Hi Numan, I have one comment below.
On 8/11/25 6:10 AM, num...@ovn.org wrote:
From: Numan Siddique <num...@ovn.org>
Signed-off-by: Numan Siddique <num...@ovn.org>
---
utilities/ovn-ctl | 163 ++++++++++++++++++++++++++++++++++++++++
utilities/ovn-ctl.8.xml | 36 +++++++++
2 files changed, 199 insertions(+)
diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index acbeacd099..5af2db17cb 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -444,6 +444,11 @@ start_ic_ovsdb () {
start_ic_sb_ovsdb
}
+
+start_ovnbr_ovsdb() {
+ start_ovsdb__ OVNBR br OVN_Bridge_Controller BR_Global
+}
+
sync_status() {
local ctl_file=$1
ovn-appctl -t $ctl_file ovsdb-server/sync-status | \
@@ -510,6 +515,14 @@ status_ic_ovsdb () {
fi
}
+status_ovnbr_ovsdb() {
+ if ! pidfile_is_running $DB_OVNBR_PIDFILE; then
+ echo "not-running"
+ else
+ echo "running/$(sync_status $DB_OVNBR_CTRL_SOCK)"
+ fi
+}
+
run_nb_ovsdb() {
DB_NB_DETACH=no
start_nb_ovsdb
@@ -535,6 +548,11 @@ run_ic_sb_ovsdb() {
start_ic_sb_ovsdb
}
+run_ovnbr_ovsdb() {
+ DB_NB_DETACH=no
+ start_ovnbr_ovsdb
+}
+
start_northd () {
if [ ! -e $ovn_northd_db_conf_file ]; then
if test X"$OVN_MANAGE_OVSDB" = Xyes; then
@@ -717,6 +735,40 @@ start_controller_vtep () {
OVS_RUNDIR=${OVS_RUNDIR} start_ovn_daemon "$OVN_CONTROLLER_PRIORITY"
"$OVN_CONTROLLER_WRAPPER" "$@"
}
+start_ovnbr_controller () {
+ set ovn-br-controller
+ set "$@" -vconsole:emer -vsyslog:err -vfile:info
+ if test X"$OVN_CONTROLLER_SSL_KEY" != X; then
+ set "$@" --private-key=$OVN_CONTROLLER_SSL_KEY
+ fi
+ if test X"$OVN_CONTROLLER_SSL_CERT" != X; then
+ set "$@" --certificate=$OVN_CONTROLLER_SSL_CERT
+ fi
+ if test X"$OVN_CONTROLLER_SSL_CA_CERT" != X; then
+ set "$@" --ca-cert=$OVN_CONTROLLER_SSL_CA_CERT
+ fi
+ if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
+ set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
+ fi
+ if test X"$OVN_CONTROLLER_SSL_PROTOCOLS" != X; then
+ set "$@" --ssl-protocols=$OVN_CONTROLLER_SSL_PROTOCOLS
+ fi
+ if test X"$OVN_CONTROLLER_SSL_CIPHERS" != X; then
+ set "$@" --ssl-ciphers=$OVN_CONTROLLER_SSL_CIPHERS
+ fi
+ if test X"$OVN_CONTROLLER_SSL_CIPHERSUITES" != X; then
+ set "$@" --ssl-ciphersuites=$OVN_CONTROLLER_SSL_CIPHERSUITES
+ fi
All of the tests above are for OVN_CONTROLLER SSL values instead of
OVN_BRCONTROLLER SSL values.
+
+ [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
+
+ if test X"$extra_args" != X; then
+ set "$@" $extra_args
+ fi
+
+ OVS_RUNDIR=${OVS_RUNDIR} start_ovn_daemon "$OVN_CONTROLLER_PRIORITY"
"$OVN_CONTROLLER_WRAPPER" "$@"
+}
+
## ---- ##
## stop ##
## ---- ##
@@ -747,6 +799,10 @@ stop_controller_vtep () {
OVS_RUNDIR=${OVS_RUNDIR} stop_ovn_daemon ovn-controller-vtep
}
+stop_ovnbr_controller () {
+ OVS_RUNDIR=${OVS_RUNDIR} stop_ovn_daemon ovn-br-controller
+}
+
## ------- ##
## restart ##
## ------- ##
@@ -807,6 +863,16 @@ restart_sb_relay_ovsdb() {
start_sb_relay_ovsdb
}
+restart_ovnbr_ovsdb () {
+ stop_ovnbr_ovsdb
+ start_ovnbr_ovsdb
+}
+
+restart_ovnbr_controller () {
+ stop_ovnbr_controller
+ start_ovnbr_controller
+}
+
## ---- ##
## main ##
## ---- ##
@@ -870,6 +936,7 @@ set_defaults () {
DB_SB_SCHEMA=$ovn_datadir/ovn-sb.ovsschema
DB_IC_NB_SCHEMA=$ovn_datadir/ovn-ic-nb.ovsschema
DB_IC_SB_SCHEMA=$ovn_datadir/ovn-ic-sb.ovsschema
+ DB_OVNBR_SCHEMA=$ovn_datadir/ovn-br.ovsschema
DB_SOCK=$OVS_RUNDIR/db.sock
DB_CONF_FILE=$dbdir/conf.db
@@ -1020,6 +1087,39 @@ set_defaults () {
DB_CLUSTER_SCHEMA_UPGRADE="yes"
OVN_CONTROLLER_SYSTEM_ID=""
+
+ DB_OVNBR_SOCK=$OVN_RUNDIR/ovnbr_db.sock
+ DB_OVNBR_PIDFILE=$OVN_RUNDIR/ovnbr_db.pid
+ DB_OVNBR_CTRL_SOCK=$OVN_RUNDIR/ovnbr_db.ctl
+ DB_OVNBR_FILE=$ovn_dbdir/ovnbr_db.db
+ DB_OVNBR_ADDR=0.0.0.0
+ DB_OVNBR_PORT=6651
+
+ OVNBR_CONTROLLER_PRIORITY=-10
+ OVNBR_CONTROLLER_WRAPPER=
+
+ OVNBR_CONTROLLER_LOG="-vconsole:emer -vsyslog:err -vfile:info"
+ OVN_OVNBR_LOGFILE="$ovn_logdir/ovsdb-server-ovnbr.log"
+
+ OVNBR_CONTROLLER_SSL_KEY=""
+ OVNBR_CONTROLLER_SSL_CERT=""
+ OVNBR_CONTROLLER_SSL_CA_CERT=""
+ OVNBR_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
+ OVNBR_CONTROLLER_SSL_PROTOCOLS=""
+ OVNBR_CONTROLLER_SSL_CIPHERS=""
+ OVNBR_CONTROLLER_SSL_CIPHERSUITES=""
+
+ DB_OVNBR_CREATE_INSECURE_REMOTE="no"
+
+ DB_OVNBR_DETACH="yes"
+ DB_OVNBR_USE_REMOTE_IN_DB="yes"
+
+ OVNBR_DB_SSL_KEY=""
+ OVNBR_DB_SSL_CERT=""
+ OVNBR_DB_SSL_CA_CERT=""
+ OVNBR_DB_SSL_PROTOCOLS=""
+ OVNBR_DB_SSL_CIPHERS=""
+ OVNBR_DB_SSL_CIPHERSUITES=""
}
set_option () {
@@ -1096,6 +1196,15 @@ Commands:
demote_ic_sb demote ovn ic-southbound db active server to
backup
run_ic_nb_ovsdb run ovn ic-northbound db ovsdb-server process
run_ic_sb_ovsdb run ovn ic-southbound db ovsdb-server process
+ start_ovnbr_ovsdb start ovn bridge controller db ovsdb-server
process
+ start_ovnbr_controller start ovn-br-controller
+ stop_ovnbr_ovsdb stop ovn bridge controller db ovsdb-server
process
+ stop_ovnbr_controller stop ovn-br-controller
+ restart_ovnbr_ovsdb restart ovn bridge controller db ovsdb-server
process
+ restart_ovnbr_controller restart ovn-br-controller
+ status_ovnbr_ovsdb status ovn bridge controller db ovsdb-server
processes
+ status_ovnbr_controller status ovn-br-controller
+ run_ovnbr_ovsdb run bridge controller db ovsdb-server process
Options:
--ovn-northd-priority=NICE set ovn-northd's niceness (default:
$OVN_NORTHD_PRIORITY)
@@ -1173,6 +1282,24 @@ Options:
--db-sb-relay-remote Specifies upstream cluster/server remote for
ovsdb relay
--db-sb-relay-use-remote-in-db=no|yes
OVN_Sorthbound db listen on target
connection table (default: $DB_SB_RELAY_USE_REMOTE_IN_DB)
+ --ovn-br-controller-priority=NICE set ovn-br-controller's niceness
(default: $OVN_CONTROLLER_PRIORITY)
+ --ovn-br-controller-wrapper=WRAPPER run with a wrapper like valgrind for
debugging
+ --ovn-br-controller-ssl-key=KEY OVN Bridge Controller SSL/TLS private key
file
+ --ovn-br-controller-ssl-cert=CERT OVN Bridge Controller SSL/TLS certificate
file
+ --ovn-br-controller-ssl-ca-cert=CERT OVN Bridge Controller SSL/TLS CA
certificate file
+ --ovn-br-controller-ssl-bootstrap-ca-cert=CERT Bootstrapped OVN Bridge
Controller SSL/TLS CA certificate file
+ --ovn-br-controller-ssl-protocols=PROTOCOLS OVN Bridge Controller SSL/TLS
protocols
+ --ovn-br-controller-ssl-ciphers=CIPHERS OVN Bridge Controller SSL/TLS cipher
list
+ --ovn-br-controller-ssl-ciphersuites=CIPHERSUITES OVN Bridge Controller
TLSv1.3+ ciphersuite list
+ --ovn-br-db-ssl-key=KEY OVN Bridge Controller DB SSL/TLS private key file
+ --ovn-br-db-ssl-cert=CERT OVN Bridge Controller DB SSL/TLS certificate file
+ --ovn-br-db-ssl-ca-cert=CERT OVN Bridge Controller DB SSL/TLS CA certificate
file
+ --ovn-br-db-ssl-protocols=PROTOCOLS OVN Bridge Controller DB SSL/TLS
protocols
+ --ovn-br-db-ssl-ciphers=CIPHERS OVN Bridge Controller DB SSL/TLS cipher list
+ --ovn-br-db-ssl-ciphersuites=CIPHERSUITES OVN Bridge Controller DB TLSv1.3+
ciphersuite list
+ --ovn-br-controller-log=STRING ovn controller process logging params
(default: $OVN_CONTROLLER_LOG)
+ --ovn-br-db-log=STRING ovn brdb ovsdb-server processes logging
params (default: $OVN_BR_DB_LOG)
+ --ovsdb-br-wrapper=WRAPPER run with a wrapper like valgrind for debugging
-h, --help display this help message
File location options:
@@ -1305,12 +1432,22 @@ File location options:
--ovn-sb-relay-db-ssl-cert=CERT OVN_Southbound DB relay SSL/TLS certificate
file
--ovn-sb-relay-db-ssl-ca-cert=CERT OVN OVN_Southbound DB relay SSL/TLS CA
certificate file
--db-cluster-schema-upgrade=yes|no (default: $DB_CLUSTER_SCHEMA_UPGRADE)
+ --db-ovnbr-sock=SOCKET OVN_Bridge_Controller db socket (default:
$DB_OVNBR_SOCK)
+ --db-ovnbr-file=FILE OVN_Bridge_Controller db file (default:
$DB_OVNBR_FILE)
+ --db-ovnbr-pidfile=FILE OVN_Bridge_Controller db pidfile (default:
$DB_OVNBR_PIDFILE)
+ --db-ovnbr-schema=FILE OVN_Bridge_Controller db file (default:
$DB_OVNBR_SCHEMA)
+ --db-ovnbr-addr=ADDR OVN_Bridge_Controller db ptcp address (default:
$DB_OVNBR_ADDR)
+ --db-ovnbr-port=PORT OVN_Bridge_Controller db ptcp port (default:
$DB_OVNBR_PORT)
+ --db-ovnbr-ctrl-sock=SOCKET OVN_Bridge_Controller db control socket
(default: $DB_OVNBR_CTRL_SOCK)
+ --ovn-ovnbr-logfile=FILE OVN_Bridge_Controller log file (default:
$OVN_OVNBR_LOGFILE)
+ --db-ovnbr-create-insecure-remote=yes|no Create ptcp OVN_Bridge_Controller
remote (default: $DB_OVNBR_CREATE_INSECURE_REMOTE)
Default directories with "configure" option and environment variable override:
logs: /usr/local/var/log/ovn (--with-logdir, OVN_LOGDIR)
pidfiles and sockets: /usr/local/var/run/ovn (--with-rundir, OVN_RUNDIR)
ovn-nb.db: /usr/local/etc/ovn (--with-dbdir, OVN_DBDIR)
ovn-sb.db: /usr/local/etc/ovn (--with-dbdir, OVN_DBDIR)
+ ovn-ovnbr.db: /usr/local/etc/ovn (--with-dbdir, OVN_DBDIR)
system configuration: /usr/local/etc (--sysconfdir, OVN_SYSCONFDIR)
data files: /usr/local/share/ovn (--pkgdatadir, OVN_PKGDATADIR)
user binaries: /usr/local/bin (--bindir, OVN_BINDIR)
@@ -1536,6 +1673,32 @@ case $command in
run_ic_sb_ovsdb)
run_ic_sb_ovsdb
;;
+ start_ovnbr_ovsdb)
+ start_ovnbr_ovsdb
+ ;;
+ start_ovnbr_controller)
+ start_ovnbr_controller
+ ;;
+ stop_ovnbr_ovsdb)
+ stop_ovnbr_ovsdb
+ ;;
+ stop_ovnbr_controller)
+ stop_ovnbr_controller
+ ;;
+ restart_ovnbr_ovsdb)
+ restart_ovnbr_ovsdb
+ ;;
+ restart_ovnbr_controller)
+ restart_ovnbr_controller
+ ;;
+ status_ovnbr_ovsdb)
+ status_ovnbr_ovsdb
+ ;;
+ status_ovnbr_controller)
+ daemon_status ovn-br-controller || exit 1
+ ;;
+ run_ovnbr_ovsdb)
+ run_ovnbr_ovsdb;;
help)
usage
;;
diff --git a/utilities/ovn-ctl.8.xml b/utilities/ovn-ctl.8.xml
index 99f512043e..0e03247469 100644
--- a/utilities/ovn-ctl.8.xml
+++ b/utilities/ovn-ctl.8.xml
@@ -58,6 +58,15 @@
<dt><code>restart_ic_ovsdb</code></dt>
<dt><code>run_ic_nb_ovsdb</code></dt>
<dt><code>run_ic_sb_ovsdb</code></dt>
+ <dt><code>start_ovnbr_ovsdb</code></dt>
+ <dt><code>start_br_controller</code></dt>
+ <dt><code>stop_ovnbr_ovsdb</code></dt>
+ <dt><code>stop_br_controller</code></dt>
+ <dt><code>restart_ovnbr_ovsdb</code></dt>
+ <dt><code>restart_br_controller</code></dt>
+ <dt><code>status_ovnbr_ovsdb</code></dt>
+ <dt><code>status_br_controller</code></dt>
+ <dt><code>run_ovnbr_ovsdb</code></dt>
</dl>
<h1>Options</h1>
@@ -69,6 +78,8 @@
<p><code>--ovn-ic-wrapper=<var>WRAPPER</var></code></p>
<p><code>--ovsdb-nb-wrapper=<var>WRAPPER</var></code></p>
<p><code>--ovsdb-sb-wrapper=<var>WRAPPER</var></code></p>
+ <p><code>--ovn-br-controller-priority=<var>NICE</var></code></p>
+ <p><code>--ovn-br-controller-wrapper=<var>WRAPPER</var></code></p>
<p><code>--ovn-user=<var>USER:GROUP</var></code></p>
<p><code>-h</code> | <code>--help</code></p>
@@ -95,6 +106,15 @@
<p><code>--ovn-controller-ssl-cert=<var>CERT</var></code></p>
<p><code>--ovn-controller-ssl-ca-cert=<var>CERT</var></code></p>
<p><code>--ovn-controller-ssl-bootstrap-ca-cert=<var>CERT</var></code></p>
+ <p><code>--db-ovnbr-sock=<var>SOCKET</var></code></p>
+ <p><code>--db-ovnbr-file=<var>FILE</var></code></p>
+ <p><code>--db-ovnbr-schema=<var>FILE</var></code></p>
+ <p><code>--db-ovnbr-create-insecure-remote=<var>yes|no</var></code></p>
+ <p><code>--db-ovnbr-config-file=<var>FILE</var></code></p>
+ <p><code>--ovn-br-controller-ssl-key=<var>KEY</var></code></p>
+ <p><code>--ovn-br-controller-ssl-cert=<var>CERT</var></code></p>
+ <p><code>--ovn-br-controller-ssl-ca-cert=<var>CERT</var></code></p>
+
<p><code>--ovn-br-controller-ssl-bootstrap-ca-cert=<var>CERT</var></code></p>
<h1>Protocol, Cipher and Ciphersuite options</h1>
<p><code>--ovn-controller-ssl-protocols=<var>PROTOCOLS</var></code></p>
@@ -118,6 +138,11 @@
<p><code>--ovn-sb-db-ssl-ciphersuites=<var>CIPHERSUITES</var></code></p>
<p><code>--ovn-ic-nb-db-ssl-ciphersuites=<var>CIPHERSUITES</var></code></p>
<p><code>--ovn-ic-sb-db-ssl-ciphersuites=<var>CIPHERSUITES</var></code></p>
+ <p><code>--ovn-br-controller-ssl-protocols=<var>PROTOCOLS</var></code></p>
+ <p><code>--ovn-br-db-ssl-protocols=<var>PROTOCOLS</var></code></p>
+ <p><code>--ovn-br-controller-ssl-ciphers=<var>CIPHERS</var></code></p>
+ <p><code>--ovn-br-db-ssl-ciphers=<var>CIPHERS</var></code></p>
+ <p><code>--ovn-br-db-ssl-ciphersuites=<var>CIPHERSUITES</var></code></p>
<h1>Address and port options</h1>
<p><code>--db-nb-sync-from-addr=<var>IP ADDRESS</var></code></p>
@@ -273,6 +298,13 @@
This command will be useful for starting the OVN IC-SB ovsdb-server in a
container.
</p>
+ <p><code># ovn-ctl run_ovnbr_ovsdb</code></p>
+ <p>
+ This command runs the OVN bridge db ovsdb-server without passing the
+ <code>detach</code> option, making it to block until ovsdb-server exits.
+ This command will be useful for starting the OVN br db ovsdb-server in a
+ container.
+ </p>
<h1>Example Usage</h1>
<h2>Run ovn-controller on a host already running OVS</h2>
@@ -372,4 +404,8 @@
# ovsdb-client convert unix:/var/run/ovn/ovnsb_db.sock
/usr/local/share/ovn/ovn-sb.ovsschema
</code>
</p>
+
+ <h2>Run OVN bridge controller services on a host already running OVS</h2>
+ <p><code># ovn-ctl start_ovnbr_ovsdb</code></p>
+ <p><code># ovn-ctl start_br_controller</code></p>
</manpage>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
