# -*- sh -*- # vi:syntax=sh # This is a shell function library sourced by some Open vSwitch scripts. # It is not intended to be invoked on its own. # Copyright (C) 2009, 2010, 2011, 2012 Nicira, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ## ----------------- ## ## configure options ## ## ----------------- ## # All of these should be substituted by the Makefile at build time. logdir=${OVS_LOGDIR-'@LOGDIR@'} # /var/log/openvswitch rundir=${OVS_RUNDIR-'@RUNDIR@'} # /var/run/openvswitch sysconfdir=${OVS_SYSCONFDIR-'@sysconfdir@'} # /etc etcdir=$sysconfdir/openvswitch # /etc/openvswitch datadir=${OVS_PKGDATADIR-'@pkgdatadir@'} # /usr/share/openvswitch bindir=${OVS_BINDIR-'@bindir@'} # /usr/bin sbindir=${OVS_SBINDIR-'@sbindir@'} # /usr/sbin # /etc/openvswitch or /var/lib/openvswitch if test X"$OVS_DBDIR" != X; then dbdir=$OVS_DBDIR elif test X"$OVS_SYSCONFDIR" != X; then dbdir=$OVS_SYSCONFDIR/openvswitch else dbdir='@DBDIR@' fi ovs_ctl_log () { echo "$@" >> "${logdir}/ovs-ctl.log" } ovs_ctl () { case "$@" in *"=strace"*) # In case of running the daemon with strace, piping the o/p causes # the script to block (strace probably does not close the inherited # pipe). So, do not log the o/p to ovs-ctl.log. "${datadir}/scripts/ovs-ctl" "$@" ;; "status") # In case of the command 'status', we should return the exit status # of ovs-ctl. It is also useful to document the o/p in ovs-ctl.log. display=`"${datadir}/scripts/ovs-ctl" "$@" 2>&1` rc=$? if test -w "${logdir}/ovs-ctl.log"; then echo "${display}" | tee -a "${logdir}/ovs-ctl.log" else echo "${display}" fi return ${rc} ;; *) echo "`date -u`:$@" >> "${logdir}/ovs-ctl.log" "${datadir}/scripts/ovs-ctl" "$@" 2>&1 | tee -a "${logdir}/ovs-ctl.log" ;; esac } VERSION='@VERSION@' DAEMON_CWD=/ LC_ALL=C; export LC_ALL ## ------------- ## ## LSB functions ## ## ------------- ## # Use the system's own implementations if it has any. if test -e /etc/init.d/functions; then . /etc/init.d/functions elif test -e /etc/rc.d/init.d/functions; then . /etc/rc.d/init.d/functions elif test -e /lib/lsb/init-functions; then . /lib/lsb/init-functions fi # Implement missing functions (e.g. OpenSUSE lacks 'action'). if type log_success_msg >/dev/null 2>&1; then :; else log_success_msg () { printf '%s.\n' "$*" } fi if type log_failure_msg >/dev/null 2>&1; then :; else log_failure_msg () { printf '%s ... failed!\n' "$*" } fi if type log_warning_msg >/dev/null 2>&1; then :; else log_warning_msg () { printf '%s ... (warning).\n' "$*" } fi if type action >/dev/null 2>&1; then :; else action () { STRING=$1 shift "$@" rc=$? if test $rc = 0; then log_success_msg "$STRING" else log_failure_msg "$STRING" fi return $rc } fi ## ------- ## ## Daemons ## ## ------- ## pid_exists () { # This is better than "kill -0" because it doesn't require permission to # send a signal (so daemon_status in particular works as non-root). test -n "$1" && test -d /proc/"$1" } pid_comm_check () { [ "$1" = "`cat /proc/$2/comm`" ] } # version_geq version_a version_b # # Compare (dot separated) version numbers. Returns true (exit code 0) if # version_a is greater or equal than version_b, otherwise false (exit code 1). version_geq() { echo $1 $2 | awk '{ n1 = split($1, a, "."); n2 = split($2, b, "."); n = (n1 > n2) ? n1 : n2; for (i = 1; i <= n; i++) { if (a[i]+0 < b[i]+0) exit 1 if (a[i]+0 > b[i]+0) exit 0 } }' } install_dir () { DIR="$1" INSTALL_MODE="${2:-755}" INSTALL_USER="root" INSTALL_GROUP="root" [ "$OVS_USER" != "" ] && INSTALL_USER="${OVS_USER%:*}" [ "${OVS_USER##*:}" != "" ] && INSTALL_GROUP="${OVS_USER##*:}" if test ! -d "$DIR"; then install -d -m "$INSTALL_MODE" -o "$INSTALL_USER" -g "$INSTALL_GROUP" "$DIR" restorecon "$DIR" >/dev/null 2>&1 fi } start_daemon () { priority=$1 && shift wrapper=$1 && shift umask=$1 && shift daemon=$1 strace="" # drop core files in a sensible place install_dir "$DAEMON_CWD" set "$@" --no-chdir cd "$DAEMON_CWD" # log file install_dir "$logdir" "750" set "$@" --log-file="$logdir/$daemon.log" # pidfile and monitoring install_dir "$rundir" set "$@" --pidfile="$rundir/$daemon.pid" set "$@" --detach test X"$MONITOR" = Xno || set "$@" --monitor # wrapper case $wrapper in valgrind) if (valgrind --version) > /dev/null 2>&1; then set valgrind -q --leak-check=full --time-stamp=yes \ --log-file="$logdir/$daemon.valgrind.log.%p" "$@" else log_failure_msg "valgrind not installed, running $daemon without it" fi ;; strace) if (strace -V) > /dev/null 2>&1; then strace="strace -tt -T -s 256 -ff" if (strace -DV) > /dev/null 2>&1; then # Has the -D option. set $strace -D -o "$logdir/$daemon.strace.log" "$@" strace="" fi else log_failure_msg "strace not installed, running $daemon without it" fi ;; glibc) set env MALLOC_CHECK_=2 MALLOC_PERTURB_=165 "$@" ;; '') ;; *) log_failure_msg "unknown wrapper $wrapper, running $daemon without it" ;; esac # priority if test X"$priority" != X; then set nice -n "$priority" "$@" fi # Set requested umask if any and turn previous value back. if [ -n "$umask" ]; then previuos_umask_value=$(umask) umask "$umask" fi action "Starting $daemon" "$@" || return 1 # If umask was set, turn umask value to previous value. if [ -n "$umask" ]; then umask "$previuos_umask_value" fi if test X"$strace" != X; then # Strace doesn't have the -D option so we attach after the fact. setsid $strace -o "$logdir/$daemon.strace.log" \ -p `cat $rundir/$daemon.pid` > /dev/null 2>&1 & fi } stop_daemon () { if test -e "$rundir/$1.pid"; then if pid=`cat "$rundir/$1.pid"`; then if pid_exists "$pid" >/dev/null 2>&1; then :; else rm -f $rundir/$1.$pid.ctl $rundir/$1.$pid return 0 fi graceful="EXIT .1 .25 .65 1" actions="TERM .1 .25 .65 1 1 1 1 \ KILL 1 1 1 2 10 15 30 \ FAIL" version=`ovs-appctl -T 1 -t $rundir/$1.$pid.ctl version \ | awk 'NR==1{print $NF}'` # Use `ovs-appctl exit` only if the running daemon version # is >= 2.5.90. This script might be used during upgrade to # stop older versions of daemons which do not behave correctly # with `ovs-appctl exit` (e.g. ovs-vswitchd <= 2.5.0 deletes # internal ports). if version_geq "$version" "2.5.90"; then actions="$graceful $actions" fi actiontype="" for action in $actions; do if pid_exists "$pid" >/dev/null 2>&1; then :; else # pid does not exist. if [ -n "$actiontype" ]; then return 0 fi # But, does the file exist? We may have had a daemon # segfault with `ovs-appctl exit`. Check one more time # before deciding that the daemon is dead. [ -e "$rundir/$1.pid" ] && sleep 2 && pid=`cat "$rundir/$1.pid"` 2>/dev/null if pid_exists "$pid" >/dev/null 2>&1; then :; else return 0 fi fi case $action in EXIT) action "Exiting $1 ($pid)" \ ${bindir}/ovs-appctl -T 1 -t $rundir/$1.$pid.ctl exit # The above command could have resulted in delayed # daemon segfault. And if a monitor is running, it # would restart the daemon giving it a new pid. ;; TERM) action "Killing $1 ($pid)" kill $pid actiontype="force" ;; KILL) action "Killing $1 ($pid) with SIGKILL" kill -9 $pid actiontype="force" ;; FAIL) log_failure_msg "Killing $1 ($pid) failed" return 1 ;; *) sleep $action ;; esac done fi fi log_success_msg "$1 is not running" } daemon_status () { pidfile=$rundir/$1.pid if test -e "$pidfile"; then if pid=`cat "$pidfile"`; then if pid_exists "$pid"; then echo "$1 is running with pid $pid" return 0 else echo "Pidfile for $1 ($pidfile) is stale" fi else echo "Pidfile for $1 ($pidfile) exists but cannot be read" fi else echo "$1 is not running" fi return 1 } daemon_is_running () { pidfile=$rundir/$1.pid test -e "$pidfile" && pid=`cat "$pidfile"` && pid_exists "$pid" && pid_comm_check $1 $pid } >/dev/null 2>&1 # Prints commands needed to move the ip address from interface $1 to interface # $2 move_ip_address () { if [ -z "$1" ] || [ -z "$2" ]; then return fi dev="$1" dst="$2" # IP addresses (including IPv6). echo "ip addr flush dev $dev 2>/dev/null" # Suppresses "Nothing to flush". ip addr show dev $dev | while read addr; do set -- $addr # Check and trim family. family=$1 shift case $family in inet | inet6) ;; *) continue ;; esac # Trim device off the end--"ip" insists on having "dev" precede it. addrcmd= while test $# != 0; do case $1 in dynamic) # XXX: According to 'man ip-address', "dynamic" is only # used for ipv6 addresses. But, atleast on RHEL 7.4 # (iproute-3.10.0-87), it is being used for ipv4 # addresses assigned with dhcp. if [ "$family" = "inet" ]; then shift continue fi # Omit kernel-maintained route. continue 2 ;; scope) if test "$2" = link -a "$family" != inet6; then # Omit route derived from IP address, e.g. # 172.16.0.0/16 derived from 172.16.12.34, # but preserve IPv6 link-local address. continue 2 fi ;; "$dev"|"$dev:"*) # Address label string label=`echo $1 | sed "s/$dev/$dst/"` addrcmd="$addrcmd label $label" shift continue ;; esac addrcmd="$addrcmd $1" shift done if test "$1" != "$dev"; then addrcmd="$addrcmd $1" fi echo ip -f $family addr add $addrcmd dev $dst done } # Prints commands needed to move the ip route of interface $1 to interface $2 move_ip_routes () { if [ -z "$1" ] || [ -z "$2" ]; then return fi dev="$1" dst="$2" echo "ip route flush dev $dev proto boot 2>/dev/null" # Suppresses "Nothing to flush". ip route show dev $dev | while read route; do # "proto kernel" routes are installed by the kernel automatically. case $route in *" proto kernel "*) continue ;; esac echo "ip route add $route dev $dst" done } run_as_ovsuser() { if [ "$OVS_USER" != "" ]; then local uid=$(id -u "${OVS_USER%:*}") local gid=$(id -g "${OVS_USER%:*}") local groups=$(id -G "${OVS_USER%:*}" | tr ' ' ',') setpriv --reuid "$uid" --regid "$gid" --groups "$groups" "$@" else "$@" fi } ovsdb_tool () { run_as_ovsuser ovsdb-tool -vconsole:off "$@" } create_db () { DB_FILE="$1" DB_SCHEMA="$2" action "Creating empty database $DB_FILE" ovsdb_tool create "$DB_FILE" "$DB_SCHEMA" } backup_db () { # Back up the old version. version=`ovsdb_tool db-version "$DB_FILE"` cksum=`ovsdb_tool db-cksum "$DB_FILE" | awk '{print $1}'` backup=$DB_FILE.backup$version-$cksum action "Backing up database to $backup" cp "$DB_FILE" "$backup" || return 1 } upgrade_db () { DB_FILE="$1" DB_SCHEMA="$2" schemaver=`ovsdb_tool schema-version "$DB_SCHEMA"` if test ! -e "$DB_FILE"; then log_warning_msg "$DB_FILE does not exist" install_dir `dirname $DB_FILE` create_db "$DB_FILE" "$DB_SCHEMA" elif test X"`ovsdb_tool needs-conversion "$DB_FILE" "$DB_SCHEMA"`" = Xyes; then backup_db || return 1 # Compact database. This is important if the old schema did not enable # garbage collection (i.e. if it did not have any tables with "isRoot": # true) but the new schema does. In that situation the old database # may contain a transaction that creates a record followed by a # transaction that creates the first use of the record. Replaying that # series of transactions against the new database schema (as "convert" # does) would cause the record to be dropped by the first transaction, # then the second transaction would cause a referential integrity # failure (for a strong reference). # # Errors might occur on an Open vSwitch downgrade if ovsdb-tool doesn't # understand some feature of the schema used in the OVSDB version that # we're downgrading from, so we don't give up on error. action "Compacting database" ovsdb_tool compact "$DB_FILE" # Upgrade or downgrade schema. if action "Converting database schema" ovsdb_tool convert "$DB_FILE" "$DB_SCHEMA"; then : else log_warning_msg "Schema conversion failed, using empty database instead" rm -f "$DB_FILE" create_db "$DB_FILE" "$DB_SCHEMA" fi fi } upgrade_cluster () { local DB_SCHEMA=$1 DB_SERVER=$2 local schema_name=$(ovsdb-tool schema-name $1) || return 1 action "Waiting for $schema_name to come up" ovsdb-client -t 30 wait "$DB_SERVER" "$schema_name" connected || return $? local db_version=$(ovsdb-client -t 10 get-schema-version "$DB_SERVER" "$schema_name") || return $? local target_version=$(ovsdb-tool schema-version "$DB_SCHEMA") || return $? if ovsdb-tool compare-versions "$db_version" == "$target_version"; then : elif ovsdb-tool compare-versions "$db_version" ">" "$target_version"; then log_warning_msg "Database $schema_name has newer schema version ($db_version) than our local schema ($target_version), possibly an upgrade is partially complete?" else action "Upgrading database $schema_name from schema version $db_version to $target_version" ovsdb-client -t 30 convert "$DB_SERVER" "$DB_SCHEMA" fi } create_cluster () { DB_FILE="$1" DB_SCHEMA="$2" LOCAL_ADDR="$3" ELECTION_TIMER_MS="$4" election_timer_arg= if [ -n "$ELECTION_TIMER_MS" ]; then election_timer_arg="--election-timer=$ELECTION_TIMER_MS" fi if test ! -e "$DB_FILE"; then action "Creating cluster database $DB_FILE" ovsdb_tool $election_timer_arg create-cluster "$DB_FILE" "$DB_SCHEMA" "$LOCAL_ADDR" elif ovsdb_tool db-is-standalone "$DB_FILE"; then # Convert standalone database to clustered. backup_db || return 1 rm -f "$DB_FILE" action "Creating cluster database $DB_FILE from existing one" \ ovsdb_tool $election_timer_arg create-cluster "$DB_FILE" "$backup" "$LOCAL_ADDR" fi } join_cluster() { DB_FILE="$1" SCHEMA_NAME="$2" LOCAL_ADDR="$3" REMOTE_ADDR="$4" if test -e "$DB_FILE" && ovsdb_tool db-is-standalone "$DB_FILE"; then backup_db || return 1 rm $DB_FILE fi if test ! -e "$DB_FILE"; then action "Joining $DB_FILE to cluster" \ ovsdb_tool join-cluster "$DB_FILE" "$SCHEMA_NAME" "$LOCAL_ADDR" "$REMOTE_ADDR" fi } ovs_vsctl () { ovs-vsctl --no-wait "$@" } ## ----------------- ## ## force-reload-kmod ## ## ----------------- ## ovs_kmod_ctl () { "$dir0/ovs-kmod-ctl" "$@" } internal_interfaces () { # Outputs a list of internal interfaces: # # - There is an internal interface for every bridge, whether it # has an Interface record or not and whether the Interface # record's 'type' is properly set or not. # # - There is an internal interface for each Interface record whose # 'type' is 'internal'. # # But ignore interfaces that don't really exist. for d in `(ovs_vsctl --bare \ -- --columns=name find Interface type=internal \ -- list-br) | sort -u` do if test -e "/sys/class/net/$d"; then printf "%s " "$d" fi done } ovs_save () { bridges=`ovs_vsctl -- --real list-br` if [ -n "${bridges}" ] && \ "$datadir/scripts/ovs-save" "$1" ${bridges} > "$2"; then chmod +x "$2" return 0 fi [ -z "${bridges}" ] && return 0 } save_flows_if_required () { if test X"$DELETE_BRIDGES" != Xyes; then action "Saving flows" ovs_save save-flows "${script_flows}" fi } save_interfaces () { "$datadir/scripts/ovs-save" save-interfaces ${ifaces} \ > "${script_interfaces}" } flow_restore_wait () { if test X"${OVS_VSWITCHD:-yes}" = Xyes; then ovs_vsctl set open_vswitch . other_config:flow-restore-wait="true" fi } flow_restore_complete () { if test X"${OVS_VSWITCHD:-yes}" = Xyes; then ovs_vsctl --if-exists remove open_vswitch . other_config \ flow-restore-wait="true" fi } restore_flows () { [ -x "${script_flows}" ] && \ action "Restoring saved flows" "${script_flows}" } restore_interfaces () { [ ! -x "${script_interfaces}" ] && return 0 action "Restoring interface configuration" "${script_interfaces}" rc=$? if test $rc = 0; then level=debug else level=err fi log="logger -p daemon.$level -t ovs-save" $log "interface restore script exited with status $rc:" $log -f "$script_interfaces" } init_restore_scripts () { script_interfaces=`mktemp` script_flows=`mktemp` trap 'rm -f "${script_interfaces}" "${script_flows}"' 0 } force_reload_kmod () { if test X"${OVS_VSWITCHD:-yes}" != Xyes; then log_failure_msg "Reloading of kmod without ovs-vswitchd is an error" exit 1 fi ifaces=`internal_interfaces` action "Detected internal interfaces: $ifaces" true init_restore_scripts save_flows_if_required # Restart the database first, since a large database may take a # while to load, and we want to minimize forwarding disruption. stop_ovsdb start_ovsdb || return 1 stop_forwarding if action "Saving interface configuration" save_interfaces; then : else log_warning_msg "Failed to save configuration, not replacing kernel module" start_forwarding add_managers exit 1 fi chmod +x "$script_interfaces" for dp in `ovs-dpctl dump-dps`; do action "Removing datapath: $dp" ovs-dpctl del-dp "$dp" done if test -e /sys/module/ip_gre; then action "Forcing removal of ip_gre module" rmmod ip_gre fi if test -e /sys/module/gre; then action "Forcing removal of gre module" rmmod gre fi ovs_kmod_ctl remove # Start vswitchd by asking it to wait till flow restore is finished. flow_restore_wait start_forwarding || return 1 # Restore saved flows and inform vswitchd that we are done. restore_flows flow_restore_complete add_managers restore_interfaces action "Finding processes on dead interfaces" timeout 5 \ "$datadir/scripts/ovs-check-dead-ifs" || true } ## ------- ## ## restart ## ## ------- ## restart () { if daemon_is_running ovsdb-server && daemon_is_running ovs-vswitchd; then init_restore_scripts if test X"${OVS_VSWITCHD:-yes}" = Xyes; then save_flows_if_required fi fi # Restart the database first, since a large database may take a # while to load, and we want to minimize forwarding disruption. stop_ovsdb start_ovsdb || return 1 stop_forwarding # Start vswitchd by asking it to wait till flow restore is finished. flow_restore_wait start_forwarding || return 1 # Restore saved flows and inform vswitchd that we are done. restore_flows flow_restore_complete add_managers }