Re: [ovs-dev] [PATCH v2] MAINTAINERS.rst: Move several people to emeritus status

2023-05-19 Thread Russell Bryant 
ACKs from all committers, including those moving to emeritus status, are
much appreciated. Our policy requires a majority for this to be approved.
Thank you!

Russell Bryant
--
Russell Bryant


On Fri, May 19, 2023 at 10:53 AM Russell Bryant  wrote:

> The following document discusses emeritus committer status:
>
> https://docs.openvswitch.org/en/latest/internals/committer-emeritus-status/
>
> There are several people who I would guess consider themselves
> emeritus committers but have not formally declared it. Those moved to
> emeritus status in this commit have either explicitly communicated
> their desire to move or have both not been active in the last year and
> have not yet replied to this patch.
>
> It is easy to re-add people in the future should any emeritus
> committer desire to become active again.
>
> Per our policies, a vote of the majority of current committers (or
> the list of maintainers prior to this change) is required to move a
> committer to emeritus status.
>
> Signed-off-by: Russell Bryant 
> CC: Alin Serdean 
> CC: Andy Zhou 
> CC: Ansis Atteka 
> CC: Daniele Di Proietto 
> CC: Gurucharan Shetty 
> CC: Ian Stokes 
> CC: Ilya Maximets 
> CC: Jarno Rajahalme 
> CC: Jesse Gross 
> CC: Justin Pettit 
> CC: Pravin B Shelar 
> CC: Simon Horman 
> CC: Thomas Graf 
> CC: William Tu 
> CC: YAMAMOTO Takashi 
> ---
>  MAINTAINERS.rst | 42 +-
>  1 file changed, 21 insertions(+), 21 deletions(-)
>
> diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
> index 1dc406170..85b8e6416 100644
> --- a/MAINTAINERS.rst
> +++ b/MAINTAINERS.rst
> @@ -41,40 +41,20 @@ This is the current list of active Open vSwitch
> committers:
>
> * - Name
>   - Email
> -   * - Alex Wang
> - - ee07b...@gmail.com
> * - Alin Serdean
>   - aserd...@ovn.org
> -   * - Andy Zhou
> - - az...@ovn.org
> * - Ansis Atteka
> - - aatt...@nicira.com
> -   * - Daniele Di Proietto
> - - daniele.di.proie...@gmail.com
> -   * - Gurucharan Shetty
> - - g...@ovn.org
> + - ansisatt...@gmail.com
> * - Ian Stokes
>   - isto...@ovn.org
> * - Ilya Maximets
>   - i.maxim...@ovn.org
> -   * - Jarno Rajahalme
> - - ja...@ovn.org
> -   * - Jesse Gross
> - - je...@kernel.org
> -   * - Justin Pettit
> - - jpet...@ovn.org
> -   * - Pravin B Shelar
> - - pshe...@ovn.org
> * - Russell Bryant
>   - russ...@ovn.org
> * - Simon Horman
>   - ho...@ovn.org
> -   * - Thomas Graf
> - - tg...@noironetworks.com
> * - William Tu
>   - u9012...@gmail.com
> -   * - YAMAMOTO Takashi
> - - yamam...@midokura.com
>
>  The project also maintains a list of Emeritus Committers (or Maintainers).
>  More information about Emeritus Committers can be found here:
> @@ -85,12 +65,32 @@ More information about Emeritus Committers can be
> found here:
>
> * - Name
>   - Email
> +   * - Alex Wang
> + - ee07b...@gmail.com
> +   * - Andy Zhou
> + - az...@ovn.org
> * - Ben Pfaff
>   - b...@ovn.org
> +   * - Daniele Di Proietto
> + - daniele.di.proie...@gmail.com
> * - Ethan J. Jackson
>   - e...@eecs.berkeley.edu
> +   * - Gurucharan Shetty
> + - g...@ovn.org
> +   * - Jarno Rajahalme
> + - ja...@ovn.org
> +   * - Jesse Gross
> + - je...@kernel.org
> * - Joe Stringer
>   - j...@ovn.org
> +   * - Justin Pettit
> + - jpet...@ovn.org
> +   * - Pravin B Shelar
> + - pshe...@ovn.org
> +   * - Thomas Graf
> + - tg...@tgraf.ch
> +   * - YAMAMOTO Takashi
> + - yamam...@midokura.com
>
>  .. Cut here for the Documentation/internals/maintainers.rst
>
> --
> 2.40.1
>
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2] MAINTAINERS.rst: Move several people to emeritus status

2023-05-19 Thread Russell Bryant 
The following document discusses emeritus committer status:

https://docs.openvswitch.org/en/latest/internals/committer-emeritus-status/

There are several people who I would guess consider themselves
emeritus committers but have not formally declared it. Those moved to
emeritus status in this commit have either explicitly communicated
their desire to move or have both not been active in the last year and
have not yet replied to this patch.

It is easy to re-add people in the future should any emeritus
committer desire to become active again.

Per our policies, a vote of the majority of current committers (or
the list of maintainers prior to this change) is required to move a
committer to emeritus status.

Signed-off-by: Russell Bryant 
CC: Alin Serdean 
CC: Andy Zhou 
CC: Ansis Atteka 
CC: Daniele Di Proietto 
CC: Gurucharan Shetty 
CC: Ian Stokes 
CC: Ilya Maximets 
CC: Jarno Rajahalme 
CC: Jesse Gross 
CC: Justin Pettit 
CC: Pravin B Shelar 
CC: Simon Horman 
CC: Thomas Graf 
CC: William Tu 
CC: YAMAMOTO Takashi 
---
 MAINTAINERS.rst | 42 +-
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index 1dc406170..85b8e6416 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -41,40 +41,20 @@ This is the current list of active Open vSwitch committers:
 
* - Name
  - Email
-   * - Alex Wang
- - ee07b...@gmail.com
* - Alin Serdean
  - aserd...@ovn.org
-   * - Andy Zhou
- - az...@ovn.org
* - Ansis Atteka
- - aatt...@nicira.com
-   * - Daniele Di Proietto
- - daniele.di.proie...@gmail.com
-   * - Gurucharan Shetty
- - g...@ovn.org
+ - ansisatt...@gmail.com
* - Ian Stokes
  - isto...@ovn.org
* - Ilya Maximets
  - i.maxim...@ovn.org
-   * - Jarno Rajahalme
- - ja...@ovn.org
-   * - Jesse Gross
- - je...@kernel.org
-   * - Justin Pettit
- - jpet...@ovn.org
-   * - Pravin B Shelar
- - pshe...@ovn.org
* - Russell Bryant
  - russ...@ovn.org
* - Simon Horman
  - ho...@ovn.org
-   * - Thomas Graf
- - tg...@noironetworks.com
* - William Tu
  - u9012...@gmail.com
-   * - YAMAMOTO Takashi
- - yamam...@midokura.com
 
 The project also maintains a list of Emeritus Committers (or Maintainers).
 More information about Emeritus Committers can be found here:
@@ -85,12 +65,32 @@ More information about Emeritus Committers can be found 
here:
 
* - Name
  - Email
+   * - Alex Wang
+ - ee07b...@gmail.com
+   * - Andy Zhou
+ - az...@ovn.org
* - Ben Pfaff
  - b...@ovn.org
+   * - Daniele Di Proietto
+ - daniele.di.proie...@gmail.com
* - Ethan J. Jackson
  - e...@eecs.berkeley.edu
+   * - Gurucharan Shetty
+ - g...@ovn.org
+   * - Jarno Rajahalme
+ - ja...@ovn.org
+   * - Jesse Gross
+ - je...@kernel.org
* - Joe Stringer
  - j...@ovn.org
+   * - Justin Pettit
+ - jpet...@ovn.org
+   * - Pravin B Shelar
+ - pshe...@ovn.org
+   * - Thomas Graf
+ - tg...@tgraf.ch
+   * - YAMAMOTO Takashi
+ - yamam...@midokura.com
 
 .. Cut here for the Documentation/internals/maintainers.rst
 
-- 
2.40.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] MAINTAINERS.rst: Make myself an active maintainer

2023-05-18 Thread Russell Bryant 
Thanks, I applied this to master.


On Thu, May 18, 2023 at 9:44 AM Alin Serdean  wrote:

> Acked-by: Alin Gabriel Serdean 
>
>
> >
> > On 18 May 2023, at 15:40, Russell Bryant  wrote:
> >
> > I am currently an emeritus committer, but I would like to become
> > active again for a short period of time to work through some
> > governance issues preventing us from updating our committers list
> > following our approved policies for doing so.
> >
> > Signed-off-by: Russell Bryant 
> > ---
> > MAINTAINERS.rst | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
> > index 5df9aab78..1dc406170 100644
> > --- a/MAINTAINERS.rst
> > +++ b/MAINTAINERS.rst
> > @@ -65,6 +65,8 @@ This is the current list of active Open vSwitch
> committers:
> >  - jpet...@ovn.org
> >* - Pravin B Shelar
> >  - pshe...@ovn.org
> > +   * - Russell Bryant
> > + - russ...@ovn.org
> >* - Simon Horman
> >  - ho...@ovn.org
> >* - Thomas Graf
> > @@ -89,8 +91,6 @@ More information about Emeritus Committers can be
> found here:
> >  - e...@eecs.berkeley.edu
> >* - Joe Stringer
> >  - j...@ovn.org
> > -   * - Russell Bryant
> > - - russ...@ovn.org
> >
> > .. Cut here for the Documentation/internals/maintainers.rst
> >
> > --
> > 2.40.1
> >
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] MAINTAINERS.rst: Make myself an active maintainer

2023-05-18 Thread Russell Bryant 
I am currently an emeritus committer, but I would like to become
active again for a short period of time to work through some
governance issues preventing us from updating our committers list
following our approved policies for doing so.

Signed-off-by: Russell Bryant 
---
 MAINTAINERS.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index 5df9aab78..1dc406170 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -65,6 +65,8 @@ This is the current list of active Open vSwitch committers:
  - jpet...@ovn.org
* - Pravin B Shelar
  - pshe...@ovn.org
+   * - Russell Bryant
+ - russ...@ovn.org
* - Simon Horman
  - ho...@ovn.org
* - Thomas Graf
@@ -89,8 +91,6 @@ More information about Emeritus Committers can be found here:
  - e...@eecs.berkeley.edu
* - Joe Stringer
  - j...@ovn.org
-   * - Russell Bryant
- - russ...@ovn.org
 
 .. Cut here for the Documentation/internals/maintainers.rst
 
-- 
2.40.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] MAINTAINERS: Move myself to emeritus status

2023-02-20 Thread Russell Bryant 
From: Russell Bryant 

I have not been involved in OVN development long enough that I should
transition to emeritus status.

Signed-off-by: Russell Bryant 
---
 MAINTAINERS.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index 0d19bd622..334f28f47 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -55,8 +55,6 @@ This is the current list of active OVN committers:
  - mmich...@redhat.com
* - Numan Siddique
  - nusd...@redhat.com
-   * - Russell Bryant
- - russ...@ovn.org
 
 The project also maintains a list of Emeritus Committers (or Maintainers).
 More information about Emeritus Committers can be found
@@ -67,3 +65,5 @@ More information about Emeritus Committers can be found
 
* - Name
  - Email
+   * - Russell Bryant
+ - russ...@ovn.org
-- 
2.39.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] MAINTAINERS: Move myself to emeritus status

2023-02-20 Thread Russell Bryant 
From: Russell Bryant 

I have not been involved in OVN development long enough that I should
transition to emeritus status.

Signed-off-by: Russell Bryant 
---
 MAINTAINERS.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index 0d19bd622..334f28f47 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -55,8 +55,6 @@ This is the current list of active OVN committers:
  - mmich...@redhat.com
* - Numan Siddique
  - nusd...@redhat.com
-   * - Russell Bryant
- - russ...@ovn.org
 
 The project also maintains a list of Emeritus Committers (or Maintainers).
 More information about Emeritus Committers can be found
@@ -67,3 +65,5 @@ More information about Emeritus Committers can be found
 
* - Name
  - Email
+   * - Russell Bryant
+ - russ...@ovn.org
-- 
2.39.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] MAINTAINERS: Move myself to emeritus status

2023-02-20 Thread Russell Bryant 
I have not been active in OVS development in long enough that I should
move to emeritus status.

Signed-off-by: Russell Bryant 
---
 MAINTAINERS.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index 1dc406170..5df9aab78 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -65,8 +65,6 @@ This is the current list of active Open vSwitch committers:
  - jpet...@ovn.org
* - Pravin B Shelar
  - pshe...@ovn.org
-   * - Russell Bryant
- - russ...@ovn.org
* - Simon Horman
  - ho...@ovn.org
* - Thomas Graf
@@ -91,6 +89,8 @@ More information about Emeritus Committers can be found here:
  - e...@eecs.berkeley.edu
* - Joe Stringer
  - j...@ovn.org
+   * - Russell Bryant
+ - russ...@ovn.org
 
 .. Cut here for the Documentation/internals/maintainers.rst
 
-- 
2.39.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] MAINTAINERS: Move myself to emeritus status

2023-02-20 Thread Russell Bryant 
From: Russell Bryant 

I have not been active in OVS development in long enough that I should
move to emeritus status.

Signed-off-by: Russell Bryant 
---
 MAINTAINERS.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index 1dc406170..5df9aab78 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -65,8 +65,6 @@ This is the current list of active Open vSwitch committers:
  - jpet...@ovn.org
* - Pravin B Shelar
  - pshe...@ovn.org
-   * - Russell Bryant
- - russ...@ovn.org
* - Simon Horman
  - ho...@ovn.org
* - Thomas Graf
@@ -91,6 +89,8 @@ More information about Emeritus Committers can be found here:
  - e...@eecs.berkeley.edu
* - Joe Stringer
  - j...@ovn.org
+   * - Russell Bryant
+ - russ...@ovn.org
 
 .. Cut here for the Documentation/internals/maintainers.rst
 
-- 
2.39.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v1] northd: Allow /64 after ipv6_prefix

2020-02-20 Thread Russell Bryant 
On Thu, Feb 20, 2020 at 10:46 AM Numan Siddique  wrote:

> On Wed, Feb 19, 2020 at 9:27 PM Russell Bryant  wrote:
> >
> > We recently hit a bug in ovn-kubernetes, where I accidentally added
> > /64 at the end of ipv6_prefix, to match the format we used for the
> > subnet option for IPv4.  This was not allowed.
> >
> > This patch update ovn-northd to take the ipv6_prefix either with or
> > without a trailing "/64".  It still enforces a /64 CIDR prefix length.
> >
> > A test case was updated to ensure that a prefix with "/64" is now
> > accepted.
> >
> > Signed-off-by: Russell Bryant 
>
> With the below check patch warnings fixed
>
> Acked-by: Numan Siddique 
>
>
Thanks!  I fixed the line length issues and pushed to master.



> 
> WARNING: Line is 82 characters long (recommended limit is 79)
> #40 FILE: northd/ovn-northd.c:676:
> VLOG_WARN_RL(, "bad 'ipv6_prefix' %s: %s",
> ipv6_prefix, error);
>
> WARNING: Line is 88 characters long (recommended limit is 79)
> #48 FILE: northd/ovn-northd.c:684:
> VLOG_WARN_RL(, "bad 'ipv6_prefix' %s: must be
> /64", ipv6_prefix);
>
> 
>
> Thanks
> Numan
>
> > ---
> >  northd/ovn-northd.c | 31 +--
> >  tests/ovn.at|  4 +++-
> >  2 files changed, 32 insertions(+), 3 deletions(-)
> >
> > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> > index 2580b4ec9..59d085aa9 100644
> > --- a/northd/ovn-northd.c
> > +++ b/northd/ovn-northd.c
> > @@ -664,8 +664,35 @@ init_ipam_info_for_datapath(struct ovn_datapath *od)
> >  const char *ipv6_prefix = smap_get(>nbs->other_config,
> "ipv6_prefix");
> >
> >  if (ipv6_prefix) {
> > -od->ipam_info.ipv6_prefix_set = ipv6_parse(
> > -ipv6_prefix, >ipam_info.ipv6_prefix);
> > +if (strstr(ipv6_prefix, "/")) {
> > +/* If a prefix length was specified, it must be 64. */
> > +struct in6_addr mask;
> > +char *error
> > += ipv6_parse_masked(ipv6_prefix,
> > +>ipam_info.ipv6_prefix, );
> > +if (error) {
> > +static struct vlog_rate_limit rl
> > += VLOG_RATE_LIMIT_INIT(5, 1);
> > +VLOG_WARN_RL(, "bad 'ipv6_prefix' %s: %s",
> ipv6_prefix, error);
> > +free(error);
> > +} else {
> > +if (ipv6_count_cidr_bits() == 64) {
> > +od->ipam_info.ipv6_prefix_set = true;
> > +} else {
> > +static struct vlog_rate_limit rl
> > += VLOG_RATE_LIMIT_INIT(5, 1);
> > +VLOG_WARN_RL(, "bad 'ipv6_prefix' %s: must be
> /64", ipv6_prefix);
> > +}
> > +}
> > +} else {
> > +od->ipam_info.ipv6_prefix_set = ipv6_parse(
> > +ipv6_prefix, >ipam_info.ipv6_prefix);
> > +if (!od->ipam_info.ipv6_prefix_set) {
> > +static struct vlog_rate_limit rl
> > += VLOG_RATE_LIMIT_INIT(5, 1);
> > +VLOG_WARN_RL(, "bad 'ipv6_prefix' %s", ipv6_prefix);
> > +}
> > +}
> >  }
> >
> >  if (!subnet_str) {
> > diff --git a/tests/ovn.at b/tests/ovn.at
> > index 254645a3a..cbaa6d4a2 100644
> > --- a/tests/ovn.at
> > +++ b/tests/ovn.at
> > @@ -12289,8 +12289,10 @@ ovn-nbctl set Logical_Switch ls1 \
> >  other_config:subnet=10.1.0.0/24
> other_config:ipv6_prefix="2001:db8:1::"
> >  ovn-nbctl set Logical_Switch ls2 \
> >  other_config:subnet=10.2.0.0/24
> other_config:ipv6_prefix="2001:db8:2::"
> > +
> > +# A prefix length may be specified, but only if it is /64.
> >  ovn-nbctl set Logical_Switch ls3 \
> > -other_config:subnet=10.3.0.0/24
> other_config:ipv6_prefix="2001:db8:3::"
> > +other_config:subnet=10.3.0.0/24
> other_config:ipv6_prefix="2001:db8:3::/64"
> >
> >  ovn-nbctl lsp-add ls1 lp1
> >  ovn-nbctl lsp-add ls2 lp2
> > --
> > 2.24.1
> >
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >
>
>

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v1] northd: Allow /64 after ipv6_prefix

2020-02-19 Thread Russell Bryant 
We recently hit a bug in ovn-kubernetes, where I accidentally added
/64 at the end of ipv6_prefix, to match the format we used for the
subnet option for IPv4.  This was not allowed.

This patch update ovn-northd to take the ipv6_prefix either with or
without a trailing "/64".  It still enforces a /64 CIDR prefix length.

A test case was updated to ensure that a prefix with "/64" is now
accepted.

Signed-off-by: Russell Bryant 
---
 northd/ovn-northd.c | 31 +--
 tests/ovn.at|  4 +++-
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 2580b4ec9..59d085aa9 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -664,8 +664,35 @@ init_ipam_info_for_datapath(struct ovn_datapath *od)
 const char *ipv6_prefix = smap_get(>nbs->other_config, "ipv6_prefix");
 
 if (ipv6_prefix) {
-od->ipam_info.ipv6_prefix_set = ipv6_parse(
-ipv6_prefix, >ipam_info.ipv6_prefix);
+if (strstr(ipv6_prefix, "/")) {
+/* If a prefix length was specified, it must be 64. */
+struct in6_addr mask;
+char *error
+= ipv6_parse_masked(ipv6_prefix,
+>ipam_info.ipv6_prefix, );
+if (error) {
+static struct vlog_rate_limit rl
+= VLOG_RATE_LIMIT_INIT(5, 1);
+VLOG_WARN_RL(, "bad 'ipv6_prefix' %s: %s", ipv6_prefix, 
error);
+free(error);
+} else {
+if (ipv6_count_cidr_bits() == 64) {
+od->ipam_info.ipv6_prefix_set = true;
+} else {
+static struct vlog_rate_limit rl
+= VLOG_RATE_LIMIT_INIT(5, 1);
+VLOG_WARN_RL(, "bad 'ipv6_prefix' %s: must be /64", 
ipv6_prefix);
+}
+}
+} else {
+od->ipam_info.ipv6_prefix_set = ipv6_parse(
+ipv6_prefix, >ipam_info.ipv6_prefix);
+if (!od->ipam_info.ipv6_prefix_set) {
+static struct vlog_rate_limit rl
+= VLOG_RATE_LIMIT_INIT(5, 1);
+VLOG_WARN_RL(, "bad 'ipv6_prefix' %s", ipv6_prefix);
+}
+}
 }
 
 if (!subnet_str) {
diff --git a/tests/ovn.at b/tests/ovn.at
index 254645a3a..cbaa6d4a2 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -12289,8 +12289,10 @@ ovn-nbctl set Logical_Switch ls1 \
 other_config:subnet=10.1.0.0/24 other_config:ipv6_prefix="2001:db8:1::"
 ovn-nbctl set Logical_Switch ls2 \
 other_config:subnet=10.2.0.0/24 other_config:ipv6_prefix="2001:db8:2::"
+
+# A prefix length may be specified, but only if it is /64.
 ovn-nbctl set Logical_Switch ls3 \
-other_config:subnet=10.3.0.0/24 other_config:ipv6_prefix="2001:db8:3::"
+other_config:subnet=10.3.0.0/24 other_config:ipv6_prefix="2001:db8:3::/64"
 
 ovn-nbctl lsp-add ls1 lp1
 ovn-nbctl lsp-add ls2 lp2
-- 
2.24.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v1] northd: Load config before processing nbdb contents

2019-12-09 Thread Russell Bryant 
On Mon, Dec 9, 2019 at 11:44 AM Numan Siddique  wrote:

> On Mon, Dec 9, 2019 at 11:05 AM Russell Bryant  wrote:
> >
> > Reorder ovnnb_db_run() such that configuration parameters are loaded
> > or initialized before processing the nbdb contents.
> >
> > I found this bug because I noticed dynamic MAC addresses being
> > assigned at ovn-northd startup with an empty prefix.  Later, it would
> > switch to allocating MAC addresses with the random prefix that was
> > generated.
> >
> > The impact of this bug is particularly bad if ovn-northd restarts in
> > an existing environment.  ovn-northd will check previously assigned
> > dynamic addresses for validity.  At startup, previously assigned MAC
> > addresses will all appear invalid because they have a non-empty
> > prefix, so it will reset them all.  In the case of IPv6, this also
> > causes the IPv6 addresses change, since OVN assigned dynamic IPv6
> > addresses are based on the MAC address.
> >
> > With ovn-kubernetes, whatever first set of addresses were assigned is
> > what ends up cached on the Node object and used by the Pod.  This bug
> > can cause all of this to get out of sync, breaking network
> > connectivity for Pods on an OVN virtual network.
> >
> > Signed-off-by: Russell Bryant 
>
> Acked-by: Numan Siddique 
>

Thanks!  I pushed this to master.

>
> Numan
>
> > ---
> >  northd/ovn-northd.c | 78 ++---
> >  1 file changed, 39 insertions(+), 39 deletions(-)
> >
> > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> > index 33d3ff2ad..3a5cb7c91 100644
> > --- a/northd/ovn-northd.c
> > +++ b/northd/ovn-northd.c
> > @@ -10151,45 +10151,6 @@ ovnnb_db_run(struct northd_context *ctx,
> >  struct shash meter_groups = SHASH_INITIALIZER(_groups);
> >  struct hmap lbs;
> >
> > -build_datapaths(ctx, datapaths, lr_list);
> > -build_ports(ctx, sbrec_chassis_by_name, datapaths, ports);
> > -build_ovn_lbs(ctx, ports, );
> > -build_ipam(datapaths, ports);
> > -build_port_group_lswitches(ctx, _groups, ports);
> > -build_lrouter_groups(ports, lr_list);
> > -build_ip_mcast(ctx, datapaths);
> > -build_mcast_groups(ctx, datapaths, ports, _groups,
> _groups);
> > -build_meter_groups(ctx, _groups);
> > -build_lflows(ctx, datapaths, ports, _groups, _groups,
> > - _groups, _groups, );
> > -
> > -sync_address_sets(ctx);
> > -sync_port_groups(ctx);
> > -sync_meters(ctx);
> > -sync_dns_entries(ctx, datapaths);
> > -destroy_ovn_lbs();
> > -hmap_destroy();
> > -
> > -struct ovn_igmp_group *igmp_group, *next_igmp_group;
> > -
> > -HMAP_FOR_EACH_SAFE (igmp_group, next_igmp_group, hmap_node,
> _groups) {
> > -ovn_igmp_group_destroy(_groups, igmp_group);
> > -}
> > -
> > -struct ovn_port_group *pg, *next_pg;
> > -HMAP_FOR_EACH_SAFE (pg, next_pg, key_node, _groups) {
> > -ovn_port_group_destroy(_groups, pg);
> > -}
> > -hmap_destroy(_groups);
> > -hmap_destroy(_groups);
> > -hmap_destroy(_groups);
> > -
> > -struct shash_node *node, *next;
> > -SHASH_FOR_EACH_SAFE (node, next, _groups) {
> > -shash_delete(_groups, node);
> > -}
> > -shash_destroy(_groups);
> > -
> >  /* Sync ipsec configuration.
> >   * Copy nb_cfg from northbound to southbound database.
> >   * Also set up to update sb_cfg once our southbound transaction
> commits. */
> > @@ -10263,6 +10224,45 @@ ovnnb_db_run(struct northd_context *ctx,
> >  controller_event_en = smap_get_bool(>options,
> >  "controller_event", false);
> >
> > +build_datapaths(ctx, datapaths, lr_list);
> > +build_ports(ctx, sbrec_chassis_by_name, datapaths, ports);
> > +build_ovn_lbs(ctx, ports, );
> > +build_ipam(datapaths, ports);
> > +build_port_group_lswitches(ctx, _groups, ports);
> > +build_lrouter_groups(ports, lr_list);
> > +build_ip_mcast(ctx, datapaths);
> > +build_mcast_groups(ctx, datapaths, ports, _groups,
> _groups);
> > +build_meter_groups(ctx, _groups);
> > +build_lflows(ctx, datapaths, ports, _groups, _groups,
> > + _groups, _groups, );
> > +
> > +sync_address_sets(ctx);
> > +sync_port_groups(ctx);
> > +sync_meters(ctx);
> > +sync_dns_entries(ctx, datapaths);
> > +des

Re: [ovs-dev] [PATCH ovn v1 2/2] northd: Log all dynamic address assignments

2019-12-09 Thread Russell Bryant 
On Mon, Dec 9, 2019 at 11:18 AM Numan Siddique  wrote:

> On Mon, Dec 9, 2019 at 8:17 AM Russell Bryant  wrote:
> >
> > On Mon, Dec 9, 2019 at 3:01 AM Dumitru Ceara  wrote:
> >
> > > On Sun, Dec 8, 2019 at 5:12 AM Russell Bryant  wrote:
> > > >
> > > > This patch adds INFO level log messages for all dynamic address
> > > > assignments (MAC, IPv4, IPv6).  While debugging some issues in
> > > > ovn-kubernetes, I found it would be helpful to see ovn-northd's view
> > > > of what addresses were assigned where and when from its perspective.
> > > >
> > >
> > > Hi Russsell,
> > >
> > > While I agree that having this information is really useful for
> > > debugging, the INFO logs are enabled by default.
> > > Should we consider rate limiting the logs you added?
> > >
> > > For example, looking at the WARN logs in northd, all of them are rate
> > > limited.
> > >
> >
> > We could ... it'd be a little bit extra tracking that would hopefully
> never
> > be needed.  It'd be a bug if the same message was emitted more than once
> at
> > all.
> >
>
> Since this code would not hit all the time when ovn_db_run is called, I
> think
> VLOG_INFO should not cause any log flooding.
>
>
> Acked-by: Numan Siddique .
>

Thanks, I've pushed this to master.


>
> Thanks
> Numan
>
> > >
> > > Thanks,
> > > Dumitru
> > >
> > > > Signed-off-by: Russell Bryant 
> > > > ---
> > > >  northd/ovn-northd.c | 9 +
> > > >  1 file changed, 9 insertions(+)
> > > >
> > > > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> > > > index f0847d81e..33d3ff2ad 100644
> > > > --- a/northd/ovn-northd.c
> > > > +++ b/northd/ovn-northd.c
> > > > @@ -1714,6 +1714,8 @@ update_dynamic_addresses(struct
> > > dynamic_address_update *update)
> > > >  break;
> > > >  case DYNAMIC:
> > > >  ip4 = htonl(ipam_get_unused_ip(update->od));
> > > > +VLOG_INFO("Assigned dynamic IPv4 address '"IP_FMT"' to port
> > > '%s'",
> > > > +  IP_ARGS(ip4), update->op->nbsp->name);
> > > >  }
> > > >
> > > >  struct eth_addr mac;
> > > > @@ -1728,6 +1730,8 @@ update_dynamic_addresses(struct
> > > dynamic_address_update *update)
> > > >  break;
> > > >  case DYNAMIC:
> > > >  eth_addr_from_uint64(ipam_get_unused_mac(ip4), );
> > > > +VLOG_INFO("Assigned dynamic MAC address '"ETH_ADDR_FMT"' to
> > > port '%s'",
> > > > +  ETH_ADDR_ARGS(mac), update->op->nbsp->name);
> > > >  break;
> > > >  }
> > > >
> > > > @@ -1745,6 +1749,11 @@ update_dynamic_addresses(struct
> > > dynamic_address_update *update)
> > > >  break;
> > > >  case DYNAMIC:
> > > >  in6_generate_eui64(mac, >od->ipam_info.ipv6_prefix,
> > > );
> > > > +struct ds ip6_ds = DS_EMPTY_INITIALIZER;
> > > > +ipv6_format_addr(, _ds);
> > > > +VLOG_INFO("Assigned dynamic IPv6 address '%s' to port '%s'",
> > > > +  ip6_ds.string, update->op->nbsp->name);
> > > > +ds_destroy(_ds);
> > > >  break;
> > > >  }
> > > >
> > > > --
> > > > 2.23.0
> > > >
> > > > ___
> > > > dev mailing list
> > > > d...@openvswitch.org
> > > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> > > >
> > >
> > >
> >
> > --
> > Russell Bryant
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >
>
>

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v1] northd: Load config before processing nbdb contents

2019-12-09 Thread Russell Bryant 
Reorder ovnnb_db_run() such that configuration parameters are loaded
or initialized before processing the nbdb contents.

I found this bug because I noticed dynamic MAC addresses being
assigned at ovn-northd startup with an empty prefix.  Later, it would
switch to allocating MAC addresses with the random prefix that was
generated.

The impact of this bug is particularly bad if ovn-northd restarts in
an existing environment.  ovn-northd will check previously assigned
dynamic addresses for validity.  At startup, previously assigned MAC
addresses will all appear invalid because they have a non-empty
prefix, so it will reset them all.  In the case of IPv6, this also
causes the IPv6 addresses change, since OVN assigned dynamic IPv6
addresses are based on the MAC address.

With ovn-kubernetes, whatever first set of addresses were assigned is
what ends up cached on the Node object and used by the Pod.  This bug
can cause all of this to get out of sync, breaking network
connectivity for Pods on an OVN virtual network.

Signed-off-by: Russell Bryant 
---
 northd/ovn-northd.c | 78 ++---
 1 file changed, 39 insertions(+), 39 deletions(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 33d3ff2ad..3a5cb7c91 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -10151,45 +10151,6 @@ ovnnb_db_run(struct northd_context *ctx,
 struct shash meter_groups = SHASH_INITIALIZER(_groups);
 struct hmap lbs;
 
-build_datapaths(ctx, datapaths, lr_list);
-build_ports(ctx, sbrec_chassis_by_name, datapaths, ports);
-build_ovn_lbs(ctx, ports, );
-build_ipam(datapaths, ports);
-build_port_group_lswitches(ctx, _groups, ports);
-build_lrouter_groups(ports, lr_list);
-build_ip_mcast(ctx, datapaths);
-build_mcast_groups(ctx, datapaths, ports, _groups, _groups);
-build_meter_groups(ctx, _groups);
-build_lflows(ctx, datapaths, ports, _groups, _groups,
- _groups, _groups, );
-
-sync_address_sets(ctx);
-sync_port_groups(ctx);
-sync_meters(ctx);
-sync_dns_entries(ctx, datapaths);
-destroy_ovn_lbs();
-hmap_destroy();
-
-struct ovn_igmp_group *igmp_group, *next_igmp_group;
-
-HMAP_FOR_EACH_SAFE (igmp_group, next_igmp_group, hmap_node, _groups) {
-ovn_igmp_group_destroy(_groups, igmp_group);
-}
-
-struct ovn_port_group *pg, *next_pg;
-HMAP_FOR_EACH_SAFE (pg, next_pg, key_node, _groups) {
-ovn_port_group_destroy(_groups, pg);
-}
-hmap_destroy(_groups);
-hmap_destroy(_groups);
-hmap_destroy(_groups);
-
-struct shash_node *node, *next;
-SHASH_FOR_EACH_SAFE (node, next, _groups) {
-shash_delete(_groups, node);
-}
-shash_destroy(_groups);
-
 /* Sync ipsec configuration.
  * Copy nb_cfg from northbound to southbound database.
  * Also set up to update sb_cfg once our southbound transaction commits. */
@@ -10263,6 +10224,45 @@ ovnnb_db_run(struct northd_context *ctx,
 controller_event_en = smap_get_bool(>options,
 "controller_event", false);
 
+build_datapaths(ctx, datapaths, lr_list);
+build_ports(ctx, sbrec_chassis_by_name, datapaths, ports);
+build_ovn_lbs(ctx, ports, );
+build_ipam(datapaths, ports);
+build_port_group_lswitches(ctx, _groups, ports);
+build_lrouter_groups(ports, lr_list);
+build_ip_mcast(ctx, datapaths);
+build_mcast_groups(ctx, datapaths, ports, _groups, _groups);
+build_meter_groups(ctx, _groups);
+build_lflows(ctx, datapaths, ports, _groups, _groups,
+ _groups, _groups, );
+
+sync_address_sets(ctx);
+sync_port_groups(ctx);
+sync_meters(ctx);
+sync_dns_entries(ctx, datapaths);
+destroy_ovn_lbs();
+hmap_destroy();
+
+struct ovn_igmp_group *igmp_group, *next_igmp_group;
+
+HMAP_FOR_EACH_SAFE (igmp_group, next_igmp_group, hmap_node, _groups) {
+ovn_igmp_group_destroy(_groups, igmp_group);
+}
+
+struct ovn_port_group *pg, *next_pg;
+HMAP_FOR_EACH_SAFE (pg, next_pg, key_node, _groups) {
+ovn_port_group_destroy(_groups, pg);
+}
+hmap_destroy(_groups);
+hmap_destroy(_groups);
+hmap_destroy(_groups);
+
+struct shash_node *node, *next;
+SHASH_FOR_EACH_SAFE (node, next, _groups) {
+shash_delete(_groups, node);
+}
+shash_destroy(_groups);
+
 cleanup_macam();
 }
 
-- 
2.23.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v1 1/2] tests: Updated expected log message

2019-12-09 Thread Russell Bryant 
On Mon, Dec 9, 2019 at 2:54 AM Dumitru Ceara  wrote:

> On Sun, Dec 8, 2019 at 5:18 AM Russell Bryant  wrote:
> >
> > A previous commit added more detail to this log message.  Fix the test
> > to reflect the new text.
> >
> > Signed-off-by: Russell Bryant 
>
> Hi Russell,
>
> Thanks for fixing the failing test case.
>
> Acked-by: Dumitru Ceara 
>

Thanks, I pushed this to master.

>
> > ---
> >  tests/ovn.at | 12 ++--
> >  1 file changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/tests/ovn.at b/tests/ovn.at
> > index 8f4d9a440..1d5369341 100644
> > --- a/tests/ovn.at
> > +++ b/tests/ovn.at
> > @@ -13618,22 +13618,22 @@ ovn-nbctl list logical_switch_port
> >  # Now try to add duplicate addresses on a new port. These should all
> fail
> >  ovn-nbctl --wait=sb lsp-add sw1 sw1-p5
> >  AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04
> 10.0.0.1"], [1], [],
> > -[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 10.0.0.1
> > +[ovn-nbctl: Error on switch sw1: duplicate IPv4 address '10.0.0.1'
> found on logical switch port 'sw1-p1'
> >  ])
> >  AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04
> 10.0.0.2"], [1], [],
> > -[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 10.0.0.2
> > +[ovn-nbctl: Error on switch sw1: duplicate IPv4 address '10.0.0.2'
> found on logical switch port 'sw1-p1'
> >  ])
> >  AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04
> aef0::1"], [1], [],
> > -[ovn-nbctl: Error on switch sw1: duplicate IPv6 address aef0::1
> > +[ovn-nbctl: Error on switch sw1: duplicate IPv6 address 'aef0::1' found
> on logical switch port 'sw1-p1'
> >  ])
> >  AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04
> aef0::2"], [1], [],
> > -[ovn-nbctl: Error on switch sw1: duplicate IPv6 address aef0::2
> > +[ovn-nbctl: Error on switch sw1: duplicate IPv6 address 'aef0::2' found
> on logical switch port 'sw1-p1'
> >  ])
> >  AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04
> 192.168.0.2"], [1], [],
> > -[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 192.168.0.2
> > +[ovn-nbctl: Error on switch sw1: duplicate IPv4 address '192.168.0.2'
> found on logical switch port 'sw1-p2'
> >  ])
> >  AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04
> 192.168.0.3"], [1], [],
> > -[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 192.168.0.3
> > +[ovn-nbctl: Error on switch sw1: duplicate IPv4 address '192.168.0.3'
> found on logical switch port 'sw1-p3'
> >  ])
> >
> >  # Now try re-setting sw1-p1. This should succeed
> > --
> > 2.23.0
> >
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >
>
>

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v1 2/2] northd: Log all dynamic address assignments

2019-12-09 Thread Russell Bryant 
On Mon, Dec 9, 2019 at 3:01 AM Dumitru Ceara  wrote:

> On Sun, Dec 8, 2019 at 5:12 AM Russell Bryant  wrote:
> >
> > This patch adds INFO level log messages for all dynamic address
> > assignments (MAC, IPv4, IPv6).  While debugging some issues in
> > ovn-kubernetes, I found it would be helpful to see ovn-northd's view
> > of what addresses were assigned where and when from its perspective.
> >
>
> Hi Russsell,
>
> While I agree that having this information is really useful for
> debugging, the INFO logs are enabled by default.
> Should we consider rate limiting the logs you added?
>
> For example, looking at the WARN logs in northd, all of them are rate
> limited.
>

We could ... it'd be a little bit extra tracking that would hopefully never
be needed.  It'd be a bug if the same message was emitted more than once at
all.

>
> Thanks,
> Dumitru
>
> > Signed-off-by: Russell Bryant 
> > ---
> >  northd/ovn-northd.c | 9 +
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> > index f0847d81e..33d3ff2ad 100644
> > --- a/northd/ovn-northd.c
> > +++ b/northd/ovn-northd.c
> > @@ -1714,6 +1714,8 @@ update_dynamic_addresses(struct
> dynamic_address_update *update)
> >  break;
> >  case DYNAMIC:
> >  ip4 = htonl(ipam_get_unused_ip(update->od));
> > +VLOG_INFO("Assigned dynamic IPv4 address '"IP_FMT"' to port
> '%s'",
> > +  IP_ARGS(ip4), update->op->nbsp->name);
> >  }
> >
> >  struct eth_addr mac;
> > @@ -1728,6 +1730,8 @@ update_dynamic_addresses(struct
> dynamic_address_update *update)
> >  break;
> >  case DYNAMIC:
> >  eth_addr_from_uint64(ipam_get_unused_mac(ip4), );
> > +VLOG_INFO("Assigned dynamic MAC address '"ETH_ADDR_FMT"' to
> port '%s'",
> > +  ETH_ADDR_ARGS(mac), update->op->nbsp->name);
> >  break;
> >  }
> >
> > @@ -1745,6 +1749,11 @@ update_dynamic_addresses(struct
> dynamic_address_update *update)
> >  break;
> >  case DYNAMIC:
> >  in6_generate_eui64(mac, >od->ipam_info.ipv6_prefix,
> );
> > +struct ds ip6_ds = DS_EMPTY_INITIALIZER;
> > +ipv6_format_addr(, _ds);
> > +VLOG_INFO("Assigned dynamic IPv6 address '%s' to port '%s'",
> > +  ip6_ds.string, update->op->nbsp->name);
> > +ds_destroy(_ds);
> >  break;
> >  }
> >
> > --
> > 2.23.0
> >
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >
>
>

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v1 1/2] tests: Updated expected log message

2019-12-07 Thread Russell Bryant 
A previous commit added more detail to this log message.  Fix the test
to reflect the new text.

Signed-off-by: Russell Bryant 
---
 tests/ovn.at | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/ovn.at b/tests/ovn.at
index 8f4d9a440..1d5369341 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -13618,22 +13618,22 @@ ovn-nbctl list logical_switch_port
 # Now try to add duplicate addresses on a new port. These should all fail
 ovn-nbctl --wait=sb lsp-add sw1 sw1-p5
 AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 10.0.0.1"], 
[1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 10.0.0.1
+[ovn-nbctl: Error on switch sw1: duplicate IPv4 address '10.0.0.1' found on 
logical switch port 'sw1-p1'
 ])
 AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 10.0.0.2"], 
[1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 10.0.0.2
+[ovn-nbctl: Error on switch sw1: duplicate IPv4 address '10.0.0.2' found on 
logical switch port 'sw1-p1'
 ])
 AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 aef0::1"], 
[1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv6 address aef0::1
+[ovn-nbctl: Error on switch sw1: duplicate IPv6 address 'aef0::1' found on 
logical switch port 'sw1-p1'
 ])
 AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 aef0::2"], 
[1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv6 address aef0::2
+[ovn-nbctl: Error on switch sw1: duplicate IPv6 address 'aef0::2' found on 
logical switch port 'sw1-p1'
 ])
 AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 192.168.0.2"], 
[1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 192.168.0.2
+[ovn-nbctl: Error on switch sw1: duplicate IPv4 address '192.168.0.2' found on 
logical switch port 'sw1-p2'
 ])
 AT_CHECK([ovn-nbctl lsp-set-addresses sw1-p5 "00:00:00:00:00:04 192.168.0.3"], 
[1], [],
-[ovn-nbctl: Error on switch sw1: duplicate IPv4 address 192.168.0.3
+[ovn-nbctl: Error on switch sw1: duplicate IPv4 address '192.168.0.3' found on 
logical switch port 'sw1-p3'
 ])
 
 # Now try re-setting sw1-p1. This should succeed
-- 
2.23.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v1 2/2] northd: Log all dynamic address assignments

2019-12-07 Thread Russell Bryant 
This patch adds INFO level log messages for all dynamic address
assignments (MAC, IPv4, IPv6).  While debugging some issues in
ovn-kubernetes, I found it would be helpful to see ovn-northd's view
of what addresses were assigned where and when from its perspective.

Signed-off-by: Russell Bryant 
---
 northd/ovn-northd.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index f0847d81e..33d3ff2ad 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -1714,6 +1714,8 @@ update_dynamic_addresses(struct dynamic_address_update 
*update)
 break;
 case DYNAMIC:
 ip4 = htonl(ipam_get_unused_ip(update->od));
+VLOG_INFO("Assigned dynamic IPv4 address '"IP_FMT"' to port '%s'",
+  IP_ARGS(ip4), update->op->nbsp->name);
 }
 
 struct eth_addr mac;
@@ -1728,6 +1730,8 @@ update_dynamic_addresses(struct dynamic_address_update 
*update)
 break;
 case DYNAMIC:
 eth_addr_from_uint64(ipam_get_unused_mac(ip4), );
+VLOG_INFO("Assigned dynamic MAC address '"ETH_ADDR_FMT"' to port '%s'",
+  ETH_ADDR_ARGS(mac), update->op->nbsp->name);
 break;
 }
 
@@ -1745,6 +1749,11 @@ update_dynamic_addresses(struct dynamic_address_update 
*update)
 break;
 case DYNAMIC:
 in6_generate_eui64(mac, >od->ipam_info.ipv6_prefix, );
+struct ds ip6_ds = DS_EMPTY_INITIALIZER;
+ipv6_format_addr(, _ds);
+VLOG_INFO("Assigned dynamic IPv6 address '%s' to port '%s'",
+  ip6_ds.string, update->op->nbsp->name);
+ds_destroy(_ds);
 break;
 }
 
-- 
2.23.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v1] nbctl: Log the source of duplicate IP addresses

2019-12-07 Thread Russell Bryant 
On Fri, Dec 6, 2019 at 7:39 PM Han Zhou  wrote:

>
>
> On Fri, Dec 6, 2019 at 12:13 PM Russell Bryant  wrote:
> >
> > When doing an lsp-add, ovn-nbctl will ensure that there is not another
> > port on the same logical switch with the same IP address.  I'm seeing
> > this error occur with ovn-kubernetes, and I would find it helpful to
> > see which port it thinks had the duplicate address, because it's not
> > obvious what's happening.
> >
> > Signed-off-by: Russell Bryant 
> > ---
> >  utilities/ovn-nbctl.c | 18 --
> >  1 file changed, 12 insertions(+), 6 deletions(-)
> >
> > diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
> > index 8188948fa..46ba3a938 100644
> > --- a/utilities/ovn-nbctl.c
> > +++ b/utilities/ovn-nbctl.c
> > @@ -1506,13 +1506,16 @@ nbctl_lsp_get_tag(struct ctl_context *ctx)
> >
> >  static char *
> >  lsp_contains_duplicate_ip(struct lport_addresses *laddrs1,
> > -  struct lport_addresses *laddrs2)
> > +  struct lport_addresses *laddrs2,
> > +  const struct nbrec_logical_switch_port
> *lsp_test)
> >  {
> >  for (size_t i = 0; i < laddrs1->n_ipv4_addrs; i++) {
> >  for (size_t j = 0; j < laddrs2->n_ipv4_addrs; j++) {
> >  if (laddrs1->ipv4_addrs[i].addr ==
> laddrs2->ipv4_addrs[j].addr) {
> > -return xasprintf("duplicate IPv4 address %s",
> > - laddrs1->ipv4_addrs[i].addr_s);
> > +return xasprintf("duplicate IPv4 address '%s' found on "
> > + "logical switch port '%s'",
> > + laddrs1->ipv4_addrs[i].addr_s,
> > + lsp_test->name);
> >  }
> >  }
> >  }
> > @@ -1521,8 +1524,10 @@ lsp_contains_duplicate_ip(struct lport_addresses
> *laddrs1,
> >  for (size_t j = 0; j < laddrs2->n_ipv6_addrs; j++) {
> >  if (IN6_ARE_ADDR_EQUAL(>ipv6_addrs[i].addr,
> > >ipv6_addrs[j].addr)) {
> > -return xasprintf("duplicate IPv6 address %s",
> > - laddrs1->ipv6_addrs[i].addr_s);
> > +return xasprintf("duplicate IPv6 address '%s' found on "
> > + "logical switch port '%s'",
> > + laddrs1->ipv6_addrs[i].addr_s,
> > + lsp_test->name);
> >  }
> >  }
> >  }
> > @@ -1553,7 +1558,8 @@ lsp_contains_duplicates(const struct
> nbrec_logical_switch *ls,
> >  addr = lsp_test->dynamic_addresses;
> >  }
> >  if (extract_lsp_addresses(addr, _test)) {
> > -sub_error = lsp_contains_duplicate_ip(,
> _test);
> > +sub_error = lsp_contains_duplicate_ip(,
> _test,
> > +  lsp_test);
> >  destroy_lport_addresses(_test);
> >  if (sub_error) {
> >  goto err_out;
> > --
> > 2.23.0
> >
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
> Acked-by: Han Zhou 
>

Thanks!  I pushed this change to master.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v1] nbctl: Log the source of duplicate IP addresses

2019-12-06 Thread Russell Bryant 
When doing an lsp-add, ovn-nbctl will ensure that there is not another
port on the same logical switch with the same IP address.  I'm seeing
this error occur with ovn-kubernetes, and I would find it helpful to
see which port it thinks had the duplicate address, because it's not
obvious what's happening.

Signed-off-by: Russell Bryant 
---
 utilities/ovn-nbctl.c | 18 --
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index 8188948fa..46ba3a938 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -1506,13 +1506,16 @@ nbctl_lsp_get_tag(struct ctl_context *ctx)
 
 static char *
 lsp_contains_duplicate_ip(struct lport_addresses *laddrs1,
-  struct lport_addresses *laddrs2)
+  struct lport_addresses *laddrs2,
+  const struct nbrec_logical_switch_port *lsp_test)
 {
 for (size_t i = 0; i < laddrs1->n_ipv4_addrs; i++) {
 for (size_t j = 0; j < laddrs2->n_ipv4_addrs; j++) {
 if (laddrs1->ipv4_addrs[i].addr == laddrs2->ipv4_addrs[j].addr) {
-return xasprintf("duplicate IPv4 address %s",
- laddrs1->ipv4_addrs[i].addr_s);
+return xasprintf("duplicate IPv4 address '%s' found on "
+ "logical switch port '%s'",
+ laddrs1->ipv4_addrs[i].addr_s,
+ lsp_test->name);
 }
 }
 }
@@ -1521,8 +1524,10 @@ lsp_contains_duplicate_ip(struct lport_addresses 
*laddrs1,
 for (size_t j = 0; j < laddrs2->n_ipv6_addrs; j++) {
 if (IN6_ARE_ADDR_EQUAL(>ipv6_addrs[i].addr,
>ipv6_addrs[j].addr)) {
-return xasprintf("duplicate IPv6 address %s",
- laddrs1->ipv6_addrs[i].addr_s);
+return xasprintf("duplicate IPv6 address '%s' found on "
+ "logical switch port '%s'",
+ laddrs1->ipv6_addrs[i].addr_s,
+ lsp_test->name);
 }
 }
 }
@@ -1553,7 +1558,8 @@ lsp_contains_duplicates(const struct nbrec_logical_switch 
*ls,
 addr = lsp_test->dynamic_addresses;
 }
 if (extract_lsp_addresses(addr, _test)) {
-sub_error = lsp_contains_duplicate_ip(, _test);
+sub_error = lsp_contains_duplicate_ip(, _test,
+  lsp_test);
 destroy_lport_addresses(_test);
 if (sub_error) {
 goto err_out;
-- 
2.23.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn v1] northd: Remove misleading warning log message

2019-12-02 Thread Russell Bryant 
On Mon, Dec 2, 2019 at 3:45 AM Numan Siddique  wrote:
>
> On Mon, Dec 2, 2019 at 8:54 AM Russell Bryant  wrote:
> >
> > While debugging an ovn-kubernetes cluster, I spotted several
> > "Duplicate MAC set" warning messages in the ovn-northd log.  It looks
> > like this message was emitted from this code path by mistake, where
> > it correctly avoided assigning a duplicate MAC address.  This patch
> > turns off the warning for that case.
> >
> > Signed-off-by: Russell Bryant 
>
> Acked-by: Numan Siddique 

Thanks.  I applied this to master.


>
> Numan
>
> > ---
> >  northd/ovn-northd.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> > index a943e1037..9f558c628 100644
> > --- a/northd/ovn-northd.c
> > +++ b/northd/ovn-northd.c
> > @@ -1395,7 +1395,7 @@ ipam_get_unused_mac(ovs_be32 ip)
> >  mac_addr_suffix = ((base_addr + i) % (MAC_ADDR_SPACE - 1)) + 1;
> >  mac64 =  eth_addr_to_uint64(mac_prefix) | mac_addr_suffix;
> >  eth_addr_from_uint64(mac64, );
> > -if (!ipam_is_duplicate_mac(, mac64, true)) {
> > +if (!ipam_is_duplicate_mac(, mac64, false)) {
> >  break;
> >  }
> >  }
> > --
> > 2.23.0
> >
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v1] northd: Remove misleading warning log message

2019-12-01 Thread Russell Bryant 
While debugging an ovn-kubernetes cluster, I spotted several
"Duplicate MAC set" warning messages in the ovn-northd log.  It looks
like this message was emitted from this code path by mistake, where
it correctly avoided assigning a duplicate MAC address.  This patch
turns off the warning for that case.

Signed-off-by: Russell Bryant 
---
 northd/ovn-northd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index a943e1037..9f558c628 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -1395,7 +1395,7 @@ ipam_get_unused_mac(ovs_be32 ip)
 mac_addr_suffix = ((base_addr + i) % (MAC_ADDR_SPACE - 1)) + 1;
 mac64 =  eth_addr_to_uint64(mac_prefix) | mac_addr_suffix;
 eth_addr_from_uint64(mac64, );
-if (!ipam_is_duplicate_mac(, mac64, true)) {
+if (!ipam_is_duplicate_mac(, mac64, false)) {
 break;
 }
 }
-- 
2.23.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] northd: Match IPv4 or IPv6 for MAC resolution

2019-11-19 Thread Russell Bryant 
On Tue, Nov 19, 2019 at 5:32 PM Han Zhou  wrote:

>
>
> On Tue, Nov 19, 2019 at 2:19 PM Russell Bryant  wrote:
>
>> On Tue, Nov 19, 2019 at 4:44 PM Han Zhou  wrote:
>> >
>> >
>> >
>> > On Tue, Nov 19, 2019 at 1:38 PM Han Zhou  wrote:
>> >>
>> >>
>> >>
>> >> On Tue, Nov 19, 2019 at 3:33 AM Numan Siddique  wrote:
>> >> >
>> >> > On Tue, Nov 19, 2019 at 7:04 AM Russell Bryant 
>> wrote:
>> >> > >
>> >> > > While debugging some problems in a cluster using ovn-kubernetes, I
>> >> > > noticed that we're creating two conflicting logical flows.  These
>> two
>> >> > > flows only matched on the destination MAC address.  It was not
>> >> > > deterministic whether you'd hit the IPv4 (ARP) or IPv6 (NS)
>> version.
>> >> > >
>> >> > > This change adds an ip4 or ip6 match to each flow as appropriate.
>> >> > >
>> >> > > Signed-off-by: Russell Bryant 
>> >> >
>> >> > Acked-by: Numan Siddique 
>> >> >
>> >> > > ---
>> >> > >  northd/ovn-northd.c | 4 ++--
>> >> > >  1 file changed, 2 insertions(+), 2 deletions(-)
>> >> > >
>> >> > > --- NOTE ---
>> >> > >
>> >> > > I've only tested this by running "make check" and "make
>> check-kernel" so
>> >> > > far, and all tests still pass.
>> >> > >
>> >> > > If I'm reading this code right, I'm really surprised this hasn't
>> come up
>> >> > > sooner?  I guess we also don't have adequate test coverage for
>> these
>> >> > > flows?
>> >> >
>> >> > Thanks for the patch.  Yeah we don't have much coverage here.
>> >> > We should add system tests for this.
>> >> >
>> >> > Numan
>> >> >
>> >>
>> >> I noticed this when I was testing ddlog which couldn't handle this
>> well initially but later fixed. I thought it was a problem, too, but then
>> figured out it is actually handled by ovn-controller when translating to
>> open-flows. The condition ip4/ip6 is added during the translation
>> automatically.
>> >>
>> > This just explains why "this hasn't come up sooner", but the patch
>> LGTM. It is better to add the condition in logical flows.
>>
>> Interesting - and it works the same even though there are different
>> arguments to arp{} or nd_ns{} in each logical flow?
>>
>> They are two different lflows (since the actions are different), and
> translated in two different OVS flows. During translation by
> ovn-controller, when parsing the actions, the ip4/ip6 is specified as
> prerequisite, and then the prerequisite is added as a match condition, too.
> Please see:
> https://github.com/ovn-org/ovn/blob/master/lib/actions.c#L1169
> https://github.com/ovn-org/ovn/blob/master/lib/actions.c#L1211
>

Ah ha!  That explains it.  Thank you.  :-)

>
>
>> >
>> >>
>> >> > >
>> >> > >
>> >> > > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
>> >> > > index 41e97f841..f0ab43b27 100644
>> >> > > --- a/northd/ovn-northd.c
>> >> > > +++ b/northd/ovn-northd.c
>> >> > > @@ -9319,7 +9319,7 @@ build_lrouter_flows(struct hmap *datapaths,
>> struct hmap *ports,
>> >> > >  }
>> >> > >
>> >> > >  ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100,
>> >> > > -  "eth.dst == 00:00:00:00:00:00",
>> >> > > +  "eth.dst == 00:00:00:00:00:00 && ip4",
>> >> > >        "arp { "
>> >> > >"eth.dst = ff:ff:ff:ff:ff:ff; "
>> >> > >"arp.spa = reg1; "
>> >> > > @@ -9328,7 +9328,7 @@ build_lrouter_flows(struct hmap *datapaths,
>> struct hmap *ports,
>> >> > >"output; "
>> >> > >"};");
>> >> > >  ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100,
>> >> > > -  "eth.dst == 00:00:00:00:00:00",
>> >> > > +  "eth.dst == 00:00:00:00:00:00 && ip6",
>> >> > >"nd_ns { "
>> >> > >"nd.target = xxreg0; "
>> >> > >"output; "
>> >> > > --
>> >> > > 2.23.0
>> >> > >
>> >> > > ___
>> >> > > dev mailing list
>> >> > > d...@openvswitch.org
>> >> > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>> >> > >
>> >> > ___
>> >> > dev mailing list
>> >> > d...@openvswitch.org
>> >> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>
>>
>>
>> --
>> Russell Bryant
>>
>

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] northd: Match IPv4 or IPv6 for MAC resolution

2019-11-19 Thread Russell Bryant 
On Tue, Nov 19, 2019 at 4:44 PM Han Zhou  wrote:
>
>
>
> On Tue, Nov 19, 2019 at 1:38 PM Han Zhou  wrote:
>>
>>
>>
>> On Tue, Nov 19, 2019 at 3:33 AM Numan Siddique  wrote:
>> >
>> > On Tue, Nov 19, 2019 at 7:04 AM Russell Bryant  wrote:
>> > >
>> > > While debugging some problems in a cluster using ovn-kubernetes, I
>> > > noticed that we're creating two conflicting logical flows.  These two
>> > > flows only matched on the destination MAC address.  It was not
>> > > deterministic whether you'd hit the IPv4 (ARP) or IPv6 (NS) version.
>> > >
>> > > This change adds an ip4 or ip6 match to each flow as appropriate.
>> > >
>> > > Signed-off-by: Russell Bryant 
>> >
>> > Acked-by: Numan Siddique 
>> >
>> > > ---
>> > >  northd/ovn-northd.c | 4 ++--
>> > >  1 file changed, 2 insertions(+), 2 deletions(-)
>> > >
>> > > --- NOTE ---
>> > >
>> > > I've only tested this by running "make check" and "make check-kernel" so
>> > > far, and all tests still pass.
>> > >
>> > > If I'm reading this code right, I'm really surprised this hasn't come up
>> > > sooner?  I guess we also don't have adequate test coverage for these
>> > > flows?
>> >
>> > Thanks for the patch.  Yeah we don't have much coverage here.
>> > We should add system tests for this.
>> >
>> > Numan
>> >
>>
>> I noticed this when I was testing ddlog which couldn't handle this well 
>> initially but later fixed. I thought it was a problem, too, but then figured 
>> out it is actually handled by ovn-controller when translating to open-flows. 
>> The condition ip4/ip6 is added during the translation automatically.
>>
> This just explains why "this hasn't come up sooner", but the patch LGTM. It 
> is better to add the condition in logical flows.

Interesting - and it works the same even though there are different
arguments to arp{} or nd_ns{} in each logical flow?

>
>>
>> > >
>> > >
>> > > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
>> > > index 41e97f841..f0ab43b27 100644
>> > > --- a/northd/ovn-northd.c
>> > > +++ b/northd/ovn-northd.c
>> > > @@ -9319,7 +9319,7 @@ build_lrouter_flows(struct hmap *datapaths, struct 
>> > > hmap *ports,
>> > >  }
>> > >
>> > >  ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100,
>> > > -  "eth.dst == 00:00:00:00:00:00",
>> > > +  "eth.dst == 00:00:00:00:00:00 && ip4",
>> > >"arp { "
>> > >"eth.dst = ff:ff:ff:ff:ff:ff; "
>> > >"arp.spa = reg1; "
>> > > @@ -9328,7 +9328,7 @@ build_lrouter_flows(struct hmap *datapaths, struct 
>> > > hmap *ports,
>> > >"output; "
>> > >"};");
>> > >  ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100,
>> > > -  "eth.dst == 00:00:00:00:00:00",
>> > > +  "eth.dst == 00:00:00:00:00:00 && ip6",
>> > >"nd_ns { "
>> > >"nd.target = xxreg0; "
>> > >"output; "
>> > > --
>> > > 2.23.0
>> > >
>> > > ___
>> > > dev mailing list
>> > > d...@openvswitch.org
>> > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>> > >
>> > ___
>> > dev mailing list
>> > d...@openvswitch.org
>> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] northd: Match IPv4 or IPv6 for MAC resolution

2019-11-19 Thread Russell Bryant 
On Tue, Nov 19, 2019 at 6:33 AM Numan Siddique  wrote:
>
> On Tue, Nov 19, 2019 at 7:04 AM Russell Bryant  wrote:
> >
> > While debugging some problems in a cluster using ovn-kubernetes, I
> > noticed that we're creating two conflicting logical flows.  These two
> > flows only matched on the destination MAC address.  It was not
> > deterministic whether you'd hit the IPv4 (ARP) or IPv6 (NS) version.
> >
> > This change adds an ip4 or ip6 match to each flow as appropriate.
> >
> > Signed-off-by: Russell Bryant 
>
> Acked-by: Numan Siddique 

Thanks!  I applied this to master.

>
> > ---
> >  northd/ovn-northd.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > --- NOTE ---
> >
> > I've only tested this by running "make check" and "make check-kernel" so
> > far, and all tests still pass.
> >
> > If I'm reading this code right, I'm really surprised this hasn't come up
> > sooner?  I guess we also don't have adequate test coverage for these
> > flows?
>
> Thanks for the patch.  Yeah we don't have much coverage here.
> We should add system tests for this.
>
> Numan
>
> >
> >
> > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> > index 41e97f841..f0ab43b27 100644
> > --- a/northd/ovn-northd.c
> > +++ b/northd/ovn-northd.c
> > @@ -9319,7 +9319,7 @@ build_lrouter_flows(struct hmap *datapaths, struct 
> > hmap *ports,
> >  }
> >
> >  ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100,
> > -  "eth.dst == 00:00:00:00:00:00",
> > +  "eth.dst == 00:00:00:00:00:00 && ip4",
> >"arp { "
> >"eth.dst = ff:ff:ff:ff:ff:ff; "
> >"arp.spa = reg1; "
> > @@ -9328,7 +9328,7 @@ build_lrouter_flows(struct hmap *datapaths, struct 
> > hmap *ports,
> >"output; "
> >"};");
> >  ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100,
> > -  "eth.dst == 00:00:00:00:00:00",
> > +  "eth.dst == 00:00:00:00:00:00 && ip6",
> >"nd_ns { "
> >"nd.target = xxreg0; "
> >"output; "
> > --
> > 2.23.0
> >
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] northd: Match IPv4 or IPv6 for MAC resolution

2019-11-18 Thread Russell Bryant 
While debugging some problems in a cluster using ovn-kubernetes, I
noticed that we're creating two conflicting logical flows.  These two
flows only matched on the destination MAC address.  It was not
deterministic whether you'd hit the IPv4 (ARP) or IPv6 (NS) version.

This change adds an ip4 or ip6 match to each flow as appropriate.

Signed-off-by: Russell Bryant 
---
 northd/ovn-northd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- NOTE ---

I've only tested this by running "make check" and "make check-kernel" so
far, and all tests still pass.

If I'm reading this code right, I'm really surprised this hasn't come up
sooner?  I guess we also don't have adequate test coverage for these
flows?


diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 41e97f841..f0ab43b27 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -9319,7 +9319,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap 
*ports,
 }
 
 ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100,
-  "eth.dst == 00:00:00:00:00:00",
+  "eth.dst == 00:00:00:00:00:00 && ip4",
   "arp { "
   "eth.dst = ff:ff:ff:ff:ff:ff; "
   "arp.spa = reg1; "
@@ -9328,7 +9328,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap 
*ports,
   "output; "
   "};");
 ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100,
-  "eth.dst == 00:00:00:00:00:00",
+  "eth.dst == 00:00:00:00:00:00 && ip6",
   "nd_ns { "
   "nd.target = xxreg0; "
   "output; "
-- 
2.23.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2] system-ovn.at: Create IPv6 load balancing tests

2019-11-05 Thread Russell Bryant 
Duplicate all of the IPv4 load balancing test cases for IPv6.
All of these are passing without any changes needed in OVN code, but
this will help ensure that we do not have any IPv6 load balancing
regressions in the future.

Signed-off-by: Russell Bryant 
---
 tests/system-ovn.at | 876 
 1 file changed, 799 insertions(+), 77 deletions(-)

v1 -> v2:
 - Use [[ and ]] instead of quadigraphs to enhance readability,
   as suggested by Ben Pfaff


diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index b3f90aae2..5885df58e 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -1158,6 +1158,153 @@ 
tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=,dport=),reply=(s
 ])
 
 
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
+
+as ovn-sb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+as ovn-nb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+as northd
+OVS_APP_EXIT_AND_WAIT([ovn-northd])
+
+as
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"])
+AT_CLEANUP
+
+AT_SETUP([ovn -- load-balancing - IPv6])
+AT_KEYWORDS([ovnlb])
+
+CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
+ovn_start
+OVS_TRAFFIC_VSWITCHD_START()
+ADD_BR([br-int])
+
+# Set external-ids in br-int needed for ovn-controller
+ovs-vsctl \
+-- set Open_vSwitch . external-ids:system-id=hv1 \
+-- set Open_vSwitch . 
external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
+-- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
+-- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
+-- set bridge br-int fail-mode=secure other-config:disable-in-band=true
+
+# Start ovn-controller
+start_daemon ovn-controller
+
+# Logical network:
+# 2 logical switches "foo" (fd01::/64) and "bar" (fd02::/64)
+# connected to a router R1.
+# foo has foo1 to act as a client.
+# bar has bar1, bar2, bar3 to act as servers.
+#
+# Loadbalancer VIPs in fd03::/64 network.
+
+ovn-nbctl create Logical_Router name=R1
+ovn-nbctl ls-add foo
+ovn-nbctl ls-add bar
+
+# Connect foo to R1
+ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 fd01::1/64
+ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
+type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
+
+# Connect bar to R1
+ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 fd02::1/64
+ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
+type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
+
+# Create logical port 'foo1' in switch 'foo'.
+ADD_NAMESPACES(foo1)
+ADD_VETH(foo1, foo1, br-int, "fd01::2/64", "f0:00:00:01:02:03", \
+ "fd01::1")
+ovn-nbctl lsp-add foo foo1 \
+-- lsp-set-addresses foo1 "f0:00:00:01:02:03 fd01::2"
+
+# Create logical ports 'bar1', 'bar2', 'bar3' in switch 'bar'.
+ADD_NAMESPACES(bar1)
+ADD_VETH(bar1, bar1, br-int, "fd02::2/64", "f0:00:0f:01:02:03", \
+ "fd02::1")
+ovn-nbctl lsp-add bar bar1 \
+-- lsp-set-addresses bar1 "f0:00:0f:01:02:03 fd02::2"
+
+ADD_NAMESPACES(bar2)
+ADD_VETH(bar2, bar2, br-int, "fd02::3/64", "f0:00:0f:01:02:04", \
+ "fd02::1")
+ovn-nbctl lsp-add bar bar2 \
+-- lsp-set-addresses bar2 "f0:00:0f:01:02:04 fd02::3"
+
+ADD_NAMESPACES(bar3)
+ADD_VETH(bar3, bar3, br-int, "fd02::4/64", "f0:00:0f:01:02:05", \
+ "fd02::1")
+ovn-nbctl lsp-add bar bar3 \
+-- lsp-set-addresses bar3 "f0:00:0f:01:02:05 fd02::4"
+
+# Config OVN load-balancer with a VIP.
+uuid=`ovn-nbctl  create load_balancer 
vips:\"fd03::1\"=\"fd02::2,fd02::3,fd02::4\"`
+ovn-nbctl set logical_switch foo load_balancer=$uuid
+
+# Create another load-balancer with another VIP.
+uuid=`ovn-nbctl create load_balancer 
vips:\"fd03::3\"=\"fd02::2,fd02::3,fd02::4\"`
+ovn-nbctl add logical_switch foo load_balancer $uuid
+
+# Config OVN load-balancer with another VIP (this time with ports).
+ovn-nbctl set load_balancer $uuid 
vips:'"[[fd03::2]]:8000"'='"@<:@fd02::2@:>@:80,@<:@fd02::3@:>@:80,@<:@fd02::4@:>@:80"'
+
+# Wait for ovn-controller to catch up.
+ovn-nbctl --wait=hv sync
+OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \
+grep 'nat(dst=\[[fd02::4\]]:80)'])
+
+# Start webservers in 'bar1', 'bar2' and 'bar3'.
+OVS_START_L7([bar1], [http6])
+OVS_START_L7([bar2], [http6])
+OVS_START_L7([bar3], [http6])
+
+dnl Should work with the virtual IP fd03::1 address through NAT
+for i in `seq 1 20`; do
+echo Request $i
+NS_CHECK_EXEC([foo1], [wget http://[[fd03::1]] -t 5 -T 1 
--retry-connrefused -v -o wget$i.log || (ovs-ofctl -O OpenFlow13 dump-flows 
br-int && false)])
+done
+
+dnl Each server should have at least one connection.
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd03::1) | grep -v fe80 
| \
+sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl
+tcp,orig=(src=fd01::2,

Re: [ovs-dev] [PATCH ovn] system-ovn.at: Create IPv6 load balancing tests

2019-11-05 Thread Russell Bryant 
On Tue, Nov 5, 2019 at 12:38 PM Ben Pfaff  wrote:

> On Tue, Nov 05, 2019 at 12:23:09PM -0500, Russell Bryant wrote:
> > Duplicate all of the IPv4 load balancing test cases for IPv6.
> > All of these are passing without any changes needed in OVN code, but
> > this will help ensure that we do not have any IPv6 load balancing
> > regressions in the future.
> >
> > Signed-off-by: Russell Bryant 
>
> > +#
> > +# A note on square brackets and IPv6 ...
> > +#
> > +# To get square brackets to not get interpreted by m4, this file is
> using:
> > +#
> > +# For [ --> @<:@
> > +# For ] --> @:>@
> > +#
> > +#
> https://stackoverflow.com/questions/2308721/how-do-i-escape-text-in-autoconf-m4
>
> You can usually get the same effect by just doubling the brackets,
> i.e. [[::1]].  You can find some examples with "git grep -F '[[::'".  In
> some cases you end up with three sets of brackets because of outer
> quoting, e.g.:
>
> CHECK_STREAM_OPEN_BLOCK([tcp6], [[[::1]]])
>

Thanks!  I'll give that a shot.  That would be a lot more readable than
what I did ...

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] system-ovn.at: Create IPv6 load balancing tests

2019-11-05 Thread Russell Bryant 
Duplicate all of the IPv4 load balancing test cases for IPv6.
All of these are passing without any changes needed in OVN code, but
this will help ensure that we do not have any IPv6 load balancing
regressions in the future.

Signed-off-by: Russell Bryant 
---
 tests/system-ovn.at | 887 
 1 file changed, 810 insertions(+), 77 deletions(-)

diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index b3f90aae2..2c37f759c 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -1158,6 +1158,164 @@ 
tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=,dport=),reply=(s
 ])
 
 
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
+
+as ovn-sb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+as ovn-nb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+as northd
+OVS_APP_EXIT_AND_WAIT([ovn-northd])
+
+as
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"])
+AT_CLEANUP
+
+#
+# A note on square brackets and IPv6 ...
+#
+# To get square brackets to not get interpreted by m4, this file is using:
+#
+# For [ --> @<:@
+# For ] --> @:>@
+#
+# 
https://stackoverflow.com/questions/2308721/how-do-i-escape-text-in-autoconf-m4
+#
+
+AT_SETUP([ovn -- load-balancing - IPv6])
+AT_KEYWORDS([ovnlb])
+
+CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
+ovn_start
+OVS_TRAFFIC_VSWITCHD_START()
+ADD_BR([br-int])
+
+# Set external-ids in br-int needed for ovn-controller
+ovs-vsctl \
+-- set Open_vSwitch . external-ids:system-id=hv1 \
+-- set Open_vSwitch . 
external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
+-- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
+-- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
+-- set bridge br-int fail-mode=secure other-config:disable-in-band=true
+
+# Start ovn-controller
+start_daemon ovn-controller
+
+# Logical network:
+# 2 logical switches "foo" (fd01::/64) and "bar" (fd02::/64)
+# connected to a router R1.
+# foo has foo1 to act as a client.
+# bar has bar1, bar2, bar3 to act as servers.
+#
+# Loadbalancer VIPs in fd03::/64 network.
+
+ovn-nbctl create Logical_Router name=R1
+ovn-nbctl ls-add foo
+ovn-nbctl ls-add bar
+
+# Connect foo to R1
+ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 fd01::1/64
+ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
+type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
+
+# Connect bar to R1
+ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 fd02::1/64
+ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
+type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
+
+# Create logical port 'foo1' in switch 'foo'.
+ADD_NAMESPACES(foo1)
+ADD_VETH(foo1, foo1, br-int, "fd01::2/64", "f0:00:00:01:02:03", \
+ "fd01::1")
+ovn-nbctl lsp-add foo foo1 \
+-- lsp-set-addresses foo1 "f0:00:00:01:02:03 fd01::2"
+
+# Create logical ports 'bar1', 'bar2', 'bar3' in switch 'bar'.
+ADD_NAMESPACES(bar1)
+ADD_VETH(bar1, bar1, br-int, "fd02::2/64", "f0:00:0f:01:02:03", \
+ "fd02::1")
+ovn-nbctl lsp-add bar bar1 \
+-- lsp-set-addresses bar1 "f0:00:0f:01:02:03 fd02::2"
+
+ADD_NAMESPACES(bar2)
+ADD_VETH(bar2, bar2, br-int, "fd02::3/64", "f0:00:0f:01:02:04", \
+ "fd02::1")
+ovn-nbctl lsp-add bar bar2 \
+-- lsp-set-addresses bar2 "f0:00:0f:01:02:04 fd02::3"
+
+ADD_NAMESPACES(bar3)
+ADD_VETH(bar3, bar3, br-int, "fd02::4/64", "f0:00:0f:01:02:05", \
+ "fd02::1")
+ovn-nbctl lsp-add bar bar3 \
+-- lsp-set-addresses bar3 "f0:00:0f:01:02:05 fd02::4"
+
+# Config OVN load-balancer with a VIP.
+uuid=`ovn-nbctl  create load_balancer 
vips:\"fd03::1\"=\"fd02::2,fd02::3,fd02::4\"`
+ovn-nbctl set logical_switch foo load_balancer=$uuid
+
+# Create another load-balancer with another VIP.
+uuid=`ovn-nbctl create load_balancer 
vips:\"fd03::3\"=\"fd02::2,fd02::3,fd02::4\"`
+ovn-nbctl add logical_switch foo load_balancer $uuid
+
+# Config OVN load-balancer with another VIP (this time with ports).
+ovn-nbctl set load_balancer $uuid 
vips:'"@<:@fd03::2@:>@:8000"'='"@<:@fd02::2@:>@:80,@<:@fd02::3@:>@:80,@<:@fd02::4@:>@:80"'
+
+# Wait for ovn-controller to catch up.
+ovn-nbctl --wait=hv sync
+OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \
+grep 'nat(dst=\@<:@fd02::4\@:>@:80)'])
+
+# Start webservers in 'bar1', 'bar2' and 'bar3'.
+OVS_START_L7([bar1], [http6])
+OVS_START_L7([bar2], [http6])
+OVS_START_L7([bar3], [http6])
+
+dnl Should work with the virtual IP fd03::1 address through NAT
+for i in `seq 1 20`; do
+echo Request $i
+NS_CHECK_EXEC([foo1], [wget http://@<:@fd03::1@:>@ -t 5 -T 1 
--retry-connrefused -v -o wget$i.log || (ovs-ofctl -O OpenFlow13 dump-flows 
br-int && false)])
+done
+
+dnl Each server s

Re: [ovs-dev] [PATCH ovn v2 0/6] Add OVN IPv6 support

2019-10-30 Thread Russell Bryant 
On Wed, Oct 30, 2019 at 11:56 AM Numan Siddique  wrote:

> On Wed, Oct 30, 2019 at 8:25 PM Russell Bryant  wrote:
> >
> > v1 -> v2:
> >  - Address checkpatch warnings about line length
> >  - Fix a sparse error in ovn-nbctl
> >  - Add lflow docs in ovn-northd.8.xml
> >
> > [PATCH ovn v2 1/6] northd: Fix table ID for IPv6 router ingress.
> > [PATCH ovn v2 2/6] actions: Add IPv6 support to lflow NAT actions
> > [PATCH ovn v2 3/6] ovn-nbctl: Allow IPv6 NAT rules to be added
> > [PATCH ovn v2 4/6] northd: Add lflows for IPv6 NAT.
> > [PATCH ovn v2 5/6] system-ovn: Add IPv6 NAT test cases
> > [PATCH ovn v2 6/6] NEWS: Add IPv6 NAT support
>
> Thanks for addressing the comments in v2.
>
> Acked-by: Numan Siddique  for the whole series.
>

Thanks for the fast reviews!  I pushed this series to master.

>
> Numan
>
> >
> >  NEWS|6
> >  include/ovn/actions.h   |6
> >  lib/actions.c   |   35 +
> >  northd/ovn-northd.8.xml |  233 +++-
> >  northd/ovn-northd.c |  386 +++--
> >  tests/ovn-nbctl.at  |   41 +-
> >  tests/ovn.at|   18 -
> >  tests/system-ovn.at |  862
> +++-
> >  utilities/ovn-nbctl.c   |   49 ++
> >  utilities/ovn-trace.c   |   15
> >  10 files changed, 1408 insertions(+), 243 deletions(-)
> >
> > --
> > Russell Bryant
> >
> > ___
> > dev mailing list
> > d...@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>


-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 5/6] system-ovn: Add IPv6 NAT test cases

2019-10-30 Thread Russell Bryant 
These tests failed prior to the changes leading up to this one.

Signed-off-by: Russell Bryant 
---
 tests/system-ovn.at | 862 +++-
 1 file changed, 860 insertions(+), 2 deletions(-)

diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index f88ad31e4..b3f90aae2 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -176,6 +176,186 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port 
patch-.*/d
 /connection dropped.*/d"])
 AT_CLEANUP
 
+AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, SNAT and DNAT - IPv6])
+AT_KEYWORDS([ovnnat])
+
+CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
+ovn_start
+OVS_TRAFFIC_VSWITCHD_START()
+ADD_BR([br-int])
+
+# Set external-ids in br-int needed for ovn-controller
+ovs-vsctl \
+-- set Open_vSwitch . external-ids:system-id=hv1 \
+-- set Open_vSwitch . 
external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
+-- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
+-- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
+-- set bridge br-int fail-mode=secure other-config:disable-in-band=true
+
+# Start ovn-controller
+start_daemon ovn-controller
+
+# Logical network:
+# Two LRs - R1 and R2 that are connected to each other via LS "join"
+# in fd00::/64 network. R1 has switchess foo (fd11::/64) and
+# bar (fd12::/64) connected to it. R2 has alice (fd21::/64) connected
+# to it.  R2 is a gateway router on which we add NAT rules.
+#
+#foo -- R1 -- join - R2 -- alice
+#   |
+#bar 
+
+ovn-nbctl create Logical_Router name=R1
+ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
+
+ovn-nbctl ls-add foo
+ovn-nbctl ls-add bar
+ovn-nbctl ls-add alice
+ovn-nbctl ls-add join
+
+# Connect foo to R1
+ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 fd11::1/64
+ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
+type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
+
+# Connect bar to R1
+ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 fd12::1/64
+ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
+type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
+
+# Connect alice to R2
+ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 fd21::1/64
+ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
+type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
+
+# Connect R1 to join
+ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 fd00::1/64
+ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
+type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
+
+# Connect R2 to join
+ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 fd00::2/64
+ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
+type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
+
+# Static routes.
+ovn-nbctl lr-route-add R1 fd21::/64 fd00::2
+ovn-nbctl lr-route-add R2 fd11::/64 fd00::1
+ovn-nbctl lr-route-add R2 fd12::/64 fd00::1
+
+# Logical port 'foo1' in switch 'foo'.
+ADD_NAMESPACES(foo1)
+ADD_VETH(foo1, foo1, br-int, "fd11::2/64", "f0:00:00:01:02:03", \
+ "fd11::1")
+OVS_WAIT_UNTIL([test "$(ip netns exec foo1 ip a | grep fd11::2 | grep 
tentative)" = ""])
+ovn-nbctl lsp-add foo foo1 \
+-- lsp-set-addresses foo1 "f0:00:00:01:02:03 fd11::2"
+
+# Logical port 'alice1' in switch 'alice'.
+ADD_NAMESPACES(alice1)
+ADD_VETH(alice1, alice1, br-int, "fd21::2/64", "f0:00:00:01:02:04", \
+ "fd21::1")
+OVS_WAIT_UNTIL([test "$(ip netns exec alice1 ip a | grep fd21::2 | grep 
tentative)" = ""])
+ovn-nbctl lsp-add alice alice1 \
+-- lsp-set-addresses alice1 "f0:00:00:01:02:04 fd21::2"
+
+# Logical port 'bar1' in switch 'bar'.
+ADD_NAMESPACES(bar1)
+ADD_VETH(bar1, bar1, br-int, "fd12::2/64", "f0:00:00:01:02:05", \
+ "fd12::1")
+OVS_WAIT_UNTIL([test "$(ip netns exec bar1 ip a | grep fd12::2 | grep 
tentative)" = ""])
+ovn-nbctl lsp-add bar bar1 \
+-- lsp-set-addresses bar1 "f0:00:00:01:02:05 fd12::2"
+
+# Add a DNAT rule.
+ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=\"fd11::2\" \
+external_ip=\"fd30::2\" -- add logical_router R2 nat @nat
+
+# Add a SNAT rule
+ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=\"fd12::2\" \
+external_ip=\"fd30::1\" -- add logical_router R2 nat @nat
+
+# wait for ovn-controller to catch up.
+ovn-nbctl --wait=hv sync
+OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep 'nat(src=fd30::1)'])
+
+# 'alice1' should be able to ping 'foo1' directly.
+NS_CHECK_EXEC([alice1], [ping -6 -v -q -c 3 -i 0.3 -w 2 fd11::2 | 
FORMAT_PING], \
+[0], [dnl
+3 packets transmitted, 3 received, 0% packet loss,

[ovs-dev] [PATCH ovn v2 4/6] northd: Add lflows for IPv6 NAT.

2019-10-30 Thread Russell Bryant 
Signed-off-by: Russell Bryant 
---
 northd/ovn-northd.8.xml | 233 +---
 northd/ovn-northd.c | 384 ++--
 2 files changed, 418 insertions(+), 199 deletions(-)

diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index d3e0e5ef2..f6cafbd55 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -1511,11 +1511,55 @@ output;
 
   
 
-  These flows reply to ARP requests for the virtual IP addresses
-  configured in the router for DNAT or load balancing.  For a
-  configured DNAT IP address or a load balancer IPv4 VIP A,
-  for each router port P with Ethernet
-  address E, a priority-90 flow matches
+  Reply to IPv6 Neighbor Solicitations.  These flows reply to
+  Neighbor Solicitation requests for the router's own IPv6
+  address and populate the logical router's mac binding table.
+
+
+
+  For each router port P that
+  owns IPv6 address A, solicited node address S,
+  and Ethernet address E, a priority-90 flow matches
+  inport == P 
+  nd_ns  ip6.dst == {A, E} 
+  nd.target == A with the following actions:
+
+
+
+nd_na_router {
+eth.src = E;
+ip6.src = A;
+nd.target = A;
+nd.tll = E;
+outport = inport;
+flags.loopback = 1;
+output;
+};
+
+
+
+  For the gateway port on a distributed logical router (where
+  one of the logical router ports specifies a
+  redirect-chassis), the above flows replying to
+  IPv6 Neighbor Solicitations are only programmed on the
+  gateway port instance on the redirect-chassis.
+  This behavior avoids generation of multiple replies from
+  different chassis, and allows upstream MAC learning to point
+  to the redirect-chassis.
+
+  
+
+  
+
+  These flows reply to ARP requests or IPv6 neighbor solicitation
+  for the virtual IP addresses configured in the router for DNAT
+  or load balancing.
+
+
+
+  IPv4: For a configured DNAT IP address or a load balancer
+  IPv4 VIP A, for each router port P with
+  Ethernet address E, a priority-90 flow matches
   inport == P  arp.op == 1 
   arp.tpa == A (ARP request)
   with the following actions:
@@ -1534,6 +1578,30 @@ flags.loopback = 1;
 output;
 
 
+
+  IPv6: For a configured DNAT IP address or a load balancer
+  IPv6 VIP A, solicited node address S,
+  for each router port P with
+  Ethernet address E, a priority-90 flow matches
+  inport == P  nd_ns 
+  ip6.dst == {A, S} 
+  nd.target == A
+  with the following actions:
+
+
+
+eth.dst = eth.src;
+nd_na {
+eth.src = E;
+nd.tll = E;
+ip6.src = A;
+nd.target = A;
+outport = P;
+flags.loopback = 1;
+output;
+}
+
+
 
   For the gateway port on a distributed logical router with NAT
   (where one of the logical router ports specifies a
@@ -1570,6 +1638,15 @@ eth.src = external_mac;
 arp.sha = external_mac;
 
 
+
+  or in the case of IPv6 neighbor solicition:
+
+
+
+eth.src = external_mac;
+nd.tll = external_mac;
+
+
 
   This behavior avoids generation of multiple ARP responses
   from different chassis, and allows upstream MAC learning to
@@ -1579,68 +1656,6 @@ arp.sha = external_mac;
 
   
 
-  
-
-  Reply to IPv6 Neighbor Solicitations.  These flows reply to
-  Neighbor Solicitation requests for the router's own IPv6
-  address and load balancing IPv6 VIPs and populate the logical
-  router's mac binding table.
-
-
-
-  For each router port P that
-  owns IPv6 address A, solicited node address S,
-  and Ethernet address E, a priority-90 flow matches
-  inport == P 
-  nd_ns  ip6.dst == {A, E} 
-  nd.target == A with the following actions:
-
-
-
-nd_na_router {
-eth.src = E;
-ip6.src = A;
-nd.target = A;
-nd.tll = E;
-outport = inport;
-flags.loopback = 1;
-output;
-};
-
-
-
-  For each router port P that has load balancing VIP
-  A, solicited node address S, and Ethernet
-  address E, a priority-90 flow matches
-  inport == P 
-  nd_ns  ip6.dst == {A, E} 
-  nd.target == A with the following actions:
-
-
-
-nd_na {
-eth.src = E;
-ip6.src = A;
-nd.target = A;
-nd.tll = E;
-outport = inport;
-flags.loopback = 1;
-output;
-};
-
-
-
-  For the gateway port on a distributed logical router

[ovs-dev] [PATCH ovn v2 6/6] NEWS: Add IPv6 NAT support

2019-10-30 Thread Russell Bryant 
Signed-off-by: Russell Bryant 
---
 NEWS | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index 73045d65f..ab2f13318 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
+Post-OVS-v2.12.0
+-
+   - OVN was split out from the OVS repository and is now released
+ independently.
+   - Added IPv6 NAT support for OVN routers.
+
 Post-v2.11.0
 -
- DPDK:
-- 
2.21.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 3/6] ovn-nbctl: Allow IPv6 NAT rules to be added

2019-10-30 Thread Russell Bryant 
Signed-off-by: Russell Bryant 
---
 tests/ovn-nbctl.at| 41 
 utilities/ovn-nbctl.c | 49 ---
 2 files changed, 69 insertions(+), 21 deletions(-)

diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index 01091dd99..43a980bdf 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -407,16 +407,16 @@ AT_CHECK([ovn-nbctl lr-nat-add lr0 snatt 30.0.0.2 
192.168.1.2], [1], [],
 [ovn-nbctl: snatt: type must be one of "dnat", "snat" and "dnat_and_snat".
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2a 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.2a: should be an IPv4 address.
+[ovn-nbctl: 30.0.0.2a: Not a valid IPv4 or IPv6 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0: should be an IPv4 address.
+[ovn-nbctl: 30.0.0: Not a valid IPv4 or IPv6 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2/24 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.2/24: should be an IPv4 address.
+[ovn-nbctl: 30.0.0.2/24: Not a valid IPv4 or IPv6 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2:80 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.2:80: should be an IPv4 address.
+[ovn-nbctl: 30.0.0.2:80: Not a valid IPv4 or IPv6 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2 192.168.1.2a], [1], [],
 [ovn-nbctl: 192.168.1.2a: should be an IPv4 address or network.
@@ -431,19 +431,19 @@ AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2 
192.168.1.2/a], [1], [],
 [ovn-nbctl: 192.168.1.2/a: should be an IPv4 address or network.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1.2a], [1], [],
-[ovn-nbctl: 192.168.1.2a: should be an IPv4 address.
+[ovn-nbctl: 192.168.1.2a: Not a valid IPv4 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1], [1], [],
-[ovn-nbctl: 192.168.1: should be an IPv4 address.
+[ovn-nbctl: 192.168.1: Not a valid IPv4 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1.2:80], [1], [],
-[ovn-nbctl: 192.168.1.2:80: should be an IPv4 address.
+[ovn-nbctl: 192.168.1.2:80: Not a valid IPv4 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1.2/24], [1], [],
-[ovn-nbctl: 192.168.1.2/24: should be an IPv4 address.
+[ovn-nbctl: 192.168.1.2/24: Not a valid IPv4 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.2/24], 
[1], [],
-[ovn-nbctl: 192.168.1.2/24: should be an IPv4 address.
+[ovn-nbctl: 192.168.1.2/24: Not a valid IPv4 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.2 lp0], 
[1], [],
 [ovn-nbctl: lr-nat-add with logical_port must also specify external_mac.
@@ -465,15 +465,23 @@ AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 
192.168.1.2 lp0 00:00:
 
 dnl Add snat and dnat
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.1 192.168.1.0/24])
+AT_CHECK([ovn-nbctl lr-nat-add lr0 snat fd01::1 fd11::/64])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.1 192.168.1.2])
+AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat fd01::1 fd11::2])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.1 192.168.1.2])
+AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat fd01::1 fd11::2])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3 lp0 
00:00:00:01:02:03])
+AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat fd01::2 fd11::3 lp0 
00:00:00:01:02:03])
 AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl
 TYPE EXTERNAL_IPLOGICAL_IPEXTERNAL_MAC 
LOGICAL_PORT
 dnat 30.0.0.1   192.168.1.2
+dnat fd01::1fd11::2
 dnat_and_snat30.0.0.1   192.168.1.2
 dnat_and_snat30.0.0.2   192.168.1.3   00:00:00:01:02:03
lp0
+dnat_and_snatfd01::1fd11::2
+dnat_and_snatfd01::2fd11::3   00:00:00:01:02:03
lp0
 snat 30.0.0.1   192.168.1.0/24
+snat fd01::1fd11::/64
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.1 192.168.1.0/24], [1], [],
 [ovn-nbctl: 30.0.0.1, 192.168.1.0/24: a NAT with this external_ip and 
logical_ip already exists
@@ -503,17 +511,26 @@ AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 
dnat_and_snat 30.0.0.2 192.168.1.
 AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl
 TYPE EXTERNAL_IPLOGICAL_IPEXTERNAL_MAC 
LOGICAL_PORT
 dnat 30.0.0.1   192.168.1.2
+dnat fd01::1fd11::2
 dnat_and_snat30.0.0.1   192.168.1.2
 dnat_and_snat30.0.0.2   192.168.1.3   00:00:00:04:05:06
lp0
+dnat_and_snatfd01::1fd11::2
+dnat_and_snatfd01::2fd11::3   00:00:00:01:02:03
lp0
 snat 30.0.0.1   192.168.1.0/24
+snat fd01::1fd11::/64
 ])
 AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat 30.0.0.2

[ovs-dev] [PATCH ovn v2 2/6] actions: Add IPv6 support to lflow NAT actions

2019-10-30 Thread Russell Bryant 
Signed-off-by: Russell Bryant 
---
 include/ovn/actions.h |  6 +-
 lib/actions.c | 35 +++
 tests/ovn.at  | 18 --
 utilities/ovn-trace.c | 15 ++-
 4 files changed, 54 insertions(+), 20 deletions(-)

diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index 4e2f4d28d..f4997e9c9 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -225,7 +225,11 @@ struct ovnact_ct_commit {
 /* OVNACT_CT_DNAT, OVNACT_CT_SNAT. */
 struct ovnact_ct_nat {
 struct ovnact ovnact;
-ovs_be32 ip;
+int family;
+union {
+struct in6_addr ipv6;
+ovs_be32 ipv4;
+};
 uint8_t ltable; /* Logical table ID of next table. */
 };
 
diff --git a/lib/actions.c b/lib/actions.c
index c8c9cc5fd..a999a4fda 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -755,11 +755,18 @@ parse_ct_nat(struct action_context *ctx, const char *name,
 
 if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
 if (ctx->lexer->token.type != LEX_T_INTEGER
-|| ctx->lexer->token.format != LEX_F_IPV4) {
-lexer_syntax_error(ctx->lexer, "expecting IPv4 address");
+|| (ctx->lexer->token.format != LEX_F_IPV4
+&& ctx->lexer->token.format != LEX_F_IPV6)) {
+lexer_syntax_error(ctx->lexer, "expecting IPv4 or IPv6 address");
 return;
 }
-cn->ip = ctx->lexer->token.value.ipv4;
+if (ctx->lexer->token.format == LEX_F_IPV4) {
+cn->family = AF_INET;
+cn->ipv4 = ctx->lexer->token.value.ipv4;
+} else if (ctx->lexer->token.format == LEX_F_IPV6) {
+cn->family = AF_INET6;
+cn->ipv6 = ctx->lexer->token.value.ipv6;
+}
 lexer_get(ctx->lexer);
 
 if (!lexer_force_match(ctx->lexer, LEX_T_RPAREN)) {
@@ -784,8 +791,12 @@ static void
 format_ct_nat(const struct ovnact_ct_nat *cn, const char *name, struct ds *s)
 {
 ds_put_cstr(s, name);
-if (cn->ip) {
-ds_put_format(s, "("IP_FMT")", IP_ARGS(cn->ip));
+if (cn->family == AF_INET) {
+ds_put_format(s, "("IP_FMT")", IP_ARGS(cn->ipv4));
+} else if (cn->family == AF_INET6) {
+ds_put_char(s, '(');
+ipv6_format_addr(>ipv6, s);
+ds_put_char(s, ')');
 }
 ds_put_char(s, ';');
 }
@@ -831,9 +842,17 @@ encode_ct_nat(const struct ovnact_ct_nat *cn,
 nat->flags = 0;
 nat->range_af = AF_UNSPEC;
 
-if (cn->ip) {
+if (cn->family == AF_INET) {
 nat->range_af = AF_INET;
-nat->range.addr.ipv4.min = cn->ip;
+nat->range.addr.ipv4.min = cn->ipv4;
+if (snat) {
+nat->flags |= NX_NAT_F_SRC;
+} else {
+nat->flags |= NX_NAT_F_DST;
+}
+} else if (cn->family == AF_INET6) {
+nat->range_af = AF_INET6;
+nat->range.addr.ipv6.min = cn->ipv6;
 if (snat) {
 nat->flags |= NX_NAT_F_SRC;
 } else {
@@ -843,7 +862,7 @@ encode_ct_nat(const struct ovnact_ct_nat *cn,
 
 ofpacts->header = ofpbuf_push_uninit(ofpacts, nat_offset);
 ct = ofpacts->header;
-if (cn->ip) {
+if (cn->family == AF_INET || cn->family == AF_INET6) {
 ct->flags |= NX_CT_F_COMMIT;
 }
 ofpact_finish(ofpacts, >ofpact);
diff --git a/tests/ovn.at b/tests/ovn.at
index 9f06059fa..d78689d86 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -1043,15 +1043,18 @@ ct_dnat;
 ct_dnat(192.168.1.2);
 encodes as 
ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2))
 has prereqs ip
+ct_dnat(fd11::2);
+encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=fd11::2))
+has prereqs ip
 
 ct_dnat(192.168.1.2, 192.168.1.3);
 Syntax error at `,' expecting `)'.
 ct_dnat(foo);
-Syntax error at `foo' expecting IPv4 address.
+Syntax error at `foo' expecting IPv4 or IPv6 address.
 ct_dnat(foo, bar);
-Syntax error at `foo' expecting IPv4 address.
+Syntax error at `foo' expecting IPv4 or IPv6 address.
 ct_dnat();
-Syntax error at `)' expecting IPv4 address.
+Syntax error at `)' expecting IPv4 or IPv6 address.
 
 # ct_snat
 ct_snat;
@@ -1060,15 +1063,18 @@ ct_snat;
 ct_snat(192.168.1.2);
 encodes as 
ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2))
 has prereqs ip
+ct_snat(fd11::2);
+encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=fd11::2))
+has prereqs ip
 
 ct_snat(192.168.1.2, 192.168.1.3);
 Syntax error at `,' expecting `)'.
 ct_snat(foo);
-Syntax error at `foo' expecting IPv4 address.
+Syntax error at `foo' expecting IPv4 or IPv6 address.
 ct_snat(foo, bar);
-Syntax error at `foo' expecting IPv4 address.
+Syntax error at `foo' expecting

[ovs-dev] [PATCH ovn v2 0/6] Add OVN IPv6 support

2019-10-30 Thread Russell Bryant 
v1 -> v2:
 - Address checkpatch warnings about line length
 - Fix a sparse error in ovn-nbctl
 - Add lflow docs in ovn-northd.8.xml

[PATCH ovn v2 1/6] northd: Fix table ID for IPv6 router ingress.
[PATCH ovn v2 2/6] actions: Add IPv6 support to lflow NAT actions
[PATCH ovn v2 3/6] ovn-nbctl: Allow IPv6 NAT rules to be added
[PATCH ovn v2 4/6] northd: Add lflows for IPv6 NAT.
[PATCH ovn v2 5/6] system-ovn: Add IPv6 NAT test cases
[PATCH ovn v2 6/6] NEWS: Add IPv6 NAT support

 NEWS|6 
 include/ovn/actions.h   |6 
 lib/actions.c   |   35 +
 northd/ovn-northd.8.xml |  233 +++-
 northd/ovn-northd.c |  386 +++--
 tests/ovn-nbctl.at  |   41 +-
 tests/ovn.at|   18 -
 tests/system-ovn.at |  862 +++-
 utilities/ovn-nbctl.c   |   49 ++
 utilities/ovn-trace.c   |   15 
 10 files changed, 1408 insertions(+), 243 deletions(-)

--
Russell Bryant

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2 1/6] northd: Fix table ID for IPv6 router ingress.

2019-10-30 Thread Russell Bryant 
I noticed that this table number was outdated.  This is now table 3.
There are a few other sections of code for this table that were all
correctly referencing table 3.

Signed-off-by: Russell Bryant 
---
 northd/ovn-northd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 194e4bf4a..ae81a6944 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -7064,7 +7064,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap 
*ports,
 free(snat_ips);
 }
 
-/* Logical router ingress table 1: IP Input for IPv6. */
+/* Logical router ingress table 3: IP Input for IPv6. */
 HMAP_FOR_EACH (op, key_node, ports) {
 if (!op->nbrp) {
 continue;
-- 
2.21.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn 5/6] system-ovn: Add IPv6 NAT test cases

2019-10-29 Thread Russell Bryant 
These tests failed prior to the changes leading up to this one.

Signed-off-by: Russell Bryant 
---
 tests/system-ovn.at | 862 +++-
 1 file changed, 860 insertions(+), 2 deletions(-)

diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index f88ad31e4..b3f90aae2 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -176,6 +176,186 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port 
patch-.*/d
 /connection dropped.*/d"])
 AT_CLEANUP
 
+AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, SNAT and DNAT - IPv6])
+AT_KEYWORDS([ovnnat])
+
+CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
+ovn_start
+OVS_TRAFFIC_VSWITCHD_START()
+ADD_BR([br-int])
+
+# Set external-ids in br-int needed for ovn-controller
+ovs-vsctl \
+-- set Open_vSwitch . external-ids:system-id=hv1 \
+-- set Open_vSwitch . 
external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
+-- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
+-- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
+-- set bridge br-int fail-mode=secure other-config:disable-in-band=true
+
+# Start ovn-controller
+start_daemon ovn-controller
+
+# Logical network:
+# Two LRs - R1 and R2 that are connected to each other via LS "join"
+# in fd00::/64 network. R1 has switchess foo (fd11::/64) and
+# bar (fd12::/64) connected to it. R2 has alice (fd21::/64) connected
+# to it.  R2 is a gateway router on which we add NAT rules.
+#
+#foo -- R1 -- join - R2 -- alice
+#   |
+#bar 
+
+ovn-nbctl create Logical_Router name=R1
+ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
+
+ovn-nbctl ls-add foo
+ovn-nbctl ls-add bar
+ovn-nbctl ls-add alice
+ovn-nbctl ls-add join
+
+# Connect foo to R1
+ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 fd11::1/64
+ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
+type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
+
+# Connect bar to R1
+ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 fd12::1/64
+ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
+type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
+
+# Connect alice to R2
+ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 fd21::1/64
+ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
+type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
+
+# Connect R1 to join
+ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 fd00::1/64
+ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
+type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
+
+# Connect R2 to join
+ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 fd00::2/64
+ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
+type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
+
+# Static routes.
+ovn-nbctl lr-route-add R1 fd21::/64 fd00::2
+ovn-nbctl lr-route-add R2 fd11::/64 fd00::1
+ovn-nbctl lr-route-add R2 fd12::/64 fd00::1
+
+# Logical port 'foo1' in switch 'foo'.
+ADD_NAMESPACES(foo1)
+ADD_VETH(foo1, foo1, br-int, "fd11::2/64", "f0:00:00:01:02:03", \
+ "fd11::1")
+OVS_WAIT_UNTIL([test "$(ip netns exec foo1 ip a | grep fd11::2 | grep 
tentative)" = ""])
+ovn-nbctl lsp-add foo foo1 \
+-- lsp-set-addresses foo1 "f0:00:00:01:02:03 fd11::2"
+
+# Logical port 'alice1' in switch 'alice'.
+ADD_NAMESPACES(alice1)
+ADD_VETH(alice1, alice1, br-int, "fd21::2/64", "f0:00:00:01:02:04", \
+ "fd21::1")
+OVS_WAIT_UNTIL([test "$(ip netns exec alice1 ip a | grep fd21::2 | grep 
tentative)" = ""])
+ovn-nbctl lsp-add alice alice1 \
+-- lsp-set-addresses alice1 "f0:00:00:01:02:04 fd21::2"
+
+# Logical port 'bar1' in switch 'bar'.
+ADD_NAMESPACES(bar1)
+ADD_VETH(bar1, bar1, br-int, "fd12::2/64", "f0:00:00:01:02:05", \
+ "fd12::1")
+OVS_WAIT_UNTIL([test "$(ip netns exec bar1 ip a | grep fd12::2 | grep 
tentative)" = ""])
+ovn-nbctl lsp-add bar bar1 \
+-- lsp-set-addresses bar1 "f0:00:00:01:02:05 fd12::2"
+
+# Add a DNAT rule.
+ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=\"fd11::2\" \
+external_ip=\"fd30::2\" -- add logical_router R2 nat @nat
+
+# Add a SNAT rule
+ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=\"fd12::2\" \
+external_ip=\"fd30::1\" -- add logical_router R2 nat @nat
+
+# wait for ovn-controller to catch up.
+ovn-nbctl --wait=hv sync
+OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep 'nat(src=fd30::1)'])
+
+# 'alice1' should be able to ping 'foo1' directly.
+NS_CHECK_EXEC([alice1], [ping -6 -v -q -c 3 -i 0.3 -w 2 fd11::2 | 
FORMAT_PING], \
+[0], [dnl
+3 packets transmitted, 3 received, 0% packet loss,

[ovs-dev] [PATCH ovn 3/6] ovn-nbctl: Allow IPv6 NAT rules to be added

2019-10-29 Thread Russell Bryant 
Signed-off-by: Russell Bryant 
---
 tests/ovn-nbctl.at| 41 
 utilities/ovn-nbctl.c | 48 ---
 2 files changed, 68 insertions(+), 21 deletions(-)

diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index 01091dd99..43a980bdf 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -407,16 +407,16 @@ AT_CHECK([ovn-nbctl lr-nat-add lr0 snatt 30.0.0.2 
192.168.1.2], [1], [],
 [ovn-nbctl: snatt: type must be one of "dnat", "snat" and "dnat_and_snat".
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2a 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.2a: should be an IPv4 address.
+[ovn-nbctl: 30.0.0.2a: Not a valid IPv4 or IPv6 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0: should be an IPv4 address.
+[ovn-nbctl: 30.0.0: Not a valid IPv4 or IPv6 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2/24 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.2/24: should be an IPv4 address.
+[ovn-nbctl: 30.0.0.2/24: Not a valid IPv4 or IPv6 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2:80 192.168.1.2], [1], [],
-[ovn-nbctl: 30.0.0.2:80: should be an IPv4 address.
+[ovn-nbctl: 30.0.0.2:80: Not a valid IPv4 or IPv6 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2 192.168.1.2a], [1], [],
 [ovn-nbctl: 192.168.1.2a: should be an IPv4 address or network.
@@ -431,19 +431,19 @@ AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.2 
192.168.1.2/a], [1], [],
 [ovn-nbctl: 192.168.1.2/a: should be an IPv4 address or network.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1.2a], [1], [],
-[ovn-nbctl: 192.168.1.2a: should be an IPv4 address.
+[ovn-nbctl: 192.168.1.2a: Not a valid IPv4 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1], [1], [],
-[ovn-nbctl: 192.168.1: should be an IPv4 address.
+[ovn-nbctl: 192.168.1: Not a valid IPv4 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1.2:80], [1], [],
-[ovn-nbctl: 192.168.1.2:80: should be an IPv4 address.
+[ovn-nbctl: 192.168.1.2:80: Not a valid IPv4 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.2 192.168.1.2/24], [1], [],
-[ovn-nbctl: 192.168.1.2/24: should be an IPv4 address.
+[ovn-nbctl: 192.168.1.2/24: Not a valid IPv4 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.2/24], 
[1], [],
-[ovn-nbctl: 192.168.1.2/24: should be an IPv4 address.
+[ovn-nbctl: 192.168.1.2/24: Not a valid IPv4 address.
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.2 lp0], 
[1], [],
 [ovn-nbctl: lr-nat-add with logical_port must also specify external_mac.
@@ -465,15 +465,23 @@ AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 
192.168.1.2 lp0 00:00:
 
 dnl Add snat and dnat
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.1 192.168.1.0/24])
+AT_CHECK([ovn-nbctl lr-nat-add lr0 snat fd01::1 fd11::/64])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat 30.0.0.1 192.168.1.2])
+AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat fd01::1 fd11::2])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.1 192.168.1.2])
+AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat fd01::1 fd11::2])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3 lp0 
00:00:00:01:02:03])
+AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat fd01::2 fd11::3 lp0 
00:00:00:01:02:03])
 AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl
 TYPE EXTERNAL_IPLOGICAL_IPEXTERNAL_MAC 
LOGICAL_PORT
 dnat 30.0.0.1   192.168.1.2
+dnat fd01::1fd11::2
 dnat_and_snat30.0.0.1   192.168.1.2
 dnat_and_snat30.0.0.2   192.168.1.3   00:00:00:01:02:03
lp0
+dnat_and_snatfd01::1fd11::2
+dnat_and_snatfd01::2fd11::3   00:00:00:01:02:03
lp0
 snat 30.0.0.1   192.168.1.0/24
+snat fd01::1fd11::/64
 ])
 AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.1 192.168.1.0/24], [1], [],
 [ovn-nbctl: 30.0.0.1, 192.168.1.0/24: a NAT with this external_ip and 
logical_ip already exists
@@ -503,17 +511,26 @@ AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 
dnat_and_snat 30.0.0.2 192.168.1.
 AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl
 TYPE EXTERNAL_IPLOGICAL_IPEXTERNAL_MAC 
LOGICAL_PORT
 dnat 30.0.0.1   192.168.1.2
+dnat fd01::1fd11::2
 dnat_and_snat30.0.0.1   192.168.1.2
 dnat_and_snat30.0.0.2   192.168.1.3   00:00:00:04:05:06
lp0
+dnat_and_snatfd01::1fd11::2
+dnat_and_snatfd01::2fd11::3   00:00:00:01:02:03
lp0
 snat 30.0.0.1   192.168.1.0/24
+snat fd01::1fd11::/64
 ])
 AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat 30.0.0.2

[ovs-dev] [PATCH ovn 6/6] NEWS: Add IPv6 NAT support

2019-10-29 Thread Russell Bryant 
Signed-off-by: Russell Bryant 
---
 NEWS | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index 73045d65f..ab2f13318 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
+Post-OVS-v2.12.0
+-
+   - OVN was split out from the OVS repository and is now released
+ independently.
+   - Added IPv6 NAT support for OVN routers.
+
 Post-v2.11.0
 -
- DPDK:
-- 
2.21.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn 4/6] northd: Add lflows for IPv6 NAT.

2019-10-29 Thread Russell Bryant 
Signed-off-by: Russell Bryant 
---
 northd/ovn-northd.c | 376 
 1 file changed, 278 insertions(+), 98 deletions(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index ae81a6944..a10017ba1 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -66,6 +66,15 @@ struct northd_context {
 struct ovsdb_idl_index *sbrec_ip_mcast_by_dp;
 };
 
+/* An IPv4 or IPv6 address */
+struct v46_ip {
+int family;
+union {
+ovs_be32 ipv4;
+struct in6_addr ipv6;
+};
+};
+
 static const char *ovnnb_db;
 static const char *ovnsb_db;
 static const char *unixctl_path;
@@ -2273,6 +2282,15 @@ get_nat_addresses(const struct ovn_port *op, size_t *n)
 break;
 }
 }
+if (!is_router_ip) {
+for (size_t j = 0; j < op->lrp_networks.n_ipv6_addrs; j++) {
+if (!strcmp(nat->external_ip,
+op->lrp_networks.ipv6_addrs[j].addr_s)) {
+is_router_ip = true;
+break;
+}
+}
+}
 
 if (!is_router_ip) {
 ds_put_format(_addresses, " %s", nat->external_ip);
@@ -6031,9 +6049,28 @@ add_distributed_nat_routes(struct hmap *lflows, const 
struct ovn_port *op)
 continue;
 }
 
+/* Determine if we need to create IPv4 or IPv6 flows */
+ovs_be32 ip;
+struct in6_addr ipv6;
+int family = AF_INET;
+if (!ip_parse(nat->external_ip, ) || !ip) {
+family = AF_INET6;
+if (!ipv6_parse(nat->external_ip, )) {
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
+VLOG_WARN_RL(, "bad ip address %s in nat configuration "
+ "for router %s", nat->external_ip, op->key);
+/* We'll create IPv6 flows anyway, but the address
+ * is probably bogus ... */
+}
+}
+
 ds_put_format(, "inport == %s && "
-  "ip4.src == %s && ip4.dst == %s",
-   op->json_key, nat->logical_ip, nat->external_ip);
+  "ip%s.src == %s && ip%s.dst == %s",
+   op->json_key,
+   family == AF_INET ? "4" : "6",
+   nat->logical_ip,
+   family == AF_INET ? "4" : "6",
+   nat->external_ip);
 ds_put_format(, "outport = %s; eth.dst = %s; "
   REGBIT_DISTRIBUTED_NAT" = 1; "
   REGBIT_NAT_REDIRECT" = 0; next;",
@@ -6051,17 +6088,37 @@ add_distributed_nat_routes(struct hmap *lflows, const 
struct ovn_port *op)
 !nat2->external_mac || !nat2->external_ip)
 continue;
 
+family = AF_INET;
+if (!ip_parse(nat2->external_ip, ) || !ip) {
+family = AF_INET6;
+if (!ipv6_parse(nat2->external_ip, )) {
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 
1);
+VLOG_WARN_RL(, "bad ip address %s in nat configuration "
+ "for router %s", nat2->external_ip, op->key);
+/* We'll create IPv6 flows anyway, but the address
+ * is probably bogus ... */
+}
+}
+
 ds_put_format(, "inport == %s && "
-  "ip4.src == %s && ip4.dst == %s",
-  op->json_key, nat->logical_ip, nat2->external_ip);
+  "ip%s.src == %s && ip%s.dst == %s",
+  op->json_key,
+  family == AF_INET ? "4" : "6",
+  nat->logical_ip,
+  family == AF_INET ? "4" : "6",
+  nat2->external_ip);
 ds_put_format(, "outport = %s; "
   "eth.src = %s; eth.dst = %s; "
-  "reg0 = ip4.dst; reg1 = %s; "
+  "%sreg0 = ip%s.dst; %sreg1 = %s; "
   REGBIT_DISTRIBUTED_NAT" = 1; "
   REGBIT_NAT_REDIRECT" = 0; next;",
   op->od->l3dgw_port->json_key,
   op->od->l3dgw_port->lrp_networks.ea_s,
-  nat2->external_mac, nat->external_ip);
+  nat2->external_mac,
+

[ovs-dev] [PATCH ovn 1/6] northd: Fix table ID for IPv6 router ingress.

2019-10-29 Thread Russell Bryant 
I noticed that this table number was outdated.  This is now table 3.
There are a few other sections of code for this table that were all
correctly referencing table 3.

Signed-off-by: Russell Bryant 
---
 northd/ovn-northd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 194e4bf4a..ae81a6944 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -7064,7 +7064,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap 
*ports,
 free(snat_ips);
 }
 
-/* Logical router ingress table 1: IP Input for IPv6. */
+/* Logical router ingress table 3: IP Input for IPv6. */
 HMAP_FOR_EACH (op, key_node, ports) {
 if (!op->nbrp) {
 continue;
-- 
2.21.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn 2/6] actions: Add IPv6 support to lflow NAT actions

2019-10-29 Thread Russell Bryant 
Signed-off-by: Russell Bryant 
---
 include/ovn/actions.h |  6 +-
 lib/actions.c | 35 +++
 tests/ovn.at  | 18 --
 utilities/ovn-trace.c | 14 +-
 4 files changed, 53 insertions(+), 20 deletions(-)

diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index 4e2f4d28d..f4997e9c9 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -225,7 +225,11 @@ struct ovnact_ct_commit {
 /* OVNACT_CT_DNAT, OVNACT_CT_SNAT. */
 struct ovnact_ct_nat {
 struct ovnact ovnact;
-ovs_be32 ip;
+int family;
+union {
+struct in6_addr ipv6;
+ovs_be32 ipv4;
+};
 uint8_t ltable; /* Logical table ID of next table. */
 };
 
diff --git a/lib/actions.c b/lib/actions.c
index c8c9cc5fd..a999a4fda 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -755,11 +755,18 @@ parse_ct_nat(struct action_context *ctx, const char *name,
 
 if (lexer_match(ctx->lexer, LEX_T_LPAREN)) {
 if (ctx->lexer->token.type != LEX_T_INTEGER
-|| ctx->lexer->token.format != LEX_F_IPV4) {
-lexer_syntax_error(ctx->lexer, "expecting IPv4 address");
+|| (ctx->lexer->token.format != LEX_F_IPV4
+&& ctx->lexer->token.format != LEX_F_IPV6)) {
+lexer_syntax_error(ctx->lexer, "expecting IPv4 or IPv6 address");
 return;
 }
-cn->ip = ctx->lexer->token.value.ipv4;
+if (ctx->lexer->token.format == LEX_F_IPV4) {
+cn->family = AF_INET;
+cn->ipv4 = ctx->lexer->token.value.ipv4;
+} else if (ctx->lexer->token.format == LEX_F_IPV6) {
+cn->family = AF_INET6;
+cn->ipv6 = ctx->lexer->token.value.ipv6;
+}
 lexer_get(ctx->lexer);
 
 if (!lexer_force_match(ctx->lexer, LEX_T_RPAREN)) {
@@ -784,8 +791,12 @@ static void
 format_ct_nat(const struct ovnact_ct_nat *cn, const char *name, struct ds *s)
 {
 ds_put_cstr(s, name);
-if (cn->ip) {
-ds_put_format(s, "("IP_FMT")", IP_ARGS(cn->ip));
+if (cn->family == AF_INET) {
+ds_put_format(s, "("IP_FMT")", IP_ARGS(cn->ipv4));
+} else if (cn->family == AF_INET6) {
+ds_put_char(s, '(');
+ipv6_format_addr(>ipv6, s);
+ds_put_char(s, ')');
 }
 ds_put_char(s, ';');
 }
@@ -831,9 +842,17 @@ encode_ct_nat(const struct ovnact_ct_nat *cn,
 nat->flags = 0;
 nat->range_af = AF_UNSPEC;
 
-if (cn->ip) {
+if (cn->family == AF_INET) {
 nat->range_af = AF_INET;
-nat->range.addr.ipv4.min = cn->ip;
+nat->range.addr.ipv4.min = cn->ipv4;
+if (snat) {
+nat->flags |= NX_NAT_F_SRC;
+} else {
+nat->flags |= NX_NAT_F_DST;
+}
+} else if (cn->family == AF_INET6) {
+nat->range_af = AF_INET6;
+nat->range.addr.ipv6.min = cn->ipv6;
 if (snat) {
 nat->flags |= NX_NAT_F_SRC;
 } else {
@@ -843,7 +862,7 @@ encode_ct_nat(const struct ovnact_ct_nat *cn,
 
 ofpacts->header = ofpbuf_push_uninit(ofpacts, nat_offset);
 ct = ofpacts->header;
-if (cn->ip) {
+if (cn->family == AF_INET || cn->family == AF_INET6) {
 ct->flags |= NX_CT_F_COMMIT;
 }
 ofpact_finish(ofpacts, >ofpact);
diff --git a/tests/ovn.at b/tests/ovn.at
index 9f06059fa..d78689d86 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -1043,15 +1043,18 @@ ct_dnat;
 ct_dnat(192.168.1.2);
 encodes as 
ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2))
 has prereqs ip
+ct_dnat(fd11::2);
+encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=fd11::2))
+has prereqs ip
 
 ct_dnat(192.168.1.2, 192.168.1.3);
 Syntax error at `,' expecting `)'.
 ct_dnat(foo);
-Syntax error at `foo' expecting IPv4 address.
+Syntax error at `foo' expecting IPv4 or IPv6 address.
 ct_dnat(foo, bar);
-Syntax error at `foo' expecting IPv4 address.
+Syntax error at `foo' expecting IPv4 or IPv6 address.
 ct_dnat();
-Syntax error at `)' expecting IPv4 address.
+Syntax error at `)' expecting IPv4 or IPv6 address.
 
 # ct_snat
 ct_snat;
@@ -1060,15 +1063,18 @@ ct_snat;
 ct_snat(192.168.1.2);
 encodes as 
ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2))
 has prereqs ip
+ct_snat(fd11::2);
+encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=fd11::2))
+has prereqs ip
 
 ct_snat(192.168.1.2, 192.168.1.3);
 Syntax error at `,' expecting `)'.
 ct_snat(foo);
-Syntax error at `foo' expecting IPv4 address.
+Syntax error at `foo' expecting IPv4 or IPv6 address.
 ct_snat(foo, bar);
-Syntax error at `foo' expecting IPv4 address.
+Syntax error at `foo' expecting

[ovs-dev] [PATCH ovn 0/6] Add IPv6 NAT support

2019-10-29 Thread Russell Bryant 
This came up with reviewing the usage of ovn-kubernetes with IPv6.
It's more straight forward to start with using IPv6 NAT, matching the
IPv4 network topology with Kubernetes.  Eventually, we'd want to allow
routable IPv6 addresses everywhere, but this gives us the option of
using NAT where it's helpful.

[PATCH 1/6] northd: Fix table ID for IPv6 router ingress.
[PATCH 2/6] actions: Add IPv6 support to lflow NAT actions
[PATCH 3/6] ovn-nbctl: Allow IPv6 NAT rules to be added
[PATCH 4/6] northd: Add lflows for IPv6 NAT.
[PATCH 5/6] system-ovn: Add IPv6 NAT test cases
[PATCH 6/6] NEWS: Add IPv6 NAT support

 NEWS  |6 
 include/ovn/actions.h |6 
 lib/actions.c |   35 +-
 northd/ovn-northd.c   |  378 -
 tests/ovn-nbctl.at|   41 +-
 tests/ovn.at  |   18 -
 tests/system-ovn.at   |  862 +-
 utilities/ovn-nbctl.c |   48 ++
 utilities/ovn-trace.c |   14 
 9 files changed, 1266 insertions(+), 142 deletions(-)

--
Russell Bryant

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] Fix system-ovn test failures

2019-10-29 Thread Russell Bryant 
Thanks, I just hit this and the patch fixes it for me.

Acked-by: Russell Bryant 

On Tue, Oct 29, 2019 at 9:56 AM Han Zhou  wrote:
>
> Acked-by: hz...@ovn.org
>
> On Tue, Oct 29, 2019 at 5:26 AM  wrote:
>
> > From: Numan Siddique 
> >
> > The commit b740928656a1("testsuite: Use ovn-macros instead of
> > ofproto-macros.")
> > missed updating the system test suite files to include ovn-macros.at. This
> > patch adds it.
> >
> > CC: Han Zhou 
> > Signed-off-by: Numan Siddique 
> > ---
> >  tests/system-kmod-testsuite.at  | 1 +
> >  tests/system-userspace-testsuite.at | 1 +
> >  2 files changed, 2 insertions(+)
> >
> > diff --git a/tests/system-kmod-testsuite.at b/tests/
> > system-kmod-testsuite.at
> > index 6c8478093..2ccd9f1ce 100644
> > --- a/tests/system-kmod-testsuite.at
> > +++ b/tests/system-kmod-testsuite.at
> > @@ -19,6 +19,7 @@ m4_ifdef([AT_COLOR_TESTS], [AT_COLOR_TESTS])
> >  m4_include([tests/ovs-macros.at])
> >  m4_include([tests/ovsdb-macros.at])
> >  m4_include([tests/ofproto-macros.at])
> > +m4_include([tests/ovn-macros.at])
> >  m4_include([tests/system-common-macros.at])
> >  m4_include([tests/system-kmod-macros.at])
> >
> > diff --git a/tests/system-userspace-testsuite.at b/tests/
> > system-userspace-testsuite.at
> > index 784eedd2c..4022ae620 100644
> > --- a/tests/system-userspace-testsuite.at
> > +++ b/tests/system-userspace-testsuite.at
> > @@ -19,6 +19,7 @@ m4_ifdef([AT_COLOR_TESTS], [AT_COLOR_TESTS])
> >  m4_include([tests/ovs-macros.at])
> >  m4_include([tests/ovsdb-macros.at])
> >  m4_include([tests/ofproto-macros.at])
> > +m4_include([tests/ovn-macros.at])
> >  m4_include([tests/system-userspace-macros.at])
> >  m4_include([tests/system-common-macros.at])
> >
> > --
> > 2.21.0
> >
> >
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] controller: Downgrade a warning log message

2019-10-25 Thread Russell Bryant 
On Fri, Oct 25, 2019 at 10:17 AM Numan Siddique  wrote:
>
>
>
> On Fri, Oct 25, 2019 at 7:07 PM Russell Bryant  wrote:
>>
>> This log message was introduced in commit 5344f24ecb.  It gets hit
>> under normal circumstances, so it would be better as a debug message
>> instead of a warning.  I also expanded it to clarify that the next
>> step will be to create the chassis record.
>>
>> This was found by trying to run the system-ovn.at tests, and they
>> failed because of these unexpected warning log messages.
>>
>> Signed-off-by: Russell Bryant 
>
>
> Acked-by: Numan Siddique 

Thanks!  I've applied this to master.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] controller: Downgrade a warning log message

2019-10-25 Thread Russell Bryant 
This log message was introduced in commit 5344f24ecb.  It gets hit
under normal circumstances, so it would be better as a debug message
instead of a warning.  I also expanded it to clarify that the next
step will be to create the chassis record.

This was found by trying to run the system-ovn.at tests, and they
failed because of these unexpected warning log messages.

Signed-off-by: Russell Bryant 
---
 controller/chassis.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/controller/chassis.c b/controller/chassis.c
index 699b66281..978273e19 100644
--- a/controller/chassis.c
+++ b/controller/chassis.c
@@ -484,8 +484,9 @@ chassis_get_record(struct ovsdb_idl_txn *ovnsb_idl_txn,
 chassis_rec = chassis_lookup_by_name(sbrec_chassis_by_name,
  chassis_info_id(_state));
 if (!chassis_rec) {
-VLOG_WARN("Could not find Chassis : stored (%s) ovs (%s)",
-  chassis_info_id(_state), chassis_id);
+VLOG_DBG("Could not find Chassis, will create it"
+ ": stored (%s) ovs (%s)",
+ chassis_info_id(_state), chassis_id);
 if (ovnsb_idl_txn) {
 /* Recreate the chassis record.  */
 chassis_rec = sbrec_chassis_insert(ovnsb_idl_txn);
-- 
2.21.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] tests/system-ovn: Ignore some ovn-controller warnings

2019-10-25 Thread Russell Bryant 
On Thu, Oct 24, 2019 at 10:56 PM Numan Siddique  wrote:
>
>
>
> On Fri, Oct 25, 2019, 7:59 AM Numan Siddique  wrote:
>>
>>
>>
>> On Fri, Oct 25, 2019, 6:56 AM Russell Bryant  wrote:
>>>
>>> This log message was introduced in commit 5344f24ecb.  It may be more
>>> appropriate as a deubg message, but as a warning, it breaks this test suite.
>>> Filtering it out of the logs gets these tests passing for me.
>>>
>>> A sample of the messages encountered in a test run are:
>>>
>>> 2019-10-25T01:06:53.026Z|00010|chassis|WARN|Could not find Chassis : stored 
>>> (hv1) ovs (hv1)
>>> 2019-10-25T01:06:53.026Z|00011|chassis|WARN|Could not find Chassis : stored 
>>> (hv1) ovs (hv1)
>>> 2019-10-25T01:06:53.026Z|00013|chassis|WARN|Could not find Chassis : stored 
>>> (hv1) ovs (hv1)
>>> 2019-10-25T01:06:53.026Z|00014|chassis|WARN|Could not find Chassis : stored 
>>> (hv1) ovs (hv1)
>>
>>
>> Hi Russell,
>>
>> Could you please provide the signed off tag
>
>
> Acked-by: Numan Siddique 
>
> Forgot that  will take care of the tag while committing.

Thanks for the review!  Sorry I didn't see that you had submitted the
same patch earlier.

I think I'm not going to apply this though in favor of just removing
this log message, since I don't think it's really helpful, at least as
a warning.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] tests/system-ovn: Ignore some ovn-controller warnings

2019-10-24 Thread Russell Bryant 
This log message was introduced in commit 5344f24ecb.  It may be more
appropriate as a deubg message, but as a warning, it breaks this test suite.
Filtering it out of the logs gets these tests passing for me.

A sample of the messages encountered in a test run are:

2019-10-25T01:06:53.026Z|00010|chassis|WARN|Could not find Chassis : stored 
(hv1) ovs (hv1)
2019-10-25T01:06:53.026Z|00011|chassis|WARN|Could not find Chassis : stored 
(hv1) ovs (hv1)
2019-10-25T01:06:53.026Z|00013|chassis|WARN|Could not find Chassis : stored 
(hv1) ovs (hv1)
2019-10-25T01:06:53.026Z|00014|chassis|WARN|Could not find Chassis : stored 
(hv1) ovs (hv1)
---
 tests/system-ovn.at | 33 ++---
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index f88ad31e4..d6ec19bab 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -173,7 +173,8 @@ OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
 OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
+/connection dropped.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
 
 AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, easy SNAT])
@@ -283,7 +284,8 @@ OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
 OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
+/connection dropped.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
 
 AT_SETUP([ovn -- multiple gateway routers, SNAT and DNAT])
@@ -503,7 +505,8 @@ OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
 OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
+/connection dropped.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
 
 AT_SETUP([ovn -- load-balancing])
@@ -650,7 +653,8 @@ as northd
 OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
-OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"])
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
 
 AT_SETUP([ovn -- load-balancing - same subnet.])
@@ -757,7 +761,8 @@ as northd
 OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
-OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"])
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
 
 AT_SETUP([ovn -- load balancing in gateway router])
@@ -908,7 +913,8 @@ OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
 OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
+/connection dropped.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
 
 AT_SETUP([ovn -- multiple gateway routers, load-balancing])
@@ -1077,7 +1083,8 @@ OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
 OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
+/connection dropped.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
 
 AT_SETUP([ovn -- load balancing in router with gateway router port])
@@ -1218,7 +1225,8 @@ OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
 OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
+/connection dropped.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
 
 AT_SETUP([ovn -- DNAT and SNAT on distributed router - N/S])
@@ -1367,7 +1375,8 @@ OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
 OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
+/connection dropped.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
 
 AT_SETUP([ovn -- DNAT and SNAT on distributed router - E/W])
@@ -1544,7 +1553,8 @@ OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
 OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
+/connection dropped.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
 
 AT_SETUP([ovn -- 2 LSs IGMP])
@@ -1663,5 +1673,6 @@ OVS_APP_EXIT_AND_WAIT([ovn-northd])
 
 as
 OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
-/connection dropped.*/d"])
+/connection dropped.*/d
+/Could not find Chassis.*/d"])
 AT_CLEANUP
-- 
2.21.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH ovn] Fix the compilation failures

2019-09-23 Thread Russell Bryant 
Sorry.

Acked-by: Russell Bryant 

> On Sep 23, 2019, at 4:20 PM, nusid...@redhat.com wrote:
>
> From: Numan Siddique 
>
> Below compilation errors are seen:
>
> - make[1]: *** No rule to make target 'Documentation/internals/charter.rst', 
> needed by 'all-am'.  Stop.
>
> - Warning, treated as error:
> ../MAINTAINERS.rst:63:Insufficient data supplied (1 row(s)); no data 
> remaining for table body, required by "list-table" directive.
>
> Fixes: 0ba67050dcb3("Remove the OVS charter.")
> Fixes: 311b1a31ceb5(Acknowledge that OVN committers are a new group.)
> CC: Russell Bryant 
> Signed-off-by: Numan Siddique 
> ---
> Documentation/automake.mk | 1 -
> Documentation/index.rst   | 3 +--
> Documentation/internals/index.rst | 1 -
> MAINTAINERS.rst   | 2 +-
> 4 files changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/Documentation/automake.mk b/Documentation/automake.mk
> index f7e1d2628..ff376fd83 100644
> --- a/Documentation/automake.mk
> +++ b/Documentation/automake.mk
> @@ -39,7 +39,6 @@ DOC_SOURCE = \
>Documentation/internals/index.rst \
>Documentation/internals/authors.rst \
>Documentation/internals/bugs.rst \
> -Documentation/internals/charter.rst \
>Documentation/internals/committer-emeritus-status.rst \
>Documentation/internals/committer-grant-revocation.rst \
>Documentation/internals/committer-responsibilities.rst \
> diff --git a/Documentation/index.rst b/Documentation/index.rst
> index de4c45857..290c0abdd 100644
> --- a/Documentation/index.rst
> +++ b/Documentation/index.rst
> @@ -85,8 +85,7 @@ Learn more about the Open vSwitch project and about how you 
> can contribute:
>   :doc:`internals/contributing/coding-style` |
>   :doc:`internals/contributing/coding-style-windows`
>
> -- **Maintaining:** :doc:`internals/charter` |
> -  :doc:`internals/maintainers` |
> +- **Maintaining:** :doc:`internals/maintainers` |
>   :doc:`internals/committer-responsibilities` |
>   :doc:`internals/committer-grant-revocation` |
>   :doc:`internals/committer-emeritus-status`
> diff --git a/Documentation/internals/index.rst 
> b/Documentation/internals/index.rst
> index 1da7501e2..cf54d74b3 100644
> --- a/Documentation/internals/index.rst
> +++ b/Documentation/internals/index.rst
> @@ -39,7 +39,6 @@ itself and how they might involved.
>release-process
>bugs
>security
> -   charter
>committer-emeritus-status
>committer-responsibilities
>committer-grant-revocation
> diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
> index f2c3e3ecd..59ad1ea57 100644
> --- a/MAINTAINERS.rst
> +++ b/MAINTAINERS.rst
> @@ -61,7 +61,7 @@ More information about Emeritus Committers can be found
> `here `__.
>
> .. list-table:: OVS Emeritus Maintainers
> -   :header-rows: 1
> +   :header-rows: 0
>
>* - Name
>  - Email
> --
> 2.21.0
>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 3/3] Acknowledge that OVN committers are a new group.

2019-09-20 Thread Russell Bryant 
The MAINTAINRES.rst and related files still discussed the OVS
committers group.  Since OVN was split out into its own repository,
the group of people with commit rights to OVN is different, and has
evolved to include a couple of people that were not previously OVS
committers.

This change aims to further formalize the creation of a separate group
of OVN committers.  It includes the OVS committers that made the most
changes to OVN in the past, as well as those who have already been
granted commit rights to OVN.

This change proposes that the new OVN committers group continues to
follow the exact same policies and procedures as the OVS committers
group, and simply updates the project name in those documents.

Signed-off-by: Russell Bryant 
---
 AUTHORS.rst   |  8 ++--
 .../internals/committer-emeritus-status.rst   | 10 ++---
 .../internals/committer-grant-revocation.rst  | 24 +--
 .../internals/committer-responsibilities.rst  |  6 +--
 MAINTAINERS.rst   | 40 ---
 5 files changed, 33 insertions(+), 55 deletions(-)

diff --git a/AUTHORS.rst b/AUTHORS.rst
index 4ebc3e03d..5c693a5ae 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -25,8 +25,10 @@
 Authors
 ===
 
-The following people authored or signed off on commits in the Open
-vSwitch source code or webpage version control repository.
+The following people authored or signed off on commits in the OVN
+source code or webpage version control repository.  Since OVN originated in the
+Open vSwitch git repository, this list also includes all of the names in the
+AUTHORS file at the time OVN was split out from OVS.
 
 == 
===
 Name   Email
@@ -651,5 +653,5 @@ weizj   34965...@qq.com
 张强zhangqi...@meizu.com
 === ===
 
-Thanks to all Open vSwitch contributors.  If you are not listed above
+Thanks to all Open vSwitch and OVN contributors.  If you are not listed above
 but believe that you should be, please write to d...@openvswitch.org.
diff --git a/Documentation/internals/committer-emeritus-status.rst 
b/Documentation/internals/committer-emeritus-status.rst
index 9e4fdab21..6711b105b 100644
--- a/Documentation/internals/committer-emeritus-status.rst
+++ b/Documentation/internals/committer-emeritus-status.rst
@@ -22,14 +22,14 @@
   Avoid deeper levels because they do not render well.
 
 ==
-Emeritus Status for OVS Committers
+Emeritus Status for OVN Committers
 ==
 
-OVS committers are nominated and elected based on their impact on the Open
-vSwitch project.  Over time, as committers' responsibilities change, some may
+OVN committers are nominated and elected based on their impact on the OVN
+project.  Over time, as committers' responsibilities change, some may
 become unable or uninterested in actively participating in project governance.
 Committer "emeritus" status provides a way for committers to take a leave of
-absence from OVS governance responsibilities.  The following guidelines clarify
+absence from OVN governance responsibilities.  The following guidelines clarify
 the process around the emeritus status for committers:
 
 * A committer may choose to transition from active to emeritus, or from
@@ -47,7 +47,7 @@ the process around the emeritus status for committers:
 * Emeritus committers do not nominate or vote in committer elections.  From a
   governance perspective, they are equivalent to a non-committer.
 
-* Emeritus committers cannot merge patches to the OVS repository.
+* Emeritus committers cannot merge patches to the OVN repository.
 
 * Emeritus committers will be listed in a separate section in the
   MAINTAINERS.rst file to continue to recognize their contributions to the
diff --git a/Documentation/internals/committer-grant-revocation.rst 
b/Documentation/internals/committer-grant-revocation.rst
index 6d5344405..49c7769b8 100644
--- a/Documentation/internals/committer-grant-revocation.rst
+++ b/Documentation/internals/committer-grant-revocation.rst
@@ -22,13 +22,13 @@
   Avoid deeper levels because they do not render well.
 
 =
-OVS Committer Grant/Revocation Policy
+OVN Committer Grant/Revocation Policy
 =
 
-An OVS committer is a participant in the project with the ability to commit
+An OVN committer is a participant in the project with the ability to commit
 code directly to the master repository. Commit access grants a broad ability to
 affect the progress of the project as presented by its most important artifact,
-the code and related resources that produce working binaries of Open vSwitch.
+the code and related resources that produce working binaries of OVN
 As such it

[ovs-dev] [PATCH 1/3] Update project name in RST file headers.

2019-09-20 Thread Russell Bryant 
All of the RST files referred to "Open vSwitch documentation".  Do a
big search and replace to change this to "OVN documentation" since OVN
is now in its own repository.

I started doing this by hand in a handful of files as I modified them.
I figured I'd just do an automated bulk pass at it instead.  I realize
that many of the files touched may not be relevant anymore, but the
change seems harmless enough.

Signed-off-by: Russell Bryant 
---
 AUTHORS.rst | 2 +-
 CONTRIBUTING.rst| 2 +-
 Documentation/contents.rst  | 2 +-
 Documentation/faq/contributing.rst  | 2 +-
 Documentation/faq/general.rst   | 2 +-
 Documentation/faq/index.rst | 2 +-
 Documentation/howto/docker.rst  | 2 +-
 Documentation/howto/firewalld.rst   | 2 +-
 Documentation/howto/index.rst   | 2 +-
 Documentation/howto/ipsec.rst   | 2 +-
 Documentation/howto/openstack-containers.rst| 2 +-
 Documentation/howto/ssl.rst | 2 +-
 Documentation/index.rst | 2 +-
 Documentation/internals/authors.rst | 2 +-
 Documentation/internals/bugs.rst| 2 +-
 Documentation/internals/committer-emeritus-status.rst   | 2 +-
 Documentation/internals/committer-grant-revocation.rst  | 2 +-
 Documentation/internals/committer-responsibilities.rst  | 2 +-
 Documentation/internals/contributing/backporting-patches.rst| 2 +-
 Documentation/internals/contributing/coding-style-windows.rst   | 2 +-
 Documentation/internals/contributing/coding-style.rst   | 2 +-
 Documentation/internals/contributing/documentation-style.rst| 2 +-
 Documentation/internals/contributing/index.rst  | 2 +-
 Documentation/internals/contributing/libopenvswitch-abi.rst | 2 +-
 Documentation/internals/contributing/submitting-patches.rst | 2 +-
 Documentation/internals/documentation.rst   | 2 +-
 Documentation/internals/index.rst   | 2 +-
 Documentation/internals/mailing-lists.rst   | 2 +-
 Documentation/internals/maintainers.rst | 2 +-
 Documentation/internals/patchwork.rst   | 2 +-
 Documentation/internals/release-process.rst | 2 +-
 Documentation/internals/security.rst| 2 +-
 Documentation/intro/index.rst   | 2 +-
 Documentation/intro/install/debian.rst  | 2 +-
 Documentation/intro/install/distributions.rst   | 2 +-
 Documentation/intro/install/documentation.rst   | 2 +-
 Documentation/intro/install/fedora.rst  | 2 +-
 Documentation/intro/install/general.rst | 2 +-
 Documentation/intro/install/index.rst   | 2 +-
 Documentation/intro/install/ovn-upgrades.rst| 2 +-
 Documentation/intro/install/rhel.rst| 2 +-
 Documentation/intro/install/windows.rst | 2 +-
 Documentation/ref/index.rst | 2 +-
 Documentation/ref/ovsdb-server.7.rst| 2 +-
 Documentation/ref/ovsdb.5.rst   | 2 +-
 Documentation/ref/ovsdb.7.rst   | 2 +-
 Documentation/topics/high-availability.rst  | 2 +-
 Documentation/topics/index.rst  | 2 +-
 Documentation/topics/integration.rst| 2 +-
 Documentation/topics/ovn-news-2.8.rst   | 2 +-
 Documentation/topics/role-based-access-control.rst  | 2 +-
 Documentation/topics/testing.rst| 2 +-
 Documentation/tutorials/index.rst   | 2 +-
 Documentation/tutorials/ovn-ipsec.rst   | 2 +-
 Documentation/tutorials/ovn-openstack.rst   | 2 +-
 Documentation/tutorials/ovn-rbac.rst| 2 +-
 Documentation/tutorials/ovn-sandbox.rst | 2 +-
 MAINTAINERS.rst | 2 +-
 TODO.rst| 2 +-
 TODO_SPLIT.rst  | 2 +-
 ovs/AUTHORS.rst | 2 +-
 ovs/CONTRIBUTING.rst| 2 +-
 ovs/Documentation/contents.rst

[ovs-dev] [PATCH 2/3] Remove the OVS charter.

2019-09-20 Thread Russell Bryant 
Since OVN has been split out from OVS and is now hosted under its own,
independent github org, the OVS project charter is no longer
applicable.  Formal governance under the LF or something similar would
be set up separately from OVS.

Signed-off-by: Russell Bryant 
---
 Documentation/internals/charter.rst | 204 
 1 file changed, 204 deletions(-)
 delete mode 100644 Documentation/internals/charter.rst

diff --git a/Documentation/internals/charter.rst 
b/Documentation/internals/charter.rst
deleted file mode 100644
index f8e06e47f..0
--- a/Documentation/internals/charter.rst
+++ /dev/null
@@ -1,204 +0,0 @@
-The Linux Foundation Open vSwitch Project Charter
-=
-
-Effective August 9, 2016
-
-1. Mission of Open vSwitch Project (“OVS”).
-
-   The mission of OVS is to:
-
-   a. create an open source, production quality virtual networking
-  platform, including a software switch, control plane, and
-  related components, that supports standard management interfaces
-  and opens the forwarding functions to programmatic extension and
-  control; and
-
-   b. host the infrastructure for an OVS community, establishing a
-  neutral home for community assets, infrastructure, meetings,
-  events and collaborative discussions.
-
-2. Technical Steering Committee (“TSC”)
-
-   a. A TSC shall be composed of the Committers for OVS. The list of Committers
-  on the TSC are available at :doc:`/internals/maintainers`.
-
-   b. TSC projects generally will involve Committers and Contributors:
-
-  i. Contributors: anyone in the technical community that
- contributes code, documentation or other technical artifacts
- to the OVS codebase.
-
-  ii. Committers: Contributors who have the ability to commit
-  directly to a project’s main branch or repository on an OVS
-  project.
-
-   c. Participation in as a Contributor and/or Committer is open to
-  anyone under the terms of this Charter.  The TSC may:
-
-  i. establish work flows and procedures for the submission,
- approval and closure or archiving of projects,
-
-  ii. establish criteria and processes for the promotion of Contributors to
-  Committer status, available at
-  :doc:`/internals/committer-grant-revocation`. and
-
-  iii. amend, adjust and refine the roles of Contributors and Committers
-   listed in Section 2.b., create new roles and publicly document
-   responsibilities and expectations for such roles, as it sees fit,
-   available at :doc:`/internals/committer-responsibilities`.
-
-   d. Responsibilities: The TSC is responsible for overseeing OVS
-  activities and making decisions that impact the mission of OVS,
-  including:
-
-  i. coordinating the technical direction of OVS;
-
-  ii. approving project proposals (including, but not limited to,
-  incubation, deprecation and changes to a project’s charter
-  or scope);
-
-  iii. creating sub-committees or working groups to focus on
-   cross-project technical issues and requirements;
-
-  iv. communicating with external and industry organizations
-  concerning OVS technical matters;
-
-  v. appointing representatives to work with other open source or
- standards communities;
-
-  vi. establishing community norms, workflows or policies including
-  processes for contributing (available at
-  :doc:`/internals/contributing/index`), issuing releases, and security
-  issue reporting policies;
-
-  vii. discussing, seeking consensus, and where necessary, voting
-   on technical matters relating to the code base that affect
-   multiple projects; and
-
-  viii. coordinate any marketing, events or communications with
-The Linux Foundation.
-
-3. TSC Voting
-
-   a. While it is the goal of OVS to operate as a consensus based
-  community, if any TSC decision requires a vote to move forward,
-  the Committers shall vote on a one vote per Committer basis.
-
-   b. TSC votes should be conducted by email. In the case of a TSC
-  meeting where a valid vote is taken, the details of the vote and
-  any discussion should be subsequently documented for the
-  community (e.g. to the appropriate email mailing list).
-
-   c. Quorum for TSC meetings shall require two-thirds of the TSC
-  representatives. The TSC may continue to meet if quorum is not
-  met, but shall be prevented from making any decisions requiring
-  a vote at the meeting.
-
-   d. Except as provided in Section 8.d. and 9.a., decisions by
-  electronic vote (e.g. email) shall require a majority of all
-  voting TSC representatives.  Decisions by electronic vote shall
-  be made timely, and unless specified otherwise, within three (3)
-  business days. Except as provided

Re: [ovs-dev] [RFC v2] Document process for compatibility between OVS and OVN.

2019-09-10 Thread Russell Bryant 
t yet determined a release schedule, but it is entirely possible that 
> it
> +will be different from OVS. Eventually, this will lead to a situation where 
> it
> +is very important that we publish which versions of OVN are compatible with
> +which versions of OVS. When incompatibilities are discovered, it is 
> important to
> +ensure that these are clearly stated.
> +
> +The split of OVS and OVN happened in the run-up to the release of OVS 2.12. 
> As a
> +result, all versions of OVN *must* be compiled against OVS version 2.12 or
> +later. Before going further into compatibility, let's explore the ways that 
> OVN
> +and OVS can become incompatible.
> +
> +Compile-time Incompatibility
> +
> +
> +The first way that the projects can become incompatible is if the C code for 
> OVN
> +no longer can compile.
> +
> +The most likely case for this would be that an OVN change requires a parallel
> +change to OVS. Those keeping up to date with OVN but not OVS will find that 
> OVN
> +will no longer compile since it refers to a nonexistent function or out of 
> date
> +function in OVS.
> +
> +Most OVN users will consume OVN via package from their distribution of 
> choice.
> +OVN consumes libopenvswitch statically, so even if the version of OVS 
> installed
> +on a user's machine is incompatible at compile time, it will not matter.
> +
> +OVN developers are the only ones that would be inconvenienced by a 
> compile-time
> +incompatibility. OVN developers will be expected to regularly update the 
> version
> +of OVS they are using. If an OVN developer notices that OVN is not compiling,
> +then they should update their OVS code to the latest and try again.
> +
> +Developers who are making changes to both OVS and OVN at the same time *must*
> +contribute the OVS change first and ensure it is merged upstream before
> +submitting the OVN change. This way, OVN should never be in a state where it
> +will not compile.
> +
> +When compiling older releases of OVN, it should be able to compile against 
> newer
> +versions of OVS due to API and ABI guarantees in OVS's libaries.
> +
> +Runtime Incompatibility
> +---
> +
> +The next way that the projects may become incompatible is at runtime. The 
> most
> +common way this would happen is if new OpenFlow capabilities are added to 
> OVS as
> +part of an OVN change. In this case, if someone updates OVN but does not also
> +updage OVS, then OVN will not be able to install the OpenFlow rules it wishes

typo: s/updage/update/

> +to.
> +
> +Unlike with compile-time incompatibilities, we can't wallpaper over the fact
> +that the OVS installation is not up to date. The best we can do is make it 
> very
> +clear at runtime that a certain feature is not present, and if the feature is
> +desired, OVS must be upgraded.
> +
> +The following is the process that OVN developers should use when making a
> +runtime compatibility change to OVS and OVN.
> +
> +1. Submit the change to OVS first. See the change through until it is merged.
> +2. Make the necessary changes to OVN.
> +
> +  a. At startup, probe OVS for the existence of the OpenFlow addition. If it
> + is not present, then output an informational message that explains which
> + OVN feature(s) cannot be used.

Where will the message be output - the ovn-controller log?

> +  b. If a user attempts to explicitly configure the feature that is not 
> usable
> + due to the incompatibility, then output a warning message.

make it clear where those would be seen - log file(s)?

> +  c. Ensure that the code that installs the OpenFlow will only do so if the 
> new
> + feature is present.
> +
> +Compatibility Statement
> +---
> +
> +Given the above, the OVN team will try its hardest to maintain any released
> +version of OVN with any released version of OVS after version 2.12. Versions 
> of
> +OVS prior to 2.12 are not guaranteed to run properly since OVN does not have
> +appropriate OpenFlow feature probes in place.
> +
> +It may seem prudent to only guarantee compatibility with certain releases of
> +OVS (e.g. the current and previous versions of OVS). However, dropping
> +compatibility would involve actively removing code that ensures runtime 
> safety.
> +It seems unwise to do so.
> +
> +This, however, is a "best effort" policy. The OVN project reserves the right 
> to
> +withdraw compatibility support with a previous OVS version, for reasons such 
> as:
> +
> +- Security risks.
> +- Earthshatteringly large changes in OVS (e.g. no longer using OpenFlow or 
> the
> +  OVSDB).
> +- Difficulty in safely maintaining compatibility across versions.
> +
> +In the event that compatibility for a certain version or versions of OVS is
> +dropped, the OVN project will clearly document it.

I like this position as a starting point, not limiting compatibility
until you hit a good reason to.  You could consider adding a statement
about what's tested vs. theoretically supported.

Acked-by: Russell Bryant 
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] s/rhel/rpm/?

2018-08-13 Thread Russell Bryant 
On Mon, Aug 13, 2018 at 12:01 PM Ben Pfaff  wrote:

> On Mon, Aug 13, 2018 at 10:33:59AM -0400, Russell Bryant wrote:
> > On Wed, Aug 8, 2018 at 6:16 PM Ben Pfaff  wrote:
> >
> > > On Thu, Aug 09, 2018 at 12:29:20AM +0300, Markos Chandras wrote:
> > > > On 08/08/2018 09:01 PM, Ben Pfaff wrote:
> > > > > [asking some random SuSE and Red Hat people]
> > > > >
> > > > > It had somehow slipped past my notice before that the spec files we
> > > have
> > > > > are useful for SuSE as well as Red Hat.  Should we make the
> directory
> > > or
> > > > > file names more generic?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Ben.
> > > > >
> > > > Hello Ben,
> > > >
> > > > The SUSE spec file[1] mostly matches the rhel/
> openvswitch-fedora.spec.in
> > > > one from the OvS tree, but because of the different packaging
> policies
> > > > between the two distributions, we need to adapt it a little bit. Our
> > > > spec file is also adapted to build on RHEL and SUSE (note all the %if
> > > > 0%{?suse_version} blocks there).
> > > >
> > > > The rhel/ directory currently has quite a few spec files and most of
> > > > them only make sense for RHEL. I can perhaps commit the spec file
> from
> > > > [1] as openvswitch-suse.spec.in and then we can rename the
> directory to
> > > > 'rpm' since it would then hold spec files for multiple distros. Would
> > > > that work?
> > >
> > > OK, I misunderstood.  I had the mistaken idea from one of your messages
> > > that SuSE was using the same specs file as Fedora, verbatim.
> > >
> > > Personally, I'd rather move all the distro packaging out of OVS,
> because
> > > distro packagers are good at packaging and OVS developers generally
> > > aren't.  So, unless it would actually make your job easier, let's keep
> > > things as is.
> > >
> >
> > I would agree that moving it all out of OVS would make sense., but I'm in
> > no hurry to propose it myself.
>
> What happens with the OVS/OVN split?  Do we split the packaging as well?
>

Good question.  Yes, I think the packaging will need to split as part of
that.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] s/rhel/rpm/?

2018-08-13 Thread Russell Bryant 
On Wed, Aug 8, 2018 at 6:16 PM Ben Pfaff  wrote:

> On Thu, Aug 09, 2018 at 12:29:20AM +0300, Markos Chandras wrote:
> > On 08/08/2018 09:01 PM, Ben Pfaff wrote:
> > > [asking some random SuSE and Red Hat people]
> > >
> > > It had somehow slipped past my notice before that the spec files we
> have
> > > are useful for SuSE as well as Red Hat.  Should we make the directory
> or
> > > file names more generic?
> > >
> > > Thanks,
> > >
> > > Ben.
> > >
> > Hello Ben,
> >
> > The SUSE spec file[1] mostly matches the rhel/openvswitch-fedora.spec.in
> > one from the OvS tree, but because of the different packaging policies
> > between the two distributions, we need to adapt it a little bit. Our
> > spec file is also adapted to build on RHEL and SUSE (note all the %if
> > 0%{?suse_version} blocks there).
> >
> > The rhel/ directory currently has quite a few spec files and most of
> > them only make sense for RHEL. I can perhaps commit the spec file from
> > [1] as openvswitch-suse.spec.in and then we can rename the directory to
> > 'rpm' since it would then hold spec files for multiple distros. Would
> > that work?
>
> OK, I misunderstood.  I had the mistaken idea from one of your messages
> that SuSE was using the same specs file as Fedora, verbatim.
>
> Personally, I'd rather move all the distro packaging out of OVS, because
> distro packagers are good at packaging and OVS developers generally
> aren't.  So, unless it would actually make your job easier, let's keep
> things as is.
>

I would agree that moving it all out of OVS would make sense., but I'm in
no hurry to propose it myself.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v3] Avoid tunneling for VLAN packets redirected to a gateway chassis

2018-05-30 Thread Russell Bryant 
One more general question:

a major difference when doing the redirect to the gateway via a VLAN
vs a geneve tunnel is the lack of metadata.  You've demonstrated how
it's easy enough to identify the network (the VLAN ID + the port it
arrived on).  How about the logical input / output IDs?  What values
are included when the packet is sent over the tunnel?  Are we
confident those values are not needed, or can be inferred another way
in this scenario?

On Wed, May 30, 2018 at 3:59 PM, Russell Bryant  wrote:
> On Fri, May 25, 2018 at 7:33 AM,   wrote:
>> From: venkata anil 
>>
>> When a vm on a vlan tenant network sends traffic to an external network,
>> it is tunneled from host chassis to gateway chassis. In the earlier
>> discussion [1], Russel (also in his doc [2]) suggested if we can figure
>> out a way for OVN to do this redirect to the gateway host over a VLAN
>> network. This patch implements his suggestion i.e will redirect to
>> gateway chassis using incoming tenant vlan network. Gateway chassis are
>> expected to be configured with tenant vlan networks. In this approach,
>> new logical and physical flows introduced for packet processing in both
>> host and gateway chassis.
>
> I don't think we can impose the expectation that the gateway is on the
> same vlan network as the original compute node.  The previous behavior
> of using the tunnel does not require that.
>
> Have you thought of whether we could use the new behavior
> automatically if we know both chassis are on the same network, or fall
> back to a tunnel if necessary?
>
>>
>> Packet processing in the host chassis:
>> 1) A new ovs flow added in physical table 65, which sets MLF_RCV_FROM_VLAN
>>flag for packets from vlan network entering into router pipeline
>> 2) A new flow added in lr_in_ip_routing, for packets output through
>>distributed gateway port and matching MLF_RCV_FROM_VLAN flag,
>>set REGBIT_NAT_REDIRECT i.e
>>table=7 (lr_in_ip_routing   ), priority=2, match=(
>>ip4.dst == 0.0.0.0/0 && flags.rcv_from_vlan == 1 &&
>>!is_chassis_resident("cr-alice")), action=(reg9[0] = 1; next;)
>>This flow will be set only on chassis not hosting chassisredirect
>>port i.e compute node.
>>When REGBIT_NAT_REDIRECT set,
>>a) lr_in_arp_resolve, will set packet eth.dst to distibuted gateway
>>   port MAC
>>b) lr_in_gw_redirect, will set chassisredirect port as outport
>> 3) A new ovs flow added in physical table 32 will use source vlan tenant
>>network tag as vlan ID for sending the packet to gateway chassis.
>>As this vlan packet destination MAC is distibuted gateway port MAC,
>>packet will only reach the gateway chassis.
>>table=32,priority=150,reg14=0x3,reg15=0x6,metadata=0x4
>>actions=mod_vlan_vid:2010,output:25,strip_vlan
>>This flow will be set only on chassis not hosting chassisredirect
>>port i.e compute node.
>>
>> Packet processing in the gateway chassis:
>> 1) A new ovs flow added in physical table 0 to pass vlan traffic coming
>>from localnet port to the connected router pipeline(i.e router
>>attached to vlan tenant network).
>>This flow will set router metadata, reg14 to router's patch port(lrp)
>>(i.e patch port connecting router and vlan tenant network) and a new
>>MLF_RCV_FROM_VLAN flag.
>>table=0,priority=150,in_port=67,dl_vlan=2010 actions=strip_vlan,
>>load:0x4->OXM_OF_METADATA[],load:0x3->NXM_NX_REG14[],
>>load:0x1->NXM_NX_REG10[5],resubmit(,8)
>>This flow will be set only on chassis hosting chassisredirect
>>port i.e gateway node.
>> 2) A new flow added in lr_in_admission which checks MLF_RCV_FROM_VLAN
>>and allows the packet. This flow will be set only on chassis hosting
>>chassisredirect port i.e gateway node.
>>table=0 (lr_in_admission), priority=100  , match=(
>>flags.rcv_from_vlan == 1 && inport == "lrp-44383893-613a-4bfe-b483-
>>e7d0dc3055cd" && is_chassis_resident("cr-lrp-a6e3d2ab-313a-4ea3-
>>8ec4-c3c774a11f49")), action=(next;)
>>Then packet will pass through router ingress and egress pipelines and
>>then to external switch pipeline.
>>
>> In a scenario where the traffic between two vms in the same tenant vlan
>> network across different chassis i.e if "vm1" on tenant vlan network
>> "net1" is on host chassis "ch1" and "vm2" on same tenant vlan network
>> "net1" is on gateway chassis "gw1". When the packet arrived on "gw1"
>>

Re: [ovs-dev] [PATCH v3] Avoid tunneling for VLAN packets redirected to a gateway chassis

2018-05-30 Thread Russell Bryant 
=phys:br-phys
> +OVN_POPULATE_ARP
> +
> +ovn-nbctl create Logical_Router name=R1
> +
> +ovn-nbctl ls-add foo
> +ovn-nbctl ls-add alice
> +ovn-nbctl ls-add outside
> +
> +# Connect foo to R1
> +ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
> +ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
> +type=router options:router-port=foo \
> +-- lsp-set-addresses rp-foo router
> +
> +# Connect alice to R1 as distributed router gateway port (172.16.1.6) on hv2
> +ovn-nbctl lrp-add R1 alice 00:00:02:01:02:03 172.16.1.6/24 \
> +-- set Logical_Router_Port alice options:redirect-chassis="hv2"
> +ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
> +type=router options:router-port=alice \
> +-- lsp-set-addresses rp-alice router
> +
> +# Create logical port foo1 in foo
> +ovn-nbctl lsp-add foo foo1 \
> +-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
> +
> +# Create logical port outside1 in outside, which is a nexthop address
> +# for 172.16.1.0/24
> +ovn-nbctl lsp-add outside outside1 \
> +-- lsp-set-addresses outside1 "f0:00:00:01:02:04 172.16.1.1"
> +
> +# Set default gateway (nexthop) to 172.16.1.1
> +ovn-nbctl lr-route-add R1 "0.0.0.0/0" 172.16.1.1 alice
> +AT_CHECK([ovn-nbctl lr-nat-add R1 snat 172.16.1.6 192.168.1.1/24])
> +
> +ovn-nbctl lsp-add foo ln-foo
> +ovn-nbctl lsp-set-addresses ln-foo unknown
> +ovn-nbctl lsp-set-options ln-foo network_name=public
> +ovn-nbctl lsp-set-type ln-foo localnet
> +AT_CHECK([ovn-nbctl set Logical_Switch_Port ln-foo tag=2])
> +
> +# Create localnet port in alice
> +ovn-nbctl lsp-add alice ln-alice
> +ovn-nbctl lsp-set-addresses ln-alice unknown
> +ovn-nbctl lsp-set-type ln-alice localnet
> +ovn-nbctl lsp-set-options ln-alice network_name=phys
> +
> +# Create localnet port in outside
> +ovn-nbctl lsp-add outside ln-outside
> +ovn-nbctl lsp-set-addresses ln-outside unknown
> +ovn-nbctl lsp-set-type ln-outside localnet
> +ovn-nbctl lsp-set-options ln-outside network_name=phys
> +ovn-nbctl --wait=hv sync
> +
> +ip_to_hex() {
> +printf "%02x%02x%02x%02x" "$@"
> +}
> +gw_ip=$(ip_to_hex 172 16 1 6)
> +src_ip=$(ip_to_hex 192 168 1 2)
> +dst_ip=$(ip_to_hex 8 8 8 8)
> +nexthop_ip=$(ip_to_hex 172 16 1 1)
> +
> +# Send ip packet from foo1 to 8.8.8.8
> +src_mac="f0010203"
> +dst_mac="01010203"
> +packet=${dst_mac}${src_mac}0800451c4011${src_ip}${dst_ip}00350008
> +
> +as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
> +sleep 2
> +
> +# ARP request packet to expect at outside1
> +src_mac="02010203"
> +arp_request=${src_mac}08060001080006040001${src_mac}${gw_ip}${nexthop_ip}
> +echo $arp_request >> hv3-vif1.expected
> +OVN_CHECK_PACKETS([hv3/vif1-tx.pcap], [hv3-vif1.expected])
> +
> +# Send ARP reply from outside1 back to the router
> +reply_mac="f0010204"
> +arp_reply=${src_mac}${reply_mac}08060001080006040002${reply_mac}${nexthop_ip}${src_mac}${gw_ip}
> +
> +as hv3 ovs-appctl netdev-dummy/receive hv3-vif1 $arp_reply
> +
> +# Allow some time for ovn-northd and ovn-controller to catch up.
> +# XXX This should be more systematic.
> +sleep 1
> +
> +# VLAN tagged packet with distributed gateway port(172.16.1.6) MAC as 
> destination MAC
> +# is expected on bridge connecting hv1 and hv2
> +src_mac="f0010203"
> +dst_mac="02010203"
> +expected=${dst_mac}${src_mac}81020800451c4011${src_ip}${dst_ip}00350008
> +echo $expected > hv1-br-ex_n2.expected
> +
> +# Packet to Expect at outside1 i.e nexthop(172.16.1.1) port.
> +# As connection tracking not enabled for this test, snat can't be done on 
> the packet.
> +# We still see foo1 as the source ip address. But source mac(172.16.1.6 MAC) 
> and
> +# dest mac(172.16.1.1 mac) are properly configured.
> +src_mac="02010203"
> +dst_mac="f0010204"
> +expected=${dst_mac}${src_mac}0800451c3f110100${src_ip}${dst_ip}0035111100080000
> +echo $expected > hv3-vif1.expected
> +
> +reset_pcap_file() {
> +local iface=$1
> +local pcap_file=$2
> +ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
> +options:rxq_pcap=dummy-rx.pcap
> +rm -f ${pcap_file}*.pcap
> +ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
> +options:rxq_pcap=${pcap_file}-rx.pcap
> +}
> +
> +as hv1 reset_pcap_file br-ex_n2 hv1/br-ex_n2
> +as hv3 reset_pcap_file hv3-vif1 hv3/vif1
> +sleep 1
> +as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
> +sleep 2
> +
> +# On hv1, table 65 for packets going from vlan switch pipleline to router 
> pipleine
> +# set MLF_RCV_FROM_VLAN flag
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=65 | grep 
> "priority=100,reg15=0x1,metadata=0x2" \
> +| grep actions=clone | grep "load:0x1->NXM_NX_REG10" | wc -l], [0], [[1
> +]])
> +# On hv1, because of snat rule in table 15, a higher priority(i.e 2) flow
> +# added for packets with MLF_RCV_FROM_VLAN flag with output as distributed
> +# gateway port, which sets REGBIT_NAT_REDIRECT flag
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=15 | grep 
> "priority=2,ip,reg10=0x20/0x20,metadata=0x1" \
> +| grep "actions=load:0x1->OXM_OF_PKT_REG4" | wc -l], [0], [[1
> +]])
> +
> +# On hv1, table 32 flow which tags packet with source network vlan tag and 
> sends it to hv2
> +# through br-ex
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=32 | grep 
> "priority=150,reg14=0x1,reg15=0x3,metadata=0x1" \
> +| grep "actions=mod_vlan_vid:2" | grep "n_packets=2," | wc -l], [0], [[1
> +]])
> +
> +# On hv2 table 0, vlan tagged packet is sent through router pipeline
> +# by setting MLF_RCV_FROM_VLAN flag (REG10)
> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep "table=0," | grep 
> "priority=150" | grep "dl_vlan=2" | \
> +grep "actions=strip_vlan,load:0x1->OXM_OF_METADATA" | grep 
> "load:0x1->NXM_NX_REG14" | \
> +grep "load:0x1->NXM_NX_REG10" | wc -l], [0], [[1
> +]])
> +# on hv2 table 8, allow packets with router metadata and with 
> MLF_RCV_FROM_VLAN flag
> +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=8 | grep 
> "priority=100,reg10=0x20/0x20,reg14=0x1,metadata=0x1" | wc -l], [0], [[1
> +]])
> +
> +# Check vlan tagged packet on the bridge connecting hv1 and hv2
> +OVN_CHECK_PACKETS([hv1/br-ex_n2-tx.pcap], [hv1-br-ex_n2.expected])
> +# Check expected packet on nexthop interface
> +OVN_CHECK_PACKETS([hv3/vif1-tx.pcap], [hv3-vif1.expected])
> +
> +OVN_CLEANUP([hv1],[hv2],[hv3])
> +AT_CLEANUP
> +
>  AT_SETUP([ovn -- 1 LR with distributed router gateway port])
>  AT_SKIP_IF([test $HAVE_PYTHON = no])
>  ovn_start
> --
> 1.8.3.1
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] ovn pacemaker: Fix the promotion issue in other cluster nodes when the master node is reset

2018-05-25 Thread Russell Bryant 
On Thu, May 17, 2018 at 6:04 AM,   wrote:
> From: Numan Siddique 
>
> When a node 'A' in the pacemaker cluster running OVN db servers in master is
> brought down ungracefully ('echo b > /proc/sysrq_trigger' for example), 
> pacemaker
> is not able to promote any other node to master in the cluster. When 
> pacemaker selects
> a node B for instance to promote, it moves the IPAddr2 resource (i.e the 
> master ip)
> to node 'B'. As soon the node is configured with the IP address, when the 
> issue is
> seen, the OVN db servers which were running as standy earlier, transitions to 
> active.
> Ideally this should not have happened. The ovsdb-servers are expected to 
> remain in
> standby until there are promoted. (This needs separate investigation). When 
> the pacemaker
> calls the OVN OCF script's promote action, the ovsdb_server_promot function 
> returns
> almost immediately without recording the present master. And later in the 
> notify action
> it demotes back the OVN db servers since the last known master doesn't match 
> with
> node 'B's hostname. This results in pacemaker promoting/demoting in a loop.
>
> This patch fixes the issue by not returning immediately when promote action is
> called if the OVN db servers are running as active. Now it would continue with
> the ovsdb_server_promot function and records the new master by setting proper
> master score ($CRM_MASTER -N $host_name -v ${master_score})
>
> This issue is not seen when a node is brought down gracefully as pacemaker 
> before
> promoting a node, calls stop, start and then promote actions. Not sure why 
> pacemaker
> doesn't call stop, start and promote actions when a node is reset 
> ungracefully.
>
> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1579025
> Signed-off-by: Numan Siddique 

Thanks, Numan.  I tweaked commit message formatting and applied this
to master and branch-2.9
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v3] rhel: user/group openvswitch does not exist

2018-05-01 Thread Russell Bryant 
On Mon, Apr 30, 2018 at 3:27 PM, Aaron Conole <acon...@redhat.com> wrote:
> Markos Chandras <mchand...@suse.de> writes:
>
>> On 19/04/18 16:27, Aaron Conole wrote:
>>> From: Alan Pevec <alan.pe...@redhat.com>
>>>
>>> Default ownership[1] for config files is failing on an empty system:
>>>   Running scriptlet: openvswitch-2.9.0-3.fc28.x86_64
>>> warning: user openvswitch does not exist - using root
>>> warning: group openvswitch does not exist - using root
>>> ...
>>>
>>> Required user/group need to be created in %pre as documented in
>>> Fedora guideline[2]
>>>
>>> [1]
>>> https://github.com/openvswitch/ovs/commit/951d79e638ecdb3b1dcd19df1adb2ff91fe61af8
>>>
>>> [2] 
>>> https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation
>>>
>>> Submitted-at: https://github.com/openvswitch/ovs/pull/223
>>> Signed-off-by: Alan Pevec <alan.pe...@redhat.com>
>>> Co-authored-by: Aaron Conole <acon...@redhat.com>
>>> Signed-off-by: Aaron Conole <acon...@redhat.com>
>>
>> Reviewed-by: Markos Chandras <mchand...@suse.de>
>
> Thanks Markos.
>
> Timothy, Russell, sorry I forgot to CC you, it seems.

Thanks, applied to master and branch-2.9.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] rhel: don't drop capabilities when running as root

2018-03-27 Thread Russell Bryant 
On Tue, Mar 27, 2018 at 9:26 AM, Aaron Conole <acon...@redhat.com> wrote:
> Aaron Conole <acon...@redhat.com> writes:
>
>> Currently, regardless of which user is being set as the running user,
>> Open vSwitch daemons on RHEL systems drop capabilities.  This means the
>> very powerful CAP_SYS_ADMIN is dropped, even when the user is 'root'.
>>
>> For the majority of use cases this behavior works, as the user can
>> enable or disable various configurations, regardless of which datapath
>> functions are desired.  However, when using certain DPDK PMDs, the
>> enablement and configuration calls require CAP_SYS_ADMIN.
>>
>> Instead of retaining CAP_SYS_ADMIN in all cases, which would practically
>> nullify the uid/gid and privilege drop, we don't pass the --ovs-user
>> option to the daemons.  This shunts the capability and privilege
>> dropping code.
>>
>> Reported-by: Marcos Felipe Schwarz <marcos.f@gmail.com>
>> Reported-at: 
>> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-January/045955.html
>> Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user")
>> Signed-off-by: Aaron Conole <acon...@redhat.com>
>> ---
>
> Ping?

Applied to master and branch-2.9.

Please continue to CC me on rhel patches like this that have been
reviewed by someone and you feel are ready to be applied.

Thanks,

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] python: Enable flake8 checking of ovs-pipegen.py.

2018-03-14 Thread Russell Bryant 
On Wed, Mar 14, 2018 at 3:48 PM, Ben Pfaff <b...@ovn.org> wrote:

> On Wed, Mar 14, 2018 at 11:07:44AM -0400, Russell Bryant wrote:
> > Signed-off-by: Russell Bryant <russ...@ovn.org>
>
> flake8-check passes for me, with this change.
>
> Acked-by: Ben Pfaff <b...@ovn.org>
>

​Thanks!  applied to master.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v2] tests: Add some Python3 test variants on ovsdb-idl.at

2018-03-14 Thread Russell Bryant 
-server ovsdb-server/disable-monitor-cond])
> -   AT_CHECK([$PYTHON $srcdir/test-ovsdb.py  -t10 idl 
> $srcdir/idltest.ovsschema unix:socket $2],
> +   AT_CHECK([$7 $srcdir/test-ovsdb.py  -t10 idl $srcdir/idltest.ovsschema 
> unix:socket $2],
>  [0], [stdout], [ignore], [kill `cat pid`])
> AT_CHECK([sort stdout | uuidfilt]m4_if([$5],,, [[| $5]]),
>  [0], [$3], [], [kill `cat pid`])
> OVSDB_SERVER_SHUTDOWN
> AT_CLEANUP])
>
> +m4_define([OVSDB_CHECK_IDL_WO_MONITOR_COND_PY],
> +[OVSDB_CHECK_IDL_WO_MONITOR_COND_PYN([$1 - Python2], [$2], [$3], [$4], 
> [$5],
> +[$HAVE_PYTHON], [$PYTHON])
> +OVSDB_CHECK_IDL_WO_MONITOR_COND_PYN([$1 - Python3], [$2], [$3], [$4], 
> [$5],
> +[$HAVE_PYTHON3], [$PYTHON3])])
> +
>
>  m4_define([OVSDB_CHECK_IDL_WO_MONITOR_COND],
> [OVSDB_CHECK_IDL_WO_MONITOR_COND_PY($@)])
> @@ -1214,24 +1232,30 @@ OVSDB_CHECK_IDL_PY([partial-set idl],
>  015: done
>  ]])
>
> -m4_define([OVSDB_CHECK_IDL_NOTIFY_PY],
> -  [AT_SETUP([$1 - Python])
> -   AT_SKIP_IF([test $HAVE_PYTHON = no])
> +m4_define([OVSDB_CHECK_IDL_NOTIFY_PYN],
> +  [AT_SETUP([$1])
> +   AT_SKIP_IF([test $6 = no])
> AT_KEYWORDS([ovsdb server idl Python notify $4])
> AT_CHECK([ovsdb_start_idltest])
> -   AT_CHECK([$PYTHON $srcdir/test-ovsdb.py  -t10 idl 
> $srcdir/idltest.ovsschema unix:socket $2],
> +   AT_CHECK([$7 $srcdir/test-ovsdb.py  -t10 idl $srcdir/idltest.ovsschema 
> unix:socket $2],
>  [0], [stdout], [ignore], [kill `cat pid`])
> AT_CHECK([sort stdout | uuidfilt]m4_if([$5],,, [[| $5]]),
>  [0], [$3], [], [kill `cat pid`])
> OVSDB_SERVER_SHUTDOWN
> AT_CLEANUP])
>
> +m4_define([OVSDB_CHECK_IDL_NOTIFY_PY],
> +[OVSDB_CHECK_IDL_NOTIFY_PYN([$1 - Python2], [$2], [$3], [$4], [$5],
> +[$HAVE_PYTHON], [$PYTHON])
> +OVSDB_CHECK_IDL_NOTIFY_PYN([$1 - Python3], [$2], [$3], [$4], [$5],
> +[$HAVE_PYTHON3], [$PYTHON3])])
> +
>  # This test uses the Python IDL implementation with ssl
> -m4_define([OVSDB_CHECK_IDL_NOTIFY_SSL_PY],
> +m4_define([OVSDB_CHECK_IDL_NOTIFY_SSL_PYN],
>[AT_SETUP([$1 - SSL])
> AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
> -   AT_SKIP_IF([test $HAVE_PYTHON = no])
> -   $PYTHON -c "import OpenSSL.SSL"
> +   AT_SKIP_IF([test $6 = no])
> +   $7 -c "import OpenSSL.SSL"
> SSL_PRESENT=$?
> AT_SKIP_IF([test $SSL_PRESENT != 0])
> AT_KEYWORDS([ovsdb server idl Python notify - ssl socket])
> @@ -1246,7 +1270,7 @@ m4_define([OVSDB_CHECK_IDL_NOTIFY_SSL_PY],
>   --remote=pssl:0:127.0.0.1 db])
> on_exit 'kill `cat ovsdb-server.pid`'
> PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
> -   AT_CHECK([$PYTHON $srcdir/test-ovsdb.py  -t10 idl 
> $srcdir/idltest.ovsschema \
> +   AT_CHECK([$7 $srcdir/test-ovsdb.py  -t10 idl $srcdir/idltest.ovsschema \
>   ssl:127.0.0.1:$TCP_PORT $PKIDIR/testpki-privkey.pem \
>   $PKIDIR/testpki-cert.pem $PKIDIR/testpki-cacert.pem $2],
>  [0], [stdout], [ignore], [kill `cat pid`])
> @@ -1255,6 +1279,12 @@ m4_define([OVSDB_CHECK_IDL_NOTIFY_SSL_PY],
> OVSDB_SERVER_SHUTDOWN
> AT_CLEANUP])
>
> +m4_define([OVSDB_CHECK_IDL_NOTIFY_SSL_PY],
> +[OVSDB_CHECK_IDL_NOTIFY_SSL_PYN([$1 - Python2], [$2], [$3], [$4], [$5],
> +[$HAVE_PYTHON], [$PYTHON])
> +OVSDB_CHECK_IDL_NOTIFY_SSL_PYN([$1 - Python3], [$2], [$3], [$4], [$5],
> +[$HAVE_PYTHON3], [$PYTHON3])])
> +
>  m4_define([OVSDB_CHECK_IDL_NOTIFY],
> [OVSDB_CHECK_IDL_NOTIFY_PY($@)
>  OVSDB_CHECK_IDL_NOTIFY_SSL_PY($@)])
> --
> 2.14.3
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] python: KeyError shouldn't be raised from __getattr__

2018-03-14 Thread Russell Bryant 
I've applied this to master and branch-2.9.  Thanks!

On Mon, Mar 12, 2018 at 6:52 AM, Timothy Redaelli <tredae...@redhat.com> wrote:
> On Python 3 hasattr only intercepts AttributeError exception.
> On Python2, instead, hasattr intercepts all the exceptions.
>
> This means __getattr__ shouldn't return KeyError when the attribute
> doesn't exists, but it should raise AttributeError instead.
>
> Fixes: 2d54d8011e14 ("Python-IDL: getattr after mutate fix")
> Signed-off-by: Timothy Redaelli <tredae...@redhat.com>
> ---
>  python/ovs/db/idl.py | 6 +-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/python/ovs/db/idl.py b/python/ovs/db/idl.py
> index 5a4d129c0..773a604ed 100644
> --- a/python/ovs/db/idl.py
> +++ b/python/ovs/db/idl.py
> @@ -774,7 +774,11 @@ class Row(object):
>  assert self._changes is not None
>  assert self._mutations is not None
>
> -column = self._table.columns[column_name]
> +try:
> +column = self._table.columns[column_name]
> +except KeyError:
> +raise AttributeError("%s instance has no attribute '%s'" %
> + (self.__class__.__name__, column_name))
>  datum = self._changes.get(column_name)
>  inserts = None
>  if '_inserts' in self._mutations.keys():
> --
> 2.14.3
>
> ___________
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] python: Enable flake8 checking of ovs-pipegen.py.

2018-03-14 Thread Russell Bryant 
Signed-off-by: Russell Bryant <russ...@ovn.org>
---
 utilities/automake.mk| 3 ++-
 utilities/ovs-pipegen.py | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/utilities/automake.mk b/utilities/automake.mk
index 1636cb93e..60cf1c5ed 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -146,6 +146,7 @@ endif
 
 FLAKE8_PYFILES += utilities/ovs-pcap.in \
utilities/checkpatch.py utilities/ovs-dev.py \
-   utilities/ovs-tcpdump.in
+   utilities/ovs-tcpdump.in \
+   utilities/ovs-pipegen.py
 
 include utilities/bugtool/automake.mk
diff --git a/utilities/ovs-pipegen.py b/utilities/ovs-pipegen.py
index f040a7e1b..8a2a4266e 100755
--- a/utilities/ovs-pipegen.py
+++ b/utilities/ovs-pipegen.py
@@ -18,6 +18,7 @@ import random
 import sys
 import textwrap
 
+
 def flow_str(stage, match, action, priority=32768):
 mtd_match = "metadata=%d" % stage
 if match:
@@ -109,11 +110,10 @@ def main():
 """ % sys.argv[0])
 
 parser = argparse.ArgumentParser(description=description, epilog=epilog,
- formatter_class=\
- argparse.RawDescriptionHelpFormatter)
+formatter_class=argparse.RawDescriptionHelpFormatter)
 parser.add_argument("--size", dest="size", default=1000,
 help="Size (rules) of each OpenFlow table.")
-args=parser.parse_args()
+args = parser.parse_args()
 
 pipeline(int(args.size))
 
-- 
2.14.3

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] utilities: Make ovs-pipegen.py Python 3 friendly

2018-03-14 Thread Russell Bryant 
I've applied this to master.

I'll also submit a follow-up patch in a moment which adds this script
to the list of Python files checked with flake8, which will help
prevent some basic compatibility issues in the future.

On Tue, Mar 13, 2018 at 12:48 PM, Timothy Redaelli <tredae...@redhat.com> wrote:
> Replace "print f" with "print(f)" and "xrange" with "range".
>
> The changes are backward compatibile with Python 2.
>
> Signed-off-by: Timothy Redaelli <tredae...@redhat.com>
> ---
>  utilities/ovs-pipegen.py | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/utilities/ovs-pipegen.py b/utilities/ovs-pipegen.py
> index 4bf240f3a..f040a7e1b 100755
> --- a/utilities/ovs-pipegen.py
> +++ b/utilities/ovs-pipegen.py
> @@ -71,15 +71,15 @@ def pipeline(size):
>  pipeline = [l2, l3, l4, l2]
>
>  flows = []
> -for stage in xrange(len(pipeline)):
> +for stage in range(len(pipeline)):
>  action = resubmit(stage + 1)
> -flows += [pipeline[stage](stage, action) for _ in xrange(size)]
> +flows += [pipeline[stage](stage, action) for _ in range(size)]
>  flows.append(flow_str(stage, "", action, priority=1))
>
>  flows.append(flow_str(len(pipeline), "", "in_port"))
>
>  for f in flows:
> -print f
> +print(f)
>
>
>  def main():
> --
> 2.14.3
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] rhel: Avoid losing bridge configuration after adding DPDK ports

2018-03-07 Thread Russell Bryant 
I've applied this to master and branch-2.9.

On Wed, Feb 28, 2018 at 1:22 PM, Ben Pfaff <b...@ovn.org> wrote:
> Russell, are you the right one to consider applying this?
>
> On Wed, Feb 28, 2018 at 12:32:23PM +, Vishal Deep Ajmera wrote:
>> Hi,
>>
>> If the patch looks fine I request to get this cherry-pick on 2.9 branch as 
>> well.
>>
>> Warm Regards,
>> Vishal Ajmera
>>
>> -Original Message-
>> From: Vishal Deep Ajmera
>> Sent: Friday, February 23, 2018 12:49 AM
>> To: d...@openvswitch.org
>> Cc: Vishal Deep Ajmera <vishal.deep.ajm...@ericsson.com>; Flavio Leitner 
>> <f...@sysclose.org>
>> Subject: [PATCH] rhel: Avoid losing bridge configuration after adding DPDK 
>> ports
>>
>> Whenever a DPDK port is added to or deleted from an OVS bridge, the bridge
>> interface is reconfigured with the lowest MAC address among the connected 
>> DPDK
>> ports. When changing the MAC address, OVS performs a sequences of events
>> UP -> DOWN -> UP on the bridge interface. In deployments of OVS in RHEL
>> distribution this results in loosing Linux networking configuration attached 
>> to
>> the bridge interface (e.g. static routes).
>>
>> This patch changes the interface configuration scripts used in a RHEL 
>> deployment
>> to trigger post-up operations on the bridge device after a change of MAC 
>> address.
>>
>> Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajm...@ericsson.com>
>> Signed-off-by: Flavio Leitner <f...@sysclose.org>
>>
>> ---
>>  rhel/README.RHEL.rst|  5 +
>>  rhel/etc_sysconfig_network-scripts_ifup-ovs | 16 
>>  2 files changed, 21 insertions(+)
>>
>> diff --git a/rhel/README.RHEL.rst b/rhel/README.RHEL.rst
>> index f3d2942..1cd2065 100644
>> --- a/rhel/README.RHEL.rst
>> +++ b/rhel/README.RHEL.rst
>> @@ -93,6 +93,11 @@ Note
>>answers: File exists`` printed on the console. This comes from ifup-eth
>>trying to add zeroconf route multiple times and is harmless.
>>
>> +* ``ifup`` on OVSDPDKPort or OVSDPDKBond may result in change of bridge mac 
>> address.
>> +  Since OVS changes the device state to DOWN before changing its mac 
>> address this
>> +  result in loss of bridge configuration (e.g. routes). ``ifup-ovs`` 
>> perform post-up
>> +  operation on the bridge again to restore configuration.
>> +
>>  Examples
>>  
>>
>> diff --git a/rhel/etc_sysconfig_network-scripts_ifup-ovs 
>> b/rhel/etc_sysconfig_network-scripts_ifup-ovs
>> index b95220a..1c65f13 100755
>> --- a/rhel/etc_sysconfig_network-scripts_ifup-ovs
>> +++ b/rhel/etc_sysconfig_network-scripts_ifup-ovs
>> @@ -167,10 +167,18 @@ case "$TYPE" in
>>   ;;
>>   OVSDPDKPort)
>>   ifup_ovs_bridge
>> + BRIDGE_MAC_ORIG=$(get_hwaddr $OVS_BRIDGE)
>>   ovs-vsctl -t ${TIMEOUT} \
>>   -- --if-exists del-port "$OVS_BRIDGE" "$DEVICE" \
>>   -- add-port "$OVS_BRIDGE" "$DEVICE" $OVS_OPTIONS \
>>   -- set Interface "$DEVICE" type=dpdk ${OVS_EXTRA+-- 
>> $OVS_EXTRA}
>> + BRIDGE_MAC=$(get_hwaddr $OVS_BRIDGE)
>> + # The bridge may change its MAC to be the lower one among all 
>> its
>> + # ports. If that happens, bridge configuration (e.g. routes) 
>> will
>> + # be lost. Restore the post-up bridge configuration again.
>> + if [ "$BRIDGE_MAC_ORIG" != "$BRIDGE_MAC" ]; then
>> + ${OTHERSCRIPT} "$OVS_BRIDGE"
>> + fi
>>   ;;
>>   OVSDPDKRPort)
>>   ifup_ovs_bridge
>> @@ -196,12 +204,20 @@ case "$TYPE" in
>>   ;;
>>   OVSDPDKBond)
>>   ifup_ovs_bridge
>> + BRIDGE_MAC_ORIG=$(get_hwaddr $OVS_BRIDGE)
>>   for _iface in $BOND_IFACES; do
>>   IFACE_TYPES="${IFACE_TYPES} -- set interface ${_iface} 
>> type=dpdk"
>>   done
>>   ovs-vsctl -t ${TIMEOUT} \
>>   -- --if-exists del-port "$OVS_BRIDGE" "$DEVICE" \
>>   -- add-bond "$OVS_BRIDGE" "$DEVICE" ${BOND_IFACES} 
>> $OVS_OPTIONS ${IFACE_TYPES} ${OVS_EXTRA+-- $OVS_EXTRA}
>> + BRIDGE_MAC=

Re: [ovs-dev] [PATCH] The dependency between ovndb_servers-master and VirtualIP is wrong

2018-01-23 Thread Russell Bryant 
Adding Numan Siddique, as well.  Numan, can you take a look at this?

On Tue, Jan 23, 2018 at 2:17 PM, Ben Pfaff <b...@ovn.org> wrote:
> Thank you for the patch!  With this message, I'm adding a few people who
> might be capable of a review to the thread (I'm certainly not).
>
> Thanks,
>
> Ben.
>
> On Thu, Jan 18, 2018 at 05:37:35PM +0800, xurong00037997 wrote:
>> From: zhaojingjing0067370 <zhao.jingji...@zte.com.cn>
>>
>> ---
>>  Documentation/topics/integration.rst | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/Documentation/topics/integration.rst 
>> b/Documentation/topics/integration.rst
>> index 0447faf..d129e21 100644
>> --- a/Documentation/topics/integration.rst
>> +++ b/Documentation/topics/integration.rst
>> @@ -255,6 +255,6 @@ with the active server::
>>
>>  $ pcs resource create VirtualIP ocf:heartbeat:IPaddr2 ip=x.x.x.x \
>>  op monitor interval=30s
>> -$ pcs constraint order promote ovndb_servers-master then VirtualIP
>> -$ pcs constraint colocation add VirtualIP with master 
>> ovndb_servers-master \
>> +$ pcs constraint order start VirtualIP then promote ovndb_servers-master
>> +$ pcs constraint colocation add master ovndb_servers-master with 
>> VirtualIP \
>>  score=INFINITY
>> --
>> 1.8.3.1
>>
>> ___
>> dev mailing list
>> d...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] Drop support for RHEL 5 and 6

2018-01-17 Thread Russell Bryant 
OK - fine with me.

So an alternative patch would be to document that this spec is now
just an alternative for RHEL7 vs one for 5 / 6?

On Tue, Jan 16, 2018 at 11:56 PM, Guru Shetty <g...@ovn.org> wrote:
> We use RHEL6 spec to build rpms for RHEL7 as we still use sysV scripts. We
> will need quite a bit of scripting changes, install script changes,
> dependencies etc to get ourselves accustomed to systemd. So I would prefer
> that we not do this till OVS 2.10 atleast.
>
> On 16 January 2018 at 08:44, Russell Bryant <russ...@ovn.org> wrote:
>>
>> On Thu, Jan 11, 2018 at 11:36 AM, Timothy Redaelli <tredae...@redhat.com>
>> wrote:
>> > RHEL 6 is not supported anymore since it uses Python 2.6 and GCC 4.4.x,
>> > but Open vSwitch needs, at least, Python 2.7 and GCC 4.6 to build
>> > correctly.
>> >
>> >
>> > http://docs.openvswitch.org/en/latest/intro/install/general/#build-requirements
>> >
>> > CC: Gurucharan Shetty <g...@ovn.org>
>> > Signed-off-by: Timothy Redaelli <tredae...@redhat.com>
>>
>> Acked-by: Russell Bryant <russ...@ovn.org>
>>
>> I'm fine with this, but I'll let Guru comment as well before applying
>> anything.
>>
>> > ---
>> >
>> > This is the same, rejected, patch I sent as RFC since I have, in the
>> > meanwhile, sent another patchset (already merged) to add the requested
>> > "force-reload-kmod" support on RHEL7 ("ovs-systemd-reload
>> > force-reload-kmod").
>> >
>> >  Documentation/automake.mk |   1 -
>> >  Documentation/howto/docker.rst|   2 +-
>> >  Documentation/index.rst   |   1 -
>> >  Documentation/intro/install/index.rst |   1 -
>> >  Documentation/intro/install/rhel.rst  | 238
>> > --
>> >  rhel/.gitignore   |   3 -
>> >  rhel/automake.mk  |  11 --
>> >  rhel/openvswitch-kmod-rhel6.spec.in   |  78 --
>> >  rhel/openvswitch-kmod.files   |   3 -
>> >  rhel/openvswitch.spec.in  | 267
>> > --
>> >  10 files changed, 1 insertion(+), 604 deletions(-)
>> >  delete mode 100644 Documentation/intro/install/rhel.rst
>> >  delete mode 100644 rhel/openvswitch-kmod-rhel6.spec.in
>> >  delete mode 100644 rhel/openvswitch-kmod.files
>> >  delete mode 100644 rhel/openvswitch.spec.in
>> >
>> > diff --git a/Documentation/automake.mk b/Documentation/automake.mk
>> > index 2b202cb2a..e614b9de1 100644
>> > --- a/Documentation/automake.mk
>> > +++ b/Documentation/automake.mk
>> > @@ -18,7 +18,6 @@ DOC_SOURCE = \
>> > Documentation/intro/install/general.rst \
>> > Documentation/intro/install/netbsd.rst \
>> > Documentation/intro/install/ovn-upgrades.rst \
>> > -   Documentation/intro/install/rhel.rst \
>> > Documentation/intro/install/userspace.rst \
>> > Documentation/intro/install/windows.rst \
>> > Documentation/intro/install/xenserver.rst \
>> > diff --git a/Documentation/howto/docker.rst
>> > b/Documentation/howto/docker.rst
>> > index ff8b708af..c3d4dbf20 100644
>> > --- a/Documentation/howto/docker.rst
>> > +++ b/Documentation/howto/docker.rst
>> > @@ -296,7 +296,7 @@ The "underlay" mode
>> > Depending on your VM, you can make the above step persistent across
>> > reboots.
>> > For example, if your VM is Debian/Ubuntu-based, read
>> > `openvswitch-switch.README.Debian` found in `debian` folder. If your
>> > VM is
>> > -   RHEL-based, refer to :doc:`/intro/install/rhel`.
>> > +   Fedora/RHEL7/CentOS7-based, refer to :doc:`/intro/install/fedora`.
>> >
>> >  3. Start the Open vSwitch network driver
>> >
>> > diff --git a/Documentation/index.rst b/Documentation/index.rst
>> > index ddffa3a62..dac14ba58 100644
>> > --- a/Documentation/index.rst
>> > +++ b/Documentation/index.rst
>> > @@ -86,7 +86,6 @@ Deeper Dive
>> >  - **Testing** :doc:`topics/testing`
>> >
>> >  - **Packaging:** :doc:`intro/install/debian` |
>> > -  :doc:`intro/install/rhel` |
>> >:doc:`intro/install/fedora`
>> >
>> >  The Open vSwitch Project
>> > diff --git a/Documentation/intro/install/index.rst
>> > b/Documentation/intro/install/index.rst
>> > index 3193c736c..626b49f12 100644
>> >

Re: [ovs-dev] [PATCH] Drop support for RHEL 5 and 6

2018-01-16 Thread Russell Bryant 
On Thu, Jan 11, 2018 at 11:36 AM, Timothy Redaelli <tredae...@redhat.com> wrote:
> RHEL 6 is not supported anymore since it uses Python 2.6 and GCC 4.4.x,
> but Open vSwitch needs, at least, Python 2.7 and GCC 4.6 to build correctly.
>
> http://docs.openvswitch.org/en/latest/intro/install/general/#build-requirements
>
> CC: Gurucharan Shetty <g...@ovn.org>
> Signed-off-by: Timothy Redaelli <tredae...@redhat.com>

Acked-by: Russell Bryant <russ...@ovn.org>

I'm fine with this, but I'll let Guru comment as well before applying anything.

> ---
>
> This is the same, rejected, patch I sent as RFC since I have, in the
> meanwhile, sent another patchset (already merged) to add the requested
> "force-reload-kmod" support on RHEL7 ("ovs-systemd-reload force-reload-kmod").
>
>  Documentation/automake.mk |   1 -
>  Documentation/howto/docker.rst|   2 +-
>  Documentation/index.rst   |   1 -
>  Documentation/intro/install/index.rst |   1 -
>  Documentation/intro/install/rhel.rst  | 238 --
>  rhel/.gitignore   |   3 -
>  rhel/automake.mk  |  11 --
>  rhel/openvswitch-kmod-rhel6.spec.in   |  78 --
>  rhel/openvswitch-kmod.files   |   3 -
>  rhel/openvswitch.spec.in  | 267 
> --
>  10 files changed, 1 insertion(+), 604 deletions(-)
>  delete mode 100644 Documentation/intro/install/rhel.rst
>  delete mode 100644 rhel/openvswitch-kmod-rhel6.spec.in
>  delete mode 100644 rhel/openvswitch-kmod.files
>  delete mode 100644 rhel/openvswitch.spec.in
>
> diff --git a/Documentation/automake.mk b/Documentation/automake.mk
> index 2b202cb2a..e614b9de1 100644
> --- a/Documentation/automake.mk
> +++ b/Documentation/automake.mk
> @@ -18,7 +18,6 @@ DOC_SOURCE = \
> Documentation/intro/install/general.rst \
> Documentation/intro/install/netbsd.rst \
> Documentation/intro/install/ovn-upgrades.rst \
> -   Documentation/intro/install/rhel.rst \
> Documentation/intro/install/userspace.rst \
> Documentation/intro/install/windows.rst \
> Documentation/intro/install/xenserver.rst \
> diff --git a/Documentation/howto/docker.rst b/Documentation/howto/docker.rst
> index ff8b708af..c3d4dbf20 100644
> --- a/Documentation/howto/docker.rst
> +++ b/Documentation/howto/docker.rst
> @@ -296,7 +296,7 @@ The "underlay" mode
> Depending on your VM, you can make the above step persistent across 
> reboots.
> For example, if your VM is Debian/Ubuntu-based, read
> `openvswitch-switch.README.Debian` found in `debian` folder. If your VM is
> -   RHEL-based, refer to :doc:`/intro/install/rhel`.
> +   Fedora/RHEL7/CentOS7-based, refer to :doc:`/intro/install/fedora`.
>
>  3. Start the Open vSwitch network driver
>
> diff --git a/Documentation/index.rst b/Documentation/index.rst
> index ddffa3a62..dac14ba58 100644
> --- a/Documentation/index.rst
> +++ b/Documentation/index.rst
> @@ -86,7 +86,6 @@ Deeper Dive
>  - **Testing** :doc:`topics/testing`
>
>  - **Packaging:** :doc:`intro/install/debian` |
> -  :doc:`intro/install/rhel` |
>:doc:`intro/install/fedora`
>
>  The Open vSwitch Project
> diff --git a/Documentation/intro/install/index.rst 
> b/Documentation/intro/install/index.rst
> index 3193c736c..626b49f12 100644
> --- a/Documentation/intro/install/index.rst
> +++ b/Documentation/intro/install/index.rst
> @@ -59,7 +59,6 @@ provided below.
> distributions
> debian
> fedora
> -   rhel
>
>  Upgrades
>  
> diff --git a/Documentation/intro/install/rhel.rst 
> b/Documentation/intro/install/rhel.rst
> deleted file mode 100644
> index f8b26069f..0
> --- a/Documentation/intro/install/rhel.rst
> +++ /dev/null
> @@ -1,238 +0,0 @@
> -..
> -  Licensed under the Apache License, Version 2.0 (the "License"); you may
> -  not use this file except in compliance with the License. You may obtain
> -  a copy of the License at
> -
> -  http://www.apache.org/licenses/LICENSE-2.0
> -
> -  Unless required by applicable law or agreed to in writing, software
> -  distributed under the License is distributed on an "AS IS" BASIS, 
> WITHOUT
> -  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See 
> the
> -  License for the specific language governing permissions and limitations
> -  under the License.
> -
> -  Convention for heading levels in Open vSwitch documentation:
> -
> -  ===  Heading 0 (reserved for the title in a document)
> -  ---  Heading 1
> -  ~~

Re: [ovs-dev] [PATCH] OVN pacemaker: Fix issues when started as pacemaker container bundles

2018-01-09 Thread Russell Bryant 
On Mon, Jan 8, 2018 at 2:35 AM,  <nusid...@redhat.com> wrote:
> From: Numan Siddique <nusid...@redhat.com>
>
> When OVN dbs are created as a pacemaker container bundle resource with
> meta attribute "container-attribute-target=host" defined, the OVN OCF script
> is not working properly. It should use the function provided by the OCF lib
> 'ocf_attribute_target' [1] to get the physical hostname and use that to set 
> the
> master/slave scores. This patch makes use of this function when setting the
> scores. Also fixes other issues seen and deletes the local unused function
> 'ovsdb_server_find_active_peers'.
>
> [1] - Please see this commit in ResourceAgents for more information on
> 'ocf_attribute_target'
> https://github.com/ClusterLabs/resource-agents/commit/9bd94137d77f770967d35db5de716590cfaf0435
>
> Signed-off-by: Numan Siddique <nusid...@redhat.com>
> CC: Russell Bryant <russ...@ovn.org>
> ---
>  ovn/utilities/ovndb-servers.ocf | 51 
> ++---
>  1 file changed, 27 insertions(+), 24 deletions(-)

Thanks, Numan.  I applied this to master, branch-2.8, and branch-2.7.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v6 2/2] OVN: Add support for periodic router advertisements.

2018-01-08 Thread Russell Bryant 
On Mon, Jan 8, 2018 at 3:24 AM, Miguel Angel Ajo Pelayo
<majop...@redhat.com> wrote:
> Awesome!, do you believe it would be possible to have this on the 2.9
> series too?
>
> Having the periodic router advertisements on the next openstack release was
> one of our items
> towards parity with the reference solution in the land of IPv6.

The 2.9 branch has not been created yet, so anything in master now
will be in 2.9.

>
>
>
> On Fri, Jan 5, 2018 at 6:05 PM Ben Pfaff <b...@ovn.org> wrote:
>
>> On Wed, Nov 29, 2017 at 03:59:48PM -0600, Mark Michelson wrote:
>> > This change adds three new options to the Northbound
>> > Logical_Router_Port's ipv6_ra_configs option:
>> >
>> > * send_periodic: If set to "true", then OVN will send periodic router
>> > advertisements out of this router port.
>> > * max_interval: The maximum amount of time to wait between sending
>> > periodic router advertisements.
>> > * min_interval: The minimum amount of time to wait between sending
>> > periodic router advertisements.
>> >
>> > When send_periodic is true, then IPv6 RA configs, as well as some layer
>> > 2 and layer 3 information about the router port, are copied to the
>> > southbound database. From there, ovn-controller can use this information
>> > to know when to send periodic RAs and what to send in them.
>> >
>> > Because periodic RAs originate from each ovn-controller, the new
>> > keep-local flag is set on the packet so that ports don't receive an
>> > overabundance of RAs.
>> >
>> > Signed-off-by: Mark Michelson <mmich...@redhat.com>
>>
>> Thanks a lot for the revised series.
>>
>> I folded in the following changes and applied this series to master.
>>
>> diff --git a/lib/packets.h b/lib/packets.h
>> index 8819f829970e..395599f08c92 100644
>> --- a/lib/packets.h
>> +++ b/lib/packets.h
>> @@ -1020,7 +1020,12 @@ BUILD_ASSERT_DECL(RA_MSG_LEN == sizeof(struct
>> ovs_ra_msg));
>>   * 6.2.1
>>   */
>>  #define ND_RA_MAX_INTERVAL_DEFAULT 600
>> -#define ND_RA_MIN_INTERVAL_DEFAULT(max) ((max) >= 9 ? (max) / 3 : (max) *
>> 3 / 4)
>> +
>> +static inline int
>> +nd_ra_min_interval_default(int max)
>> +{
>> +return max >= 9 ? max / 3 : max * 3 / 4;
>> +}
>>
>>  /*
>>   * Use the same struct for MLD and MLD2, naming members as the defined
>> fields in
>> @@ -1420,7 +1425,7 @@ void compose_nd_ra(struct dp_packet *,
>> const struct in6_addr *ipv6_dst,
>> uint8_t cur_hop_limit, uint8_t mo_flags,
>> ovs_be16 router_lt, ovs_be32 reachable_time,
>> -   ovs_be32 retrans_timer, ovs_be32 mtu);
>> +   ovs_be32 retrans_timer, uint32_t mtu);
>>  void packet_put_ra_prefix_opt(struct dp_packet *,
>>uint8_t plen, uint8_t la_flags,
>>ovs_be32 valid_lifetime,
>> diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
>> index cf414b8f229b..7542db3f4854 100644
>> --- a/ovn/controller/pinctrl.c
>> +++ b/ovn/controller/pinctrl.c
>> @@ -1167,7 +1167,7 @@ ipv6_ra_update_config(const struct
>> sbrec_port_binding *pb)
>>  config->max_interval = smap_get_int(>options,
>> "ipv6_ra_max_interval",
>>  ND_RA_MAX_INTERVAL_DEFAULT);
>>  config->min_interval = smap_get_int(>options,
>> "ipv6_ra_min_interval",
>> -ND_RA_MIN_INTERVAL_DEFAULT(config->max_interval));
>> +nd_ra_min_interval_default(config->max_interval));
>>  config->mtu = smap_get_int(>options, "ipv6_ra_mtu",
>> ND_MTU_DEFAULT);
>>  config->la_flags = ND_PREFIX_ON_LINK;
>>
>> @@ -1194,7 +1194,7 @@ ipv6_ra_update_config(const struct
>> sbrec_port_binding *pb)
>>  }
>>
>>  /* All nodes multicast addresses */
>> -config->eth_dst = ETH_ADDR_C(33,33,00,00,00,01);
>> +config->eth_dst = (struct eth_addr) ETH_ADDR_C(33,33,00,00,00,01);
>>  ipv6_parse("ff02::1", >ipv6_dst);
>>
>>  const char *eth_addr = smap_get(>options, "ipv6_ra_src_eth");
>> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
>> index fc14dc8c38eb..e3ddc1fd9bc1 100644
>> --- a/ovn/northd/ovn-northd.c
>> +++ b/ovn/northd/ovn-northd.c
>> @@ -4486,7 +4486,7 @@ copy_ra_to_sb(struct ovn_port *op, const char
>> *address_mode)
>

Re: [ovs-dev] [PATCH branch-2.8 v1] OVN: Add external_ids to NAT and Logical_Router_Static_Route tables.

2017-12-07 Thread Russell Bryant 
On Wed, Dec 6, 2017 at 4:59 AM,   wrote:
> From: Lucas Alvares Gomes 
>
> The external_ids column is missing from the NAT and
> Logical_Router_Static_Route tables.
>
> As discussed at [0] the change to the schema for this backport should
> leave the version number unmodified.
>
> [0]
> https://mail.openvswitch.org/pipermail/ovs-dev/2017-December/341630.html
>
> Signed-off-by: Lucas Alvares Gomes 

Thanks, Lucas.  I have applied this backport to branch-2.8.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v1 1/1] Build the JSON C extension for the Python lib

2017-12-05 Thread Russell Bryant 
On Tue, Oct 31, 2017 at 3:55 PM, Ben Pfaff <b...@ovn.org> wrote:
> On Thu, Aug 17, 2017 at 02:14:13PM -0500, Terry Wilson wrote:
>> The JSON C extensions performs much better than the pure Python
>> version, so build it when producing RPMs.
>>
>> Signed-off-by: Terry Wilson <twil...@redhat.com>
>
> Hi Russell, would you mind taking a look at this?  It is Pythonic and
> touches only the RHEL directory, so I don't feel entirely qualified to
> review it.

I'm sorry for letting this sit so long.  I seem to recall there were
some concerns with this, so I never really got into it.

Terry - can you please recap the status of this patch?  Do you feel
it's ready as-is, or was there more work that needs to be done?

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v4] OVN pacemaker: Add the monitor action for Master role

2017-12-05 Thread Russell Bryant 
On Tue, Dec 5, 2017 at 1:17 PM, Numan Siddique <nusid...@redhat.com> wrote:
>
>
> On Dec 5, 2017 9:16 PM, "Russell Bryant" <russ...@ovn.org> wrote:
>
> On Mon, Dec 4, 2017 at 9:27 AM,  <nusid...@redhat.com> wrote:
>> From: Numan Siddique <nusid...@redhat.com>
>>
>> Pacemaker Resource agent periodically calls the OVN OCF's "monitor" action
>> periodically to check the status. But the OVN OCF script doesn't add the
>> action "monitor" for the role "Master" because of which the pacemaker
>> resource agent do not call the "monitor" action at all for the master.
>> In case OVN db servers exit for some reason this totally gets undetected
>> and one of the standby node is not promoted to master.
>>
>> This patch adds the monitor action for "Master" role. Also the monitor
>> action do not check for the status of the ovn-northd (if manage_northd is
>> yes).
>> This patch also checks for the status of the ovn-northd in the monitor
>> action
>> for the "Master" role. If any of the ovsdb-server or ovn-northd is not
>> running,
>> monitor action will return OCF_NOT_RUNNING and this will cause the
>> pacemaker
>> to restart the OVN OCF resource.
>>
>> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1512568
>> Signed-off-by: Numan Siddique <nusid...@redhat.com>
>> CC: Russell Bryant <russ...@ovn.org>
>
> Thanks, Numan.  I applied v4 to master and branch-2.8.
>
>
> Thanks Russell for the review and applying. Is it possible to apply this to
> branch 2.7 as well since we see the issue there.

Backported to branch-2.7 as well.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v1] OVN: Add external_ids to NAT and Logical_Router_Static_Route tables.

2017-12-05 Thread Russell Bryant 
Lucas asked me about backporting this one, as OpenStack would start
making use of it with an OVS 2.8 update if available.

The schema change seems pretty harmless.  The catch is that this also
updated the schema version number from "5.8.1" to "5.8.2", while
branch-2.8 has "5.8.0".  master includes a change that introduced a
new feature, along with the "5.8.1" update, that we would not
backport.

The main choices seem to be ...

1) Don't backport.

2) Backport, but leave the schema version number unchanged in branch-2.8.

Does anyone see a problem with option #2?  It's easy enough to
determine if the new columns are present, even without the version
number bump.

On Mon, Dec 4, 2017 at 2:11 PM, Ben Pfaff <b...@ovn.org> wrote:
> Applied, thanks.
>
> On Mon, Dec 04, 2017 at 03:06:39PM +0100, Daniel Alvarez Sanchez wrote:
>> Acked-by: Daniel Alvarez <dalva...@redhat.com>
>>
>> From [0] one can expect this column to be present in all tables.
>> [0] https://github.com/openvswitch/ovs/blob/v2.8.1/ovn/ovn-nb.xml#L19
>>
>> On Mon, Dec 4, 2017 at 2:16 PM, <lmart...@redhat.com> wrote:
>>
>> > From: Lucas Alvares Gomes <lucasago...@gmail.com>
>> >
>> > The external_ids column is missing from the NAT and
>> > Logical_Router_Static_Route tables.
>> >
>> > Signed-off-by: Lucas Alvares Gomes <lucasago...@gmail.com>
>> > ---
>> >  ovn/ovn-nb.ovsschema | 14 ++
>> >  ovn/ovn-nb.xml   | 14 ++
>> >  2 files changed, 24 insertions(+), 4 deletions(-)
>> >
>> > diff --git a/ovn/ovn-nb.ovsschema b/ovn/ovn-nb.ovsschema
>> > index fcd878cf2..081ddb54c 100644
>> > --- a/ovn/ovn-nb.ovsschema
>> > +++ b/ovn/ovn-nb.ovsschema
>> > @@ -1,7 +1,7 @@
>> >  {
>> >  "name": "OVN_Northbound",
>> > -"version": "5.8.1",
>> > -"cksum": "607160660 16929",
>> > +"version": "5.9.0",
>> > +"cksum": "1120419033 17249",
>> >  "tables": {
>> >  "NB_Global": {
>> >  "columns": {
>> > @@ -238,7 +238,10 @@
>> >   "dst-ip"]]},
>> >  "min": 0, "max": 1}},
>> >  "nexthop": {"type": "string"},
>> > -"output_port": {"type": {"key": "string", "min": 0,
>> > "max": 1}}},
>> > +"output_port": {"type": {"key": "string", "min": 0,
>> > "max": 1}},
>> > +"external_ids": {
>> > +"type": {"key": "string", "value": "string",
>> > + "min": 0, "max": "unlimited"}}},
>> >  "isRoot": false},
>> >  "NAT": {
>> >  "columns": {
>> > @@ -252,7 +255,10 @@
>> > "enum": ["set", ["dnat",
>> >   "snat",
>> >
>> > "dnat_and_snat"
>> > -   ]],
>> > +   ]]}}},
>> > +"external_ids": {
>> > +"type": {"key": "string", "value": "string",
>> > + "min": 0, "max": "unlimited"}}},
>> >  "isRoot": false},
>> >  "DHCP_Options": {
>> >  "columns": {
>> > diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
>> > index 1091c05ce..4e3899f28 100644
>> > --- a/ovn/ovn-nb.xml
>> > +++ b/ovn/ovn-nb.xml
>> > @@ -1540,6 +1540,13 @@
>> >  address as the one via which the  is
>> > reachable.
>> >
>> >  
>> > +
>> > +
>> > +  
>> > +See External IDs at the beginning of this document.
>> > +  
>> > +
>> > +
>> >
>> >
>> >
>> > @@ -1618,6 +1625,13 @@
>> >  port instance on the redirect-chassis.
>> >
>> >  
>> > +
>> > +
>> > +  
>> > +See External IDs at the beginning of this document.
>> > +  
>> > +
>> > +
>> >
>> >
>> >
>> > --
>> > 2.15.1
>> >
>> > ___
>> > dev mailing list
>> > d...@openvswitch.org
>> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>> >
>> ___
>> dev mailing list
>> d...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v4] OVN pacemaker: Add the monitor action for Master role

2017-12-05 Thread Russell Bryant 
On Mon, Dec 4, 2017 at 9:27 AM,  <nusid...@redhat.com> wrote:
> From: Numan Siddique <nusid...@redhat.com>
>
> Pacemaker Resource agent periodically calls the OVN OCF's "monitor" action
> periodically to check the status. But the OVN OCF script doesn't add the
> action "monitor" for the role "Master" because of which the pacemaker
> resource agent do not call the "monitor" action at all for the master.
> In case OVN db servers exit for some reason this totally gets undetected
> and one of the standby node is not promoted to master.
>
> This patch adds the monitor action for "Master" role. Also the monitor
> action do not check for the status of the ovn-northd (if manage_northd is 
> yes).
> This patch also checks for the status of the ovn-northd in the monitor action
> for the "Master" role. If any of the ovsdb-server or ovn-northd is not 
> running,
> monitor action will return OCF_NOT_RUNNING and this will cause the pacemaker
> to restart the OVN OCF resource.
>
> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1512568
> Signed-off-by: Numan Siddique <nusid...@redhat.com>
> CC: Russell Bryant <russ...@ovn.org>

Thanks, Numan.  I applied v4 to master and branch-2.8.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v3] OVN pacemaker: Add the monitor action for Master role

2017-12-04 Thread Russell Bryant 
;;
>  esac
> @@ -360,7 +382,7 @@ ovsdb_server_stop() {
>
>  while [ 1 = 1 ]; do
>  # It is important that we don't return until we're stopped
> -ovsdb_server_check_status
> +ovsdb_server_check_status ignore_northd
>  rc=$?
>  case $rc in
>  $OCF_SUCCESS)
> @@ -381,7 +403,7 @@ ovsdb_server_stop() {
>  }
>
>  ovsdb_server_promote() {
> -ovsdb_server_check_status
> +ovsdb_server_check_status ignore_northd
>  rc=$?
>  case $rc in
>  ${OCF_SUCCESS}) ;;
> @@ -395,6 +417,11 @@ ovsdb_server_promote() {
>  ${OVN_CTL} promote_ovnnb
>  ${OVN_CTL} promote_ovnsb
>
> +if [ "$MANAGE_NORTHD" = "yes" ]; then
> +# Startup ovn-northd service
> +${OVN_CTL} --ovn-manage-ovsdb=no start_northd
> +fi
> +
>  ocf_log debug "ovndb_servers: Promoting $host_name as the master"
>  # Record ourselves so that the agent has a better chance of doing
>  # the right thing at startup
> @@ -404,6 +431,8 @@ ovsdb_server_promote() {
>  }
>
>  ovsdb_server_demote() {
> +# While demoting, check the status of ovn_northd.
> +# In case ovn_northd is not running, we should return OCF_NOT_RUNNING.
>  ovsdb_server_check_status
>  if [ $? = $OCF_NOT_RUNNING ]; then
>  return $OCF_NOT_RUNNING
> @@ -452,6 +481,10 @@ ovsdb_server_demote() {
>  ${OVN_CTL} demote_ovnsb --db-sb-sync-from-addr=${INVALID_IP_ADDRESS}
>  fi
>
> +if [ "$MANAGE_NORTHD" = "yes" ]; then
> +# Stop ovn-northd service
> +${OVN_CTL} --ovn-manage-ovsdb=no stop_northd
> +fi
>  ovsdb_server_master_update $OCF_SUCCESS
>  return $OCF_SUCCESS
>  }
> --
> 2.14.3
>



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] rhel: fix log directory permissions

2017-10-18 Thread Russell Bryant 
On Fri, Sep 22, 2017 at 9:44 AM, Aaron Conole <acon...@redhat.com> wrote:
> When the logrotate script runs, and Open vSwitch is running as a non-root
> user, the /var/log/openvswitch directory doesn't have other rx bits set.
> This means the reopen attempt will fail with "permission denied", even though
> the default logrotate configuration creates a new log file with the
> appropriate attributes.
>
> This change sets the r/x bits for other on /var/log/messages
>
> Signed-off-by: Aaron Conole <acon...@redhat.com>
> Tested-by: Jean Hsiao <jhs...@redhat.com>
> ---
>  rhel/openvswitch-fedora.spec.in | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Thanks for the patch!  I applied this to master and branch-2.8.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] ovn pacemaker: Provide the option to configure inactivity probe value

2017-10-13 Thread Russell Bryant 
FO="${HA_SBIN_DIR}/crm_attribute --type crm_config
>> --name OVN_REPL_INFO -s ovn_ovsdb_master_server"
>> >>>  OVN_CTL=${OCF_RESKEY_ovn_ctl:-${OVN_CTL_DEFAULT}}
>> >>> @@ -17,6 +19,7 @@ NB_MASTER_PROTO=${OCF_RESKEY_
>> nb_master_protocol:-${NB_MASTER_PROTO_DEFAULT}}
>> >>>  SB_MASTER_PORT=${OCF_RESKEY_sb_master_port:-${SB_MASTER_
>> PORT_DEFAULT}}
>> >>>  SB_MASTER_PROTO=${OCF_RESKEY_sb_master_protocol:-${SB_
>> MASTER_PROTO_DEFAULT}}
>> >>>  MANAGE_NORTHD=${OCF_RESKEY_manage_northd:-${MANAGE_NORTHD_DEFAULT}}
>> >>> +INACTIVE_PROBE=${OCF_RESKEY_inactive_probe_interval:-${
>> INACTIVE_PROBE_DEFAULT}}
>> >>>
>> >>>  # Invalid IP address is an address that can never exist in the
>> network, as
>> >>>  # mentioned in rfc-5737. The ovsdb servers connects to this IP
>> address till
>> >>> @@ -101,6 +104,14 @@ ovsdb_server_metadata() {
>> >>>
>> >>>
>> >>>
>> >>> +  
>> >>> +  
>> >>> +  Inactive probe interval to set for ovsdb-server.
>> >>> +  
>> >>> +  Set inactive probe interval
>> >>> +  
>> >>> +  
>> >>> +
>> >>>
>> >>>
>> >>>
>> >>> @@ -138,6 +149,22 @@ ovsdb_server_notify() {
>> >>>  ${OVN_CTL} --ovn-manage-ovsdb=no start_northd
>> >>>  fi
>> >>>
>> >>> +conn=`ovn-nbctl get NB_global . connections`
>> >>> +if [ "$conn" == "[]" ]
>> >>> +then
>> >>> +ovn-nbctl -- --id=@conn_uuid create Connection \
>> >>> +target="p${NB_MASTER_PROTO}\:${NB_MASTER_PORT}\:${MASTER_IP}" \
>> >>> +inactivity_probe=$INACTIVE_PROBE -- set NB_Global .
>> connections=@conn_uuid
>> >>> +fi
>> >>> +
>> >>> +conn=`ovn-sbctl get SB_global . connections`
>> >>> +if [ "$conn" == "[]" ]
>> >>> +then
>> >>> +ovn-sbctl -- --id=@conn_uuid create Connection \
>> >>> +target="p${SB_MASTER_PROTO}\:${SB_MASTER_PORT}\:${MASTER_IP}" \
>> >>> +inactivity_probe=$INACTIVE_PROBE -- set SB_Global .
>> connections=@conn_uuid
>> >>> +fi
>> >>> +
>> >>>  else
>> >>>  if [ "$MANAGE_NORTHD" = "yes" ]; then
>> >>>  # Stop ovn-northd service. Set --ovn-manage-ovsdb=no so
>> that
>> >>> --
>> >>> 2.13.5
>> >>>
>> >>> ___
>> >>> dev mailing list
>> >>> d...@openvswitch.org
>> >>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 07/13] jsonrpc: Allow jsonrpc_session to have more than one remote.

2017-10-09 Thread Russell Bryant 
On Mon, Oct 9, 2017 at 4:11 PM, Ben Pfaff <b...@ovn.org> wrote:
> On Mon, Oct 09, 2017 at 03:57:18PM -0400, Russell Bryant wrote:
>> On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
>> > The implementation cycles through the remotes in random order.  This allows
>> > clients to perform some load balancing across alternative implementations
>> > of a service.
>> >
>> > Signed-off-by: Ben Pfaff <b...@ovn.org>
>> > ---
>> >  lib/jsonrpc.c | 53 -
>> >  lib/jsonrpc.h |  6 +-
>> >  lib/svec.c| 18 ++
>> >  lib/svec.h|  1 +
>> >  4 files changed, 72 insertions(+), 6 deletions(-)
>>
>> > diff --git a/lib/svec.c b/lib/svec.c
>> > index 297a60ce14f9..c1b986bab108 100644
>> > --- a/lib/svec.c
>> > +++ b/lib/svec.c
>> > @@ -20,6 +20,7 @@
>> >  #include 
>> >  #include 
>> >  #include "openvswitch/dynamic-string.h"
>> > +#include "random.h"
>> >  #include "util.h"
>> >  #include "openvswitch/vlog.h"
>> >
>> > @@ -174,6 +175,23 @@ svec_compact(struct svec *svec)
>> >  svec->n = j;
>> >  }
>> >
>> > +static void
>> > +swap_strings(char **a, char **b)
>> > +{
>> > +char *tmp = *a;
>> > +*a = *b;
>> > +*b = tmp;
>> > +}
>> > +
>> > +void
>> > +svec_shuffle(struct svec *svec)
>> > +{
>> > +for (size_t i = 0; i < svec->n; i++) {
>> > +size_t j = i + random_range(svec->n - i);
>> > +swap_strings(>names[i], >names[j]);
>> > +}
>> > +}
>> > +
>>
>> I'm not sure this is as random as we'd like.
>>
>> Even if there are 10 elements, the first element has a 50% chance of
>> staying there, since it's only considered for a swap when i == 0.
>> That extends to the general behavior that the closer an element is to
>> the beginning, the better chance it has of staying near the beginning.
>>
>> Or am I reading it wrong?
>
> I don't think that's right.  When 'n' is 10 and 'i' == 0, the first
> element is swapped with a randomly chosen element, whose index is
> random_range(10).
>
> This is the standard shuffling algorithm (unless I implemented it wrong,
> which is possible).  When 'i' is 0, it randomly selects any of the
> elements in the array and makes that the first element.  When 'i' is 1,
> it randomly select any of the remaining elements in the array and makes
> that the second element.  In general, at each step, it randomly chooses
> any of the elements that haven't been chosen yet as the next element.
>
> Did I get it wrong?  It's easy to do that since shuffles are difficult
> to test.

No, I got it wrong.  Sorry.

Acked-by: Russell Bryant <russ...@ovn.org>

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 13/13] json: New function json_object_put_format().

2017-10-09 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> This will acquire users in an upcoming commit.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>
> ---
>  include/openvswitch/json.h |  6 +-
>  lib/json.c | 12 
>  2 files changed, 17 insertions(+), 1 deletion(-)

Acked-by: Russell Bryant <russ...@ovn.org>

Is it required to put the printf function attribute in both json.h and
json.c?  I figure it's harmless, but wasn't sure if it was necessary.

> diff --git a/include/openvswitch/json.h b/include/openvswitch/json.h
> index edf53e594eb0..61b9a02cfc19 100644
> --- a/include/openvswitch/json.h
> +++ b/include/openvswitch/json.h
> @@ -1,5 +1,5 @@
>  /*
> - * Copyright (c) 2009, 2010, 2015 Nicira, Inc.
> + * Copyright (c) 2009, 2010, 2015, 2016 Nicira, Inc.
>   *
>   * Licensed under the Apache License, Version 2.0 (the "License");
>   * you may not use this file except in compliance with the License.
> @@ -38,6 +38,7 @@ extern "C" {
>  #endif
>
>  struct ds;
> +struct uuid;
>
>  /* Type of a JSON value. */
>  enum json_type {
> @@ -92,6 +93,9 @@ struct json *json_object_create(void);
>  void json_object_put(struct json *, const char *name, struct json *value);
>  void json_object_put_string(struct json *,
>  const char *name, const char *value);
> +void json_object_put_format(struct json *,
> +const char *name, const char *format, ...)
> +OVS_PRINTF_FORMAT(3, 4);
>
>  const char *json_string(const struct json *);
>  struct json_array *json_array(const struct json *);
> diff --git a/lib/json.c b/lib/json.c
> index b98e60f87f4b..5e93190b8a03 100644
> --- a/lib/json.c
> +++ b/lib/json.c
> @@ -29,6 +29,7 @@
>  #include "openvswitch/shash.h"
>  #include "unicode.h"
>  #include "util.h"
> +#include "uuid.h"
>
>  /* The type of a JSON token. */
>  enum json_token_type {
> @@ -284,6 +285,17 @@ json_object_put_string(struct json *json, const char 
> *name, const char *value)
>  json_object_put(json, name, json_string_create(value));
>  }
>
> +void OVS_PRINTF_FORMAT(3, 4)
> +json_object_put_format(struct json *json,
> +   const char *name, const char *format, ...)
> +{
> +va_list args;
> +va_start(args, format);
> +json_object_put(json, name,
> +json_string_create_nocopy(xvasprintf(format, args)));
> +    va_end(args);
> +}
> +
>  const char *
>  json_string(const struct json *json)
>  {
> --
> 2.10.2
>
> ___
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 12/13] json: New function json_nullable_clone().

2017-10-09 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> Signed-off-by: Ben Pfaff <b...@ovn.org>
> ---
>  include/openvswitch/json.h | 1 +
>  lib/json.c | 8 +++-
>  2 files changed, 8 insertions(+), 1 deletion(-)

Acked-by: Russell Bryant <russ...@ovn.org>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 11/13] uuid: New function uuid_random().

2017-10-09 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> Signed-off-by: Ben Pfaff <b...@ovn.org>
> ---
>  lib/uuid.c | 8 
>  lib/uuid.h | 1 +
>  2 files changed, 9 insertions(+)

Acked-by: Russell Bryant <russ...@ovn.org>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 10/13] tests: Add support for 1-argument 'seq' in emulation.

2017-10-09 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> The testsuite has an emulation of the common utility 'seq' that only
> supported 2- and 3-argument forms.  This commit adds support for the
> 1-argument form.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>

Acked-by: Russell Bryant <russ...@ovn.org>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 09/13] socket-util: Make parse_bracketed_token() public, as inet_parse_token().

2017-10-09 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> An upcoming commit will introduce a new user outside socket-util.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>

Acked-by: Russell Bryant <russ...@ovn.org>

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 08/13] jsonrpc: Increment sequence number when connection actually made.

2017-10-09 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> The purpose of the sequence number is to allow the client to figure out
> when the connection status has changed.  The significant event for the
> client is when a connection completes, not when a connection attempt
> starts.  Thus, this commit changes the code to increment the sequence
> number at completion, not at the attempt.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>

Acked-by: Russell Bryant <russ...@ovn.org>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 07/13] jsonrpc: Allow jsonrpc_session to have more than one remote.

2017-10-09 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> The implementation cycles through the remotes in random order.  This allows
> clients to perform some load balancing across alternative implementations
> of a service.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>
> ---
>  lib/jsonrpc.c | 53 -
>  lib/jsonrpc.h |  6 +-
>  lib/svec.c| 18 ++
>  lib/svec.h|  1 +
>  4 files changed, 72 insertions(+), 6 deletions(-)

> diff --git a/lib/svec.c b/lib/svec.c
> index 297a60ce14f9..c1b986bab108 100644
> --- a/lib/svec.c
> +++ b/lib/svec.c
> @@ -20,6 +20,7 @@
>  #include 
>  #include 
>  #include "openvswitch/dynamic-string.h"
> +#include "random.h"
>  #include "util.h"
>  #include "openvswitch/vlog.h"
>
> @@ -174,6 +175,23 @@ svec_compact(struct svec *svec)
>  svec->n = j;
>  }
>
> +static void
> +swap_strings(char **a, char **b)
> +{
> +char *tmp = *a;
> +*a = *b;
> +*b = tmp;
> +}
> +
> +void
> +svec_shuffle(struct svec *svec)
> +{
> +for (size_t i = 0; i < svec->n; i++) {
> +size_t j = i + random_range(svec->n - i);
> +swap_strings(>names[i], >names[j]);
> +}
> +}
> +

I'm not sure this is as random as we'd like.

Even if there are 10 elements, the first element has a 50% chance of
staying there, since it's only considered for a swap when i == 0.
That extends to the general behavior that the closer an element is to
the beginning, the better chance it has of staying near the beginning.

Or am I reading it wrong?

Thanks,

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 06/13] reconnect: Add ability to do a number of retries without backoff.

2017-10-09 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> This is aimed at an upcoming database clustering implementation, where it's
> desirable to try all of the cluster members quickly before backing off to
> retry them again in sequence.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>

Acked-by: Russell Bryant <russ...@ovn.org>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] Introduce Emeritus Committer status.

2017-10-09 Thread Russell Bryant 
On Mon, Oct 9, 2017 at 1:42 PM, Ben Pfaff <b...@ovn.org> wrote:
> On Mon, Oct 09, 2017 at 01:25:57PM -0400, Russell Bryant wrote:
>> On Sat, Oct 7, 2017 at 12:22 AM, Ben Pfaff <b...@ovn.org> wrote:
>> > 2. Do we need a vote of the committers to approve this change?  I
>> >think that I would be more comfortable if we did have one.
>>
>> Yes, I think that would be best.
>>
>> Shall we record the vote as a set of acks on the patch?
>
> I think that would be harmless in this case, but I believe that it would
> set a bad precedent.  We do not use a secret voting system among the
> committers but we have never (as far as I know) released the details of
> a vote result to a wider community.  So I'd prefer, slightly, to do the
> vote on the committers list in the usual way.

OK, sure.  I didn't think about it enough since votes don't happen
often.  I didn't mean to stray from the norm.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2] Introduce Emeritus Committer status.

2017-10-09 Thread Russell Bryant 
This patch introduces an Emeritus status for OVS committers. An
Emeritus Committer is recognized as having made a significant impact
to the project and having been a committer in the past.  It is
intended as an option for those that do not currently have the time or
interest to fulfill committer responsibilities based on their current
responsibilities.  While in this status, they are not included in
voting for governance purposes.

An emeritus committer may be re-instated as a full committer at any
time.

See documentation contents for full details.

Suggested-by: Ethan J. Jackson <e...@eecs.berkeley.edu>
Signed-off-by: Russell Bryant <russ...@ovn.org>
---
 Documentation/automake.mk  |  1 +
 Documentation/index.rst|  3 +-
 .../internals/committer-emeritus-status.rst| 63 ++
 Documentation/internals/index.rst  |  1 +
 MAINTAINERS.rst| 14 -
 5 files changed, 80 insertions(+), 2 deletions(-)
 create mode 100644 Documentation/internals/committer-emeritus-status.rst


v1->v2:
 - incorporate suggested changes from Ben.


diff --git a/Documentation/automake.mk b/Documentation/automake.mk
index 6f38912f2..8adce852e 100644
--- a/Documentation/automake.mk
+++ b/Documentation/automake.mk
@@ -78,6 +78,7 @@ DOC_SOURCE = \
Documentation/internals/index.rst \
Documentation/internals/authors.rst \
Documentation/internals/bugs.rst \
+   Documentation/internals/committer-emeritus-status.rst \
Documentation/internals/committer-grant-revocation.rst \
Documentation/internals/committer-responsibilities.rst \
Documentation/internals/documentation.rst \
diff --git a/Documentation/index.rst b/Documentation/index.rst
index 836c37fc3..b7a792b0d 100644
--- a/Documentation/index.rst
+++ b/Documentation/index.rst
@@ -107,7 +107,8 @@ Learn more about the Open vSwitch project and about how you 
can contribute:
 
 - **Maintaining:** :doc:`internals/maintainers` |
   :doc:`internals/committer-responsibilities` |
-  :doc:`internals/committer-grant-revocation`
+  :doc:`internals/committer-grant-revocation` |
+  :doc:`internals/committer-emeritus-status`
 
 - **Documentation:** :doc:`internals/contributing/documentation-style` |
   :doc:`Building Open vSwitch Documentation ` |
diff --git a/Documentation/internals/committer-emeritus-status.rst 
b/Documentation/internals/committer-emeritus-status.rst
new file mode 100644
index 0..ad9dca2c3
--- /dev/null
+++ b/Documentation/internals/committer-emeritus-status.rst
@@ -0,0 +1,63 @@
+..
+  Licensed under the Apache License, Version 2.0 (the "License"); you may
+  not use this file except in compliance with the License. You may obtain
+  a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+  License for the specific language governing permissions and limitations
+  under the License.
+
+  Convention for heading levels in Open vSwitch documentation:
+
+  ===  Heading 0 (reserved for the title in a document)
+  ---  Heading 1
+  ~~~  Heading 2
+  +++  Heading 3
+  '''  Heading 4
+
+  Avoid deeper levels because they do not render well.
+
+==
+Emeritus Status for OVS Committers
+==
+
+OVS committers are nominated and elected based on their impact on the Open
+vSwitch project.  Over time, as committers' responsibilities change, some may
+become unable or uninterested to actively participate in project governance.
+Committer "emeritus" status provides a way for committers to take a leave of
+absence from OVS governance responsibilities.  The following guidelines clarify
+the process around the emeritus status for committers:
+
+* An committer may choose to transition from active to emeritus, or from
+  emeritus to active, by sending an email to the committers mailing list.
+
+* If a committer hasn't been heard from in 6 months, and does not respond to
+  reasonable attempts to contact him or her, the other committers can vote as a
+  majority to transition the committer from active to emeritus.  (If the
+  committer resurfaces, he or she can transition back to active by sending an
+  email to the committers mailing list.)
+
+* Emeritus committers may stay on the committers mailing list to continue to
+  follow any discussions there.
+
+* Emeritus committers do not nominate or vote in committer elections.  From a
+  governance perspective, they are equivalent to a non-committer.
+
+* Emeritus committers cannot merge patches to the OVS repository.
+
+* Emeritus co

Re: [ovs-dev] [PATCH] Introduce Emeritus Committer status.

2017-10-09 Thread Russell Bryant 
On Sat, Oct 7, 2017 at 12:22 AM, Ben Pfaff <b...@ovn.org> wrote:
> On Fri, Oct 06, 2017 at 08:19:04PM -0400, Russell Bryant wrote:
>> This patch introduces an Emeritus status for OVS committers. An
>> Emeritus Committer is recognized as having made a significant impact
>> to the project and having been a committer in the past.  It is
>> intended as an option for those that do not currently have the time or
>> interest to fulfill committer responsibilities based on their current
>> responsibilities.  While in this status, they are not included in
>> voting for governance purposes.
>>
>> An emeritus committer may be re-instated as a full committer at any
>> time.
>>
>> See documentation contents for full details.
>>
>> Suggested-by: Ethan J. Jackson <e...@eecs.berkeley.edu>
>> Signed-off-by: Russell Bryant <russ...@ovn.org>
>
> Thank you.
>
> I felt like doing some editing.  Here is my version.  You don't have to
> use it though.

I like your edits.  I'll use them and post a v2.

>
> I have procedural questions:
>
> 1. Do we need to get Linux Foundation approval for this change?  My
>inclination is to believe that we do not, because 2.c.iii in the
>project charter says that the committers may "amend, adjust and
>refine the roles of Contributors and Committers listed in Section
>2.b., create new roles and publicly document responsibilities and
>expectations for such roles, as it sees fit" and I think that
>this falls squarely in that category.

For others following along, see http://openvswitch.org/charter/

I agree with your interpretation.

> 2. Do we need a vote of the committers to approve this change?  I
>think that I would be more comfortable if we did have one.

Yes, I think that would be best.

Shall we record the vote as a set of acks on the patch?

>
> Thanks,
>
> Ben.
>
> --8<--cut here-->8--
>
> OVS committers are nominated and elected based on their impact on the Open
> vSwitch project.  Over time, as committers' responsibilities change, some may
> become unable or uninterested to actively participate in project governance.
> Committer "emeritus" status provides a way for committers to take a leave of
> absence from OVS governance responsibilities.  The following guidelines 
> clarify
> the process around the emeritus status for committers:
>
> * An committer may choose to transition from active to emeritus, or from
>   emeritus to active, by sending an email to the committers mailing list.
>
> * If a committer hasn't been heard from in 6 months, and does not respond to
>   reasonable attempts to contact him or her, the other committers can vote as 
> a
>   majority to transition the committer from active to emeritus.  (If the
>   committer resurfaces, he or she can transition back to active by sending an
>   email to the committers mailing list.)
>
> * Emeritus committers may stay on the committers mailing list to continue to
>   follow any discussions there.
>
> * Emeritus committers do not nominate or vote in committer elections.  From a
>   governance perspective, they are equivalent to a non-committer.
>
> * Emeritus committers cannot merge patches to the OVS repository.
>
> * Emeritus committers will be listed in a separate section in the
>   MAINTAINERS.rst file to continue to recognize their contributions to the
>   project.
>
> Emeritus status does not replace the procedures for forcibly removing a
> committer.
>
> Note that just because a committer is not able to work on the project on a
> day-to-day basis, we feel they are still capable of providing input on the
> direction of the project.  No committer should feel pressured to move
> themselves to this status.  Again, it's just an option for those that do not
> currently have the time or interest.
>



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH] util: Fix style in ovs_hex_dump().

2017-10-09 Thread Russell Bryant 
On Sat, Oct 7, 2017 at 12:01 AM, Ben Pfaff <b...@ovn.org> wrote:
> Reported-by: Russell Bryant <russ...@ovn.org>
> Signed-off-by: Ben Pfaff <b...@ovn.org>

Thanks :-)

Acked-by: Russell Bryant <russ...@ovn.org>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] locks for clustered OVSDB

2017-10-09 Thread Russell Bryant 
oduce any new restriction to the locking mechanism, comparing with the
>> current single node implementation. Both new and old approach support
>> avoiding redundant work, but not for correctness (unless "assert" or some
>> other "fence" is used). Is this correct?
>
> It's accurate that clustering would not technically introduce new
> restrictions.  It will increase race windows, especially over Unix
> sockets, so anyone who is currently (incorrectly) relying on OVSDB
> locking for correctness will probably start seeing failures that they
> did not see before.  I'd be pleased to hear that no one is doing this.

You discussed the ovn-northd use case in your original post (thanks!).

The existing Neutron integration use case should be fine.  In that
case, it's not committing any transactions.  The lock is only used to
ensure that only one server is processing logical switch port "up"
state.  If more than one thinks it has a lock, the worst that can
happen is we send the same port event through OpenStack more than
once.  That's mostly harmless, aside from a log message.

Miguel mentioned that it might be used for an additional use case that
Lucas is working on, but OVSDB locks are not used there.

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 05/13] ofp-print: Avoid trailing white space in OpenFlow dumps.

2017-10-06 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> ofp_to_string() sometimes yields a trailing space in its output.  This is
> annoying for the test infrastructure, since we have to specially mark the
> trailing white space in Autotest with a "@@" marker at the end of the
> line.  This commit gets rid of the trailing white space and the annoying
> "@@" markers.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>

Acked-by: Russell Bryant <russ...@ovn.org>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 04/13] util: Avoid trailing white space in hex dumps.

2017-10-06 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> ovs_hex_dump() sometimes yields a trailing space in its output.  This is
> annoying for the test infrastructure, since we have to specially mark the
> trailing white space in Autotest with a "@@" marker at the end of the
> line.  This commit gets rid of the trailing white space and the annoying
> "@@" markers.
>
> This also gets rid of an occasional trailing hyphen.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>

Acked-by: Russell Bryant <russ...@ovn.org>

ovs_hex_dump() hurts my eyes a little bit by not following style
guidelines, but that's unrelated to this patch.  :-)
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 03/13] table: Avoid trailing white space in tables.

2017-10-06 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> Commands that use the table library, such as ovs-vsctl and  "ovsdb-client
> dump", print trailing white space in tabular output, to fill out the entire
> width of their tabular columns.  This is annoying whenever we use these
> commands in the test infrastructure, since we have to specially mark the
> trailing white space in Autotest with a "@@" marker at the end of the
> line.  This commit gets rid of the trailing white space and the annoying
> "@@" markers.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>
> ---
>  lib/table.c|  3 ++
>  tests/ovsdb-replication.at | 12 
>  tests/ovsdb-server.at  | 38 
>  tests/ovsdb-tool.at| 72 
> +++-----------
>  4 files changed, 64 insertions(+), 61 deletions(-)

Acked-by: Russell Bryant <russ...@ovn.org>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 02/13] daemon-unix: With --monitor, only close standard fds if --detach also used.

2017-10-06 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> Daemons generally should close the standard fds because they don't want to
> hold open an SSH session, etc. that is attached to a tty.  But --monitor
> without --detach does not daemonize, so do not close fds in that case.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>

Acked-by: Russell Bryant <russ...@ovn.org>

-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 01/13] replication: Avoid theoretical use-after-free error in reset_database().

2017-10-06 Thread Russell Bryant 
On Fri, Oct 6, 2017 at 8:44 PM, Ben Pfaff <b...@ovn.org> wrote:
> Code that calls ovsdb_txn_row_delete() should avoid referencing the
> deleted row again, because it might be freed.  In practice this shouldn't
> really happen in this case because of the particular circumstances, but it
> costs little to be careful.
>
> Signed-off-by: Ben Pfaff <b...@ovn.org>

Acked-by: Russell Bryant <russ...@ovn.org>
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] Introduce Emeritus Committer status.

2017-10-06 Thread Russell Bryant 
This patch introduces an Emeritus status for OVS committers. An
Emeritus Committer is recognized as having made a significant impact
to the project and having been a committer in the past.  It is
intended as an option for those that do not currently have the time or
interest to fulfill committer responsibilities based on their current
responsibilities.  While in this status, they are not included in
voting for governance purposes.

An emeritus committer may be re-instated as a full committer at any
time.

See documentation contents for full details.

Suggested-by: Ethan J. Jackson <e...@eecs.berkeley.edu>
Signed-off-by: Russell Bryant <russ...@ovn.org>
---
 Documentation/automake.mk  |  1 +
 Documentation/index.rst|  3 +-
 .../internals/committer-emeritus-status.rst| 65 ++
 Documentation/internals/index.rst  |  1 +
 MAINTAINERS.rst| 14 -
 5 files changed, 82 insertions(+), 2 deletions(-)
 create mode 100644 Documentation/internals/committer-emeritus-status.rst

diff --git a/Documentation/automake.mk b/Documentation/automake.mk
index 6f38912f2..8adce852e 100644
--- a/Documentation/automake.mk
+++ b/Documentation/automake.mk
@@ -78,6 +78,7 @@ DOC_SOURCE = \
Documentation/internals/index.rst \
Documentation/internals/authors.rst \
Documentation/internals/bugs.rst \
+   Documentation/internals/committer-emeritus-status.rst \
Documentation/internals/committer-grant-revocation.rst \
Documentation/internals/committer-responsibilities.rst \
Documentation/internals/documentation.rst \
diff --git a/Documentation/index.rst b/Documentation/index.rst
index 836c37fc3..b7a792b0d 100644
--- a/Documentation/index.rst
+++ b/Documentation/index.rst
@@ -107,7 +107,8 @@ Learn more about the Open vSwitch project and about how you 
can contribute:
 
 - **Maintaining:** :doc:`internals/maintainers` |
   :doc:`internals/committer-responsibilities` |
-  :doc:`internals/committer-grant-revocation`
+  :doc:`internals/committer-grant-revocation` |
+  :doc:`internals/committer-emeritus-status`
 
 - **Documentation:** :doc:`internals/contributing/documentation-style` |
   :doc:`Building Open vSwitch Documentation ` |
diff --git a/Documentation/internals/committer-emeritus-status.rst 
b/Documentation/internals/committer-emeritus-status.rst
new file mode 100644
index 0..f869d72ad
--- /dev/null
+++ b/Documentation/internals/committer-emeritus-status.rst
@@ -0,0 +1,65 @@
+..
+  Licensed under the Apache License, Version 2.0 (the "License"); you may
+  not use this file except in compliance with the License. You may obtain
+  a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+  License for the specific language governing permissions and limitations
+  under the License.
+
+  Convention for heading levels in Open vSwitch documentation:
+
+  ===  Heading 0 (reserved for the title in a document)
+  ---  Heading 1
+  ~~~  Heading 2
+  +++  Heading 3
+  '''  Heading 4
+
+  Avoid deeper levels because they do not render well.
+
+==
+Emeritus Status for OVS Committers
+==
+
+There are some contributors to OVS that have made a significant impact to the
+project in its history, but based on current responsibilities, are unable or
+uninterested in participating as an official committer from a project
+governance perspective.
+
+The following guidelines clarify the process around the emeritus status for
+committers:
+
+* A committer may request themselves be placed in emeritus status by sending an
+  email to the committers mailing list.
+
+* At any time, an emeritus committer can choose to reinstate thir full
+  committer status by sending an email to the committers mailing list.
+
+* If a committer hasn't been heard from in 6 months, the other committers can
+  vote as a majority to put them in emeritus committer status.  Committers put
+  into emeritus status this way can become regular committers at any time as
+  described above.  Note that this provision would not replace the procedures
+  for forcibly removing a committer.  It would just be another option for
+  people who aren't active anymore.
+
+* Emeritus committers may stay on the committers mailing list to continue to
+  follow any discussions there.
+
+* Emeritus committers do not nominate or vote in committer elections.  From a
+  governance perspective, they are equivalent to a non-committer.
+
+* Emeritus committers can not merge patches to the OVS repository.
+
+* Em

Re: [ovs-dev] [PATCH] rhel: fix log directory permissions

2017-09-25 Thread Russell Bryant 
On Mon, Sep 25, 2017 at 2:42 PM, Aaron Conole <acon...@redhat.com> wrote:

> Flavio Leitner <f...@sysclose.org> writes:
>
> > On Fri, 22 Sep 2017 09:44:18 -0400
> > Aaron Conole <acon...@redhat.com> wrote:
> >
> >> When the logrotate script runs, and Open vSwitch is running as a
> non-root
> >> user, the /var/log/openvswitch directory doesn't have other rx bits set.
> >> This means the reopen attempt will fail with "permission denied", even
> though
> >> the default logrotate configuration creates a new log file with the
> >> appropriate attributes.
> >>
> >> This change sets the r/x bits for other on /var/log/messages
> >
> > /var/log/openvswitch? :-)
>
> D'oh!  Let's blame it on the problem between the keyboard and chair.
>
> Russell - since you're likely the committer for this, do you want a v2
> with a fixed message, or would you be able to fix it during apply?
>

​If it's just the commit message, don't worry about v2.​



>
> > Reproduced here
> > # ovs-appctl -t ovs-vswitchd vlog/reopen
> > Permission denied
> > ovs-appctl: ovs-vswitchd: server returned an error
> >
> > Acked-by: Flavio Leitner <f...@sysclose.org>
> >
> >
> >>
> >> Signed-off-by: Aaron Conole <acon...@redhat.com>
> >> Tested-by: Jean Hsiao <jhs...@redhat.com>
> >> ---
> >>  rhel/openvswitch-fedora.spec.in | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.
> spec.in
> >> index dd79fa9..8d62393 100644
> >> --- a/rhel/openvswitch-fedora.spec.in
> >> +++ b/rhel/openvswitch-fedora.spec.in
> >> @@ -577,7 +577,7 @@ fi
> >>  %endif
> >>  %doc COPYING NOTICE README.rst NEWS rhel/README.RHEL.rst
> >>  /var/lib/openvswitch
> >> -/var/log/openvswitch
> >> +%attr(755,-,-) /var/log/openvswitch
> >>  %ghost %attr(755,root,root) %{_rundir}/openvswitch
> >>
> >>  %files ovn-docker
>



-- 
Russell Bryant
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

  1   2   3   4   >