| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Fixes: be51cd417343 ("ovs-actions: New document describing OVS actions in detail.")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the rpm build fail for rhel. The error is:
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openvswitch-2.10.0-1.x86_64
error: Installed (but unpackaged) file(s) found:
/usr/share/openvswitch/scripts/ovs-monitor-ipsec
Signed-off-by: ZhiPeng LU <luzhipeng@uniudc.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The variable equivalent to RHEL's 'SYSTEMCTL_SKIP_REDIRECT=yes' on SLES
12 is 'SYSTEMD_NO_WRAP=yes'
VMware-BZ: #2245358
Reviewed-by: Markos Chandras <mchandras@suse.de>
CC: Markos Chandras <mchandras@suse.de>
CC: Ansis Atteka <aatteka@ovn.org>
CC: Ben Pfaff <blp@ovn.org>
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds support for DPDK v18.11, it includes the following
changes.
1. Enable compilation and linkage with dpdk 18.11.0
The following dpdk commits which were introduced after dpdk 17.11.x
require OVS updates to accommodate to the dpdk changes.
- ce17edde ("ethdev: introduce Rx queue offloads API")
- ab3ce1e0 ("ethdev: remove old offload API")
- c06ddf96 ("meter: add configuration profile")
- e58638c3 ("ethdev: fix TPID handling in flow API")
- cd8c7c7c ("ethdev: replace bus specific struct with generic dev")
- ac8d22de ("ethdev: flatten RSS configuration in flow API")
2. Limit configured rss hash functions to only those supported
by the eth device.
3. Set default RSS key in struct action_rss_data, required by OVS
commit- e8a2b5bf ("netdev-dpdk: implement flow offload with rte flow")
when configured with "other_config:hw-offload=true".
4. DEV_RX_OFFLOAD_CRC_STRIP has been removed from DPDK 18.11.
DEV_RX_OFFLOAD_KEEP_CRC can now be used to keep the CRC.
Use the correct flag and check it is supported.
5. rte_eth_dev_attach/detach have been removed from DPDK 18.11.
Replace them with rte_dev_probe/remove.
6. Update docs and travis to use DPDK18.11.
This commit squashes the following commits present on the dpdk-latest
branch:
7f021f902bb3 ("netdev-dpdk: Upgrade to dpdk v18.08")
270d9216f1ed ("netdev-dpdk: Set scatter based on capabilities")
bef2cdc8f412 ("netdev-dpdk: Fix returning the field of malloced struct.")
73c1a65167fc ("redhat: change variable used for non-root user support")
eb485f60ce44 ("dpdk: Update to use DPDK 18.11.")
For credit all authors of the original commits above have been added as
co-authors for this commmit.
From: Ophir Munk <ophirmu@mellanox.com>
Signed-off-by: Ophir Munk <ophirmu@mellanox.com>
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Co-authored-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Co-authored-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Co-authored-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit bc4fd439586f ("rhel: Ship ovs shared libraries, fedora")
openvswitch-devel RPM package includes both static and shared library.
This is against the Fedora Packaging Guidelines [1].
This commit prevent the static libraries and libtool archives to be shipped.
[1] https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In commit d5cc46e3d185 ("ipsec: Use @PYTHON@ directly instead of
"/usr/bin/env python"") ovs-monitor-ipsec is installed in bin directory,
but it's supposed to be installed in script directory.
This commit removes also the manual copy of "ovs-monitor-ipsec" in spec file
since it's installed directly in "make install".
Fixes: d5cc46e3d185 ("ipsec: Use @PYTHON@ directly instead of "/usr/bin/env python"")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the split package for ipsec is named
openvswitch-openvswitch-ipsec, but it should be named openvswitch-ipsec.
This commit changes the spec file in order to have the IPsec package as
openvswitch-ipsec instead of openvswitch-openvswitch-ipsec.
CC: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Fixes: bdddc715358e ("debian and rhel: Create IPsec package.")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Added rules and files to create debian and rpm ovs-ipsec packages.
Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Co-authored-by: Ansis Atteka <aatteka@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
| |
Reported-by: Edgar Hoch <edgar.hoch@ims.uni-stuttgart.de>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In post-install in kmod fedora spec file, the variables storing
different parts of kernel version numbers are renamed. The condition
check to run ovs-kmod-manage.sh for RHEL 7.2 and 7.4 uses the older
variables.
Fixes: c3570519ecaf (rhel: add 4.4 kernel in kmod build with mulitple versions, fedora)
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the path for ovs-kmod-manage.sh script in the
openvswitch-kmod RPM in fedora spec file. Currently the path prefix is
hard coded to /usr/share. Use %{_datadir} instead.
Fixes: 22c33c303932 (rhel: support kmod build against mulitple kernel versions, fedora)
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch extends 4886d4d2495b (debian, rhel: Ship ovs shared libraries
and header files) to fedora, by packaging the shared libraries in
openvswitch and openvswitch-dvel RPM. These files are always packaged in
the RPMs built with rhel6 spec file.
VMware-BZ: #2036847
CC: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extends 22c33c303932 (rhel: support kmod build against mulitple kernel
versions, fedora) to kernel version 4.4.x, x>=73 for SLES 12 SP3
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Markos Chandras <mchandras@suse.de>
CC: Ben Pfaff <blp@ovn.org>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Define a variable _ovs_config_extra_flags to allow passing more flags to
configure when building OVS kmod RPM. For example, to build with a
non-standard openssl and add an RPATH, use the following command
make rpm-fedora-kmod RPMBUILD_OPT='-D "_ovs_config_extra_flags
--with-openssl=<path to your openssl header> LDFLAGS=\"\${LDFLAGS} -Xlinker
-rpath=<path to your openssl lib>\""'
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Reviewed-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
|
|
|
|
|
| |
Fixes: 22c33c303932 (rhel: support kmod build against mulitple kernel versions, fedora)
Fixes: c8cd1307b248 (rhel: support kmod build against multiple 7.2 kernels, rhel6)
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch 22c33c303932 used /usr/src/linux/<kernel version> as path of the
linux headers, which does not work for SLES. Use /lib/modules/<kernel
version>/build instead.
Fixes 22c33c303932 (rhel: support kmod build against mulitple kernel versions,
fedora)
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Markos Chandras <mchandras@suse.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Reviewed-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch ports changes from kmod rhel6 spec file to fedora spec file,
to support packaging kernel modules built against multiple versions of
kernel sources.
RHEL 7.4 introduced backward incompatible changes in the kernel. As
a result, prebuilt PRM packages against kernels newer than 693.17.1
will cannot be used on systems with older kernels, vice versa.
Intended to work only on RHEL 7.4 (kernel version 3.10.0-693.yy.zz).
This patch allows multiple kernel version numbers delimited by
whitespace to be passed as variable "kversion". The result RPM packages
the kernel module .ko files from all specified kernel versions. For
example,
make rpm-fedora-kmod \
RPMBUILD_OPT='-D "kversion 3.10.0-693.1.1.el7.x86_64 \
3.10.0-693.17.1.el7.x86_64"'
By default, make tries to build against the current running kernel.
This patch also includes a script to update the weak-update symlinks
if the system kernel version is upgraded or downgraded after
openvswitch-kmod is installed.
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting from Fedora 29, the legacy network scripts are installed in
the "network-scripts" package and so the network scripts ("ifup-ovs",
"ifdown-ovs") should be installed only when the "network-scripts" package
is installed.
This commit introduces (on Fedora 29+) a new subpackage
(network-scripts-openvswitch). This subpackage is installed, by default, only
if the "network-scripts" package is installed too (reverse weak dependency).
Reported-by: Lubomir Rintel <lkundrak@v3.sk>
Reported-at: https://src.fedoraproject.org/rpms/openvswitch/pull-request/4
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The /var/log/openvswitch directory is owned by the openvswitch user but
logrotate could be running as root or as another user. As a result of
which, rpmlint prints the following warning when building the spec file
on SUSE Linux Enterprise:
openvswitch.x86_64: W: suse-logrotate-user-writable-log-dir /var/log/openvswitch openvswitch:openvswitch 0750
The log directory is writable by unprivileged users. Please fix the
permissions so only root can write there or add the 'su' option
to your logrotate config
In order to fix that, we should run the logrotate script as the same
user which runs the various Open vSwitch daemons. If this is a new
installation, then this user is the 'openvswitch' one, but if we are
upgrading from an older release, then the user is normally 'root'.
As such, we set the initial user to 'root' and we fix this up in the
%post scriptlet.
Cc: Aaron Conole <aconole@redhat.com>
Cc: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Starting from Fedora 29, gcc and gcc-c++ won't be installed by default in
buildroot and so it's necessary to specify them explicitly in the spec file.
https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a scenario not working for RHEL7.3 in commit 89dd5819cf18.
When multiple versions passed into the kversion for the spec file, the
variable is used as is for the kernel module paths for command
weak-modules --add-modules. Then the modules cannot be found.
Fixes: 89dd5819cf18 (rhel: support kmod-openvswitch build against
multiple kernels, rhel6)
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Ben Pfaff <blp@ovn.org>
CC: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch extends commit 89dd5819cf18 (rhel: support kmod-openvswitch
build against multiple kernels, rhel6) to support building kmod RPMs
with multiple minor revisions within 3.10.0-327 kernels. It was
discovered for RHEL 7.2 that 41.3 minor revision introduced backward
incompatible changes.
VMware-BZ: #2170334
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Ben Pfaff <blp@ovn.org>
CC: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous patch removed the if condition for postun script by
mistake. The weak-update symlinks should be removed only for
uninstallation not upgrade.
VMware-BZ: #2169383
Fixes: 89dd5819cf18 ("rhel: support kmod-openvswitch build against multiple kernels, rhel6")
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Ben Pfaff <blp@ovn.org>
CC: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch only affects rhel6 spec file.
RHEL 7.4 introduced backward incompatible changes in the kernel. As
a result, prebuilt PRM packages against kernels newer than 693.17.1
will cannot be used on systems with older kernels, vice versa.
This patch allows multiple kernel version numbers delimited by
whitespace to be passed as variable "kversion". kmod-openvswitch RPM
packages the kernel module .ko files from all specified kernel
versions.
This patch also includes a script to update the weak-update symlinks
if the system kernel version is upgraded or downgraded after
kmod-openvswitch is installed.
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
Co-authored-by: Greg Rose <gvrose8192@gmail.com>
CC: Ben Pfaff <blp@ovn.org>
CC: Flavio Leitner <fbl@redhat.com>
CC: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch only affects rhel6 spec file.
Previouly the kernel_module_package macro is used to generate spec file
template to build kmod-openvswitch RPM. The main package only contains
the openvswitch.conf for depmod. The macro is now removed. Everything is
built in the main package instead. This effectively removes the redudant
openvswitch-kmod package from the build.
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Ben Pfaff <blp@ovn.org>
CC: Flavio Leitner <fbl@redhat.com>
CC: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch only affects rhel6 spec file.
The rhel6 kmod spec file is renamed from openvswitch-kmod-rhel6.spec
to kmod-openvswitch-rhel6.spec . This is to prepare for the next
patches to support building multiple kernel versions in the main
package. The rename makes the spec file consistent with the resulted
kmod-openvswitch-<version>.rpm, which is the real package with
kernel module files.
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
Reviewed-by: Flavio Leitner <fbl@redhat.com>
CC: Greg Rose <gvrose8192@gmail.com>
CC: Ben Pfaff <blp@ovn.org>
CC: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is a simple implementation for the proposal discussed in
https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/337038.html and
https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/340013.html.
It enables ovs-vswitchd and other utilities to use DNS names when specifying
OpenFlow and OVSDB remotes.
Below are some of the features and limitations of this patch:
- Resolving is asynchornous in daemon context, avoiding blocking main loop;
- Resolving is synchronous in general utility context;
- Both IPv4 and IPv6 are supported;
- The resolving API is thread-safe;
- Depends on the unbound library;
- When multiple ip addresses are returned, only the first one is used;
- /etc/nsswitch.conf isn't respected as unbound library doesn't look at it;
- For async-resolving, caller need to retry later; there is no callback.
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ovs-sim is a funny utility since it only works from a build tree, not from
an installed OVS. That means that we shouldn't install its manpage when
we run "make install". But we do want to install the manpage when we're
inside ovs-sim itself, so that the user can invoke "man ovs-sim" from its
nested shell.
This commit makes this happen.
Suggested-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Roi Dayan <roid@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rpm doesn't invoke all of the required selinux helpers to enact labeling
or relabeling on all versions of Fedora/RHEL. According to:
https://fedoraproject.org/wiki/SELinux/IndependentPolicy
This commit switches to use the selinux rpm macros which will ensure that
all of the labels defined in the .fc.in file are applied properly.
Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, Open vSwitch on linux embeds the logic of loading and unloading
kernel modules into the ovs-ctl and ovs-lib script files. This works, but
it means that there is no way to leverage extended filesystem attributes
to grant fine grain permissions relating to module loading.
The split out utility 'ovs-kmod-ctl' will be used in an upcoming commit
for RHEL-based distributions to have a separate transition domain that
will allow module loading to be given to a separate selinux domain from
the openvswitch_t domain.
Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently python-netifaces is needed for ovs-tcpdump that is installed
by openvswitch-test package.
This commit adds {python,python2}-netifaces as a dependency for the
openvswitch-test package.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
| |
It's always been OVS coding style to use spaces rather than tabs for
indentation, but some tabs have snuck in over time. This commit converts
them to spaces.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Fix following compilation error when building rpm packages
with rhel/openvswitch.spec file.
error: Installed (but unpackaged) file(s) found:
/usr/share/man/man1/ovs-sim.1.gz
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix following compilation error running 'make rpm-fedora'
error: Installed (but unpackaged) file(s) found:
/usr/share/man/man1/ovs-sim.1.gz
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/share/man/man1/ovs-sim.1.gz
make: *** [Makefile:7049: rpm-fedora] Error 1
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Roi Dayan <roid@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 94cd8383e297 ("rhel: fix log directory permissions") restored the
old 755 permission on /var/log/openvswitch and this can result in the
exposure of sensitive information.
Since commit f624bf23b62a ("rhel: user/group openvswitch does not exist")
moved the user/group creations in %pre phase it's now possible to change
/var/log/openvswitch user/group to openvswitch:openvswitch and remove
the r/x bits for other again without having the "permission denied"
error when the logs are rotated.
CC: Aaron Conole <aconole@redhat.com>
Fixes: 94cd8383e297 ("rhel: fix log directory permissions")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Markos Chandras <mchandras@suse.de>
|
|
|
|
|
|
|
|
|
|
| |
Currently in /etc/sysconfig/openvswitch it's not clear that
force-corefiles is enabled by default.
This patch adds a comment explaining that force-corefiles is, by
default, set to yes.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently python2 and python3 binaries are searched by following the
PATHs, but, on Fedora, the python2 package does not provides /bin/python2
and so if the PATH contains /bin before /usr/bin (for example by using
the ansible poc) then the resulting RPM file will require /bin/python2
instead of /usr/bin/python2 and this breaks some tools (for example
createrepo).
This patch specify the full path of python2 interpreter and,
if python3-openvswitch package is built, the full path of python3
interpreter.
Reported-by: Ansis Atteka <ansisatteka@gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-May/346796.html
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These dependencies have been moved from the %post to the %pre scriptlet
in f624bf23b62a ("rhel: user/group openvswitch does not exist") and are
already provided by the shadow-utils package so we can simply drop
them.
Cc: Alan Pevec <alan.pevec@redhat.com>
Cc: Aaron Conole <aconole@redhat.com>
Signed-off-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Default ownership[1] for config files is failing on an empty system:
Running scriptlet: openvswitch-2.9.0-3.fc28.x86_64
warning: user openvswitch does not exist - using root
warning: group openvswitch does not exist - using root
...
Required user/group need to be created in %pre as documented in
Fedora guideline[2]
[1] https://github.com/openvswitch/ovs/commit/951d79e638ecdb3b1dcd19df1adb2ff91fe61af8
[2] https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation
Submitted-at: https://github.com/openvswitch/ovs/pull/223
Signed-off-by: Alan Pevec <alan.pevec@redhat.com>
Co-authored-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Markos Chandras <mchandras@suse.de>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
| |
The sed package in RHEL/CentOS 7 only provides /bin/sed and not
/usr/bin/sed, but later versions (including Fedora) provide both.
Signed-off-by: Isaac Freeman <memotype@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently (at least on RHEL 7.5) openvswitch fails to start (with DPDK
enabled) as non-root, since chown fails and "/dev/hugepages" group is not
changed.
Commit tested on Fedora 28 and RHEL 7.5, both as root as non-root user.
From man 5 systemd.service:
To pass a literal dollar sign, use "$$". Variables whose value is not known
at expansion time are treated as empty strings. Note that the first argument
(i.e. the program to execute) may not be a variable.
CC: Aaron Conole <aconole@redhat.com>
Fixes: 4299145c1095 ("rhel: don't drop capabilities when running as root")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GitHub uses a library called Licensee to identify a project's license
type. It shows this information in the status bar and via the API if it
can unambiguously identify the license.
This commit creates a LICENSE file that stores the full text of the
Apache license. It also removes the COPYING file and transfers its
contents to a new "License" section in the README.
Collectively, these changes allow Licensee to successfully identify the
license type of Open vSwitch's codebase as Apache.
Submitted-at: https://github.com/openvswitch/ovs/pull/224
Signed-off-by: Andrea Kao <eirinikos@gmail.com>
[blp@ovn.org removed references to COPYING and updated Makefile.am]
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, regardless of which user is being set as the running user,
Open vSwitch daemons on RHEL systems drop capabilities. This means the
very powerful CAP_SYS_ADMIN is dropped, even when the user is 'root'.
For the majority of use cases this behavior works, as the user can
enable or disable various configurations, regardless of which datapath
functions are desired. However, when using certain DPDK PMDs, the
enablement and configuration calls require CAP_SYS_ADMIN.
Instead of retaining CAP_SYS_ADMIN in all cases, which would practically
nullify the uid/gid and privilege drop, we don't pass the --ovs-user
option to the daemons. This shunts the capability and privilege
dropping code.
Reported-by: Marcos Felipe Schwarz <marcos.f.sch@gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-January/045955.html
Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-By: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The _Server database is valuable primarily because it provides database
clients a way to find out the details of changes to databases, schemas,
etc. in a granular, natural way. Until now, the only way that the server
could notify clients about these kinds of changes was to close the session;
when the client reconnects, it is expected to reassess the server's state.
One way to provide this kind of granular information would be to add
specific JSON-RPC requests to obtain notifications for different kinds of
changes, but since ovsdb-server already provides granular and flexible
notification support for databases, using a database for the purpose is
convenient and avoids duplicating functionality.
Initially this database only reports databases' names and schemas, but
when clustering support is added in a later commit it will also report
important aspects of clustering and cluster status. Thus, this database
also reduces the need to add JSON-RPC calls to retrieve information about
new features.
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Whenever a DPDK port is added to or deleted from an OVS bridge, the bridge
interface is reconfigured with the lowest MAC address among the connected DPDK
ports. When changing the MAC address, OVS performs a sequences of events
UP -> DOWN -> UP on the bridge interface. In deployments of OVS in RHEL
distribution this results in loosing Linux networking configuration attached to
the bridge interface (e.g. static routes).
This patch changes the interface configuration scripts used in a RHEL deployment
to trigger post-up operations on the bridge device after a change of MAC address.
Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera@ericsson.com>
Signed-off-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The selinux policy currently builds manually, as a process that either
the user or distribution maintainer undertakes. That process consists
of:
1. Convert the intermediary files into their file form through
'make' statements at the top level.
2. Change to the selinux directory and issue the selinux "make -f"
directive.
This commit introduces a new target 'selinux-policy' which builds the
openvswitch-custom policy files.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch c49889cf3e "rhel: Ensure proper OVS kernel modules load after upgrade"
did not address the RHEL 6 kmod rpm spec file. This patch addresses
that error.
Fixes: c49889cf3e ("rhel: Ensure proper OVS kernel modules...")
CC: Ansis Atteka <ansisatteka@gmail.com>
CC: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, "rpmbuild -bb rhel/openvswitch.spec" doesn't work correctly
since the new ovsdb manpages (ovsdb.5, ovsdb.7 and ovsdb-server.7) were
added.
This patch adds the new ovsdb manpages in the %files list in the spec
file.
CC: Ben Pfaff <blp@ovn.org>
Fixes: 12b84d50e032 ("ovsdb: Improve documentation.")
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
autoconf, automake and libtool are required for ./boot.sh.
python-sphinx is required to prevent an error where ovs-test.8 is
otherwise not generated.
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add post install and post un-install scripts to make sure that the
openvswitch kernel modules are correctly written with the weak-modules
utility. This ensures that after an upgrade to a newer kernel the
correct openvswitch kernel modules from a previous installation will
be found by the depmod search path.
Suggested-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Acked-by: Ansis Atteka <aatteka@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
|