if [ -z ${XENBUS_PATH} ]; then - DOMID=$3 - DEVID=$4 - else - DOMID=`echo ${XENBUS_PATH} | cut -f 3 -d '/'` - DEVID=`echo ${XENBUS_PATH} | cut -f 4 -d '/'` - fi - dev=vif${DOMID}.${DEVID} - ;; - tap) - dev=$INTERFACE - DOMID=`echo ${dev#tap} | cut -f 1 -d '.'` - DEVID=`echo ${dev#tap} | cut -f 2 -d '.'` - ;; - *) - logger -t scripts-vif "unknown interface type ${TYPE}" - exit 1 - ;; -esac - -XAPI=/xapi/${DOMID}/hotplug/vif/${DEVID} -HOTPLUG=/xapi/${DOMID}/hotplug/vif/${DEVID} -PRIVATE=/xapi/${DOMID}/private/vif/${DEVID} - -logger -t scripts-vif "Called as \"$@\" domid:$DOMID devid:$DEVID mode:$NETWORK_MODE" -case "${ACTION}" in -online) - if [ "${TYPE}" = "vif" ] ; then - handle_ethtool rx - handle_ethtool tx - handle_ethtool sg - handle_ethtool tso - handle_ethtool ufo - handle_ethtool gso - - handle_mtu - add_to_bridge - handle_promiscuous - - xenstore-write "${HOTPLUG}/vif" "${dev}" - xenstore-write "${HOTPLUG}/hotplug" "online" - - # xs-xen.pq.hq:91e986b8e49f netback-wait-for-hotplug - xenstore-write "/local/domain/0/backend/vif/${DOMID}/${DEVID}/hotplug-status" "connected" - call_hook_script $DOMID "${ACTION}" - fi - ;; - -add) - if [ "${TYPE}" = "tap" ] ; then - add_to_bridge - fi - ;; - -remove) - if [ "${TYPE}" = "vif" ] ;then - xenstore-rm "${HOTPLUG}/hotplug" - call_hook_script $DOMID "${ACTION}" - fi - logger -t scripts-vif "${dev} has been removed" - remove_from_bridge - ;; - -move) - if [ "${TYPE}" = "vif" ] ;then - add_to_bridge - fi -esac diff --git a/xenserver/openvswitch-xen.spec.in b/xenserver/openvswitch-xen.spec.in deleted file mode 100644 index ba3580836..000000000 --- a/xenserver/openvswitch-xen.spec.in +++ /dev/null @@ -1,519 +0,0 @@ -# Spec file for Open vSwitch. - -# Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc. -# -# Copying and distribution of this file, with or without modification, -# are permitted in any medium without royalty provided the copyright -# notice and this notice are preserved. This file is offered as-is, -# without warranty of any kind. - -# For XenServer version < 6.5, when building, the rpmbuild command line -# should define openvswitch_version, kernel_name, kernel_version and -# kernel_flavor using -D arguments. -# for example: -# -# rpmbuild -D "openvswitch_version 1.1.0+build123" -# -D "kernel_name NAME-xen" -# -D "kernel_version 2.6.32.12-0.7.1.xs5.6.100.323.170596" -# -D "kernel_flavor xen" -# -bb /usr/src/redhat/SPECS/openvswitch-xen.spec -# -# For XenServer version >= 6.5, use kernel_uname which should be -# the `uname -r` output. -# for example: -# -# rpmbuild -D "openvswitch_version 2.3.0+build123" -# -D "kernel_uname 3.10.0+2" -# -bb /usr/src/redhat/SPECS/openvswitch-xen.spec -# -# If tests have to be skipped while building, specify the '--without check' -# option. For example: -# rpmbuild -bb --without check xenserver/openvswitch-xen.spec - -%if %{?openvswitch_version:0}%{!?openvswitch_version:1} -%define openvswitch_version @VERSION@ -%endif - -%if %{?kernel_uname:1}%{!?kernel_uname:0} -%define kernel_name kernel -%define kernel_version %{kernel_uname} -%endif - -%if %{?kernel_name:0}%{!?kernel_name:1} -%define kernel %(rpm -qa 'kernel*xen-devel' | head -1) -%define kernel_name %(rpm -q --queryformat "%%{Name}" %{kernel} | sed 's/-devel//' | sed 's/kernel-//') -%define kernel_version %(rpm -q --queryformat "%%{Version}-%%{Release}" %{kernel}) -%define kernel_flavor xen -%endif - -%if %{?xen_version:0}%{!?xen_version:1} -%define xen_version %{kernel_version}%{?kernel_flavor:%{kernel_flavor}} -%endif - -# bump this when breaking compatibility with userspace -%define module_abi_version 0 - -# build-supplemental-pack.sh requires this naming for kernel module packages -%define module_package modules%{?kernel_flavor:-%{kernel_flavor}}-%{kernel_version} - -%bcond_without check - -Name: openvswitch -Summary: Open vSwitch daemon/database/utilities -Group: System Environment/Daemons -URL: http://www.openvswitch.org/ -Vendor: Nicira, Inc. -Version: %{openvswitch_version} - -License: ASL 2.0 -Release: 1 -Source: openvswitch-%{openvswitch_version}.tar.gz -Buildroot: /tmp/openvswitch-xen-rpm -Requires: openvswitch.ko.%{module_abi_version} - -%description -Open vSwitch provides standard network bridging functions augmented with -support for the OpenFlow protocol for remote per-flow control of -traffic. - -%package %{module_package} -Summary: Open vSwitch kernel module -Group: System Environment/Kernel -License: GPLv2 -Provides: %{name}-modules%{?kernel_flavor:-%{kernel_flavor}} = %{kernel_version}, openvswitch.ko.%{module_abi_version} -%if %{?kernel_uname:0}%{!?kernel_uname:1} -Requires: kernel%{?kernel_flavor:-%{kernel_flavor}} = %{kernel_version} -%endif -%if %{?kernel_uname:1}%{!?kernel_uname:0} -Requires: kernel-uname-r = %{kernel_version} -%endif - -%description %{module_package} -Open vSwitch Linux kernel module compiled against kernel version -%{kernel_version}%{?kernel_flavor:%{kernel_flavor}}. - -%prep -%setup -q -n openvswitch-%{openvswitch_version} - -%build -./configure --prefix=/usr --sysconfdir=/etc --localstatedir=%{_localstatedir} --with-linux=/lib/modules/%{xen_version}/build --enable-ssl CFLAGS='-g -O2 -msse -msse2' -make %{_smp_mflags} - -%install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT -install -d -m 755 $RPM_BUILD_ROOT/etc -install -d -m 755 $RPM_BUILD_ROOT/etc/init.d -install -m 755 xenserver/etc_init.d_openvswitch \ - $RPM_BUILD_ROOT/etc/init.d/openvswitch -install -m 755 xenserver/etc_init.d_openvswitch-xapi-update \ - $RPM_BUILD_ROOT/etc/init.d/openvswitch-xapi-update -install -d -m 755 $RPM_BUILD_ROOT/etc/sysconfig -install -d -m 755 $RPM_BUILD_ROOT/etc/logrotate.d -install -m 755 xenserver/etc_logrotate.d_openvswitch \ - $RPM_BUILD_ROOT/etc/logrotate.d/openvswitch -install -d -m 755 $RPM_BUILD_ROOT/etc/profile.d -install -m 755 xenserver/etc_profile.d_openvswitch.sh \ - $RPM_BUILD_ROOT/etc/profile.d/openvswitch.sh -install -d -m 755 $RPM_BUILD_ROOT/etc/xapi.d/plugins -install -m 755 xenserver/etc_xapi.d_plugins_openvswitch-cfg-update \ - $RPM_BUILD_ROOT/etc/xapi.d/plugins/openvswitch-cfg-update -install -d -m 755 $RPM_BUILD_ROOT/usr/share/openvswitch/scripts -install -m 755 xenserver/opt_xensource_libexec_interface-reconfigure \ - $RPM_BUILD_ROOT/usr/share/openvswitch/scripts/interface-reconfigure -install -m 644 xenserver/opt_xensource_libexec_InterfaceReconfigure.py \ - $RPM_BUILD_ROOT/usr/share/openvswitch/scripts/InterfaceReconfigure.py -install -m 644 xenserver/opt_xensource_libexec_InterfaceReconfigureBridge.py \ - $RPM_BUILD_ROOT/usr/share/openvswitch/scripts/InterfaceReconfigureBridge.py -install -m 644 xenserver/opt_xensource_libexec_InterfaceReconfigureVswitch.py \ - $RPM_BUILD_ROOT/usr/share/openvswitch/scripts/InterfaceReconfigureVswitch.py -install -m 755 xenserver/etc_xensource_scripts_vif \ - $RPM_BUILD_ROOT/usr/share/openvswitch/scripts/vif -install -m 755 xenserver/usr_share_openvswitch_scripts_ovs-xapi-sync \ - $RPM_BUILD_ROOT/usr/share/openvswitch/scripts/ovs-xapi-sync -install -m 755 xenserver/usr_share_openvswitch_scripts_sysconfig.template \ - $RPM_BUILD_ROOT/usr/share/openvswitch/scripts/sysconfig.template -install -d -m 755 $RPM_BUILD_ROOT/usr/lib/xsconsole/plugins-base -install -m 644 \ - xenserver/usr_lib_xsconsole_plugins-base_XSFeatureVSwitch.py \ - $RPM_BUILD_ROOT/usr/lib/xsconsole/plugins-base/XSFeatureVSwitch.py - -install -d -m 755 $RPM_BUILD_ROOT/lib/modules/%{xen_version}/extra/openvswitch -find datapath/linux -name *.ko -exec install -m 755 \{\} $RPM_BUILD_ROOT/lib/modules/%{xen_version}/extra/openvswitch \; - -install -d -m 755 $RPM_BUILD_ROOT/etc/xensource/bugtool -cp -rf $RPM_BUILD_ROOT/usr/share/openvswitch/bugtool-plugins/* $RPM_BUILD_ROOT/etc/xensource/bugtool - -# Get rid of stuff we don't want to make RPM happy. -rm \ - $RPM_BUILD_ROOT/usr/bin/ovs-testcontroller \ - $RPM_BUILD_ROOT/usr/bin/ovs-l3ping \ - $RPM_BUILD_ROOT/usr/bin/ovs-pki \ - $RPM_BUILD_ROOT/usr/bin/ovs-test \ - $RPM_BUILD_ROOT/usr/share/man/man8/ovs-testcontroller.8 \ - $RPM_BUILD_ROOT/usr/share/man/man8/ovs-l3ping.8 \ - $RPM_BUILD_ROOT/usr/share/man/man8/ovs-pki.8 \ - $RPM_BUILD_ROOT/usr/share/man/man8/ovs-test.8 -(cd "$RPM_BUILD_ROOT" && rm -f usr/lib/lib*) -(cd "$RPM_BUILD_ROOT" && rm -rf usr/include) -(cd "$RPM_BUILD_ROOT" && rm -rf usr/lib/pkgconfig) - -install -d -m 755 $RPM_BUILD_ROOT/var/lib/openvswitch - -%check -%if %{with check} - if make check TESTSUITEFLAGS='%{_smp_mflags}' RECHECK=yes; then :; - else - cat tests/testsuite.log - exit 1 - fi -%endif - -%clean -rm -rf $RPM_BUILD_ROOT - -%post -# A list of Citrix XenServer scripts that we might need to replace -# with our own versions. -scripts=" - /etc/xensource/scripts/vif - /opt/xensource/libexec/InterfaceReconfigure.py - /opt/xensource/libexec/InterfaceReconfigureBridge.py - /opt/xensource/libexec/InterfaceReconfigureVswitch.py - /opt/xensource/libexec/interface-reconfigure" - -# Calculate into $md5sums a comma-separated set of md5sums of the -# Citrix XenServer scripts that we might need to replace. We might be -# upgrading an older version of the package that moved the files out -# of the way, so we need to look for the files in those out-of-the-way -# locations first. -md5sums= -for script in $scripts; do - b=$(basename "$script") - if test -e /usr/lib/openvswitch/xs-saved/"$b"; then - f=/usr/lib/openvswitch/xs-saved/"$b" - elif test -e /usr/lib/openvswitch/xs-original/"$b"; then - f=/usr/lib/openvswitch/xs-original/"$b" - elif test -e "$script" && test ! -h "$script"; then - f=$script - else - printf "\n$script: not found\n" - f=/dev/null - fi - md5sums="$md5sums,$(md5sum $f | awk '{print $1}')" -done -md5sums=${md5sums#,} - -# Now check the md5sums against the known sets of md5sums: -# -# - If they are known to be a version of XenServer scripts that we should -# replace, we replace them (by putting $scripts into $replace_files). -# -# - Otherwise, we guess that it's better not to replace them, because the -# improvements that our versions of the scripts provide are minimal, so -# it's better to avoid possibly breaking any changes made upstream by -# Citrix. -case $md5sums in - cf09a68d9f8b434e79a4c83b01a3bb4b,395866df1b0b20c12c4dd2f7de0ecdb4,9d493545ae81463239d3162cbc798852,862d0939b441de9264a900628e950fe9,21f85db25599d7f026cd489385d58aa6) - keep_files= - replace_files=$scripts - printf "\nVerified host scripts from XenServer 6.0.0.\n" - ;; - - c5f48246577a17cf1b971fb5ce4e920b,2e2c912f86f9c536c89adc34ff3c2b2b,28d3ff72d72bdec4f37d70699f5edb76,67e1d0af16fc1ddf10009c5c063ad2ba,f3feff30aa3b3f8b514664a96a8dc0ab) - keep_files= - replace_files=$scripts - printf "\nVerified host scripts from XenServer 5.6-SP2.\n" - ;; - - c5f48246577a17cf1b971fb5ce4e920b,2e2c912f86f9c536c89adc34ff3c2b2b,28d3ff72d72bdec4f37d70699f5edb76,67e1d0af16fc1ddf10009c5c063ad2ba,24bae6906d182ba47668174f8e480cc6) - keep_files= - replace_files=$scripts - printf "\nVerified host scripts from XenServer 5.6-FP1.\n" - ;; - - *) - keep_files=$scripts - replace_files= - cat </dev/null 2>&1; then :; else - cat >>/etc/sysctl.conf < /dev/null -fi - -# Create default or update existing /etc/sysconfig/openvswitch. -SYSCONFIG=/etc/sysconfig/openvswitch -TEMPLATE=/usr/share/openvswitch/scripts/sysconfig.template -if [ ! -e $SYSCONFIG ]; then - cp $TEMPLATE $SYSCONFIG -else - for var in $(awk -F'[ :]' '/^# [_A-Z0-9]+:/{print $2}' $TEMPLATE) - do - if ! grep $var $SYSCONFIG >/dev/null 2>&1; then - echo >> $SYSCONFIG - sed -n "/$var:/,/$var=/p" $TEMPLATE >> $SYSCONFIG - fi - done -fi - -# Deliberately break %postun in broken OVS builds that revert original -# XenServer scripts during rpm -U by moving the directory where it thinks -# they are saved. -if [ -d /usr/lib/openvswitch/xs-original ]; then - mkdir -p /usr/lib/openvswitch/xs-saved - mv /usr/lib/openvswitch/xs-original/* /usr/lib/openvswitch/xs-saved/ && - rmdir /usr/lib/openvswitch/xs-original -fi - -# Replace XenServer files by our versions. -mkdir -p /usr/lib/openvswitch/xs-saved \ - || printf "Could not create script backup directory.\n" -for f in $replace_files; do - s=$(basename "$f") - t=$(readlink "$f") - if [ -f "$f" ] && [ "$t" != "/usr/share/openvswitch/scripts/$s" ]; then - mv "$f" /usr/lib/openvswitch/xs-saved/ \ - || printf "Could not save original XenServer $s script\n" - ln -s "/usr/share/openvswitch/scripts/$s" "$f" \ - || printf "Could not link to Open vSwitch $s script\n" - fi -done - -# Clean up dangling symlinks to removed OVS replacement scripts no longer -# provided by OVS. Any time a replacement script is removed from OVS, -# it should be added here to ensure correct reversion from old versions of -# OVS that don't clean up dangling symlinks during the uninstall phase. -for orig in /usr/sbin/xen-bugtool $keep_files; do - saved=/usr/lib/openvswitch/xs-saved/$(basename "$orig") - [ -e "$saved" ] && mv -f "$saved" "$orig" -done - -# Ensure all required services are set to run -for s in openvswitch openvswitch-xapi-update; do - if chkconfig --list $s >/dev/null 2>&1; then - chkconfig --del $s || printf "Could not remove $s init script.\n" - fi - chkconfig --add $s || printf "Could not add $s init script.\n" - chkconfig $s on || printf "Could not enable $s init script.\n" -done - -if [ "$1" = "1" ]; then # $1 = 1 for install - # Configure system to use Open vSwitch - /opt/xensource/bin/xe-switch-network-backend vswitch -else # $1 = 2 for upgrade - - mode=$(cat /etc/xensource/network.conf) - if [ "$mode" != "vswitch" ] && [ "$mode" != "openvswitch" ]; then - printf "\nThe server is not configured to run Open vSwitch. To run in\n" - printf "vswitch mode, you must run the following command:\n\n" - printf " xe-switch-network-backend vswitch" - printf "\n\n" - fi -fi - -%posttrans %{module_package} -# Ensure that modprobe will find our modules. -# -# This has to be in %posttrans instead of %post because older versions -# installed modules into a different directory and "rpm -U" runs the -# new version's %post before removing the old version's files, so if -# we use %post then depmod may find the old versions that are about to -# be removed. -depmod %{xen_version} - -mode=$(cat /etc/xensource/network.conf) -if [ "$mode" = "vswitch" ] || [ "$mode" = "openvswitch" ]; then - printf "\nTo use the newly installed Open vSwitch kernel module, you\n" - printf "will either have to reboot the hypervisor or follow any\n" - printf "workarounds provided by your administration guide. Failure to do\n" - printf "so may result in incorrect operation." - printf "\n\n" -fi - -%preun -if [ "$1" = "0" ]; then # $1 = 0 for uninstall - # Configure system to use bridge - /opt/xensource/bin/xe-switch-network-backend bridge - - # The "openvswitch" service should have been removed from - # "xe-switch-network-backend bridge". - for s in openvswitch openvswitch-xapi-update; do - if chkconfig --list $s >/dev/null 2>&1; then - chkconfig --del $s || printf "Could not remove $s init script." - fi - done -fi - -%postun -# Restore original XenServer scripts if the OVS equivalent no longer exists. -# This works both in the upgrade and erase cases. -# This lists every file that every version of OVS has ever replaced. Never -# remove old files that OVS no longer replaces, or upgrades from old versions -# will fail to restore the XS originals, leaving the system in a broken state. -# Also be sure to add removed script paths to the %post scriptlet above to -# prevent the same problem when upgrading from old versions of OVS that lack -# this restore-on-upgrade logic. -for f in \ - /etc/xensource/scripts/vif \ - /usr/sbin/xen-bugtool \ - /opt/xensource/libexec/interface-reconfigure \ - /opt/xensource/libexec/InterfaceReconfigure.py \ - /opt/xensource/libexec/InterfaceReconfigureBridge.py \ - /opt/xensource/libexec/InterfaceReconfigureVswitch.py -do - # Only revert dangling symlinks. - if [ -h "$f" ] && [ ! -e "$f" ]; then - s=$(basename "$f") - if [ ! -f "/usr/lib/openvswitch/xs-saved/$s" ]; then - printf "Original XenServer $s script not present in /usr/lib/openvswitch/xs-saved\n" >&2 - printf "Could not restore original XenServer script.\n" >&2 - else - (rm -f "$f" \ - && mv "/usr/lib/openvswitch/xs-saved/$s" "$f") \ - || printf "Could not restore original XenServer $s script.\n" >&2 - fi - fi -done - -if [ "$1" = "0" ]; then # $1 = 0 for uninstall - rm -f /usr/lib/xsconsole/plugins-base/XSFeatureVSwitch.pyc \ - /usr/lib/xsconsole/plugins-base/XSFeatureVSwitch.pyo - - rm -f /usr/share/openvswitch/scripts/InterfaceReconfigure.pyc \ - /usr/share/openvswitch/scripts/InterfaceReconfigure.pyo \ - /usr/share/openvswitch/scripts/InterfaceReconfigureBridge.pyc \ - /usr/share/openvswitch/scripts/InterfaceReconfigureBridge.pyo \ - /usr/share/openvswitch/scripts/InterfaceReconfigureVSwitch.pyc \ - /usr/share/openvswitch/scripts/InterfaceReconfigureVSwitch.pyo - - # Remove all configuration files - rm -f /etc/openvswitch/conf.db - rm -f /etc/sysconfig/openvswitch - rm -f /etc/openvswitch/vswitchd.cacert - - # Remove saved XenServer scripts directory, but only if it's empty - rmdir -p /usr/lib/openvswitch/xs-saved 2>/dev/null -fi - -exit 0 - -%files -%defattr(-,root,root) -/etc/bash_completion.d/ovs-appctl-bashcomp.bash -/etc/bash_completion.d/ovs-vsctl-bashcomp.bash -/etc/init.d/openvswitch -/etc/init.d/openvswitch-xapi-update -/etc/xapi.d/plugins/openvswitch-cfg-update -/etc/xensource/bugtool/* -/etc/logrotate.d/openvswitch -/etc/profile.d/openvswitch.sh -/usr/share/openvswitch/python/ -/usr/share/openvswitch/bugtool-plugins/* -/usr/share/openvswitch/scripts/ovs-check-dead-ifs -/usr/share/openvswitch/scripts/ovs-xapi-sync -/usr/share/openvswitch/scripts/interface-reconfigure -/usr/share/openvswitch/scripts/InterfaceReconfigure.py -/usr/share/openvswitch/scripts/InterfaceReconfigureBridge.py -/usr/share/openvswitch/scripts/InterfaceReconfigureVswitch.py -/usr/share/openvswitch/scripts/vif -/usr/share/openvswitch/scripts/sysconfig.template -/usr/share/openvswitch/scripts/ovs-bugtool-* -/usr/share/openvswitch/scripts/ovs-save -/usr/share/openvswitch/scripts/ovs-ctl -/usr/share/openvswitch/scripts/ovs-lib -/usr/share/openvswitch/scripts/ovs-vtep -/usr/share/openvswitch/scripts/ovndb-servers.ocf -/usr/share/openvswitch/vswitch.ovsschema -/usr/share/openvswitch/vtep.ovsschema -/usr/sbin/ovs-bugtool -/usr/sbin/ovs-vlan-bug-workaround -/usr/sbin/ovs-vswitchd -/usr/sbin/ovsdb-server -/usr/bin/ovs-appctl -/usr/bin/ovs-dpctl -/usr/bin/ovs-dpctl-top -/usr/bin/ovs-docker -/usr/bin/ovs-ofctl -/usr/bin/ovs-parse-backtrace -/usr/bin/ovs-pcap -/usr/bin/ovs-tcpundump -/usr/bin/ovs-vlan-test -/usr/bin/ovs-vsctl -/usr/bin/ovsdb-client -/usr/bin/ovsdb-tool -/usr/bin/vtep-ctl -/usr/bin/ovs-tcpdump -/usr/lib/xsconsole/plugins-base/XSFeatureVSwitch.py -/usr/share/man/man1/ovsdb-client.1.gz -/usr/share/man/man1/ovsdb-server.1.gz -/usr/share/man/man1/ovsdb-tool.1.gz -/usr/share/man/man5/ovsdb-server.5.gz -/usr/share/man/man5/ovs-vswitchd.conf.db.5.gz -/usr/share/man/man5/vtep.5.gz -/usr/share/man/man7/ovs-fields.7.gz -/usr/share/man/man8/ovs-appctl.8.gz -/usr/share/man/man8/ovs-bugtool.8.gz -/usr/share/man/man8/ovs-ctl.8.gz -/usr/share/man/man8/ovs-dpctl.8.gz -/usr/share/man/man8/ovs-dpctl-top.8.gz -/usr/share/man/man8/ovs-ofctl.8.gz -/usr/share/man/man8/ovs-parse-backtrace.8.gz -/usr/share/man/man1/ovs-pcap.1.gz -/usr/share/man/man1/ovs-tcpundump.1.gz -/usr/share/man/man8/ovs-vlan-bug-workaround.8.gz -/usr/share/man/man8/ovs-vlan-test.8.gz -/usr/share/man/man8/ovs-vsctl.8.gz -/usr/share/man/man8/ovs-vswitchd.8.gz -/usr/share/man/man8/vtep-ctl.8.gz -/usr/share/man/man8/ovs-tcpdump.8.gz -/var/lib/openvswitch -/var/log/openvswitch -%exclude /usr/lib/xsconsole/plugins-base/*.py[co] -%exclude /usr/share/openvswitch/scripts/*.py[co] -%exclude /usr/share/openvswitch/python/*.py[co] -%exclude /usr/share/openvswitch/python/ovs/*.py[co] -%exclude /usr/share/openvswitch/python/ovs/db/*.py[co] -%exclude /usr/bin/ovn-* -%exclude /usr/share/man/man5/ovn-* -%exclude /usr/share/man/man7/ovn-* -%exclude /usr/share/man/man8/ovn-* -%exclude /usr/share/openvswitch/ovn-* -%exclude /usr/share/openvswitch/scripts/ovn-* - -%files %{module_package} -/lib/modules/%{xen_version}/extra/openvswitch/openvswitch.ko -/lib/modules/%{xen_version}/extra/openvswitch/vport-*.ko diff --git a/xenserver/opt_xensource_libexec_InterfaceReconfigure.py b/xenserver/opt_xensource_libexec_InterfaceReconfigure.py deleted file mode 100644 index 74b784d34..000000000 --- a/xenserver/opt_xensource_libexec_InterfaceReconfigure.py +++ /dev/null @@ -1,972 +0,0 @@ -# Copyright (c) 2008,2009 Citrix Systems, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as published -# by the Free Software Foundation; version 2.1 only. with the special -# exception on linking described in file LICENSE. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -import sys -import syslog -import os - -from xml.dom.minidom import getDOMImplementation -from xml.dom.minidom import parse as parseXML - -the_root_prefix = "" -def root_prefix(): - """Returns a string to prefix to all file name references, which - is useful for testing.""" - return the_root_prefix -def set_root_prefix(prefix): - global the_root_prefix - the_root_prefix = prefix - -log_destination = "syslog" -def get_log_destination(): - """Returns the current log destination. - 'syslog' means "log to syslog". - 'stderr' means "log to stderr".""" - return log_destination -def set_log_destination(dest): - global log_destination - log_destination = dest - -# -# Logging. -# - -def log(s): - if get_log_destination() == 'syslog': - syslog.syslog(s) - else: - sys.stderr.write(s + '\n') - sys.stderr.flush() - -# -# Exceptions. -# - -class Error(Exception): - def __init__(self, msg): - Exception.__init__(self) - self.msg = msg - -# -# Run external utilities -# - -def run_command(command): - log("Running command: " + ' '.join(command)) - rc = os.spawnl(os.P_WAIT, root_prefix() + command[0], *command) - if rc != 0: - log("Command failed %d: " % rc + ' '.join(command)) - return False - return True - -# -# Configuration File Handling. -# - -class ConfigurationFile(object): - """Write a file, tracking old and new versions. - - Supports writing a new version of a file and applying and - reverting those changes. - """ - - __STATE = {"OPEN":"OPEN", - "NOT-APPLIED":"NOT-APPLIED", "APPLIED":"APPLIED", - "REVERTED":"REVERTED", "COMMITTED": "COMMITTED"} - - def __init__(self, path): - dirname,basename = os.path.split(path) - - self.__state = self.__STATE['OPEN'] - self.__children = [] - - self.__path = os.path.join(dirname, basename) - self.__oldpath = os.path.join(dirname, "." + basename + ".xapi-old") - self.__newpath = os.path.join(dirname, "." + basename + ".xapi-new") - - self.__f = open(self.__newpath, "w") - - def attach_child(self, child): - self.__children.append(child) - - def path(self): - return self.__path - - def readlines(self): - try: - return open(self.path()).readlines() - except: - return "" - - def write(self, args): - if self.__state != self.__STATE['OPEN']: - raise Error("Attempt to write to file in state %s" % self.__state) - self.__f.write(args) - - def close(self): - if self.__state != self.__STATE['OPEN']: - raise Error("Attempt to close file in state %s" % self.__state) - - self.__f.close() - self.__state = self.__STATE['NOT-APPLIED'] - - def changed(self): - if self.__state != self.__STATE['NOT-APPLIED']: - raise Error("Attempt to compare file in state %s" % self.__state) - - return True - - def apply(self): - if self.__state != self.__STATE['NOT-APPLIED']: - raise Error("Attempt to apply configuration from state %s" % self.__state) - - for child in self.__children: - child.apply() - - log("Applying changes to %s configuration" % self.__path) - - # Remove previous backup. - if os.access(self.__oldpath, os.F_OK): - os.unlink(self.__oldpath) - - # Save current configuration. - if os.access(self.__path, os.F_OK): - os.link(self.__path, self.__oldpath) - os.unlink(self.__path) - - # Apply new configuration. - assert(os.path.exists(self.__newpath)) - os.link(self.__newpath, self.__path) - - # Remove temporary file. - os.unlink(self.__newpath) - - self.__state = self.__STATE['APPLIED'] - - def revert(self): - if self.__state != self.__STATE['APPLIED']: - raise Error("Attempt to revert configuration from state %s" % self.__state) - - for child in self.__children: - child.revert() - - log("Reverting changes to %s configuration" % self.__path) - - # Remove existing new configuration - if os.access(self.__newpath, os.F_OK): - os.unlink(self.__newpath) - - # Revert new configuration. - if os.access(self.__path, os.F_OK): - os.link(self.__path, self.__newpath) - os.unlink(self.__path) - - # Revert to old configuration. - if os.access(self.__oldpath, os.F_OK): - os.link(self.__oldpath, self.__path) - os.unlink(self.__oldpath) - - # Leave .*.xapi-new as an aid to debugging. - - self.__state = self.__STATE['REVERTED'] - - def commit(self): - if self.__state != self.__STATE['APPLIED']: - raise Error("Attempt to commit configuration from state %s" % self.__state) - - for child in self.__children: - child.commit() - - log("Committing changes to %s configuration" % self.__path) - - if os.access(self.__oldpath, os.F_OK): - os.unlink(self.__oldpath) - if os.access(self.__newpath, os.F_OK): - os.unlink(self.__newpath) - - self.__state = self.__STATE['COMMITTED'] - -# -# Helper functions for encoding/decoding database attributes to/from XML. -# - -def _str_to_xml(xml, parent, tag, val): - e = xml.createElement(tag) - parent.appendChild(e) - v = xml.createTextNode(val) - e.appendChild(v) -def _str_from_xml(n): - def getText(nodelist): - rc = "" - for node in nodelist: - if node.nodeType == node.TEXT_NODE: - rc = rc + node.data - return rc - return getText(n.childNodes).strip() - -def _bool_to_xml(xml, parent, tag, val): - if val: - _str_to_xml(xml, parent, tag, "True") - else: - _str_to_xml(xml, parent, tag, "False") -def _bool_from_xml(n): - s = _str_from_xml(n) - if s == "True": - return True - elif s == "False": - return False - else: - raise Error("Unknown boolean value %s" % s) - -def _strlist_to_xml(xml, parent, ltag, itag, val): - e = xml.createElement(ltag) - parent.appendChild(e) - for v in val: - c = xml.createElement(itag) - e.appendChild(c) - cv = xml.createTextNode(v) - c.appendChild(cv) -def _strlist_from_xml(n, ltag, itag): - ret = [] - for n in n.childNodes: - if n.nodeName == itag: - ret.append(_str_from_xml(n)) - return ret - -def _map_to_xml(xml, parent, tag, val, attrs): - e = xml.createElement(tag) - parent.appendChild(e) - for n,v in val.items(): - if n in attrs: - _str_to_xml(xml, e, n, v) - else: - log("Unknown other-config attribute: %s" % n) - -def _map_from_xml(n, attrs): - ret = {} - for n in n.childNodes: - if n.nodeName in attrs: - ret[n.nodeName] = _str_from_xml(n) - return ret - -def _otherconfig_to_xml(xml, parent, val, attrs): - return _map_to_xml(xml, parent, "other_config", val, attrs) -def _otherconfig_from_xml(n, attrs): - return _map_from_xml(n, attrs) - -# -# Definitions of the database objects (and their attributes) used by interface-reconfigure. -# -# Each object is defined by a dictionary mapping an attribute name in -# the xapi database to a tuple containing two items: -# - a function which takes this attribute and encodes it as XML. -# - a function which takes XML and decocdes it into a value. -# -# other-config attributes are specified as a simple array of strings - -_PIF_XML_TAG = "pif" -_VLAN_XML_TAG = "vlan" -_TUNNEL_XML_TAG = "tunnel" -_BOND_XML_TAG = "bond" -_NETWORK_XML_TAG = "network" -_POOL_XML_TAG = "pool" - -_ETHTOOL_OTHERCONFIG_ATTRS = ['ethtool-%s' % x for x in ['autoneg', 'speed', 'duplex', 'rx', 'tx', 'sg', 'tso', 'ufo', 'gso', 'gro', 'lro'] ] - -_PIF_OTHERCONFIG_ATTRS = [ 'domain', 'peerdns', 'defaultroute', 'mtu', 'static-routes' ] + \ - [ 'bond-%s' % x for x in ['mode', 'miimon', 'downdelay', 'updelay', 'use_carrier', 'hashing-algorithm'] ] + \ - [ 'vlan-bug-workaround' ] + \ - _ETHTOOL_OTHERCONFIG_ATTRS - -_PIF_ATTRS = { 'uuid': (_str_to_xml,_str_from_xml), - 'management': (_bool_to_xml,_bool_from_xml), - 'network': (_str_to_xml,_str_from_xml), - 'device': (_str_to_xml,_str_from_xml), - 'bond_master_of': (lambda x, p, t, v: _strlist_to_xml(x, p, 'bond_master_of', 'slave', v), - lambda n: _strlist_from_xml(n, 'bond_master_of', 'slave')), - 'bond_slave_of': (_str_to_xml,_str_from_xml), - 'VLAN': (_str_to_xml,_str_from_xml), - 'VLAN_master_of': (_str_to_xml,_str_from_xml), - 'VLAN_slave_of': (lambda x, p, t, v: _strlist_to_xml(x, p, 'VLAN_slave_of', 'master', v), - lambda n: _strlist_from_xml(n, 'VLAN_slave_Of', 'master')), - 'tunnel_access_PIF_of': (lambda x, p, t, v: _strlist_to_xml(x, p, 'tunnel_access_PIF_of', 'pif', v), - lambda n: _strlist_from_xml(n, 'tunnel_access_PIF_of', 'pif')), - 'tunnel_transport_PIF_of': (lambda x, p, t, v: _strlist_to_xml(x, p, 'tunnel_transport_PIF_of', 'pif', v), - lambda n: _strlist_from_xml(n, 'tunnel_transport_PIF_of', 'pif')), - 'ip_configuration_mode': (_str_to_xml,_str_from_xml), - 'IP': (_str_to_xml,_str_from_xml), - 'netmask': (_str_to_xml,_str_from_xml), - 'gateway': (_str_to_xml,_str_from_xml), - 'DNS': (_str_to_xml,_str_from_xml), - 'MAC': (_str_to_xml,_str_from_xml), - 'other_config': (lambda x, p, t, v: _otherconfig_to_xml(x, p, v, _PIF_OTHERCONFIG_ATTRS), - lambda n: _otherconfig_from_xml(n, _PIF_OTHERCONFIG_ATTRS)), - - # Special case: We write the current value - # PIF.currently-attached to the cache but since it will - # not be valid when we come to use the cache later - # (i.e. after a reboot) we always read it as False. - 'currently_attached': (_bool_to_xml, lambda n: False), - } - -_VLAN_ATTRS = { 'uuid': (_str_to_xml,_str_from_xml), - 'tagged_PIF': (_str_to_xml,_str_from_xml), - 'untagged_PIF': (_str_to_xml,_str_from_xml), - } - -_TUNNEL_ATTRS = { 'uuid': (_str_to_xml,_str_from_xml), - 'access_PIF': (_str_to_xml,_str_from_xml), - 'transport_PIF': (_str_to_xml,_str_from_xml), - } -_BOND_ATTRS = { 'uuid': (_str_to_xml,_str_from_xml), - 'master': (_str_to_xml,_str_from_xml), - 'slaves': (lambda x, p, t, v: _strlist_to_xml(x, p, 'slaves', 'slave', v), - lambda n: _strlist_from_xml(n, 'slaves', 'slave')), - } - -_NETWORK_OTHERCONFIG_ATTRS = [ 'mtu', - 'static-routes', - 'vswitch-controller-fail-mode', - 'vswitch-disable-in-band' ] \ - + _ETHTOOL_OTHERCONFIG_ATTRS - -_NETWORK_ATTRS = { 'uuid': (_str_to_xml,_str_from_xml), - 'bridge': (_str_to_xml,_str_from_xml), - 'MTU': (_str_to_xml,_str_from_xml), - 'PIFs': (lambda x, p, t, v: _strlist_to_xml(x, p, 'PIFs', 'PIF', v), - lambda n: _strlist_from_xml(n, 'PIFs', 'PIF')), - 'other_config': (lambda x, p, t, v: _otherconfig_to_xml(x, p, v, _NETWORK_OTHERCONFIG_ATTRS), - lambda n: _otherconfig_from_xml(n, _NETWORK_OTHERCONFIG_ATTRS)), - } - -_POOL_OTHERCONFIG_ATTRS = ['vswitch-controller-fail-mode'] - -_POOL_ATTRS = { 'other_config': (lambda x, p, t, v: _otherconfig_to_xml(x, p, v, _POOL_OTHERCONFIG_ATTRS), - lambda n: _otherconfig_from_xml(n, _POOL_OTHERCONFIG_ATTRS)), - } - -# -# Database Cache object -# - -_db = None - -def db(): - assert(_db is not None) - return _db - -def db_init_from_cache(cache): - global _db - assert(_db is None) - _db = DatabaseCache(cache_file=cache) - -def db_init_from_xenapi(session): - global _db - assert(_db is None) - _db = DatabaseCache(session_ref=session) - -class DatabaseCache(object): - def __read_xensource_inventory(self): - filename = root_prefix() + "/etc/xensource-inventory" - f = open(filename, "r") - lines = [x.strip("\n") for x in f.readlines()] - f.close() - - defs = [ (l[:l.find("=")], l[(l.find("=") + 1):]) for l in lines ] - defs = [ (a, b.strip("'")) for (a,b) in defs ] - - return dict(defs) - - def __pif_on_host(self,pif): - return pif in self.__pifs - - def __get_pif_records_from_xapi(self, session, host): - self.__pifs = {} - for (p,rec) in session.xenapi.PIF.get_all_records().items(): - if rec['host'] != host: - continue - self.__pifs[p] = {} - for f in _PIF_ATTRS: - self.__pifs[p][f] = rec[f] - self.__pifs[p]['other_config'] = {} - for f in _PIF_OTHERCONFIG_ATTRS: - if f not in rec['other_config']: continue - self.__pifs[p]['other_config'][f] = rec['other_config'][f] - - def __get_vlan_records_from_xapi(self, session): - self.__vlans = {} - for (v,rec) in session.xenapi.VLAN.get_all_records().items(): - if not self.__pif_on_host(rec['untagged_PIF']): - continue - self.__vlans[v] = {} - for f in _VLAN_ATTRS: - self.__vlans[v][f] = rec[f] - - def __get_tunnel_records_from_xapi(self, session): - self.__tunnels = {} - for t in session.xenapi.tunnel.get_all(): - rec = session.xenapi.tunnel.get_record(t) - if not self.__pif_on_host(rec['transport_PIF']): - continue - self.__tunnels[t] = {} - for f in _TUNNEL_ATTRS: - self.__tunnels[t][f] = rec[f] - - def __get_bond_records_from_xapi(self, session): - self.__bonds = {} - for (b,rec) in session.xenapi.Bond.get_all_records().items(): - if not self.__pif_on_host(rec['master']): - continue - self.__bonds[b] = {} - for f in _BOND_ATTRS: - self.__bonds[b][f] = rec[f] - - def __get_network_records_from_xapi(self, session): - self.__networks = {} - for (n,rec) in session.xenapi.network.get_all_records().items(): - self.__networks[n] = {} - for f in _NETWORK_ATTRS: - if f == "PIFs": - # drop PIFs on other hosts - self.__networks[n][f] = [p for p in rec[f] if self.__pif_on_host(p)] - elif f == "MTU" and f not in rec: - # XenServer 5.5 network records did not have an - # MTU field, so allow this to be missing. - pass - else: - self.__networks[n][f] = rec[f] - self.__networks[n]['other_config'] = {} - for f in _NETWORK_OTHERCONFIG_ATTRS: - if f not in rec['other_config']: continue - self.__networks[n]['other_config'][f] = rec['other_config'][f] - - def __get_pool_records_from_xapi(self, session): - self.__pools = {} - for p in session.xenapi.pool.get_all(): - rec = session.xenapi.pool.get_record(p) - - self.__pools[p] = {} - - for f in _POOL_ATTRS: - self.__pools[p][f] = rec[f] - - for f in _POOL_OTHERCONFIG_ATTRS: - if f in rec['other_config']: - self.__pools[p]['other_config'][f] = rec['other_config'][f] - - def __to_xml(self, xml, parent, key, ref, rec, attrs): - """Encode a database object as XML""" - e = xml.createElement(key) - parent.appendChild(e) - if ref: - e.setAttribute('ref', ref) - - for n,v in rec.items(): - if n in attrs: - h,_ = attrs[n] - h(xml, e, n, v) - else: - raise Error("Unknown attribute %s" % n) - def __from_xml(self, e, attrs): - """Decode a database object from XML""" - ref = e.attributes['ref'].value - rec = {} - for n in e.childNodes: - if n.nodeName in attrs: - _,h = attrs[n.nodeName] - rec[n.nodeName] = h(n) - return (ref,rec) - - def __init__(self, session_ref=None, cache_file=None): - if session_ref and cache_file: - raise Error("can't specify session reference and cache file") - if cache_file == None: - import XenAPI - session = XenAPI.xapi_local() - - if not session_ref: - log("No session ref given on command line, logging in.") - session.xenapi.login_with_password("root", "") - else: - session._session = session_ref - - try: - - inventory = self.__read_xensource_inventory() - assert('INSTALLATION_UUID' in inventory) - log("host uuid is %s" % inventory['INSTALLATION_UUID']) - - host = session.xenapi.host.get_by_uuid(inventory['INSTALLATION_UUID']) - - self.__get_pif_records_from_xapi(session, host) - self.__get_pool_records_from_xapi(session) - self.__get_tunnel_records_from_xapi(session) - self.__get_vlan_records_from_xapi(session) - self.__get_bond_records_from_xapi(session) - self.__get_network_records_from_xapi(session) - finally: - if not session_ref: - session.xenapi.session.logout() - else: - log("Loading xapi database cache from %s" % cache_file) - - xml = parseXML(root_prefix() + cache_file) - - self.__pifs = {} - self.__bonds = {} - self.__vlans = {} - self.__pools = {} - self.__tunnels = {} - self.__networks = {} - - assert(len(xml.childNodes) == 1) - toplevel = xml.childNodes[0] - - assert(toplevel.nodeName == "xenserver-network-configuration") - - for n in toplevel.childNodes: - if n.nodeName == "#text": - pass - elif n.nodeName == _PIF_XML_TAG: - (ref,rec) = self.__from_xml(n, _PIF_ATTRS) - self.__pifs[ref] = rec - elif n.nodeName == _BOND_XML_TAG: - (ref,rec) = self.__from_xml(n, _BOND_ATTRS) - self.__bonds[ref] = rec - elif n.nodeName == _VLAN_XML_TAG: - (ref,rec) = self.__from_xml(n, _VLAN_ATTRS) - self.__vlans[ref] = rec - elif n.nodeName == _TUNNEL_XML_TAG: - (ref,rec) = self.__from_xml(n, _TUNNEL_ATTRS) - self.__vlans[ref] = rec - elif n.nodeName == _NETWORK_XML_TAG: - (ref,rec) = self.__from_xml(n, _NETWORK_ATTRS) - self.__networks[ref] = rec - elif n.nodeName == _POOL_XML_TAG: - (ref,rec) = self.__from_xml(n, _POOL_ATTRS) - self.__pools[ref] = rec - else: - raise Error("Unknown XML element %s" % n.nodeName) - - def save(self, cache_file): - - xml = getDOMImplementation().createDocument( - None, "xenserver-network-configuration", None) - for (ref,rec) in self.__pifs.items(): - self.__to_xml(xml, xml.documentElement, _PIF_XML_TAG, ref, rec, _PIF_ATTRS) - for (ref,rec) in self.__bonds.items(): - self.__to_xml(xml, xml.documentElement, _BOND_XML_TAG, ref, rec, _BOND_ATTRS) - for (ref,rec) in self.__vlans.items(): - self.__to_xml(xml, xml.documentElement, _VLAN_XML_TAG, ref, rec, _VLAN_ATTRS) - for (ref,rec) in self.__tunnels.items(): - self.__to_xml(xml, xml.documentElement, _TUNNEL_XML_TAG, ref, rec, _TUNNEL_ATTRS) - for (ref,rec) in self.__networks.items(): - self.__to_xml(xml, xml.documentElement, _NETWORK_XML_TAG, ref, rec, - _NETWORK_ATTRS) - for (ref,rec) in self.__pools.items(): - self.__to_xml(xml, xml.documentElement, _POOL_XML_TAG, ref, rec, _POOL_ATTRS) - - temp_file = cache_file + ".%d" % os.getpid() - f = open(temp_file, 'w') - f.write(xml.toprettyxml()) - f.close() - os.rename(temp_file, cache_file) - - def get_pif_by_uuid(self, uuid): - pifs = map(lambda ref_rec: ref_rec[0], - filter(lambda ref_rec: uuid == ref_rec[1]['uuid'], - self.__pifs.items())) - if len(pifs) == 0: - raise Error("Unknown PIF \"%s\"" % uuid) - elif len(pifs) > 1: - raise Error("Non-unique PIF \"%s\"" % uuid) - - return pifs[0] - - def get_pifs_by_device(self, device): - return list(map(lambda ref_rec: ref_rec[0], - list(filter(lambda ref_rec: ref_rec[1]['device'] == device, - self.__pifs.items())))) - - def get_networks_with_bridge(self, bridge): - return list(map(lambda ref_rec: ref_rec[0], - list(filter(lambda ref_rec: ref_rec[1]['bridge'] == bridge, - self.__networks.items())))) - - def get_network_by_bridge(self, bridge): - #Assumes one network has bridge. - try: - return self.get_networks_with_bridge(bridge)[0] - except KeyError: - return None - - def get_pif_by_bridge(self, bridge): - networks = self.get_networks_with_bridge(bridge) - - if len(networks) == 0: - raise Error("No matching network \"%s\"" % bridge) - - answer = None - for network in networks: - nwrec = self.get_network_record(network) - for pif in nwrec['PIFs']: - pifrec = self.get_pif_record(pif) - if answer: - raise Error("Multiple PIFs on host for network %s" % (bridge)) - answer = pif - if not answer: - raise Error("No PIF on host for network %s" % (bridge)) - return answer - - def get_pif_record(self, pif): - if pif in self.__pifs: - return self.__pifs[pif] - raise Error("Unknown PIF \"%s\"" % pif) - def get_all_pifs(self): - return self.__pifs - def pif_exists(self, pif): - return pif in self.__pifs - - def get_management_pif(self): - """ Returns the management pif on host - """ - all = self.get_all_pifs() - for pif in all: - pifrec = self.get_pif_record(pif) - if pifrec['management']: return pif - return None - - def get_network_record(self, network): - if network in self.__networks: - return self.__networks[network] - raise Error("Unknown network \"%s\"" % network) - - def get_bond_record(self, bond): - if bond in self.__bonds: - return self.__bonds[bond] - else: - return None - - def get_vlan_record(self, vlan): - if vlan in self.__vlans: - return self.__vlans[vlan] - else: - return None - - def get_pool_record(self): - if len(self.__pools) > 0: - return list(self.__pools.values())[0] - -# -# -# -PIF_OTHERCONFIG_DEFAULTS = {'gro': 'off', 'lro': 'off'} - -def ethtool_settings(oc, defaults = {}): - settings = [] - if 'ethtool-speed' in oc: - val = oc['ethtool-speed'] - if val in ["10", "100", "1000"]: - settings += ['speed', val] - else: - log("Invalid value for ethtool-speed = %s. Must be 10|100|1000." % val) - if 'ethtool-duplex' in oc: - val = oc['ethtool-duplex'] - if val in ["half", "full"]: - settings += ['duplex', val] - else: - log("Invalid value for ethtool-duplex = %s. Must be half|full." % val) - if 'ethtool-autoneg' in oc: - val = oc['ethtool-autoneg'] - if val in ["true", "on"]: - settings += ['autoneg', 'on'] - elif val in ["false", "off"]: - settings += ['autoneg', 'off'] - else: - log("Invalid value for ethtool-autoneg = %s. Must be on|true|off|false." % val) - offload = [] - for opt in ("rx", "tx", "sg", "tso", "ufo", "gso", "gro", "lro"): - if "ethtool-" + opt in oc: - val = oc["ethtool-" + opt] - if val in ["true", "on"]: - offload += [opt, 'on'] - elif val in ["false", "off"]: - offload += [opt, 'off'] - else: - log("Invalid value for ethtool-%s = %s. Must be on|true|off|false." % (opt, val)) - elif opt in defaults: - offload += [opt, defaults[opt]] - return settings,offload - -# By default the MTU is taken from the Network.MTU setting for VIF, -# PIF and Bridge. However it is possible to override this by using -# {VIF,PIF,Network}.other-config:mtu. -# -# type parameter is a string describing the object that the oc parameter -# is from. e.g. "PIF", "Network" -def mtu_setting(nw, type, oc): - mtu = None - - nwrec = db().get_network_record(nw) - if 'MTU' in nwrec: - mtu = nwrec['MTU'] - else: - mtu = "1500" - - if 'mtu' in oc: - log("Override Network.MTU setting on bridge %s from %s.MTU is %s" % \ - (nwrec['bridge'], type, mtu)) - mtu = oc['mtu'] - - if mtu is not None: - try: - int(mtu) # Check that the value is an integer - return mtu - except ValueError as x: - log("Invalid value for mtu = %s" % mtu) - - return None - -# -# IP Network Devices -- network devices with IP configuration -# -def pif_ipdev_name(pif): - """Return the ipdev name associated with pif""" - pifrec = db().get_pif_record(pif) - nwrec = db().get_network_record(pifrec['network']) - - if nwrec['bridge']: - # TODO: sanity check that nwrec['bridgeless'] != 'true' - return nwrec['bridge'] - else: - # TODO: sanity check that nwrec['bridgeless'] == 'true' - return pif_netdev_name(pif) - -# -# Bare Network Devices -- network devices without IP configuration -# - -def netdev_exists(netdev): - return os.path.exists(root_prefix() + "/sys/class/net/" + netdev) - - -def unicode_2to3(string): - if sys.version_info < (3,): - return string.encode() - return string - - -def pif_netdev_name(pif): - """Get the netdev name for a PIF.""" - - pifrec = db().get_pif_record(pif) - - if pif_is_vlan(pif): - return unicode_2to3("%(device)s.%(VLAN)s" % pifrec) - else: - return unicode_2to3(pifrec['device']) - -# -# Bridges -# - -def pif_is_bridged(pif): - pifrec = db().get_pif_record(pif) - nwrec = db().get_network_record(pifrec['network']) - - if nwrec['bridge']: - # TODO: sanity check that nwrec['bridgeless'] != 'true' - return True - else: - # TODO: sanity check that nwrec['bridgeless'] == 'true' - return False - -def pif_bridge_name(pif): - """Return the bridge name of a pif. - - PIF must be a bridged PIF.""" - pifrec = db().get_pif_record(pif) - - nwrec = db().get_network_record(pifrec['network']) - - if nwrec['bridge']: - return nwrec['bridge'] - else: - raise Error("PIF %(uuid)s does not have a bridge name" % pifrec) - -# -# Bonded PIFs -# -def pif_is_bond(pif): - pifrec = db().get_pif_record(pif) - - return len(pifrec['bond_master_of']) > 0 - -def pif_get_bond_masters(pif): - """Returns a list of PIFs which are bond masters of this PIF""" - - pifrec = db().get_pif_record(pif) - - bso = pifrec['bond_slave_of'] - - # bond-slave-of is currently a single reference but in principle a - # PIF could be a member of several bonds which are not - # concurrently attached. Be robust to this possibility. - if not bso or bso == "OpaqueRef:NULL": - bso = [] - elif not type(bso) == list: - bso = [bso] - - bondrecs = [db().get_bond_record(bond) for bond in bso] - bondrecs = [rec for rec in bondrecs if rec] - - return [bond['master'] for bond in bondrecs] - -def pif_get_bond_slaves(pif): - """Returns a list of PIFs which make up the given bonded pif.""" - - pifrec = db().get_pif_record(pif) - - bmo = pifrec['bond_master_of'] - if len(bmo) > 1: - raise Error("Bond-master-of contains too many elements") - - if len(bmo) == 0: - return [] - - bondrec = db().get_bond_record(bmo[0]) - if not bondrec: - raise Error("No bond record for bond master PIF") - - return bondrec['slaves'] - -# -# VLAN PIFs -# - -def pif_is_vlan(pif): - return db().get_pif_record(pif)['VLAN'] != '-1' - -def pif_get_vlan_slave(pif): - """Find the PIF which is the VLAN slave of pif. - -Returns the 'physical' PIF underneath the a VLAN PIF @pif.""" - - pifrec = db().get_pif_record(pif) - - vlan = pifrec['VLAN_master_of'] - if not vlan or vlan == "OpaqueRef:NULL": - raise Error("PIF is not a VLAN master") - - vlanrec = db().get_vlan_record(vlan) - if not vlanrec: - raise Error("No VLAN record found for PIF") - - return vlanrec['tagged_PIF'] - -def pif_get_vlan_masters(pif): - """Returns a list of PIFs which are VLANs on top of the given pif.""" - - pifrec = db().get_pif_record(pif) - vlans = [db().get_vlan_record(v) for v in pifrec['VLAN_slave_of']] - return [v['untagged_PIF'] for v in vlans if v and db().pif_exists(v['untagged_PIF'])] - -# -# Tunnel PIFs -# -def pif_is_tunnel(pif): - return len(db().get_pif_record(pif)['tunnel_access_PIF_of']) > 0 - -# -# Datapath base class -# - -class Datapath(object): - """Object encapsulating the actions necessary to (de)configure the - datapath for a given PIF. Does not include configuration of the - IP address on the ipdev. - """ - - def __init__(self, pif): - self._pif = pif - - @classmethod - def rewrite(cls): - """Class method called when write action is called. Can be used - to update any backend specific configuration.""" - pass - - def configure_ipdev(self, cfg): - """Write ifcfg TYPE field for an IPdev, plus any type specific - fields to cfg - """ - raise NotImplementedError - - def preconfigure(self, parent): - """Prepare datapath configuration for PIF, but do not actually - apply any changes. - - Any configuration files should be attached to parent. - """ - raise NotImplementedError - - def bring_down_existing(self): - """Tear down any existing network device configuration which - needs to be undone in order to bring this PIF up. - """ - raise NotImplementedError - - def configure(self): - """Apply the configuration prepared in the preconfigure stage. - - Should assume any configuration files changed attached in - the preconfigure stage are applied and bring up the - necessary devices to provide the datapath for the - PIF. - - Should not bring up the IPdev. - """ - raise NotImplementedError - - def post(self): - """Called after the IPdev has been brought up. - - Should do any final setup, including reinstating any - devices which were taken down in the bring_down_existing - hook. - """ - raise NotImplementedError - - def bring_down(self): - """Tear down and deconfigure the datapath. Should assume the - IPdev has already been brought down. - """ - raise NotImplementedError - -def DatapathFactory(): - # XXX Need a datapath object for bridgeless PIFs - - try: - network_conf = open(root_prefix() + "/etc/xensource/network.conf", 'r') - network_backend = network_conf.readline().strip() - network_conf.close() - except Exception as e: - raise Error("failed to determine network backend:" + e) - - if network_backend == "bridge": - from InterfaceReconfigureBridge import DatapathBridge - return DatapathBridge - elif network_backend in ["openvswitch", "vswitch"]: - from InterfaceReconfigureVswitch import DatapathVswitch - return DatapathVswitch - else: - raise Error("unknown network backend %s" % network_backend) diff --git a/xenserver/opt_xensource_libexec_InterfaceReconfigureBridge.py b/xenserver/opt_xensource_libexec_InterfaceReconfigureBridge.py deleted file mode 100644 index a93e43866..000000000 --- a/xenserver/opt_xensource_libexec_InterfaceReconfigureBridge.py +++ /dev/null @@ -1,476 +0,0 @@ -# Copyright (c) 2008,2009 Citrix Systems, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as published -# by the Free Software Foundation; version 2.1 only. with the special -# exception on linking described in file LICENSE. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -from InterfaceReconfigure import * - -import sys -import time - -sysfs_bonding_masters = root_prefix() + "/sys/class/net/bonding_masters" - -def open_pif_ifcfg(pif): - pifrec = db().get_pif_record(pif) - - interface = pif_netdev_name(pif) - log("Configuring %s (%s)" % (interface, pifrec['MAC'])) - - f = ConfigurationFile("%s/etc/sysconfig/network-scripts/ifcfg-%s" % (root_prefix(), interface)) - - f.write("# DO NOT EDIT: This file (%s) was autogenerated by %s\n" % \ - (os.path.basename(f.path()), os.path.basename(sys.argv[0]))) - f.write("XEMANAGED=yes\n") - f.write("DEVICE=%s\n" % interface) - f.write("ONBOOT=no\n") - - return f - -# -# Bare Network Devices -- network devices without IP configuration -# - -def netdev_down(netdev): - """Bring down a bare network device""" - if not netdev_exists(netdev): - log("netdev: down: device %s does not exist, ignoring" % netdev) - return - run_command(["/sbin/ifdown", netdev]) - -def netdev_up(netdev, mtu=None): - """Bring up a bare network device""" - #if not netdev_exists(netdev): - # raise Error("netdev: up: device %s does not exist" % netdev) - - run_command(["/sbin/ifup", netdev]) - -# -# Bonding driver -# - -def load_bonding_driver(): - log("Loading bonding driver") - run_command(["/sbin/modprobe", "bonding"]) - try: - # bond_device_exists() uses the contents of sysfs_bonding_masters to work out which devices - # have already been created. Unfortunately the driver creates "bond0" automatically at - # modprobe init. Get rid of this now or our accounting will go wrong. - f = open(sysfs_bonding_masters, "w") - f.write("-bond0") - f.close() - except IOError, e: - log("Failed to load bonding driver: %s" % e) - -def bonding_driver_loaded(): - lines = open(root_prefix() + "/proc/modules").read().split("\n") - modules = [line.split(" ")[0] for line in lines] - return "bonding" in modules - -def bond_device_exists(name): - f = open(sysfs_bonding_masters, "r") - bonds = f.readline().split() - f.close() - return name in bonds - -def __create_bond_device(name): - - if not bonding_driver_loaded(): - load_bonding_driver() - - if bond_device_exists(name): - log("bond master %s already exists, not creating" % name) - else: - log("Creating bond master %s" % name) - try: - f = open(sysfs_bonding_masters, "w") - f.write("+" + name) - f.close() - except IOError, e: - log("Failed to create %s: %s" % (name, e)) - -def create_bond_device(pif): - """Ensures that a bond master device exists in the kernel.""" - - if not pif_is_bond(pif): - return - - __create_bond_device(pif_netdev_name(pif)) - -def __destroy_bond_device(name): - if bond_device_exists(name): - retries = 10 # 10 * 0.5 seconds - while retries > 0: - retries = retries - 1 - log("Destroying bond master %s (%d attempts remain)" % (name,retries)) - try: - f = open(sysfs_bonding_masters, "w") - f.write("-" + name) - f.close() - retries = 0 - except IOError, e: - time.sleep(0.5) - else: - log("bond master %s does not exist, not destroying" % name) - -def destroy_bond_device(pif): - """No, Mr. Bond, I expect you to die.""" - - pifrec = db().get_pif_record(pif) - - if not pif_is_bond(pif): - return - - # If the bonding module isn't loaded then do nothing. - if not os.access(sysfs_bonding_masters, os.F_OK): - return - - name = pif_netdev_name(pif) - - __destroy_bond_device(name) - -# -# Bring Interface up/down. -# - -def bring_down_interface(pif, destroy=False): - """Bring down the interface associated with PIF. - - Brings down the given interface as well as any physical interfaces - which are bond slaves of this one. This is because they will be - required when the bond is brought up.""" - - def destroy_bridge(pif): - """Bring down the bridge associated with a PIF.""" - #if not pif_is_bridged(pif): - # return - bridge = pif_bridge_name(pif) - if not netdev_exists(bridge): - log("destroy_bridge: bridge %s does not exist, ignoring" % bridge) - return - log("Destroy bridge %s" % bridge) - netdev_down(bridge) - run_command(["/usr/sbin/brctl", "delbr", bridge]) - - def destroy_vlan(pif): - vlan = pif_netdev_name(pif) - if not netdev_exists(vlan): - log("vconfig del: vlan %s does not exist, ignoring" % vlan) - return - log("Destroy vlan device %s" % vlan) - run_command(["/sbin/vconfig", "rem", vlan]) - - if pif_is_vlan(pif): - interface = pif_netdev_name(pif) - log("bring_down_interface: %s is a VLAN" % interface) - netdev_down(interface) - - if destroy: - destroy_vlan(pif) - destroy_bridge(pif) - else: - return - - slave = pif_get_vlan_slave(pif) - if db().get_pif_record(slave)['currently_attached']: - log("bring_down_interface: vlan slave is currently attached") - return - - masters = pif_get_vlan_masters(slave) - masters = [m for m in masters if m != pif and db().get_pif_record(m)['currently_attached']] - if len(masters) > 0: - log("bring_down_interface: vlan slave has other masters") - return - - log("bring_down_interface: no more masters, bring down vlan slave %s" % pif_netdev_name(slave)) - pif = slave - else: - vlan_masters = pif_get_vlan_masters(pif) - log("vlan masters of %s - %s" % (db().get_pif_record(pif)['device'], [pif_netdev_name(m) for m in vlan_masters])) - if len([m for m in vlan_masters if db().get_pif_record(m)['currently_attached']]) > 0: - log("Leaving %s up due to currently attached VLAN masters" % pif_netdev_name(pif)) - return - - # pif is now either a bond or a physical device which needs to be brought down - - # Need to bring down bond slaves first since the bond device - # must be up to enslave/unenslave. - bond_slaves = pif_get_bond_slaves_sorted(pif) - log("bond slaves of %s - %s" % (db().get_pif_record(pif)['device'], [pif_netdev_name(s) for s in bond_slaves])) - for slave in bond_slaves: - slave_interface = pif_netdev_name(slave) - if db().get_pif_record(slave)['currently_attached']: - log("leave bond slave %s up (currently attached)" % slave_interface) - continue - log("bring down bond slave %s" % slave_interface) - netdev_down(slave_interface) - # Also destroy the bridge associated with the slave, since - # it will carry the MAC address and possibly an IP address - # leading to confusion. - destroy_bridge(slave) - - interface = pif_netdev_name(pif) - log("Bring interface %s down" % interface) - netdev_down(interface) - - if destroy: - destroy_bond_device(pif) - destroy_bridge(pif) - -def interface_is_up(pif): - try: - interface = pif_netdev_name(pif) - state = open("%s/sys/class/net/%s/operstate" % (root_prefix(), interface)).read().strip() - return state == "up" - except: - return False # interface prolly doesn't exist - -def bring_up_interface(pif): - """Bring up the interface associated with a PIF. - - Also bring up the interfaces listed in additional. - """ - - # VLAN on bond seems to need bond brought up explicitly, but VLAN - # on normal device does not. Might as well always bring it up. - if pif_is_vlan(pif): - slave = pif_get_vlan_slave(pif) - if not interface_is_up(slave): - bring_up_interface(slave) - - interface = pif_netdev_name(pif) - - create_bond_device(pif) - - log("Bring interface %s up" % interface) - netdev_up(interface) - - -# -# Datapath topology configuration. -# - -def _configure_physical_interface(pif): - """Write the configuration for a physical interface. - - Writes the configuration file for the physical interface described by - the pif object. - - Returns the open file handle for the interface configuration file. - """ - - pifrec = db().get_pif_record(pif) - - log("Configuring physical interface %s" % pifrec['device']) - - f = open_pif_ifcfg(pif) - - f.write("TYPE=Ethernet\n") - f.write("HWADDR=%(MAC)s\n" % pifrec) - - settings,offload = ethtool_settings(pifrec['other_config'], - PIF_OTHERCONFIG_DEFAULTS) - if len(settings): - f.write("ETHTOOL_OPTS=\"%s\"\n" % str.join(" ", settings)) - if len(offload): - f.write("ETHTOOL_OFFLOAD_OPTS=\"%s\"\n" % str.join(" ", offload)) - - mtu = mtu_setting(pifrec['network'], "PIF", pifrec['other_config']) - if mtu: - f.write("MTU=%s\n" % mtu) - - return f - -def pif_get_bond_slaves_sorted(pif): - pifrec = db().get_pif_record(pif) - - # build a list of slave's pifs - slave_pifs = pif_get_bond_slaves(pif) - - # Ensure any currently attached slaves are listed in the opposite order to the order in - # which they were attached. The first slave attached must be the last detached since - # the bond is using its MAC address. - try: - attached_slaves = open("%s/sys/class/net/%s/bonding/slaves" % (root_prefix(), pifrec['device'])).readline().split() - for slave in attached_slaves: - pifs = [p for p in db().get_pifs_by_device(slave) if not pif_is_vlan(p)] - slave_pif = pifs[0] - slave_pifs.remove(slave_pif) - slave_pifs.insert(0, slave_pif) - except IOError: - pass - - return slave_pifs - -def _configure_bond_interface(pif): - """Write the configuration for a bond interface. - - Writes the configuration file for the bond interface described by - the pif object. Handles writing the configuration for the slave - interfaces. - - Returns the open file handle for the bond interface configuration - file. - """ - - pifrec = db().get_pif_record(pif) - - f = open_pif_ifcfg(pif) - - if pifrec['MAC'] != "": - f.write("MACADDR=%s\n" % pifrec['MAC']) - - for slave in pif_get_bond_slaves(pif): - s = _configure_physical_interface(slave) - s.write("MASTER=%(device)s\n" % pifrec) - s.write("SLAVE=yes\n") - s.close() - f.attach_child(s) - - settings,offload = ethtool_settings(pifrec['other_config']) - if len(settings): - f.write("ETHTOOL_OPTS=\"%s\"\n" % str.join(" ", settings)) - if len(offload): - f.write("ETHTOOL_OFFLOAD_OPTS=\"%s\"\n" % str.join(" ", offload)) - - mtu = mtu_setting(pifrec['network'], "Bond-PIF", pifrec['other_config']) - if mtu: - f.write("MTU=%s\n" % mtu) - - # The bond option defaults - bond_options = { - "mode": "balance-slb", - "miimon": "100", - "downdelay": "200", - "updelay": "31000", - "use_carrier": "1", - "hashing-algorithm": "src_mac", - } - - # override defaults with values from other-config whose keys being with "bond-" - oc = pifrec['other_config'] - overrides = filter(lambda (key,val): key.startswith("bond-"), oc.items()) - overrides = map(lambda (key,val): (key[5:], val), overrides) - bond_options.update(overrides) - - # write the bond options to ifcfg-bondX - f.write('BONDING_OPTS="') - for (name,val) in bond_options.items(): - f.write("%s=%s " % (name,val)) - f.write('"\n') - return f - -def _configure_vlan_interface(pif): - """Write the configuration for a VLAN interface. - - Writes the configuration file for the VLAN interface described by - the pif object. Handles writing the configuration for the master - interface if necessary. - - Returns the open file handle for the VLAN interface configuration - file. - """ - - slave = _configure_pif(pif_get_vlan_slave(pif)) - - pifrec = db().get_pif_record(pif) - - f = open_pif_ifcfg(pif) - f.write("VLAN=yes\n") - - settings,offload = ethtool_settings(pifrec['other_config']) - if len(settings): - f.write("ETHTOOL_OPTS=\"%s\"\n" % str.join(" ", settings)) - if len(offload): - f.write("ETHTOOL_OFFLOAD_OPTS=\"%s\"\n" % str.join(" ", offload)) - - mtu = mtu_setting(pifrec['network'], "VLAN-PIF", pifrec['other_config']) - if mtu: - f.write("MTU=%s\n" % mtu) - - f.attach_child(slave) - - return f - -def _configure_pif(pif): - """Write the configuration for a PIF object. - - Writes the configuration file the PIF and all dependent - interfaces (bond slaves and VLAN masters etc). - - Returns the open file handle for the interface configuration file. - """ - - if pif_is_vlan(pif): - f = _configure_vlan_interface(pif) - elif pif_is_bond(pif): - f = _configure_bond_interface(pif) - else: - f = _configure_physical_interface(pif) - - f.write("BRIDGE=%s\n" % pif_bridge_name(pif)) - f.close() - - return f - -# -# -# - -class DatapathBridge(Datapath): - def __init__(self, pif): - if pif_is_tunnel(pif): - raise Error("Tunnel PIFs are not supported in Bridge mode") - - Datapath.__init__(self, pif) - log("Configured for Bridge datapath") - - def configure_ipdev(self, cfg): - if pif_is_bridged(self._pif): - cfg.write("TYPE=Bridge\n") - cfg.write("DELAY=0\n") - cfg.write("STP=off\n") - cfg.write("PIFDEV=%s\n" % pif_netdev_name(self._pif)) - else: - cfg.write("TYPE=Ethernet\n") - - def preconfigure(self, parent): - pf = _configure_pif(self._pif) - parent.attach_child(pf) - - def bring_down_existing(self): - # Bring down any VLAN masters so that we can reconfigure the slave. - for master in pif_get_vlan_masters(self._pif): - name = pif_netdev_name(master) - log("action_up: bring down vlan master %s" % (name)) - netdev_down(name) - - # interface-reconfigure is never explicitly called to down a bond master. - # However, when we are called to up a slave it is implicit that we are destroying the master. - bond_masters = pif_get_bond_masters(self._pif) - for master in bond_masters: - log("action_up: bring down bond master %s" % (pif_netdev_name(master))) - # bring down master - bring_down_interface(master, destroy=True) - - # No masters left - now its safe to reconfigure the slave. - bring_down_interface(self._pif) - - def configure(self): - bring_up_interface(self._pif) - - def post(self): - # Bring back any currently-attached VLAN masters - for master in [v for v in pif_get_vlan_masters(self._pif) if db().get_pif_record(v)['currently_attached']]: - name = pif_netdev_name(master) - log("action_up: bring up %s" % (name)) - netdev_up(name) - - def bring_down(self): - bring_down_interface(self._pif, destroy=True) diff --git a/xenserver/opt_xensource_libexec_InterfaceReconfigureVswitch.py b/xenserver/opt_xensource_libexec_InterfaceReconfigureVswitch.py deleted file mode 100644 index 53468b706..000000000 --- a/xenserver/opt_xensource_libexec_InterfaceReconfigureVswitch.py +++ /dev/null @@ -1,730 +0,0 @@ -# Copyright (c) 2008,2009,2011 Citrix Systems, Inc. -# Copyright (c) 2009,2010,2011,2012,2013,2017 Nicira, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as published -# by the Free Software Foundation; version 2.1 only. with the special -# exception on linking described in file LICENSE. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -from InterfaceReconfigure import * -import os -import re -import subprocess - -# -# Bare Network Devices -- network devices without IP configuration -# - -def netdev_down(netdev): - """Bring down a bare network device""" - if not netdev_exists(netdev): - log("netdev: down: device %s does not exist, ignoring" % netdev) - return - run_command(["/sbin/ip", "link", "set", netdev, 'down']) - -def netdev_up(netdev, mtu=None): - """Bring up a bare network device""" - if not netdev_exists(netdev): - raise Error("netdev: up: device %s does not exist" % netdev) - - if mtu: - mtu = ["mtu", mtu] - else: - mtu = [] - - run_command(["/sbin/ip", "link", "set", netdev, 'up'] + mtu) - -# This is a list of drivers that do support VLAN tx or rx acceleration, but -# to which the VLAN bug workaround should not be applied. This could be -# because these are known-good drivers (that is, they do not have any of -# the bugs that the workaround avoids) or because the VLAN bug workaround -# will not work for them and may cause other problems. -# -# This is a very short list because few drivers have been tested. -NO_VLAN_WORKAROUND_DRIVERS = ( - "bonding", -) -def netdev_get_driver_name(netdev): - """Returns the name of the driver for network device 'netdev'""" - symlink = '%s/sys/class/net/%s/device/driver' % (root_prefix(), netdev) - try: - target = os.readlink(symlink) - except OSError as e: - log("%s: could not read netdev's driver name (%s)" % (netdev, e)) - return None - - slash = target.rfind('/') - if slash < 0: - log("target %s of symbolic link %s does not contain slash" - % (target, symlink)) - return None - - return target[slash + 1:] - -def netdev_get_features(netdev): - """Returns the features bitmap for the driver for 'netdev'. - The features bitmap is a set of NETIF_F_ flags supported by its driver.""" - try: - features = open("%s/sys/class/net/%s/features" % (root_prefix(), netdev)).read().strip() - return int(features, 0) - except: - return 0 # interface prolly doesn't exist - -def netdev_has_vlan_accel(netdev): - """Returns True if 'netdev' supports VLAN acceleration, False otherwise.""" - NETIF_F_HW_VLAN_TX = 128 - NETIF_F_HW_VLAN_RX = 256 - NETIF_F_VLAN = NETIF_F_HW_VLAN_TX | NETIF_F_HW_VLAN_RX - return (netdev_get_features(netdev) & NETIF_F_VLAN) != 0 - -# -# PIF miscellanea -# - -def pif_currently_in_use(pif): - """Determine if a PIF is currently in use. - - A PIF is determined to be currently in use if - - PIF.currently-attached is true - - Any bond master is currently attached - - Any VLAN master is currently attached - """ - rec = db().get_pif_record(pif) - if rec['currently_attached']: - log("configure_datapath: %s is currently attached" % (pif_netdev_name(pif))) - return True - for b in pif_get_bond_masters(pif): - if pif_currently_in_use(b): - log("configure_datapath: %s is in use by BOND master %s" % (pif_netdev_name(pif),pif_netdev_name(b))) - return True - for v in pif_get_vlan_masters(pif): - if pif_currently_in_use(v): - log("configure_datapath: %s is in use by VLAN master %s" % (pif_netdev_name(pif),pif_netdev_name(v))) - return True - return False - -# -# Datapath Configuration -# - -def pif_datapath(pif): - """Return the datapath PIF associated with PIF. -A non-VLAN PIF is its own datapath PIF, except that a bridgeless PIF has -no datapath PIF at all. -A VLAN PIF's datapath PIF is its VLAN slave's datapath PIF. -""" - if pif_is_vlan(pif): - return pif_datapath(pif_get_vlan_slave(pif)) - - pifrec = db().get_pif_record(pif) - nwrec = db().get_network_record(pifrec['network']) - if not nwrec['bridge']: - return None - else: - return pif - -def datapath_get_physical_pifs(pif): - """Return the PIFs for the physical network device(s) associated with a datapath PIF. -For a bond master PIF, these are the bond slave PIFs. -For a non-VLAN, non-bond master PIF, the PIF is its own physical device PIF. - -A VLAN PIF cannot be a datapath PIF. -""" - if pif_is_tunnel(pif): - return [] - elif pif_is_vlan(pif): - # Seems like overkill... - raise Error("get-physical-pifs should not get passed a VLAN") - elif pif_is_bond(pif): - return pif_get_bond_slaves(pif) - else: - return [pif] - -def datapath_deconfigure_physical(netdev): - return ['--', '--with-iface', '--if-exists', 'del-port', netdev] - -def vsctl_escape(s): - if s.isalnum(): - return s - - def escape(match): - c = match.group(0) - if c == '\0': - raise Error("strings may not contain null bytes") - elif c == '\\': - return r'\\' - elif c == '\n': - return r'\n' - elif c == '\r': - return r'\r' - elif c == '\t': - return r'\t' - elif c == '\b': - return r'\b' - elif c == '\a': - return r'\a' - else: - return r'\x%02x' % ord(c) - return '"' + re.sub(r'["\\\000-\037]', escape, s) + '"' - -def datapath_configure_tunnel(pif): - pass - -def datapath_configure_bond(pif,slaves): - bridge = pif_bridge_name(pif) - pifrec = db().get_pif_record(pif) - interface = pif_netdev_name(pif) - - argv = ['--', '--fake-iface', 'add-bond', bridge, interface] - for slave in slaves: - argv += [pif_netdev_name(slave)] - - # Bonding options. - bond_options = { - "mode": "balance-slb", - "miimon": "100", - "downdelay": "200", - "updelay": "31000", - "use_carrier": "1", - "hashing-algorithm": "src_mac", - } - # override defaults with values from other-config whose keys - # being with "bond-" - oc = pifrec['other_config'] - overrides = filter(lambda key_val: - key_val[0].startswith("bond-"), oc.items()) - overrides = map(lambda key_val: (key_val[0][5:], key_val[1]), overrides) - bond_options.update(overrides) - mode = None - halgo = None - - argv += ['--', 'set', 'Port', interface] - if pifrec['MAC'] != "": - argv += ['MAC=%s' % vsctl_escape(pifrec['MAC'])] - for (name,val) in sorted(bond_options.items()): - if name in ['updelay', 'downdelay']: - # updelay and downdelay have dedicated schema columns. - # The value must be a nonnegative integer. - try: - value = int(val) - if value < 0: - raise ValueError - - argv += ['bond_%s=%d' % (name, value)] - except ValueError: - log("bridge %s has invalid %s '%s'" % (bridge, name, value)) - elif name in ['miimon', 'use_carrier']: - try: - value = int(val) - if value < 0: - raise ValueError - - if name == 'use_carrier': - if value: - value = "carrier" - else: - value = "miimon" - argv += ["other-config:bond-detect-mode=%s" % value] - else: - argv += ["other-config:bond-miimon-interval=%d" % value] - except ValueError: - log("bridge %s has invalid %s '%s'" % (bridge, name, value)) - elif name == "mode": - mode = val - elif name == "hashing-algorithm": - halgo = val - else: - # Pass other bond options into other_config. - argv += ["other-config:%s=%s" % (vsctl_escape("bond-%s" % name), - vsctl_escape(val))] - - if mode == 'lacp': - argv += ['lacp=active'] - - if halgo == 'src_mac': - argv += ['bond_mode=balance-slb'] - elif halgo == "tcpudp_ports": - argv += ['bond_mode=balance-tcp'] - else: - log("bridge %s has invalid bond-hashing-algorithm '%s'" % (bridge, halgo)) - argv += ['bond_mode=balance-slb'] - elif mode in ['balance-slb', 'active-backup']: - argv += ['lacp=off', 'bond_mode=%s' % mode] - else: - log("bridge %s has invalid bond-mode '%s'" % (bridge, mode)) - argv += ['lacp=off', 'bond_mode=balance-slb'] - - return argv - -def datapath_deconfigure_bond(netdev): - return ['--', '--with-iface', '--if-exists', 'del-port', netdev] - -def datapath_deconfigure_ipdev(interface): - return ['--', '--with-iface', '--if-exists', 'del-port', interface] - -def datapath_modify_config(commands): - #log("modifying configuration:") - #for c in commands: - # log(" %s" % c) - - rc = run_command(['/usr/bin/ovs-vsctl'] + ['--timeout=20'] - + [c for c in commands if not c.startswith('#')]) - if not rc: - raise Error("Failed to modify vswitch configuration") - return True - -# -# Toplevel Datapath Configuration. -# - -def configure_datapath(pif): - """Bring up the configuration for 'pif', which must not be a VLAN PIF, by: - - Tearing down other PIFs that use the same physical devices as 'pif'. - - Ensuring that 'pif' itself is set up. - - *Not* tearing down any PIFs that are stacked on top of 'pif' (i.e. VLANs - on top of 'pif'. - - Returns a tuple containing - - A list containing the necessary vsctl command line arguments - - A list of additional devices which should be brought up after - the configuration is applied. - - A list containing flows to apply to the pif bridge, note that - port numbers may need to be substituted once ofport is known - """ - - vsctl_argv = [] - extra_up_ports = [] - bridge_flows = [] - - assert not pif_is_vlan(pif) - bridge = pif_bridge_name(pif) - - physical_devices = datapath_get_physical_pifs(pif) - - vsctl_argv += ['## configuring datapath %s' % bridge] - - # Determine additional devices to deconfigure. - # - # Given all physical devices which are part of this PIF we need to - # consider: - # - any additional bond which a physical device is part of. - # - any additional physical devices which are part of an additional bond. - # - # Any of these which are not currently in use should be brought - # down and deconfigured. - extra_down_bonds = [] - extra_down_ports = [] - for p in physical_devices: - for bond in pif_get_bond_masters(p): - if bond == pif: - log("configure_datapath: leaving bond %s up" % pif_netdev_name(bond)) - continue - if bond in extra_down_bonds: - continue - if db().get_pif_record(bond)['currently_attached']: - log("configure_datapath: implicitly tearing down currently-attached bond %s" % pif_netdev_name(bond)) - - extra_down_bonds += [bond] - - for s in pif_get_bond_slaves(bond): - if s in physical_devices: - continue - if s in extra_down_ports: - continue - if pif_currently_in_use(s): - continue - extra_down_ports += [s] - - log("configure_datapath: bridge - %s" % bridge) - log("configure_datapath: physical - %s" % [pif_netdev_name(p) for p in physical_devices]) - log("configure_datapath: extra ports - %s" % [pif_netdev_name(p) for p in extra_down_ports]) - log("configure_datapath: extra bonds - %s" % [pif_netdev_name(p) for p in extra_down_bonds]) - - # Need to fully deconfigure any bridge which any of the: - # - physical devices - # - bond devices - # - sibling devices - # refers to - for brpif in physical_devices + extra_down_ports + extra_down_bonds: - if brpif == pif: - continue - b = pif_bridge_name(brpif) - #ifdown(b) - # XXX - netdev_down(b) - vsctl_argv += ['# remove bridge %s' % b] - vsctl_argv += ['--', '--if-exists', 'del-br', b] - - for n in extra_down_ports: - dev = pif_netdev_name(n) - vsctl_argv += ['# deconfigure sibling physical device %s' % dev] - vsctl_argv += datapath_deconfigure_physical(dev) - netdev_down(dev) - - for n in extra_down_bonds: - dev = pif_netdev_name(n) - vsctl_argv += ['# deconfigure bond device %s' % dev] - vsctl_argv += datapath_deconfigure_bond(dev) - netdev_down(dev) - - for p in physical_devices: - dev = pif_netdev_name(p) - vsctl_argv += ['# deconfigure physical port %s' % dev] - vsctl_argv += datapath_deconfigure_physical(dev) - - vsctl_argv += ['--', '--may-exist', 'add-br', bridge] - - if len(physical_devices) > 1: - vsctl_argv += ['# deconfigure bond %s' % pif_netdev_name(pif)] - vsctl_argv += datapath_deconfigure_bond(pif_netdev_name(pif)) - vsctl_argv += ['# configure bond %s' % pif_netdev_name(pif)] - vsctl_argv += datapath_configure_bond(pif, physical_devices) - extra_up_ports += [pif_netdev_name(pif)] - elif len(physical_devices) == 1: - iface = pif_netdev_name(physical_devices[0]) - vsctl_argv += ['# add physical device %s' % iface] - vsctl_argv += ['--', '--may-exist', 'add-port', bridge, iface] - elif pif_is_tunnel(pif): - datapath_configure_tunnel(pif) - - vsctl_argv += ['# configure Bridge MAC'] - vsctl_argv += ['--', 'set', 'Bridge', bridge, - 'other-config:hwaddr=%s' % vsctl_escape(db().get_pif_record(pif)['MAC'])] - - pool = db().get_pool_record() - network = db().get_network_by_bridge(bridge) - network_rec = None - fail_mode = None - valid_fail_modes = ['standalone', 'secure'] - - if network: - network_rec = db().get_network_record(network) - fail_mode = network_rec['other_config'].get('vswitch-controller-fail-mode') - - if (fail_mode not in valid_fail_modes) and pool: - fail_mode = pool['other_config'].get('vswitch-controller-fail-mode') - # Add default flows to allow management traffic if fail-mode - # transitions to secure based on pool fail-mode setting - if fail_mode == 'secure' and db().get_pif_record(pif).get('management', False): - prev_fail_mode = vswitchCfgQuery(['get-fail-mode', bridge]) - if prev_fail_mode != 'secure': - tp = 'idle_timeout=0,priority=0' - host_mgmt_mac = db().get_pif_record(pif)['MAC'] - # account for bond as management interface - if len(physical_devices) > 1: - bridge_flows += ['%s,in_port=local,arp,dl_src=%s,actions=NORMAL' % (tp, host_mgmt_mac)] - bridge_flows += ['%s,in_port=local,dl_src=%s,actions=NORMAL' % (tp, host_mgmt_mac)] - # we don't know slave ofports yet, substitute later - bridge_flows += ['%s,in_port=%%s,arp,nw_proto=1,actions=local' % (tp)] - bridge_flows += ['%s,in_port=%%s,dl_dst=%s,actions=local' % (tp, host_mgmt_mac)] - else: - bridge_flows += ['%s,in_port=%%s,arp,nw_proto=1,actions=local' % (tp)] - bridge_flows += ['%s,in_port=local,arp,dl_src=%s,actions=%%s' % (tp, host_mgmt_mac)] - bridge_flows += ['%s,in_port=%%s,dl_dst=%s,actions=local' % (tp, host_mgmt_mac)] - bridge_flows += ['%s,in_port=local,dl_src=%s,actions=%%s' % (tp, host_mgmt_mac)] - - if fail_mode not in valid_fail_modes: - fail_mode = 'standalone' - - vsctl_argv += ['--', 'set', 'Bridge', bridge, 'fail_mode=%s' % fail_mode] - - if network_rec: - dib = network_rec['other_config'].get('vswitch-disable-in-band') - if not dib: - vsctl_argv += ['--', 'remove', 'Bridge', bridge, 'other_config', 'disable-in-band'] - elif dib in ['true', 'false']: - vsctl_argv += ['--', 'set', 'Bridge', bridge, 'other_config:disable-in-band=' + dib] - else: - log('"' + dib + '"' "isn't a valid setting for other_config:disable-in-band on " + bridge) - - vsctl_argv += set_br_external_ids(pif) - vsctl_argv += ['## done configuring datapath %s' % bridge] - - return vsctl_argv,extra_up_ports,bridge_flows - -def deconfigure_bridge(pif): - vsctl_argv = [] - - bridge = pif_bridge_name(pif) - - log("deconfigure_bridge: bridge - %s" % bridge) - - vsctl_argv += ['# deconfigure bridge %s' % bridge] - vsctl_argv += ['--', '--if-exists', 'del-br', bridge] - - return vsctl_argv - -def set_br_external_ids(pif): - pifrec = db().get_pif_record(pif) - dp = pif_datapath(pif) - dprec = db().get_pif_record(dp) - - xs_network_uuids = [] - for nwpif in db().get_pifs_by_device(pifrec['device']): - rec = db().get_pif_record(nwpif) - - # When state is read from dbcache PIF.currently_attached - # is always assumed to be false... Err on the side of - # listing even detached networks for the time being. - #if nwpif != pif and not rec['currently_attached']: - # log("Network PIF %s not currently attached (%s)" % (rec['uuid'],pifrec['uuid'])) - # continue - nwrec = db().get_network_record(rec['network']) - - uuid = nwrec['uuid'] - if pif_is_vlan(nwpif): - xs_network_uuids.append(uuid) - else: - xs_network_uuids.insert(0, uuid) - - vsctl_argv = [] - vsctl_argv += ['# configure xs-network-uuids'] - vsctl_argv += ['--', 'br-set-external-id', pif_bridge_name(pif), - 'xs-network-uuids', ';'.join(xs_network_uuids)] - - return vsctl_argv - -# -# -# - -class DatapathVswitch(Datapath): - def __init__(self, pif): - Datapath.__init__(self, pif) - self._dp = pif_datapath(pif) - self._ipdev = pif_ipdev_name(pif) - self._bridge_flows = [] - - if pif_is_vlan(pif) and not self._dp: - raise Error("Unbridged VLAN devices not implemented yet") - - log("Configured for Vswitch datapath") - - @classmethod - def rewrite(cls): - if not os.path.exists("/var/run/openvswitch/db.sock"): - # ovsdb-server is not running, so we can't update the database. - # Probably we are being called as part of system shutdown. Just - # skip the update, since the external-ids will be updated on the - # next boot anyhow. - return - - vsctl_argv = [] - for pif in db().get_all_pifs(): - pifrec = db().get_pif_record(pif) - if not pif_is_vlan(pif) and pifrec['currently_attached']: - vsctl_argv += set_br_external_ids(pif) - - if vsctl_argv != []: - datapath_modify_config(vsctl_argv) - - def configure_ipdev(self, cfg): - cfg.write("TYPE=Ethernet\n") - - def preconfigure(self, parent): - vsctl_argv = [] - extra_ports = [] - bridge_flows = [] - - pifrec = db().get_pif_record(self._pif) - dprec = db().get_pif_record(self._dp) - - ipdev = self._ipdev - c,e,f = configure_datapath(self._dp) - bridge = pif_bridge_name(self._pif) - vsctl_argv += c - extra_ports += e - bridge_flows += f - - dpname = pif_bridge_name(self._dp) - - if pif_is_vlan(self._pif): - # In some cases XAPI may misguidedly leave an instance of - # 'bridge' which should be deleted. - vsctl_argv += ['--', '--if-exists', 'del-br', bridge] - - # configure_datapath() set up the underlying datapath bridge. - # Stack a VLAN bridge on top of it. - vsctl_argv += ['--', '--may-exist', 'add-br', - bridge, dpname, pifrec['VLAN']] - - vsctl_argv += set_br_external_ids(self._pif) - - if ipdev != bridge: - vsctl_argv += ["# deconfigure ipdev %s" % ipdev] - vsctl_argv += datapath_deconfigure_ipdev(ipdev) - vsctl_argv += ["# reconfigure ipdev %s" % ipdev] - vsctl_argv += ['--', 'add-port', bridge, ipdev] - - if ipdev != dpname: - vsctl_argv += ['# configure Interface MAC'] - vsctl_argv += ['--', 'set', 'Interface', pif_ipdev_name(self._pif), - 'MAC=%s' % vsctl_escape(dprec['MAC'])] - - self._vsctl_argv = vsctl_argv - self._extra_ports = extra_ports - self._bridge_flows = bridge_flows - - def bring_down_existing(self): - # interface-reconfigure is never explicitly called to down a - # bond master. However, when we are called to up a slave it - # is implicit that we are destroying the master. Conversely, - # when we are called to up a bond is is implicit that we are - # taking down the slaves. - # - # This is (only) important in the case where the device being - # implicitly taken down uses DHCP. We need to kill the - # dhclient process, otherwise performing the inverse operation - # later later will fail because ifup will refuse to start a - # duplicate dhclient. - bond_masters = pif_get_bond_masters(self._pif) - for master in bond_masters: - log("action_up: bring down bond master %s" % (pif_netdev_name(master))) - run_command(["/sbin/ifdown", pif_bridge_name(master)]) - - bond_slaves = pif_get_bond_slaves(self._pif) - for slave in bond_slaves: - log("action_up: bring down bond slave %s" % (pif_netdev_name(slave))) - run_command(["/sbin/ifdown", pif_bridge_name(slave)]) - - def configure(self): - # Bring up physical devices. ovs-vswitchd initially enables or - # disables bond slaves based on whether carrier is detected - # when they are added, and a network device that is down - # always reports "no carrier". - physical_devices = datapath_get_physical_pifs(self._dp) - - if pif_is_bond(self._dp): - brec = db().get_pif_record(self._dp) - bond_mtu = mtu_setting(brec['network'], "PIF", brec['other_config']) - else: - bond_mtu = None - - for p in physical_devices: - prec = db().get_pif_record(p) - oc = prec['other_config'] - - dev = pif_netdev_name(p) - - if bond_mtu: - mtu = bond_mtu - else: - mtu = mtu_setting(prec['network'], "PIF", oc) - - netdev_up(dev, mtu) - - settings, offload = ethtool_settings(oc, PIF_OTHERCONFIG_DEFAULTS) - if len(settings): - run_command(['/sbin/ethtool', '-s', dev] + settings) - if len(offload): - run_command(['/sbin/ethtool', '-K', dev] + offload) - - driver = netdev_get_driver_name(dev) - if 'vlan-bug-workaround' in oc: - vlan_bug_workaround = oc['vlan-bug-workaround'] == 'true' - elif driver in NO_VLAN_WORKAROUND_DRIVERS: - vlan_bug_workaround = False - else: - vlan_bug_workaround = netdev_has_vlan_accel(dev) - - if vlan_bug_workaround: - setting = 'on' - else: - setting = 'off' - run_command(['/usr/sbin/ovs-vlan-bug-workaround', dev, setting]) - - datapath_modify_config(self._vsctl_argv) - if self._bridge_flows: - ofports = [] - physical_devices = datapath_get_physical_pifs(self._dp) - if len(physical_devices) > 1: - for slave in physical_devices: - name = pif_netdev_name(slave) - ofport = vswitchCfgQuery(['get', 'interface', name, 'ofport']) - ofports.append(ofport) - else: - name = pif_netdev_name(self._dp) - ofport = vswitchCfgQuery(['get', 'interface', name, 'ofport']) - ofports.append(ofport) - dpname = pif_bridge_name(self._dp) - for flow in self._bridge_flows: - if flow.find('in_port=%s') != -1 or flow.find('actions=%s') != -1: - for port in ofports: - f = flow % (port.decode()) - run_command(['/usr/bin/ovs-ofctl', 'add-flow', dpname, f]) - else: - run_command(['/usr/bin/ovs-ofctl', 'add-flow', dpname, flow]) - - def post(self): - for p in self._extra_ports: - log("action_up: bring up %s" % p) - netdev_up(p) - - def bring_down(self): - vsctl_argv = [] - - dp = self._dp - ipdev = self._ipdev - - bridge = pif_bridge_name(dp) - - log("deconfigure ipdev %s on %s" % (ipdev,bridge)) - vsctl_argv += ["# deconfigure ipdev %s" % ipdev] - vsctl_argv += datapath_deconfigure_ipdev(ipdev) - - if pif_is_vlan(self._pif): - # Delete the VLAN bridge. - vsctl_argv += deconfigure_bridge(self._pif) - - # If the VLAN's slave is attached, leave datapath setup. - slave = pif_get_vlan_slave(self._pif) - if db().get_pif_record(slave)['currently_attached']: - log("action_down: vlan slave is currently attached") - dp = None - - # If the VLAN's slave has other VLANs that are attached, leave datapath setup. - for master in pif_get_vlan_masters(slave): - if master != self._pif and db().get_pif_record(master)['currently_attached']: - log("action_down: vlan slave has other master: %s" % pif_netdev_name(master)) - dp = None - - # Otherwise, take down the datapath too (fall through) - if dp: - log("action_down: no more masters, bring down slave %s" % bridge) - else: - # Stop here if this PIF has attached VLAN masters. - masters = [db().get_pif_record(m)['VLAN'] for m in pif_get_vlan_masters(self._pif) if db().get_pif_record(m)['currently_attached']] - if len(masters) > 0: - log("Leaving datapath %s up due to currently attached VLAN masters %s" % (bridge, masters)) - dp = None - - if dp: - vsctl_argv += deconfigure_bridge(dp) - - physical_devices = [pif_netdev_name(p) for p in datapath_get_physical_pifs(dp)] - - log("action_down: bring down physical devices - %s" % physical_devices) - - for p in physical_devices: - netdev_down(p) - - datapath_modify_config(vsctl_argv) - -# -# utility methods -# - -def vswitchCfgQuery(action_args): - cmd = ['%s/usr/bin/ovs-vsctl' % root_prefix(), - '-vconsole:off'] + action_args - output = subprocess.Popen(cmd, stdout=subprocess.PIPE).communicate() - if len(output) == 0 or output[0] == None: - output = "" - else: - output = output[0].strip() - return output diff --git a/xenserver/opt_xensource_libexec_interface-reconfigure b/xenserver/opt_xensource_libexec_interface-reconfigure deleted file mode 100755 index a82043fb5..000000000 --- a/xenserver/opt_xensource_libexec_interface-reconfigure +++ /dev/null @@ -1,739 +0,0 @@ -#!/usr/bin/env python -# -# Copyright (c) 2008,2009 Citrix Systems, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as published -# by the Free Software Foundation; version 2.1 only. with the special -# exception on linking described in file LICENSE. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -"""Usage: - - %(command-name)s up - %(command-name)s down - %(command-name)s rewrite - %(command-name)s --force up - %(command-name)s --force down - %(command-name)s --force rewrite --device= --mac= - - where is one of: - --session --pif - --pif-uuid - and is one of: - --mode=dhcp - --mode=static --ip= --netmask= [--gateway=] - - Options: - --session A session reference to use to access the xapi DB - --pif A PIF reference within the session. - --pif-uuid The UUID of a PIF. - --force An interface name. - --root-prefix=DIR Use DIR as alternate root directory (for testing). - --no-syslog Write log messages to stderr instead of system log. -""" - -# Notes: -# 1. Every pif belongs to exactly one network -# 2. Every network has zero or one pifs -# 3. A network may have an associated bridge, allowing vifs to be attached -# 4. A network may be bridgeless (there's no point having a bridge over a storage pif) - -from InterfaceReconfigure import * - -import os, sys, getopt -import syslog -import traceback -import re -import random -import syslog - -management_pif = None - -dbcache_file = "/var/xapi/network.dbcache" - -# -# Logging. -# - -def log_pif_action(action, pif): - pifrec = db().get_pif_record(pif) - rec = {} - rec['uuid'] = pifrec['uuid'] - rec['ip_configuration_mode'] = pifrec['ip_configuration_mode'] - rec['action'] = action - rec['pif_netdev_name'] = pif_netdev_name(pif) - rec['message'] = "Bring %(action)s PIF %(uuid)s" % rec - log("%(message)s: %(pif_netdev_name)s configured as %(ip_configuration_mode)s" % rec) - -# -# Exceptions. -# - -class Usage(Exception): - def __init__(self, msg): - Exception.__init__(self) - self.msg = msg - -# -# Boot from Network filesystem or device. -# - -def check_allowed(pif): - """Determine whether interface-reconfigure should be manipulating this PIF. - - Used to prevent system PIFs (such as network root disk) from being interfered with. - """ - - pifrec = db().get_pif_record(pif) - try: - f = open(root_prefix() + "/proc/ardence") - macline = filter(lambda x: x.startswith("HWaddr:"), f.readlines()) - f.close() - if len(macline) == 1: - p = re.compile(".*\s%(MAC)s\s.*" % pifrec, re.IGNORECASE) - if p.match(macline[0]): - log("Skipping PVS device %(device)s (%(MAC)s)" % pifrec) - return False - except IOError: - pass - return True - -# -# Bare Network Devices -- network devices without IP configuration -# - -def netdev_remap_name(pif, already_renamed=[]): - """Check whether 'pif' exists and has the correct MAC. - If not, try to find a device with the correct MAC and rename it. - 'already_renamed' is used to avoid infinite recursion. - """ - - def read1(name): - file = None - try: - file = open(name, 'r') - return file.readline().rstrip('\n') - finally: - if file != None: - file.close() - - def get_netdev_mac(device): - try: - return read1("%s/sys/class/net/%s/address" % (root_prefix(), device)) - except: - # Probably no such device. - return None - - def get_netdev_tx_queue_len(device): - try: - return int(read1("%s/sys/class/net/%s/tx_queue_len" % (root_prefix(), device))) - except: - # Probably no such device. - return None - - def get_netdev_by_mac(mac): - for device in os.listdir(root_prefix() + "/sys/class/net"): - dev_mac = get_netdev_mac(device) - if (dev_mac and mac.lower() == dev_mac.lower() and - get_netdev_tx_queue_len(device)): - return device - return None - - def rename_netdev(old_name, new_name): - raise Error("Trying to rename %s to %s - This functionality has been removed" % (old_name, new_name)) - # log("Changing the name of %s to %s" % (old_name, new_name)) - # run_command(['/sbin/ip', 'link', 'set', old_name, 'down']) - # if not run_command(['/sbin/ip', 'link', 'set', old_name, 'name', new_name]): - # raise Error("Could not rename %s to %s" % (old_name, new_name)) - - pifrec = db().get_pif_record(pif) - device = pifrec['device'] - mac = pifrec['MAC'] - - # Is there a network device named 'device' at all? - device_exists = netdev_exists(device) - if device_exists: - # Yes. Does it have MAC 'mac'? - found_mac = get_netdev_mac(device) - if found_mac and mac.lower() == found_mac.lower(): - # Yes, everything checks out the way we want. Nothing to do. - return - else: - log("No network device %s" % device) - - # What device has MAC 'mac'? - cur_device = get_netdev_by_mac(mac) - if not cur_device: - log("No network device has MAC %s" % mac) - return - - # First rename 'device', if it exists, to get it out of the way - # for 'cur_device' to replace it. - if device_exists: - rename_netdev(device, "dev%d" % random.getrandbits(24)) - - # Rename 'cur_device' to 'device'. - rename_netdev(cur_device, device) - -# -# IP Network Devices -- network devices with IP configuration -# - -def ifdown(netdev): - """Bring down a network interface""" - if not netdev_exists(netdev): - log("ifdown: device %s does not exist, ignoring" % netdev) - return - if not os.path.exists("%s/etc/sysconfig/network-scripts/ifcfg-%s" % (root_prefix(), netdev)): - log("ifdown: device %s exists but ifcfg-%s does not" % (netdev,netdev)) - run_command(["/sbin/ip", "link", "set", netdev, 'down']) - return - run_command(["/sbin/ifdown", netdev]) - -def ifup(netdev): - """Bring up a network interface""" - if not os.path.exists(root_prefix() + "/etc/sysconfig/network-scripts/ifcfg-%s" % netdev): - raise Error("ifup: device %s exists but ifcfg-%s does not" % (netdev,netdev)) - d = os.getenv("DHCLIENTARGS","") - if os.path.exists("/etc/firstboot.d/data/firstboot_in_progress"): - os.putenv("DHCLIENTARGS", d + " -T 240 " ) - run_command(["/sbin/ifup", netdev]) - os.putenv("DHCLIENTARGS", d ) - -# -# -# - -def pif_rename_physical_devices(pif): - if pif_is_tunnel(pif): - return - - if pif_is_vlan(pif): - pif = pif_get_vlan_slave(pif) - - if pif_is_bond(pif): - pifs = pif_get_bond_slaves(pif) - else: - pifs = [pif] - - for pif in pifs: - netdev_remap_name(pif) - -# -# IP device configuration -# - -def ipdev_configure_static_routes(interface, oc, f): - """Open a route- file for static routes. - - Opens the static routes configuration file for interface and writes one - line for each route specified in the network's other config "static-routes" value. - E.g. if - interface ( RO): xenbr1 - other-config (MRW): static-routes: 172.16.0.0/15/192.168.0.3,172.18.0.0/16/192.168.0.4;... - - Then route-xenbr1 should be - 172.16.0.0/15 via 192.168.0.3 dev xenbr1 - 172.18.0.0/16 via 192.168.0.4 dev xenbr1 - """ - if 'static-routes' in oc: - # The key is present - extract comma separates entries - lines = oc['static-routes'].split(',') - else: - # The key is not present, i.e. there are no static routes - lines = [] - - child = ConfigurationFile("%s/etc/sysconfig/network-scripts/route-%s" % (root_prefix(), interface)) - child.write("# DO NOT EDIT: This file (%s) was autogenerated by %s\n" % \ - (os.path.basename(child.path()), os.path.basename(sys.argv[0]))) - - try: - for l in lines: - network, masklen, gateway = l.split('/') - child.write("%s/%s via %s dev %s\n" % (network, masklen, gateway, interface)) - - f.attach_child(child) - child.close() - - except ValueError as e: - log("Error in other-config['static-routes'] format for network %s: %s" % (interface, e)) - -def ipdev_open_ifcfg(pif): - ipdev = pif_ipdev_name(pif) - - log("Writing network configuration for %s" % ipdev) - - f = ConfigurationFile("%s/etc/sysconfig/network-scripts/ifcfg-%s" % (root_prefix(), ipdev)) - - f.write("# DO NOT EDIT: This file (%s) was autogenerated by %s\n" % \ - (os.path.basename(f.path()), os.path.basename(sys.argv[0]))) - f.write("XEMANAGED=yes\n") - f.write("DEVICE=%s\n" % ipdev) - f.write("ONBOOT=no\n") - f.write("NOZEROCONF=yes\n") - - return f - -def ipdev_configure_network(pif, dp): - """Write the configuration file for a network. - - Writes configuration derived from the network object into the relevant - ifcfg file. The configuration file is passed in, but if the network is - bridgeless it will be ifcfg-, otherwise it will be ifcfg-. - - This routine may also write ifcfg files of the networks corresponding to other PIFs - in order to maintain consistency. - - params: - pif: Opaque_ref of pif - dp: Datapath object - """ - - pifrec = db().get_pif_record(pif) - nw = pifrec['network'] - nwrec = db().get_network_record(nw) - - ipdev = pif_ipdev_name(pif) - - f = ipdev_open_ifcfg(pif) - - mode = pifrec['ip_configuration_mode'] - log("Configuring %s using %s configuration" % (ipdev, mode)) - - oc = None - if 'other_config' in pifrec: - oc = pifrec['other_config'] - - dp.configure_ipdev(f) - - if pifrec['ip_configuration_mode'] == "DHCP": - f.write("BOOTPROTO=dhcp\n") - f.write("PERSISTENT_DHCLIENT=yes\n") - elif pifrec['ip_configuration_mode'] == "Static": - f.write("BOOTPROTO=none\n") - f.write("NETMASK=%(netmask)s\n" % pifrec) - f.write("IPADDR=%(IP)s\n" % pifrec) - f.write("GATEWAY=%(gateway)s\n" % pifrec) - elif pifrec['ip_configuration_mode'] == "None": - f.write("BOOTPROTO=none\n") - else: - raise Error("Unknown ip-configuration-mode %s" % pifrec['ip_configuration_mode']) - - if 'other_config' in nwrec: - settings,offload = ethtool_settings(nwrec['other_config']) - if len(settings): - f.write("ETHTOOL_OPTS=\"%s\"\n" % str.join(" ", settings)) - if len(offload): - f.write("ETHTOOL_OFFLOAD_OPTS=\"%s\"\n" % str.join(" ", offload)) - - ipdev_configure_static_routes(ipdev, nwrec['other_config'], f) - - mtu = mtu_setting(nw, "Network", nwrec['other_config']) - if mtu: - f.write("MTU=%s\n" % mtu) - - - if 'DNS' in pifrec and pifrec['DNS'] != "": - ServerList = pifrec['DNS'].split(",") - for i in range(len(ServerList)): f.write("DNS%d=%s\n" % (i+1, ServerList[i])) - if oc and 'domain' in oc: - f.write("DOMAIN='%s'\n" % oc['domain'].replace(',', ' ')) - - # There can be only one DNSDEV and one GATEWAYDEV in /etc/sysconfig/network. - # - # The peerdns pif will be the one with - # pif::other-config:peerdns=true, or the mgmt pif if none have - # this set. - # - # The gateway pif will be the one with - # pif::other-config:defaultroute=true, or the mgmt pif if none - # have this set. - - # Work out which pif on this host should be the DNSDEV and which - # should be the GATEWAYDEV - # - # Note: we prune out the bond master pif (if it exists). This is - # because when we are called to bring up an interface with a bond - # master, it is implicit that we should bring down that master. - - pifs_on_host = [p for p in db().get_all_pifs() if not p in pif_get_bond_masters(pif)] - - # now prune out bond slaves as they are not connected to the IP - # stack and so cannot be used as gateway or DNS devices. - pifs_on_host = [ p for p in pifs_on_host if len(pif_get_bond_masters(p)) == 0] - - # loop through all the pifs on this host looking for one with - # other-config:peerdns = true, and one with - # other-config:default-route=true - peerdns_pif = None - defaultroute_pif = None - for __pif in pifs_on_host: - __pifrec = db().get_pif_record(__pif) - __oc = __pifrec['other_config'] - if 'peerdns' in __oc and __oc['peerdns'] == 'true': - if peerdns_pif == None: - peerdns_pif = __pif - else: - log('Warning: multiple pifs with "peerdns=true" - choosing %s and ignoring %s' % \ - (db().get_pif_record(peerdns_pif)['device'], __pifrec['device'])) - if 'defaultroute' in __oc and __oc['defaultroute'] == 'true': - if defaultroute_pif == None: - defaultroute_pif = __pif - else: - log('Warning: multiple pifs with "defaultroute=true" - choosing %s and ignoring %s' % \ - (db().get_pif_record(defaultroute_pif)['device'], __pifrec['device'])) - - # If no pif is explicitly specified then use the mgmt pif for - # peerdns/defaultroute. - if peerdns_pif == None: - peerdns_pif = management_pif - if defaultroute_pif == None: - defaultroute_pif = management_pif - - is_dnsdev = peerdns_pif == pif - is_gatewaydev = defaultroute_pif == pif - - if is_dnsdev or is_gatewaydev: - fnetwork = ConfigurationFile(root_prefix() + "/etc/sysconfig/network") - for line in fnetwork.readlines(): - if is_dnsdev and line.lstrip().startswith('DNSDEV='): - fnetwork.write('DNSDEV=%s\n' % ipdev) - is_dnsdev = False - elif is_gatewaydev and line.lstrip().startswith('GATEWAYDEV='): - fnetwork.write('GATEWAYDEV=%s\n' % ipdev) - is_gatewaydev = False - else: - fnetwork.write(line) - - if is_dnsdev: - fnetwork.write('DNSDEV=%s\n' % ipdev) - if is_gatewaydev: - fnetwork.write('GATEWAYDEV=%s\n' % ipdev) - - fnetwork.close() - f.attach_child(fnetwork) - - return f - -# -# Toplevel actions -# - -def action_up(pif, force): - pifrec = db().get_pif_record(pif) - - ipdev = pif_ipdev_name(pif) - dp = DatapathFactory()(pif) - - log("action_up: %s" % ipdev) - - f = ipdev_configure_network(pif, dp) - - dp.preconfigure(f) - - f.close() - - pif_rename_physical_devices(pif) - - # if we are not forcing the interface up then attempt to tear down - # any existing devices which might interfere with brinign this one - # up. - if not force: - ifdown(ipdev) - - dp.bring_down_existing() - - try: - f.apply() - - dp.configure() - - ifup(ipdev) - - dp.post() - - # Update /etc/issue (which contains the IP address of the management interface) - os.system(root_prefix() + "/sbin/update-issue") - - f.commit() - except Error as e: - log("failed to apply changes: %s" % e.msg) - f.revert() - raise - -def action_down(pif): - ipdev = pif_ipdev_name(pif) - dp = DatapathFactory()(pif) - - log("action_down: %s" % ipdev) - - ifdown(ipdev) - - dp.bring_down() - -def action_rewrite(): - DatapathFactory().rewrite() - -# This is useful for reconfiguring the mgmt interface after having lost connectivity to the pool master -def action_force_rewrite(bridge, config): - def getUUID(): - import subprocess - uuid,_ = subprocess.Popen(['uuidgen'], stdout = subprocess.PIPE).communicate() - return uuid.strip() - - # Notes: - # 1. that this assumes the interface is bridged - # 2. If --gateway is given it will make that the default gateway for the host - - # extract the configuration - try: - mode = config['mode'] - mac = config['mac'] - interface = config['device'] - except: - raise Usage("Please supply --mode, --mac and --device") - - if mode == 'static': - try: - netmask = config['netmask'] - ip = config['ip'] - except: - raise Usage("Please supply --netmask and --ip") - try: - gateway = config['gateway'] - except: - gateway = None - elif mode != 'dhcp': - raise Usage("--mode must be either static or dhcp") - - if 'vlan' in config: - is_vlan = True - vlan_slave, vlan_vid = config['vlan'].split('.') - else: - is_vlan = False - - if is_vlan: - raise Error("Force rewrite of VLAN not implemented") - - log("Configuring %s using %s configuration" % (bridge, mode)) - - f = ConfigurationFile(root_prefix() + dbcache_file) - - pif_uuid = getUUID() - network_uuid = getUUID() - - f.write('\n') - f.write('\n') - f.write('\t\n' % pif_uuid) - f.write('\t\tOpaqueRef:%s\n' % network_uuid) - f.write('\t\tTrue\n') - f.write('\t\t%sPif\n' % interface) - f.write('\t\tOpaqueRef:NULL\n') - f.write('\t\t\n') - f.write('\t\t\n') - f.write('\t\tOpaqueRef:NULL\n') - f.write('\t\t-1\n') - f.write('\t\t\n') - f.write('\t\t\n') - f.write('\t\t%s\n' % interface) - f.write('\t\t%s\n' % mac) - f.write('\t\t\n') - if mode == 'dhcp': - f.write('\t\tDHCP\n') - f.write('\t\t\n') - f.write('\t\t\n') - f.write('\t\t\n') - f.write('\t\t\n') - elif mode == 'static': - f.write('\t\tStatic\n') - f.write('\t\t%s\n' % ip) - f.write('\t\t%s\n' % netmask) - if gateway is not None: - f.write('\t\t%s\n' % gateway) - f.write('\t\t\n') - else: - raise Error("Unknown mode %s" % mode) - f.write('\t\n') - - f.write('\t\n' % network_uuid) - f.write('\t\tInitialManagementNetwork\n') - f.write('\t\t\n') - f.write('\t\t\tOpaqueRef:%s\n' % pif_uuid) - f.write('\t\t\n') - f.write('\t\t%s\n' % bridge) - f.write('\t\t\n') - f.write('\t\n') - f.write('\n') - - f.close() - - try: - f.apply() - f.commit() - except Error as e: - log("failed to apply changes: %s" % e.msg) - f.revert() - raise - -def main(argv=None): - global management_pif - - session = None - pif_uuid = None - pif = None - - force_interface = None - force_management = False - - if argv is None: - argv = sys.argv - - try: - try: - shortops = "h" - longops = [ "pif=", "pif-uuid=", - "session=", - "force=", - "force-interface=", - "management", - "mac=", "device=", "mode=", "ip=", "netmask=", "gateway=", - "root-prefix=", - "no-syslog", - "help" ] - arglist, args = getopt.gnu_getopt(argv[1:], shortops, longops) - except getopt.GetoptError as msg: - raise Usage(msg) - - force_rewrite_config = {} - - for o,a in arglist: - if o == "--pif": - pif = a - elif o == "--pif-uuid": - pif_uuid = a - elif o == "--session": - session = a - elif o == "--force-interface" or o == "--force": - force_interface = a - elif o == "--management": - force_management = True - elif o in ["--mac", "--device", "--mode", "--ip", "--netmask", "--gateway"]: - force_rewrite_config[o[2:]] = a - elif o == "--root-prefix": - set_root_prefix(a) - elif o == "--no-syslog": - set_log_destination("stderr") - elif o == "-h" or o == "--help": - print(__doc__ % {'command-name': os.path.basename(argv[0])}) - return 0 - - if get_log_destination() == "syslog": - syslog.openlog(os.path.basename(argv[0])) - log("Called as " + str.join(" ", argv)) - - if len(args) < 1: - raise Usage("Required option not present") - if len(args) > 1: - raise Usage("Too many arguments") - - action = args[0] - - if not action in ["up", "down", "rewrite", "rewrite-configuration"]: - raise Usage("Unknown action \"%s\"" % action) - - # backwards compatibility - if action == "rewrite-configuration": action = "rewrite" - - if ( session or pif ) and pif_uuid: - raise Usage("--session/--pif and --pif-uuid are mutually exclusive.") - if ( session and not pif ) or ( not session and pif ): - raise Usage("--session and --pif must be used together.") - if force_interface and ( session or pif or pif_uuid ): - raise Usage("--force is mutually exclusive with --session, --pif and --pif-uuid") - if len(force_rewrite_config) and not (force_interface and action == "rewrite"): - raise Usage("\"--force rewrite\" needed for --device, --mode, --ip, --netmask, and --gateway") - if (action == "rewrite") and (pif or pif_uuid ): - raise Usage("rewrite action does not take --pif or --pif-uuid") - - global db - if force_interface: - log("Force interface %s %s" % (force_interface, action)) - - if action == "rewrite": - action_force_rewrite(force_interface, force_rewrite_config) - elif action in ["up", "down"]: - db_init_from_cache(dbcache_file) - pif = db().get_pif_by_bridge(force_interface) - management_pif = db().get_management_pif() - - if action == "up": - action_up(pif, True) - elif action == "down": - action_down(pif) - else: - raise Error("Unknown action %s" % action) - else: - db_init_from_xenapi(session) - - if pif_uuid: - pif = db().get_pif_by_uuid(pif_uuid) - - if action == "rewrite": - action_rewrite() - else: - if not pif: - raise Usage("No PIF given") - - if force_management: - # pif is going to be the management pif - management_pif = pif - else: - # pif is not going to be the management pif. - # Search DB cache for pif on same host with management=true - pifrec = db().get_pif_record(pif) - management_pif = db().get_management_pif() - - log_pif_action(action, pif) - - if not check_allowed(pif): - return 0 - - if action == "up": - action_up(pif, False) - elif action == "down": - action_down(pif) - else: - raise Error("Unknown action %s" % action) - - # Save cache. - db().save(dbcache_file) - - except Usage as err: - sys.stderr.write(err.msg + "\n") - sys.stderr.write("For help use --help.\n") - sys.stderr.flush() - return 2 - except Error as err: - log(err.msg) - return 1 - - return 0 - -if __name__ == "__main__": - rc = 1 - try: - rc = main() - except: - ex = sys.exc_info() - err = traceback.format_exception(*ex) - for exline in err: - log(exline) - - syslog.closelog() - - sys.exit(rc) diff --git a/xenserver/usr_lib_xsconsole_plugins-base_XSFeatureVSwitch.py b/xenserver/usr_lib_xsconsole_plugins-base_XSFeatureVSwitch.py deleted file mode 100644 index fdbbc0ed4..000000000 --- a/xenserver/usr_lib_xsconsole_plugins-base_XSFeatureVSwitch.py +++ /dev/null @@ -1,331 +0,0 @@ -# Copyright (c) 2009,2010,2011,2012,2013 Nicira, Inc. -# Copyright (c) 2007-2011 Citrix Systems Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 only. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -from XSConsoleLog import * - -import os -import socket -import subprocess - -vsctl="/usr/bin/ovs-vsctl" - -if __name__ == "__main__": - raise Exception("This script is a plugin for xsconsole and cannot run independently") - -from XSConsoleStandard import * - -class VSwitchService: - service = {} - - def __init__(self, name, processname=None): - self.name = name - self.processname = processname - if self.processname == None: - self.processname = name - - def version(self): - try: - output = ShellPipe(["service", self.name, "version"]).Stdout() - except StandardError, e: - XSLogError("vswitch version retrieval error: " + str(e)) - return "" - for line in output: - if self.processname in line: - return line.split()[-1] - return "" - - def status(self): - try: - output = ShellPipe(["service", self.name, "status"]).Stdout() - except StandardError, e: - XSLogError("vswitch status retrieval error: " + str(e)) - return "" - if len(output) == 0: - return "" - for line in output: - if self.processname not in line: - continue - elif "running" in line: - return "Running" - elif "stop" in line: - return "Stopped" - else: - return "" - return "" - - def restart(self): - try: - ShellPipe(["service", self.name, "restart"]).Call() - except StandardError, e: - XSLogError("vswitch restart error: " + str(e)) - - @classmethod - def Inst(cls, name, processname=None): - key = name - if processname != None: - key = key + "-" + processname - if name not in cls.service: - cls.service[key] = VSwitchService(name, processname) - return cls.service[key] - -class VSwitchConfig: - - @staticmethod - def Get(action): - try: - arg = [vsctl, "-vconsole:off"] + action.split() - output = ShellPipe(arg).Stdout() - except StandardError, e: - XSLogError("config retrieval error: " + str(e)) - return "" - - if len(output) == 0: - output = "" - else: - output = output[0].strip() - return output - - -class VSwitchControllerDialogue(Dialogue): - def __init__(self): - Dialogue.__init__(self) - data=Data.Inst() - - self.hostsInPool = 0 - self.hostsUpdated = 0 - self.xs_version = data.host.software_version.product_version('') - pool = data.GetPoolForThisHost() - if pool is not None: - self.controller = pool.get("vswitch_controller", "") - else: - self.controller = "" - - choiceDefs = [ - ChoiceDef(Lang("Set pool-wide controller"), - lambda: self.getController()), - ChoiceDef(Lang("Delete pool-wide controller"), - lambda: self.deleteController()), - ChoiceDef(Lang("Resync server controller config"), - lambda: self.syncController()), -# ChoiceDef(Lang("Restart ovs-vswitchd"), -# lambda: self.restartService("vswitch")), - ] - self.menu = Menu(self, None, Lang("Configure Open vSwitch"), choiceDefs) - - self.ChangeState("INITIAL") - - def BuildPane(self): - pane = self.NewPane(DialoguePane(self.parent)) - pane.TitleSet(Lang("Configure Open vSwitch")) - pane.AddBox() - - def ChangeState(self, inState): - self.state = inState - self.BuildPane() - self.UpdateFields() - - def UpdateFields(self): - self.Pane().ResetPosition() - getattr(self, "UpdateFields" + self.state)() # Dispatch method named 'UpdateFields'+self.state - - def UpdateFieldsINITIAL(self): - pane = self.Pane() - pane.AddTitleField(Lang("Select an action")) - pane.AddMenuField(self.menu) - pane.AddKeyHelpField( { Lang("") : Lang("OK"), Lang("") : Lang("Cancel") } ) - - def UpdateFieldsGETCONTROLLER(self): - pane = self.Pane() - pane.ResetFields() - - pane.AddTitleField(Lang("Enter IP address of controller")) - pane.AddInputField(Lang("Address", 16), self.controller, "address") - pane.AddKeyHelpField( { Lang("") : Lang("OK"), Lang("") : Lang("Exit") } ) - if pane.CurrentInput() is None: - pane.InputIndexSet(0) - - def HandleKey(self, inKey): - handled = False - if hasattr(self, "HandleKey" + self.state): - handled = getattr(self, "HandleKey" + self.state)(inKey) - if not handled and inKey == 'KEY_ESCAPE': - Layout.Inst().PopDialogue() - handled = True - return handled - - def HandleKeyINITIAL(self, inKey): - return self.menu.HandleKey(inKey) - - def HandleKeyGETCONTROLLER(self, inKey): - pane = self.Pane() - if pane.CurrentInput() is None: - pane.InputIndexSet(0) - if inKey == 'KEY_ENTER': - inputValues = pane.GetFieldValues() - self.controller = inputValues['address'] - Layout.Inst().PopDialogue() - - # Make sure the controller is specified as a valid dotted quad - try: - socket.inet_aton(self.controller) - except socket.error: - Layout.Inst().PushDialogue(InfoDialogue(Lang("Please enter in dotted quad format"))) - return True - - Layout.Inst().TransientBanner(Lang("Setting controller...")) - try: - self.SetController(self.controller) - Layout.Inst().PushDialogue(InfoDialogue(Lang("Setting controller successful"))) - except Exception, e: - Layout.Inst().PushDialogue(InfoDialogue(Lang("Setting controller failed"))) - - self.ChangeState("INITIAL") - return True - else: - return pane.CurrentInput().HandleKey(inKey) - - def restartService(self, name): - s = VSwitchService.Inst(name) - s.restart() - Layout.Inst().PopDialogue() - - def getController(self): - self.ChangeState("GETCONTROLLER") - self.Pane().InputIndexSet(0) - - def deleteController(self): - self.controller = "" - Layout.Inst().PopDialogue() - Layout.Inst().TransientBanner(Lang("Deleting controller...")) - try: - self.SetController(None) - Layout.Inst().PushDialogue(InfoDialogue(Lang("Controller deletion successful"))) - except Exception, e: - Layout.Inst().PushDialogue(InfoDialogue(Lang("Controller deletion failed"))) - - def syncController(self): - Layout.Inst().PopDialogue() - Layout.Inst().TransientBanner(Lang("Resyncing controller setting...")) - try: - Task.Sync(lambda s: self._updateThisServer(s)) - Layout.Inst().PushDialogue(InfoDialogue(Lang("Resyncing controller config successful"))) - except Exception, e: - Layout.Inst().PushDialogue(InfoDialogue(Lang("Resyncing controller config failed"))) - - def SetController(self, ip): - self.hostsInPool = 0 - self.hostsUpdated = 0 - Task.Sync(lambda s: self._modifyPoolConfig(s, ip or "")) - # Should be done asynchronously, maybe with an external script? - Task.Sync(lambda s: self._updateActiveServers(s)) - - def _modifyPoolConfig(self, session, value): - """Modify pool configuration. - - If value == "" then delete configuration, otherwise set to value. - """ - pools = session.xenapi.pool.get_all() - # We assume there is only ever one pool... - if len(pools) == 0: - XSLogFatal(Lang("No pool found for host.")) - return - if len(pools) > 1: - XSLogFatal(Lang("More than one pool for host.")) - return - session.xenapi.pool.set_vswitch_controller(value) - Data.Inst().Update() - - def _updateActiveServers(self, session): - hosts = session.xenapi.host.get_all() - self.hostsUpdated = 0 - self.hostsInPool = len(hosts) - self.UpdateFields() - for host in hosts: - Layout.Inst().TransientBanner("Updating host %d out of %d" - % (self.hostsUpdated + 1, self.hostsInPool)) - session.xenapi.host.call_plugin(host, "openvswitch-cfg-update", "update", {}) - self.hostsUpdated = self.hostsUpdated + 1 - - def _updateThisServer(self, session): - data = Data.Inst() - host = data.host.opaqueref() - session.xenapi.host.call_plugin(host, "openvswitch-cfg-update", "update", {}) - - -class XSFeatureVSwitch: - - @classmethod - def StatusUpdateHandler(cls, inPane): - data = Data.Inst() - xs_version = data.host.software_version.product_version('') - - inPane.AddTitleField(Lang("Open vSwitch")) - - inPane.NewLine() - - inPane.AddStatusField(Lang("Version", 20), - VSwitchService.Inst("openvswitch", "ovs-vswitchd").version()) - - inPane.NewLine() - - pool = data.GetPoolForThisHost() - if pool is not None: - dbController = pool.get("vswitch_controller", "") - else: - dbController = "" - - if dbController == "": - dbController = Lang("") - inPane.AddStatusField(Lang("Controller (config)", 20), dbController) - controller = VSwitchConfig.Get("get-manager") - - if controller == "": - controller = Lang("") - elif controller[0:4] == "ssl:": - controller = controller.split(':')[1] - inPane.AddStatusField(Lang("Controller (in-use)", 20), controller) - - inPane.NewLine() - inPane.AddStatusField(Lang("ovs-vswitchd status", 20), - VSwitchService.Inst("openvswitch", "ovs-vswitchd").status()) - inPane.AddStatusField(Lang("ovsdb-server status", 20), - VSwitchService.Inst("openvswitch", "ovsdb-server").status()) - - inPane.AddKeyHelpField( { - Lang("") : Lang("Reconfigure"), - Lang("") : Lang("Refresh") - }) - - @classmethod - def ActivateHandler(cls): - DialogueUtils.AuthenticatedOnly(lambda: Layout.Inst().PushDialogue(VSwitchControllerDialogue())) - - def Register(self): - Importer.RegisterNamedPlugIn( - self, - 'VSwitch', # Key of this plugin for replacement, etc. - { - 'menuname' : 'MENU_NETWORK', - 'menupriority' : 800, - 'menutext' : Lang('Open vSwitch') , - 'statusupdatehandler' : self.StatusUpdateHandler, - 'activatehandler' : self.ActivateHandler - } - ) - -# Register this plugin when module is imported, IFF vswitchd is running -if os.path.exists('/var/run/openvswitch/ovs-vswitchd.pid'): - XSFeatureVSwitch().Register() diff --git a/xenserver/usr_share_openvswitch_scripts_ovs-xapi-sync b/xenserver/usr_share_openvswitch_scripts_ovs-xapi-sync deleted file mode 100755 index ecd6f6d70..000000000 --- a/xenserver/usr_share_openvswitch_scripts_ovs-xapi-sync +++ /dev/null @@ -1,406 +0,0 @@ -#! /usr/bin/env python -# Copyright (c) 2009, 2010, 2011, 2012, 2013 Nicira, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# A daemon to monitor the external_ids columns of the Bridge and -# Interface OVSDB tables for changes that require interrogating XAPI. -# Its responsibilities include: -# -# - Set the "bridge-id" key in the Bridge table. -# - Set the "iface-id" key in the Interface table. -# - Set the fail-mode on internal bridges. - -import argparse -import os -import sys -import time - -import XenAPI - -import ovs.daemon -import ovs.db.idl -import ovs.dirs -import ovs.unixctl -import ovs.unixctl.server - -import six - -vlog = ovs.vlog.Vlog("ovs-xapi-sync") -session = None -flush_cache = False -exiting = False -xapi_down = False - - -def unixctl_exit(conn, unused_argv, unused_aux): - global exiting - exiting = True - conn.reply(None) - - -def unixctl_flush_cache(conn, unused_argv, unused_aux): - global flush_cache - flush_cache = True - conn.reply(None) - - -# Set up a session to interact with XAPI. -# -# On system start-up, OVS comes up before XAPI, so we can't log into the -# session until later. Try to do this on-demand, since we won't -# actually do anything interesting until XAPI is up. -def init_session(): - global session - if session is not None: - return True - - try: - session = XenAPI.xapi_local() - session.xenapi.login_with_password("", "") - except XenAPI.Failure as e: - session = None - vlog.warn("Couldn't login to XAPI (%s)" % e) - return False - - return True - - -def get_network_by_bridge(br_name): - if not init_session(): - vlog.warn("Failed to get bridge id %s because" - " XAPI session could not be initialized" % br_name) - return None - - recs = session.xenapi.network.get_all_records_where( - 'field "bridge"="%s"' % br_name) - if len(recs) > 0: - return next(six.itervalues(recs)) - - return None - - -# There are possibilities when multiple xs-network-uuids are set for a bridge. -# In cases like that, we should choose the bridge-id associated with the bridge -# name. -def get_single_bridge_id(bridge_ids, br_name, default=None): - global xapi_down - - rec = get_network_by_bridge(br_name) - if rec and rec['uuid'] in bridge_ids: - return rec['uuid'] - - vlog.warn("Failed to get a single bridge id from Xapi.") - xapi_down = True - return default - - -# By default, the "bridge-id" external id in the Bridge table is the -# same as "xs-network-uuids". This may be overridden by defining a -# "nicira-bridge-id" key in the "other_config" field of the network -# record of XAPI. If nicira-bridge-id is undefined returns default. -# On error returns None. -def get_bridge_id(br_name, default=None): - rec = get_network_by_bridge(br_name) - if rec: - return rec['other_config'].get('nicira-bridge-id', default) - return None - - -# By default, the "iface-id" external id in the Interface table is the -# same as "xs-vif-uuid". This may be overridden by defining a -# "nicira-iface-id" key in the "other_config" field of the VIF -# record of XAPI. -def get_iface_id(if_name, xs_vif_uuid): - if not if_name.startswith("vif") and not if_name.startswith("tap"): - # Treat whatever was passed into 'xs_vif_uuid' as a default - # value for non-VIFs. - return xs_vif_uuid - - if not init_session(): - vlog.warn("Failed to get interface id %s because" - " XAPI session could not be initialized" % if_name) - return xs_vif_uuid - - try: - vif = session.xenapi.VIF.get_by_uuid(xs_vif_uuid) - rec = session.xenapi.VIF.get_record(vif) - return rec['other_config'].get('nicira-iface-id', xs_vif_uuid) - except XenAPI.Failure: - vlog.warn("Could not find XAPI entry for VIF %s" % if_name) - return xs_vif_uuid - - -# By default, the "vm-id" external id in the Interface table is the -# same as "xs-vm-uuid". This may be overridden by defining a -# "nicira-vm-id" key in the "other_config" field of the VM -# record of XAPI. -def get_vm_id(if_name, xs_vm_uuid): - if not if_name.startswith("vif") and not if_name.startswith("tap"): - # Treat whatever was passed into 'xs_vm_uuid' as a default - # value for non-VIFs. - return xs_vm_uuid - - if not init_session(): - vlog.warn("Failed to get vm id for interface id %s because" - " XAPI session could not be initialized" % if_name) - return xs_vm_uuid - - try: - vm = session.xenapi.VM.get_by_uuid(xs_vm_uuid) - rec = session.xenapi.VM.get_record(vm) - return rec['other_config'].get('nicira-vm-id', xs_vm_uuid) - except XenAPI.Failure: - vlog.warn("Could not find XAPI entry for VIF %s" % if_name) - return xs_vm_uuid - - -def set_or_delete(d, key, value): - if value is None: - if key in d: - del d[key] - return True - else: - if d.get(key) != value: - d[key] = value - return True - return False - - -def set_external_id(row, key, value): - row.verify("external_ids") - external_ids = row.external_ids - if set_or_delete(external_ids, key, value): - row.external_ids = external_ids - - -# XenServer does not call interface-reconfigure on internal networks, -# which is where the fail-mode would normally be set. -def update_fail_mode(row): - rec = get_network_by_bridge(row.name) - if not rec: - return - - fail_mode = rec['other_config'].get('vswitch-controller-fail-mode') - - if not fail_mode: - pools = session.xenapi.pool.get_all() - if len(pools) == 1: - prec = session.xenapi.pool.get_record(pools[0]) - fail_mode = prec['other_config'].get( - 'vswitch-controller-fail-mode') - - if fail_mode not in ['standalone', 'secure']: - fail_mode = 'standalone' - - row.verify("fail_mode") - if row.fail_mode != fail_mode: - row.fail_mode = fail_mode - - -def update_in_band_mgmt(row): - rec = get_network_by_bridge(row.name) - if not rec: - return - - dib = rec['other_config'].get('vswitch-disable-in-band') - - row.verify("other_config") - other_config = row.other_config - if dib and dib not in ['true', 'false']: - vlog.warn('"%s" isn\'t a valid setting for ' - "other_config:disable-in-band on %s" % (dib, row.name)) - elif set_or_delete(other_config, 'disable-in-band', dib): - row.other_config = other_config - - -def main(): - global flush_cache, xapi_down - - parser = argparse.ArgumentParser() - parser.add_argument("database", metavar="DATABASE", - help="A socket on which ovsdb-server is listening.") - parser.add_argument("--root-prefix", metavar="DIR", default='', - help="Use DIR as alternate root directory" - " (for testing).") - - ovs.vlog.add_args(parser) - ovs.daemon.add_args(parser) - args = parser.parse_args() - ovs.vlog.handle_args(args) - ovs.daemon.handle_args(args) - - remote = args.database - schema_helper = ovs.db.idl.SchemaHelper() - schema_helper.register_columns("Bridge", ["name", "external_ids", - "other_config", "fail_mode"]) - schema_helper.register_columns("Interface", ["name", "external_ids"]) - idl = ovs.db.idl.Idl(remote, schema_helper) - - ovs.daemon.daemonize() - - ovs.unixctl.command_register("exit", "", 0, 0, unixctl_exit, None) - ovs.unixctl.command_register("flush-cache", "", 0, 0, unixctl_flush_cache, - None) - error, unixctl_server = ovs.unixctl.server.UnixctlServer.create(None) - if error: - ovs.util.ovs_fatal(error, "could not create unixctl server", vlog) - - # This daemon is usually started before XAPI, but to complete our - # tasks, we need it. Wait here until it's up. - cookie_file = args.root_prefix + "/var/run/xapi_init_complete.cookie" - while not os.path.exists(cookie_file): - time.sleep(1) - - bridges = {} # Map from bridge name to nicira-bridge-id - iface_ids = {} # Map from xs-vif-uuid to iface-id - vm_ids = {} # Map from xs-vm-uuid to vm-id - seqno = idl.change_seqno # Sequence number when we last processed the db - while True: - unixctl_server.run() - if exiting: - break - - idl.run() - if not xapi_down and not flush_cache and seqno == idl.change_seqno: - poller = ovs.poller.Poller() - unixctl_server.wait(poller) - idl.wait(poller) - poller.block() - continue - - if xapi_down: - vlog.warn("Xapi is probably down. Retry again after a second.") - time.sleep(1) - xapi_down = False - - if flush_cache: - vlog.info("Flushing cache as the result of unixctl.") - bridges = {} - iface_ids = {} - vm_ids = {} - flush_cache = False - seqno = idl.change_seqno - - txn = ovs.db.idl.Transaction(idl) - - new_bridges = {} - for row in six.itervalues(idl.tables["Bridge"].rows): - bridge_id = bridges.get(row.name) - if bridge_id is None: - # Configure the new bridge. - update_fail_mode(row) - update_in_band_mgmt(row) - - # Get the correct bridge_id, if we can. - bridge_id = get_bridge_id(row.name) - if bridge_id is None: - xs_network_uuids = row.external_ids.get("xs-network-uuids") - if xs_network_uuids: - bridge_ids = xs_network_uuids.split(";") - if len(bridge_ids) == 1: - bridge_id = bridge_ids[0] - else: - bridge_id = get_single_bridge_id(bridge_ids, - row.name) - set_external_id(row, "bridge-id", bridge_id) - - if bridge_id is not None: - new_bridges[row.name] = bridge_id - bridges = new_bridges - - iface_by_name = {} - for row in six.itervalues(idl.tables["Interface"].rows): - iface_by_name[row.name] = row - - new_iface_ids = {} - new_vm_ids = {} - for row in six.itervalues(idl.tables["Interface"].rows): - # Match up paired vif and tap devices. - if row.name.startswith("vif"): - vif = row - tap = iface_by_name.get("tap%s" % row.name[3:]) - elif row.name.startswith("tap"): - tap = row - vif = iface_by_name.get("vif%s" % row.name[3:]) - else: - tap = vif = None - - # Several tap external-ids need to be copied from the vif. - if row == tap and vif: - keys = ["attached-mac", - "xs-network-uuid", - "xs-vif-uuid", - "xs-vm-uuid"] - for k in keys: - set_external_id(row, k, vif.external_ids.get(k)) - - # Map from xs-vif-uuid to iface-id. - # - # (A tap's xs-vif-uuid comes from its vif. That falls out - # naturally from the copy loop above.) - xvu = row.external_ids.get("xs-vif-uuid") - if xvu: - iface_id = (new_iface_ids.get(xvu) - or iface_ids.get(xvu) - or get_iface_id(row.name, xvu)) - new_iface_ids[xvu] = iface_id - else: - # No xs-vif-uuid therefore no iface-id. - iface_id = None - set_external_id(row, "iface-id", iface_id) - - # Map from xs-vm-uuid to vm-id. - xvmu = row.external_ids.get("xs-vm-uuid") - if xvmu: - vm_id = (new_vm_ids.get(xvmu) - or vm_ids.get(xvmu) - or get_vm_id(row.name, xvmu)) - new_vm_ids[xvmu] = vm_id - else: - vm_id = None - set_external_id(row, "vm-id", vm_id) - - # When there's a vif and a tap, the tap is active (used for - # traffic). When there's just a vif, the vif is active. - # - # A tap on its own shouldn't happen, and we don't know - # anything about other kinds of devices, so we don't use - # an iface-status for those devices at all. - if vif and tap: - set_external_id(tap, "iface-status", "active") - set_external_id(vif, "iface-status", "inactive") - elif vif: - set_external_id(vif, "iface-status", "active") - else: - set_external_id(row, "iface-status", None) - iface_ids = new_iface_ids - vm_ids = new_vm_ids - - txn.add_comment("ovs-xapi-sync: Updating records from XAPI") - txn.commit_block() - - unixctl_server.close() - idl.close() - - -if __name__ == '__main__': - try: - main() - except SystemExit: - # Let system.exit() calls complete normally - raise - except: - vlog.exception("traceback") - sys.exit(ovs.daemon.RESTART_EXIT_CODE) diff --git a/xenserver/usr_share_openvswitch_scripts_sysconfig.template b/xenserver/usr_share_openvswitch_scripts_sysconfig.template deleted file mode 100644 index 2c0845296..000000000 --- a/xenserver/usr_share_openvswitch_scripts_sysconfig.template +++ /dev/null @@ -1,24 +0,0 @@ -### Configuration options for openvswitch - -# Copyright (C) 2009, 2010, 2011 Nicira, Inc. - -# FORCE_COREFILES: If 'yes' then core files will be enabled. -# FORCE_COREFILES=yes - -# OVSDB_SERVER_PRIORITY: "nice" priority at which to run ovsdb-server. -# -# OVSDB_SERVER_PRIORITY=-10 - -# VSWITCHD_PRIORITY: "nice" priority at which to run ovs-vswitchd. -# VSWITCHD_PRIORITY=-10 - -# VSWITCHD_MLOCKALL: Whether to pass ovs-vswitchd the --mlockall option. -# This option should be set to "yes" or "no". The default is "yes". -# Enabling this option can avoid networking interruptions due to -# system memory pressure in extraordinary situations, such as multiple -# concurrent VM import operations. -# VSWITCHD_MLOCKALL=yes - -# OVS_CTL_OPTS: Extra options to pass to ovs-ctl. This is, for example, -# a suitable place to specify --ovs-vswitchd-wrapper=valgrind. -# OVS_CTL_OPTS= From patchwork Fri May 8 06:04:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1285839 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49JKYV2hY1z9sRY for ; Fri, 8 May 2020 16:05:01 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id E5A6889362; Fri, 8 May 2020 06:04:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rKWtbr6Z4+qB; Fri, 8 May 2020 06:04:56 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 076C88936D; Fri, 8 May 2020 06:04:56 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E30A7C0889; Fri, 8 May 2020 06:04:55 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 709FBC07FF for ; Fri, 8 May 2020 06:04:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 562948936D for ; Fri, 8 May 2020 06:04:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D43-IKmBFswp for ; Fri, 8 May 2020 06:04:51 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by hemlock.osuosl.org (Postfix) with ESMTPS id D81E789362 for ; Fri, 8 May 2020 06:04:50 +0000 (UTC) X-Originating-IP: 115.99.89.246 Received: from nusiddiq.home.org.com (unknown [115.99.89.246]) (Authenticated sender: numans@ovn.org) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 678E160006; Fri, 8 May 2020 06:04:45 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Fri, 8 May 2020 11:34:42 +0530 Message-Id: <20200508060442.246938-1-numans@ovn.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200508060325.246679-1-numans@ovn.org> References: <20200508060325.246679-1-numans@ovn.org> MIME-Version: 1.0 Cc: Dave Tucker Subject: [ovs-dev] [PATCH ovn 2/7] Remove IPSEC X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Dave Tucker This code is used from the OVS tree and is not required for compilation. It should be removed so that no-one attempts to modify it. Submitted-at: https://github.com/ovn-org/ovn/pull/38 Signed-off-by: Dave Tucker Signed-off-by: Numan Siddique --- Makefile.am | 1 - ipsec/.gitignore | 1 - ipsec/automake.mk | 11 - ipsec/ovs-monitor-ipsec.in | 1235 ------------------------------------ 4 files changed, 1248 deletions(-) delete mode 100644 ipsec/.gitignore delete mode 100644 ipsec/automake.mk delete mode 100755 ipsec/ovs-monitor-ipsec.in diff --git a/Makefile.am b/Makefile.am index fbd4638a1..b75c12eff 100644 --- a/Makefile.am +++ b/Makefile.am @@ -497,7 +497,6 @@ include include/automake.mk include third-party/automake.mk include debian/automake.mk include lib/ovsdb_automake.mk -include ipsec/automake.mk include rhel/automake.mk include tutorial/automake.mk include selinux/automake.mk diff --git a/ipsec/.gitignore b/ipsec/.gitignore deleted file mode 100644 index e4083913f..000000000 --- a/ipsec/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/ovs-monitor-ipsec diff --git a/ipsec/automake.mk b/ipsec/automake.mk deleted file mode 100644 index b157e7b7f..000000000 --- a/ipsec/automake.mk +++ /dev/null @@ -1,11 +0,0 @@ -# Copyright (C) 2017 Nicira, Inc. -# -# Copying and distribution of this file, with or without modification, -# are permitted in any medium without royalty provided the copyright -# notice and this notice are preserved. This file is offered as-is, -# without warranty of any kind. - -scripts_SCRIPTS += ipsec/ovs-monitor-ipsec -EXTRA_DIST += ipsec/ovs-monitor-ipsec.in -FLAKE8_PYFILES += ipsec/ovs-monitor-ipsec.in -CLEANFILES += ipsec/ovs-monitor-ipsec diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in deleted file mode 100755 index 37e370324..000000000 --- a/ipsec/ovs-monitor-ipsec.in +++ /dev/null @@ -1,1235 +0,0 @@ -#! @PYTHON3@ -# Copyright (c) 2017 Nicira, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import argparse -import re -import subprocess -import sys -import copy -import os -from string import Template - -import ovs.daemon -import ovs.db.idl -import ovs.dirs -import ovs.unixctl -import ovs.unixctl.server -import ovs.util -import ovs.vlog - - -FILE_HEADER = "# Generated by ovs-monitor-ipsec...do not modify by hand!\n\n" -transp_tmpl = {"gre": Template("""\ -conn $ifname-$version -$auth_section - leftprotoport=gre - rightprotoport=gre - -"""), "gre64": Template("""\ -conn $ifname-$version -$auth_section - leftprotoport=gre - rightprotoport=gre - -"""), "geneve": Template("""\ -conn $ifname-in-$version -$auth_section - leftprotoport=udp/6081 - rightprotoport=udp - -conn $ifname-out-$version -$auth_section - leftprotoport=udp - rightprotoport=udp/6081 - -"""), "stt": Template("""\ -conn $ifname-in-$version -$auth_section - leftprotoport=tcp/7471 - rightprotoport=tcp - -conn $ifname-out-$version -$auth_section - leftprotoport=tcp - rightprotoport=tcp/7471 - -"""), "vxlan": Template("""\ -conn $ifname-in-$version -$auth_section - leftprotoport=udp/4789 - rightprotoport=udp - -conn $ifname-out-$version -$auth_section - leftprotoport=udp - rightprotoport=udp/4789 - -""")} -vlog = ovs.vlog.Vlog("ovs-monitor-ipsec") -exiting = False -monitor = None -xfrm = None - - -class XFRM(object): - """This class is a simple wrapper around ip-xfrm (8) command line - utility. We are using this class only for informational purposes - so that ovs-monitor-ipsec could verify that IKE keying daemon has - installed IPsec policies and security associations into kernel as - expected.""" - - def __init__(self, ip_root_prefix): - self.IP = ip_root_prefix + "/sbin/ip" - - def get_policies(self): - """This function returns IPsec policies (from kernel) in a dictionary - where is destination IPv4 address and is SELECTOR of - the IPsec policy.""" - policies = {} - proc = subprocess.Popen([self.IP, 'xfrm', 'policy'], - stdout=subprocess.PIPE) - while True: - line = proc.stdout.readline().strip() - if line == '': - break - a = line.split(" ") - if len(a) >= 4 and a[0] == "src" and a[2] == "dst": - dst = (a[3].split("/"))[0] - if dst not in policies: - policies[dst] = [] - policies[dst].append(line) - src = (a[3].split("/"))[0] - if src not in policies: - policies[src] = [] - policies[src].append(line) - return policies - - def get_securities(self): - """This function returns IPsec security associations (from kernel) - in a dictionary where is destination IPv4 address and - is SELECTOR.""" - securities = {} - proc = subprocess.Popen([self.IP, 'xfrm', 'state'], - stdout=subprocess.PIPE) - while True: - line = proc.stdout.readline().strip() - if line == '': - break - a = line.split(" ") - if len(a) >= 4 and a[0] == "sel" \ - and a[1] == "src" and a[3] == "dst": - remote_ip = a[4].rstrip().split("/")[0] - local_ip = a[2].rstrip().split("/")[0] - if remote_ip not in securities: - securities[remote_ip] = [] - securities[remote_ip].append(line) - if local_ip not in securities: - securities[local_ip] = [] - securities[local_ip].append(line) - return securities - - -class StrongSwanHelper(object): - """This class does StrongSwan specific configurations.""" - - STRONGSWAN_CONF = """%s -charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes -charon.plugins.kernel-netlink.xfrm_ack_expires = 10 -charon.load_modular = yes -charon.plugins.gcm.load = yes -""" % (FILE_HEADER) - - CONF_HEADER = """%s -config setup - uniqueids=yes - -conn %%default - keyingtries=%%forever - type=transport - keyexchange=ikev2 - auto=route - ike=aes256gcm16-sha256-modp2048 - esp=aes256gcm16-modp2048 - -""" % (FILE_HEADER) - - CA_SECTION = """ca ca_auth - cacert=%s - -""" - - SHUNT_POLICY = """conn prevent_unencrypted_gre - type=drop - leftprotoport=gre - mark={0} - -conn prevent_unencrypted_geneve - type=drop - leftprotoport=udp/6081 - mark={0} - -conn prevent_unencrypted_stt - type=drop - leftprotoport=tcp/7471 - mark={0} - -conn prevent_unencrypted_vxlan - type=drop - leftprotoport=udp/4789 - mark={0} - -""" - - auth_tmpl = {"psk": Template("""\ - left=0.0.0.0 - right=$remote_ip - authby=psk"""), - "pki_remote": Template("""\ - left=0.0.0.0 - right=$remote_ip - leftid=$local_name - rightid=$remote_name - leftcert=$certificate - rightcert=$remote_cert"""), - "pki_ca": Template("""\ - left=0.0.0.0 - right=$remote_ip - leftid=$local_name - rightid=$remote_name - leftcert=$certificate""")} - - def __init__(self, root_prefix): - self.CHARON_CONF = root_prefix + "/etc/strongswan.d/ovs.conf" - self.IPSEC = root_prefix + "/usr/sbin/ipsec" - self.IPSEC_CONF = root_prefix + "/etc/ipsec.conf" - self.IPSEC_SECRETS = root_prefix + "/etc/ipsec.secrets" - self.conf_file = None - self.secrets_file = None - - def restart_ike_daemon(self): - """This function restarts StrongSwan.""" - f = open(self.CHARON_CONF, "w") - f.write(self.STRONGSWAN_CONF) - f.close() - - f = open(self.IPSEC_CONF, "w") - f.write(self.CONF_HEADER) - f.close() - - f = open(self.IPSEC_SECRETS, "w") - f.write(FILE_HEADER) - f.close() - - vlog.info("Restarting StrongSwan") - subprocess.call([self.IPSEC, "restart"]) - - def get_active_conns(self): - """This function parses output from 'ipsec status' command. - It returns dictionary where is interface name (as in OVSDB) - and is another dictionary. This another dictionary - uses strongSwan connection name as and more detailed - sample line from the parsed outpus as . """ - - conns = {} - proc = subprocess.Popen([self.IPSEC, 'status'], stdout=subprocess.PIPE) - - while True: - line = proc.stdout.readline().strip() - if line == '': - break - tunnel_name = line.split(":") - if len(tunnel_name) < 2: - continue - m = re.match(r"(.*)(-in-\d+|-out-\d+|-\d+).*", tunnel_name[0]) - if not m: - continue - ifname = m.group(1) - if ifname not in conns: - conns[ifname] = {} - (conns[ifname])[tunnel_name[0]] = line - - return conns - - def config_init(self): - self.conf_file = open(self.IPSEC_CONF, "w") - self.secrets_file = open(self.IPSEC_SECRETS, "w") - self.conf_file.write(self.CONF_HEADER) - self.secrets_file.write(FILE_HEADER) - - def config_global(self, monitor): - """Configure the global state of IPsec tunnels.""" - needs_refresh = False - - if monitor.conf_in_use != monitor.conf: - monitor.conf_in_use = copy.deepcopy(monitor.conf) - needs_refresh = True - - # Configure the shunt policy - if monitor.conf_in_use["skb_mark"]: - skb_mark = monitor.conf_in_use["skb_mark"] - self.conf_file.write(self.SHUNT_POLICY.format(skb_mark)) - - # Configure the CA cert - if monitor.conf_in_use["pki"]["ca_cert"]: - cacert = monitor.conf_in_use["pki"]["ca_cert"] - self.conf_file.write(self.CA_SECTION % cacert) - - return needs_refresh - - def config_tunnel(self, tunnel): - if tunnel.conf["psk"]: - self.secrets_file.write('0.0.0.0 %s : PSK "%s"\n' % - (tunnel.conf["remote_ip"], tunnel.conf["psk"])) - auth_section = self.auth_tmpl["psk"].substitute(tunnel.conf) - else: - self.secrets_file.write("0.0.0.0 %s : RSA %s\n" % - (tunnel.conf["remote_ip"], - tunnel.conf["private_key"])) - if tunnel.conf["remote_cert"]: - tmpl = self.auth_tmpl["pki_remote"] - auth_section = tmpl.substitute(tunnel.conf) - else: - tmpl = self.auth_tmpl["pki_ca"] - auth_section = tmpl.substitute(tunnel.conf) - - vals = tunnel.conf.copy() - vals["auth_section"] = auth_section - vals["version"] = tunnel.version - conf_text = transp_tmpl[tunnel.conf["tunnel_type"]].substitute(vals) - self.conf_file.write(conf_text) - - def config_fini(self): - self.secrets_file.close() - self.conf_file.close() - self.secrets_file = None - self.conf_file = None - - def refresh(self, monitor): - """This functions refreshes strongSwan configuration. Behind the - scenes this function calls: - 1. once "ipsec update" command that tells strongSwan to load - all new tunnels from "ipsec.conf"; and - 2. once "ipsec rereadsecrets" command that tells strongswan to load - secrets from "ipsec.conf" file - 3. for every removed tunnel "ipsec stroke down-nb " command - that removes old tunnels. - Once strongSwan vici bindings will be distributed with major - Linux distributions this function could be simplified.""" - vlog.info("Refreshing StrongSwan configuration") - subprocess.call([self.IPSEC, "update"]) - subprocess.call([self.IPSEC, "rereadsecrets"]) - # "ipsec update" command does not remove those tunnels that were - # updated or that disappeared from the ipsec.conf file. So, we have - # to manually remove them by calling "ipsec stroke down-nb " - # command. We use number to tell apart tunnels that - # were just updated. - # "ipsec down-nb" command is designed to be non-blocking (opposed - # to "ipsec down" command). This means that we should not be concerned - # about possibility of ovs-monitor-ipsec to block for each tunnel - # while strongSwan sends IKE messages over Internet. - conns_dict = self.get_active_conns() - for ifname, conns in conns_dict.iteritems(): - tunnel = monitor.tunnels.get(ifname) - for conn in conns: - # IPsec "connection" names that we choose in strongswan - # must start with Interface name - if not conn.startswith(ifname): - vlog.err("%s does not start with %s" % (conn, ifname)) - continue - - # version number should be the first integer after - # interface name in IPsec "connection" - try: - ver = int(re.findall(r'\d+', conn[len(ifname):])[0]) - except IndexError: - vlog.err("%s does not contain version number") - continue - except ValueError: - vlog.err("%s does not contain version number") - continue - - if not tunnel or tunnel.version != ver: - vlog.info("%s is outdated %u" % (conn, ver)) - subprocess.call([self.IPSEC, "stroke", "down-nb", conn]) - - -class LibreSwanHelper(object): - """This class does LibreSwan specific configurations.""" - CONF_HEADER = """%s -config setup - uniqueids=yes - -conn %%default - keyingtries=%%forever - type=transport - auto=route - ike=aes_gcm256-sha2_256 - esp=aes_gcm256 - ikev2=insist - -""" % (FILE_HEADER) - - SHUNT_POLICY = """conn prevent_unencrypted_gre - type=drop - left=%defaultroute - leftprotoport=gre - mark={0} - -conn prevent_unencrypted_geneve - type=drop - left=%defaultroute - leftprotoport=udp/6081 - mark={0} - -conn prevent_unencrypted_stt - type=drop - left=%defaultroute - leftprotoport=tcp/7471 - mark={0} - -conn prevent_unencrypted_vxlan - type=drop - left=%defaultroute - leftprotoport=udp/4789 - mark={0} - -""" - - auth_tmpl = {"psk": Template("""\ - left=%defaultroute - right=$remote_ip - authby=secret"""), - "pki_remote": Template("""\ - left=%defaultroute - right=$remote_ip - leftid=@$local_name - rightid=@$remote_name - leftcert="$local_name" - rightcert="$remote_name" - leftrsasigkey=%cert"""), - "pki_ca": Template("""\ - left=%defaultroute - right=$remote_ip - leftid=@$local_name - rightid=@$remote_name - leftcert="ovs_certkey_$local_name" - leftrsasigkey=%cert - rightca=%same""")} - - CERT_PREFIX = "ovs_cert_" - CERTKEY_PREFIX = "ovs_certkey_" - - def __init__(self, libreswan_root_prefix): - self.IPSEC = libreswan_root_prefix + "/usr/sbin/ipsec" - self.IPSEC_CONF = libreswan_root_prefix + "/etc/ipsec.conf" - self.IPSEC_SECRETS = libreswan_root_prefix + "/etc/ipsec.secrets" - self.conf_file = None - self.secrets_file = None - - def restart_ike_daemon(self): - """This function restarts LibreSwan.""" - # Remove the stale information from the NSS database - self._nss_clear_database() - - f = open(self.IPSEC_CONF, "w") - f.write(self.CONF_HEADER) - f.close() - - f = open(self.IPSEC_SECRETS, "w") - f.write(FILE_HEADER) - f.close() - - vlog.info("Restarting LibreSwan") - subprocess.call([self.IPSEC, "restart"]) - - def config_init(self): - self.conf_file = open(self.IPSEC_CONF, "w") - self.secrets_file = open(self.IPSEC_SECRETS, "w") - self.conf_file.write(self.CONF_HEADER) - self.secrets_file.write(FILE_HEADER) - - def config_global(self, monitor): - """Configure the global state of IPsec tunnels.""" - needs_refresh = False - - if monitor.conf_in_use["pki"] != monitor.conf["pki"]: - # Clear old state - if monitor.conf_in_use["pki"]["certificate"]: - local_name = monitor.conf_in_use["pki"]["local_name"] - self._nss_delete_cert_and_key(self.CERTKEY_PREFIX + local_name) - - if monitor.conf_in_use["pki"]["ca_cert"]: - self._nss_delete_cert(self.CERT_PREFIX + "cacert") - - # Load new state - if monitor.conf["pki"]["certificate"]: - cert = monitor.conf["pki"]["certificate"] - key = monitor.conf["pki"]["private_key"] - name = monitor.conf["pki"]["local_name"] - name = self.CERTKEY_PREFIX + name - self._nss_import_cert_and_key(cert, key, name) - - if monitor.conf["pki"]["ca_cert"]: - self._nss_import_cert(monitor.conf["pki"]["ca_cert"], - self.CERT_PREFIX + "cacert", 'CT,,') - - monitor.conf_in_use["pki"] = copy.deepcopy(monitor.conf["pki"]) - needs_refresh = True - - # Configure the shunt policy - if monitor.conf["skb_mark"]: - skb_mark = monitor.conf["skb_mark"] - self.conf_file.write(self.SHUNT_POLICY.format(skb_mark)) - - # Will update conf_in_use later in the 'refresh' method - if monitor.conf_in_use["skb_mark"] != monitor.conf["skb_mark"]: - needs_refresh = True - - return needs_refresh - - def config_tunnel(self, tunnel): - if tunnel.conf["psk"]: - self.secrets_file.write('%%any %s : PSK "%s"\n' % - (tunnel.conf["remote_ip"], tunnel.conf["psk"])) - auth_section = self.auth_tmpl["psk"].substitute(tunnel.conf) - elif tunnel.conf["remote_cert"]: - auth_section = self.auth_tmpl["pki_remote"].substitute(tunnel.conf) - self._nss_import_cert(tunnel.conf["remote_cert"], - self.CERT_PREFIX + tunnel.conf["remote_name"], - 'P,P,P') - else: - auth_section = self.auth_tmpl["pki_ca"].substitute(tunnel.conf) - - vals = tunnel.conf.copy() - vals["auth_section"] = auth_section - vals["version"] = tunnel.version - conf_text = transp_tmpl[tunnel.conf["tunnel_type"]].substitute(vals) - self.conf_file.write(conf_text) - - def config_fini(self): - self.secrets_file.close() - self.conf_file.close() - self.secrets_file = None - self.conf_file = None - - def clear_tunnel_state(self, tunnel): - if tunnel.conf["remote_cert"]: - name = self.CERT_PREFIX + tunnel.conf["remote_name"] - self._nss_delete_cert(name) - - def refresh(self, monitor): - vlog.info("Refreshing LibreSwan configuration") - subprocess.call([self.IPSEC, "auto", "--rereadsecrets"]) - tunnels = set(monitor.tunnels.keys()) - - # Delete old connections - conns_dict = self.get_active_conns() - for ifname, conns in conns_dict.iteritems(): - tunnel = monitor.tunnels.get(ifname) - - for conn in conns: - # IPsec "connection" names must start with Interface name - if not conn.startswith(ifname): - vlog.err("%s does not start with %s" % (conn, ifname)) - continue - - # version number should be the first integer after - # interface name in IPsec "connection" - try: - ver = int(re.findall(r'\d+', conn[len(ifname):])[0]) - except ValueError: - vlog.err("%s does not contain version number") - continue - except IndexError: - vlog.err("%s does not contain version number") - continue - - if not tunnel or tunnel.version != ver: - vlog.info("%s is outdated %u" % (conn, ver)) - subprocess.call([self.IPSEC, "auto", "--delete", conn]) - elif ifname in tunnels: - tunnels.remove(ifname) - - # Activate new connections - for name in tunnels: - ver = monitor.tunnels[name].version - - if monitor.tunnels[name].conf["tunnel_type"] == "gre": - conn = "%s-%s" % (name, ver) - self._start_ipsec_connection(conn) - else: - conn_in = "%s-in-%s" % (name, ver) - conn_out = "%s-out-%s" % (name, ver) - self._start_ipsec_connection(conn_in) - self._start_ipsec_connection(conn_out) - - # Update shunt policy if changed - if monitor.conf_in_use["skb_mark"] != monitor.conf["skb_mark"]: - if monitor.conf["skb_mark"]: - subprocess.call([self.IPSEC, "auto", "--add", - "--asynchronous", "prevent_unencrypted_gre"]) - subprocess.call([self.IPSEC, "auto", "--add", - "--asynchronous", "prevent_unencrypted_geneve"]) - subprocess.call([self.IPSEC, "auto", "--add", - "--asynchronous", "prevent_unencrypted_stt"]) - subprocess.call([self.IPSEC, "auto", "--add", - "--asynchronous", "prevent_unencrypted_vxlan"]) - else: - subprocess.call([self.IPSEC, "auto", "--delete", - "--asynchronous", "prevent_unencrypted_gre"]) - subprocess.call([self.IPSEC, "auto", "--delete", - "--asynchronous", "prevent_unencrypted_geneve"]) - subprocess.call([self.IPSEC, "auto", "--delete", - "--asynchronous", "prevent_unencrypted_stt"]) - subprocess.call([self.IPSEC, "auto", "--delete", - "--asynchronous", "prevent_unencrypted_vxlan"]) - monitor.conf_in_use["skb_mark"] = monitor.conf["skb_mark"] - - def get_active_conns(self): - """This function parses output from 'ipsec status' command. - It returns dictionary where is interface name (as in OVSDB) - and is another dictionary. This another dictionary - uses LibreSwan connection name as and more detailed - sample line from the parsed outpus as . """ - - conns = {} - proc = subprocess.Popen([self.IPSEC, 'status'], stdout=subprocess.PIPE) - - while True: - line = proc.stdout.readline().strip() - if line == '': - break - - m = re.search(r"#\d+: \"(.*)\".*", line) - if not m: - continue - - conn = m.group(1) - m = re.match(r"(.*)(-in-\d+|-out-\d+|-\d+)", conn) - if not m: - continue - - ifname = m.group(1) - if ifname not in conns: - conns[ifname] = {} - (conns[ifname])[conn] = line - - return conns - - def _start_ipsec_connection(self, conn): - # In a corner case, LibreSwan daemon restarts for some reason and - # the "ipsec auto --start" command is lost. Just retry to make sure - # the command is received by LibreSwan. - while True: - proc = subprocess.Popen([self.IPSEC, "auto", "--start", - "--asynchronous", conn], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - perr = str(proc.stderr.read()) - pout = str(proc.stdout.read()) - if not re.match(r".*Connection refused.*", perr) and \ - not re.match(r".*need --listen.*", pout): - break - - def _nss_clear_database(self): - """Remove all OVS IPsec related state from the NSS database""" - try: - proc = subprocess.Popen(['certutil', '-L', '-d', - 'sql:/etc/ipsec.d/'], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - lines = proc.stdout.readlines() - - for line in lines: - s = line.strip().split() - if len(s) < 1: - continue - name = s[0] - if name.startswith(self.CERT_PREFIX): - self._nss_delete_cert(name) - elif name.startswith(self.CERTKEY_PREFIX): - self._nss_delete_cert_and_key(name) - - except Exception as e: - vlog.err("Failed to clear NSS database.\n" + str(e)) - - def _nss_import_cert(self, cert, name, cert_type): - """Cert_type is 'CT,,' for the CA certificate and 'P,P,P' for the - normal certificate.""" - try: - proc = subprocess.Popen(['certutil', '-A', '-a', '-i', cert, - '-d', 'sql:/etc/ipsec.d/', '-n', - name, '-t', cert_type], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - proc.wait() - if proc.returncode: - raise Exception(proc.stderr.read()) - except Exception as e: - vlog.err("Failed to import ceretificate into NSS.\n" + str(e)) - - def _nss_delete_cert(self, name): - try: - proc = subprocess.Popen(['certutil', '-D', '-d', - 'sql:/etc/ipsec.d/', '-n', name], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - proc.wait() - if proc.returncode: - raise Exception(proc.stderr.read()) - except Exception as e: - vlog.err("Failed to delete ceretificate from NSS.\n" + str(e)) - - def _nss_import_cert_and_key(self, cert, key, name): - try: - # Avoid deleting other files - path = os.path.abspath('/tmp/%s.p12' % name) - if not path.startswith('/tmp/'): - raise Exception("Illegal certificate name!") - - # Create p12 file from pem files - proc = subprocess.Popen(['openssl', 'pkcs12', '-export', - '-in', cert, '-inkey', key, '-out', - path, '-name', name, '-passout', 'pass:'], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - proc.wait() - if proc.returncode: - raise Exception(proc.stderr.read()) - - # Load p12 file to the database - proc = subprocess.Popen(['pk12util', '-i', path, '-d', - 'sql:/etc/ipsec.d/', '-W', ''], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - proc.wait() - if proc.returncode: - raise Exception(proc.stderr.read()) - - except Exception as e: - vlog.err("Import cert and key failed.\n" + str(e)) - os.remove(path) - - def _nss_delete_cert_and_key(self, name): - try: - # Delete certificate and private key - proc = subprocess.Popen(['certutil', '-F', '-d', - 'sql:/etc/ipsec.d/', '-n', name], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - proc.wait() - if proc.returncode: - raise Exception(proc.stderr.read()) - - except Exception as e: - vlog.err("Delete cert and key failed.\n" + str(e)) - - -class IPsecTunnel(object): - """This is the base class for IPsec tunnel.""" - - unixctl_config_tmpl = Template("""\ - Tunnel Type: $tunnel_type - Remote IP: $remote_ip - SKB mark: $skb_mark - Local cert: $certificate - Local name: $local_name - Local key: $private_key - Remote cert: $remote_cert - Remote name: $remote_name - CA cert: $ca_cert - PSK: $psk -""") - - unixctl_status_tmpl = Template("""\ - Ofport: $ofport - CFM state: $cfm_state -""") - - def __init__(self, name, row): - self.name = name # 'name' will not change because it is key in OVSDB - self.version = 0 # 'version' is increased on configuration changes - self.last_refreshed_version = -1 - self.state = "INIT" - self.conf = {} - self.status = {} - self.update_conf(row) - - def update_conf(self, row): - """This function updates IPsec tunnel configuration by using 'row' - from OVSDB interface table. If configuration was actually changed - in OVSDB then this function returns True. Otherwise, it returns - False.""" - ret = False - options = row.options - remote_cert = options.get("remote_cert") - remote_name = options.get("remote_name") - if remote_cert: - remote_name = monitor._get_cn_from_cert(remote_cert) - - new_conf = { - "ifname": self.name, - "tunnel_type": row.type, - "remote_ip": options.get("remote_ip"), - "skb_mark": monitor.conf["skb_mark"], - "certificate": monitor.conf["pki"]["certificate"], - "private_key": monitor.conf["pki"]["private_key"], - "ca_cert": monitor.conf["pki"]["ca_cert"], - "remote_cert": remote_cert, - "remote_name": remote_name, - "local_name": monitor.conf["pki"]["local_name"], - "psk": options.get("psk")} - - if self.conf != new_conf: - # Configuration was updated in OVSDB. Validate it and figure - # out what to do next with this IPsec tunnel. Also, increment - # version number of this IPsec tunnel so that we could tell - # apart old and new tunnels in "ipsec status" output. - self.version += 1 - ret = True - self.conf = new_conf - - if self._is_valid_tunnel_conf(): - self.state = "CONFIGURED" - else: - vlog.warn("%s contains invalid configuration%s" % - (self.name, self.invalid_reason)) - self.state = "INVALID" - - new_status = { - "cfm_state": "Up" if row.cfm_fault == [False] else - "Down" if row.cfm_fault == [True] else - "Disabled", - "ofport": "Not assigned" if (row.ofport in [[], [-1]]) else - row.ofport[0]} - - if self.status != new_status: - # Tunnel has become unhealthy or ofport changed. Simply log this. - vlog.dbg("%s changed status from %s to %s" % - (self.name, str(self.status), str(new_status))) - self.status = new_status - return ret - - def mark_for_removal(self): - """This function marks tunnel for removal.""" - self.version += 1 - self.state = "REMOVED" - - def show(self, policies, securities, conns): - state = self.state - if self.state == "INVALID": - state += self.invalid_reason - header = "Interface name: %s v%u (%s)\n" % (self.name, self.version, - state) - conf = self.unixctl_config_tmpl.substitute(self.conf) - status = self.unixctl_status_tmpl.substitute(self.status) - spds = "Kernel policies installed:\n" - remote_ip = self.conf["remote_ip"] - if remote_ip in policies: - for line in policies[remote_ip]: - spds += " " + line + "\n" - sas = "Kernel security associations installed:\n" - if remote_ip in securities: - for line in securities[remote_ip]: - sas += " " + line + "\n" - cons = "IPsec connections that are active:\n" - if self.name in conns: - for tname in conns[self.name]: - cons += " " + conns[self.name][tname] + "\n" - - return header + conf + status + spds + sas + cons + "\n" - - def _is_valid_tunnel_conf(self): - """This function verifies if IPsec tunnel has valid configuration - set in 'conf'. If it is valid, then it returns True. Otherwise, - it returns False and sets the reason why configuration was considered - as invalid. - - This function could be improved in future to also verify validness - of certificates themselves so that ovs-monitor-ipsec would not - pass malformed configuration to IKE daemon.""" - - self.invalid_reason = None - - if not self.conf["remote_ip"]: - self.invalid_reason = ": 'remote_ip' is not set" - return False - - if self.conf["psk"]: - if self.conf["certificate"] or self.conf["private_key"] \ - or self.conf["ca_cert"] or self.conf["remote_cert"] \ - or self.conf["remote_name"]: - self.invalid_reason = ": 'certificate', 'private_key', "\ - "'ca_cert', 'remote_cert', and "\ - "'remote_name' must be unset with PSK" - return False - # If configuring authentication with CA-signed certificate or - # self-signed certificate, the 'remote_name' should be specified at - # this point. When using CA-signed certificate, the 'remote_name' is - # read from interface's options field. When using self-signed - # certificate, the 'remote_name' is extracted from the 'remote_cert' - # file. - elif self.conf["remote_name"]: - if not self.conf["certificate"]: - self.invalid_reason = ": must set 'certificate' as local"\ - " certificate when using CA-signed"\ - " certificate or self-signed"\ - " certificate to authenticate peers" - return False - elif not self.conf["private_key"]: - self.invalid_reason = ": must set 'private_key' as local"\ - " private key when using CA-signed"\ - " certificate or self-signed"\ - " certificate to authenticate peers" - return False - if not self.conf["remote_cert"] and not self.conf["ca_cert"]: - self.invalid_reason = ": must set 'remote_cert' when using"\ - " self-signed certificate"\ - " authentication or 'ca_cert' when"\ - " using CA-signed certificate"\ - " authentication" - return False - else: - self.invalid_reason = ": must choose a authentication method" - return False - - return True - - -class IPsecMonitor(object): - """This class monitors and configures IPsec tunnels""" - - def __init__(self, root_prefix, ike_daemon): - self.IPSEC = root_prefix + "/usr/sbin/ipsec" - self.tunnels = {} - - # Global configuration shared by all tunnels - self.conf = { - "pki": { - "private_key": None, - "certificate": None, - "ca_cert": None, - "local_name": None - }, - "skb_mark": None - } - self.conf_in_use = copy.deepcopy(self.conf) - - # Choose to either use StrongSwan or LibreSwan as IKE daemon - if ike_daemon == "strongswan": - self.ike_helper = StrongSwanHelper(root_prefix) - elif ike_daemon == "libreswan": - self.ike_helper = LibreSwanHelper(root_prefix) - else: - vlog.err("The IKE daemon should be strongswan or libreswan.") - sys.exit(1) - - # Check whether ipsec command is available - if not os.path.isfile(self.IPSEC) or \ - not os.access(self.IPSEC, os.X_OK): - vlog.err("IKE daemon is not installed in the system.") - - self.ike_helper.restart_ike_daemon() - - def is_tunneling_type_supported(self, tunnel_type): - """Returns True if we know how to configure IPsec for these - types of tunnels. Otherwise, returns False.""" - return tunnel_type in ["gre", "geneve", "vxlan", "stt"] - - def is_ipsec_required(self, options_column): - """Return True if tunnel needs to be encrypted. Otherwise, - returns False.""" - return "psk" in options_column or \ - "remote_name" in options_column or \ - "remote_cert" in options_column - - def add_tunnel(self, name, row): - """Adds a new tunnel that monitor will provision with 'name'.""" - vlog.info("Tunnel %s appeared in OVSDB" % (name)) - self.tunnels[name] = IPsecTunnel(name, row) - - def update_tunnel(self, name, row): - """Updates configuration of already existing tunnel with 'name'.""" - tunnel = self.tunnels[name] - if tunnel.update_conf(row): - vlog.info("Tunnel's '%s' configuration changed in OVSDB to %u" % - (tunnel.name, tunnel.version)) - - def del_tunnel(self, name): - """Deletes tunnel by 'name'.""" - vlog.info("Tunnel %s disappeared from OVSDB" % (name)) - self.tunnels[name].mark_for_removal() - - def update_conf(self, pki, skb_mark): - """Update the global configuration for IPsec tunnels""" - self.conf["pki"]["certificate"] = pki[0] - self.conf["pki"]["private_key"] = pki[1] - self.conf["pki"]["ca_cert"] = pki[2] - self.conf["pki"]["local_name"] = pki[3] - - # Update skb_mark used in IPsec policies. - self.conf["skb_mark"] = skb_mark - - def read_ovsdb_open_vswitch_table(self, data): - """This functions reads IPsec relevant configuration from Open_vSwitch - table.""" - pki = [None, None, None, None] - skb_mark = None - is_valid = False - - for row in data["Open_vSwitch"].rows.itervalues(): - pki[0] = row.other_config.get("certificate") - pki[1] = row.other_config.get("private_key") - pki[2] = row.other_config.get("ca_cert") - skb_mark = row.other_config.get("ipsec_skb_mark") - - # Test whether it's a valid configration - if pki[0] and pki[1]: - pki[3] = self._get_cn_from_cert(pki[0]) - if pki[3]: - is_valid = True - elif not pki[0] and not pki[1] and not pki[2]: - is_valid = True - - if not is_valid: - vlog.warn("The cert and key configuration is not valid. " - "The valid configuations are 1): certificate, private_key " - "and ca_cert are not set; or 2): certificate and " - "private_key are all set.") - else: - self.update_conf(pki, skb_mark) - - def read_ovsdb_interface_table(self, data): - """This function reads the IPsec relevant configuration from Interface - table.""" - ifaces = set() - - for row in data["Interface"].rows.itervalues(): - if not self.is_tunneling_type_supported(row.type): - continue - if not self.is_ipsec_required(row.options): - continue - if row.name in self.tunnels: - self.update_tunnel(row.name, row) - else: - self.add_tunnel(row.name, row) - ifaces.add(row.name) - - # Mark for removal those tunnels that just disappeared from OVSDB - for tunnel in self.tunnels.keys(): - if tunnel not in ifaces: - self.del_tunnel(tunnel) - - def read_ovsdb(self, data): - """This function reads all configuration from OVSDB that - ovs-monitor-ipsec is interested in.""" - self.read_ovsdb_open_vswitch_table(data) - self.read_ovsdb_interface_table(data) - - def show(self, unix_conn, policies, securities): - """This function prints all tunnel state in 'unix_conn'. - It uses 'policies' and securities' received from Linux Kernel - to show if tunnels were actually configured by the IKE deamon.""" - if not self.tunnels: - unix_conn.reply("No tunnels configured with IPsec") - return - s = "" - conns = self.ike_helper.get_active_conns() - for name, tunnel in self.tunnels.iteritems(): - s += tunnel.show(policies, securities, conns) - unix_conn.reply(s) - - def run(self): - """This function runs state machine that represents whole - IPsec configuration (i.e. merged together from individual - tunnel state machines). It creates configuration files and - tells IKE daemon to update configuration.""" - needs_refresh = False - removed_tunnels = [] - - self.ike_helper.config_init() - - if self.ike_helper.config_global(self): - needs_refresh = True - - for name, tunnel in self.tunnels.iteritems(): - if tunnel.last_refreshed_version != tunnel.version: - tunnel.last_refreshed_version = tunnel.version - needs_refresh = True - - if tunnel.state == "REMOVED" or tunnel.state == "INVALID": - removed_tunnels.append(name) - elif tunnel.state == "CONFIGURED": - self.ike_helper.config_tunnel(self.tunnels[name]) - - self.ike_helper.config_fini() - - for name in removed_tunnels: - # LibreSwan needs to clear state from database - if hasattr(self.ike_helper, "clear_tunnel_state"): - self.ike_helper.clear_tunnel_state(self.tunnels[name]) - del self.tunnels[name] - - if needs_refresh: - self.ike_helper.refresh(self) - - def _get_cn_from_cert(self, cert): - try: - proc = subprocess.Popen(['openssl', 'x509', '-noout', '-subject', - '-nameopt', 'RFC2253', '-in', cert], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - proc.wait() - if proc.returncode: - raise Exception(proc.stderr.read()) - m = re.search(r"CN=(.+?),", proc.stdout.readline()) - if not m: - raise Exception("No CN in the certificate subject.") - except Exception as e: - vlog.warn(str(e)) - return None - - return m.group(1) - - -def unixctl_xfrm_policies(conn, unused_argv, unused_aux): - global xfrm - policies = xfrm.get_policies() - conn.reply(str(policies)) - - -def unixctl_xfrm_state(conn, unused_argv, unused_aux): - global xfrm - securities = xfrm.get_securities() - conn.reply(str(securities)) - - -def unixctl_ipsec_status(conn, unused_argv, unused_aux): - global monitor - conns = monitor.ike_helper.get_active_conns() - conn.reply(str(conns)) - - -def unixctl_show(conn, unused_argv, unused_aux): - global monitor - global xfrm - policies = xfrm.get_policies() - securities = xfrm.get_securities() - monitor.show(conn, policies, securities) - - -def unixctl_refresh(conn, unused_argv, unused_aux): - global monitor - monitor.ike_helper.refresh(monitor) - conn.reply(None) - - -def unixctl_exit(conn, unused_argv, unused_aux): - global monitor - global exiting - exiting = True - - # Make sure persistent global states are cleared - monitor.update_conf([None, None, None, None], None) - # Make sure persistent tunnel states are cleared - for tunnel in monitor.tunnels.keys(): - monitor.del_tunnel(tunnel) - monitor.run() - - conn.reply(None) - - -def main(): - parser = argparse.ArgumentParser() - parser.add_argument("database", metavar="DATABASE", - help="A socket on which ovsdb-server is listening.") - parser.add_argument("--root-prefix", metavar="DIR", - help="Use DIR as alternate root directory" - " (for testing).") - parser.add_argument("--ike-daemon", metavar="IKE-DAEMON", - help="The IKE daemon used for IPsec tunnels" - " (either libreswan or strongswan).") - - ovs.vlog.add_args(parser) - ovs.daemon.add_args(parser) - args = parser.parse_args() - ovs.vlog.handle_args(args) - ovs.daemon.handle_args(args) - - global monitor - global xfrm - - root_prefix = args.root_prefix if args.root_prefix else "" - xfrm = XFRM(root_prefix) - monitor = IPsecMonitor(root_prefix, args.ike_daemon) - - remote = args.database - schema_helper = ovs.db.idl.SchemaHelper() - schema_helper.register_columns("Interface", - ["name", "type", "options", "cfm_fault", - "ofport"]) - schema_helper.register_columns("Open_vSwitch", ["other_config"]) - idl = ovs.db.idl.Idl(remote, schema_helper) - - ovs.daemon.daemonize() - - ovs.unixctl.command_register("xfrm/policies", "", 0, 0, - unixctl_xfrm_policies, None) - ovs.unixctl.command_register("xfrm/state", "", 0, 0, - unixctl_xfrm_state, None) - ovs.unixctl.command_register("ipsec/status", "", 0, 0, - unixctl_ipsec_status, None) - ovs.unixctl.command_register("tunnels/show", "", 0, 0, - unixctl_show, None) - ovs.unixctl.command_register("refresh", "", 0, 0, unixctl_refresh, None) - ovs.unixctl.command_register("exit", "", 0, 0, unixctl_exit, None) - - error, unixctl_server = ovs.unixctl.server.UnixctlServer.create(None) - if error: - ovs.util.ovs_fatal(error, "could not create unixctl server", vlog) - - # Sequence number when OVSDB was processed last time - seqno = idl.change_seqno - - while True: - unixctl_server.run() - if exiting: - break - - idl.run() - if seqno != idl.change_seqno: - monitor.read_ovsdb(idl.tables) - seqno = idl.change_seqno - - monitor.run() - - poller = ovs.poller.Poller() - unixctl_server.wait(poller) - idl.wait(poller) - poller.block() - - unixctl_server.close() - idl.close() - - -if __name__ == '__main__': - try: - main() - except SystemExit: - # Let system.exit() calls complete normally - raise - except: - vlog.exception("traceback") - sys.exit(ovs.daemon.RESTART_EXIT_CODE) From patchwork Fri May 8 06:04:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1285840 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49JKYt74s3z9sRY for ; Fri, 8 May 2020 16:05:22 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 461C321553; Fri, 8 May 2020 06:05:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hul-fBgGi+kp; Fri, 8 May 2020 06:05:14 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 2C08121561; Fri, 8 May 2020 06:05:03 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 12A60C088B; Fri, 8 May 2020 06:05:03 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8549AC0890 for ; Fri, 8 May 2020 06:05:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 8114A89390 for ; Fri, 8 May 2020 06:05:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y7jX+MXh-1Wg for ; Fri, 8 May 2020 06:05:00 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) by hemlock.osuosl.org (Postfix) with ESMTPS id BBC588939B for ; Fri, 8 May 2020 06:04:57 +0000 (UTC) X-Originating-IP: 115.99.89.246 Received: from nusiddiq.home.org.com (unknown [115.99.89.246]) (Authenticated sender: numans@ovn.org) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id 30F801C0002; Fri, 8 May 2020 06:04:52 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Fri, 8 May 2020 11:34:48 +0530 Message-Id: <20200508060448.246991-1-numans@ovn.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200508060325.246679-1-numans@ovn.org> References: <20200508060325.246679-1-numans@ovn.org> MIME-Version: 1.0 Cc: Dave Tucker Subject: [ovs-dev] [PATCH ovn 3/7] Remove Appveyor X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Dave Tucker AppVeyor is not used for testing OVN Submitted-at: https://github.com/ovn-org/ovn/pull/38 Signed-off-by: Dave Tucker Signed-off-by: Numan Siddique --- Makefile.am | 1 - appveyor.yml | 46 ---------------------------------------------- 2 files changed, 47 deletions(-) delete mode 100644 appveyor.yml diff --git a/Makefile.am b/Makefile.am index b75c12eff..8b49ba255 100644 --- a/Makefile.am +++ b/Makefile.am @@ -93,7 +93,6 @@ EXTRA_DIST = \ .travis/linux-prepare.sh \ .travis/osx-build.sh \ .travis/osx-prepare.sh \ - appveyor.yml \ boot.sh \ poc/builders/Vagrantfile \ poc/playbook-centos-builder.yml \ diff --git a/appveyor.yml b/appveyor.yml deleted file mode 100644 index 2e5c37a37..000000000 --- a/appveyor.yml +++ /dev/null @@ -1,46 +0,0 @@ -version: 1.0.{build} -branches: - only: - - master -clone_folder: C:\openvswitch -init: -- ps: >- - mkdir C:\pthreads-win32 - - mkdir C:\ovs-build-downloads - - $source = "ftp://sourceware.org/pub/pthreads-win32/pthreads-w32-2-9-1-release.zip" - - $destination = "C:\pthreads-win32\pthreads-win32.zip" - - Invoke-WebRequest $source -OutFile $destination - - $source = "https://slproweb.com/download/Win32OpenSSL-1_0_2n.exe" - - $destination = "C:\ovs-build-downloads\Win32OpenSSL-1_0_2n.exe" - - Invoke-WebRequest $source -OutFile $destination - - cd C:\pthreads-win32 - - 7z x C:\pthreads-win32\pthreads-win32.zip - - cd C:\ovs-build-downloads - - .\Win32OpenSSL-1_0_2n.exe /silent /verysilent /sp- /suppressmsgboxes - - Start-Sleep -s 30 - - cd C:\openvswitch - - python -m pip install six pypiwin32 --disable-pip-version-check - -build_script: -- '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Tools\VsDevCmd"' -- C:\MinGW\msys\1.0\bin\bash -lc "echo \"C:/MinGW /mingw\" > /etc/fstab" -- C:\MinGW\msys\1.0\bin\bash -lc "cp /c/pthreads-win32/Pre-built.2/dll/x86/*.dll /c/openvswitch/." -- C:\MinGW\msys\1.0\bin\bash -lc "mv /bin/link.exe /bin/link_copy.exe" -- C:\MinGW\msys\1.0\bin\bash -lc "cd /c/openvswitch && ./boot.sh" -- C:\MinGW\msys\1.0\bin\bash -lc "cd /c/openvswitch && ./configure CC=build-aux/cccl LD=\"`which link`\" LIBS=\"-lws2_32 -lShlwapi -liphlpapi -lwbemuuid -lole32 -loleaut32\" --with-pthread=C:/pthreads-win32/Pre-built.2 --with-openssl=C:/OpenSSL-Win32 --with-vstudiotarget=\"Debug\" -- C:\MinGW\msys\1.0\bin\bash -lc "cd /c/openvswitch && make" -- C:\MinGW\msys\1.0\bin\bash -lc "cd /c/openvswitch && make datapath_windows_analyze" From patchwork Fri May 8 06:04:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1285846 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49JKbS3qw4z9sRY for ; Fri, 8 May 2020 16:06:44 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 520C288538; Fri, 8 May 2020 06:06:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r+a1RNz2mX7U; Fri, 8 May 2020 06:06:11 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 7E0D889694; Fri, 8 May 2020 06:05:48 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 57E7EC088B; Fri, 8 May 2020 06:05:48 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9FC14C0889 for ; Fri, 8 May 2020 06:05:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 7EDDF883A6 for ; Fri, 8 May 2020 06:05:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OViyg0vqz0Dk for ; Fri, 8 May 2020 06:05:09 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by whitealder.osuosl.org (Postfix) with ESMTPS id 6B6F7883BD for ; Fri, 8 May 2020 06:05:02 +0000 (UTC) X-Originating-IP: 115.99.89.246 Received: from nusiddiq.home.org.com (unknown [115.99.89.246]) (Authenticated sender: numans@ovn.org) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 369A260003; Fri, 8 May 2020 06:04:58 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Fri, 8 May 2020 11:34:54 +0530 Message-Id: <20200508060454.247045-1-numans@ovn.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200508060325.246679-1-numans@ovn.org> References: <20200508060325.246679-1-numans@ovn.org> MIME-Version: 1.0 Cc: Dave Tucker Subject: [ovs-dev] [PATCH ovn 4/7] documentation: Remove unused ovsdb manpages X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Dave Tucker Submitted-at: https://github.com/ovn-org/ovn/pull/38 Signed-off-by: Dave Tucker Signed-off-by: Numan Siddique --- Documentation/automake.mk | 5 +- Documentation/conf.py | 6 - .../contributing/documentation-style.rst | 2 +- Documentation/ref/index.rst | 3 - Documentation/ref/ovsdb-server.7.rst | 545 --------------- Documentation/ref/ovsdb.5.rst | 308 --------- Documentation/ref/ovsdb.7.rst | 650 ------------------ 7 files changed, 2 insertions(+), 1517 deletions(-) delete mode 100644 Documentation/ref/ovsdb-server.7.rst delete mode 100644 Documentation/ref/ovsdb.5.rst delete mode 100644 Documentation/ref/ovsdb.7.rst diff --git a/Documentation/automake.mk b/Documentation/automake.mk index ca1fb1222..e0f39b33f 100644 --- a/Documentation/automake.mk +++ b/Documentation/automake.mk @@ -98,10 +98,7 @@ endif # rules. # rST formatted manpages under Documentation/ref. -RST_MANPAGES = \ - ovsdb-server.7.rst \ - ovsdb.5.rst \ - ovsdb.7.rst +RST_MANPAGES = # rST formatted manpages that we don't want to install because they # document stuff that only works with a build tree, not with an diff --git a/Documentation/conf.py b/Documentation/conf.py index c7949b73e..f072a4879 100644 --- a/Documentation/conf.py +++ b/Documentation/conf.py @@ -116,12 +116,6 @@ html_static_path = ['_static'] _man_pages = [ ('ovn-sim.1', u'Open Virtual Network simulator environment'), - ('ovsdb-server.7', - u'Open vSwitch Database Server Protocol'), - ('ovsdb.5', - u'Open vSwitch Database (File Formats)'), - ('ovsdb.7', - u'Open vSwitch Database (Overview)'), ] # Generate list of (path, name, description, [author, ...], section) diff --git a/Documentation/internals/contributing/documentation-style.rst b/Documentation/internals/contributing/documentation-style.rst index e86fcf19c..1c44fbb57 100644 --- a/Documentation/internals/contributing/documentation-style.rst +++ b/Documentation/internals/contributing/documentation-style.rst @@ -341,7 +341,7 @@ In addition to the above, man pages have some specific requirements: - The man page must be included in the list of man page documents found in `conf.py`__ -Refer to existing man pages, such as :doc:`/ref/ovsdb-server.7` for a worked +Refer to existing man pages, such as :doc:`/ref/ovn-sim.1` for a worked example. __ http://www.sphinx-doc.org/en/stable/domains.html#directive-program diff --git a/Documentation/ref/index.rst b/Documentation/ref/index.rst index ecb181c6f..124388977 100644 --- a/Documentation/ref/index.rst +++ b/Documentation/ref/index.rst @@ -40,9 +40,6 @@ time: :maxdepth: 3 ovn-sim.1 - ovsdb-server.7 - ovsdb.5 - ovsdb.7 The remainder are still in roff format can be found below: diff --git a/Documentation/ref/ovsdb-server.7.rst b/Documentation/ref/ovsdb-server.7.rst deleted file mode 100644 index d47f7ad85..000000000 --- a/Documentation/ref/ovsdb-server.7.rst +++ /dev/null @@ -1,545 +0,0 @@ -.. - Copyright (c) 2017 Nicira, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - - Convention for heading levels in OVN documentation: - - ======= Heading 0 (reserved for the title in a document) - ------- Heading 1 - ~~~~~~~ Heading 2 - +++++++ Heading 3 - ''''''' Heading 4 - - Avoid deeper levels because they do not render well. - -============ -ovsdb-server -============ - -Description -=========== - -``ovsdb-server`` implements the Open vSwitch Database (OVSDB) protocol -specified in RFC 7047. This document provides clarifications for how -``ovsdb-server`` implements the protocol and describes the extensions that it -provides beyond RFC 7047. Numbers in section headings refer to corresponding -sections in RFC 7047. - -3.1 JSON Usage --------------- - -RFC 4627 says that names within a JSON object should be unique. -The Open vSwitch JSON parser discards all but the last value -for a name that is specified more than once. - -The definition of allows for implementation extensions. -Currently ``ovsdb-server`` uses the following additional ``error`` -strings (which might change in later releases): - -``syntax error`` or ``unknown column`` - The request could not be parsed as an OVSDB request. An additional - ``syntax`` member, whose value is a string that contains JSON, may narrow - down the particular syntax that could not be parsed. - -``internal error`` - The request triggered a bug in ``ovsdb-server``. - -``ovsdb error`` - A map or set contains a duplicate key. - -``permission error`` - The request was denied by the role-based access control extension, - introduced in version 2.8. - -3.2 Schema Format ------------------ - -RFC 7047 requires the ``version`` field in . Current versions -of ``ovsdb-server`` allow it to be omitted (future versions are likely to -require it). - -RFC 7047 allows columns that contain weak references to be immutable. This -raises the issue of the behavior of the weak reference when the rows that it -references are deleted. Since version 2.6, ``ovsdb-server`` forces columns -that contain weak references to be mutable. - -Since version 2.8, the table name ``RBAC_Role`` is used internally by the -role-based access control extension to ``ovsdb-server`` and should not be used -for purposes other than defining mappings of role names to table access -permissions. This table has one row per role name and the following columns: - -``name`` - The role name. - -``permissions`` - A map of table name to a reference to a row in a separate permission table. - -The separate RBAC permission table has one row per access control -configuration and the following columns: - -``name`` - The name of the table to which the row applies. - -``authorization`` - The set of column names and column:key pairs to be compared with the client - ID in order to determine the authorization status of the requested - operation. - -``insert_delete`` - A boolean value, true if authorized insertions and deletions are allowed, - false if no insertions or deletions are allowed. - -``update`` - The set of columns and column:key pairs for which authorized update and - mutate operations should be permitted. - -4 Wire Protocol ---------------- - -The original OVSDB specifications included the following reasons, omitted from -RFC 7047, to operate JSON-RPC directly over a stream instead of over HTTP: - -* JSON-RPC is a peer-to-peer protocol, but HTTP is a client-server protocol, - which is a poor match. Thus, JSON-RPC over HTTP requires the client to - periodically poll the server to receive server requests. - -* HTTP is more complicated than stream connections and doesn't provide any - corresponding advantage. - -* The JSON-RPC specification for HTTP transport is incomplete. - -4.1.3 Transact --------------- - -Since version 2.8, role-based access controls can be applied to operations -within a transaction that would modify the contents of the database (these -operations include row insert, row delete, column update, and column -mutate). Role-based access controls are applied when the database schema -contains a table with the name ``RBAC_Role`` and the connection on which the -transaction request was received has an associated role name (from the ``role`` -column in the remote connection table). When role-based access controls are -enabled, transactions that are otherwise well-formed may be rejected depending -on the client's role, ID, and the contents of the ``RBAC_Role`` table and -associated permissions table. - -4.1.5 Monitor -------------- - -For backward compatibility, ``ovsdb-server`` currently permits a single - to be used instead of an array; it is treated as a -single-element array. Future versions of ``ovsdb-server`` might remove this -compatibility feature. - -Because the parameter is used to match subsequent update -notifications (see below) to the request, it must be unique among all active -monitors. ``ovsdb-server`` rejects attempt to create two monitors with the -same identifier. - -4.1.7 Monitor Cancellation --------------------------- - -When a database monitored by a session is removed, and database change -awareness is enabled for the session (see Section 4.1.16), the database server -spontaneously cancels all monitors (including conditional monitors described in -Section 4.1.12) for the removed database. For each canceled monitor, it issues -a notification in the following form:: - - "method": "monitor_canceled" - "params": [] - "id": null - -4.1.12 Monitor_cond -------------------- - -A new monitor method added in Open vSwitch version 2.6. The ``monitor_cond`` -request enables a client to replicate subsets of tables within an OVSDB -database by requesting notifications of changes to rows matching one of the -conditions specified in ``where`` by receiving the specified contents of these -rows when table updates occur. ``monitor_cond`` also allows a more efficient -update notifications by receiving notifications (described -below). - -The ``monitor`` method described in Section 4.1.5 also applies to -``monitor_cond``, with the following exceptions: - -* RPC request method becomes ``monitor_cond``. - -* Reply result follows , described in Section 4.1.14. - -* Subsequent changes are sent to the client using the ``update2`` monitor - notification, described in Section 4.1.14 - -* Update notifications are being sent only for rows matching [*]. - - -The request object has the following members:: - - "method": "monitor_cond" - "params": [, , ] - "id": - -The parameter is used to match subsequent update notifications -(see below) to this request. The object maps the name -of the table to an array of . - -Each is an object with the following members:: - - "columns": [*] optional - "where": [*] optional - "select": optional - -The ``columns``, if present, define the columns within the table to be -monitored that match conditions. If not present, all columns are monitored. - -The ``where``, if present, is a JSON array of and boolean values. -If not present or condition is an empty array, implicit True will be considered -and updates on all rows will be sent. - - is an object with the following members:: - - "initial": optional - "insert": optional - "delete": optional - "modify": optional - -The contents of this object specify how the columns or table are to be -monitored as explained in more detail below. - -The response object has the following members:: - - "result": - "error": null - "id": same "id" as request - -The object is described in detail in Section 4.1.14. It -contains the contents of the tables for which initial rows are selected. If no -tables initial contents are requested, then ``result`` is an empty object. - -Subsequently, when changes to a specified table that match one of the -conditions in are committed, the changes are -automatically sent to the client using the ``update2`` monitor notification -(see Section 4.1.14). This monitoring persists until the JSON-RPC session -terminates or until the client sends a ``monitor_cancel`` JSON-RPC request. - -Each specifies one or more conditions and the manner in -which the rows that match the conditions are to be monitored. The -circumstances in which an ``update`` notification is sent for a row within the -table are determined by : - -* If ``initial`` is omitted or true, every row in the original table that - matches one of the conditions is sent as part of the response to the - ``monitor_cond`` request. - -* If ``insert`` is omitted or true, update notifications are sent for rows - newly inserted into the table that match conditions or for rows modified in - the table so that their old version does not match the condition and new - version does. - -* If ``delete`` is omitted or true, update notifications are sent for rows - deleted from the table that match conditions or for rows modified in the - table so that their old version does match the conditions and new version - does not. - -* If ``modify`` is omitted or true, update notifications are sent whenever a - row in the table that matches conditions in both old and new version is - modified. - -Both ``monitor`` and ``monitor_cond`` sessions can exist concurrently. However, -``monitor`` and ``monitor_cond`` shares the same parameter space; -it must be unique among all ``monitor`` and ``monitor_cond`` sessions. - -4.1.13 Monitor_cond_change --------------------------- - -The ``monitor_cond_change`` request enables a client to change an existing -``monitor_cond`` replication of the database by specifying a new condition and -columns for each replicated table. Currently changing the columns set is not -supported. - -The request object has the following members:: - - "method": "monitor_cond_change" - "params": [, , ] - "id": - -The parameter should have a value of an existing conditional -monitoring session from this client. The second in params array is -the requested value for this session. This value is valid only after -``monitor_cond_change`` is committed. A user can use these values to -distinguish between update messages before conditions update and after. The - object maps the name of the table to an array of -. Monitored tables not included in - retain their current conditions. - -Each is an object with the following members:: - - "columns": [*] optional - "where": [*] optional - -The ``columns`` specify a new array of columns to be monitored, although this -feature is not yet supported. - -The ``where`` specify a new array of conditions to be applied to this -monitoring session. - -The response object has the following members:: - - "result": null - "error": null - "id": same "id" as request - -Subsequent notifications are described in detail in Section -4.1.14 in the RFC. If insert contents are requested by original monitor_cond -request, will contain rows that match the new condition and do -not match the old condition. If deleted contents are requested by origin -monitor request, will contain any matched rows by old -condition and not matched by the new condition. - -Changes according to the new conditions are automatically sent to the client -using the ``update2`` monitor notification. An update, if any, as a result of -a condition change, will be sent to the client before the reply to the -``monitor_cond_change`` request. - -4.1.14 Update2 notification ---------------------------- - -The ``update2`` notification is sent by the server to the client to report -changes in tables that are being monitored following a ``monitor_cond`` request -as described above. The notification has the following members:: - - "method": "update2" - "params": [, ] - "id": null - -The in ``params`` is the same as the value passed as the - in ``params`` for the corresponding ``monitor`` request. - is an object that maps from a table name to a . -A is an object that maps from row's UUID to a -object. A is an object with one of the following members: - -``"initial": `` - present for ``initial`` updates - -``"insert": `` - present for ``insert`` updates - -``"delete": `` - present for ``delete`` updates - -``"modify": "`` - present for ``modify`` updates - -The format of is described in Section 5.1. - - is always a null object for a ``delete`` update. In ``initial`` and -``insert`` updates, omits columns whose values equal the default value of -the column type. - -For a ``modify`` update, contains only the columns that are modified. - stores the difference between the old and new value for those columns, as -described below. - -For columns with single value, the difference is the value of the new column. - -The difference between two sets are all elements that only belong to one of the -sets. - -The difference between two maps are all key-value pairs whose keys appears in -only one of the maps, plus the key-value pairs whose keys appear in both maps -but with different values. For the latter elements, includes the value -from the new column. - -Initial views of rows are not presented in update2 notifications, but in the -response object to the ``monitor_cond`` request. The formatting of the - object, however, is the same in either case. - -4.1.15 Monitor_cond_since -------------------------- - -A new monitor method added in Open vSwitch version 2.12. The -``monitor_cond_since`` request enables a client to request changes that -happened after a specific transaction id. A client can use this feature to -request only latest changes after a server connection reset instead of -re-transfer all data from the server again. - -The ``monitor_cond`` method described in Section 4.1.12 also applies to -``monitor_cond_since``, with the following exceptions: - -* RPC request method becomes ``monitor_cond_since``. - -* Reply result includes extra parameters. - -* Subsequent changes are sent to the client using the ``update3`` monitor - notification, described in Section 4.1.16 - -The request object has the following members:: - - "method": "monitor_cond_since" - "params": [, , , ] - "id": - -The parameter is the transaction id that identifies the latest -data the client already has, and it requests server to send changes AFTER this -transaction (exclusive). - -All other parameters are the same as ``monitor_cond`` method. - -The response object has the following members:: - - "result": [, , ] - "error": null - "id": same "id" as request - -The is a boolean value that tells if the requested by -client is found in server's history or not. If true, the changes after that -version up to current is sent. Otherwise, all data is sent. - -The is the transaction id that identifies the latest transaction -included in the changes in of this response, so that client -can keep tracking. If there is no change involved in this response, it is the -same as the in the request if is true, or zero uuid if - is false. If the server does not support transaction uuid, it will -be zero uuid as well. - -All other parameters are the same as in response object of ``monitor_cond`` -method. - -Like in ``monitor_cond``, subsequent changes that match conditions in - are automatically sent to the client, but using -``update3`` monitor notification (see Section 4.1.16), instead of ``update2``. - -4.1.16 Update3 notification ---------------------------- - -The ``update3`` notification is sent by the server to the client to report -changes in tables that are being monitored following a ``monitor_cond_since`` -request as described above. The notification has the following members:: - - "method": "update3" - "params": [, , ] - "id": null - -The is the same as described in the response object of -``monitor_cond_since``. - -All other parameters are the same as in ``update2`` monitor notification (see -Section 4.1.14). - -4.1.17 Get Server ID --------------------- - -A new RPC method added in Open vSwitch version 2.7. The request contains the -following members:: - - "method": "get_server_id" - "params": null - "id": - -The response object contains the following members:: - - "result": "" - "error": null - "id": same "id" as request - - is JSON string that contains a UUID that uniquely identifies the -running OVSDB server process. A fresh UUID is generated when the process -restarts. - -4.1.18 Database Change Awareness --------------------------------- - -RFC 7047 does not provide a way for a client to find out about some kinds of -configuration changes, such as about databases added or removed while a client -is connected to the server, or databases changing between read/write and -read-only due to a transition between active and backup roles. Traditionally, -``ovsdb-server`` disconnects all of its clients when this happens, because this -prompts a well-written client to reassess what is available from the server -when it reconnects. - -OVS 2.9 provides a way for clients to keep track of these kinds of changes, by -monitoring the ``Database`` table in the ``_Server`` database introduced in -this release (see ``ovsdb-server(5)`` for details). By itself, this does not -suppress ``ovsdb-server`` disconnection behavior, because a client might -monitor this database without understanding its special semantics. Instead, -``ovsdb-server`` provides a special request:: - - "method": "set_db_change_aware" - "params": [] - "id": - -If the boolean in the request is true, it suppresses the connection-closing -behavior for the current connection, and false restores the default behavior. -The reply is always the same:: - - "result": {} - "error": null - "id": same "id" as request - -4.1.19 Schema Conversion ------------------------- - -Open vSwitch 2.9 adds a new JSON-RPC request to convert an online database from -one schema to another. The request contains the following members:: - - "method": "convert" - "params": [, ] - "id": - -Upon receipt, the server converts database to schema -. The schema's name must be . The conversion is -atomic, consistent, isolated, and durable. The data in the database must be -valid when interpreted under , with only one exception: data -for tables and columns that do not exist in the new schema are ignored. -Columns that exist in but not in the database are set to -their default values. All of the new schema's constraints apply in full. - -If the conversion is successful, the server notifies clients that use the -``set_db_change_aware`` RPC introduced in Open vSwitch 2.9 and cancels their -outstanding transactions and monitors. The server disconnects other clients, -enabling them to notice the change when they reconnect. The server sends the -following reply:: - - "result": {} - "error": null - "id": same "id" as request - -If the conversion fails, then the server sends an error reply in the following -form:: - - "result": null - "error": [] - "id": same "id" as request - -5.1 Notation ------------- - -For , RFC 7047 only allows the use of ``!=``, ``==``, ``includes``, -and ``excludes`` operators with set types. Open vSwitch 2.4 and later extend - to allow the use of ``<``, ``<=``, ``>=``, and ``>`` operators with -a column with type "set of 0 or 1 integer" and an integer argument, and with -"set of 0 or 1 real" and a real argument. These conditions evaluate to false -when the column is empty, and otherwise as described in RFC 7047 for integer -and real types. - - is specified in Section 5.1 in the RFC with the following change: A -condition can be either a 3-element JSON array as described in the RFC or a -boolean value. In case of an empty array an implicit true boolean value will be -considered. - -5.2.6 Wait, 5.2.7 Commit, 5.2.9 Comment ---------------------------------------- - -RFC 7047 says that the ``wait``, ``commit``, and ``comment`` operations have no -corresponding result object. This is not true. Instead, when such an -operation is successful, it yields a result object with no members. diff --git a/Documentation/ref/ovsdb.5.rst b/Documentation/ref/ovsdb.5.rst deleted file mode 100644 index 33f2583b8..000000000 --- a/Documentation/ref/ovsdb.5.rst +++ /dev/null @@ -1,308 +0,0 @@ -.. - Copyright (c) 2017 Nicira, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - - Convention for heading levels in OVN documentation: - - ======= Heading 0 (reserved for the title in a document) - ------- Heading 1 - ~~~~~~~ Heading 2 - +++++++ Heading 3 - ''''''' Heading 4 - - Avoid deeper levels because they do not render well. - -===== -ovsdb -===== - -Description -=========== - -OVSDB, the Open vSwitch Database, is a database system whose network protocol -is specified by RFC 7047. The RFC does not specify an on-disk storage format. -The OVSDB implementation in Open vSwitch implements two storage formats: one -for standalone (and active-backup) databases, and the other for clustered -databases. This manpage documents both of these formats. - -Most users do not need to be concerned with this specification. Instead, -to manipulate OVSDB files, refer to `ovsdb-tool(1)`. For an -introduction to OVSDB as a whole, read `ovsdb(7)`. - -OVSDB files explicitly record changes that are implied by the database schema. -For example, the OVSDB "garbage collection" feature means that when a client -removes the last reference to a garbage-collected row, the database server -automatically removes that row. The database file explicitly records the -deletion of the garbage-collected row, so that the reader does not need to -infer it. - -OVSDB files do not include the values of ephemeral columns. - -Standalone and clustered database files share the common structure described -here. They are text files encoded in UTF-8 with LF (U+000A) line ends, -organized as append-only series of records. Each record consists of 2 lines of -text. - -The first line in each record has the format ``OVSDB ``, -where is ``JSON`` for standalone databases or ``CLUSTER`` for clustered -databases, is a positive decimal integer, and is a SHA-1 -checksum expressed as 40 hexadecimal digits. Words in the first line must be -separated by exactly one space. - -The second line must be exactly *length* bytes long (including the LF) and its -SHA-1 checksum (including the LF) must match *hash* exactly. The line's -contents must be a valid JSON object as specified by RFC 4627. Strings in the -JSON object must be valid UTF-8. To ensure that the second line is exactly one -line of text, the OVSDB implementation expresses any LF characters within a -JSON string as ``\n``. For the same reason, and to save space, the OVSDB -implementation does not "pretty print" the JSON object with spaces and LFs. -(The OVSDB implementation tolerates LFs when reading an OVSDB database file, as -long as *length* and *hash* are correct.) - -JSON Notation -------------- - -We use notation from RFC 7047 here to describe the JSON data in records. -In addition to the notation defined there, we add the following: - - - A 36-character JSON string that contains a UUID in the format described by - RFC 4122, e.g. ``"550e8400-e29b-41d4-a716-446655440000"`` - -Standalone Format ------------------ - -The first record in a standalone database contains the JSON schema for the -database, as specified in RFC 7047. Only this record is mandatory (a -standalone file that contains only a schema represents an empty database). - -The second and subsequent records in a standalone database are transaction -records. Each record may have the following optional special members, -which do not have any semantics but are often useful to administrators -looking through a database log with ``ovsdb-tool show-log``: - -``"_date": `` - The time at which the transaction was committed, as an integer number of - milliseconds since the Unix epoch. Early versions of OVSDB counted seconds - instead of milliseconds; these can be detected by noticing that their - values are less than 2**32. - - OVSDB always writes a ``_date`` member. - -``"_comment": `` - A JSON string that specifies the comment provided in a transaction - ``comment`` operation. If a transaction has multiple ``comment`` - operations, OVSDB concatenates them into a single ``_comment`` member, - separated by a new-line. - - OVSDB only writes a ``_comment`` member if it would be a nonempty string. - -Each of these records also has one or more additional members, each of which -maps from the name of a database table to a : - - - A JSON object that describes the effects of a transaction on a database - table. Its names are s for rows in the table and its values are - s. - - - Either ``null``, which indicates that the transaction deleted this row, or - a JSON object that describes how the transaction inserted or modified the - row, whose names are the names of columns and whose values are s - that give the column's new value. - - For new rows, the OVSDB implementation omits columns whose values have the - default values for their types defined in RFC 7047 section 5.2.1; for - modified rows, the OVSDB implementation omits columns whose values are - unchanged. - -Clustered Format ----------------- - -The clustered format has the following additional notation: - - - A JSON integer that represents a 64-bit unsigned integer. The OVS JSON - implementation only supports integers in the range -2**63 through 2**63-1, - so 64-bit unsigned integer values from 2**63 through 2**64-1 are expressed - as negative numbers. - -
- A JSON string that represents a network address to support clustering, in - the ``::`` syntax described in ``ovsdb-tool(1)``. - - - A JSON object whose names are s that identify servers and - whose values are
es that specify those servers' addresses. - - - A JSON array with two elements: - - 1. The first element is either a or ``null``. A - element is always present in the first record of a - clustered database to indicate the database's initial schema. If it is - not ``null`` in a later record, it indicates a change of schema for the - database. - - 2. The second element is either a transaction record in the format - described under ``Standalone Format'' above, or ``null``. - - When a schema is present, the transaction record is relative to an empty - database. That is, a schema change effectively resets the database to - empty and the transaction record represents the full database contents. - This allows readers to be ignorant of the full semantics of schema change. - -The first record in a clustered database contains the following members, -all of which are required: - -``"server_id": `` - The server's own UUID, which must be unique within the cluster. - -``"local_address":
`` - The address on which the server listens for connections from other - servers in the cluster. - -``name": `` - The database schema name. It is only important when a server is in the - process of joining a cluster: a server will only join a cluster if the - name matches. (If the database schema name were unique, then we would - not also need a cluster ID.) - -``"cluster_id": `` - The cluster's UUID. The all-zeros UUID is not a valid cluster ID. - -``"prev_term": `` and ``"prev_index": `` - The Raft term and index just before the beginning of the log. - -``"prev_servers": `` - The set of one or more servers in the cluster at index "prev_index" and - term "prev_term". It might not include this server, if it was not the - initial server in the cluster. - -``"prev_data": `` and ``"prev_eid": `` - A snapshot of the data in the database at index "prev_index" and term - "prev_term", and the entry ID for that data. The snapshot must contain a - schema. - -The second and subsequent records, if present, in a clustered database -represent changes to the database, to the cluster state, or both. There are -several types of these records. The most important types of records directly -represent persistent state described in the Raft specification: - -Entry - A Raft log entry. - -Term - The start of a new term. - -Vote - The server's vote for a leader in the current term. - -The following additional types of records aid debugging and troubleshooting, -but they do not affect correctness. - -Leader - Identifies a newly elected leader for the current term. - -Commit Index - An update to the server's ``commit_index``. - -Note - A human-readable description of some event. - -The table below identifies the members that each type of record contains. -"yes" indicates that a member is required, "?" that it is optional, blank that -it is forbidden, and [1] that ``data`` and ``eid`` must be either both present -or both absent. - -============ ===== ==== ==== ====== ============ ==== -member Entry Term Vote Leader Commit Index Note -============ ===== ==== ==== ====== ============ ==== -comment ? ? ? ? ? ? -term yes yes yes yes -index yes -servers ? -data [1] -eid [1] -vote yes -leader yes -commit_index yes -note yes -============ ===== ==== ==== ====== ============ ==== - -The members are: - -``"comment": `` - A human-readable string giving an administrator more information about - the reason a record was emitted. - -``"term": `` - The term in which the activity occurred. - -``"index": `` - The index of a log entry. - -``"servers": `` - Server configuration in a log entry. - -``"data": `` - The data in a log entry. - -``"eid": `` - Entry ID in a log entry. - -``"vote": `` - The server ID for which this server voted. - -``"leader": `` - The server ID of the server. Emitted by both leaders and followers when a - leader is elected. - -``"commit_index": `` - Updated ``commit_index`` value. - -``"note": `` - One of a few special strings indicating important events. The currently - defined strings are: - - ``"transfer leadership"`` - This server transferred leadership to a different server (with details - included in ``comment``). - - ``"left"`` - This server finished leaving the cluster. (This lets subsequent - readers know that the server is not part of the cluster and should not - attempt to connect to it.) - -Joining a Cluster -~~~~~~~~~~~~~~~~~ - -In addition to general format for a clustered database, there is also a special -case for a database file created by ``ovsdb-tool join-cluster``. Such a file -contains exactly one record, which conveys the information passed to the -``join-cluster`` command. It has the following members: - -``"server_id": `` and ``"local_address":
`` and ``"name": `` - These have the same semantics described above in the general description - of the format. - -``"cluster_id": `` - This is provided only if the user gave the ``--cid`` option to - ``join-cluster``. It has the same semantics described above. - -``"remote_addresses"; [
*]`` - One or more remote servers to contact for joining the cluster. - -When the server successfully joins the cluster, the database file is replaced -by one described in `Clustered Format`_. diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst deleted file mode 100644 index 87b9445cf..000000000 --- a/Documentation/ref/ovsdb.7.rst +++ /dev/null @@ -1,650 +0,0 @@ -.. - Copyright (c) 2017 Nicira, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - - Convention for heading levels in OVN documentation: - - ======= Heading 0 (reserved for the title in a document) - ------- Heading 1 - ~~~~~~~ Heading 2 - +++++++ Heading 3 - ''''''' Heading 4 - - Avoid deeper levels because they do not render well. - -===== -ovsdb -===== - -Description -=========== - -OVSDB, the Open vSwitch Database, is a network-accessible database system. -Schemas in OVSDB specify the tables in a database and their columns' types and -can include data, uniqueness, and referential integrity constraints. OVSDB -offers atomic, consistent, isolated, durable transactions. RFC 7047 specifies -the JSON-RPC based protocol that OVSDB clients and servers use to communicate. - -The OVSDB protocol is well suited for state synchronization because it -allows each client to monitor the contents of a whole database or a subset -of it. Whenever a monitored portion of the database changes, the server -tells the client what rows were added or modified (including the new -contents) or deleted. Thus, OVSDB clients can easily keep track of the -newest contents of any part of the database. - -While OVSDB is general-purpose and not particularly specialized for use with -Open vSwitch, Open vSwitch does use it for multiple purposes. The leading use -of OVSDB is for configuring and monitoring ``ovs-vswitchd(8)``, the Open -vSwitch switch daemon, using the schema documented in -``ovs-vswitchd.conf.db(5)``. The Open Virtual Network (OVN) sub-project of OVS -uses two OVSDB schemas, documented in ``ovn-nb(5)`` and ``ovn-sb(5)``. -Finally, Open vSwitch includes the "VTEP" schema, documented in -``vtep(5)`` that many third-party hardware switches support for -configuring VXLAN, although OVS itself does not directly use this schema. - -The OVSDB protocol specification allows independent, interoperable -implementations of OVSDB to be developed. Open vSwitch includes an OVSDB -server implementation named ``ovsdb-server(1)``, which supports several -protocol extensions documented in its manpage, and a basic command-line OVSDB -client named ``ovsdb-client(1)``, as well as OVSDB client libraries for C and -for Python. Open vSwitch documentation often speaks of these OVSDB -implementations in Open vSwitch as simply "OVSDB," even though that is distinct -from the OVSDB protocol; we make the distinction explicit only when it might -otherwise be unclear from the context. - -In addition to these generic OVSDB server and client tools, Open vSwitch -includes tools for working with databases that have specific schemas: -``ovs-vsctl`` works with the ``ovs-vswitchd`` configuration database, -``vtep-ctl`` works with the VTEP database, ``ovn-nbctl`` works with -the OVN Northbound database, and so on. - -RFC 7047 specifies the OVSDB protocol but it does not specify an on-disk -storage format. Open vSwitch includes ``ovsdb-tool(1)`` for working with its -own on-disk database formats. The most notable feature of this format is that -``ovsdb-tool(1)`` makes it easy for users to print the transactions that have -changed a database since the last time it was compacted. This feature is often -useful for troubleshooting. - -Schemas -======= - -Schemas in OVSDB have a JSON format that is specified in RFC 7047. They -are often stored in files with an extension ``.ovsschema``. An -on-disk database in OVSDB includes a schema and data, embedding both into a -single file. The Open vSwitch utility ``ovsdb-tool`` has commands -that work with schema files and with the schemas embedded in database -files. - -An Open vSwitch schema has three important identifiers. The first is its -name, which is also the name used in JSON-RPC calls to identify a database -based on that schema. For example, the schema used to configure Open -vSwitch has the name ``Open_vSwitch``. Schema names begin with a -letter or an underscore, followed by any number of letters, underscores, or -digits. The ``ovsdb-tool`` commands ``schema-name`` and -``db-name`` extract the schema name from a schema or database -file, respectively. - -An OVSDB schema also has a version of the form ``x.y.z`` e.g. ``1.2.3``. -Schemas managed within the Open vSwitch project manage version numbering in the -following way (but OVSDB does not mandate this approach). Whenever we change -the database schema in a non-backward compatible way (e.g. when we delete a -column or a table), we increment and set and to 0. When we change -the database schema in a backward compatible way (e.g. when we add a new -column), we increment and set to 0. When we change the database schema -cosmetically (e.g. we reindent its syntax), we increment . The -``ovsdb-tool`` commands ``schema-version`` and ``db-version`` extract the -schema version from a schema or database file, respectively. - -Very old OVSDB schemas do not have a version, but RFC 7047 mandates it. - -An OVSDB schema optionally has a "checksum." RFC 7047 does not specify the use -of the checksum and recommends that clients ignore it. Open vSwitch uses the -checksum to remind developers to update the version: at build time, if the -schema's embedded checksum, ignoring the checksum field itself, does not match -the schema's content, then it fails the build with a recommendation to update -the version and the checksum. Thus, a developer who changes the schema, but -does not update the version, receives an automatic reminder. In practice this -has been an effective way to ensure compliance with the version number policy. -The ``ovsdb-tool`` commands ``schema-cksum`` and ``db-cksum`` extract the -schema checksum from a schema or database file, respectively. - -Service Models -============== - -OVSDB supports three service models for databases: **standalone**, -**active-backup**, and **clustered**. The service models provide different -compromises among consistency, availability, and partition tolerance. They -also differ in the number of servers required and in terms of performance. The -standalone and active-backup database service models share one on-disk format, -and clustered databases use a different format, but the OVSDB programs work -with both formats. ``ovsdb(5)`` documents these file formats. - -RFC 7047, which specifies the OVSDB protocol, does not mandate or specify -any particular service model. - -The following sections describe the individual service models. - -Standalone Database Service Model ---------------------------------- - -A **standalone** database runs a single server. If the server stops running, -the database becomes inaccessible, and if the server's storage is lost or -corrupted, the database's content is lost. This service model is appropriate -when the database controls a process or activity to which it is linked via -"fate-sharing." For example, an OVSDB instance that controls an Open vSwitch -virtual switch daemon, ``ovs-vswitchd``, is a standalone database because a -server failure would take out both the database and the virtual switch. - -To set up a standalone database, use ``ovsdb-tool create`` to -create a database file, then run ``ovsdb-server`` to start the -database service. - -To configure a client, such as ``ovs-vswitchd`` or ``ovs-vsctl``, to use a -standalone database, configure the server to listen on a "connection method" -that the client can reach, then point the client to that connection method. -See `Connection Methods`_ below for information about connection methods. - -Active-Backup Database Service Model ------------------------------------- - -An **active-backup** database runs two servers (on different hosts). At any -given time, one of the servers is designated with the **active** role and the -other the **backup** role. An active server behaves just like a standalone -server. A backup server makes an OVSDB connection to the active server and -uses it to continuously replicate its content as it changes in real time. -OVSDB clients can connect to either server but only the active server allows -data modification or lock transactions. - -Setup for an active-backup database starts from a working standalone database -service, which is initially the active server. On another node, to set up a -backup server, create a database file with the same schema as the active -server. The initial contents of the database file do not matter, as long as -the schema is correct, so ``ovsdb-tool create`` will work, as will copying the -database file from the active server. Then use -``ovsdb-server --sync-from=`` to start the backup server, where - is an OVSDB connection method (see `Connection Methods`_ below) that -connects to the active server. At that point, the backup server will fetch a -copy of the active database and keep it up-to-date until it is killed. - -When the active server in an active-backup server pair fails, an administrator -can switch the backup server to an active role with the ``ovs-appctl`` command -``ovsdb-server/disconnect-active-ovsdb-server``. Clients then have read/write -access to the now-active server. Of course, administrators are slow to respond -compared to software, so in practice external management software detects the -active server's failure and changes the backup server's role. For example, the -"Integration Guide for Centralized Control" in the Open vSwitch documentation -describes how to use Pacemaker for this purpose in OVN. - -Suppose an active server fails and its backup is promoted to active. If the -failed server is revived, it must be started as a backup server. Otherwise, if -both servers are active, then they may start out of sync, if the database -changed while the server was down, and they will continue to diverge over time. -This also happens if the software managing the database servers cannot reach -the active server and therefore switches the backup to active, but other hosts -can reach both servers. These "split-brain" problems are unsolvable in general -for server pairs. - -Compared to a standalone server, the active-backup service model -somewhat increases availability, at a risk of split-brain. It adds -generally insignificant performance overhead. On the other hand, the -clustered service model, discussed below, requires at least 3 servers -and has greater performance overhead, but it avoids the need for -external management software and eliminates the possibility of -split-brain. - -Open vSwitch 2.6 introduced support for the active-backup service model. - -Clustered Database Service Model --------------------------------- - -A **clustered** database runs across 3 or 5 or more database servers (the -**cluster**) on different hosts. Servers in a cluster automatically -synchronize writes within the cluster. A 3-server cluster can remain available -in the face of at most 1 server failure; a 5-server cluster tolerates up to 2 -failures. Clusters larger than 5 servers will also work, with every 2 added -servers allowing the cluster to tolerate 1 more failure, but write performance -decreases. The number of servers should be odd: a 4- or 6-server cluster -cannot tolerate more failures than a 3- or 5-server cluster, respectively. - -To set up a clustered database, first initialize it on a single node by running -``ovsdb-tool create-cluster``, then start ``ovsdb-server``. Depending on its -arguments, the ``create-cluster`` command can create an empty database or copy -a standalone database's contents into the new database. - -To configure a client, such as ``ovn-controller`` or ``ovn-sbctl``, to use a -clustered database, first configure all of the servers to listen on a -connection method that the client can reach, then point the client to all of -the servers' connection methods, comma-separated. See `Connection Methods`_, -below, for more detail. - -Open vSwitch 2.9 introduced support for the clustered service model. - -How to Maintain a Clustered Database -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To add a server to a cluster, run ``ovsdb-tool join-cluster`` on the new server -and start ``ovsdb-server``. To remove a running server from a cluster, use -``ovs-appctl`` to invoke the ``cluster/leave`` command. When a server fails -and cannot be recovered, e.g. because its hard disk crashed, or to otherwise -remove a server that is down from a cluster, use ``ovs-appctl`` to invoke -``cluster/kick`` to make the remaining servers kick it out of the cluster. - -The above methods for adding and removing servers only work for healthy -clusters, that is, for clusters with no more failures than their maximum -tolerance. For example, in a 3-server cluster, the failure of 2 servers -prevents servers joining or leaving the cluster (as well as database access). -To prevent data loss or inconsistency, the preferred solution to this problem -is to bring up enough of the failed servers to make the cluster healthy again, -then if necessary remove any remaining failed servers and add new ones. If -this cannot be done, though, use ``ovs-appctl`` to invoke ``cluster/leave ---force`` on a running server. This command forces the server to which it is -directed to leave its cluster and form a new single-node cluster that contains -only itself. The data in the new cluster may be inconsistent with the former -cluster: transactions not yet replicated to the server will be lost, and -transactions not yet applied to the cluster may be committed. Afterward, any -servers in its former cluster will regard the server to have failed. - -Once a server leaves a cluster, it may never rejoin it. Instead, create a new -server and join it to the cluster. - -The servers in a cluster synchronize data over a cluster management protocol -that is specific to Open vSwitch; it is not the same as the OVSDB protocol -specified in RFC 7047. For this purpose, a server in a cluster is tied to a -particular IP address and TCP port, which is specified in the ``ovsdb-tool`` -command that creates or joins the cluster. The TCP port used for clustering -must be different from that used for OVSDB clients. To change the port or -address of a server in a cluster, first remove it from the cluster, then add it -back with the new address. - -To upgrade the ``ovsdb-server`` processes in a cluster from one version of Open -vSwitch to another, upgrading them one at a time will keep the cluster healthy -during the upgrade process. (This is different from upgrading a database -schema, which is covered later under `Upgrading or Downgrading a Database`_.) - -Clustered OVSDB does not support the OVSDB "ephemeral columns" feature. -``ovsdb-tool`` and ``ovsdb-client`` change ephemeral columns into persistent -ones when they work with schemas for clustered databases. Future versions of -OVSDB might add support for this feature. - -Understanding Cluster Consistency -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To ensure consistency, clustered OVSDB uses the Raft algorithm described in -Diego Ongaro's Ph.D. thesis, "Consensus: Bridging Theory and Practice". In an -operational Raft cluster, at any given time a single server is the "leader" and -the other nodes are "followers". Only the leader processes transactions, but a -transaction is only committed when a majority of the servers confirm to the -leader that they have written it to persistent storage. - -In most database systems, read and write access to the database happens through -transactions. In such a system, Raft allows a cluster to present a strongly -consistent transactional interface. OVSDB uses conventional transactions for -writes, but clients often effectively do reads a different way, by asking the -server to "monitor" a database or a subset of one on the client's behalf. -Whenever monitored data changes, the server automatically tells the client what -changed, which allows the client to maintain an accurate snapshot of the -database in its memory. Of course, at any given time, the snapshot may be -somewhat dated since some of it could have changed without the change -notification yet being received and processed by the client. - -Given this unconventional usage model, OVSDB also adopts an unconventional -clustering model. Each server in a cluster acts independently for the purpose -of monitors and read-only transactions, without verifying that data is -up-to-date with the leader. Servers forward transactions that write to the -database to the leader for execution, ensuring consistency. This has the -following consequences: - -* Transactions that involve writes, against any server in the cluster, are - linearizable if clients take care to use correct prerequisites, which is the - same condition required for linearizability in a standalone OVSDB. - (Actually, "at-least-once" consistency, because OVSDB does not have a session - mechanism to drop duplicate transactions if a connection drops after the - server commits it but before the client receives the result.) - -* Read-only transactions can yield results based on a stale version of the - database, if they are executed against a follower. Transactions on the - leader always yield fresh results. (With monitors, as explained above, a - client can always see stale data even without clustering, so clustering does - not change the consistency model for monitors.) - -* Monitor-based (or read-heavy) workloads scale well across a cluster, because - clustering OVSDB adds no additional work or communication for reads and - monitors. - -* A write-heavy client should connect to the leader, to avoid the overhead of - followers forwarding transactions to the leader. - -* When a client conducts a mix of read and write transactions across more than - one server in a cluster, it can see inconsistent results because a read - transaction might read stale data whose updates have not yet propagated from - the leader. By default, ``ovn-sbctl`` and similar utilities connect to the - cluster leader to avoid this issue. - - The same might occur for transactions against a single follower except that - the OVSDB server ensures that the results of a write forwarded to the leader - by a given server are visible at that server before it replies to the - requesting client. - -* If a client uses a database on one server in a cluster, then another server - in the cluster (perhaps because the first server failed), the client could - observe stale data. Clustered OVSDB clients, however, can use a column in - the ``_Server`` database to detect that data on a server is older than data - that the client previously read. The OVSDB client library in Open vSwitch - uses this feature to avoid servers with stale data. - -Database Replication -==================== - -OVSDB can layer **replication** on top of any of its service models. -Replication, in this context, means to make, and keep up-to-date, a read-only -copy of the contents of a database (the ``replica``). One use of replication -is to keep an up-to-date backup of a database. A replica used solely for -backup would not need to support clients of its own. A set of replicas that do -serve clients could be used to scale out read access to the primary database. - -A database replica is set up in the same way as a backup server in an -active-backup pair, with the difference that the replica is never promoted to -an active role. - -A database can have multiple replicas. - -Open vSwitch 2.6 introduced support for database replication. - -Connection Methods -================== - -An OVSDB **connection method** is a string that specifies how to make a -JSON-RPC connection between an OVSDB client and server. Connection methods are -part of the Open vSwitch implementation of OVSDB and not specified by RFC 7047. -``ovsdb-server`` uses connection methods to specify how it should listen for -connections from clients and ``ovsdb-client`` uses them to specify how it -should connect to a server. Connections in the opposite direction, where -``ovsdb-server`` connects to a client that is configured to listen for an -incoming connection, are also possible. - -Connection methods are classified as **active** or **passive**. An active -connection method makes an outgoing connection to a remote host; a passive -connection method listens for connections from remote hosts. The most common -arrangement is to configure an OVSDB server with passive connection methods and -clients with active ones, but the OVSDB implementation in Open vSwitch supports -the opposite arrangement as well. - -OVSDB supports the following active connection methods: - -ssl:: - The specified SSL or TLS on the given . - -tcp:: - The specified TCP on the given . - -unix: - On Unix-like systems, connect to the Unix domain server socket named - . - - On Windows, connect to a local named pipe that is represented by a file - created in the path to mimic the behavior of a Unix domain socket. - -,,..., - For a clustered database service to be highly available, a client must be - able to connect to any of the servers in the cluster. To do so, specify - connection methods for each of the servers separated by commas (and - optional spaces). - - In theory, if machines go up and down and IP addresses change in the right - way, a client could talk to the wrong instance of a database. To avoid - this possibility, add ``cid:`` to the list of methods, where - is the cluster ID of the desired database cluster, as printed by - ``ovsdb-tool db-cid``. This feature is optional. - -OVSDB supports the following passive connection methods: - -pssl:[:] - Listen on the given TCP for SSL or TLS connections. By default, - connections are not bound to a particular local IP address. Specifying - limits connections to those from the given IP. - -ptcp:[:] - Listen on the given TCP . By default, connections are not bound to a - particular local IP address. Specifying limits connections to those - from the given IP. - -punix: - On Unix-like systems, listens for connections on the Unix domain socket - named . - - On Windows, listens on a local named pipe, creating a named pipe - to mimic the behavior of a Unix domain socket. - -All IP-based connection methods accept IPv4 and IPv6 addresses. To specify an -IPv6 address, wrap it in square brackets, e.g. ``ssl:[::1]:6640``. Passive -IP-based connection methods by default listen for IPv4 connections only; use -``[::]`` as the address to accept both IPv4 and IPv6 connections, -e.g. ``pssl:6640:[::]``. DNS names are also accepted if built with unbound -library. On Linux, use ``%`` to designate a scope for IPv6 link-level -addresses, e.g. ``ssl:[fe80::1234%eth0]:6653``. - -The may be omitted from connection methods that use a port number. The -default for TCP-based connection methods is 6640, e.g. ``pssl:`` is -equivalent to ``pssl:6640``. In Open vSwitch prior to version 2.4.0, the -default port was 6632. To avoid incompatibility between older and newer -versions, we encourage users to specify a port number. - -The ``ssl`` and ``pssl`` connection methods requires additional configuration -through ``--private-key``, ``--certificate``, and ``--ca-cert`` command line -options. Open vSwitch can be built without SSL support, in which case these -connection methods are not supported. - -Database Life Cycle -=================== - -This section describes how to handle various events in the life cycle of -a database using the Open vSwitch implementation of OVSDB. - -Creating a Database -------------------- - -Creating and starting up the service for a new database was covered -separately for each database service model in the `Service -Models`_ section, above. - -Backing Up and Restoring a Database ------------------------------------ - -OVSDB is often used in contexts where the database contents are not -particularly valuable. For example, in many systems, the database for -configuring ``ovs-vswitchd`` is essentially rebuilt from scratch -at boot time. It is not worthwhile to back up these databases. - -When OVSDB is used for valuable data, a backup strategy is worth -considering. One way is to use database replication, discussed above in -`Database Replication`_ which keeps an online, up-to-date -copy of a database, possibly on a remote system. This works with all OVSDB -service models. - -A more common backup strategy is to periodically take and store a snapshot. -For the standalone and active-backup service models, making a copy of the -database file, e.g. using ``cp``, effectively makes a snapshot, and because -OVSDB database files are append-only, it works even if the database is being -modified when the snapshot takes place. This approach does not work for -clustered databases. - -Another way to make a backup, which works with all OVSDB service models, is to -use ``ovsdb-client backup``, which connects to a running database server and -outputs an atomic snapshot of its schema and content, in the same format used -for standalone and active-backup databases. - -Multiple options are also available when the time comes to restore a database -from a backup. For the standalone and active-backup service models, one option -is to stop the database server or servers, overwrite the database file with the -backup (e.g. with ``cp``), and then restart the servers. Another way, which -works with any service model, is to use ``ovsdb-client restore``, which -connects to a running database server and replaces the data in one of its -databases by a provided snapshot. The advantage of ``ovsdb-client restore`` is -that it causes zero downtime for the database and its server. It has the -downside that UUIDs of rows in the restored database will differ from those in -the snapshot, because the OVSDB protocol does not allow clients to specify row -UUIDs. - -None of these approaches saves and restores data in columns that the schema -designates as ephemeral. This is by design: the designer of a schema only -marks a column as ephemeral if it is acceptable for its data to be lost -when a database server restarts. - -Clustering and backup serve different purposes. Clustering increases -availability, but it does not protect against data loss if, for example, a -malicious or malfunctioning OVSDB client deletes or tampers with data. - -Changing Database Service Model -------------------------------- - -Use ``ovsdb-tool create-cluster`` to create a clustered database from the -contents of a standalone database. Use ``ovsdb-tool backup`` to create a -standalone database from the contents of a clustered database. - -Upgrading or Downgrading a Database ------------------------------------ - -The evolution of a piece of software can require changes to the schemas of the -databases that it uses. For example, new features might require new tables or -new columns in existing tables, or conceptual changes might require a database -to be reorganized in other ways. In some cases, the easiest way to deal with a -change in a database schema is to delete the existing database and start fresh -with the new schema, especially if the data in the database is easy to -reconstruct. But in many other cases, it is better to convert the database -from one schema to another. - -The OVSDB implementation in Open vSwitch has built-in support for some simple -cases of converting a database from one schema to another. This support can -handle changes that add or remove database columns or tables or that eliminate -constraints (for example, changing a column that must have exactly one value -into one that has one or more values). It can also handle changes that add -constraints or make them stricter, but only if the existing data in the -database satisfies the new constraints (for example, changing a column that has -one or more values into a column with exactly one value, if every row in the -column has exactly one value). The built-in conversion can cause data loss in -obvious ways, for example if the new schema removes tables or columns, or -indirectly, for example by deleting unreferenced rows in tables that the new -schema marks for garbage collection. - -Converting a database can lose data, so it is wise to make a backup beforehand. - -To use OVSDB's built-in support for schema conversion with a standalone or -active-backup database, first stop the database server or servers, then use -``ovsdb-tool convert`` to convert it to the new schema, and then restart the -database server. - -OVSDB also supports online database schema conversion for any of its database -service models. To convert a database online, use ``ovsdb-client convert``. -The conversion is atomic, consistent, isolated, and durable. ``ovsdb-server`` -disconnects any clients connected when the conversion takes place (except -clients that use the ``set_db_change_aware`` Open vSwitch extension RPC). Upon -reconnection, clients will discover that the schema has changed. - -Schema versions and checksums (see Schemas_ above) can give hints about whether -a database needs to be converted to a new schema. If there is any question, -though, the ``needs-conversion`` command on ``ovsdb-tool`` and ``ovsdb-client`` -can provide a definitive answer. - -Working with Database History ------------------------------ - -Both on-disk database formats that OVSDB supports are organized as a stream of -transaction records. Each record describes a change to the database as a list -of rows that were inserted or deleted or modified, along with the details. -Therefore, in normal operation, a database file only grows, as each change -causes another record to be appended at the end. Usually, a user has no need -to understand this file structure. This section covers some exceptions. - -Compacting Databases --------------------- - -If OVSDB database files were truly append-only, then over time they would grow -without bound. To avoid this problem, OVSDB can **compact** a database file, -that is, replace it by a new version that contains only the current database -contents, as if it had been inserted by a single transaction. From time to -time, ``ovsdb-server`` automatically compacts a database that grows much larger -than its minimum size. - -Because ``ovsdb-server`` automatically compacts databases, it is usually not -necessary to compact them manually, but OVSDB still offers a few ways to do it. -First, ``ovsdb-tool compact`` can compact a standalone or active-backup -database that is not currently being served by ``ovsdb-server`` (or otherwise -locked for writing by another process). To compact any database that is -currently being served by ``ovsdb-server``, use ``ovs-appctl`` to send the -``ovsdb-server/compact`` command. Each server in an active-backup or clustered -database maintains its database file independently, so to compact all of them, -issue this command separately on each server. - -Viewing History ---------------- - -The ``ovsdb-tool`` utility's ``show-log`` command displays the transaction -records in an OVSDB database file in a human-readable format. By default, it -shows minimal detail, but adding the option ``-m`` once or twice increases the -level of detail. In addition to the transaction data, it shows the time and -date of each transaction and any "comment" added to the transaction by the -client. The comments can be helpful for quickly understanding a transaction; -for example, ``ovs-vsctl`` adds its command line to the transactions that it -makes. - -The ``show-log`` command works with both OVSDB file formats, but the details of -the output format differ. For active-backup and clustered databases, the -sequence of transactions in each server's log will differ, even at points when -they reflect the same data. - -Truncating History ------------------- - -It may occasionally be useful to "roll back" a database file to an earlier -point. Because of the organization of OVSDB records, this is easy to do. -Start by noting the record number of the first record to delete in -``ovsdb-tool show-log`` output. Each record is two lines of plain text, so -trimming the log is as simple as running ``head -n ``, where = 2 * . - -Corruption ----------- - -When ``ovsdb-server`` opens an OVSDB database file, of any kind, it reads as -many transaction records as it can from the file until it reaches the end of -the file or it encounters a corrupted record. At that point it stops reading -and regards the data that it has read to this point as the full contents of the -database file, effectively rolling the database back to an earlier point. - -Each transaction record contains an embedded SHA-1 checksum, which the server -verifies as it reads a database file. It detects corruption when a checksum -fails to verify. Even though SHA-1 is no longer considered secure for use in -cryptography, it is acceptable for this purpose because it is not used to -defend against malicious attackers. - -The first record in a standalone or active-backup database file specifies the -schema. ``ovsdb-server`` will refuse to work with a database where this record -is corrupted, or with a clustered database file with corruption in the first -few records. Delete and recreate such a database, or restore it from a backup. - -When ``ovsdb-server`` adds records to a database file in which it detected -corruption, it first truncates the file just after the last good record. - -See Also -======== - -RFC 7047, "The Open vSwitch Database Management Protocol." - -Open vSwitch implementations of generic OVSDB functionality: -``ovsdb-server(1)``, ``ovsdb-client(1)``, ``ovsdb-tool(1)``. - -Tools for working with databases that have specific OVSDB schemas: -``ovs-vsctl(8)``, ``vtep-ctl(8)``, ``ovn-nbctl(8)``, ``ovn-sbctl(8)``. - -OVSDB schemas for Open vSwitch and related functionality: -``ovs-vswitchd.conf.db(5)``, ``vtep(5)``, ``ovn-nb(5)``, ``ovn-sb(5)``. From patchwork Fri May 8 06:05:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1285842 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49JKZD5bKGz9sRY for ; Fri, 8 May 2020 16:05:40 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 52B1187BA3; Fri, 8 May 2020 06:05:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5OD0p8-e3tYJ; Fri, 8 May 2020 06:05:37 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 70A5D87B83; Fri, 8 May 2020 06:05:37 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4D8C4C088B; Fri, 8 May 2020 06:05:37 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9BB95C0889 for ; Fri, 8 May 2020 06:05:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 8C1402152E for ; Fri, 8 May 2020 06:05:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bi3AON2yroAz for ; Fri, 8 May 2020 06:05:22 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) by silver.osuosl.org (Postfix) with ESMTPS id 548932157D for ; Fri, 8 May 2020 06:05:08 +0000 (UTC) X-Originating-IP: 115.99.89.246 Received: from nusiddiq.home.org.com (unknown [115.99.89.246]) (Authenticated sender: numans@ovn.org) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id AF4C91C0007; Fri, 8 May 2020 06:05:05 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Fri, 8 May 2020 11:35:01 +0530 Message-Id: <20200508060501.247103-1-numans@ovn.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200508060325.246679-1-numans@ovn.org> References: <20200508060325.246679-1-numans@ovn.org> MIME-Version: 1.0 Cc: Dave Tucker Subject: [ovs-dev] [PATCH ovn 5/7] Remove Unused Third-Party Folder X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Dave Tucker Submitted-at: https://github.com/ovn-org/ovn/pull/38 Signed-off-by: Dave Tucker Signed-off-by: Numan Siddique --- Makefile.am | 7 +- third-party/.gitignore | 2 - third-party/README.rst | 66 ----------------- third-party/automake.mk | 3 - third-party/ofp-tcpdump.patch | 133 ---------------------------------- 5 files changed, 3 insertions(+), 208 deletions(-) delete mode 100644 third-party/.gitignore delete mode 100644 third-party/README.rst delete mode 100644 third-party/automake.mk delete mode 100644 third-party/ofp-tcpdump.patch diff --git a/Makefile.am b/Makefile.am index 8b49ba255..57cd41a62 100644 --- a/Makefile.am +++ b/Makefile.am @@ -256,7 +256,7 @@ config-h-check: @cd $(srcdir); \ if test -e .git && (git --version) >/dev/null 2>&1 && \ git --no-pager grep -L '#include ' `git ls-files | grep '\.c$$' | \ - grep -vE '^ovs/datapath|^ovs/lib/sflow|^ovs/third-party|^ovs/datapath-windows|^python|^ovs/python'`; \ + grep -vE '^ovs/datapath|^ovs/lib/sflow|^ovs/datapath-windows|^python|^ovs/python'`; \ then \ echo "See above for list of violations of the rule that"; \ echo "every C source file must #include ."; \ @@ -270,7 +270,7 @@ printf-check: @cd $(srcdir); \ if test -e .git && (git --version) >/dev/null 2>&1 && \ git --no-pager grep -n -E -e '%[-+ #0-9.*]*([ztj]|hh)' --and --not -e 'ovs_scan' `git ls-files | grep '\.[ch]$$' | \ - grep -vE '^ovs/datapath|^ovs/lib/sflow|^ovs/third-party'`; \ + grep -vE '^ovs/datapath|^ovs/lib/sflow'`; \ then \ echo "See above for list of violations of the rule that"; \ echo "'z', 't', 'j', 'hh' printf() type modifiers are"; \ @@ -353,7 +353,7 @@ thread-safety-check: if test -e .git && (git --version) >/dev/null 2>&1 && \ grep -n -f build-aux/thread-safety-blacklist \ `git ls-files | grep '\.[ch]$$' \ - | $(EGREP) -v '^ovs/datapath|^ovs/lib/sflow|^ovs/third-party'` /dev/null \ + | $(EGREP) -v '^ovs/datapath|^ovs/lib/sflow'` /dev/null \ | $(EGREP) -v ':[ ]*/?\*'; \ then \ echo "See above for list of calls to functions that are"; \ @@ -493,7 +493,6 @@ include lib/automake.mk include utilities/automake.mk include tests/automake.mk include include/automake.mk -include third-party/automake.mk include debian/automake.mk include lib/ovsdb_automake.mk include rhel/automake.mk diff --git a/third-party/.gitignore b/third-party/.gitignore deleted file mode 100644 index b336cc7ce..000000000 --- a/third-party/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/Makefile -/Makefile.in diff --git a/third-party/README.rst b/third-party/README.rst deleted file mode 100644 index c4dc42601..000000000 --- a/third-party/README.rst +++ /dev/null @@ -1,66 +0,0 @@ -.. - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - - Convention for heading levels in OVN documentation: - - ======= Heading 0 (reserved for the title in a document) - ------- Heading 1 - ~~~~~~~ Heading 2 - +++++++ Heading 3 - ''''''' Heading 4 - - Avoid deeper levels because they do not render well. - -================================ -Third-party software integration -================================ - -This directory contains third-party software that may be useful for debugging. - -tcpdump -------- - -The ``ofp-tcpdump.patch`` patch adds the ability to parse OpenFlow messages to -tcpdump. These instructions assume that tcpdump 4.3.0 is going to be used, but -it should work with other versions that are not substantially different. To -begin, download tcpdump and apply the patch: - -:: - - $ wget http://www.tcpdump.org/release/tcpdump-4.3.0.tar.gz - $ tar xzf tcpdump-4.3.0.tar.gz - $ ln -s tcpdump-4.3.0 tcpdump - $ patch -p0 < ofp-tcpdump.patch - -Then build the new version of tcpdump: - -:: - - $ cd tcpdump - $ ./configure - $ make - -Clearly, tcpdump can only parse unencrypted packets, so you will need to -connect the controller and datapath using plain TCP. To look at the traffic, -tcpdump will be started in a manner similar to the following: - -:: - - $ sudo ./tcpdump -s0 -i eth0 port 6653 - -The ``-s0`` flag indicates that tcpdump should capture the entire packet. If -the OpenFlow message is not received in its entirety, ``[|openflow]`` will be -printed instead of the OpenFlow message contents. - -The verbosity of the output may be increased by adding additional ``-v`` flags. -If ``-vvv`` is used, the raw OpenFlow data is also printed in hex and ASCII. diff --git a/third-party/automake.mk b/third-party/automake.mk deleted file mode 100644 index dd7bf4184..000000000 --- a/third-party/automake.mk +++ /dev/null @@ -1,3 +0,0 @@ -EXTRA_DIST += \ - third-party/ofp-tcpdump.patch \ - third-party/README.rst diff --git a/third-party/ofp-tcpdump.patch b/third-party/ofp-tcpdump.patch deleted file mode 100644 index 56b35716c..000000000 --- a/third-party/ofp-tcpdump.patch +++ /dev/null @@ -1,133 +0,0 @@ ---- tcpdump/interface.h 2007-06-13 18:03:20.000000000 -0700 -+++ tcpdump/interface.h 2008-04-15 18:28:55.000000000 -0700 -@@ -130,7 +130,8 @@ - - extern const char *dnaddr_string(u_short); - --extern void error(const char *, ...) -+#define error(fmt, args...) tcpdump_error(fmt, ## args) -+extern void tcpdump_error(const char *, ...) - __attribute__((noreturn, format (printf, 1, 2))); - extern void warning(const char *, ...) __attribute__ ((format (printf, 1, 2))); - -@@ -163,6 +164,7 @@ - extern void hex_print_with_offset(const char *, const u_char *, u_int, u_int); - extern void hex_print(const char *, const u_char *, u_int); - extern void telnet_print(const u_char *, u_int); -+extern void openflow_print(const u_char *, u_int); - extern int llc_print(const u_char *, u_int, u_int, const u_char *, - const u_char *, u_short *); - extern int snap_print(const u_char *, u_int, u_int, u_int); ---- tcpdump/Makefile.in 2012-06-13 04:56:20.000000000 +1200 -+++ tcpdump/Makefile.in 2012-08-29 21:36:37.000000000 +1200 -@@ -43,7 +43,7 @@ - CC = @CC@ - PROG = tcpdump - CCOPT = @V_CCOPT@ --INCLS = -I. @V_INCLS@ -+INCLS = -I. @V_INCLS@ -I../../include - DEFS = @DEFS@ @CPPFLAGS@ @V_DEFS@ - - # Standard CFLAGS -@@ -51,10 +51,10 @@ - FULL_CFLAGS = $(CCOPT) $(DEFS) $(INCLS) $(CFLAGS) - - # Standard LDFLAGS --LDFLAGS = @LDFLAGS@ -+LDFLAGS = @LDFLAGS@ -L../../lib - - # Standard LIBS --LIBS = @LIBS@ -+LIBS = @LIBS@ -lopenvswitch -lssl -lrt -lm - - INSTALL = @INSTALL@ - INSTALL_PROGRAM = @INSTALL_PROGRAM@ -@@ -93,7 +93,8 @@ - print-symantec.c print-syslog.c print-tcp.c print-telnet.c print-tftp.c \ - print-timed.c print-tipc.c print-token.c print-udld.c print-udp.c \ - print-usb.c print-vjc.c print-vqp.c print-vrrp.c print-vtp.c \ -- print-wb.c print-zephyr.c signature.c setsignal.c tcpdump.c util.c -+ print-wb.c print-zephyr.c signature.c setsignal.c tcpdump.c util.c \ -+ print-openflow.c - - LIBNETDISSECT_SRC=print-isakmp.c - LIBNETDISSECT_OBJ=$(LIBNETDISSECT_SRC:.c=.o) -@@ -363,7 +364,7 @@ all: $(PROG) - - $(PROG): $(OBJ) - @rm -f $@ -- $(CC) $(FULL_CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS) -+ libtool --mode=link $(CC) $(FULL_CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS) - - $(LIBNETDISSECT): $(LIBNETDISSECT_OBJ) - @rm -f $@ ---- tcpdump/print-openflow.c 1969-12-31 16:00:00.000000000 -0800 -+++ tcpdump/print-openflow.c 2009-05-11 15:38:41.000000000 -0700 -@@ -0,0 +1,45 @@ -+/* Copyright (C) 2007, 2008, 2009 Nicira, Inc. -+ -+ Redistribution and use in source and binary forms, with or without -+ modification, are permitted provided that the following conditions -+ are met: -+ -+ 1. Redistributions of source code must retain the above copyright -+ notice, this list of conditions and the following disclaimer. -+ 2. Redistributions in binary form must reproduce the above copyright -+ notice, this list of conditions and the following disclaimer in -+ the documentation and/or other materials provided with the -+ distribution. -+ 3. The names of the authors may not be used to endorse or promote -+ products derived from this software without specific prior -+ written permission. -+ -+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -+ IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -+ */ -+ -+#ifdef HAVE_CONFIG_H -+#include "config.h" -+#endif -+ -+#include -+ -+#include "interface.h" -+#include "openflow/openflow.h" -+#include "openvswitch/ofp-print.h" -+ -+void -+openflow_print(const u_char *sp, u_int length) -+{ -+ const struct ofp_header *ofp = (struct ofp_header *)sp; -+ -+ if (!TTEST2(*sp, ntohs(ofp->length))) -+ goto trunc; -+ -+ ofp_print(stdout, sp, length, vflag); -+ return; -+ -+trunc: -+ printf("[|openflow]"); -+} ---- tcpdump/print-tcp.c 2006-09-19 12:07:57.000000000 -0700 -+++ tcpdump/print-tcp.c 2009-05-11 15:38:25.000000000 -0700 -@@ -56,6 +56,8 @@ - - #include "nameser.h" - -+#include "openflow/openflow.h" -+ - #ifdef HAVE_LIBCRYPTO - #include - #include -@@ -669,7 +672,9 @@ - } - else if (length > 0 && (sport == LDP_PORT || dport == LDP_PORT)) { - ldp_print(bp, length); -- } -+ } else if (sport == OFP_PORT || dport == OFP_PORT) { -+ openflow_print(bp, length); -+ } - - return; - bad: From patchwork Fri May 8 06:05:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1285845 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49JKb34LMzz9sRY for ; Fri, 8 May 2020 16:06:23 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id D345088426; Fri, 8 May 2020 06:06:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E0Ht0XbjqL3c; Fri, 8 May 2020 06:06:14 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 83A6E883C0; Fri, 8 May 2020 06:05:46 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6257DC0890; Fri, 8 May 2020 06:05:46 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id A97BFC07FF for ; Fri, 8 May 2020 06:05:44 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 971F722056 for ; Fri, 8 May 2020 06:05:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NNXPxSFMR-fi for ; Fri, 8 May 2020 06:05:29 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by silver.osuosl.org (Postfix) with ESMTPS id E2C6821080 for ; Fri, 8 May 2020 06:05:16 +0000 (UTC) X-Originating-IP: 115.99.89.246 Received: from nusiddiq.home.org.com (unknown [115.99.89.246]) (Authenticated sender: numans@ovn.org) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 840A240004; Fri, 8 May 2020 06:05:12 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Fri, 8 May 2020 11:35:07 +0530 Message-Id: <20200508060507.247156-1-numans@ovn.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200508060325.246679-1-numans@ovn.org> References: <20200508060325.246679-1-numans@ovn.org> MIME-Version: 1.0 Cc: Dave Tucker Subject: [ovs-dev] [PATCH ovn 6/7] Remove unused selinux directory X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Dave Tucker Submitted-at: https://github.com/ovn-org/ovn/pull/38 Signed-off-by: Dave Tucker Signed-off-by: Numan Siddique --- .travis/linux-build.sh | 2 - Makefile.am | 1 - selinux/.gitignore | 5 -- selinux/automake.mk | 21 ----- selinux/openvswitch-custom.fc.in | 1 - selinux/openvswitch-custom.te.in | 147 ------------------------------- 6 files changed, 177 deletions(-) delete mode 100644 selinux/.gitignore delete mode 100644 selinux/automake.mk delete mode 100644 selinux/openvswitch-custom.fc.in delete mode 100644 selinux/openvswitch-custom.te.in diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh index 134b4cbca..a8a561dc4 100755 --- a/.travis/linux-build.sh +++ b/.travis/linux-build.sh @@ -49,8 +49,6 @@ if [ "$TESTSUITE" ]; then fi else configure_ovn $OPTS - make selinux-policy - make -j4 || { cat config.log; exit 1; } fi diff --git a/Makefile.am b/Makefile.am index 57cd41a62..430fd9fd8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -497,7 +497,6 @@ include debian/automake.mk include lib/ovsdb_automake.mk include rhel/automake.mk include tutorial/automake.mk -include selinux/automake.mk include controller/automake.mk include controller-vtep/automake.mk include northd/automake.mk diff --git a/selinux/.gitignore b/selinux/.gitignore deleted file mode 100644 index 64e834cd1..000000000 --- a/selinux/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -openvswitch-custom.te -openvswitch-custom.fc -openvswitch-custom.pp -openvswitch-custom.if -tmp/ diff --git a/selinux/automake.mk b/selinux/automake.mk deleted file mode 100644 index c7dfe6ed5..000000000 --- a/selinux/automake.mk +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (C) 2016 Nicira, Inc. -# -# Copying and distribution of this file, with or without modification, -# are permitted in any medium without royalty provided the copyright -# notice and this notice are preserved. This file is offered as-is, -# without warranty of any kind. - -EXTRA_DIST += \ - selinux/openvswitch-custom.fc.in \ - selinux/openvswitch-custom.te.in - -PHONY: selinux-policy - -selinux-policy: selinux/openvswitch-custom.te selinux/openvswitch-custom.fc - $(MAKE) -C selinux/ -f /usr/share/selinux/devel/Makefile - -CLEANFILES += \ - selinux/openvswitch-custom.te \ - selinux/openvswitch-custom.pp \ - selinux/openvswitch-custom.fc \ - selinux/openvswitch-custom.if diff --git a/selinux/openvswitch-custom.fc.in b/selinux/openvswitch-custom.fc.in deleted file mode 100644 index c2756d04b..000000000 --- a/selinux/openvswitch-custom.fc.in +++ /dev/null @@ -1 +0,0 @@ -@pkgdatadir@/scripts/ovs-kmod-ctl -- gen_context(system_u:object_r:openvswitch_load_module_exec_t,s0) diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in deleted file mode 100644 index 2adaf231f..000000000 --- a/selinux/openvswitch-custom.te.in +++ /dev/null @@ -1,147 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 - -module openvswitch-custom @VERSION@; - -require { - role system_r; - role object_r; - - type openvswitch_t; - type openvswitch_rw_t; - type openvswitch_tmp_t; - type openvswitch_var_run_t; - - type bin_t; - type ifconfig_exec_t; - type init_t; - type init_var_run_t; - type insmod_exec_t; - type kernel_t; - type hostname_exec_t; - type modules_conf_t; - type modules_object_t; - type passwd_file_t; - type plymouth_exec_t; - type proc_t; - type shell_exec_t; - type sssd_t; - type sssd_public_t; - type sssd_var_lib_t; - type sysfs_t; - type systemd_unit_file_t; - type tun_tap_device_t; - -@begin_dpdk@ - type hugetlbfs_t; - type svirt_t; - type svirt_image_t; - type svirt_tmpfs_t; - type vfio_device_t; - type zero_device_t; -@end_dpdk@ - - class capability { dac_override audit_write net_broadcast net_raw }; - class chr_file { write getattr read open ioctl map }; - class dir { write remove_name add_name lock read getattr search open }; - class fd { use }; - class file { map write getattr read open execute execute_no_trans create unlink map entrypoint lock ioctl }; - class fifo_file { getattr read write append ioctl lock open }; - class filesystem getattr; - class lnk_file { read open }; - class netlink_audit_socket { create nlmsg_relay audit_write read write }; - class netlink_netfilter_socket { create nlmsg_relay audit_write read write }; -@begin_dpdk@ - class netlink_rdma_socket { setopt bind create }; -@end_dpdk@ - class netlink_socket { setopt getopt create connect getattr write read }; - class sock_file { write }; - class system { module_load module_request }; - class process { sigchld signull transition noatsecure siginh rlimitinh }; - class unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom ioctl }; - -@begin_dpdk@ - class sock_file { read append getattr open }; - class tun_socket { relabelfrom relabelto create }; -@end_dpdk@ -} - -#============= Set up the transition domain ============= -type openvswitch_load_module_exec_t; -type openvswitch_load_module_t; - -domain_type(openvswitch_load_module_exec_t); -domain_type(openvswitch_load_module_t); -role object_r types openvswitch_load_module_exec_t; -role system_r types openvswitch_load_module_t; -domain_entry_file(openvswitch_load_module_t, openvswitch_load_module_exec_t); -domtrans_pattern(openvswitch_t, openvswitch_load_module_exec_t, openvswitch_load_module_t); - -#============= openvswitch_t ============== -allow openvswitch_t self:capability { dac_override audit_write net_broadcast net_raw }; -allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay audit_write read write }; -allow openvswitch_t self:netlink_netfilter_socket { create nlmsg_relay audit_write read write }; -@begin_dpdk@ -allow openvswitch_t self:netlink_rdma_socket { setopt bind create }; -@end_dpdk@ -allow openvswitch_t self:netlink_socket { setopt getopt create connect getattr write read }; - -allow openvswitch_t hostname_exec_t:file { read getattr open execute execute_no_trans }; -allow openvswitch_t ifconfig_exec_t:file { read getattr open execute execute_no_trans }; - -allow openvswitch_t openvswitch_rw_t:dir { write remove_name add_name lock read getattr open search }; -allow openvswitch_t openvswitch_rw_t:file { write getattr read open execute execute_no_trans create unlink }; -allow openvswitch_t openvswitch_tmp_t:file { execute execute_no_trans }; -allow openvswitch_t openvswitch_tmp_t:unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom }; -allow openvswitch_t openvswitch_var_run_t:dir { getattr read open search write remove_name add_name lock }; -allow openvswitch_t openvswitch_var_run_t:file { map open read write getattr create unlink }; -allow openvswitch_t tun_tap_device_t:chr_file { read write getattr open ioctl }; - -@begin_dpdk@ -allow openvswitch_t hugetlbfs_t:dir { write remove_name add_name lock read }; -allow openvswitch_t hugetlbfs_t:file { create unlink map }; -allow openvswitch_t kernel_t:unix_stream_socket { write getattr read connectto connect setopt getopt sendto accept bind recvfrom acceptfrom }; -allow openvswitch_t self:tun_socket { relabelfrom relabelto create }; -allow openvswitch_t svirt_image_t:file { getattr read write }; -allow openvswitch_t svirt_tmpfs_t:file { read write }; -allow openvswitch_t svirt_tmpfs_t:sock_file { read write append getattr open }; -allow openvswitch_t svirt_t:unix_stream_socket { connectto read write getattr sendto recvfrom setopt }; -allow openvswitch_t vfio_device_t:chr_file { read write open ioctl getattr }; -allow openvswitch_t zero_device_t:chr_file { read open getattr map }; -@end_dpdk@ - -#============= Transition allows ============= -type_transition openvswitch_t openvswitch_load_module_exec_t:process openvswitch_load_module_t; -allow openvswitch_t openvswitch_load_module_exec_t:file { execute read open getattr }; -allow openvswitch_t openvswitch_load_module_t:process transition; - -allow openvswitch_load_module_t bin_t:file { execute execute_no_trans map }; -allow openvswitch_load_module_t init_t:unix_stream_socket { getattr ioctl read write }; -allow openvswitch_load_module_t init_var_run_t:dir { getattr read open search }; -allow openvswitch_load_module_t insmod_exec_t:file { execute execute_no_trans getattr map open read }; -allow openvswitch_load_module_t kernel_t:system module_request; -allow openvswitch_load_module_t modules_conf_t:dir { getattr open read search }; -allow openvswitch_load_module_t modules_conf_t:file { getattr open read }; -allow openvswitch_load_module_t modules_object_t:file { map getattr open read }; -allow openvswitch_load_module_t modules_object_t:dir { getattr open read search }; -allow openvswitch_load_module_t openvswitch_load_module_exec_t:file { entrypoint }; -allow openvswitch_load_module_t passwd_file_t:file { getattr open read }; -allow openvswitch_load_module_t plymouth_exec_t:file { getattr read open execute execute_no_trans map }; -allow openvswitch_load_module_t proc_t:file { getattr open read }; -allow openvswitch_load_module_t self:system module_load; -allow openvswitch_load_module_t self:process { siginh noatsecure rlimitinh siginh }; -allow openvswitch_load_module_t shell_exec_t:file { map execute execute_no_trans read open getattr }; -allow openvswitch_load_module_t sssd_public_t:dir { getattr open read search }; -allow openvswitch_load_module_t sssd_public_t:file { getattr map open read }; -allow openvswitch_load_module_t sssd_t:unix_stream_socket connectto; -allow openvswitch_load_module_t sssd_var_lib_t:dir { getattr open read search }; -allow openvswitch_load_module_t sssd_var_lib_t:sock_file write; -allow openvswitch_load_module_t sysfs_t:dir { getattr open read search }; -allow openvswitch_load_module_t sysfs_t:file { open read }; -allow openvswitch_load_module_t sysfs_t:lnk_file { read open }; -allow openvswitch_load_module_t systemd_unit_file_t:dir getattr; - -# no need to grant search permissions for this - and no need to emit -# an error, either. -dontaudit openvswitch_load_module_t openvswitch_var_run_t:dir { search }; - -kernel_load_module(openvswitch_load_module_t); From patchwork Fri May 8 06:05:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1285844 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49JKZQ0jytz9sRY for ; Fri, 8 May 2020 16:05:50 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 84A8D8847B; Fri, 8 May 2020 06:05:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z6UzKAo9VHox; Fri, 8 May 2020 06:05:40 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 7F8A788393; Fri, 8 May 2020 06:05:26 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 63E43C0889; Fri, 8 May 2020 06:05:26 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 17FEEC0889 for ; Fri, 8 May 2020 06:05:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 065658672E for ; Fri, 8 May 2020 06:05:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CjalP0ASpzXz for ; Fri, 8 May 2020 06:05:22 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by fraxinus.osuosl.org (Postfix) with ESMTPS id C92DF86200 for ; Fri, 8 May 2020 06:05:21 +0000 (UTC) X-Originating-IP: 115.99.89.246 Received: from nusiddiq.home.org.com (unknown [115.99.89.246]) (Authenticated sender: numans@ovn.org) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id DB4C740004; Fri, 8 May 2020 06:05:18 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Fri, 8 May 2020 11:35:14 +0530 Message-Id: <20200508060514.247212-1-numans@ovn.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200508060325.246679-1-numans@ovn.org> References: <20200508060325.246679-1-numans@ovn.org> MIME-Version: 1.0 Cc: Dave Tucker Subject: [ovs-dev] [PATCH ovn 7/7] Remove unused poc directory X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Dave Tucker Submitted-at: https://github.com/ovn-org/ovn/pull/38 Signed-off-by: Dave Tucker Signed-off-by: Numan Siddique --- Makefile.am | 4 - poc/builders/Vagrantfile | 45 ----------- poc/playbook-centos-builder.yml | 108 --------------------------- poc/playbook-fedora-builder.yml | 128 -------------------------------- poc/playbook-ubuntu-builder.yml | 70 ----------------- 5 files changed, 355 deletions(-) delete mode 100644 poc/builders/Vagrantfile delete mode 100644 poc/playbook-centos-builder.yml delete mode 100644 poc/playbook-fedora-builder.yml delete mode 100644 poc/playbook-ubuntu-builder.yml diff --git a/Makefile.am b/Makefile.am index 430fd9fd8..610eb9f79 100644 --- a/Makefile.am +++ b/Makefile.am @@ -94,10 +94,6 @@ EXTRA_DIST = \ .travis/osx-build.sh \ .travis/osx-prepare.sh \ boot.sh \ - poc/builders/Vagrantfile \ - poc/playbook-centos-builder.yml \ - poc/playbook-fedora-builder.yml \ - poc/playbook-ubuntu-builder.yml \ $(MAN_FRAGMENTS) \ $(MAN_ROOTS) \ Vagrantfile \ diff --git a/poc/builders/Vagrantfile b/poc/builders/Vagrantfile deleted file mode 100644 index 9edc468a3..000000000 --- a/poc/builders/Vagrantfile +++ /dev/null @@ -1,45 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -VAGRANTFILE_API_VERSION = "2" - -Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - config.ssh.insert_key = false - - # Centos-7.4 builder host - config.vm.define "centosbuilder" do |builder| - builder.vm.hostname = "centosbuilder.dev" - builder.vm.box = "centos/7" - builder.vm.synced_folder "../../", "/git/ovs", type: "rsync", - rsync__args: ["--archive", "--delete", "-z"] - builder.vm.provision "builder", type: "ansible" do |ansible| - ansible.playbook = "../playbook-centos-builder.yml" - ansible.sudo = true - end - end - - # Ubuntu-16.04 builder host - config.vm.define "ubuntubuilder" do |builder| - builder.vm.hostname = "ubuntubuilder.dev" - builder.vm.box = "generic/ubuntu1604" - builder.vm.synced_folder "../../", "/git/ovs", type: "rsync", - rsync__args: ["--archive", "--delete", "-z"] - builder.vm.provision "builder", type: "ansible" do |ansible| - ansible.playbook = "../playbook-ubuntu-builder.yml" - ansible.sudo = true - end - end - - # Fedora builder host - config.vm.define "fedorabuilder" do |builder| - builder.vm.hostname = "fedoraubuilder.dev" - builder.vm.box = "fedora/27-cloud-base" - builder.vm.synced_folder "../../", "/git/ovs", type: "rsync", - rsync__args: ["--archive", "--delete", "-z"] - builder.vm.provision "builder", type: "ansible" do |ansible| - ansible.playbook = "../playbook-fedora-builder.yml" - ansible.sudo = true - end - end - -end diff --git a/poc/playbook-centos-builder.yml b/poc/playbook-centos-builder.yml deleted file mode 100644 index e902db75d..000000000 --- a/poc/playbook-centos-builder.yml +++ /dev/null @@ -1,108 +0,0 @@ ---- -- hosts: all - become: true - name: builder - tasks: - - - name: Create Ansible Local Facts Directory - file: path=/etc/ansible/facts.d state=directory - - - name: Initiate Build Numbering - copy: - content: '{ "release":"1" }' - dest: "/etc/ansible/facts.d/builder.fact" - force: no - - - name: Set source directory for building - set_fact: - SOURCE: "/root/rpmbuild/SOURCES" - - - name: Reload Ansible Local Facts - setup: filter=ansible_local - - - name: Install "yum-utils", "rpmdevtools", "createrepo", "httpd", "git" - yum: update_cache=yes name={{item}} state=present - with_items: - - yum-utils - - rpmdevtools - - createrepo - - httpd - - git - - - name: Remove untracked files from Open vSwitch GIT repository - command: chdir=/git/ovs/ git clean -xdf - - - name: Reset Open vSwitch GIT repository to last comitted state - command: chdir=/git/ovs/ git reset --hard - - - name: Generate spec files for easy build dependency retrieval - shell: sed -e 's/@VERSION@/0.0.1/' {{item}}.in > /tmp/{{item}} - args: - chdir: /git/ovs/rhel - with_items: - - openvswitch.spec - - kmod-openvswitch-rhel6.spec - - - name: Install build dependencies specified from spec files - shell: echo "y" | yum-builddep /tmp/{{item}} - with_items: - - openvswitch.spec - - kmod-openvswitch-rhel6.spec - - - name: Create rpm dev tree - command: rpmdev-setuptree - - - name: Run "./boot.sh" - command: chdir=/git/ovs/ ./boot.sh - - - name: Run "./configure" - command: chdir=/git/ovs/ ./configure - - - name: Run "make dist" - command: chdir=/git/ovs/ make dist - - - name: Parse out Open vSwitch version from "configure.ac" - command: chdir=/git/ovs autoconf -t AC_INIT:'$2' - register: version - - - name: Copy source tarball to rpm dev tree - command: cp /git/ovs/openvswitch-{{version.stdout}}.tar.gz {{SOURCE}} - - - name: Unarchive openvswitch source tarball - unarchive: - src: "{{SOURCE}}/openvswitch-{{version.stdout}}.tar.gz" - dest: "{{SOURCE}}" - remote_src: yes - - - name: Update release number in spec files - lineinfile: - path: "{{SOURCE}}/openvswitch-{{version.stdout}}/rhel/{{item}}" - regexp: '^Release:' - line: "Release: {{ ansible_local.builder.release }}" - with_items: - - openvswitch.spec - - kmod-openvswitch-rhel6.spec - - - name: Build Open vSwitch user space rpms - command: rpmbuild -bb --without check rhel/openvswitch.spec - args: - chdir: "{{SOURCE}}/openvswitch-{{version.stdout}}" - - - name: Build Open vSwitch kmod rpms (only for currently loaded kernel) - command: rpmbuild -bb --without check rhel/kmod-openvswitch-rhel6.spec - args: - chdir: "{{SOURCE}}/openvswitch-{{version.stdout}}" - - - name: Copy RPM packages to /var/www/html - command: cp -r /root/rpmbuild/RPMS/ /var/www/html - - - name: Create RPM Package index file for repository - command: chdir=/var/www/html createrepo /var/www/html - - - name: Make sure Apache is running - systemd: state=started name=httpd - - - name: Bump up Build Number - copy: - content: '{ "release":"{{ansible_local.builder.release|int+1}}" }' - dest: "/etc/ansible/facts.d/builder.fact" diff --git a/poc/playbook-fedora-builder.yml b/poc/playbook-fedora-builder.yml deleted file mode 100644 index 70f0b6ff2..000000000 --- a/poc/playbook-fedora-builder.yml +++ /dev/null @@ -1,128 +0,0 @@ ---- -- hosts: all - become: true - name: builder - - gather_facts: false - pre_tasks: - - - name: Install python2 for Ansible - raw: bash -c "test -e /usr/bin/python || (dnf -y install python2)" - register: output - changed_when: output.stdout != "" - - - name: Gathering Facts - setup: - - tasks: - - name: Create Ansible Local Facts Directory - file: path=/etc/ansible/facts.d state=directory - - - name: Install "yum-utils", "rpmdevtools", "createrepo", "httpd", "git" - dnf: name={{item}} state=present - with_items: - - yum-utils - - rpmdevtools - - createrepo - - httpd - - git - - libselinux-python - - - name: Initiate Build Numbering - copy: - content: '{ "release":"1" }' - dest: "/etc/ansible/facts.d/builder.fact" - force: no - - - name: Set source directory for building - set_fact: - SOURCE: "/root/rpmbuild/SOURCES" - - - name: Reload Ansible Local Facts - setup: filter=ansible_local - - - name: Remove untracked files from Open vSwitch GIT repository - command: chdir=/git/ovs/ git clean -xdf - - - name: Reset Open vSwitch GIT repository to last comitted state - command: chdir=/git/ovs/ git reset --hard - - - name: Generate spec files for easy build dependency retrieval - shell: sed -e 's/@VERSION@/0.0.1/' {{item}}.in > /tmp/{{item}} - args: - chdir: /git/ovs/rhel - with_items: - - openvswitch-fedora.spec - - openvswitch-kmod-fedora.spec - - openvswitch-dkms.spec - - - name: Install build dependencies specified from spec files - shell: echo "y" | yum-builddep /tmp/{{item}} - with_items: - - openvswitch-fedora.spec - - openvswitch-kmod-fedora.spec - - openvswitch-dkms.spec - - - name: Create rpm dev tree - command: rpmdev-setuptree - - - name: Run "./boot.sh" - command: chdir=/git/ovs/ ./boot.sh - - - name: Run "./configure" - command: chdir=/git/ovs/ ./configure - - - name: Run "make dist" - command: chdir=/git/ovs/ make dist - - - name: Parse out Open vSwitch version from "configure.ac" - command: chdir=/git/ovs autoconf -t AC_INIT:'$2' - register: version - - - name: Copy source tarball to rpm dev tree - command: cp /git/ovs/openvswitch-{{version.stdout}}.tar.gz {{SOURCE}} - - - name: Unarchive openvswitch source tarball - unarchive: - src: "{{SOURCE}}/openvswitch-{{version.stdout}}.tar.gz" - dest: "{{SOURCE}}" - remote_src: yes - - - name: Update release number in spec files - lineinfile: - path: "{{SOURCE}}/openvswitch-{{version.stdout}}/rhel/{{item}}" - regexp: '^Release:' - line: "Release: {{ ansible_local.builder.release }}" - with_items: - - openvswitch-fedora.spec - - openvswitch-kmod-fedora.spec - - openvswitch-dkms.spec - - - name: Build Open vSwitch user space rpms - command: rpmbuild -bb --without check rhel/openvswitch-fedora.spec - args: - chdir: "{{SOURCE}}/openvswitch-{{version.stdout}}" - - - name: Build Open vSwitch kmod rpm - command: rpmbuild -bb --without check rhel/openvswitch-fedora.spec - args: - chdir: "{{SOURCE}}/openvswitch-{{version.stdout}}" - - - name: Build Open vSwitch dkms rpm - command: rpmbuild -bb --without check rhel/openvswitch-dkms.spec - args: - chdir: "{{SOURCE}}/openvswitch-{{version.stdout}}" - - - name: Copy RPM packages to /var/www/html - command: cp -r /root/rpmbuild/RPMS/ /var/www/html - - - name: Create RPM Package index file for repository - command: chdir=/var/www/html createrepo /var/www/html - - - name: Make sure Apache is running - systemd: state=started name=httpd - - - name: Bump up Build Number - copy: - content: '{ "release":"{{ansible_local.builder.release|int+1}}" }' - dest: "/etc/ansible/facts.d/builder.fact" diff --git a/poc/playbook-ubuntu-builder.yml b/poc/playbook-ubuntu-builder.yml deleted file mode 100644 index 5a13c6069..000000000 --- a/poc/playbook-ubuntu-builder.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -- hosts: all - become: true - name: builder - gather_facts: no - pre_tasks: - - name: 'install python2' - raw: sudo apt-get -y install python-simplejson - tasks: - - - name: Create Ansible Local Facts Directory - file: path=/etc/ansible/facts.d state=directory - - - name: Initiate Build Numbering - copy: - content: '{ "release":"1" }' - dest: "/etc/ansible/facts.d/builder.fact" - force: no - - - name: Reload Ansible Local Facts - setup: filter=ansible_local - - - name: Install "devscripts", "equivs", "apache2", "autoconf" - apt: update_cache=yes name={{item}} state=present - with_items: - - devscripts - - equivs - - apache2 - - autoconf - - - name: Remove untracked files from Open vSwitch GIT repository - command: chdir=/git/ovs/ git clean -xdf - - - name: Reset Open vSwitch GIT repository to last comitted state - command: chdir=/git/ovs/ git reset --hard - - - name: Parse out Open vSwitch version from "configure.ac" - command: chdir=/git/ovs autoconf -t AC_INIT:'$2' - register: version - - - name: Concatenate full version - set_fact: - full_version: "{{version.stdout}}-{{ansible_local.builder.release}}" - - - name: Update Open vSwitch version to {{full_version}} - command: chdir=/git/ovs/ dch -b -v {{full_version}} Vagrant Build - - - name: Build debian package with Open vSwitch build dependencies - command: chdir=/git/ovs/ mk-build-deps -B debian/control - - - name: Install Open vSwitch {{full_version}} build dependencies - apt: deb=/git/ovs/openvswitch-build-deps-depends_{{full_version}}_all.deb - - - name: Build Open vSwitch {{full_version}} debian packages - shell: DEB_BUILD_OPTIONS='nocheck' fakeroot debian/rules binary - args: - chdir: /git/ovs/ - - - name: Move debian packages to /var/www/html - shell: mv /git/*.deb /var/www/html/ - - - name: Create Debian Package index file for repository - shell: dpkg-scanpackages . | gzip -9c > Packages.gz - args: - chdir: /var/www/html - - - name: Bump up Build Number - copy: - content: '{ "release":"{{ansible_local.builder.release|int+1}}" }' - dest: "/etc/ansible/facts.d/builder.fact"