| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is a simple implementation for the proposal discussed in
https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/337038.html and
https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/340013.html.
It enables ovs-vswitchd and other utilities to use DNS names when specifying
OpenFlow and OVSDB remotes.
Below are some of the features and limitations of this patch:
- Resolving is asynchornous in daemon context, avoiding blocking main loop;
- Resolving is synchronous in general utility context;
- Both IPv4 and IPv6 are supported;
- The resolving API is thread-safe;
- Depends on the unbound library;
- When multiple ip addresses are returned, only the first one is used;
- /etc/nsswitch.conf isn't respected as unbound library doesn't look at it;
- For async-resolving, caller need to retry later; there is no callback.
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, Open vSwitch on linux embeds the logic of loading and unloading
kernel modules into the ovs-ctl and ovs-lib script files. This works, but
it means that there is no way to leverage extended filesystem attributes
to grant fine grain permissions relating to module loading.
The split out utility 'ovs-kmod-ctl' will be used in an upcoming commit
for RHEL-based distributions to have a separate transition domain that
will allow module loading to be given to a separate selinux domain from
the openvswitch_t domain.
Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It's always been OVS coding style to use spaces rather than tabs for
indentation, but some tabs have snuck in over time. This commit converts
them to spaces.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GitHub uses a library called Licensee to identify a project's license
type. It shows this information in the status bar and via the API if it
can unambiguously identify the license.
This commit creates a LICENSE file that stores the full text of the
Apache license. It also removes the COPYING file and transfers its
contents to a new "License" section in the README.
Collectively, these changes allow Licensee to successfully identify the
license type of Open vSwitch's codebase as Apache.
Submitted-at: https://github.com/openvswitch/ovs/pull/224
Signed-off-by: Andrea Kao <eirinikos@gmail.com>
[blp@ovn.org removed references to COPYING and updated Makefile.am]
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The _Server database is valuable primarily because it provides database
clients a way to find out the details of changes to databases, schemas,
etc. in a granular, natural way. Until now, the only way that the server
could notify clients about these kinds of changes was to close the session;
when the client reconnects, it is expected to reassess the server's state.
One way to provide this kind of granular information would be to add
specific JSON-RPC requests to obtain notifications for different kinds of
changes, but since ovsdb-server already provides granular and flexible
notification support for databases, using a database for the purpose is
convenient and avoids duplicating functionality.
Initially this database only reports databases' names and schemas, but
when clustering support is added in a later commit it will also report
important aspects of clustering and cluster status. Thus, this database
also reduces the need to add JSON-RPC calls to retrieve information about
new features.
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, on installation or upgrade the openvswitch-switch deb package
will in some circumstances modify a pre-existing
/etc/default/openvswitch-switch configuration file.
This does not play well with modeling and configuration management tools
and may lead to unnecessary restarts of the openvswitch-switch service
after the initial restart done as part of the package upgrade. As
restarting the openvswitch-switch affects the datapath this is
something we should try to avoid.
I also believe the current behaviour to be in conflict with best practices
set out in the config files section of the
[Debian Policy](https://www.debian.org/doc/debian-policy/#s-config-files).
This commit addresses this by removing the part of the postinst script
that attempts to append missing documentation parts of the template
and leaves the installed defaults file alone when it exists.
Fixes: 0aaa379d99f4 ("Debian packaging: Add several new settings to /etc/default/openflow-switch.")
Signed-off-by: Frode Nordahl <frode.nordahl@gmail.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/137
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
|
| |
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Presently, logrotate script, searches for the pid files in /var/log/openvswitch
and passes the pid file name (without .pid) as target to ovs-appctl. This approach
doesn't work for OVN DB servers since the ctl files are generated as "ovnnb_db.ctl"
and "ovnsb_db.ctl". So search for the .ctl files instead and use them as target to
ovs-appctl.
Suggested-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Mark Michelson <mmichels@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Given that it is libopenvswitch-dev not libopenvswitch that depends on
libssl-dev, this patch updates debian/control file to reflect that
libopenvswitch-dev depends on libssl-dev, and libopenvswitch depends
on openssl.
Tested on Ubuntu 16.04 and 14.04.
VMWare-BZ: #1953215
CC: Ben Warren <ben@skyportsystems.com>
Fixes: c33e9122dbc3 ("Debian: Rework libopenvswitch packages")
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Acked-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
We had a note about the issues with adding OVS interfaces
in the "auto" section. This commit clarifies what an
"auto" section is and also adds another note about
how adding OVS bridges in the "auto" section can cause
race conditions with systemd.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
| |
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
| |
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For a while, ubuntu used upstart scripts as an alternative
for sysv scripts. For e.g popular releases like ubuntu12.04
and ubuntu14.04 have upstart infrastructure. From Ubuntu16.04,
they have moved to systemd.
Ubuntu maintainers have a fork of openvswitch packages with
upstart scripts. When a user installs openvswitch-switch
package on a ubuntu 14.04 with 'apt-get install openvswitch-switch',
two upstart files are added to /etc/init directory.
Now, when the same user builds debian packages from this repo
and then installs them, the older upstart files don't get
deleted. What this means is that a command like
'invoke-rc.d openvswitch-switch restart' calls initctl scripts
instead of sysv script that this repo provides. In our sysv
scripts we have logic to carefully upgrade kernel module and
save openflow flows. This breaks the intent of the package from
this repo.
This commit deletes any stale upstart files that have remained
in the system.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
| |
There was some inconsistency with some tabs and some spaces
used.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
| |
debhelper provides helpers to get parts of the version number, including
this part which was until now figured out in an open-coded way.
Signed-off-by: Clint Byrum <clint@fewbar.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
| |
This puts all libraries and pkg-config files in architecture-specific
directories for easier cross-compiling.
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'openvswitch-common' package did not work well with cross-compiling
since it required Python. This package is broken into two packages as
follows:
- libopenvwitch: contains library files (.a, .so)
- openvswitch-common: depends on libopenvswitch, contains command-line
tools such as ovs-ofctl, ovs-appctl etc.
In addition, this 'openvswitch-dev' library is renamed to
'libopenvswitch-dev' to align more closely with Debian policy. It
depends on libopenvswitch.
Signed-off-by: Ben Warren <ben@skyportsystems.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
| |
Current versions of systemd in Debian Stretch use
SYSTEMCTL_SKIP_REDIRECT instead of _SYSTEMCTL_SKIP_REDIRECT.
Provide both variables in the .init files.
Signed-off-by: Raymond Burkholder <ray@oneunified.net>
Suggested-by: Guru Shetty <guru@ovn.org>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 618a5b45ae8b ("rhel: Avoid logrotate error if /var/run/openvswitch
does not exist") updated the RHEL logrotate configuration. This commit
makes similar changes for Debian, by synchronizing with the RHEL version.
In particular:
- Indent to match logrotate.conf(5) examples.
- Use "sharedscripts" flag, because the postrotate script only needs to
run once regardless of the number of rotations.
- Drop "delaycompress", because the postrotate script does make daemons
reopen their log files.
- Ignore errors calling vlog/reopen.
Also make similar changes to the xenserver logrotate script. I confirmed
via Twitter that the xenserver packaging still has users.
CC: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Gurucharan Shetty <guru@ovn.org>
|
| |
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's start with a simple one that lets us focus on setting up most of
the required "infrastructure" for building man pages using Sphinx.
This changes the 'check-htmldocs' target to 'check-docs' as its now
responsible for building man page docs too.
Other than that, hurrah for (mostly) legible syntaxes.
[1] http://www.tldp.org/HOWTO/Man-Page/q2.html
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Usually, when the name of a manpage has a two-letter extension, it means
that the manpage is written in the language designated by that language
code.
Reported-by: Michael Stapelberg <stapelberg@debian.org>
Reported-at: https://bugs.debian.org/850631
Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-by: nickcooper-zhangtonghao <nic@opencloud.tech>
|
| |
|
|
|
|
|
|
|
|
| |
Some debian distribution may not contain the ifconfig.
We use the ip command instead of ifconfig in debian/ifupdown.sh
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329503.html
CC: prochazka <prochazka@cortex.cz>
Signed-off-by: nickcooper-zhangtonghao <nic@opencloud.tech>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
| |
Signed-off-by: Mickey Spiegel <mickeys.dev@gmail.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
"make clean" should remove all files generated by building a program, while
"make distclean" should also remove files generated by configuring the
program. Previously some generated files during the build process, such
as man pages, were left behind when "make clean" was run. This commit
only leaves configuration files after "make clean" is run, and removes
all other generated files.
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
| |
Remove the experimental warning tag in documentation regarding OVS deployed
with DPDK.
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
|
| |
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The Debian packages for OVS have only supported Linux so far, but the
ovn-docker package was mistakenly marked as Architecture: any instead
of linux-any, which caused build failures. This fixes the problem.
(Perhaps OVS packaging for Debian should also support BSD, but that
would be a bigger change.)
Reported-at: https://buildd.debian.org/status/fetch.php?pkg=openvswitch&arch=kfreebsd-amd64&ver=2.6.2%7Epre%2Bgit20161223-1&stamp=1482518318&file=log
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The debian packages are ready. This patch fixes the
bug #831924 reported at debian bug tracking system.
With this patch, openvswitch-2.6.1 will be upload to
the Debian archive. If we build the packages with
"dpkg-buildpackage --target binary-indep", an error
state arises. debian/rules should be modified so that
the build-indep and binary-indep target generates
the architecture independent packages. If there are
things not be handled properly,let me know.
Reported-at: https://people.debian.org/~lucas/logs/2016/07/20/openvswitch_2.5.1~pre+git20160626-2_unstable_archallonly.log
Signed-off-by: nickcooper-zhangtonghao <nic@opencloud.tech>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
| |
Basic Sphinx integration is now complete. Remove the documentation
aspects of the 'dist-docs' target in favor of the htmldocs target.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
| |
This is mostly the exact same contents, albeit broken up into multiple
files.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
| |
This is a dumb move of all 'INSTALL*' docs, with very little
refactoring (mostly updating links and making the titles a little more
consistent. Additional refactoring will be done in subsequent changes.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The OCF script will be present in the ovn-common package and installed
in the openvswitch scripts folder and a symbolic link to this file will
be created in the OCF resources folder.
The OCF resource agent name for this resource is ocf:ovn:ovndb-servers
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com>
Acked-by: Andy Zhou <azhou@ovn.org>
Signed-off-by: Andy Zhou <azhou@ovn.org>
|
| |
|
|
|
|
|
|
|
| |
Include the ovn-trace binary and it's man page in ovn-common package
Fixes: 4acd1e87a8bf ("ovn-trace: New utility.")
Fixes: f448e5a4bb1f ("rhel: Include ovn-trace in ovn-common package")
Signed-off-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
| |
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
| |
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OVS GRE IPsec tunnel support has multiple issues, Therefore
it was deprecated in OVS 2.6.
Following patch removes support for GRE IPsec and allows external
IPsec tunnel management for any type of tunnel not just GRE.
e.g. user can encrypt Geneve or VxLan traffic.
It can be done by using openflow pipeline to set skb-mark
and using IPsec keying daemons to implement IPsec tunnels.
This packet can be matched for the skb-mark to encrypt
selective tunnel traffic.
VMware-BZ: 1710701
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Ansis Atteka <aatteka@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
OVS IPsec tunnel support has issues:
1. It only works for GRE.
2. only works on Debian.
3. It does not allow user to match on packet-mark
on packet received on tunnel ports.
This patch deprecates support for IPsec tunnel port.
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Acked-by: Ansis Atteka <aatteka@ovn.org>
|
| |
|
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
| |
Found by flake8.
Fixes: 19cd0a87827e ("ipsec: Do not allow ipsec_gre tunnel traffic to exit unencrypted")
Signed-off-by: Amitabha Biswas <abiswas@us.ibm.com>
Acked-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If ipsec_gre tunnel configuration is changed in OVSDB,
then GRE packets may sometimes exit unencrypted until
per-tunnel IPsec policies are installed by ovs-monitor-ipsec
daemon.
This patch fixes this issue by installing single, low
priority IPsec block policy that drops all GRE packets
coming out from ipsec_gre tunnels that do not have yet
their own IPsec policies installed.
This patch depends on to two other recently committed
patches:
1. 574ff4aa (tunneling: get skb marking to work
properly with tunnels)
2. ca3574d5 (IPsec: refactor out some code in
OVS_MONITOR_IPSEC_START macro)
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Reported-by: Steffen Birkeland <Steffefb@stud.ntnu.no>
Acked-by: Jesse Gross <jesse@kernel.org>
|
| |
|
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Having a separate debian package for deploying
the ovn-controller-vtep binary enables the ability
to assign specific nodes the role of communicating
with VTEP enabled TORs.
Change-Id: Ia36aea7d89bd011a57918820b2a9f6e3469b3e04
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
