[ovs-dev] [PATCH net-next v2] net: openvswitch: Be liberal in tcp conntrack.
From: Numan Siddique
There is no easy way to distinguish if a conntracked tcp packet is
marked invalid because of tcp_in_window() check error or because
it doesn't belong to an existing connection. With this patch,
openvswitch sets liberal tcp flag for the established sessions so
that out of window packets are not marked invalid.
A helper function - nf_ct_set_tcp_be_liberal(nf_conn) is added which
sets this flag for both the directions of the nf_conn.
Suggested-by: Florian Westphal
Signed-off-by: Numan Siddique
---
include/net/netfilter/nf_conntrack_l4proto.h | 14 ++
net/netfilter/nf_conntrack_proto_tcp.c | 6 --
net/openvswitch/conntrack.c | 8
3 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h
b/include/net/netfilter/nf_conntrack_l4proto.h
index 88186b95b3c2..9be7320b994f 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -203,6 +203,20 @@ static inline struct nf_icmp_net *nf_icmpv6_pernet(struct
net *net)
{
return >ct.nf_ct_proto.icmpv6;
}
+
+/* Caller must check nf_ct_protonum(ct) is IPPROTO_TCP before calling. */
+static inline void nf_ct_set_tcp_be_liberal(struct nf_conn *ct)
+{
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+ ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+}
+
+/* Caller must check nf_ct_protonum(ct) is IPPROTO_TCP before calling. */
+static inline bool nf_conntrack_tcp_established(const struct nf_conn *ct)
+{
+ return ct->proto.tcp.state == TCP_CONNTRACK_ESTABLISHED &&
+ test_bit(IPS_ASSURED_BIT, >status);
+}
#endif
#ifdef CONFIG_NF_CT_PROTO_DCCP
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c
b/net/netfilter/nf_conntrack_proto_tcp.c
index c8fb2187ad4b..811c6c9b59e1 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -834,12 +834,6 @@ static noinline bool tcp_new(struct nf_conn *ct, const
struct sk_buff *skb,
return true;
}
-static bool nf_conntrack_tcp_established(const struct nf_conn *ct)
-{
- return ct->proto.tcp.state == TCP_CONNTRACK_ESTABLISHED &&
- test_bit(IPS_ASSURED_BIT, >status);
-}
-
/* Returns verdict for packet, or -1 for invalid. */
int nf_conntrack_tcp_packet(struct nf_conn *ct,
struct sk_buff *skb,
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 4beb96139d77..6a88daab0190 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -1037,6 +1037,14 @@ static int __ovs_ct_lookup(struct net *net, struct
sw_flow_key *key,
ovs_ct_helper(skb, info->family) != NF_ACCEPT) {
return -EINVAL;
}
+
+ if (nf_ct_protonum(ct) == IPPROTO_TCP &&
+ nf_ct_is_confirmed(ct) && nf_conntrack_tcp_established(ct))
{
+ /* Be liberal for tcp packets so that out-of-window
+* packets are not marked invalid.
+*/
+ nf_ct_set_tcp_be_liberal(ct);
+ }
}
return 0;
--
2.28.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [net-next] netfiler: conntrack: Add the option to set ct tcp flag - BE_LIBERAL per-ct basis.
From: Numan Siddique
Before calling nf_conntrack_in(), caller can set this flag in the
connection template for a tcp packet and any errors in the
tcp_in_window() will be ignored.
A helper function - nf_ct_set_tcp_be_liberal(nf_conn) is added which
sets this flag for both the directions of the nf_conn.
openvswitch makes use of this feature so that any out of window tcp
packets are not marked invalid. Prior to this there was no easy way
to distinguish if conntracked packet is marked invalid because of
tcp_in_window() check error or because it doesn't belong to an
existing connection.
An earlier attempt (see the link) tried to solve this problem for
openvswitch in a different way. Florian Westphal instead suggested
to be liberal in openvswitch for tcp packets.
Link:
https://patchwork.ozlabs.org/project/netdev/patch/20201006083355.121018-1-nusid...@redhat.com/
Suggested-by: Florian Westphal
Signed-off-by: Numan Siddique
---
include/net/netfilter/nf_conntrack_l4proto.h | 6 ++
net/netfilter/nf_conntrack_core.c| 13 +++--
net/openvswitch/conntrack.c | 1 +
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h
b/include/net/netfilter/nf_conntrack_l4proto.h
index 88186b95b3c2..572ae8d2a622 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -203,6 +203,12 @@ static inline struct nf_icmp_net *nf_icmpv6_pernet(struct
net *net)
{
return >ct.nf_ct_proto.icmpv6;
}
+
+static inline void nf_ct_set_tcp_be_liberal(struct nf_conn *ct)
+{
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+ ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+}
#endif
#ifdef CONFIG_NF_CT_PROTO_DCCP
diff --git a/net/netfilter/nf_conntrack_core.c
b/net/netfilter/nf_conntrack_core.c
index 234b7cab37c3..8290c5b04e88 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1748,10 +1748,18 @@ static int nf_conntrack_handle_packet(struct nf_conn
*ct,
struct sk_buff *skb,
unsigned int dataoff,
enum ip_conntrack_info ctinfo,
- const struct nf_hook_state *state)
+ const struct nf_hook_state *state,
+ union nf_conntrack_proto *tmpl_proto)
{
switch (nf_ct_protonum(ct)) {
case IPPROTO_TCP:
+ if (tmpl_proto) {
+ if (tmpl_proto->tcp.seen[0].flags &
IP_CT_TCP_FLAG_BE_LIBERAL)
+ ct->proto.tcp.seen[0].flags |=
IP_CT_TCP_FLAG_BE_LIBERAL;
+
+ if (tmpl_proto->tcp.seen[1].flags &
IP_CT_TCP_FLAG_BE_LIBERAL)
+ ct->proto.tcp.seen[1].flags |=
IP_CT_TCP_FLAG_BE_LIBERAL;
+ }
return nf_conntrack_tcp_packet(ct, skb, dataoff,
ctinfo, state);
case IPPROTO_UDP:
@@ -1843,7 +1851,8 @@ nf_conntrack_in(struct sk_buff *skb, const struct
nf_hook_state *state)
goto out;
}
- ret = nf_conntrack_handle_packet(ct, skb, dataoff, ctinfo, state);
+ ret = nf_conntrack_handle_packet(ct, skb, dataoff, ctinfo, state,
+tmpl ? >proto : NULL);
if (ret <= 0) {
/* Invalid: inverse of the return code tells
* the netfilter core what to do */
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 4beb96139d77..64247be2b1d7 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -969,6 +969,7 @@ static int __ovs_ct_lookup(struct net *net, struct
sw_flow_key *key,
if (skb_nfct(skb))
nf_conntrack_put(skb_nfct(skb));
nf_conntrack_get(>ct_general);
+ nf_ct_set_tcp_be_liberal(tmpl);
nf_ct_set(skb, tmpl, IP_CT_NEW);
}
--
2.28.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH net-next] net: openvswitch: Add support to lookup invalid packet in ct action.
From: Numan Siddique
For a tcp packet which is part of an existing committed connection,
nf_conntrack_in() will return err and set skb->_nfct to NULL if it is
out of tcp window. ct action for this packet will set the ct_state
to +inv which is as expected.
But a controller cannot add an OVS flow as
table=21,priority=100,ct_state=+inv, actions=drop
to drop such packets. That is because when ct action is executed on other
packets which are not part of existing committed connections, ct_state
can be set to invalid. Few such cases are:
- ICMP reply packets.
- TCP SYN/ACK packets during connection establishment.
- SCTP INIT ACK, COOKIE ACK, DATA and DATA ACK packets.
To distinguish between an invalid packet part of committed connection
and others, this patch introduces as a new ct attribute
OVS_CT_ATTR_LOOKUP_INV. If this is set in the ct action (without commit),
it tries to find the ct entry and if present, sets the ct_state to
+inv,+trk and also sets the mark and labels associated with the
connection.
With this, a controller can add flows like
table=20,ip, action=ct(table=21, lookup_invalid)
table=21,priority=100,ct_state=+inv+trk,ct_label=0x2/0x2 actions=drop
table=21,ip, actions=resubmit(,22)
CC: Pravin B Shelar
Signed-off-by: Numan Siddique
---
RFC -> PATCH
--
* Changed the patch from RFC to a formal one. No other changes.
include/uapi/linux/openvswitch.h | 4 +++
net/openvswitch/conntrack.c | 47
2 files changed, 40 insertions(+), 11 deletions(-)
diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
index 8300cc29dec8..db942986c5b7 100644
--- a/include/uapi/linux/openvswitch.h
+++ b/include/uapi/linux/openvswitch.h
@@ -768,6 +768,9 @@ struct ovs_action_hash {
* respectively. Remaining bits control the changes for which an event is
* delivered on the NFNLGRP_CONNTRACK_UPDATE group.
* @OVS_CT_ATTR_TIMEOUT: Variable length string defining conntrack timeout.
+ * @OVS_CT_ATTR_LOOKUP_INV: If present, looks up and sets the state, mark and
+ * labels for an invalid packet (eg. out of tcp window) if it is part of
+ * committed connection.
*/
enum ovs_ct_attr {
OVS_CT_ATTR_UNSPEC,
@@ -782,6 +785,7 @@ enum ovs_ct_attr {
OVS_CT_ATTR_EVENTMASK, /* u32 mask of IPCT_* events. */
OVS_CT_ATTR_TIMEOUT,/* Associate timeout with this connection for
* fine-grain timeout tuning. */
+ OVS_CT_ATTR_LOOKUP_INV, /* No argument. */
__OVS_CT_ATTR_MAX
};
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index e6fe26a9c892..a6f96d9b4452 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -62,6 +62,7 @@ struct ovs_conntrack_info {
u8 nat : 3; /* enum ovs_ct_nat */
u8 force : 1;
u8 have_eventmask : 1;
+ u8 lookup_invalid : 1;
u16 family;
u32 eventmask; /* Mask of 1 << IPCT_*. */
struct md_mark mark;
@@ -601,12 +602,13 @@ ovs_ct_get_info(const struct nf_conntrack_tuple_hash *h)
*
* Must be called with rcu_read_lock.
*
- * On success, populates skb->_nfct and returns the connection. Returns NULL
- * if there is no existing entry.
+ * On success, populates skb->_nfct if 'skb_set_ct' is true and returns the
+ * connection. Returns NULL if there is no existing entry.
*/
static struct nf_conn *
ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone,
-u8 l3num, struct sk_buff *skb, bool natted)
+u8 l3num, struct sk_buff *skb, bool natted,
+bool skb_set_ct)
{
struct nf_conntrack_tuple tuple;
struct nf_conntrack_tuple_hash *h;
@@ -636,14 +638,17 @@ ovs_ct_find_existing(struct net *net, const struct
nf_conntrack_zone *zone,
ct = nf_ct_tuplehash_to_ctrack(h);
- /* Inverted packet tuple matches the reverse direction conntrack tuple,
-* select the other tuplehash to get the right 'ctinfo' bits for this
-* packet.
-*/
- if (natted)
- h = >tuplehash[!h->tuple.dst.dir];
+ if (skb_set_ct) {
+ /* Inverted packet tuple matches the reverse direction
+* conntrack tuple, select the other tuplehash to get the
+* right 'ctinfo' bits for this packet.
+*/
+ if (natted)
+ h = >tuplehash[!h->tuple.dst.dir];
+
+ nf_ct_set(skb, ct, ovs_ct_get_info(h));
+ }
- nf_ct_set(skb, ct, ovs_ct_get_info(h));
return ct;
}
@@ -669,7 +674,7 @@ struct nf_conn *ovs_ct_executed(struct net *net,
if (*ct_executed || (!key->ct_state && info->force)) {
ct = ovs_ct_find_existing(net, >zone, info->family, skb,
!!(key->ct_state &
-
[ovs-dev] [RFC net-next] net: openvswitch: Add support to lookup invalid packet in ct action.
From: Numan Siddique
For a tcp packet which is part of an existing committed connection,
nf_conntrack_in() will return err and set skb->_nfct to NULL if it is
out of tcp window. ct action for this packet will set the ct_state
to +inv which is as expected.
But a controller cannot add an OVS flow as
table=21,priority=100,ct_state=+inv, actions=drop
to drop such packets. That is because when ct action is executed on other
packets which are not part of existing committed connections, ct_state
can be set to invalid. Few such cases are:
- ICMP reply packets.
- TCP SYN/ACK packets during connection establishment.
- SCTP INIT ACK, COOKIE ACK, DATA and DATA ACK packets.
To distinguish between an invalid packet part of committed connection
and others, this patch introduces as a new ct attribute
OVS_CT_ATTR_LOOKUP_INV. If this is set in the ct action (without commit),
it tries to find the ct entry and if present, sets the ct_state to
+inv,+trk and also sets the mark and labels associated with the
connection.
With this, a controller can add flows like
table=20,ip, action=ct(table=21, lookup_invalid)
table=21,priority=100,ct_state=+inv+trk,ct_label=0x2/0x2 actions=drop
table=21,ip, actions=resubmit(,22)
CC: Pravin B Shelar
Signed-off-by: Numan Siddique
---
include/uapi/linux/openvswitch.h | 4 +++
net/openvswitch/conntrack.c | 47
2 files changed, 40 insertions(+), 11 deletions(-)
diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
index 8300cc29dec8..db942986c5b7 100644
--- a/include/uapi/linux/openvswitch.h
+++ b/include/uapi/linux/openvswitch.h
@@ -768,6 +768,9 @@ struct ovs_action_hash {
* respectively. Remaining bits control the changes for which an event is
* delivered on the NFNLGRP_CONNTRACK_UPDATE group.
* @OVS_CT_ATTR_TIMEOUT: Variable length string defining conntrack timeout.
+ * @OVS_CT_ATTR_LOOKUP_INV: If present, looks up and sets the state, mark and
+ * labels for an invalid packet (eg. out of tcp window) if it is part of
+ * committed connection.
*/
enum ovs_ct_attr {
OVS_CT_ATTR_UNSPEC,
@@ -782,6 +785,7 @@ enum ovs_ct_attr {
OVS_CT_ATTR_EVENTMASK, /* u32 mask of IPCT_* events. */
OVS_CT_ATTR_TIMEOUT,/* Associate timeout with this connection for
* fine-grain timeout tuning. */
+ OVS_CT_ATTR_LOOKUP_INV, /* No argument. */
__OVS_CT_ATTR_MAX
};
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index e86b9601f5b1..49f07166b8c2 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -62,6 +62,7 @@ struct ovs_conntrack_info {
u8 nat : 3; /* enum ovs_ct_nat */
u8 force : 1;
u8 have_eventmask : 1;
+ u8 lookup_invalid : 1;
u16 family;
u32 eventmask; /* Mask of 1 << IPCT_*. */
struct md_mark mark;
@@ -601,12 +602,13 @@ ovs_ct_get_info(const struct nf_conntrack_tuple_hash *h)
*
* Must be called with rcu_read_lock.
*
- * On success, populates skb->_nfct and returns the connection. Returns NULL
- * if there is no existing entry.
+ * On success, populates skb->_nfct if 'skb_set_ct' is true and returns the
+ * connection. Returns NULL if there is no existing entry.
*/
static struct nf_conn *
ovs_ct_find_existing(struct net *net, const struct nf_conntrack_zone *zone,
-u8 l3num, struct sk_buff *skb, bool natted)
+u8 l3num, struct sk_buff *skb, bool natted,
+bool skb_set_ct)
{
struct nf_conntrack_tuple tuple;
struct nf_conntrack_tuple_hash *h;
@@ -636,14 +638,17 @@ ovs_ct_find_existing(struct net *net, const struct
nf_conntrack_zone *zone,
ct = nf_ct_tuplehash_to_ctrack(h);
- /* Inverted packet tuple matches the reverse direction conntrack tuple,
-* select the other tuplehash to get the right 'ctinfo' bits for this
-* packet.
-*/
- if (natted)
- h = >tuplehash[!h->tuple.dst.dir];
+ if (skb_set_ct) {
+ /* Inverted packet tuple matches the reverse direction
+* conntrack tuple, select the other tuplehash to get the
+* right 'ctinfo' bits for this packet.
+*/
+ if (natted)
+ h = >tuplehash[!h->tuple.dst.dir];
+
+ nf_ct_set(skb, ct, ovs_ct_get_info(h));
+ }
- nf_ct_set(skb, ct, ovs_ct_get_info(h));
return ct;
}
@@ -669,7 +674,7 @@ struct nf_conn *ovs_ct_executed(struct net *net,
if (*ct_executed || (!key->ct_state && info->force)) {
ct = ovs_ct_find_existing(net, >zone, info->family, skb,
!!(key->ct_state &
- OVS_CS_F_NAT_MASK));
+ OVS_CS_F_NAT_MASK), true);
}
[ovs-dev] [PATCH] ovsdb-server: Allow replication from older schema version servers.
From: Numan Siddique
Presently, replication is not allowed if there is a schema version mismatch
between
the schema returned by the active ovsdb-server and the local db schema. This is
causing failures in OVN DB HA deployments during uprades.
In the case of OpenStack tripleo deployment with OVN, OVN DB ovsdb-servers are
deployed on a multi node controller cluster in active/standby mode. During
minor updates or major upgrades, the cluster is updated one at a time. If
a node A is running active OVN DB ovsdb-servers and when it is updated, another
node B becomes active. After the update when OVN DB ovsdb-servers in A are
started,
these ovsdb-servers fail to replicate from the active if there is a schema
version mismatch.
This patch addresses this issue by allowing replication even if there is a
schema version mismatch only if
- The standby ovsdb-servers's local db schema version is greater than that
of the active. The version x should match with the active and the version y
should be greater than that of the active.
- If all the active ovsdb-server schema tables are present in the
local db schema.
This should not result in any data loss.
Allowing replication from new schema version server is riskier and could result
in
data loss and hence this case is not attempted.
Signed-off-by: Numan Siddique
---
ovsdb/replication.c | 165 +---
1 file changed, 140 insertions(+), 25 deletions(-)
diff --git a/ovsdb/replication.c b/ovsdb/replication.c
index 752b3c89c..a77ab8658 100644
--- a/ovsdb/replication.c
+++ b/ovsdb/replication.c
@@ -43,7 +43,7 @@ static struct uuid server_uuid;
static struct jsonrpc_session *session;
static unsigned int session_seqno = UINT_MAX;
-static struct jsonrpc_msg *create_monitor_request(struct ovsdb *db);
+static struct jsonrpc_msg *create_monitor_request(struct ovsdb_schema *);
static void add_monitored_table(struct ovsdb_table_schema *table,
struct json *monitor_requests);
@@ -100,16 +100,27 @@ enum ovsdb_replication_state {
static enum ovsdb_replication_state state;
+struct replication_db {
+struct ovsdb *db;
+bool schema_version_higher;
+ /* Points to the schema received from the active server if
+ * the local db schema version is higher. NULL otherwise. */
+struct ovsdb_schema *active_db_schema;
+};
+
+static bool check_replication_possible(struct replication_db *,
+ struct ovsdb_schema *);
+
/* All DBs known to ovsdb-server. The actual replication dbs are stored
* in 'replication dbs', which is a subset of all dbs and remote dbs whose
* schema matches. */
static struct shash local_dbs = SHASH_INITIALIZER(_dbs);
static struct shash *replication_dbs;
-static struct shash *replication_db_clone(struct shash *dbs);
+static struct shash *replication_dbs_create(void);
static void replication_dbs_destroy(void);
/* Find 'struct ovsdb' by name within 'replication_dbs' */
-static struct ovsdb* find_db(const char *db_name);
+static struct replication_db *find_db(const char *db_name);
void
@@ -152,8 +163,8 @@ send_schema_requests(const struct json *result)
if (name->type == JSON_STRING) {
/* Send one schema request for each remote DB. */
const char *db_name = json_string(name);
-struct ovsdb *db = find_db(db_name);
-if (db) {
+struct replication_db *rdb = find_db(db_name);
+if (rdb) {
struct jsonrpc_msg *request =
jsonrpc_create_request(
"get_schema",
@@ -161,7 +172,7 @@ send_schema_requests(const struct json *result)
json_string_create(db_name)),
NULL);
-request_ids_add(request->id, db);
+request_ids_add(request->id, rdb->db);
jsonrpc_session_send(session, request);
}
}
@@ -206,11 +217,11 @@ replication_run(void)
&& msg->params->array.n == 2
&& msg->params->array.elems[0]->type == JSON_STRING) {
char *db_name = msg->params->array.elems[0]->string;
-struct ovsdb *db = find_db(db_name);
-if (db) {
+struct replication_db *rdb = find_db(db_name);
+if (rdb) {
struct ovsdb_error *error;
error = process_notification(msg->params->array.elems[1],
- db);
+ rdb->db);
if (error) {
ovsdb_error_assert(error);
state = RPL_S_ERR;
@@ -218,6 +229,7 @@ replication_run(void)
}
}
} else if (msg->type == JSONRPC_REPLY) {
+struct replication_db *rdb;
struct ovsdb *db;
if
[ovs-dev] [PATCH v3] ovsdb-server: Don't drop all connections on read/write status change.
From: Numan Siddique
The commit [1] force drops all connections when the db read/write status
changes.
Prior to the commit [1], when there was read/write status change, the existing
jsonrpc sessions with 'db_change_aware' set to true, were not updated with the
changed 'read_only' value. If the db status was changed to 'standby', the
existing
clients could still write to the db.
In the case of pacemaker OVN HA, OVN OCF script 'start' action starts the
ovsdb-servers in read-only state and later, it sets to read-write in the
'promote' action. We have observed that if some ovn-controllers connect to
the SB ovsdb-server (in read-only state) just before the 'promote' action,
the connection is not reset all the times and these ovn-controllers remain
connected
to the SB ovsdb-server in read-only state all the time. Even though
the commit [1] calls 'ovsdb_jsonrpc_server_reconnect()' with 'forced' flag
set to true when the db read/write status changes, somehow the FSM misses
resetting
the connections of these ovn-controllers.
I think this needs to be addressed in the FSM. This patch doesn't address
this FSM issue. Instead it changes the behavior of
'ovsdb_jsonrpc_server_set_read_only()'
by setting the 'read_only' flag of all the jsonrpc sessions instead of
forcefully
resetting the connection.
I think there is no need to reset the connection. In large scale production
deployements with OVN, this results in unnecessary waste of CPU cycles as
ovn-controllers
will have to connect twice - once during 'start' action and again during
'promote'.
[1] - 2a9679e3b2c6("ovsdb-server: drop all connections on read/write status
change")
Acked-by: Dumitru Ceara
Signed-off-by: Numan Siddique
---
v2 -> v3
---
* Addressed minor review comment.
v1 -> v2
---
* Addressed Dumitru's comment - Use LIST_FOR_EACH instead of
LIST_FOR_EACH_SAFE
ovsdb/jsonrpc-server.c | 24
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/ovsdb/jsonrpc-server.c b/ovsdb/jsonrpc-server.c
index ddbbc2e94..4e2dfc3d7 100644
--- a/ovsdb/jsonrpc-server.c
+++ b/ovsdb/jsonrpc-server.c
@@ -80,6 +80,8 @@ static void ovsdb_jsonrpc_session_unlock_all(struct
ovsdb_jsonrpc_session *);
static void ovsdb_jsonrpc_session_unlock__(struct ovsdb_lock_waiter *);
static void ovsdb_jsonrpc_session_send(struct ovsdb_jsonrpc_session *,
struct jsonrpc_msg *);
+static void ovsdb_jsonrpc_session_set_readonly_all(
+struct ovsdb_jsonrpc_remote *remote, bool read_only);
/* Triggers. */
static void ovsdb_jsonrpc_trigger_create(struct ovsdb_jsonrpc_session *,
@@ -365,10 +367,13 @@ ovsdb_jsonrpc_server_set_read_only(struct
ovsdb_jsonrpc_server *svr,
{
if (svr->read_only != read_only) {
svr->read_only = read_only;
-ovsdb_jsonrpc_server_reconnect(svr, true,
- xstrdup(read_only
- ? "making server read-only"
- : "making server read/write"));
+
+struct shash_node *node;
+SHASH_FOR_EACH (node, >remotes) {
+struct ovsdb_jsonrpc_remote *remote = node->data;
+
+ovsdb_jsonrpc_session_set_readonly_all(remote, read_only);
+}
}
}
@@ -670,6 +675,17 @@ ovsdb_jsonrpc_session_reconnect_all(struct
ovsdb_jsonrpc_remote *remote,
}
}
+static void
+ovsdb_jsonrpc_session_set_readonly_all(struct ovsdb_jsonrpc_remote *remote,
+ bool read_only)
+{
+struct ovsdb_jsonrpc_session *s;
+
+LIST_FOR_EACH (s, node, >sessions) {
+s->read_only = read_only;
+}
+}
+
/* Sets the options for all of the JSON-RPC sessions managed by 'remote' to
* 'options'.
*
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] ovsdb-server: Don't drop all connections on read/write status change.
From: Numan Siddique
The commit [1] force drops all connections when the db read/write status
changes.
Prior to the commit [1], when there was read/write status change, the existing
jsonrpc sessions with 'db_change_aware' set to true, were not updated with the
changed 'read_only' value. If the db status was changed to 'standby', the
existing
clients could still write to the db.
In the case of pacemaker OVN HA, OVN OCF script 'start' action starts the
ovsdb-servers in read-only state and later, it sets to read-write in the
'promote' action. We have observed that if some ovn-controllers connect to
the SB ovsdb-server (in read-only state) just before the 'promote' action,
the connection is not reset all the times and these ovn-controllers remain
connected
to the SB ovsdb-server in read-only state all the time. Even though
the commit [1] calls 'ovsdb_jsonrpc_server_reconnect()' with 'forced' flag
set to true when the db read/write status changes, somehow the FSM misses
resetting
the connections of these ovn-controllers.
I think this needs to be addressed in the FSM. This patch doesn't address
this FSM issue. Instead it changes the behavior of
'ovsdb_jsonrpc_server_set_read_only()'
by setting the 'read_only' flag of all the jsonrpc sessions instead of
forcefully
resetting the connection.
I think there is no need to reset the connection. In large scale production
deployements with OVN, this results in unnecessary waste of CPU cycles as
ovn-controllers
will have to connect twice - once during 'start' action and again during
'promote'.
[1] - 2a9679e3b2c6("ovsdb-server: drop all connections on read/write status
change")
Signed-off-by: Numan Siddique
---
v1 -> v2
---
* Addressed Dumitru's comment - Use LIST_FOR_EACH instead of
LIST_FOR_EACH_SAFE
ovsdb/jsonrpc-server.c | 24
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/ovsdb/jsonrpc-server.c b/ovsdb/jsonrpc-server.c
index ddbbc2e94..a98c5e618 100644
--- a/ovsdb/jsonrpc-server.c
+++ b/ovsdb/jsonrpc-server.c
@@ -80,6 +80,8 @@ static void ovsdb_jsonrpc_session_unlock_all(struct
ovsdb_jsonrpc_session *);
static void ovsdb_jsonrpc_session_unlock__(struct ovsdb_lock_waiter *);
static void ovsdb_jsonrpc_session_send(struct ovsdb_jsonrpc_session *,
struct jsonrpc_msg *);
+static void ovsdb_jsonrpc_session_set_readonly_all(
+struct ovsdb_jsonrpc_remote *remote, bool read_only);
/* Triggers. */
static void ovsdb_jsonrpc_trigger_create(struct ovsdb_jsonrpc_session *,
@@ -365,10 +367,13 @@ ovsdb_jsonrpc_server_set_read_only(struct
ovsdb_jsonrpc_server *svr,
{
if (svr->read_only != read_only) {
svr->read_only = read_only;
-ovsdb_jsonrpc_server_reconnect(svr, true,
- xstrdup(read_only
- ? "making server read-only"
- : "making server read/write"));
+struct shash_node *node;
+
+SHASH_FOR_EACH (node, >remotes) {
+struct ovsdb_jsonrpc_remote *remote = node->data;
+
+ovsdb_jsonrpc_session_set_readonly_all(remote, read_only);
+}
}
}
@@ -670,6 +675,17 @@ ovsdb_jsonrpc_session_reconnect_all(struct
ovsdb_jsonrpc_remote *remote,
}
}
+static void
+ovsdb_jsonrpc_session_set_readonly_all(struct ovsdb_jsonrpc_remote *remote,
+ bool read_only)
+{
+struct ovsdb_jsonrpc_session *s;
+
+LIST_FOR_EACH (s, node, >sessions) {
+s->read_only = read_only;
+}
+}
+
/* Sets the options for all of the JSON-RPC sessions managed by 'remote' to
* 'options'.
*
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] ovsdb-server: Don't drop all connections on read/write status change.
From: Numan Siddique
The commit [1] force drops all connections when the db read/write status
changes.
Prior to the commit [1], when there was read/write status change, the existing
jsonrpc sessions with 'db_change_aware' set to true, were not updated with the
changed 'read_only' value. If the db status was changed to 'standby', the
existing
clients could still write to the db.
In the case of pacemaker OVN HA, OVN OCF script 'start' action starts the
ovsdb-servers in read-only state and later, it sets to read-write in the
'promote' action. We have observed that if some ovn-controllers connect to
the SB ovsdb-server (in read-only state) just before the 'promote' action,
the connection is not reset all the times and these ovn-controllers remain
connected
to the SB ovsdb-server in read-only state all the time. Even though
the commit [1] calls 'ovsdb_jsonrpc_server_reconnect()' with 'forced' flag
set to true when the db read/write status changes, somehow the FSM misses
resetting
the connections of these ovn-controllers.
I think this needs to be addressed in the FSM. This patch doesn't address
this FSM issue. Instead it changes the behavior of
'ovsdb_jsonrpc_server_set_read_only()'
by setting the 'read_only' flag of all the jsonrpc sessions instead of
forcefully
resetting the connection.
I think there is no need to reset the connection. In large scale production
deployements with OVN, this results in unnecessary waste of CPU cycles as
ovn-controllers
will have to connect twice - once during 'start' action and again during
'promote'.
[1] - 2a9679e3b2c6("ovsdb-server: drop all connections on read/write status
change")
Signed-off-by: Numan Siddique
---
ovsdb/jsonrpc-server.c | 24
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/ovsdb/jsonrpc-server.c b/ovsdb/jsonrpc-server.c
index ddbbc2e94..066826959 100644
--- a/ovsdb/jsonrpc-server.c
+++ b/ovsdb/jsonrpc-server.c
@@ -80,6 +80,8 @@ static void ovsdb_jsonrpc_session_unlock_all(struct
ovsdb_jsonrpc_session *);
static void ovsdb_jsonrpc_session_unlock__(struct ovsdb_lock_waiter *);
static void ovsdb_jsonrpc_session_send(struct ovsdb_jsonrpc_session *,
struct jsonrpc_msg *);
+static void ovsdb_jsonrpc_session_set_readonly_all(
+struct ovsdb_jsonrpc_remote *remote, bool read_only);
/* Triggers. */
static void ovsdb_jsonrpc_trigger_create(struct ovsdb_jsonrpc_session *,
@@ -365,10 +367,13 @@ ovsdb_jsonrpc_server_set_read_only(struct
ovsdb_jsonrpc_server *svr,
{
if (svr->read_only != read_only) {
svr->read_only = read_only;
-ovsdb_jsonrpc_server_reconnect(svr, true,
- xstrdup(read_only
- ? "making server read-only"
- : "making server read/write"));
+struct shash_node *node;
+
+SHASH_FOR_EACH (node, >remotes) {
+struct ovsdb_jsonrpc_remote *remote = node->data;
+
+ovsdb_jsonrpc_session_set_readonly_all(remote, read_only);
+}
}
}
@@ -670,6 +675,17 @@ ovsdb_jsonrpc_session_reconnect_all(struct
ovsdb_jsonrpc_remote *remote,
}
}
+static void
+ovsdb_jsonrpc_session_set_readonly_all(struct ovsdb_jsonrpc_remote *remote,
+ bool read_only)
+{
+struct ovsdb_jsonrpc_session *s, *next;
+
+LIST_FOR_EACH_SAFE (s, next, node, >sessions) {
+s->read_only = read_only;
+}
+}
+
/* Sets the options for all of the JSON-RPC sessions managed by 'remote' to
* 'options'.
*
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] ovn-ctl: Create etcdir when starting ovsdb servers
From: Numan Siddique
'ovn-ctl promote_ovnnb/promote_ovnsb' stores the address of the
active server in /etc/ovn/ovn(nb/sb)-active.conf and this fails as
ovn-ctl doesn't create /etc/ovn dir.
This patch fixes it.
Signed-off-by: Numan Siddique
---
utilities/ovn-ctl | 2 ++
1 file changed, 2 insertions(+)
diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index 433ee4f50..481e28fc9 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -153,6 +153,7 @@ start_ovsdb__() {
ovn_install_dir "$OVN_RUNDIR"
ovn_install_dir "$ovn_logdir"
ovn_install_dir "$ovn_dbdir"
+ovn_install_dir "$ovn_etcdir"
# Check and eventually start ovsdb-server for DB
if pidfile_is_running $db_pid_file; then
@@ -194,6 +195,7 @@ $cluster_remote_port
chown -R $INSTALL_USER:$INSTALL_GROUP $ovn_dbdir
chown -R $INSTALL_USER:$INSTALL_GROUP $OVN_RUNDIR
chown -R $INSTALL_USER:$INSTALL_GROUP $ovn_logdir
+chown -R $INSTALL_USER:$INSTALL_GROUP $ovn_etcdir
set ovsdb-server
set "$@" $log --log-file=$logfile
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] Partially revert "Exclude inport and outport symbol tables from conjunction."
From: Numan Siddique This partially revers the commit - 298701dbc99645700be41680a43d049cb061847a as the commit [1] disables the conjunction. We still need the changes to the tests/ovn.at file. CC: Han Zhou Signed-off-by: Numan Siddique --- lib/expr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/expr.c b/lib/expr.c index 64ea0aafa..9b9b6bcca 100644 --- a/lib/expr.c +++ b/lib/expr.c @@ -1517,7 +1517,7 @@ expr_symtab_add_string(struct shash *symtab, const char *name, const struct mf_field *field = mf_from_id(id); struct expr_symbol *symbol; -symbol = add_symbol(symtab, name, 0, prereqs, EXPR_L_NOMINAL, true, +symbol = add_symbol(symtab, name, 0, prereqs, EXPR_L_NOMINAL, false, field->writable); symbol->field = field; return symbol; -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] Disable conjunction by force cross product for all the fields.
From: Numan Siddique
With this ovn-controller will not generate conjunction flows.
There are issues with the conjunction flows generated by ovn-controller.
Please see the commit 298701dbc996 for more information.
Signed-off-by: Numan Siddique
---
TODO.rst | 10 +
lib/expr.c | 20 +-
tests/ovn.at | 1244 +++---
3 files changed, 1204 insertions(+), 70 deletions(-)
diff --git a/TODO.rst b/TODO.rst
index 943d9bf81..ed55ea236 100644
--- a/TODO.rst
+++ b/TODO.rst
@@ -145,3 +145,13 @@ OVN To-do List
* Support FTP ALGs.
* Support reject action.
+
+* Conjunction: Conjunction is disabled in OVN. This needs to be revisisted
+ to enable conjunction again after addressing the issues related to it.
+ Like, if there are multiple ACLs with overlapping Conjunction matches,
+ conjunction flows are not added properly.
+ Eg. match(ip4.src == {IP1, IP2, IP3} && ip4.dst == {IP4, IP5, IP6} &&
+ tcp.dst >= 800 && tcp.dst <= 900) actions=drop
+
+ match(ip4.src == {IP1, IP2, IP3} && ip4.dst == {IP4, IP5, IP6} &&
+ tcp.dst >= 1000 && tcp.dst <= 2000) actions=allow
diff --git a/lib/expr.c b/lib/expr.c
index c0871e1e8..64ea0aafa 100644
--- a/lib/expr.c
+++ b/lib/expr.c
@@ -32,6 +32,24 @@
VLOG_DEFINE_THIS_MODULE(expr);
+/* Right now conjunction flows generated by ovn-controller
+ * has issues. If there are multiple flows with the same
+ * match for different conjunctions, ovn-controller doesn't
+ * handle it properly.
+ * Eg.
+ * match 1 - ip4.src == {IP1, IP2} && tcp.dst >=500 && tcp.src <=600
+ * action - drop
+ *
+ * match 2 - ip4.src == {IP1, IP2} && tcp.dst >=700 && tcp.src <=800
+ * action - allow.
+ *
+ * To handle this issue temporarily force crossproduct so that conjunction
+ * flows are not generated.
+ *
+ * Remove this once fixed.
+ * */
+static bool force_crossproduct = true;
+
static struct expr *parse_and_annotate(const char *s,
const struct shash *symtab,
struct ovs_list *nesting,
@@ -2633,7 +2651,7 @@ expr_normalize_and(struct expr *expr)
ovs_assert(sub->type == EXPR_T_OR);
const struct expr_symbol *symbol = expr_get_unique_symbol(sub);
-if (!symbol || symbol->must_crossproduct) {
+if (!symbol || force_crossproduct || symbol->must_crossproduct ) {
struct expr *or = expr_create_andor(EXPR_T_OR);
struct expr *k;
diff --git a/tests/ovn.at b/tests/ovn.at
index c32a75c26..16587114e 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -596,16 +596,14 @@ tcp,reg14=0x6,tp_dst=500
tcp,reg14=0x6,tp_dst=501
])
AT_CHECK([expr_to_flow 'outport == {"eth0", "eth1", "eth2"} && ip4 && tcp &&
tcp.src == {400, 401} && tcp.dst == {500, 501}'], [0], [dnl
-conj_id=1,tcp,reg15=0x5
-conj_id=2,tcp,reg15=0x6
-tcp,reg15=0x5,tp_dst=500: conjunction(1, 0/2)
-tcp,reg15=0x5,tp_dst=501: conjunction(1, 0/2)
-tcp,reg15=0x5,tp_src=400: conjunction(1, 1/2)
-tcp,reg15=0x5,tp_src=401: conjunction(1, 1/2)
-tcp,reg15=0x6,tp_dst=500: conjunction(2, 0/2)
-tcp,reg15=0x6,tp_dst=501: conjunction(2, 0/2)
-tcp,reg15=0x6,tp_src=400: conjunction(2, 1/2)
-tcp,reg15=0x6,tp_src=401: conjunction(2, 1/2)
+tcp,reg15=0x5,tp_src=400,tp_dst=500
+tcp,reg15=0x5,tp_src=400,tp_dst=501
+tcp,reg15=0x5,tp_src=401,tp_dst=500
+tcp,reg15=0x5,tp_src=401,tp_dst=501
+tcp,reg15=0x6,tp_src=400,tp_dst=500
+tcp,reg15=0x6,tp_src=400,tp_dst=501
+tcp,reg15=0x6,tp_src=401,tp_dst=500
+tcp,reg15=0x6,tp_src=401,tp_dst=501
])
AT_CHECK([expr_to_flow 'inport == "eth0" && inport == "eth1"'], [0], [dnl
(no flows)
@@ -727,22 +725,27 @@ reg15=0x11
])
AT_CLEANUP
-AT_SETUP([ovn -- converting expressions to flows -- conjunction])
-AT_KEYWORDS([conjunction])
+AT_SETUP([ovn -- converting expressions to flows -- no conjunction])
+AT_KEYWORDS([no conjunction])
expr_to_flow () {
echo "$1" | ovstest test-ovn expr-to-flows | sort
}
+# conjunction is disabled in OVN until some of the issues
+# related to conjunction flows are fixed.
+# expr-to-flows should not generate any conjunction flows.
lflow="ip4.src == {10.0.0.1, 10.0.0.2, 10.0.0.3} && \
ip4.dst == {20.0.0.1, 20.0.0.2, 20.0.0.3}"
AT_CHECK([expr_to_flow "$lflow"], [0], [dnl
-conj_id=1,ip
-ip,nw_dst=20.0.0.1: conjunction(1, 0/2)
-ip,nw_dst=20.0.0.2: conjunction(1, 0/2)
-ip,nw_dst=20.0.0.3: conjunction(1, 0/2)
-ip,nw_src=10.0.0.1: conjunction(1, 1/2)
-ip,nw_src=10.0.0.2: conjunction(1, 1/2)
-ip,nw_src=10.0.0.3: conjunction(1, 1/2)
+ip,nw_src=10.0.0.1,nw_dst=20.0.0.1
+ip,nw_src=10.0.0.1,nw_dst=20.0.0.2
+ip,nw_src=10.0.0.1,nw_dst=20.0.0.3
+ip,nw_src=10.0.0.2,nw_dst=20.0.0.1
+ip,nw_src=10.0.0.2,nw_dst=20.0.0.2
+ip,nw_src=10.0.0.2,nw_dst=20.0.0.3
+ip,nw_src=10.0.0.3,nw_dst=20.0.0.1
+ip,nw_src=10.0.0.3,nw_dst=20.0.0.2
+ip,nw_src=10.0.0.3,nw_dst=20.0.0.3
])
lflow="ip && (!ct.est || (ct.est && ct_label.blocked == 1))"
@@ -756,12 +759,12 @@ ct_state=-est+trk,ipv6
lflow="ip4.src == {10.0.0.1, 10.0.0.2, 10.0.0.3} &&
[ovs-dev] [RFC PATCH ovn] Disable conjunction
From: Numan Siddique
The commit 298701dbc996("Exclude inport and outport symbol tables from
conjunction")
was earlier added to disable conjunction for inport and outport symbols.
This patch extends it to all the symbos added in the symbol table by setting
the 'must_crossproduct' field to 'true'.
There are issues with the conjunction flows generated by ovn-controller.
Please see the commit 298701dbc996 for more information.
Signed-off-by: Numan Siddique
---
TODO.rst | 10 +
lib/expr.c |6 +-
lib/logical-fields.c | 72 +--
tests/ovn.at | 1244 +++---
4 files changed, 1224 insertions(+), 108 deletions(-)
diff --git a/TODO.rst b/TODO.rst
index 943d9bf81..ed55ea236 100644
--- a/TODO.rst
+++ b/TODO.rst
@@ -145,3 +145,13 @@ OVN To-do List
* Support FTP ALGs.
* Support reject action.
+
+* Conjunction: Conjunction is disabled in OVN. This needs to be revisisted
+ to enable conjunction again after addressing the issues related to it.
+ Like, if there are multiple ACLs with overlapping Conjunction matches,
+ conjunction flows are not added properly.
+ Eg. match(ip4.src == {IP1, IP2, IP3} && ip4.dst == {IP4, IP5, IP6} &&
+ tcp.dst >= 800 && tcp.dst <= 900) actions=drop
+
+ match(ip4.src == {IP1, IP2, IP3} && ip4.dst == {IP4, IP5, IP6} &&
+ tcp.dst >= 1000 && tcp.dst <= 2000) actions=allow
diff --git a/lib/expr.c b/lib/expr.c
index c0871e1e8..e6fffa701 100644
--- a/lib/expr.c
+++ b/lib/expr.c
@@ -1483,7 +1483,7 @@ expr_symtab_add_subfield(struct shash *symtab, const char
*name,
name, expr_level_to_string(level), f.symbol->name);
}
-symbol = add_symbol(symtab, name, f.n_bits, prereqs, level, false,
+symbol = add_symbol(symtab, name, f.n_bits, prereqs, level, true,
f.symbol->rw);
symbol->parent = f.symbol;
symbol->parent_ofs = f.ofs;
@@ -1562,7 +1562,7 @@ expr_symtab_add_predicate(struct shash *symtab, const
char *name,
return NULL;
}
-symbol = add_symbol(symtab, name, 1, NULL, level, false, false);
+symbol = add_symbol(symtab, name, 1, NULL, level, true, false);
symbol->predicate = xstrdup(expansion);
return symbol;
}
@@ -1575,7 +1575,7 @@ expr_symtab_add_ovn_field(struct shash *symtab, const
char *name,
struct expr_symbol *symbol;
symbol = add_symbol(symtab, name, ovn_field->n_bits, NULL,
-EXPR_L_NOMINAL, false, true);
+EXPR_L_NOMINAL, true, true);
symbol->ovn_field = ovn_field;
return symbol;
}
diff --git a/lib/logical-fields.c b/lib/logical-fields.c
index 8fb591c0a..cddc86ffe 100644
--- a/lib/logical-fields.c
+++ b/lib/logical-fields.c
@@ -77,7 +77,7 @@ ovn_init_symtab(struct shash *symtab)
* unless they're formally defined as subfields. It's a little awkward. */
for (int xxi = 0; xxi < MFF_N_LOG_REGS / 4; xxi++) {
char *xxname = xasprintf("xxreg%d", xxi);
-expr_symtab_add_field(symtab, xxname, MFF_XXREG0 + xxi, NULL, false);
+expr_symtab_add_field(symtab, xxname, MFF_XXREG0 + xxi, NULL, true);
free(xxname);
}
for (int xi = 0; xi < MFF_N_LOG_REGS / 2; xi++) {
@@ -86,7 +86,7 @@ ovn_init_symtab(struct shash *symtab)
if (xxi < MFF_N_LOG_REGS / 4) {
add_subregister(xname, "xxreg", xxi, 64, 1 - xi % 2, symtab);
} else {
-expr_symtab_add_field(symtab, xname, MFF_XREG0 + xi, NULL, false);
+expr_symtab_add_field(symtab, xname, MFF_XREG0 + xi, NULL, true);
}
free(xname);
}
@@ -99,13 +99,13 @@ ovn_init_symtab(struct shash *symtab)
} else if (xi < MFF_N_LOG_REGS / 2) {
add_subregister(name, "xreg", xi, 32, 1 - i % 2, symtab);
} else {
-expr_symtab_add_field(symtab, name, MFF_REG0 + i, NULL, false);
+expr_symtab_add_field(symtab, name, MFF_REG0 + i, NULL, true);
}
free(name);
}
/* Flags used in logical to physical transformation. */
-expr_symtab_add_field(symtab, "flags", MFF_LOG_FLAGS, NULL, false);
+expr_symtab_add_field(symtab, "flags", MFF_LOG_FLAGS, NULL, true);
char flags_str[16];
snprintf(flags_str, sizeof flags_str, "flags[%d]", MLF_ALLOW_LOOPBACK_BIT);
expr_symtab_add_subfield(symtab, "flags.loopback", NULL, flags_str);
@@ -119,12 +119,12 @@ ovn_init_symtab(struct shash *symtab)
flags_str);
/* Connection tracking state. */
-expr_symtab_add_field(symtab, "ct_mark", MFF_CT_MARK, NULL, false);
+expr_symtab_add_field(symtab, "ct_mark", MFF_CT_MARK, NULL, true);
-expr_symtab_add_field(symtab, "ct_label", MFF_CT_LABEL, NULL, false);
+expr_symtab_add_field(symtab, "ct_label", MFF_CT_LABEL, NULL, true);
expr_symtab_add_subfield(symtab, "ct_label.blocked", NULL, "ct_label[0]");
-expr_symtab_add_field(symtab, "ct_state", MFF_CT_STATE, NULL,
[ovs-dev] [PATCH ovn v3] Learn the mac binding only if required
From: Numan Siddique
OVN has the actions - put_arp and put_nd to learn the mac bindings from the
ARP/ND packets. These actions update the Southbound MAC_Binding table.
These actions translates to controller actions. Whenever pinctrl thread
receives such packets, it wakes up the main ovn-controller thread.
If the MAC_Binding table is already upto date, this results
in unnecessary CPU cyles. There are some security implications as well.
A rogue VM can flood broadcast ARP request/reply packets and this
could cause DoS issues. A physical switch may send periodic GARPs
and these packets hit ovn-controllers.
This patch solves these problems by learning the mac bindings only if
required. There is no need to apply the put_arp/put_nd action if the
Southbound MAC_Binding row is upto date.
New actions - lookup_arp and lookup_nd are added which looks up the
IP, MAC pair in the mac_binding table and stores the result in a
register. 1 if lookup is successful, 0 otherwise.
ovn-northd adds 2 new stages - LOOKUP_NEIGHBOR and LEARN_NEIGHBOR before
IP_INPUT in the router ingress pipeline.c. The LOOKUP_NEIGHBOR stage
adds flows to do the lookup in the mac_binding table and the LEARN_NEIGHBOR
adds flows to learn the neighbors only if require.
The lflow module of ovn-controller adds OF flows in table 67
(OFTABLE_MAC_LOOKUP)
for each mac_binding entry with the match reg0 = ip && eth.src = mac with
the action - load:1->reg10[6]
Eg:
table=31,
priority=100,arp,reg0=0xaca8006f,reg14=0x3,metadata=0x3,dl_src=00:44:00:00:00:04
actions=load:1->NXM_NX_REG10[6]
This patch should also address the issue reported in 'Reported-at'
Reported-at: https://bugzilla.redhat.com/1729846
Reported-by: Haidong Li
CC: Han ZHou
CC: Dumitru Ceara
Tested-by: Dumitru Ceara
Signed-off-by: Numan Siddique
---
v2 -> v3
* Addressed review comments from Han.
v1 -> v2
* Addressed review comments from Han - Storing the result
of lookup_arp/lookup_nd in a register.
controller/lflow.c | 37 -
controller/lflow.h | 1 +
include/ovn/actions.h| 13 ++
include/ovn/logical-fields.h | 4 +
lib/actions.c| 114 ++
northd/ovn-northd.8.xml | 212 -
northd/ovn-northd.c | 205 ++---
ovn-architecture.7.xml | 18 +++
ovn-sb.xml | 57 +++
tests/ovn.at | 290 ++-
tests/test-ovn.c | 1 +
utilities/ovn-trace.c| 69 +
12 files changed, 844 insertions(+), 177 deletions(-)
diff --git a/controller/lflow.c b/controller/lflow.c
index d0335a83a..e3ed20cd4 100644
--- a/controller/lflow.c
+++ b/controller/lflow.c
@@ -687,6 +687,7 @@ consider_logical_flow(
.egress_ptable = OFTABLE_LOG_EGRESS_PIPELINE,
.output_ptable = output_ptable,
.mac_bind_ptable = OFTABLE_MAC_BINDING,
+.mac_lookup_ptable = OFTABLE_MAC_LOOKUP,
};
ovnacts_encode(ovnacts.data, ovnacts.size, , );
ovnacts_free(ovnacts.data, ovnacts.size);
@@ -777,7 +778,9 @@ consider_neighbor_flow(struct ovsdb_idl_index
*sbrec_port_binding_by_name,
return;
}
-struct match match = MATCH_CATCHALL_INITIALIZER;
+struct match get_arp_match = MATCH_CATCHALL_INITIALIZER;
+struct match lookup_arp_match = MATCH_CATCHALL_INITIALIZER;
+
if (strchr(b->ip, '.')) {
ovs_be32 ip;
if (!ip_parse(b->ip, )) {
@@ -785,7 +788,9 @@ consider_neighbor_flow(struct ovsdb_idl_index
*sbrec_port_binding_by_name,
VLOG_WARN_RL(, "bad 'ip' %s", b->ip);
return;
}
-match_set_reg(, 0, ntohl(ip));
+match_set_reg(_arp_match, 0, ntohl(ip));
+match_set_reg(_arp_match, 0, ntohl(ip));
+match_set_dl_type(_arp_match, htons(ETH_TYPE_ARP));
} else {
struct in6_addr ip6;
if (!ipv6_parse(b->ip, )) {
@@ -795,17 +800,35 @@ consider_neighbor_flow(struct ovsdb_idl_index
*sbrec_port_binding_by_name,
}
ovs_be128 value;
memcpy(, , sizeof(value));
-match_set_xxreg(, 0, ntoh128(value));
+match_set_xxreg(_arp_match, 0, ntoh128(value));
+
+match_set_xxreg(_arp_match, 0, ntoh128(value));
+match_set_dl_type(_arp_match, htons(ETH_TYPE_IPV6));
+match_set_nw_proto(_arp_match, 58);
+match_set_icmp_code(_arp_match, 0);
}
-match_set_metadata(, htonll(pb->datapath->tunnel_key));
-match_set_reg(, MFF_LOG_OUTPORT - MFF_REG0, pb->tunnel_key);
+match_set_metadata(_arp_match, htonll(pb->datapath->tunnel_key));
+match_set_reg(_arp_match, MFF_LOG_OUTPORT - MFF_REG0, pb->tunnel_key);
+
+match_set_metadata(_arp_match, htonll(pb->datapath->tunnel_key));
+match_set_reg(_arp_match, MFF_LOG_INPORT - MFF_REG0,
+ pb->tunnel_key);
uint64_t stub[1024 / 8];
struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(stub);
[ovs-dev] [PATCH ovn] Fix the compilation failures
From: Numan Siddique
Below compilation errors are seen:
- make[1]: *** No rule to make target 'Documentation/internals/charter.rst',
needed by 'all-am'. Stop.
- Warning, treated as error:
../MAINTAINERS.rst:63:Insufficient data supplied (1 row(s)); no data remaining
for table body, required by "list-table" directive.
Fixes: 0ba67050dcb3("Remove the OVS charter.")
Fixes: 311b1a31ceb5(Acknowledge that OVN committers are a new group.)
CC: Russell Bryant
Signed-off-by: Numan Siddique
---
Documentation/automake.mk | 1 -
Documentation/index.rst | 3 +--
Documentation/internals/index.rst | 1 -
MAINTAINERS.rst | 2 +-
4 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/Documentation/automake.mk b/Documentation/automake.mk
index f7e1d2628..ff376fd83 100644
--- a/Documentation/automake.mk
+++ b/Documentation/automake.mk
@@ -39,7 +39,6 @@ DOC_SOURCE = \
Documentation/internals/index.rst \
Documentation/internals/authors.rst \
Documentation/internals/bugs.rst \
- Documentation/internals/charter.rst \
Documentation/internals/committer-emeritus-status.rst \
Documentation/internals/committer-grant-revocation.rst \
Documentation/internals/committer-responsibilities.rst \
diff --git a/Documentation/index.rst b/Documentation/index.rst
index de4c45857..290c0abdd 100644
--- a/Documentation/index.rst
+++ b/Documentation/index.rst
@@ -85,8 +85,7 @@ Learn more about the Open vSwitch project and about how you
can contribute:
:doc:`internals/contributing/coding-style` |
:doc:`internals/contributing/coding-style-windows`
-- **Maintaining:** :doc:`internals/charter` |
- :doc:`internals/maintainers` |
+- **Maintaining:** :doc:`internals/maintainers` |
:doc:`internals/committer-responsibilities` |
:doc:`internals/committer-grant-revocation` |
:doc:`internals/committer-emeritus-status`
diff --git a/Documentation/internals/index.rst
b/Documentation/internals/index.rst
index 1da7501e2..cf54d74b3 100644
--- a/Documentation/internals/index.rst
+++ b/Documentation/internals/index.rst
@@ -39,7 +39,6 @@ itself and how they might involved.
release-process
bugs
security
- charter
committer-emeritus-status
committer-responsibilities
committer-grant-revocation
diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index f2c3e3ecd..59ad1ea57 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -61,7 +61,7 @@ More information about Emeritus Committers can be found
`here `__.
.. list-table:: OVS Emeritus Maintainers
- :header-rows: 1
+ :header-rows: 0
* - Name
- Email
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn v2] Learn the mac binding only if required
From: Numan Siddique
OVN has the actions - put_arp and put_nd to learn the mac bindings from the
ARP/ND packets. These actions update the Southbound MAC_Binding table.
These actions translates to controller actions. Whenever pinctrl thread
receives such packets, it wakes up the main ovn-controller thread.
If the MAC_Binding table is already upto date, this results
in unnecessary CPU cyles. There are some security implications as well.
A rogue VM can flood broadcast ARP request/reply packets and this
could cause DoS issues. A physical switch may send periodic GARPs
and these packets hit ovn-controllers.
This patch solves these problems by learning the mac bindings only if
required. There is no need to apply the put_arp/put_nd action if the
Southbound MAC_Binding row is upto date.
New actions - lookup_arp and lookup_nd are added which looks up the
IP, MAC pair in the mac_binding table and stores the result in a
register. 1 if lookup is successful, 0 otherwise.
ovn-northd adds 2 new stages - lookup_arp and put_arp before ip_input
in the router ingress pipeline.
The logical flows looks something like:
table=1 (lr_in_lookup_arp), priority=100 , match=(arp),
reg9[4] = lookup_arp(inport, arp.spa, arp.sha); next;)
table=1 (lr_in_lookup_arp), priority=0, match=(1), action=(next;)
...
table=2 (lr_in_put_arp ), priority=100 ,
match=(arp.op == 2 && reg9[4] == 0),
action=(put_arp(inport, arp.spa, arp.sha);)
table=2 (lr_in_put_arp ), priority=90 , match=(arp.op == 2), action=(drop;)
table=2 (lr_in_put_arp ), priority=0, match=(1), action=(next;)
The lflow module of ovn-controller adds OF flows in table 31
(OFTABLE_MAC_LOOKUP)
for each mac_binding entry with the match reg0 = ip && eth.src = mac with
the action - load:1->reg2[0]
Eg:
table=31,
priority=100,arp,reg0=0xaca8006f,reg14=0x3,metadata=0x3,dl_src=00:44:00:00:00:04
actions=load:1->NXM_NX_REG2[0]
This patch should also address the issue reported in 'Reported-at'
Reported-at: https://bugzilla.redhat.com/1729846
Reported-by: Haidong Li
CC: Han ZHou
CC: Dumitru Ceara
Tested-by: Dumitru Ceara
Signed-off-by: Numan Siddique
---
v1 -> v2
===
* Addressed review comments from Han - Storing the result
of lookup_arp/lookup_nd in a register.
controller/lflow.c | 36 -
controller/lflow.h | 1 +
include/ovn/actions.h| 13 ++
include/ovn/logical-fields.h | 3 +
lib/actions.c| 115 ++
northd/ovn-northd.8.xml | 251 --
northd/ovn-northd.c | 205 ++---
ovn-sb.xml | 57 +++
tests/ovn.at | 290 ++-
tests/test-ovn.c | 1 +
utilities/ovn-trace.c| 69 +
11 files changed, 861 insertions(+), 180 deletions(-)
diff --git a/controller/lflow.c b/controller/lflow.c
index d0335a83a..762752753 100644
--- a/controller/lflow.c
+++ b/controller/lflow.c
@@ -687,6 +687,7 @@ consider_logical_flow(
.egress_ptable = OFTABLE_LOG_EGRESS_PIPELINE,
.output_ptable = output_ptable,
.mac_bind_ptable = OFTABLE_MAC_BINDING,
+.mac_lookup_ptable = OFTABLE_MAC_LOOKUP,
};
ovnacts_encode(ovnacts.data, ovnacts.size, , );
ovnacts_free(ovnacts.data, ovnacts.size);
@@ -777,7 +778,9 @@ consider_neighbor_flow(struct ovsdb_idl_index
*sbrec_port_binding_by_name,
return;
}
-struct match match = MATCH_CATCHALL_INITIALIZER;
+struct match get_arp_match = MATCH_CATCHALL_INITIALIZER;
+struct match lookup_arp_match = MATCH_CATCHALL_INITIALIZER;
+
if (strchr(b->ip, '.')) {
ovs_be32 ip;
if (!ip_parse(b->ip, )) {
@@ -785,7 +788,9 @@ consider_neighbor_flow(struct ovsdb_idl_index
*sbrec_port_binding_by_name,
VLOG_WARN_RL(, "bad 'ip' %s", b->ip);
return;
}
-match_set_reg(, 0, ntohl(ip));
+match_set_reg(_arp_match, 0, ntohl(ip));
+match_set_reg(_arp_match, 0, ntohl(ip));
+match_set_dl_type(_arp_match, htons(ETH_TYPE_ARP));
} else {
struct in6_addr ip6;
if (!ipv6_parse(b->ip, )) {
@@ -795,17 +800,34 @@ consider_neighbor_flow(struct ovsdb_idl_index
*sbrec_port_binding_by_name,
}
ovs_be128 value;
memcpy(, , sizeof(value));
-match_set_xxreg(, 0, ntoh128(value));
+match_set_xxreg(_arp_match, 0, ntoh128(value));
+
+match_set_xxreg(_arp_match, 0, ntoh128(value));
+match_set_dl_type(_arp_match, htons(ETH_TYPE_IPV6));
+match_set_nw_proto(_arp_match, 58);
+match_set_icmp_code(_arp_match, 0);
}
-match_set_metadata(, htonll(pb->datapath->tunnel_key));
-match_set_reg(, MFF_LOG_OUTPORT - MFF_REG0, pb->tunnel_key);
+match_set_metadata(_arp_match, htonll(pb->datapath->tunnel_key));
+match_set_reg(_arp_match, MFF_LOG_OUTPORT - MFF_REG0, pb->tunnel_key);
+
[ovs-dev] [PATCH ovn] ovn-lib: Fix the wrong ovn_etcdir path
From: Numan Siddique
'sysconfdir' is used instead of 'ovn_sysconfdir' to determine the ovn_etcdir
path.
Signed-off-by: Numan Siddique
---
utilities/ovn-lib.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utilities/ovn-lib.in b/utilities/ovn-lib.in
index 50111a76b..a8fc9d6db 100644
--- a/utilities/ovn-lib.in
+++ b/utilities/ovn-lib.in
@@ -25,7 +25,7 @@
ovn_logdir=${OVN_LOGDIR-'@LOGDIR@'} # /var/log/ovn
ovn_rundir=${OVN_RUNDIR-'@OVN_RUNDIR@'} # /var/run/ovn
ovn_sysconfdir=${OVN_SYSCONFDIR-'@sysconfdir@'} # /etc
-ovn_etcdir=$sysconfdir/ovn # /etc/ovn
+ovn_etcdir=$ovn_sysconfdir/ovn # /etc/ovn
ovn_datadir=${OVN_PKGDATADIR-'@pkgdatadir@'}# /usr/share/ovn
ovn_bindir=${OVN_BINDIR-'@bindir@'} # /usr/bin
ovn_sbindir=${OVN_SBINDIR-'@sbindir@'} # /usr/sbin
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [branch 2.12] ovn: Exclude inport and outport symbol tables from conjunction
From: Numan Siddique
If there are multiple ACLs associated with a port group and they
match on a range of some field, then ovn-controller doesn't install
the flows properly and this results in broken ACL functionality.
For example, if there is a port group - pg1 with logical ports - [p1, p2]
and if there are below ACLs (only match condition is shown)
1 - outport == @pg1 && ip4 && tcp.dst >= 500 && tcp.dst <= 501
2 - outport == @pg1 && ip4 && tcp.dst >= 600 && tcp.dst <= 601
The first ACL will result in the below OF flows
1. conj_id=1,tcp
2. tcp,reg15=0x11: conjunction(1, 1/2)
3. tcp,reg15=0x12: conjunction(1, 1/2)
5. tcp,tp_dst=500: conjunction(1, 2/2)
6. tcp,tp_dst=501: conjunction(1, 2/2)
The second ACL will result in the below OF flows
7. conj_id=2,tcp
8. tcp,reg15=0x11: conjunction(2, 1/2)
9. tcp,reg15=0x12: conjunction(2, 1/2)
11. tcp,tp_dst=600: conjunction(2, 2/2)
12. tcp,tp_dst=601: conjunction(2, 3/2)
The OF flows (2) and (8) have the exact match but with different action.
This results in only one of the flows getting installed. The same goes
for the flows (3) and (9). And this completely breaks the ACL functionality
for such scenarios.
In order to fix this issue, this patch excludes the 'inport' and 'outport'
symbols
from conjunction. With this patch we will have the below flows.
tcp,reg15=0x11,tp_dst=500
tcp,reg15=0x11,tp_dst=501
tcp,reg15=0x12,tp_dst=500
tcp,reg15=0x12,tp_dst=501
tcp,reg15=0x13,tp_dst=500
tcp,reg15=0x13,tp_dst=501
tcp,reg15=0x11,tp_dst=600
tcp,reg15=0x11,tp_dst=601
tcp,reg15=0x12,tp_dst=600
tcp,reg15=0x12,tp_dst=601
tcp,reg15=0x13,tp_dst=600
tcp,reg15=0x13,tp_dst=601
Acked-by: Mark Michelson
Acked-by: Daniel Alvarez
Signed-off-by: Numan Siddique
(cherry-picked from ovn commit 298701dbc99645700be41680a43d049cb061847a)
---
ovn/lib/expr.c | 2 +-
tests/ovn.at | 26 ++
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/ovn/lib/expr.c b/ovn/lib/expr.c
index e4c650f7c..c0871e1e8 100644
--- a/ovn/lib/expr.c
+++ b/ovn/lib/expr.c
@@ -1499,7 +1499,7 @@ expr_symtab_add_string(struct shash *symtab, const char
*name,
const struct mf_field *field = mf_from_id(id);
struct expr_symbol *symbol;
-symbol = add_symbol(symtab, name, 0, prereqs, EXPR_L_NOMINAL, false,
+symbol = add_symbol(symtab, name, 0, prereqs, EXPR_L_NOMINAL, true,
field->writable);
symbol->field = field;
return symbol;
diff --git a/tests/ovn.at b/tests/ovn.at
index 2361524ff..54aa19bb2 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -573,6 +573,24 @@ ip,reg14=0x6
ipv6,reg14=0x5
ipv6,reg14=0x6
])
+AT_CHECK([expr_to_flow 'inport == {"eth0", "eth1", "eth2"} && ip4 && tcp &&
tcp.dst == {500, 501}'], [0], [dnl
+tcp,reg14=0x5,tp_dst=500
+tcp,reg14=0x5,tp_dst=501
+tcp,reg14=0x6,tp_dst=500
+tcp,reg14=0x6,tp_dst=501
+])
+AT_CHECK([expr_to_flow 'outport == {"eth0", "eth1", "eth2"} && ip4 && tcp &&
tcp.src == {400, 401} && tcp.dst == {500, 501}'], [0], [dnl
+conj_id=1,tcp,reg15=0x5
+conj_id=2,tcp,reg15=0x6
+tcp,reg15=0x5,tp_dst=500: conjunction(1, 0/2)
+tcp,reg15=0x5,tp_dst=501: conjunction(1, 0/2)
+tcp,reg15=0x5,tp_src=400: conjunction(1, 1/2)
+tcp,reg15=0x5,tp_src=401: conjunction(1, 1/2)
+tcp,reg15=0x6,tp_dst=500: conjunction(2, 0/2)
+tcp,reg15=0x6,tp_dst=501: conjunction(2, 0/2)
+tcp,reg15=0x6,tp_src=400: conjunction(2, 1/2)
+tcp,reg15=0x6,tp_src=401: conjunction(2, 1/2)
+])
AT_CHECK([expr_to_flow 'inport == "eth0" && inport == "eth1"'], [0], [dnl
(no flows)
])
@@ -677,6 +695,14 @@ reg15=0x11
reg15=0x12
reg15=0x13
])
+AT_CHECK([expr_to_flow 'outport == @pg1 && ip4.src == {10.0.0.4, 10.0.0.5}'],
[0], [dnl
+ip,reg15=0x11,nw_src=10.0.0.4
+ip,reg15=0x11,nw_src=10.0.0.5
+ip,reg15=0x12,nw_src=10.0.0.4
+ip,reg15=0x12,nw_src=10.0.0.5
+ip,reg15=0x13,nw_src=10.0.0.4
+ip,reg15=0x13,nw_src=10.0.0.5
+])
AT_CHECK([expr_to_flow 'outport == {@pg_empty}'], [0], [dnl
(no flows)
])
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] Exclude inport and outport symbol tables from conjunction
From: Numan Siddique
If there are multiple ACLs associated with a port group and they
match on a range of some field, then ovn-controller doesn't install
the flows properly and this results in broken ACL functionality.
For example, if there is a port group - pg1 with logical ports - [p1, p2]
and if there are below ACLs (only match condition is shown)
1 - outport == @pg1 && ip4 && tcp.dst >= 500 && tcp.dst <= 501
2 - outport == @pg1 && ip4 && tcp.dst >= 600 && tcp.dst <= 601
The first ACL will result in the below OF flows
1. conj_id=1,tcp
2. tcp,reg15=0x11: conjunction(1, 1/2)
3. tcp,reg15=0x12: conjunction(1, 1/2)
5. tcp,tp_dst=500: conjunction(1, 2/2)
6. tcp,tp_dst=501: conjunction(1, 2/2)
The second ACL will result in the below OF flows
7. conj_id=2,tcp
8. tcp,reg15=0x11: conjunction(2, 1/2)
9. tcp,reg15=0x12: conjunction(2, 1/2)
11. tcp,tp_dst=600: conjunction(2, 2/2)
12. tcp,tp_dst=601: conjunction(2, 3/2)
The OF flows (2) and (8) have the exact match but with different action.
This results in only one of the flows getting installed. The same goes
for the flows (3) and (9). And this completely breaks the ACL functionality
for such scenarios.
In order to fix this issue, this patch excludes the 'inport' and 'outport'
symbols
from conjunction. With this patch we will have the below flows.
tcp,reg15=0x11,tp_dst=500
tcp,reg15=0x11,tp_dst=501
tcp,reg15=0x12,tp_dst=500
tcp,reg15=0x12,tp_dst=501
tcp,reg15=0x13,tp_dst=500
tcp,reg15=0x13,tp_dst=501
tcp,reg15=0x11,tp_dst=600
tcp,reg15=0x11,tp_dst=601
tcp,reg15=0x12,tp_dst=600
tcp,reg15=0x12,tp_dst=601
tcp,reg15=0x13,tp_dst=600
tcp,reg15=0x13,tp_dst=601
Signed-off-by: Numan Siddique
---
lib/expr.c | 2 +-
tests/ovn.at | 26 ++
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/lib/expr.c b/lib/expr.c
index e4c650f7c..c0871e1e8 100644
--- a/lib/expr.c
+++ b/lib/expr.c
@@ -1499,7 +1499,7 @@ expr_symtab_add_string(struct shash *symtab, const char
*name,
const struct mf_field *field = mf_from_id(id);
struct expr_symbol *symbol;
-symbol = add_symbol(symtab, name, 0, prereqs, EXPR_L_NOMINAL, false,
+symbol = add_symbol(symtab, name, 0, prereqs, EXPR_L_NOMINAL, true,
field->writable);
symbol->field = field;
return symbol;
diff --git a/tests/ovn.at b/tests/ovn.at
index 2a35b4e15..14d9f59b0 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -589,6 +589,24 @@ ip,reg14=0x6
ipv6,reg14=0x5
ipv6,reg14=0x6
])
+AT_CHECK([expr_to_flow 'inport == {"eth0", "eth1", "eth2"} && ip4 && tcp &&
tcp.dst == {500, 501}'], [0], [dnl
+tcp,reg14=0x5,tp_dst=500
+tcp,reg14=0x5,tp_dst=501
+tcp,reg14=0x6,tp_dst=500
+tcp,reg14=0x6,tp_dst=501
+])
+AT_CHECK([expr_to_flow 'outport == {"eth0", "eth1", "eth2"} && ip4 && tcp &&
tcp.src == {400, 401} && tcp.dst == {500, 501}'], [0], [dnl
+conj_id=1,tcp,reg15=0x5
+conj_id=2,tcp,reg15=0x6
+tcp,reg15=0x5,tp_dst=500: conjunction(1, 0/2)
+tcp,reg15=0x5,tp_dst=501: conjunction(1, 0/2)
+tcp,reg15=0x5,tp_src=400: conjunction(1, 1/2)
+tcp,reg15=0x5,tp_src=401: conjunction(1, 1/2)
+tcp,reg15=0x6,tp_dst=500: conjunction(2, 0/2)
+tcp,reg15=0x6,tp_dst=501: conjunction(2, 0/2)
+tcp,reg15=0x6,tp_src=400: conjunction(2, 1/2)
+tcp,reg15=0x6,tp_src=401: conjunction(2, 1/2)
+])
AT_CHECK([expr_to_flow 'inport == "eth0" && inport == "eth1"'], [0], [dnl
(no flows)
])
@@ -693,6 +711,14 @@ reg15=0x11
reg15=0x12
reg15=0x13
])
+AT_CHECK([expr_to_flow 'outport == @pg1 && ip4.src == {10.0.0.4, 10.0.0.5}'],
[0], [dnl
+ip,reg15=0x11,nw_src=10.0.0.4
+ip,reg15=0x11,nw_src=10.0.0.5
+ip,reg15=0x12,nw_src=10.0.0.4
+ip,reg15=0x12,nw_src=10.0.0.5
+ip,reg15=0x13,nw_src=10.0.0.4
+ip,reg15=0x13,nw_src=10.0.0.5
+])
AT_CHECK([expr_to_flow 'outport == {@pg_empty}'], [0], [dnl
(no flows)
])
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] Learn the mac binding only if required
From: Numan Siddique
OVN has the actions - put_arp and put_nd to learn the mac bindings from the
ARP/ND packets. These actions update the Southbound MAC_Binding table.
These actions translates to controller actions. Whenever pinctrl thread
receives such packets, it wakes up the main ovn-controller thread.
If the MAC_Binding table is already upto date, this results
in unnecessary CPU cyles. There are some security implications as well.
A rogue VM can flood broadcast ARP request/reply packets and this
could cause DoS issues. A physical switch may send periodic GARPs
and these packets hit ovn-controllers.
This patch solves these problems by learning the mac bindings only if
required. There is no need to apply the put_arp/put_nd action if the
Southbound MAC_Binding row is upto date.
A new action - lookup_arp and lookup_nd is added which looks up the
IP, MAC pair in the mac_binding table and updates the eth.dst if
the entry is present, else eth.dst is set to 00:00:00:00:00:00.
ovn-northd adds 2 new stages - lookup_arp and put_arp before ip_input
in the router ingress pipeline.
The logical flows looks something like:
table=1 (lr_in_lookup_arp), priority=100 , match=(arp),
action=(xxreg1[0..47] = eth.dst;
lookup_arp(inport, arp.spa, arp.sha);
xxreg0[0..47] = eth.dst; eth.dst = xxreg1[0..47]; next;)
table=1 (lr_in_lookup_arp), priority=0, match=(1), action=(next;)
...
table=2 (lr_in_put_arp ), priority=100 ,
match=(arp.op == 2 && xxreg0[0..47] == 00:00:00:00:00:00),
action=(put_arp(inport, arp.spa, arp.sha);)
table=2 (lr_in_put_arp ), priority=90 , match=(arp.op == 2), action=(drop;)
table=2 (lr_in_put_arp ), priority=0, match=(1), action=(next;)
The lflow module of ovn-controller adds OF flows in table 31
(OFTABLE_MAC_LOOKUP)
for each mac_binding entry with the match reg0 = ip && eth.src = mac with
the action - eth.dst = mac
Eg:
table=31,
priority=100,arp,reg0=0xaca8006f,reg14=0x3,metadata=0x3,dl_src=00:44:00:00:00:04
actions=mod_dl_dst:00:44:00:00:00:04
This patch should also address the issue reported in 'Reported-at'
Reported-at: https://bugzilla.redhat.com/1729846
Reported-by: Haidong Li
CC: Han ZHou
CC: Dumitru Ceara
Signed-off-by: Numan Siddique
---
controller/lflow.c | 33 -
controller/lflow.h | 1 +
include/ovn/actions.h | 12 ++
lib/actions.c | 87
northd/ovn-northd.8.xml | 261 +---
northd/ovn-northd.c | 210 -
ovn-sb.xml | 46 +++
tests/ovn.at| 286 +++-
tests/test-ovn.c| 1 +
utilities/ovn-trace.c | 67 ++
10 files changed, 824 insertions(+), 180 deletions(-)
diff --git a/controller/lflow.c b/controller/lflow.c
index d0335a83a..45c4d725a 100644
--- a/controller/lflow.c
+++ b/controller/lflow.c
@@ -687,6 +687,7 @@ consider_logical_flow(
.egress_ptable = OFTABLE_LOG_EGRESS_PIPELINE,
.output_ptable = output_ptable,
.mac_bind_ptable = OFTABLE_MAC_BINDING,
+.mac_lookup_ptable = OFTABLE_MAC_LOOKUP,
};
ovnacts_encode(ovnacts.data, ovnacts.size, , );
ovnacts_free(ovnacts.data, ovnacts.size);
@@ -777,7 +778,9 @@ consider_neighbor_flow(struct ovsdb_idl_index
*sbrec_port_binding_by_name,
return;
}
-struct match match = MATCH_CATCHALL_INITIALIZER;
+struct match get_arp_match = MATCH_CATCHALL_INITIALIZER;
+struct match lookup_arp_match = MATCH_CATCHALL_INITIALIZER;
+
if (strchr(b->ip, '.')) {
ovs_be32 ip;
if (!ip_parse(b->ip, )) {
@@ -785,7 +788,9 @@ consider_neighbor_flow(struct ovsdb_idl_index
*sbrec_port_binding_by_name,
VLOG_WARN_RL(, "bad 'ip' %s", b->ip);
return;
}
-match_set_reg(, 0, ntohl(ip));
+match_set_reg(_arp_match, 0, ntohl(ip));
+match_set_reg(_arp_match, 0, ntohl(ip));
+match_set_dl_type(_arp_match, htons(ETH_TYPE_ARP));
} else {
struct in6_addr ip6;
if (!ipv6_parse(b->ip, )) {
@@ -795,17 +800,31 @@ consider_neighbor_flow(struct ovsdb_idl_index
*sbrec_port_binding_by_name,
}
ovs_be128 value;
memcpy(, , sizeof(value));
-match_set_xxreg(, 0, ntoh128(value));
+match_set_xxreg(_arp_match, 0, ntoh128(value));
+
+match_set_xxreg(_arp_match, 0, ntoh128(value));
+match_set_dl_type(_arp_match, htons(ETH_TYPE_IPV6));
+match_set_nw_proto(_arp_match, 58);
+match_set_icmp_code(_arp_match, 0);
}
-match_set_metadata(, htonll(pb->datapath->tunnel_key));
-match_set_reg(, MFF_LOG_OUTPORT - MFF_REG0, pb->tunnel_key);
+match_set_metadata(_arp_match, htonll(pb->datapath->tunnel_key));
+match_set_reg(_arp_match, MFF_LOG_OUTPORT - MFF_REG0, pb->tunnel_key);
+
+match_set_metadata(_arp_match, htonll(pb->datapath->tunnel_key));
+
[ovs-dev] [PATCH] Exclude ovn-nb/ovn-sb man and OVN schema files during compilation.
From: Numan Siddique
The commit [1] removed OVN, but had to leave out some OVN bits
for the ovsdb-server raft testing. But "make install" is installing
ovn-nb/ovn-sb man entries and OVN schema files.
This patch excludes these.
"make install" is also installing ovn-nbctl/ovn-sbctl and this still needs to
be addressed.
[1] - f3e24610ea8("Remove OVN.")
Signed-off-by: Numan Siddique
---
ovn/automake.mk | 83 ++-
ovn/utilities/automake.mk | 10 +
2 files changed, 6 insertions(+), 87 deletions(-)
diff --git a/ovn/automake.mk b/ovn/automake.mk
index afaf0688c..7d16c6036 100644
--- a/ovn/automake.mk
+++ b/ovn/automake.mk
@@ -1,82 +1,7 @@
-# OVN southbound schema and IDL
-EXTRA_DIST += ovn/ovn-sb.ovsschema
-pkgdata_DATA += ovn/ovn-sb.ovsschema
-
-# OVN southbound E-R diagram
-#
-# If "python" or "dot" is not available, then we do not add graphical diagram
-# to the documentation.
-if HAVE_PYTHON
-if HAVE_DOT
-ovn/ovn-sb.gv: ovsdb/ovsdb-dot.in ovn/ovn-sb.ovsschema
- $(AM_V_GEN)$(OVSDB_DOT) --no-arrows $(srcdir)/ovn/ovn-sb.ovsschema > $@
-ovn/ovn-sb.pic: ovn/ovn-sb.gv ovsdb/dot2pic
- $(AM_V_GEN)(dot -T plain < ovn/ovn-sb.gv | $(PYTHON)
$(srcdir)/ovsdb/dot2pic -f 3) > $@.tmp && \
- mv $@.tmp $@
-OVN_SB_PIC = ovn/ovn-sb.pic
-OVN_SB_DOT_DIAGRAM_ARG = --er-diagram=$(OVN_SB_PIC)
-CLEANFILES += ovn/ovn-sb.gv ovn/ovn-sb.pic
-endif
-endif
-
-# OVN southbound schema documentation
-EXTRA_DIST += ovn/ovn-sb.xml
-CLEANFILES += ovn/ovn-sb.5
-man_MANS += ovn/ovn-sb.5
-ovn/ovn-sb.5: \
- ovsdb/ovsdb-doc ovn/ovn-sb.xml ovn/ovn-sb.ovsschema $(OVN_SB_PIC)
- $(AM_V_GEN)$(OVSDB_DOC) \
- $(OVN_SB_DOT_DIAGRAM_ARG) \
- --version=$(VERSION) \
- $(srcdir)/ovn/ovn-sb.ovsschema \
- $(srcdir)/ovn/ovn-sb.xml > $@.tmp && \
- mv $@.tmp $@
-
-# OVN northbound schema and IDL
-EXTRA_DIST += ovn/ovn-nb.ovsschema
-pkgdata_DATA += ovn/ovn-nb.ovsschema
-
-# OVN northbound E-R diagram
-#
-# If "python" or "dot" is not available, then we do not add graphical diagram
-# to the documentation.
-if HAVE_PYTHON
-if HAVE_DOT
-ovn/ovn-nb.gv: ovsdb/ovsdb-dot.in ovn/ovn-nb.ovsschema
- $(AM_V_GEN)$(OVSDB_DOT) --no-arrows $(srcdir)/ovn/ovn-nb.ovsschema > $@
-ovn/ovn-nb.pic: ovn/ovn-nb.gv ovsdb/dot2pic
- $(AM_V_GEN)(dot -T plain < ovn/ovn-nb.gv | $(PYTHON)
$(srcdir)/ovsdb/dot2pic -f 3) > $@.tmp && \
- mv $@.tmp $@
-OVN_NB_PIC = ovn/ovn-nb.pic
-OVN_NB_DOT_DIAGRAM_ARG = --er-diagram=$(OVN_NB_PIC)
-CLEANFILES += ovn/ovn-nb.gv ovn/ovn-nb.pic
-endif
-endif
-
-# OVN northbound schema documentation
-EXTRA_DIST += ovn/ovn-nb.xml
-CLEANFILES += ovn/ovn-nb.5
-man_MANS += ovn/ovn-nb.5
-ovn/ovn-nb.5: \
- ovsdb/ovsdb-doc ovn/ovn-nb.xml ovn/ovn-nb.ovsschema $(OVN_NB_PIC)
- $(AM_V_GEN)$(OVSDB_DOC) \
- $(OVN_NB_DOT_DIAGRAM_ARG) \
- --version=$(VERSION) \
- $(srcdir)/ovn/ovn-nb.ovsschema \
- $(srcdir)/ovn/ovn-nb.xml > $@.tmp && \
- mv $@.tmp $@
-
-# Version checking for ovn-nb.ovsschema.
-ALL_LOCAL += ovn/ovn-nb.ovsschema.stamp
-ovn/ovn-nb.ovsschema.stamp: ovn/ovn-nb.ovsschema
- $(srcdir)/build-aux/cksum-schema-check $? $@
-CLEANFILES += ovn/ovn-nb.ovsschema.stamp
-
-# Version checking for ovn-sb.ovsschema.
-ALL_LOCAL += ovn/ovn-sb.ovsschema.stamp
-ovn/ovn-sb.ovsschema.stamp: ovn/ovn-sb.ovsschema
- $(srcdir)/build-aux/cksum-schema-check $? $@
-CLEANFILES += ovn/ovn-sb.ovsschema.stamp
+EXTRA_DIST += ovn/ovn-sb.ovsschema \
+ ovn/ovn-sb.xml \
+ ovn/ovn-nb.ovsschema \
+ ovn/ovn-nb.xml
include ovn/lib/automake.mk
include ovn/utilities/automake.mk
diff --git a/ovn/utilities/automake.mk b/ovn/utilities/automake.mk
index c2c3b7d5c..d2e2675c0 100644
--- a/ovn/utilities/automake.mk
+++ b/ovn/utilities/automake.mk
@@ -1,12 +1,6 @@
-man_MANS += \
-ovn/utilities/ovn-nbctl.8 \
-ovn/utilities/ovn-sbctl.8
-
-MAN_ROOTS += \
-ovn/utilities/ovn-sbctl.8.in
-
EXTRA_DIST += \
-ovn/utilities/ovn-nbctl.8.xml
+ovn/utilities/ovn-nbctl.8.xml \
+ovn/utilities/ovn-sbctl.8.in
CLEANFILES += \
ovn/utilities/ovn-nbctl.8 \
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn v2 2/2] Generate documentation and manpages for ovn-archicture and ovn-nb/ovn-sb
From: Numan Siddique
This was missing when OVN was split from OVS.
Signed-off-by: Numan Siddique
---
Makefile.am | 17 +
TODO_SPLIT.rst | 6 ---
automake.mk | 84 +
ovn-nb.xml | 2 +-
rhel/ovn-fedora.spec.in | 6 +--
5 files changed, 89 insertions(+), 26 deletions(-)
create mode 100644 automake.mk
diff --git a/Makefile.am b/Makefile.am
index f3df733a1..97dc309e3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -488,22 +488,7 @@ dist-docs:
.PHONY: dist-docs
-# Version checking for ovn-nb.ovsschema.
-ALL_LOCAL += ovn-nb.ovsschema.stamp
-ovn-nb.ovsschema.stamp: ovn-nb.ovsschema
- $(srcdir)/build-aux/cksum-schema-check $? $@
-CLEANFILES += ovn-nb.ovsschema.stamp
-
-# Version checking for ovn-sb.ovsschema.
-ALL_LOCAL += ovn-sb.ovsschema.stamp
-ovn-sb.ovsschema.stamp: ovn-sb.ovsschema
- $(srcdir)/build-aux/cksum-schema-check $? $@
-
-pkgdata_DATA += ovn-nb.ovsschema
-pkgdata_DATA += ovn-sb.ovsschema
-
-CLEANFILES += ovn-sb.ovsschema.stamp
-
+include automake.mk
include Documentation/automake.mk
include m4/automake.mk
include lib/automake.mk
diff --git a/TODO_SPLIT.rst b/TODO_SPLIT.rst
index bb8657eb1..933534084 100644
--- a/TODO_SPLIT.rst
+++ b/TODO_SPLIT.rst
@@ -35,12 +35,6 @@ Immediate tasks
* Someone with a decent ability to write should give the README.rst file some
polish (or even just rewrite it. I won't be offended).
-* After the split, the below things are missing during compilation
- - OVN northbound/southbound E-R diagram
- - OVN northbound/southbound schema documentation
- - ovn-architecture manpage generation.
- This needs to be fixed.
-
* Cleanup the acinclude.m4 and m4 folder
Immediate to Short-term tasks
diff --git a/automake.mk b/automake.mk
new file mode 100644
index 0..ad801f1e5
--- /dev/null
+++ b/automake.mk
@@ -0,0 +1,84 @@
+man_MANS += ovn-architecture.7
+EXTRA_DIST += ovn-architecture.7.xml
+CLEANFILES += ovn-architecture.7
+
+# OVN northbound E-R diagram
+#
+# If "python" or "dot" is not available, then we do not add graphical diagram
+# to the documentation.
+if HAVE_PYTHON
+if HAVE_DOT
+OVSDB_DOT = $(run_python) ${OVSDIR}/ovsdb/ovsdb-dot.in
+ovn-nb.gv: ${OVSDIR}/ovsdb/ovsdb-dot.in $(srcdir)/ovn-nb.ovsschema
+ $(AM_V_GEN)$(OVSDB_DOT) --no-arrows $(srcdir)/ovn-nb.ovsschema > $@
+ovn-nb.pic: ovn-nb.gv ${OVSDIR}/ovsdb/dot2pic
+ $(AM_V_GEN)(dot -T plain < ovn-nb.gv | $(PYTHON)
${OVSDIR}/ovsdb/dot2pic -f 3) > $@.tmp && \
+ mv $@.tmp $@
+OVN_NB_PIC = ovn-nb.pic
+OVN_NB_DOT_DIAGRAM_ARG = --er-diagram=$(OVN_NB_PIC)
+CLEANFILES += ovn-nb.gv ovn-nb.pic
+endif
+endif
+
+# OVN northbound schema documentation
+EXTRA_DIST += ovn-nb.xml
+CLEANFILES += ovn-nb.5
+man_MANS += ovn-nb.5
+
+OVSDB_DOC = $(run_python) ${OVSDIR}/ovsdb/ovsdb-doc
+ovn-nb.5: \
+ ${OVSDIR}/ovsdb/ovsdb-doc $(srcdir)/ovn-nb.xml
$(srcdir)/ovn-nb.ovsschema $(OVN_NB_PIC)
+ $(AM_V_GEN)$(OVSDB_DOC) \
+ $(OVN_NB_DOT_DIAGRAM_ARG) \
+ --version=$(VERSION) \
+ $(srcdir)/ovn-nb.ovsschema \
+ $(srcdir)/ovn-nb.xml > $@.tmp && \
+ mv $@.tmp $@
+
+# OVN southbound E-R diagram
+#
+# If "python" or "dot" is not available, then we do not add graphical diagram
+# to the documentation.
+if HAVE_PYTHON
+if HAVE_DOT
+ovn-sb.gv: ${OVSDIR}/ovsdb/ovsdb-dot.in $(srcdir)/ovn-sb.ovsschema
+ $(AM_V_GEN)$(OVSDB_DOT) --no-arrows $(srcdir)/ovn-sb.ovsschema > $@
+ovn-sb.pic: ovn-sb.gv ${OVSDIR}/ovsdb/dot2pic
+ $(AM_V_GEN)(dot -T plain < ovn-sb.gv | $(PYTHON)
${OVSDIR}/ovsdb/dot2pic -f 3) > $@.tmp && \
+ mv $@.tmp $@
+OVN_SB_PIC = ovn-sb.pic
+OVN_SB_DOT_DIAGRAM_ARG = --er-diagram=$(OVN_SB_PIC)
+CLEANFILES += ovn-sb.gv ovn-sb.pic
+endif
+endif
+
+# OVN southbound schema documentation
+EXTRA_DIST += ovn-sb.xml
+CLEANFILES += ovn-sb.5
+man_MANS += ovn-sb.5
+
+ovn-sb.5: \
+ ${OVSDIR}/ovsdb/ovsdb-doc $(srcdir)/ovn-sb.xml
$(srcdir)/ovn-sb.ovsschema $(OVN_SB_PIC)
+ $(AM_V_GEN)$(OVSDB_DOC) \
+ $(OVN_SB_DOT_DIAGRAM_ARG) \
+ --version=$(VERSION) \
+ $(srcdir)/ovn-sb.ovsschema \
+ $(srcdir)/ovn-sb.xml > $@.tmp && \
+ mv $@.tmp $@
+
+
+# Version checking for ovn-nb.ovsschema.
+ALL_LOCAL += ovn-nb.ovsschema.stamp
+ovn-nb.ovsschema.stamp: ovn-nb.ovsschema
+ $(srcdir)/build-aux/cksum-schema-check $? $@
+CLEANFILES += ovn-nb.ovsschema.stamp
+
+# Version checking for ovn-sb.ovsschema.
+ALL_LOCAL += ovn-sb.ovsschema.stamp
+ovn-sb.ovsschema.stamp: ovn-sb.ovsschema
+ $(srcdir)/build-aux/cksum-schema-check $? $@
+
+pkgdata_DATA += ovn-nb.ovsschema
+pkgdata_DATA += ovn-sb.ovsschema
+
+CLEANFILES += ovn-sb.ovsschema.stamp
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 442e5cb60..b41b57906 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -1535,7 +1535,7 @@
address.
-
+
Enables/disables IP
[ovs-dev] [PATCH ovn v2 1/2] Add ovn-appctl utility
From: Numan Siddique
Now that OVN has it's own rundir, "ovs-appctl -t ovn-controller/ovn-northd"
doesn't work. To fix this, ovn-appctl utility is added which
looks for the OVN pid/ctl files in the ovn rundir.
The code is taken from ovs-appctl.c and modified to use ovn_rundir()
instead of ovs_rundir().
Signed-off-by: Numan Siddique
---
rhel/ovn-fedora.spec.in| 2 +
utilities/.gitignore | 2 +
utilities/automake.mk | 13 +-
utilities/ovn-appctl.8.xml | 352 +
utilities/ovn-appctl.c | 239 +
utilities/ovn-ctl | 18 +-
6 files changed, 615 insertions(+), 11 deletions(-)
create mode 100644 utilities/ovn-appctl.8.xml
create mode 100644 utilities/ovn-appctl.c
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index 14035de9a..9ee807fab 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -430,6 +430,7 @@ fi
%{_bindir}/ovn-sbctl
%{_bindir}/ovn-trace
%{_bindir}/ovn-detrace
+%{_bindir}/ovn-appctl
%{_datadir}/ovn/scripts/ovn-ctl
%{_datadir}/ovn/scripts/ovn-lib
%{_datadir}/ovn/scripts/ovndb-servers.ocf
@@ -440,6 +441,7 @@ fi
%{_mandir}/man8/ovn-nbctl.8*
%{_mandir}/man8/ovn-trace.8*
%{_mandir}/man1/ovn-detrace.1*
+%{_mandir}/man8/ovn-appctl.8*
#%{_mandir}/man7/ovn-architecture.7* - Uncomment this once the manpage is fixed
%{_mandir}/man8/ovn-sbctl.8*
#%{_mandir}/man5/ovn-nb.5* - Uncomment this once the manpage is fixed
diff --git a/utilities/.gitignore b/utilities/.gitignore
index 1d01e0b28..b319e8366 100644
--- a/utilities/.gitignore
+++ b/utilities/.gitignore
@@ -3,6 +3,8 @@
/ovn-nbctl.8
/ovn-sbctl
/ovn-sbctl.8
+/ovn-appctl
+/ovn-appctl.8
/ovn-trace
/ovn-trace.8
/ovn-detrace
diff --git a/utilities/automake.mk b/utilities/automake.mk
index 21dd8ccdf..ab0f6003a 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -8,7 +8,8 @@ man_MANS += \
utilities/ovn-nbctl.8 \
utilities/ovn-sbctl.8 \
utilities/ovn-trace.8 \
-utilities/ovn-detrace.1
+utilities/ovn-detrace.1 \
+utilities/ovn-appctl.8
MAN_ROOTS += \
utilities/ovn-sbctl.8.in \
@@ -27,6 +28,7 @@ EXTRA_DIST += \
utilities/ovn-docker-overlay-driver.in \
utilities/ovn-docker-underlay-driver.in \
utilities/ovn-nbctl.8.xml \
+utilities/ovn-appctl.8.xml \
utilities/ovn-trace.8.xml \
utilities/ovn-detrace.in \
utilities/ovndb-servers.ocf \
@@ -49,7 +51,9 @@ CLEANFILES += \
utilities/ovn-sbctl.8 \
utilities/ovn-trace.8 \
utilities/ovn-detrace.1 \
-utilities/ovn-detrace
+utilities/ovn-detrace \
+utilities/ovn-appctl.8 \
+utilities/ovn-appctl
utilities/ovn-lib: $(top_builddir)/config.status
@@ -68,4 +72,9 @@ bin_PROGRAMS += utilities/ovn-trace
utilities_ovn_trace_SOURCES = utilities/ovn-trace.c
utilities_ovn_trace_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la
$(OVS_LIBDIR)/libopenvswitch.la
+# ovn-nbctl
+bin_PROGRAMS += utilities/ovn-appctl
+utilities_ovn_appctl_SOURCES = utilities/ovn-appctl.c
+utilities_ovn_appctl_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la
$(OVS_LIBDIR)/libopenvswitch.la
+
include utilities/bugtool/automake.mk
diff --git a/utilities/ovn-appctl.8.xml b/utilities/ovn-appctl.8.xml
new file mode 100644
index 0..32a42a766
--- /dev/null
+++ b/utilities/ovn-appctl.8.xml
@@ -0,0 +1,352 @@
+
+
+Name
+ovn-appctl -- utility for configuring running OVN daemons
+
+Synopsis
+
+ ovn-appctl [--target=target | -t target]
+ [-T secs | --timeout=secs] command [arg...]
+
+ovn-appctl --help
+ovn-appctl --version
+
+Description
+
+ OVN daemons accept certain commands at runtime to control their behavior
+ and query their settings. Every daemon accepts a common set of commands
+ documented under COMMON COMMANDS below. Some daemons support additional
+ commands documented in their own manpages.
+
+
+
+ The ovn-appctl program provides a simple way to invoke
+ these commands. The command to be sent is specified on
+ ovn-appctl's command line as non-option arguments.
+ ovn-appctl sends the command and prints the daemon's
+ response on standard output.
+
+
+
+ ovn-ctl is exactly similar to Open vSwitch
+ ovs-appctl utility.
+
+
+Command Commands
+
+ Every OVN daemon supports a common set of commands, which are documented
+ in this section.
+
+
+General Commands
+
+ These commands display daemon-specific commands and the running version.
+ Note that these commands are different from the --help and --version
+ options that return information about the ovn-appctl
+ utility itself.
+
+
+
+ list-commands
+
+Lists the commands supported by the target.
+
+
+ version
+
+Displays the version and compilation date of the target.
+
+
+
+Logging Commands
+
+ OVN
[ovs-dev] [PATCH] Fix the segfault seen in ovn-controller when running tests
From: Numan Siddique
The test case - "116: ovn -- 2 HVs, 2 lports/HV, localnet ports, DVR N-S Ping"
is failing with the segfault in ovn-controller occationally.
This patch fixes it.
backtrace
--
Program terminated with signal SIGSEGV, Segmentation fault.
0x00422414 in put_remote_port_redirect_bridged (...)
at /usr/include/bits/byteswap.h:52
52return __builtin_bswap32 (__bsx);
[Current thread is 1 (Thread 0x7f985fbe04c0 (LWP 18625))]
--
Fixes: 03493b33c073("OVN: Vlan backed DVR N-S, redirect packet via localnet
port")
CC: Ankur Sharma
Signed-off-by: Numan Siddique
---
controller/physical.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/controller/physical.c b/controller/physical.c
index c818646f0..f28c5f078 100644
--- a/controller/physical.c
+++ b/controller/physical.c
@@ -272,6 +272,9 @@ put_remote_port_redirect_bridged(const struct
const struct sbrec_port_binding *ls_localnet_port;
ls_localnet_port = get_localnet_port(local_datapaths, ls_dp_key);
+if (!ls_localnet_port) {
+return;
+}
src_mac = ofpact_put_SET_ETH_SRC(ofpacts_p);
src_mac->mac = binding_mac;
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn 2/2] Generate documentation and manpages for ovn-archicture and ovn-nb/ovn-sb
From: Numan Siddique
This was missing when OVN was split from OVS.
Signed-off-by: Numan Siddique
---
Makefile.am | 17 +
TODO_SPLIT.rst | 6 ---
automake.mk | 84 +
ovn-nb.xml | 2 +-
rhel/ovn-fedora.spec.in | 6 +--
5 files changed, 89 insertions(+), 26 deletions(-)
create mode 100644 automake.mk
diff --git a/Makefile.am b/Makefile.am
index f3df733a1..97dc309e3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -488,22 +488,7 @@ dist-docs:
.PHONY: dist-docs
-# Version checking for ovn-nb.ovsschema.
-ALL_LOCAL += ovn-nb.ovsschema.stamp
-ovn-nb.ovsschema.stamp: ovn-nb.ovsschema
- $(srcdir)/build-aux/cksum-schema-check $? $@
-CLEANFILES += ovn-nb.ovsschema.stamp
-
-# Version checking for ovn-sb.ovsschema.
-ALL_LOCAL += ovn-sb.ovsschema.stamp
-ovn-sb.ovsschema.stamp: ovn-sb.ovsschema
- $(srcdir)/build-aux/cksum-schema-check $? $@
-
-pkgdata_DATA += ovn-nb.ovsschema
-pkgdata_DATA += ovn-sb.ovsschema
-
-CLEANFILES += ovn-sb.ovsschema.stamp
-
+include automake.mk
include Documentation/automake.mk
include m4/automake.mk
include lib/automake.mk
diff --git a/TODO_SPLIT.rst b/TODO_SPLIT.rst
index bb8657eb1..933534084 100644
--- a/TODO_SPLIT.rst
+++ b/TODO_SPLIT.rst
@@ -35,12 +35,6 @@ Immediate tasks
* Someone with a decent ability to write should give the README.rst file some
polish (or even just rewrite it. I won't be offended).
-* After the split, the below things are missing during compilation
- - OVN northbound/southbound E-R diagram
- - OVN northbound/southbound schema documentation
- - ovn-architecture manpage generation.
- This needs to be fixed.
-
* Cleanup the acinclude.m4 and m4 folder
Immediate to Short-term tasks
diff --git a/automake.mk b/automake.mk
new file mode 100644
index 0..ad801f1e5
--- /dev/null
+++ b/automake.mk
@@ -0,0 +1,84 @@
+man_MANS += ovn-architecture.7
+EXTRA_DIST += ovn-architecture.7.xml
+CLEANFILES += ovn-architecture.7
+
+# OVN northbound E-R diagram
+#
+# If "python" or "dot" is not available, then we do not add graphical diagram
+# to the documentation.
+if HAVE_PYTHON
+if HAVE_DOT
+OVSDB_DOT = $(run_python) ${OVSDIR}/ovsdb/ovsdb-dot.in
+ovn-nb.gv: ${OVSDIR}/ovsdb/ovsdb-dot.in $(srcdir)/ovn-nb.ovsschema
+ $(AM_V_GEN)$(OVSDB_DOT) --no-arrows $(srcdir)/ovn-nb.ovsschema > $@
+ovn-nb.pic: ovn-nb.gv ${OVSDIR}/ovsdb/dot2pic
+ $(AM_V_GEN)(dot -T plain < ovn-nb.gv | $(PYTHON)
${OVSDIR}/ovsdb/dot2pic -f 3) > $@.tmp && \
+ mv $@.tmp $@
+OVN_NB_PIC = ovn-nb.pic
+OVN_NB_DOT_DIAGRAM_ARG = --er-diagram=$(OVN_NB_PIC)
+CLEANFILES += ovn-nb.gv ovn-nb.pic
+endif
+endif
+
+# OVN northbound schema documentation
+EXTRA_DIST += ovn-nb.xml
+CLEANFILES += ovn-nb.5
+man_MANS += ovn-nb.5
+
+OVSDB_DOC = $(run_python) ${OVSDIR}/ovsdb/ovsdb-doc
+ovn-nb.5: \
+ ${OVSDIR}/ovsdb/ovsdb-doc $(srcdir)/ovn-nb.xml
$(srcdir)/ovn-nb.ovsschema $(OVN_NB_PIC)
+ $(AM_V_GEN)$(OVSDB_DOC) \
+ $(OVN_NB_DOT_DIAGRAM_ARG) \
+ --version=$(VERSION) \
+ $(srcdir)/ovn-nb.ovsschema \
+ $(srcdir)/ovn-nb.xml > $@.tmp && \
+ mv $@.tmp $@
+
+# OVN southbound E-R diagram
+#
+# If "python" or "dot" is not available, then we do not add graphical diagram
+# to the documentation.
+if HAVE_PYTHON
+if HAVE_DOT
+ovn-sb.gv: ${OVSDIR}/ovsdb/ovsdb-dot.in $(srcdir)/ovn-sb.ovsschema
+ $(AM_V_GEN)$(OVSDB_DOT) --no-arrows $(srcdir)/ovn-sb.ovsschema > $@
+ovn-sb.pic: ovn-sb.gv ${OVSDIR}/ovsdb/dot2pic
+ $(AM_V_GEN)(dot -T plain < ovn-sb.gv | $(PYTHON)
${OVSDIR}/ovsdb/dot2pic -f 3) > $@.tmp && \
+ mv $@.tmp $@
+OVN_SB_PIC = ovn-sb.pic
+OVN_SB_DOT_DIAGRAM_ARG = --er-diagram=$(OVN_SB_PIC)
+CLEANFILES += ovn-sb.gv ovn-sb.pic
+endif
+endif
+
+# OVN southbound schema documentation
+EXTRA_DIST += ovn-sb.xml
+CLEANFILES += ovn-sb.5
+man_MANS += ovn-sb.5
+
+ovn-sb.5: \
+ ${OVSDIR}/ovsdb/ovsdb-doc $(srcdir)/ovn-sb.xml
$(srcdir)/ovn-sb.ovsschema $(OVN_SB_PIC)
+ $(AM_V_GEN)$(OVSDB_DOC) \
+ $(OVN_SB_DOT_DIAGRAM_ARG) \
+ --version=$(VERSION) \
+ $(srcdir)/ovn-sb.ovsschema \
+ $(srcdir)/ovn-sb.xml > $@.tmp && \
+ mv $@.tmp $@
+
+
+# Version checking for ovn-nb.ovsschema.
+ALL_LOCAL += ovn-nb.ovsschema.stamp
+ovn-nb.ovsschema.stamp: ovn-nb.ovsschema
+ $(srcdir)/build-aux/cksum-schema-check $? $@
+CLEANFILES += ovn-nb.ovsschema.stamp
+
+# Version checking for ovn-sb.ovsschema.
+ALL_LOCAL += ovn-sb.ovsschema.stamp
+ovn-sb.ovsschema.stamp: ovn-sb.ovsschema
+ $(srcdir)/build-aux/cksum-schema-check $? $@
+
+pkgdata_DATA += ovn-nb.ovsschema
+pkgdata_DATA += ovn-sb.ovsschema
+
+CLEANFILES += ovn-sb.ovsschema.stamp
diff --git a/ovn-nb.xml b/ovn-nb.xml
index b99a808b8..afef3e432 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -1527,7 +1527,7 @@
address.
-
+
Enables/disables IP
[ovs-dev] [PATCH ovn 1/2] Add ovn-appctl utility
From: Numan Siddique
Now that OVN has it's own rundir, "ovs-appctl -t ovn-controller/ovn-northd"
doesn't work. To fix this, ovn-appctl utility is added which
looks for the OVN pid/ctl files in the ovn rundir.
The code is taken from ovs-appctl.c and modified to use ovn_rundir()
instead of ovs_rundir().
Signed-off-by: Numan Siddique
---
rhel/ovn-fedora.spec.in| 2 +
utilities/.gitignore | 2 +
utilities/automake.mk | 13 +-
utilities/ovn-appctl.8.xml | 352 +
utilities/ovn-appctl.c | 239 +
utilities/ovn-ctl | 18 +-
6 files changed, 615 insertions(+), 11 deletions(-)
create mode 100644 utilities/ovn-appctl.8.xml
create mode 100644 utilities/ovn-appctl.c
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index 14035de9a..9ee807fab 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -430,6 +430,7 @@ fi
%{_bindir}/ovn-sbctl
%{_bindir}/ovn-trace
%{_bindir}/ovn-detrace
+%{_bindir}/ovn-appctl
%{_datadir}/ovn/scripts/ovn-ctl
%{_datadir}/ovn/scripts/ovn-lib
%{_datadir}/ovn/scripts/ovndb-servers.ocf
@@ -440,6 +441,7 @@ fi
%{_mandir}/man8/ovn-nbctl.8*
%{_mandir}/man8/ovn-trace.8*
%{_mandir}/man1/ovn-detrace.1*
+%{_mandir}/man8/ovn-appctl.8*
#%{_mandir}/man7/ovn-architecture.7* - Uncomment this once the manpage is fixed
%{_mandir}/man8/ovn-sbctl.8*
#%{_mandir}/man5/ovn-nb.5* - Uncomment this once the manpage is fixed
diff --git a/utilities/.gitignore b/utilities/.gitignore
index 1d01e0b28..b319e8366 100644
--- a/utilities/.gitignore
+++ b/utilities/.gitignore
@@ -3,6 +3,8 @@
/ovn-nbctl.8
/ovn-sbctl
/ovn-sbctl.8
+/ovn-appctl
+/ovn-appctl.8
/ovn-trace
/ovn-trace.8
/ovn-detrace
diff --git a/utilities/automake.mk b/utilities/automake.mk
index 21dd8ccdf..ab0f6003a 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -8,7 +8,8 @@ man_MANS += \
utilities/ovn-nbctl.8 \
utilities/ovn-sbctl.8 \
utilities/ovn-trace.8 \
-utilities/ovn-detrace.1
+utilities/ovn-detrace.1 \
+utilities/ovn-appctl.8
MAN_ROOTS += \
utilities/ovn-sbctl.8.in \
@@ -27,6 +28,7 @@ EXTRA_DIST += \
utilities/ovn-docker-overlay-driver.in \
utilities/ovn-docker-underlay-driver.in \
utilities/ovn-nbctl.8.xml \
+utilities/ovn-appctl.8.xml \
utilities/ovn-trace.8.xml \
utilities/ovn-detrace.in \
utilities/ovndb-servers.ocf \
@@ -49,7 +51,9 @@ CLEANFILES += \
utilities/ovn-sbctl.8 \
utilities/ovn-trace.8 \
utilities/ovn-detrace.1 \
-utilities/ovn-detrace
+utilities/ovn-detrace \
+utilities/ovn-appctl.8 \
+utilities/ovn-appctl
utilities/ovn-lib: $(top_builddir)/config.status
@@ -68,4 +72,9 @@ bin_PROGRAMS += utilities/ovn-trace
utilities_ovn_trace_SOURCES = utilities/ovn-trace.c
utilities_ovn_trace_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la
$(OVS_LIBDIR)/libopenvswitch.la
+# ovn-nbctl
+bin_PROGRAMS += utilities/ovn-appctl
+utilities_ovn_appctl_SOURCES = utilities/ovn-appctl.c
+utilities_ovn_appctl_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la
$(OVS_LIBDIR)/libopenvswitch.la
+
include utilities/bugtool/automake.mk
diff --git a/utilities/ovn-appctl.8.xml b/utilities/ovn-appctl.8.xml
new file mode 100644
index 0..32a42a766
--- /dev/null
+++ b/utilities/ovn-appctl.8.xml
@@ -0,0 +1,352 @@
+
+
+Name
+ovn-appctl -- utility for configuring running OVN daemons
+
+Synopsis
+
+ ovn-appctl [--target=target | -t target]
+ [-T secs | --timeout=secs] command [arg...]
+
+ovn-appctl --help
+ovn-appctl --version
+
+Description
+
+ OVN daemons accept certain commands at runtime to control their behavior
+ and query their settings. Every daemon accepts a common set of commands
+ documented under COMMON COMMANDS below. Some daemons support additional
+ commands documented in their own manpages.
+
+
+
+ The ovn-appctl program provides a simple way to invoke
+ these commands. The command to be sent is specified on
+ ovn-appctl's command line as non-option arguments.
+ ovn-appctl sends the command and prints the daemon's
+ response on standard output.
+
+
+
+ ovn-ctl is exactly similar to Open vSwitch
+ ovs-appctl utility.
+
+
+Command Commands
+
+ Every OVN daemon supports a common set of commands, which are documented
+ in this section.
+
+
+General Commands
+
+ These commands display daemon-specific commands and the running version.
+ Note that these commands are different from the --help and --version
+ options that return information about the ovn-appctl
+ utility itself.
+
+
+
+ list-commands
+
+Lists the commands supported by the target.
+
+
+ version
+
+Displays the version and compilation date of the target.
+
+
+
+Logging Commands
+
+ OVN
[ovs-dev] [PATCH v4 ovn 4/4] rhel: Run ovn services with the 'openvswitch' user
From: Numan Siddique
This patch could have created a new user 'ovn' for ovn services instead
of using 'openvswitch' user. But this would require some amount of work and
proper testing since the new user 'ovn' should be part of 'openvswitch'
group (to access /var/run/openvswitch/db.sock.). If ovs is compiled with dpdk,
then it may get tricky (as ovs-vswitchd is run as user - openvswitch:hugetlbfs).
We can support a new user for 'ovn' services in the future.
Recently the commit [1] in ovs repo added support to run ovn services with the
'openvswitch' user, but this commit was not applied to ovn repo as we had
already created a new OVN repo. During the OVS/OVN formal split, we missed
out on applying the patch [1]. This patch takes some code from [1].
[1] - 94e1e8be3187 ("rhel: run ovn with the same user as ovs").
Signed-off-by: Numan Siddique
---
rhel/automake.mk| 3 ++-
rhel/ovn-fedora.spec.in | 13 +
...r_lib_systemd_system_ovn-controller-vtep.service | 2 ++
rhel/usr_lib_systemd_system_ovn-controller.service | 2 ++
rhel/usr_lib_systemd_system_ovn-northd.service | 5 -
...usr_share_ovn_scripts_systemd_sysconfig.template | 13 +
utilities/ovn-ctl | 12
7 files changed, 48 insertions(+), 2 deletions(-)
create mode 100644 rhel/usr_share_ovn_scripts_systemd_sysconfig.template
diff --git a/rhel/automake.mk b/rhel/automake.mk
index 39e216b01..a46e6579b 100644
--- a/rhel/automake.mk
+++ b/rhel/automake.mk
@@ -15,7 +15,8 @@ EXTRA_DIST += \
rhel/usr_lib_systemd_system_ovn-controller-vtep.service \
rhel/usr_lib_systemd_system_ovn-northd.service \
rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
- rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
+ rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \
+ rhel/usr_share_ovn_scripts_systemd_sysconfig.template
update_rhel_spec = \
$(AM_V_GEN)($(ro_shell) && sed -e 's,[@]VERSION[@],$(VERSION),g') \
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index cbca87511..14035de9a 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -186,6 +186,10 @@ make %{?_smp_mflags}
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
+install -p -D -m 0644 \
+rhel/usr_share_ovn_scripts_systemd_sysconfig.template \
+$RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/ovn
+
for service in ovn-controller ovn-controller-vtep ovn-northd; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
@@ -319,6 +323,14 @@ fi
fi
%endif
+%post
+%if %{with libcapng}
+if [ $1 -eq 1 ]; then
+sed -i 's:^#OVN_USER_ID=:OVN_USER_ID=:' %{_sysconfdir}/sysconfig/ovn
+sed -i 's:\(.*su\).*:\1 ovn ovn:' %{_sysconfdir}/logrotate.d/ovn
+fi
+%endif
+
%post central
%if 0%{?systemd_post:1}
%systemd_post ovn-northd.service
@@ -413,6 +425,7 @@ if [ $1 -eq 1 ]; then
fi
%files
+%config(noreplace) %{_sysconfdir}/sysconfig/ovn
%{_bindir}/ovn-nbctl
%{_bindir}/ovn-sbctl
%{_bindir}/ovn-trace
diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
index 832849488..09ad0612c 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
@@ -38,10 +38,12 @@ Restart=on-failure
Environment=OVS_RUNDIR=%t/openvswitch
Environment=OVN_RUNDIR=%t/ovn
Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock
+EnvironmentFile=-/etc/sysconfig/ovn
Environment=VTEP_DB=unix:%t/openvswitch/db.sock
EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep
ExecStart=/usr/bin/ovn-controller-vtep -vconsole:emer -vsyslog:err -vfile:info
\
--log-file=/var/log/ovn/ovn-controller-vtep.log \
+ --ovn-user=${OVN_USER_ID} \
--no-chdir --pidfile=${OVN_RUNDIR}/ovn-controller-vtep.pid \
--ovnsb-db=${OVN_DB} --vtep-db=${VTEP_DB}
diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service
b/rhel/usr_lib_systemd_system_ovn-controller.service
index 6c8f33a27..15d0ac853 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller.service
@@ -24,8 +24,10 @@ Type=forking
PIDFile=/var/run/ovn/ovn-controller.pid
Restart=on-failure
Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch
+EnvironmentFile=-/etc/sysconfig/ovn
EnvironmentFile=-/etc/sysconfig/ovn-controller
ExecStart=/usr/share/ovn/scripts/ovn-ctl --no-monitor \
+ --ovn-user=${OVN_USER_ID} \
start_controller $OVN_CONTROLLER_OPTS
ExecStop=/usr/share/ovn/scripts/ovn-ctl stop_controller
diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service
b/rhel/usr_lib_systemd_system_ovn-northd.service
index 82c23cee4..d281f861c 100644
--- a/rhel/usr_lib_systemd_system_ovn-northd.service
+++
[ovs-dev] [PATCH v4 ovn 3/4] Fix "make rpm-fedora"
From: Numan Siddique
"make rpm-fedora" is broken and this patch fixes it. Previous patch
in this series supported building OVN from external OVS sources.
Before running "make rpm-fedora", it is expected that the developer has run
"make dist" in the OVS source folder to generate the
openvswitch-%{version}.tar.gz.
This tar file is copied to rpmbuild/SOURCES. The rpm spec file extracts this tar
file (using %autosetup in prep step) and compiles it before compiling OVN.
Signed-off-by: Numan Siddique
---
Documentation/intro/install/fedora.rst| 13 +++-
Documentation/intro/install/general.rst | 2 +
rhel/automake.mk | 2 +
rhel/etc_logrotate.d_ovn | 22 ++
rhel/ovn-fedora.spec.in | 78 +--
...systemd_system_ovn-controller-vtep.service | 13 ++--
..._lib_systemd_system_ovn-controller.service | 7 +-
.../usr_lib_systemd_system_ovn-northd.service | 12 ++-
utilities/ovn-ctl | 3 +-
9 files changed, 107 insertions(+), 45 deletions(-)
create mode 100644 rhel/etc_logrotate.d_ovn
diff --git a/Documentation/intro/install/fedora.rst
b/Documentation/intro/install/fedora.rst
index c8ea6ec01..6e5f11a02 100644
--- a/Documentation/intro/install/fedora.rst
+++ b/Documentation/intro/install/fedora.rst
@@ -96,8 +96,15 @@ Building
OVN RPMs
~~~
-To build OVN RPMs, execute the following from the directory
-in which `./configure` was executed:
+To build OVN RPMs, first generate openvswitch source tarball in
+your openvwitch source directory by running
+
+::
+
+$make dist
+
+And then execute the following in the OVN source directory
+(in which `./configure` was executed):
::
@@ -108,7 +115,7 @@ This will create the RPMs `ovn`, `ovn-central`, `ovn-host`,
`ovn-vtep`,
``ovn-host-debuginfo`` and ```ovn-vtep-debuginfo```.
-You can also have the above commands automatically run the Open vSwitch unit
+You can also have the above commands automatically run the OVN unit
tests. This can take several minutes.
::
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 9afd7f799..4936540fb 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -291,6 +291,8 @@ Example usage::
$./boot.sh
$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
+It is expected to configure both Open vSwitch and OVN with the same prefix.
+
.. _general-building:
Building
diff --git a/rhel/automake.mk b/rhel/automake.mk
index be7c275a7..39e216b01 100644
--- a/rhel/automake.mk
+++ b/rhel/automake.mk
@@ -8,6 +8,7 @@
EXTRA_DIST += \
rhel/README.RHEL.rst \
rhel/automake.mk \
+ rhel/etc_logrotate.d_ovn \
rhel/ovn-fedora.spec \
rhel/ovn-fedora.spec.in \
rhel/usr_lib_systemd_system_ovn-controller.service \
@@ -27,6 +28,7 @@ RPMBUILD_OPT ?= --without check
rpm-fedora: dist $(srcdir)/rhel/ovn-fedora.spec
${MKDIR_P} ${RPMBUILD_TOP}/SOURCES
cp ${DIST_ARCHIVES} ${RPMBUILD_TOP}/SOURCES
+ cp $(ovs_builddir)/openvswitch-$(VERSION).tar.gz ${RPMBUILD_TOP}/SOURCES
rpmbuild ${RPMBUILD_OPT} \
-D "_topdir ${RPMBUILD_TOP}" \
-ba $(srcdir)/rhel/ovn-fedora.spec
diff --git a/rhel/etc_logrotate.d_ovn b/rhel/etc_logrotate.d_ovn
new file mode 100644
index 0..a351ec303
--- /dev/null
+++ b/rhel/etc_logrotate.d_ovn
@@ -0,0 +1,22 @@
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without warranty of any kind.
+
+/var/log/ovn/*.log {
+su root root
+daily
+compress
+sharedscripts
+missingok
+postrotate
+# Tell OVN daemons to reopen their log files
+if [ -d /var/run/ovn ]; then
+for ctl in /var/run/ovn/*.ctl; do
+ovs-appctl -t "$ctl" vlog/reopen 2>/dev/null || :
+done
+fi
+endscript
+}
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index 2234e949f..cbca87511 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -1,6 +1,6 @@
# Spec file for Open Virtual Network (OVN).
-# Copyright (C) 2018 Red Hat, Inc.
+# Copyright (C) 2018,2019 Red Hat, Inc.
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
@@ -48,11 +48,15 @@ Version: @VERSION@
Obsoletes: openvswitch-ovn-common < %{?epoch:%{epoch}:}%{version}-%{release}
Provides: openvswitch-ovn-common = %{?epoch:%{epoch}:}%{version}-%{release}
+%define ovsver %{version}
+%define ovsdir openvswitch-%{ovsver}
+
# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the
# lib/sflow*.[ch] files are
[ovs-dev] [PATCH v4 ovn 2/4] Add support for using OVN specific rundirs
From: Numan Siddique
Until now, OVN uses the openvswitch rundirs (rundir, logdir, etcdir).
The commit [1] changed the package name from openvswitch to ovn, but
it didn't take into the account the effects of it. When "make install"
is run ovn-ctl utility is copied to /usr/local/share/ovn/scripts folder.
ovn-ctl depends on 'ovs-lib' and it is not present in this scripts foler.
Because of which we cannot start OVN services using ovn-ctl.
This patch addresses all these issues. It changes the rundir to
ovn specific ones. (i.e /usr/local/var/run/ovn, /usr/local/var/log/ovn,
/usr/local/etc/ovn with default configuration).
[1] - 7795e0e28dce("Change the package name from openvswitch to ovn in
AC_INIT()")
Tested:by: Dumitru Ceara
Signed-off-by: Numan Siddique
---
Documentation/intro/install/general.rst | 30 ++--
Makefile.am | 6 +-
TODO_SPLIT.rst | 2 +
configure.ac| 34 ++--
controller/ovn-controller.c | 4 +-
lib/.gitignore | 1 +
lib/automake.mk | 21 ++-
lib/ovn-dirs.c.in | 112 +
lib/ovn-dirs.h | 35
lib/ovn-util.c | 24 ++-
lib/ovn-util.h | 1 +
m4/{openvswitch.m4 => ovn.m4} | 60 +++
northd/ovn-northd.c | 9 +-
tests/ovs-macros.at | 1 +
tutorial/ovs-sandbox| 1 +
utilities/automake.mk | 5 +
utilities/ovn-ctl | 71 +
utilities/ovn-ctl.8.xml | 12 +-
utilities/ovn-lib.in| 204
19 files changed, 520 insertions(+), 113 deletions(-)
create mode 100644 lib/ovn-dirs.c.in
create mode 100644 lib/ovn-dirs.h
rename m4/{openvswitch.m4 => ovn.m4} (94%)
create mode 100644 utilities/ovn-lib.in
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 01d545da2..9afd7f799 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -159,17 +159,17 @@ For example::
If you have built Open vSwitch in a separate directory, then you
need to provide that path in the option - --with-ovs-build.
-By default all files are installed under ``/usr/local``. OVN and Open vSwitch
-also expects to find its database in ``/usr/local/etc/openvswitch`` by default.
+By default all files are installed under ``/usr/local``. OVN expects to find
+its database in ``/usr/local/etc/ovn`` by default.
If you want to install all files into, e.g., ``/usr`` and ``/var`` instead of
-``/usr/local`` and ``/usr/local/var`` and expect to use ``/etc/openvswitch`` as
+``/usr/local`` and ``/usr/local/var`` and expect to use ``/etc/ovn`` as
the default database directory, add options as shown here::
$ ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc
.. note::
- Open vSwitch and OVN installed with packages like .rpm (e.g. via
+ OVN installed with packages like .rpm (e.g. via
``yum install`` or ``rpm -ivh``) and .deb (e.g. via
``apt-get install`` or ``dpkg -i``) use the above configure options.
@@ -338,9 +338,13 @@ and stopping ovn-northd, ovn-controller and ovsdb-servers.
After installation,
the daemons can be started by using the ovn-ctl utility. This will take care
to setup initial conditions, and start the daemons in the correct order.
The ovn-ctl utility is located in '$(pkgdatadir)/scripts', and defaults to
-'/usr/local/share/openvswitch/scripts'. An example after install might be::
+'/usr/local/share/ovn/scripts'. ovn-ctl utility requires the 'ovs-lib'
+helper shell script which is present in '/usr/local/share/openvswitch/scripts'.
+So invoking ovn-ctl as "./ovn-ctl" will fail.
-$ export PATH=$PATH:/usr/local/share/openvswitch/scripts
+An example after install might be::
+
+$ export PATH=$PATH:/usr/local/share/ovn/scripts
$ ovn-ctl start_northd
$ ovn-ctl start_controller
@@ -350,7 +354,7 @@ Starting OVN Central services
OVN central services includes ovn-northd, Northbound and
Southbound ovsdb-server.
-$ export PATH=$PATH:/usr/local/share/openvswitch/scripts
+$ export PATH=$PATH:/usr/local/share/ovn/scripts
$ ovn-ctl start_northd
Refer to ovn-ctl(8) for more information and the supported options.
@@ -360,23 +364,23 @@ Before starting ovn-northd you need to start OVN
Northbound and Southbound
ovsdb-servers. Before ovsdb-servers can be started,
configure the Northbound and Southbound databases::
- $ mkdir -p /usr/local/etc/openvswitch
- $ ovsdb-tool create /usr/local/etc/openvswitch/ovnnb_db.db \
+ $ mkdir -p /usr/local/etc/ovn
+ $ ovsdb-tool create /usr/local/etc/ovn/ovnnb_db.db \
ovn-nb.ovsschema
- $ ovsdb-tool create /usr/local/etc/openvswitch/ovnsb_db.db \
+ $
[ovs-dev] [PATCH v4 ovn 1/4] Build OVN using external OVS directory
From: Numan Siddique
With this patch we have to configure OVN to refer to external OVS source/build
directory instead of the ovs subtree.
The new configuration options added are:
* --with-ovs-source=/path/to/ovs/source/dir
* --with-ovs-build=/path/to/ovs/build/dir
The path to these directories can also be a relative path.
Before configuring OVN, user should configure and compile OVS. If the user has
configured OVS on a different directory than the source dir, then
'with-ovs-build'
should be specified.
If ovs-build dir is not defined, then ovs-source is used.
An upcoming patch will delete the ovs subtree.
Example usage:
$ # Clone OVS repo
$cd /home/foo/ovs
$./boot.sh
$mkdir _gcc
$cd _gcc && ../configure && cd ..
$make -C _gcc
$ # Clone OVN repo
$cd /home/foo/ovn
$./boot.sh
$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
$make
The test files ovn-controller-vtep.at, ovn-nbctl.at and ovn-sbctl.at needed to
be modified
because of this commit [1] in the openvswitch repo.
This patch also updates the tutorial/ovs-sandbox to use OVS binaries from the
OVS build
folder.
[1] -
https://github.com/openvswitch/ovs/commit/29004db273985088cdb60097bdfd4a6bc6a966d1
Acked-by: Lucas Alvares Gomes
Signed-off-by: Numan Siddique
Tested-by: Lorenzo Bianconi
---
.travis/linux-build.sh | 17 +-
.travis/osx-build.sh| 13 +-
Documentation/intro/install/general.rst | 31 ++-
Makefile.am | 24 +-
acinclude.m4| 43
configure.ac| 29 +--
controller-vtep/automake.mk | 2 +-
include/ovn/version.h.in| 28 +++
lib/ovsdb_automake.mk | 7 +-
tests/automake.mk | 6 +-
tests/ofproto-macros.at | 4 +-
tests/ovn-controller-vtep.at| 12 +-
tests/ovn-nbctl.at | 6 +-
tests/ovn-sbctl.at | 20 +-
tests/ovn.at| 158 ++--
tests/ovsdb-macros.at | 2 +-
tutorial/automake.mk| 2 +-
tutorial/ovs-sandbox| 308
18 files changed, 411 insertions(+), 301 deletions(-)
create mode 100644 include/ovn/version.h.in
diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh
index a20474345..37a6844ab 100755
--- a/.travis/linux-build.sh
+++ b/.travis/linux-build.sh
@@ -10,7 +10,18 @@ TARGET="x86_64-native-linuxapp-gcc"
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $* || { cat config.log; exit 1; }
+make -j4
+popd
+}
+
+function configure_ovn()
+{
+configure_ovs $*
+./boot.sh && ./configure --with-ovs-source=$PWD/ovs_src $* || \
+{ cat config.log; exit 1; }
}
OPTS="$EXTRA_OPTS $*"
@@ -28,16 +39,16 @@ fi
if [ "$TESTSUITE" ]; then
# 'distcheck' will reconfigure with required options.
# Now we only need to prepare the Makefile without sparse-wrapped CC.
-configure_ovs
+configure_ovn
-export DISTCHECK_CONFIGURE_FLAGS="$OPTS"
+export DISTCHECK_CONFIGURE_FLAGS="$OPTS --with-ovs-source=$PWD/ovs_src"
if ! make distcheck -j4 TESTSUITEFLAGS="-j4 -k ovn" RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat */_build/tests/testsuite.log
exit 1
fi
else
-configure_ovs $OPTS
+configure_ovn $OPTS
make selinux-policy
make -j4
diff --git a/.travis/osx-build.sh b/.travis/osx-build.sh
index f11d7b9af..1d6ac54af 100755
--- a/.travis/osx-build.sh
+++ b/.travis/osx-build.sh
@@ -7,10 +7,20 @@ EXTRA_OPTS=""
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $*
+make -j4
+popd
}
-configure_ovs $EXTRA_OPTS $*
+function configure_ovn()
+{
+configure_ovs $*
+./boot.sh && ./configure $* --with-ovs-source=$PWD/ovs_src
+}
+
+configure_ovn $EXTRA_OPTS $*
if [ "$CC" = "clang" ]; then
make CFLAGS="$CFLAGS -Wno-error=unused-command-line-argument"
@@ -18,6 +28,7 @@ else
make CFLAGS="$CFLAGS $BUILD_ENV"
fi
if [ "$TESTSUITE" ] && [ "$CC" != "clang" ]; then
+export DISTCHECK_CONFIGURE_FLAGS="$EXTRA_OPTS
--with-ovs-source=$PWD/ovs_src"
if ! make distcheck RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat */_build/tests/testsuite.log
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 1d5323f76..01d545da2 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -42,9 +42,9 @@ out. This is the right branch for general development.
As of now there are no official OVN releases.
-Although building OVN, also builds OVS, it is recommended to clone
-and
[ovs-dev] [PATCH v4 ovn 0/4] External OVS source support and separate run dir for OVN
From: Numan Siddique
This patch series adds support for building OVN from external OVS
sources.
The first patch adds the support to compile OVN from external OVS sources.
The following configuration options are added when configuring OVN
* --with-ovs-source (mandatory)
* --with-ovs-build (optional)
Patch 2 adds support to run OVN services using separate
directores
- Default run time dir - /usr/local/var/run/ovm
- Default log dir - /usr/loca/var/log/ovn
- Default db dir - /usr/loca/etc/ovn
Patch 3 fixes "make rpm-fedora" which is presently broken
Patch 4 runs OVN services as openvswitch user for rhel when rpms are
used.
v3 -> v4
===
* Rebased to latest master to resolve merge conflict in p2
v2 -> v3
===
* Added the support to provide the ovs source and build dirs as
relative paths as suggested By Ben in the irc meeting.
* Dropped patch 5 from the series which was added in v2.
Patch 5 deleted the python subdirectory in the ovn repo. But that
patch is failing in travis CI. It will be submitted separately
once I get the chance to work on it and the fix the issue.
v1 -> v2
* Addressed the review comments.
* Swapped the patch 1 and 2 as it was easier to address Mark's comment
on OVS_RUNDIR/OVN_RUNDIR
* In patch 2, renamed m4/openvswitch.m4 to m4/ovn.m4 and renamed few of
the macros to OVS_* to OVN_*.
* Combined the patch 1 and 2 in this series which were submitted
separately earlier.
Numan Siddique (4):
Build OVN using external OVS directory
Add support for using OVN specific rundirs
Fix "make rpm-fedora"
rhel: Run ovn services with the 'openvswitch' user
.travis/linux-build.sh| 17 +-
.travis/osx-build.sh | 13 +-
Documentation/intro/install/fedora.rst| 13 +-
Documentation/intro/install/general.rst | 63 ++--
Makefile.am | 30 +-
TODO_SPLIT.rst| 2 +
acinclude.m4 | 43 +++
configure.ac | 63 ++--
controller-vtep/automake.mk | 2 +-
controller/ovn-controller.c | 4 +-
include/ovn/version.h.in | 28 ++
lib/.gitignore| 1 +
lib/automake.mk | 21 +-
lib/ovn-dirs.c.in | 112 +++
lib/ovn-dirs.h| 35 ++
lib/ovn-util.c| 24 +-
lib/ovn-util.h| 1 +
lib/ovsdb_automake.mk | 7 +-
m4/{openvswitch.m4 => ovn.m4} | 60 ++--
northd/ovn-northd.c | 9 +-
rhel/automake.mk | 5 +-
rhel/etc_logrotate.d_ovn | 22 ++
rhel/ovn-fedora.spec.in | 91 --
...systemd_system_ovn-controller-vtep.service | 15 +-
..._lib_systemd_system_ovn-controller.service | 9 +-
.../usr_lib_systemd_system_ovn-northd.service | 15 +-
...are_ovn_scripts_systemd_sysconfig.template | 13 +
tests/automake.mk | 6 +-
tests/ofproto-macros.at | 4 +-
tests/ovn-controller-vtep.at | 12 +-
tests/ovn-nbctl.at| 6 +-
tests/ovn-sbctl.at| 20 +-
tests/ovn.at | 158 -
tests/ovs-macros.at | 1 +
tests/ovsdb-macros.at | 2 +-
tutorial/automake.mk | 2 +-
tutorial/ovs-sandbox | 309 +-
utilities/automake.mk | 5 +
utilities/ovn-ctl | 86 +++--
utilities/ovn-ctl.8.xml | 12 +-
utilities/ovn-lib.in | 204
41 files changed, 1085 insertions(+), 460 deletions(-)
create mode 100644 include/ovn/version.h.in
create mode 100644 lib/ovn-dirs.c.in
create mode 100644 lib/ovn-dirs.h
rename m4/{openvswitch.m4 => ovn.m4} (94%)
create mode 100644 rhel/etc_logrotate.d_ovn
create mode 100644 rhel/usr_share_ovn_scripts_systemd_sysconfig.template
create mode 100644 utilities/ovn-lib.in
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v3 ovn 4/4] rhel: Run ovn services with the 'openvswitch' user
From: Numan Siddique
This patch could have created a new user 'ovn' for ovn services instead
of using 'openvswitch' user. But this would require some amount of work and
proper testing since the new user 'ovn' should be part of 'openvswitch'
group (to access /var/run/openvswitch/db.sock.). If ovs is compiled with dpdk,
then it may get tricky (as ovs-vswitchd is run as user - openvswitch:hugetlbfs).
We can support a new user for 'ovn' services in the future.
Recently the commit [1] in ovs repo added support to run ovn services with the
'openvswitch' user, but this commit was not applied to ovn repo as we had
already created a new OVN repo. During the OVS/OVN formal split, we missed
out on applying the patch [1]. This patch takes some code from [1].
[1] - 94e1e8be3187 ("rhel: run ovn with the same user as ovs").
CC: Jaime Caamaño Ruiz
Signed-off-by: Numan Siddique
---
rhel/automake.mk| 3 ++-
rhel/ovn-fedora.spec.in | 13 +
...r_lib_systemd_system_ovn-controller-vtep.service | 2 ++
rhel/usr_lib_systemd_system_ovn-controller.service | 2 ++
rhel/usr_lib_systemd_system_ovn-northd.service | 5 -
...usr_share_ovn_scripts_systemd_sysconfig.template | 13 +
utilities/ovn-ctl | 12
7 files changed, 48 insertions(+), 2 deletions(-)
create mode 100644 rhel/usr_share_ovn_scripts_systemd_sysconfig.template
diff --git a/rhel/automake.mk b/rhel/automake.mk
index 39e216b01..a46e6579b 100644
--- a/rhel/automake.mk
+++ b/rhel/automake.mk
@@ -15,7 +15,8 @@ EXTRA_DIST += \
rhel/usr_lib_systemd_system_ovn-controller-vtep.service \
rhel/usr_lib_systemd_system_ovn-northd.service \
rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
- rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
+ rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \
+ rhel/usr_share_ovn_scripts_systemd_sysconfig.template
update_rhel_spec = \
$(AM_V_GEN)($(ro_shell) && sed -e 's,[@]VERSION[@],$(VERSION),g') \
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index cbca87511..14035de9a 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -186,6 +186,10 @@ make %{?_smp_mflags}
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
+install -p -D -m 0644 \
+rhel/usr_share_ovn_scripts_systemd_sysconfig.template \
+$RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/ovn
+
for service in ovn-controller ovn-controller-vtep ovn-northd; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
@@ -319,6 +323,14 @@ fi
fi
%endif
+%post
+%if %{with libcapng}
+if [ $1 -eq 1 ]; then
+sed -i 's:^#OVN_USER_ID=:OVN_USER_ID=:' %{_sysconfdir}/sysconfig/ovn
+sed -i 's:\(.*su\).*:\1 ovn ovn:' %{_sysconfdir}/logrotate.d/ovn
+fi
+%endif
+
%post central
%if 0%{?systemd_post:1}
%systemd_post ovn-northd.service
@@ -413,6 +425,7 @@ if [ $1 -eq 1 ]; then
fi
%files
+%config(noreplace) %{_sysconfdir}/sysconfig/ovn
%{_bindir}/ovn-nbctl
%{_bindir}/ovn-sbctl
%{_bindir}/ovn-trace
diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
index 832849488..09ad0612c 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
@@ -38,10 +38,12 @@ Restart=on-failure
Environment=OVS_RUNDIR=%t/openvswitch
Environment=OVN_RUNDIR=%t/ovn
Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock
+EnvironmentFile=-/etc/sysconfig/ovn
Environment=VTEP_DB=unix:%t/openvswitch/db.sock
EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep
ExecStart=/usr/bin/ovn-controller-vtep -vconsole:emer -vsyslog:err -vfile:info
\
--log-file=/var/log/ovn/ovn-controller-vtep.log \
+ --ovn-user=${OVN_USER_ID} \
--no-chdir --pidfile=${OVN_RUNDIR}/ovn-controller-vtep.pid \
--ovnsb-db=${OVN_DB} --vtep-db=${VTEP_DB}
diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service
b/rhel/usr_lib_systemd_system_ovn-controller.service
index 6c8f33a27..15d0ac853 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller.service
@@ -24,8 +24,10 @@ Type=forking
PIDFile=/var/run/ovn/ovn-controller.pid
Restart=on-failure
Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch
+EnvironmentFile=-/etc/sysconfig/ovn
EnvironmentFile=-/etc/sysconfig/ovn-controller
ExecStart=/usr/share/ovn/scripts/ovn-ctl --no-monitor \
+ --ovn-user=${OVN_USER_ID} \
start_controller $OVN_CONTROLLER_OPTS
ExecStop=/usr/share/ovn/scripts/ovn-ctl stop_controller
diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service
b/rhel/usr_lib_systemd_system_ovn-northd.service
index 82c23cee4..d281f861c 100644
---
[ovs-dev] [PATCH v3 ovn 3/4] Fix "make rpm-fedora"
From: Numan Siddique
"make rpm-fedora" is broken and this patch fixes it. Previous patch
in this series supported building OVN from external OVS sources.
Before running "make rpm-fedora", it is expected that the developer has run
"make dist" in the OVS source folder to generate the
openvswitch-%{version}.tar.gz.
This tar file is copied to rpmbuild/SOURCES. The rpm spec file extracts this tar
file (using %autosetup in prep step) and compiles it before compiling OVN.
Signed-off-by: Numan Siddique
---
Documentation/intro/install/fedora.rst| 13 +++-
Documentation/intro/install/general.rst | 2 +
rhel/automake.mk | 2 +
rhel/etc_logrotate.d_ovn | 22 ++
rhel/ovn-fedora.spec.in | 78 +--
...systemd_system_ovn-controller-vtep.service | 13 ++--
..._lib_systemd_system_ovn-controller.service | 7 +-
.../usr_lib_systemd_system_ovn-northd.service | 12 ++-
utilities/ovn-ctl | 3 +-
9 files changed, 107 insertions(+), 45 deletions(-)
create mode 100644 rhel/etc_logrotate.d_ovn
diff --git a/Documentation/intro/install/fedora.rst
b/Documentation/intro/install/fedora.rst
index c8ea6ec01..6e5f11a02 100644
--- a/Documentation/intro/install/fedora.rst
+++ b/Documentation/intro/install/fedora.rst
@@ -96,8 +96,15 @@ Building
OVN RPMs
~~~
-To build OVN RPMs, execute the following from the directory
-in which `./configure` was executed:
+To build OVN RPMs, first generate openvswitch source tarball in
+your openvwitch source directory by running
+
+::
+
+$make dist
+
+And then execute the following in the OVN source directory
+(in which `./configure` was executed):
::
@@ -108,7 +115,7 @@ This will create the RPMs `ovn`, `ovn-central`, `ovn-host`,
`ovn-vtep`,
``ovn-host-debuginfo`` and ```ovn-vtep-debuginfo```.
-You can also have the above commands automatically run the Open vSwitch unit
+You can also have the above commands automatically run the OVN unit
tests. This can take several minutes.
::
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index a0abfbad8..4cd53ee1d 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -291,6 +291,8 @@ Example usage::
$./boot.sh
$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
+It is expected to configure both Open vSwitch and OVN with the same prefix.
+
.. _general-building:
Building
diff --git a/rhel/automake.mk b/rhel/automake.mk
index be7c275a7..39e216b01 100644
--- a/rhel/automake.mk
+++ b/rhel/automake.mk
@@ -8,6 +8,7 @@
EXTRA_DIST += \
rhel/README.RHEL.rst \
rhel/automake.mk \
+ rhel/etc_logrotate.d_ovn \
rhel/ovn-fedora.spec \
rhel/ovn-fedora.spec.in \
rhel/usr_lib_systemd_system_ovn-controller.service \
@@ -27,6 +28,7 @@ RPMBUILD_OPT ?= --without check
rpm-fedora: dist $(srcdir)/rhel/ovn-fedora.spec
${MKDIR_P} ${RPMBUILD_TOP}/SOURCES
cp ${DIST_ARCHIVES} ${RPMBUILD_TOP}/SOURCES
+ cp $(ovs_builddir)/openvswitch-$(VERSION).tar.gz ${RPMBUILD_TOP}/SOURCES
rpmbuild ${RPMBUILD_OPT} \
-D "_topdir ${RPMBUILD_TOP}" \
-ba $(srcdir)/rhel/ovn-fedora.spec
diff --git a/rhel/etc_logrotate.d_ovn b/rhel/etc_logrotate.d_ovn
new file mode 100644
index 0..a351ec303
--- /dev/null
+++ b/rhel/etc_logrotate.d_ovn
@@ -0,0 +1,22 @@
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without warranty of any kind.
+
+/var/log/ovn/*.log {
+su root root
+daily
+compress
+sharedscripts
+missingok
+postrotate
+# Tell OVN daemons to reopen their log files
+if [ -d /var/run/ovn ]; then
+for ctl in /var/run/ovn/*.ctl; do
+ovs-appctl -t "$ctl" vlog/reopen 2>/dev/null || :
+done
+fi
+endscript
+}
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index 2234e949f..cbca87511 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -1,6 +1,6 @@
# Spec file for Open Virtual Network (OVN).
-# Copyright (C) 2018 Red Hat, Inc.
+# Copyright (C) 2018,2019 Red Hat, Inc.
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
@@ -48,11 +48,15 @@ Version: @VERSION@
Obsoletes: openvswitch-ovn-common < %{?epoch:%{epoch}:}%{version}-%{release}
Provides: openvswitch-ovn-common = %{?epoch:%{epoch}:}%{version}-%{release}
+%define ovsver %{version}
+%define ovsdir openvswitch-%{ovsver}
+
# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the
# lib/sflow*.[ch] files are
[ovs-dev] [PATCH v3 ovn 2/4] Add support for using OVN specific rundirs
From: Numan Siddique
Until now, OVN uses the openvswitch rundirs (rundir, logdir, etcdir).
The commit [1] changed the package name from openvswitch to ovn, but
it didn't take into the account the effects of it. When "make install"
is run ovn-ctl utility is copied to /usr/local/share/ovn/scripts folder.
ovn-ctl depends on 'ovs-lib' and it is not present in this scripts foler.
Because of which we cannot start OVN services using ovn-ctl.
This patch addresses all these issues. It changes the rundir to
ovn specific ones. (i.e /usr/local/var/run/ovn, /usr/local/var/log/ovn,
/usr/local/etc/ovn with default configuration).
[1] - 7795e0e28dce("Change the package name from openvswitch to ovn in
AC_INIT()")
Tested:by: Dumitru Ceara
Signed-off-by: Numan Siddique
---
Documentation/intro/install/general.rst | 30 ++--
Makefile.am | 6 +-
TODO_SPLIT.rst | 2 +
configure.ac| 34 ++--
controller/ovn-controller.c | 4 +-
lib/.gitignore | 1 +
lib/automake.mk | 21 ++-
lib/ovn-dirs.c.in | 112 +
lib/ovn-dirs.h | 35
lib/ovn-util.c | 24 ++-
lib/ovn-util.h | 1 +
m4/{openvswitch.m4 => ovn.m4} | 60 +++
northd/ovn-northd.c | 9 +-
tests/ovs-macros.at | 1 +
tutorial/ovs-sandbox| 1 +
utilities/automake.mk | 5 +
utilities/ovn-ctl | 71 +
utilities/ovn-ctl.8.xml | 12 +-
utilities/ovn-lib.in| 204
19 files changed, 520 insertions(+), 113 deletions(-)
create mode 100644 lib/ovn-dirs.c.in
create mode 100644 lib/ovn-dirs.h
rename m4/{openvswitch.m4 => ovn.m4} (94%)
create mode 100644 utilities/ovn-lib.in
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 226cf3645..a0abfbad8 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -159,17 +159,17 @@ For example::
If you have built Open vSwitch in a separate directory, then you
need to provide that path in the option - --with-ovs-build.
-By default all files are installed under ``/usr/local``. OVN and Open vSwitch
-also expects to find its database in ``/usr/local/etc/openvswitch`` by default.
+By default all files are installed under ``/usr/local``. OVN expects to find
+its database in ``/usr/local/etc/ovn`` by default.
If you want to install all files into, e.g., ``/usr`` and ``/var`` instead of
-``/usr/local`` and ``/usr/local/var`` and expect to use ``/etc/openvswitch`` as
+``/usr/local`` and ``/usr/local/var`` and expect to use ``/etc/ovn`` as
the default database directory, add options as shown here::
$ ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc
.. note::
- Open vSwitch and OVN installed with packages like .rpm (e.g. via
+ OVN installed with packages like .rpm (e.g. via
``yum install`` or ``rpm -ivh``) and .deb (e.g. via
``apt-get install`` or ``dpkg -i``) use the above configure options.
@@ -338,9 +338,13 @@ and stopping ovn-northd, ovn-controller and ovsdb-servers.
After installation,
the daemons can be started by using the ovn-ctl utility. This will take care
to setup initial conditions, and start the daemons in the correct order.
The ovn-ctl utility is located in '$(pkgdatadir)/scripts', and defaults to
-'/usr/local/share/openvswitch/scripts'. An example after install might be::
+'/usr/local/share/ovn/scripts'. ovn-ctl utility requires the 'ovs-lib'
+helper shell script which is present in '/usr/local/share/openvswitch/scripts'.
+So invoking ovn-ctl as "./ovn-ctl" will fail.
-$ export PATH=$PATH:/usr/local/share/openvswitch/scripts
+An example after install might be::
+
+$ export PATH=$PATH:/usr/local/share/ovn/scripts
$ ovn-ctl start_northd
$ ovn-ctl start_controller
@@ -350,7 +354,7 @@ Starting OVN Central services
OVN central services includes ovn-northd, Northbound and
Southbound ovsdb-server.
-$ export PATH=$PATH:/usr/local/share/openvswitch/scripts
+$ export PATH=$PATH:/usr/local/share/ovn/scripts
$ ovn-ctl start_northd
Refer to ovn-ctl(8) for more information and the supported options.
@@ -360,23 +364,23 @@ Before starting ovn-northd you need to start OVN
Northbound and Southbound
ovsdb-servers. Before ovsdb-servers can be started,
configure the Northbound and Southbound databases::
- $ mkdir -p /usr/local/etc/openvswitch
- $ ovsdb-tool create /usr/local/etc/openvswitch/ovnnb_db.db \
+ $ mkdir -p /usr/local/etc/ovn
+ $ ovsdb-tool create /usr/local/etc/ovn/ovnnb_db.db \
ovn-nb.ovsschema
- $ ovsdb-tool create /usr/local/etc/openvswitch/ovnsb_db.db \
+ $
[ovs-dev] [PATCH v3 ovn 1/4] Build OVN using external OVS directory
From: Numan Siddique
With this patch we have to configure OVN to refer to external OVS source/build
directory instead of the ovs subtree.
The new configuration options added are:
* --with-ovs-source=/path/to/ovs/source/dir
* --with-ovs-build=/path/to/ovs/build/dir
The path to these directories can also be a relative path.
Before configuring OVN, user should configure and compile OVS. If the user has
configured OVS on a different directory than the source dir, then
'with-ovs-build'
should be specified.
If ovs-build dir is not defined, then ovs-source is used.
An upcoming patch will delete the ovs subtree.
Example usage:
$ # Clone OVS repo
$cd /home/foo/ovs
$./boot.sh
$mkdir _gcc
$cd _gcc && ../configure && cd ..
$make -C _gcc
$ # Clone OVN repo
$cd /home/foo/ovn
$./boot.sh
$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
$make
The test files ovn-controller-vtep.at, ovn-nbctl.at and ovn-sbctl.at needed to
be modified
because of this commit [1] in the openvswitch repo.
This patch also updates the tutorial/ovs-sandbox to use OVS binaries from the
OVS build
folder.
[1] -
https://github.com/openvswitch/ovs/commit/29004db273985088cdb60097bdfd4a6bc6a966d1
Acked-by: Lucas Alvares Gomes
Signed-off-by: Numan Siddique
Tested-by: Lorenzo Bianconi
---
.travis/linux-build.sh | 17 +-
.travis/osx-build.sh| 13 +-
Documentation/intro/install/general.rst | 31 ++-
Makefile.am | 24 +-
acinclude.m4| 43
configure.ac| 29 +--
controller-vtep/automake.mk | 2 +-
include/ovn/version.h.in| 28 +++
lib/ovsdb_automake.mk | 7 +-
tests/automake.mk | 6 +-
tests/ofproto-macros.at | 4 +-
tests/ovn-controller-vtep.at| 12 +-
tests/ovn-nbctl.at | 6 +-
tests/ovn-sbctl.at | 20 +-
tests/ovn.at| 158 ++--
tests/ovsdb-macros.at | 2 +-
tutorial/automake.mk| 2 +-
tutorial/ovs-sandbox| 308
18 files changed, 411 insertions(+), 301 deletions(-)
create mode 100644 include/ovn/version.h.in
diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh
index a20474345..37a6844ab 100755
--- a/.travis/linux-build.sh
+++ b/.travis/linux-build.sh
@@ -10,7 +10,18 @@ TARGET="x86_64-native-linuxapp-gcc"
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $* || { cat config.log; exit 1; }
+make -j4
+popd
+}
+
+function configure_ovn()
+{
+configure_ovs $*
+./boot.sh && ./configure --with-ovs-source=$PWD/ovs_src $* || \
+{ cat config.log; exit 1; }
}
OPTS="$EXTRA_OPTS $*"
@@ -28,16 +39,16 @@ fi
if [ "$TESTSUITE" ]; then
# 'distcheck' will reconfigure with required options.
# Now we only need to prepare the Makefile without sparse-wrapped CC.
-configure_ovs
+configure_ovn
-export DISTCHECK_CONFIGURE_FLAGS="$OPTS"
+export DISTCHECK_CONFIGURE_FLAGS="$OPTS --with-ovs-source=$PWD/ovs_src"
if ! make distcheck -j4 TESTSUITEFLAGS="-j4 -k ovn" RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat */_build/tests/testsuite.log
exit 1
fi
else
-configure_ovs $OPTS
+configure_ovn $OPTS
make selinux-policy
make -j4
diff --git a/.travis/osx-build.sh b/.travis/osx-build.sh
index f11d7b9af..1d6ac54af 100755
--- a/.travis/osx-build.sh
+++ b/.travis/osx-build.sh
@@ -7,10 +7,20 @@ EXTRA_OPTS=""
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $*
+make -j4
+popd
}
-configure_ovs $EXTRA_OPTS $*
+function configure_ovn()
+{
+configure_ovs $*
+./boot.sh && ./configure $* --with-ovs-source=$PWD/ovs_src
+}
+
+configure_ovn $EXTRA_OPTS $*
if [ "$CC" = "clang" ]; then
make CFLAGS="$CFLAGS -Wno-error=unused-command-line-argument"
@@ -18,6 +28,7 @@ else
make CFLAGS="$CFLAGS $BUILD_ENV"
fi
if [ "$TESTSUITE" ] && [ "$CC" != "clang" ]; then
+export DISTCHECK_CONFIGURE_FLAGS="$EXTRA_OPTS
--with-ovs-source=$PWD/ovs_src"
if ! make distcheck RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat */_build/tests/testsuite.log
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 99d8fec04..226cf3645 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -42,9 +42,9 @@ out. This is the right branch for general development.
As of now there are no official OVN releases.
-Although building OVN, also builds OVS, it is recommended to clone
-and
[ovs-dev] [PATCH v3 ovn 0/4] External OVS source support and separate run dir for OVN
From: Numan Siddique
This patch series adds support for building OVN from external OVS
sources.
The first patch adds the support to compile OVN from external OVS sources.
The following configuration options are added when configuring OVN
* --with-ovs-source (mandatory)
* --with-ovs-build (optional)
Patch 2 adds support to run OVN services using separate
directores
- Default run time dir - /usr/local/var/run/ovm
- Default log dir - /usr/loca/var/log/ovn
- Default db dir - /usr/loca/etc/ovn
Patch 3 fixes "make rpm-fedora" which is presently broken
Patch 4 runs OVN services as openvswitch user for rhel when rpms are
used.
v2 -> v3
===
* Added the support to provide the ovs source and build dirs as
relative paths as suggested By Ben in the irc meeting.
* Dropped patch 5 from the series which was added in v2.
Patch 5 deleted the python subdirectory in the ovn repo. But that
patch is failing in travis CI. It will be submitted separately
once I get the chance to work on it and the fix the issue.
v1 -> v2
* Addressed the review comments.
* Swapped the patch 1 and 2 as it was easier to address Mark's comment
on OVS_RUNDIR/OVN_RUNDIR
* In patch 2, renamed m4/openvswitch.m4 to m4/ovn.m4 and renamed few of
the macros to OVS_* to OVN_*.
* Combined the patch 1 and 2 in this series which were submitted
separately earlier.
Numan Siddique (4):
Build OVN using external OVS directory
Add support for using OVN specific rundirs
Fix "make rpm-fedora"
rhel: Run ovn services with the 'openvswitch' user
.travis/linux-build.sh| 17 +-
.travis/osx-build.sh | 13 +-
Documentation/intro/install/fedora.rst| 13 +-
Documentation/intro/install/general.rst | 63 ++--
Makefile.am | 30 +-
TODO_SPLIT.rst| 2 +
acinclude.m4 | 43 +++
configure.ac | 63 ++--
controller-vtep/automake.mk | 2 +-
controller/ovn-controller.c | 4 +-
include/ovn/version.h.in | 28 ++
lib/.gitignore| 1 +
lib/automake.mk | 21 +-
lib/ovn-dirs.c.in | 112 +++
lib/ovn-dirs.h| 35 ++
lib/ovn-util.c| 24 +-
lib/ovn-util.h| 1 +
lib/ovsdb_automake.mk | 7 +-
m4/{openvswitch.m4 => ovn.m4} | 60 ++--
northd/ovn-northd.c | 9 +-
rhel/automake.mk | 5 +-
rhel/etc_logrotate.d_ovn | 22 ++
rhel/ovn-fedora.spec.in | 91 --
...systemd_system_ovn-controller-vtep.service | 15 +-
..._lib_systemd_system_ovn-controller.service | 9 +-
.../usr_lib_systemd_system_ovn-northd.service | 15 +-
...are_ovn_scripts_systemd_sysconfig.template | 13 +
tests/automake.mk | 6 +-
tests/ofproto-macros.at | 4 +-
tests/ovn-controller-vtep.at | 12 +-
tests/ovn-nbctl.at| 6 +-
tests/ovn-sbctl.at| 20 +-
tests/ovn.at | 158 -
tests/ovs-macros.at | 1 +
tests/ovsdb-macros.at | 2 +-
tutorial/automake.mk | 2 +-
tutorial/ovs-sandbox | 309 +-
utilities/automake.mk | 5 +
utilities/ovn-ctl | 86 +++--
utilities/ovn-ctl.8.xml | 12 +-
utilities/ovn-lib.in | 204
41 files changed, 1085 insertions(+), 460 deletions(-)
create mode 100644 include/ovn/version.h.in
create mode 100644 lib/ovn-dirs.c.in
create mode 100644 lib/ovn-dirs.h
rename m4/{openvswitch.m4 => ovn.m4} (94%)
create mode 100644 rhel/etc_logrotate.d_ovn
create mode 100644 rhel/usr_share_ovn_scripts_systemd_sysconfig.template
create mode 100644 utilities/ovn-lib.in
--
2.20.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2 ovn 4/5] rhel: Run ovn services with the 'openvswitch' user
From: Numan Siddique
This patch could have created a new user 'ovn' for ovn services instead
of using 'openvswitch' user. But this would require some amount of work and
proper testing since the new user 'ovn' should be part of 'openvswitch'
group (to access /var/run/openvswitch/db.sock.). If ovs is compiled with dpdk,
then it may get tricky (as ovs-vswitchd is run as user - openvswitch:hugetlbfs).
We can support a new user for 'ovn' services in the future.
Recently the commit [1] in ovs repo added support to run ovn services with the
'openvswitch' user, but this commit was not applied to ovn repo as we had
already created a new OVN repo. During the OVS/OVN formal split, we missed
out on applying the patch [1]. This patch takes some code from [1].
[1] - 94e1e8be3187 ("rhel: run ovn with the same user as ovs").
CC: Jaime Caamaño Ruiz
Signed-off-by: Numan Siddique
---
rhel/automake.mk| 3 ++-
rhel/ovn-fedora.spec.in | 13 +
...r_lib_systemd_system_ovn-controller-vtep.service | 2 ++
rhel/usr_lib_systemd_system_ovn-controller.service | 2 ++
rhel/usr_lib_systemd_system_ovn-northd.service | 5 -
...usr_share_ovn_scripts_systemd_sysconfig.template | 13 +
utilities/ovn-ctl | 12
7 files changed, 48 insertions(+), 2 deletions(-)
create mode 100644 rhel/usr_share_ovn_scripts_systemd_sysconfig.template
diff --git a/rhel/automake.mk b/rhel/automake.mk
index 39e216b01..a46e6579b 100644
--- a/rhel/automake.mk
+++ b/rhel/automake.mk
@@ -15,7 +15,8 @@ EXTRA_DIST += \
rhel/usr_lib_systemd_system_ovn-controller-vtep.service \
rhel/usr_lib_systemd_system_ovn-northd.service \
rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
- rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
+ rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \
+ rhel/usr_share_ovn_scripts_systemd_sysconfig.template
update_rhel_spec = \
$(AM_V_GEN)($(ro_shell) && sed -e 's,[@]VERSION[@],$(VERSION),g') \
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index cbca87511..14035de9a 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -186,6 +186,10 @@ make %{?_smp_mflags}
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
+install -p -D -m 0644 \
+rhel/usr_share_ovn_scripts_systemd_sysconfig.template \
+$RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/ovn
+
for service in ovn-controller ovn-controller-vtep ovn-northd; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
@@ -319,6 +323,14 @@ fi
fi
%endif
+%post
+%if %{with libcapng}
+if [ $1 -eq 1 ]; then
+sed -i 's:^#OVN_USER_ID=:OVN_USER_ID=:' %{_sysconfdir}/sysconfig/ovn
+sed -i 's:\(.*su\).*:\1 ovn ovn:' %{_sysconfdir}/logrotate.d/ovn
+fi
+%endif
+
%post central
%if 0%{?systemd_post:1}
%systemd_post ovn-northd.service
@@ -413,6 +425,7 @@ if [ $1 -eq 1 ]; then
fi
%files
+%config(noreplace) %{_sysconfdir}/sysconfig/ovn
%{_bindir}/ovn-nbctl
%{_bindir}/ovn-sbctl
%{_bindir}/ovn-trace
diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
index 832849488..09ad0612c 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
@@ -38,10 +38,12 @@ Restart=on-failure
Environment=OVS_RUNDIR=%t/openvswitch
Environment=OVN_RUNDIR=%t/ovn
Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock
+EnvironmentFile=-/etc/sysconfig/ovn
Environment=VTEP_DB=unix:%t/openvswitch/db.sock
EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep
ExecStart=/usr/bin/ovn-controller-vtep -vconsole:emer -vsyslog:err -vfile:info
\
--log-file=/var/log/ovn/ovn-controller-vtep.log \
+ --ovn-user=${OVN_USER_ID} \
--no-chdir --pidfile=${OVN_RUNDIR}/ovn-controller-vtep.pid \
--ovnsb-db=${OVN_DB} --vtep-db=${VTEP_DB}
diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service
b/rhel/usr_lib_systemd_system_ovn-controller.service
index 6c8f33a27..15d0ac853 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller.service
@@ -24,8 +24,10 @@ Type=forking
PIDFile=/var/run/ovn/ovn-controller.pid
Restart=on-failure
Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch
+EnvironmentFile=-/etc/sysconfig/ovn
EnvironmentFile=-/etc/sysconfig/ovn-controller
ExecStart=/usr/share/ovn/scripts/ovn-ctl --no-monitor \
+ --ovn-user=${OVN_USER_ID} \
start_controller $OVN_CONTROLLER_OPTS
ExecStop=/usr/share/ovn/scripts/ovn-ctl stop_controller
diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service
b/rhel/usr_lib_systemd_system_ovn-northd.service
index 82c23cee4..d281f861c 100644
---
[ovs-dev] [PATCH v2 ovn 3/5] Fix "make rpm-fedora"
From: Numan Siddique
"make rpm-fedora" is broken and this patch fixes it. Previous patch
in this series supported building OVN from external OVS sources.
Before running "make rpm-fedora", it is expected that the developer has run
"make dist" in the OVS source folder to generate the
openvswitch-%{version}.tar.gz.
This tar file is copied to rpmbuild/SOURCES. The rpm spec file extracts this tar
file (using %autosetup in prep step) and compiles it before compiling OVN.
Signed-off-by: Numan Siddique
---
Documentation/intro/install/fedora.rst| 13 +++-
Documentation/intro/install/general.rst | 2 +
rhel/automake.mk | 2 +
rhel/etc_logrotate.d_ovn | 22 ++
rhel/ovn-fedora.spec.in | 78 +--
...systemd_system_ovn-controller-vtep.service | 13 ++--
..._lib_systemd_system_ovn-controller.service | 7 +-
.../usr_lib_systemd_system_ovn-northd.service | 12 ++-
utilities/ovn-ctl | 3 +-
9 files changed, 107 insertions(+), 45 deletions(-)
create mode 100644 rhel/etc_logrotate.d_ovn
diff --git a/Documentation/intro/install/fedora.rst
b/Documentation/intro/install/fedora.rst
index c8ea6ec01..6e5f11a02 100644
--- a/Documentation/intro/install/fedora.rst
+++ b/Documentation/intro/install/fedora.rst
@@ -96,8 +96,15 @@ Building
OVN RPMs
~~~
-To build OVN RPMs, execute the following from the directory
-in which `./configure` was executed:
+To build OVN RPMs, first generate openvswitch source tarball in
+your openvwitch source directory by running
+
+::
+
+$make dist
+
+And then execute the following in the OVN source directory
+(in which `./configure` was executed):
::
@@ -108,7 +115,7 @@ This will create the RPMs `ovn`, `ovn-central`, `ovn-host`,
`ovn-vtep`,
``ovn-host-debuginfo`` and ```ovn-vtep-debuginfo```.
-You can also have the above commands automatically run the Open vSwitch unit
+You can also have the above commands automatically run the OVN unit
tests. This can take several minutes.
::
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index a0abfbad8..4cd53ee1d 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -291,6 +291,8 @@ Example usage::
$./boot.sh
$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
+It is expected to configure both Open vSwitch and OVN with the same prefix.
+
.. _general-building:
Building
diff --git a/rhel/automake.mk b/rhel/automake.mk
index be7c275a7..39e216b01 100644
--- a/rhel/automake.mk
+++ b/rhel/automake.mk
@@ -8,6 +8,7 @@
EXTRA_DIST += \
rhel/README.RHEL.rst \
rhel/automake.mk \
+ rhel/etc_logrotate.d_ovn \
rhel/ovn-fedora.spec \
rhel/ovn-fedora.spec.in \
rhel/usr_lib_systemd_system_ovn-controller.service \
@@ -27,6 +28,7 @@ RPMBUILD_OPT ?= --without check
rpm-fedora: dist $(srcdir)/rhel/ovn-fedora.spec
${MKDIR_P} ${RPMBUILD_TOP}/SOURCES
cp ${DIST_ARCHIVES} ${RPMBUILD_TOP}/SOURCES
+ cp $(ovs_builddir)/openvswitch-$(VERSION).tar.gz ${RPMBUILD_TOP}/SOURCES
rpmbuild ${RPMBUILD_OPT} \
-D "_topdir ${RPMBUILD_TOP}" \
-ba $(srcdir)/rhel/ovn-fedora.spec
diff --git a/rhel/etc_logrotate.d_ovn b/rhel/etc_logrotate.d_ovn
new file mode 100644
index 0..a351ec303
--- /dev/null
+++ b/rhel/etc_logrotate.d_ovn
@@ -0,0 +1,22 @@
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without warranty of any kind.
+
+/var/log/ovn/*.log {
+su root root
+daily
+compress
+sharedscripts
+missingok
+postrotate
+# Tell OVN daemons to reopen their log files
+if [ -d /var/run/ovn ]; then
+for ctl in /var/run/ovn/*.ctl; do
+ovs-appctl -t "$ctl" vlog/reopen 2>/dev/null || :
+done
+fi
+endscript
+}
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index 2234e949f..cbca87511 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -1,6 +1,6 @@
# Spec file for Open Virtual Network (OVN).
-# Copyright (C) 2018 Red Hat, Inc.
+# Copyright (C) 2018,2019 Red Hat, Inc.
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
@@ -48,11 +48,15 @@ Version: @VERSION@
Obsoletes: openvswitch-ovn-common < %{?epoch:%{epoch}:}%{version}-%{release}
Provides: openvswitch-ovn-common = %{?epoch:%{epoch}:}%{version}-%{release}
+%define ovsver %{version}
+%define ovsdir openvswitch-%{ovsver}
+
# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the
# lib/sflow*.[ch] files are
[ovs-dev] [PATCH v2 ovn 2/5] Add support for using OVN specific rundirs
From: Numan Siddique
Until now, OVN uses the openvswitch rundirs (rundir, logdir, etcdir).
The commit [1] changed the package name from openvswitch to ovn, but
it didn't take into the account the effects of it. When "make install"
is run ovn-ctl utility is copied to /usr/local/share/ovn/scripts folder.
ovn-ctl depends on 'ovs-lib' and it is not present in this scripts foler.
Because of which we cannot start OVN services using ovn-ctl.
This patch addresses all these issues. It changes the rundir to
ovn specific ones. (i.e /usr/local/var/run/ovn, /usr/local/var/log/ovn,
/usr/local/etc/ovn with default configuration).
[1] - 7795e0e28dce("Change the package name from openvswitch to ovn in
AC_INIT()")
Tested:by: Dumitru Ceara
Signed-off-by: Numan Siddique
---
Documentation/intro/install/general.rst | 30 ++--
Makefile.am | 6 +-
TODO_SPLIT.rst | 2 +
configure.ac| 34 ++--
controller/ovn-controller.c | 4 +-
lib/.gitignore | 1 +
lib/automake.mk | 21 ++-
lib/ovn-dirs.c.in | 112 +
lib/ovn-dirs.h | 35
lib/ovn-util.c | 24 ++-
lib/ovn-util.h | 1 +
m4/{openvswitch.m4 => ovn.m4} | 60 +++
northd/ovn-northd.c | 9 +-
tests/ovs-macros.at | 1 +
tutorial/ovs-sandbox| 1 +
utilities/automake.mk | 5 +
utilities/ovn-ctl | 71 +
utilities/ovn-ctl.8.xml | 12 +-
utilities/ovn-lib.in| 204
19 files changed, 520 insertions(+), 113 deletions(-)
create mode 100644 lib/ovn-dirs.c.in
create mode 100644 lib/ovn-dirs.h
rename m4/{openvswitch.m4 => ovn.m4} (94%)
create mode 100644 utilities/ovn-lib.in
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 226cf3645..a0abfbad8 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -159,17 +159,17 @@ For example::
If you have built Open vSwitch in a separate directory, then you
need to provide that path in the option - --with-ovs-build.
-By default all files are installed under ``/usr/local``. OVN and Open vSwitch
-also expects to find its database in ``/usr/local/etc/openvswitch`` by default.
+By default all files are installed under ``/usr/local``. OVN expects to find
+its database in ``/usr/local/etc/ovn`` by default.
If you want to install all files into, e.g., ``/usr`` and ``/var`` instead of
-``/usr/local`` and ``/usr/local/var`` and expect to use ``/etc/openvswitch`` as
+``/usr/local`` and ``/usr/local/var`` and expect to use ``/etc/ovn`` as
the default database directory, add options as shown here::
$ ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc
.. note::
- Open vSwitch and OVN installed with packages like .rpm (e.g. via
+ OVN installed with packages like .rpm (e.g. via
``yum install`` or ``rpm -ivh``) and .deb (e.g. via
``apt-get install`` or ``dpkg -i``) use the above configure options.
@@ -338,9 +338,13 @@ and stopping ovn-northd, ovn-controller and ovsdb-servers.
After installation,
the daemons can be started by using the ovn-ctl utility. This will take care
to setup initial conditions, and start the daemons in the correct order.
The ovn-ctl utility is located in '$(pkgdatadir)/scripts', and defaults to
-'/usr/local/share/openvswitch/scripts'. An example after install might be::
+'/usr/local/share/ovn/scripts'. ovn-ctl utility requires the 'ovs-lib'
+helper shell script which is present in '/usr/local/share/openvswitch/scripts'.
+So invoking ovn-ctl as "./ovn-ctl" will fail.
-$ export PATH=$PATH:/usr/local/share/openvswitch/scripts
+An example after install might be::
+
+$ export PATH=$PATH:/usr/local/share/ovn/scripts
$ ovn-ctl start_northd
$ ovn-ctl start_controller
@@ -350,7 +354,7 @@ Starting OVN Central services
OVN central services includes ovn-northd, Northbound and
Southbound ovsdb-server.
-$ export PATH=$PATH:/usr/local/share/openvswitch/scripts
+$ export PATH=$PATH:/usr/local/share/ovn/scripts
$ ovn-ctl start_northd
Refer to ovn-ctl(8) for more information and the supported options.
@@ -360,23 +364,23 @@ Before starting ovn-northd you need to start OVN
Northbound and Southbound
ovsdb-servers. Before ovsdb-servers can be started,
configure the Northbound and Southbound databases::
- $ mkdir -p /usr/local/etc/openvswitch
- $ ovsdb-tool create /usr/local/etc/openvswitch/ovnnb_db.db \
+ $ mkdir -p /usr/local/etc/ovn
+ $ ovsdb-tool create /usr/local/etc/ovn/ovnnb_db.db \
ovn-nb.ovsschema
- $ ovsdb-tool create /usr/local/etc/openvswitch/ovnsb_db.db \
+ $
[ovs-dev] [PATCH v2 ovn 1/5] Build OVN using external OVS directory
From: Numan Siddique
With this patch we have to configure OVN to refer to external OVS source/build
directory instead of the ovs subtree.
The new configuration options added are:
* --with-ovs-source=/path/to/ovs/source/dir
* --with-ovs-build=/path/to/ovs/build/dir
Before configuring OVN, user should configure and compile OVS. If the user has
configured OVS on a different directory than the source dir, then
'with-ovs-build'
should be specified.
If ovs-build dir is not defined, then ovs-source is used.
An upcoming patch will delete the ovs subtree.
Example usage:
$ # Clone OVS repo
$cd /home/foo/ovs
$./boot.sh
$mkdir _gcc
$cd _gcc && ../configure && cd ..
$make -C _gcc
$ # Clone OVN repo
$cd /home/foo/ovn
$./boot.sh
$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
$make
The test files ovn-controller-vtep.at, ovn-nbctl.at and ovn-sbctl.at needed to
be modified
because of this commit [1] in the openvswitch repo.
This patch also updates the tutorial/ovs-sandbox to use OVS binaries from the
OVS build
folder.
[1] -
https://github.com/openvswitch/ovs/commit/29004db273985088cdb60097bdfd4a6bc6a966d1
Acked-by: Lucas Alvares Gomes
Signed-off-by: Numan Siddique
Tested-by: Lorenzo Bianconi
---
.travis/linux-build.sh | 17 +-
.travis/osx-build.sh| 13 +-
Documentation/intro/install/general.rst | 31 ++-
Makefile.am | 24 +-
acinclude.m4| 35 +++
configure.ac| 29 +--
controller-vtep/automake.mk | 2 +-
include/ovn/version.h.in| 28 +++
lib/ovsdb_automake.mk | 7 +-
tests/automake.mk | 6 +-
tests/ofproto-macros.at | 4 +-
tests/ovn-controller-vtep.at| 12 +-
tests/ovn-nbctl.at | 6 +-
tests/ovn-sbctl.at | 20 +-
tests/ovn.at| 158 ++--
tests/ovsdb-macros.at | 2 +-
tutorial/automake.mk| 2 +-
tutorial/ovs-sandbox| 308
18 files changed, 403 insertions(+), 301 deletions(-)
create mode 100644 include/ovn/version.h.in
diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh
index a20474345..37a6844ab 100755
--- a/.travis/linux-build.sh
+++ b/.travis/linux-build.sh
@@ -10,7 +10,18 @@ TARGET="x86_64-native-linuxapp-gcc"
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $* || { cat config.log; exit 1; }
+make -j4
+popd
+}
+
+function configure_ovn()
+{
+configure_ovs $*
+./boot.sh && ./configure --with-ovs-source=$PWD/ovs_src $* || \
+{ cat config.log; exit 1; }
}
OPTS="$EXTRA_OPTS $*"
@@ -28,16 +39,16 @@ fi
if [ "$TESTSUITE" ]; then
# 'distcheck' will reconfigure with required options.
# Now we only need to prepare the Makefile without sparse-wrapped CC.
-configure_ovs
+configure_ovn
-export DISTCHECK_CONFIGURE_FLAGS="$OPTS"
+export DISTCHECK_CONFIGURE_FLAGS="$OPTS --with-ovs-source=$PWD/ovs_src"
if ! make distcheck -j4 TESTSUITEFLAGS="-j4 -k ovn" RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat */_build/tests/testsuite.log
exit 1
fi
else
-configure_ovs $OPTS
+configure_ovn $OPTS
make selinux-policy
make -j4
diff --git a/.travis/osx-build.sh b/.travis/osx-build.sh
index f11d7b9af..1d6ac54af 100755
--- a/.travis/osx-build.sh
+++ b/.travis/osx-build.sh
@@ -7,10 +7,20 @@ EXTRA_OPTS=""
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $*
+make -j4
+popd
}
-configure_ovs $EXTRA_OPTS $*
+function configure_ovn()
+{
+configure_ovs $*
+./boot.sh && ./configure $* --with-ovs-source=$PWD/ovs_src
+}
+
+configure_ovn $EXTRA_OPTS $*
if [ "$CC" = "clang" ]; then
make CFLAGS="$CFLAGS -Wno-error=unused-command-line-argument"
@@ -18,6 +28,7 @@ else
make CFLAGS="$CFLAGS $BUILD_ENV"
fi
if [ "$TESTSUITE" ] && [ "$CC" != "clang" ]; then
+export DISTCHECK_CONFIGURE_FLAGS="$EXTRA_OPTS
--with-ovs-source=$PWD/ovs_src"
if ! make distcheck RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat */_build/tests/testsuite.log
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 99d8fec04..226cf3645 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -42,9 +42,9 @@ out. This is the right branch for general development.
As of now there are no official OVN releases.
-Although building OVN, also builds OVS, it is recommended to clone
-and build OVS from its own repo. Please see the Open vSwitch
[ovs-dev] [PATCH v2 ovn 0/5] External OVS source support and separate run dir for OVN
From: Numan Siddique
This patch series adds support for building OVN from external OVS
sources.
The first patch adds the support to compile OVN from external OVS sources.
The following configuration options are added when configuring OVN
* --with-ovs-source (mandatory)
* --with-ovs-build (optional)
Patch 2 adds support to run OVN services using separate
directores
- Default run time dir - /usr/local/var/run/ovm
- Default log dir - /usr/loca/var/log/ovn
- Default db dir - /usr/loca/etc/ovn
Patch 3 fixes "make rpm-fedora" which is presently broken
Patch 4 runs OVN services as openvswitch user for rhel when rpms are
used.
Patch 5 removes the python subdirectory as that directory belongs
to OVS and uses the required files from the OVS repo.
v1 -> v2
* Addressed the review comments.
* Swapped the patch 1 and 2 as it was easier to address Mark's comment
on OVS_RUNDIR/OVN_RUNDIR
* In patch 2, renamed m4/openvswitch.m4 to m4/ovn.m4 and renamed few of
the macros to OVS_* to OVN_*.
Combined the patch 1 and 2 in this series which were submitted
separately earlier.
Numan Siddique (5):
Build OVN using external OVS directory
Add support for using OVN specific rundirs
Fix "make rpm-fedora"
rhel: Run ovn services with the 'openvswitch' user
Remove python directory
.travis/linux-build.sh| 17 +-
.travis/osx-build.sh | 13 +-
Documentation/intro/install/fedora.rst| 13 +-
Documentation/intro/install/general.rst | 63 +-
Makefile.am | 35 +-
TODO_SPLIT.rst|2 +
acinclude.m4 | 35 +
configure.ac | 63 +-
controller-vtep/automake.mk |2 +-
controller/ovn-controller.c |4 +-
include/ovn/version.h.in | 28 +
lib/.gitignore|1 +
lib/automake.mk | 21 +-
lib/ovn-dirs.c.in | 112 +
lib/ovn-dirs.h| 35 +
lib/ovn-util.c| 24 +-
lib/ovn-util.h|1 +
lib/ovsdb_automake.mk |7 +-
m4/{openvswitch.m4 => ovn.m4} | 60 +-
northd/ovn-northd.c |9 +-
python/.gitignore |2 -
python/README.rst |1 -
python/automake.mk| 123 -
python/build/__init__.py |0
python/build/nroff.py | 398 ---
python/build/soutil.py| 56 -
python/ovs/.gitignore |1 -
python/ovs/__init__.py|1 -
python/ovs/_json.c| 269 --
python/ovs/compat/__init__.py |0
python/ovs/compat/sortedcontainers/LICENSE| 13 -
.../ovs/compat/sortedcontainers/__init__.py | 52 -
.../ovs/compat/sortedcontainers/sorteddict.py | 741 -
.../ovs/compat/sortedcontainers/sortedlist.py | 2508 -
.../ovs/compat/sortedcontainers/sortedset.py | 327 ---
python/ovs/daemon.py | 652 -
python/ovs/db/__init__.py |1 -
python/ovs/db/custom_index.py | 154 -
python/ovs/db/data.py | 585
python/ovs/db/error.py| 34 -
python/ovs/db/idl.py | 2030 -
python/ovs/db/parser.py | 118 -
python/ovs/db/schema.py | 304 --
python/ovs/db/types.py| 647 -
python/ovs/dirs.py| 31 -
python/ovs/dirs.py.template | 31 -
python/ovs/fatal_signal.py| 183 --
python/ovs/fcntl_win.py | 46 -
python/ovs/json.py| 531
python/ovs/jsonrpc.py | 616
python/ovs/ovsuuid.py | 70 -
python/ovs/poller.py | 290 --
python/ovs/process.py | 41 -
python/ovs/reconnect.py | 608
python/ovs/socket_util.py | 335 ---
python/ovs/stream.py | 831 --
python/ovs/timeval.py | 81 -
python/ovs/unixctl/__init__.py| 91 -
python/ovs/unixctl/client.py | 68 -
python/ovs/unixctl/server.py | 260 --
python/ovs/util.py| 95 -
python/ovs/vlog.py| 475
python/ovs/winutils.py| 266 --
python/ovstest/__init__.py|1 -
[ovs-dev] [PATCH ovn 4/4] rhel: Run ovn services with the 'openvswitch' user
From: Numan Siddique
This patch could have created a new user 'ovn' for ovn services instead
of using 'openvswitch' user. But this would require some amount of work and
proper testing since the new user 'ovn' should be part of 'openvswitch'
group (to access /var/run/openvswitch/db.sock.). If ovs is compiled with dpdk,
then it may get tricky (as ovs-vswitchd is run as user - openvswitch:hugetlbfs).
We can support a new user for 'ovn' services in the future.
Recently the commit [1] in ovs repo added support to run ovn services with the
'openvswitch' user, but this commit was not applied to ovn repo as we had
already created a new OVN repo. During the OVS/OVN formal split, we missed
out on applying the patch [1]. This patch takes some code from [1].
[1] - 94e1e8be3187 ("rhel: run ovn with the same user as ovs").
CC: Jaime Caamaño Ruiz
Signed-off-by: Numan Siddique
---
rhel/automake.mk| 3 ++-
rhel/ovn-fedora.spec.in | 13 +
...r_lib_systemd_system_ovn-controller-vtep.service | 2 ++
rhel/usr_lib_systemd_system_ovn-controller.service | 2 ++
rhel/usr_lib_systemd_system_ovn-northd.service | 5 -
...usr_share_ovn_scripts_systemd_sysconfig.template | 13 +
utilities/ovn-ctl | 12
7 files changed, 48 insertions(+), 2 deletions(-)
create mode 100644 rhel/usr_share_ovn_scripts_systemd_sysconfig.template
diff --git a/rhel/automake.mk b/rhel/automake.mk
index 39e216b01..a46e6579b 100644
--- a/rhel/automake.mk
+++ b/rhel/automake.mk
@@ -15,7 +15,8 @@ EXTRA_DIST += \
rhel/usr_lib_systemd_system_ovn-controller-vtep.service \
rhel/usr_lib_systemd_system_ovn-northd.service \
rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
- rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
+ rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \
+ rhel/usr_share_ovn_scripts_systemd_sysconfig.template
update_rhel_spec = \
$(AM_V_GEN)($(ro_shell) && sed -e 's,[@]VERSION[@],$(VERSION),g') \
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index cbca87511..14035de9a 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -186,6 +186,10 @@ make %{?_smp_mflags}
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
+install -p -D -m 0644 \
+rhel/usr_share_ovn_scripts_systemd_sysconfig.template \
+$RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/ovn
+
for service in ovn-controller ovn-controller-vtep ovn-northd; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
@@ -319,6 +323,14 @@ fi
fi
%endif
+%post
+%if %{with libcapng}
+if [ $1 -eq 1 ]; then
+sed -i 's:^#OVN_USER_ID=:OVN_USER_ID=:' %{_sysconfdir}/sysconfig/ovn
+sed -i 's:\(.*su\).*:\1 ovn ovn:' %{_sysconfdir}/logrotate.d/ovn
+fi
+%endif
+
%post central
%if 0%{?systemd_post:1}
%systemd_post ovn-northd.service
@@ -413,6 +425,7 @@ if [ $1 -eq 1 ]; then
fi
%files
+%config(noreplace) %{_sysconfdir}/sysconfig/ovn
%{_bindir}/ovn-nbctl
%{_bindir}/ovn-sbctl
%{_bindir}/ovn-trace
diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
index 832849488..09ad0612c 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
@@ -38,10 +38,12 @@ Restart=on-failure
Environment=OVS_RUNDIR=%t/openvswitch
Environment=OVN_RUNDIR=%t/ovn
Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock
+EnvironmentFile=-/etc/sysconfig/ovn
Environment=VTEP_DB=unix:%t/openvswitch/db.sock
EnvironmentFile=-/etc/sysconfig/ovn-controller-vtep
ExecStart=/usr/bin/ovn-controller-vtep -vconsole:emer -vsyslog:err -vfile:info
\
--log-file=/var/log/ovn/ovn-controller-vtep.log \
+ --ovn-user=${OVN_USER_ID} \
--no-chdir --pidfile=${OVN_RUNDIR}/ovn-controller-vtep.pid \
--ovnsb-db=${OVN_DB} --vtep-db=${VTEP_DB}
diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service
b/rhel/usr_lib_systemd_system_ovn-controller.service
index 6c8f33a27..15d0ac853 100644
--- a/rhel/usr_lib_systemd_system_ovn-controller.service
+++ b/rhel/usr_lib_systemd_system_ovn-controller.service
@@ -24,8 +24,10 @@ Type=forking
PIDFile=/var/run/ovn/ovn-controller.pid
Restart=on-failure
Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch
+EnvironmentFile=-/etc/sysconfig/ovn
EnvironmentFile=-/etc/sysconfig/ovn-controller
ExecStart=/usr/share/ovn/scripts/ovn-ctl --no-monitor \
+ --ovn-user=${OVN_USER_ID} \
start_controller $OVN_CONTROLLER_OPTS
ExecStop=/usr/share/ovn/scripts/ovn-ctl stop_controller
diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service
b/rhel/usr_lib_systemd_system_ovn-northd.service
index 82c23cee4..d281f861c 100644
---
[ovs-dev] [PATCH ovn 3/4] Fix "make rpm-fedora"
From: Numan Siddique
"make rpm-fedora" is broken and this patch fixes it. Previous patch
in this series supported building OVN from external OVS sources.
Before running "make rpm-fedora", it is expected that the developer has run
"make dist" in the OVS source folder to generate the
openvswitch-%{version}.tar.gz.
This tar file is copied to rpmbuild/SOURCES. The rpm spec file extracts this tar
file (using %autosetup in prep step) and compiles it before compiling OVN.
Signed-off-by: Numan Siddique
---
Documentation/intro/install/fedora.rst| 13 +++-
rhel/automake.mk | 2 +
rhel/etc_logrotate.d_ovn | 22 ++
rhel/ovn-fedora.spec.in | 78 +--
...systemd_system_ovn-controller-vtep.service | 13 ++--
..._lib_systemd_system_ovn-controller.service | 7 +-
.../usr_lib_systemd_system_ovn-northd.service | 12 ++-
utilities/ovn-ctl | 3 +-
8 files changed, 105 insertions(+), 45 deletions(-)
create mode 100644 rhel/etc_logrotate.d_ovn
diff --git a/Documentation/intro/install/fedora.rst
b/Documentation/intro/install/fedora.rst
index c8ea6ec01..4cf9fbdb6 100644
--- a/Documentation/intro/install/fedora.rst
+++ b/Documentation/intro/install/fedora.rst
@@ -96,8 +96,15 @@ Building
OVN RPMs
~~~
-To build OVN RPMs, execute the following from the directory
-in which `./configure` was executed:
+To build OVN RPMs, first generate openvswitch source tar bar in
+your openvwitch source directory by running
+
+::
+
+$make dist
+
+And then execute the following in the OVN source directory
+(in which `./configure` was executed):
::
@@ -108,7 +115,7 @@ This will create the RPMs `ovn`, `ovn-central`, `ovn-host`,
`ovn-vtep`,
``ovn-host-debuginfo`` and ```ovn-vtep-debuginfo```.
-You can also have the above commands automatically run the Open vSwitch unit
+You can also have the above commands automatically run the OVN unit
tests. This can take several minutes.
::
diff --git a/rhel/automake.mk b/rhel/automake.mk
index be7c275a7..39e216b01 100644
--- a/rhel/automake.mk
+++ b/rhel/automake.mk
@@ -8,6 +8,7 @@
EXTRA_DIST += \
rhel/README.RHEL.rst \
rhel/automake.mk \
+ rhel/etc_logrotate.d_ovn \
rhel/ovn-fedora.spec \
rhel/ovn-fedora.spec.in \
rhel/usr_lib_systemd_system_ovn-controller.service \
@@ -27,6 +28,7 @@ RPMBUILD_OPT ?= --without check
rpm-fedora: dist $(srcdir)/rhel/ovn-fedora.spec
${MKDIR_P} ${RPMBUILD_TOP}/SOURCES
cp ${DIST_ARCHIVES} ${RPMBUILD_TOP}/SOURCES
+ cp $(ovs_builddir)/openvswitch-$(VERSION).tar.gz ${RPMBUILD_TOP}/SOURCES
rpmbuild ${RPMBUILD_OPT} \
-D "_topdir ${RPMBUILD_TOP}" \
-ba $(srcdir)/rhel/ovn-fedora.spec
diff --git a/rhel/etc_logrotate.d_ovn b/rhel/etc_logrotate.d_ovn
new file mode 100644
index 0..a351ec303
--- /dev/null
+++ b/rhel/etc_logrotate.d_ovn
@@ -0,0 +1,22 @@
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without warranty of any kind.
+
+/var/log/ovn/*.log {
+su root root
+daily
+compress
+sharedscripts
+missingok
+postrotate
+# Tell OVN daemons to reopen their log files
+if [ -d /var/run/ovn ]; then
+for ctl in /var/run/ovn/*.ctl; do
+ovs-appctl -t "$ctl" vlog/reopen 2>/dev/null || :
+done
+fi
+endscript
+}
diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in
index 2234e949f..cbca87511 100644
--- a/rhel/ovn-fedora.spec.in
+++ b/rhel/ovn-fedora.spec.in
@@ -1,6 +1,6 @@
# Spec file for Open Virtual Network (OVN).
-# Copyright (C) 2018 Red Hat, Inc.
+# Copyright (C) 2018,2019 Red Hat, Inc.
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
@@ -48,11 +48,15 @@ Version: @VERSION@
Obsoletes: openvswitch-ovn-common < %{?epoch:%{epoch}:}%{version}-%{release}
Provides: openvswitch-ovn-common = %{?epoch:%{epoch}:}%{version}-%{release}
+%define ovsver %{version}
+%define ovsdir openvswitch-%{ovsver}
+
# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the
# lib/sflow*.[ch] files are SISSL
License: ASL 2.0 and LGPLv2+ and SISSL
Release: 1%{?dist}
-Source: http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
+Source: http://openvswitch.org/releases/ovn-%{version}.tar.gz
+Source10: http://openvswitch.org/releases/openvswitch-%{ovsver}.tar.gz
BuildRequires: gcc gcc-c++
BuildRequires: autoconf automake libtool
@@ -131,10 +135,37 @@ Provides: openvswitch-ovn-docker =
%{?epoch:%{epoch}:}%{version}-%{release}
Docker network plugins for OVN.
%prep
-%setup -n openvswitch-%{version}
+%autosetup
[ovs-dev] [PATCH ovn 2/4] Build OVN using external OVS directory
From: Numan Siddique
With this patch we have to configure OVN to refer to external OVS source/build
directory instead of the ovs subtree.
The new configuration options added are:
* --with-ovs-source=/path/to/ovs/source/dir
* --with-ovs-build=/path/to/ovs/build/dir
Before configuring OVN, user should configure and compile OVS. If the user has
configured OVS on a different directory than the source dir, then
'with-ovs-build'
should be specified.
If ovs-build dir is not defined, then ovs-source is used.
An upcoming patch will delete the ovs subtree.
Example usage:
$ # Clone OVS repo
$cd /home/foo/ovs
$./boot.sh
$mkdir _gcc
$cd _gcc && ../configure && cd ..
$make -C _gcc
$ # Clone OVN repo
$cd /home/foo/ovn
$./boot.sh
$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
$make
The test files ovn-controller-vtep.at, ovn-nbctl.at and ovn-sbctl.at needed to
be modified
because of this commit [1] in the openvswitch repo.
This patch also updates the tutorial/ovs-sandbox to use OVS binaries from the
OVS build
folder.
[1] -
https://github.com/openvswitch/ovs/commit/29004db273985088cdb60097bdfd4a6bc6a966d1
Acked-by: Lucas Alvares Gomes
Signed-off-by: Numan Siddique
Tested-by: Lorenzo Bianconi
---
.travis/linux-build.sh | 17 +-
.travis/osx-build.sh| 13 +-
Documentation/intro/install/general.rst | 31 ++-
Makefile.am | 24 +-
acinclude.m4| 35 +++
configure.ac| 29 +--
controller-vtep/automake.mk | 2 +-
include/ovn/version.h.in| 28 +++
lib/ovsdb_automake.mk | 7 +-
tests/automake.mk | 6 +-
tests/ofproto-macros.at | 4 +-
tests/ovn-controller-vtep.at| 12 +-
tests/ovn-nbctl.at | 6 +-
tests/ovn-sbctl.at | 20 +-
tests/ovn.at| 158 ++--
tests/ovsdb-macros.at | 2 +-
tutorial/automake.mk| 2 +-
tutorial/ovs-sandbox| 308
18 files changed, 403 insertions(+), 301 deletions(-)
create mode 100644 include/ovn/version.h.in
diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh
index a20474345..37a6844ab 100755
--- a/.travis/linux-build.sh
+++ b/.travis/linux-build.sh
@@ -10,7 +10,18 @@ TARGET="x86_64-native-linuxapp-gcc"
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $* || { cat config.log; exit 1; }
+make -j4
+popd
+}
+
+function configure_ovn()
+{
+configure_ovs $*
+./boot.sh && ./configure --with-ovs-source=$PWD/ovs_src $* || \
+{ cat config.log; exit 1; }
}
OPTS="$EXTRA_OPTS $*"
@@ -28,16 +39,16 @@ fi
if [ "$TESTSUITE" ]; then
# 'distcheck' will reconfigure with required options.
# Now we only need to prepare the Makefile without sparse-wrapped CC.
-configure_ovs
+configure_ovn
-export DISTCHECK_CONFIGURE_FLAGS="$OPTS"
+export DISTCHECK_CONFIGURE_FLAGS="$OPTS --with-ovs-source=$PWD/ovs_src"
if ! make distcheck -j4 TESTSUITEFLAGS="-j4 -k ovn" RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat */_build/tests/testsuite.log
exit 1
fi
else
-configure_ovs $OPTS
+configure_ovn $OPTS
make selinux-policy
make -j4
diff --git a/.travis/osx-build.sh b/.travis/osx-build.sh
index f11d7b9af..1d6ac54af 100755
--- a/.travis/osx-build.sh
+++ b/.travis/osx-build.sh
@@ -7,10 +7,20 @@ EXTRA_OPTS=""
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $*
+make -j4
+popd
}
-configure_ovs $EXTRA_OPTS $*
+function configure_ovn()
+{
+configure_ovs $*
+./boot.sh && ./configure $* --with-ovs-source=$PWD/ovs_src
+}
+
+configure_ovn $EXTRA_OPTS $*
if [ "$CC" = "clang" ]; then
make CFLAGS="$CFLAGS -Wno-error=unused-command-line-argument"
@@ -18,6 +28,7 @@ else
make CFLAGS="$CFLAGS $BUILD_ENV"
fi
if [ "$TESTSUITE" ] && [ "$CC" != "clang" ]; then
+export DISTCHECK_CONFIGURE_FLAGS="$EXTRA_OPTS
--with-ovs-source=$PWD/ovs_src"
if ! make distcheck RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat */_build/tests/testsuite.log
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 4cc9c4c3a..c19b717b2 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -42,9 +42,8 @@ out. This is the right branch for general development.
As of now there are no official OVN releases.
-Although building OVN, also builds OVS, it is recommended to clone
-and build OVS from its own repo. Please see the Open vSwitch
[ovs-dev] [PATCH ovn 1/4] Add support for using OVN specific rundirs
From: Numan Siddique
Until now, OVN uses the openvswitch rundirs (rundir, logdir, etcdir).
The commit [1] changed the package name from openvswitch to ovn, but
it didn't take into the account the effects of it. When "make install"
is run ovn-ctl utility is copied to /usr/local/share/ovn/scripts folder.
ovn-ctl depends on 'ovs-lib' and it is not present in this scripts foler.
Because of which we cannot start OVN services using ovn-ctl.
This patch addresses all these issues. It changes the rundir to
ovn specific ones. (i.e /usr/local/var/run/ovn, /usr/local/var/log/ovn,
/usr/local/etc/ovn with default configuration).
[1] - 7795e0e28dce("Change the package name from openvswitch to ovn in
AC_INIT()")
Tested:by: Dumitru Ceara
Signed-off-by: Numan Siddique
---
Documentation/intro/install/general.rst | 30 ++--
Makefile.am | 5 +
configure.ac| 1 +
controller/ovn-controller.c | 4 +-
lib/.gitignore | 1 +
lib/automake.mk | 22 ++-
lib/ovn-dirs.c.in | 112 +
lib/ovn-dirs.h | 35
lib/ovn-util.c | 24 ++-
lib/ovn-util.h | 1 +
m4/openvswitch.m4 | 11 ++
northd/ovn-northd.c | 9 +-
tests/ovs-macros.at | 1 +
tutorial/ovs-sandbox| 1 +
utilities/automake.mk | 5 +
utilities/ovn-ctl | 71 +
utilities/ovn-ctl.8.xml | 12 +-
utilities/ovn-lib.in| 204
18 files changed, 494 insertions(+), 55 deletions(-)
create mode 100644 lib/ovn-dirs.c.in
create mode 100644 lib/ovn-dirs.h
create mode 100644 utilities/ovn-lib.in
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 99d8fec04..4cc9c4c3a 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -153,17 +153,17 @@ invoke configure without any arguments. For example::
$ ./configure
-By default all files are installed under ``/usr/local``. OVN and Open vSwitch
-also expects to find its database in ``/usr/local/etc/openvswitch`` by default.
+By default all files are installed under ``/usr/local``. OVN expects to find
+its database in ``/usr/local/etc/ovn`` by default.
If you want to install all files into, e.g., ``/usr`` and ``/var`` instead of
-``/usr/local`` and ``/usr/local/var`` and expect to use ``/etc/openvswitch`` as
+``/usr/local`` and ``/usr/local/var`` and expect to use ``/etc/ovn`` as
the default database directory, add options as shown here::
$ ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc
.. note::
- Open vSwitch and OVN installed with packages like .rpm (e.g. via
+ OVN installed with packages like .rpm (e.g. via
``yum install`` or ``rpm -ivh``) and .deb (e.g. via
``apt-get install`` or ``dpkg -i``) use the above configure options.
@@ -319,9 +319,13 @@ and stopping ovn-northd, ovn-controller and ovsdb-servers.
After installation,
the daemons can be started by using the ovn-ctl utility. This will take care
to setup initial conditions, and start the daemons in the correct order.
The ovn-ctl utility is located in '$(pkgdatadir)/scripts', and defaults to
-'/usr/local/share/openvswitch/scripts'. An example after install might be::
+'/usr/local/share/ovn/scripts'. ovn-ctl utility requires the 'ovs-lib'
+helper shell script which is present in '/usr/local/share/openvswitch/scripts'.
+So invoking ovn-ctl as "./ovn-ctl" will fail.
-$ export PATH=$PATH:/usr/local/share/openvswitch/scripts
+An example after install might be::
+
+$ export PATH=$PATH:/usr/local/share/ovn/scripts
$ ovn-ctl start_northd
$ ovn-ctl start_controller
@@ -331,7 +335,7 @@ Starting OVN Central services
OVN central services includes ovn-northd, Northbound and
Southbound ovsdb-server.
-$ export PATH=$PATH:/usr/local/share/openvswitch/scripts
+$ export PATH=$PATH:/usr/local/share/ovn/scripts
$ ovn-ctl start_northd
Refer to ovn-ctl(8) for more information and the supported options.
@@ -341,23 +345,23 @@ Before starting ovn-northd you need to start OVN
Northbound and Southbound
ovsdb-servers. Before ovsdb-servers can be started,
configure the Northbound and Southbound databases::
- $ mkdir -p /usr/local/etc/openvswitch
- $ ovsdb-tool create /usr/local/etc/openvswitch/ovnnb_db.db \
+ $ mkdir -p /usr/local/etc/ovn
+ $ ovsdb-tool create /usr/local/etc/ovn/ovnnb_db.db \
ovn-nb.ovsschema
- $ ovsdb-tool create /usr/local/etc/openvswitch/ovnsb_db.db \
+ $ ovsdb-tool create /usr/local/etc/ovn/ovnsb_db.db \
ovn-sb.ovsschema
Configure ovsdb-servers to use databases created above, to listen on a Unix
domain
[ovs-dev] [PATCH ovn 0/4] External OVS source support and separate run dir for OVN
From: Numan Siddique This patch series adds support for building OVN from external OVS sources. The first patch adds support to run OVN services using separate directores - Default run time dir - /usr/local/var/run/ovm - Default log dir - /usr/loca/var/log/ovn - Default db dir - /usr/loca/etc/ovn Patch 2 adds the support to compile OVN from external OVS sources. The following configuration options are added when configuring OVN * --with-ovs-source (mandatory) * --with-ovs-build (optional) Patch 3 fixes "make rpm-fedora" which is presently broken Patch 4 runs OVN services as openvswitch user for rhel when rpms are used. Combined the patch 1 and 2 in this series which were submitted separately earlier. Numan Siddique (4): Add support for using OVN specific rundirs Build OVN using external OVS directory Fix "make rpm-fedora" rhel: Run ovn services with the 'openvswitch' user .travis/linux-build.sh| 17 +- .travis/osx-build.sh | 13 +- Documentation/intro/install/fedora.rst| 13 +- Documentation/intro/install/general.rst | 61 ++-- Makefile.am | 29 +- acinclude.m4 | 35 ++ configure.ac | 30 +- controller-vtep/automake.mk | 2 +- controller/ovn-controller.c | 4 +- include/ovn/version.h.in | 28 ++ lib/.gitignore| 1 + lib/automake.mk | 22 +- lib/ovn-dirs.c.in | 112 +++ lib/ovn-dirs.h| 35 ++ lib/ovn-util.c| 24 +- lib/ovn-util.h| 1 + lib/ovsdb_automake.mk | 7 +- m4/openvswitch.m4 | 11 + northd/ovn-northd.c | 9 +- rhel/automake.mk | 5 +- rhel/etc_logrotate.d_ovn | 22 ++ rhel/ovn-fedora.spec.in | 91 -- ...systemd_system_ovn-controller-vtep.service | 15 +- ..._lib_systemd_system_ovn-controller.service | 9 +- .../usr_lib_systemd_system_ovn-northd.service | 15 +- ...are_ovn_scripts_systemd_sysconfig.template | 13 + tests/automake.mk | 6 +- tests/ofproto-macros.at | 4 +- tests/ovn-controller-vtep.at | 12 +- tests/ovn-nbctl.at| 6 +- tests/ovn-sbctl.at| 20 +- tests/ovn.at | 158 - tests/ovs-macros.at | 1 + tests/ovsdb-macros.at | 2 +- tutorial/automake.mk | 2 +- tutorial/ovs-sandbox | 309 +- utilities/automake.mk | 5 + utilities/ovn-ctl | 86 +++-- utilities/ovn-ctl.8.xml | 12 +- utilities/ovn-lib.in | 204 40 files changed, 1049 insertions(+), 402 deletions(-) create mode 100644 include/ovn/version.h.in create mode 100644 lib/ovn-dirs.c.in create mode 100644 lib/ovn-dirs.h create mode 100644 rhel/etc_logrotate.d_ovn create mode 100644 rhel/usr_share_ovn_scripts_systemd_sysconfig.template create mode 100644 utilities/ovn-lib.in -- 2.20.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2 ovn] Add support for using OVN specific rundirs
From: Numan Siddique
Until now, OVN uses the openvswitch rundirs (rundir, logdir, etcdir).
The commit [1] changed the package name from openvswitch to ovn, but
it didn't take into the account the effects of it. When "make install"
is run ovn-ctl utility is copied to /usr/local/share/ovn/scripts folder.
ovn-ctl depends on 'ovs-lib' and it is not present in this scripts foler.
Because of which we cannot start OVN services using ovn-ctl.
This patch addresses all these issues. It changes the rundir to
ovn specific ones. (i.e /usr/local/var/run/ovn, /usr/local/var/log/ovn,
/usr/local/etc/ovn with default configuration).
[1] - 7795e0e28dce("Change the package name from openvswitch to ovn in
AC_INIT()")
Tested:by: Dumitru Ceara
Signed-off-by: Numan Siddique
---
v1 -> v2
==
* Updated the documentation
Documentation/intro/install/general.rst | 30 ++--
Makefile.am | 5 +
configure.ac| 1 +
controller/ovn-controller.c | 4 +-
lib/automake.mk | 20 ++-
lib/ovn-dirs.c.in | 112 +
lib/ovn-dirs.h | 35
lib/ovn-util.c | 24 ++-
lib/ovn-util.h | 1 +
m4/openvswitch.m4 | 11 ++
northd/ovn-northd.c | 9 +-
tests/ovs-macros.at | 1 +
tutorial/ovs-sandbox| 1 +
utilities/automake.mk | 5 +
utilities/ovn-ctl | 71 +
utilities/ovn-ctl.8.xml | 12 +-
utilities/ovn-lib.in| 204
17 files changed, 491 insertions(+), 55 deletions(-)
create mode 100644 lib/ovn-dirs.c.in
create mode 100644 lib/ovn-dirs.h
create mode 100644 utilities/ovn-lib.in
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 99d8fec04..4cc9c4c3a 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -153,17 +153,17 @@ invoke configure without any arguments. For example::
$ ./configure
-By default all files are installed under ``/usr/local``. OVN and Open vSwitch
-also expects to find its database in ``/usr/local/etc/openvswitch`` by default.
+By default all files are installed under ``/usr/local``. OVN expects to find
+its database in ``/usr/local/etc/ovn`` by default.
If you want to install all files into, e.g., ``/usr`` and ``/var`` instead of
-``/usr/local`` and ``/usr/local/var`` and expect to use ``/etc/openvswitch`` as
+``/usr/local`` and ``/usr/local/var`` and expect to use ``/etc/ovn`` as
the default database directory, add options as shown here::
$ ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc
.. note::
- Open vSwitch and OVN installed with packages like .rpm (e.g. via
+ OVN installed with packages like .rpm (e.g. via
``yum install`` or ``rpm -ivh``) and .deb (e.g. via
``apt-get install`` or ``dpkg -i``) use the above configure options.
@@ -319,9 +319,13 @@ and stopping ovn-northd, ovn-controller and ovsdb-servers.
After installation,
the daemons can be started by using the ovn-ctl utility. This will take care
to setup initial conditions, and start the daemons in the correct order.
The ovn-ctl utility is located in '$(pkgdatadir)/scripts', and defaults to
-'/usr/local/share/openvswitch/scripts'. An example after install might be::
+'/usr/local/share/ovn/scripts'. ovn-ctl utility requires the 'ovs-lib'
+helper shell script which is present in '/usr/local/share/openvswitch/scripts'.
+So invoking ovn-ctl as "./ovn-ctl" will fail.
-$ export PATH=$PATH:/usr/local/share/openvswitch/scripts
+An example after install might be::
+
+$ export PATH=$PATH:/usr/local/share/ovn/scripts
$ ovn-ctl start_northd
$ ovn-ctl start_controller
@@ -331,7 +335,7 @@ Starting OVN Central services
OVN central services includes ovn-northd, Northbound and
Southbound ovsdb-server.
-$ export PATH=$PATH:/usr/local/share/openvswitch/scripts
+$ export PATH=$PATH:/usr/local/share/ovn/scripts
$ ovn-ctl start_northd
Refer to ovn-ctl(8) for more information and the supported options.
@@ -341,23 +345,23 @@ Before starting ovn-northd you need to start OVN
Northbound and Southbound
ovsdb-servers. Before ovsdb-servers can be started,
configure the Northbound and Southbound databases::
- $ mkdir -p /usr/local/etc/openvswitch
- $ ovsdb-tool create /usr/local/etc/openvswitch/ovnnb_db.db \
+ $ mkdir -p /usr/local/etc/ovn
+ $ ovsdb-tool create /usr/local/etc/ovn/ovnnb_db.db \
ovn-nb.ovsschema
- $ ovsdb-tool create /usr/local/etc/openvswitch/ovnsb_db.db \
+ $ ovsdb-tool create /usr/local/etc/ovn/ovnsb_db.db \
ovn-sb.ovsschema
Configure ovsdb-servers to use databases created above, to listen on a Unix
domain
[ovs-dev] [PATCH ovn] Add support for using OVN specific rundirs
From: Numan Siddique
Until now, OVN uses the openvswitch rundirs (rundir, logdir, etcdir).
The commit [1] changed the package name from openvswitch to ovn, but
it didn't take into the account the effects of it. When "make install"
is run ovn-ctl utility is copied to /usr/local/share/ovn/scripts folder.
ovn-ctl depends on 'ovs-lib' and it is not present in this scripts foler.
Because of which we cannot start OVN services using ovn-ctl.
This patch addresses all these issues. It changes the rundir to
ovn specific ones. (i.e /usr/local/var/run/ovn, /usr/local/var/log/ovn,
/usr/local/etc/ovn with default configuration).
[1] - 7795e0e28dce("Change the package name from openvswitch to ovn in
AC_INIT()")
Signed-off-by: Numan Siddique
---
Makefile.am | 5 +
configure.ac| 1 +
controller/ovn-controller.c | 4 +-
lib/automake.mk | 20 +++-
lib/ovn-dirs.c.in | 112
lib/ovn-dirs.h | 35 +++
lib/ovn-util.c | 24 -
lib/ovn-util.h | 1 +
m4/openvswitch.m4 | 11 ++
northd/ovn-northd.c | 9 +-
tests/ovs-macros.at | 1 +
tutorial/ovs-sandbox| 1 +
utilities/automake.mk | 5 +
utilities/ovn-ctl | 69 ++--
utilities/ovn-lib.in| 204
15 files changed, 466 insertions(+), 36 deletions(-)
create mode 100644 lib/ovn-dirs.c.in
create mode 100644 lib/ovn-dirs.h
create mode 100644 utilities/ovn-lib.in
diff --git a/Makefile.am b/Makefile.am
index f886a8e63..6447e348b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -177,6 +177,7 @@ SUFFIXES += .in
-e 's,[@]DBDIR[@],$(DBDIR),g' \
-e 's,[@]PYTHON[@],$(PYTHON),g' \
-e 's,[@]RUNDIR[@],$(RUNDIR),g' \
+ -e 's,[@]OVN_RUNDIR[@],$(OVN_RUNDIR),g' \
-e 's,[@]VERSION[@],$(VERSION),g' \
-e 's,[@]localstatedir[@],$(localstatedir),g' \
-e 's,[@]pkgdatadir[@],$(pkgdatadir),g' \
@@ -202,6 +203,7 @@ SUFFIXES += .xml
DBDIR='$(DBDIR)' \
PYTHON='$(PYTHON)' \
RUNDIR='$(RUNDIR)' \
+ OVN_RUNDIR='$(OVN_RUNDIR)' \
VERSION='$(VERSION)' \
localstatedir='$(localstatedir)' \
pkgdatadir='$(pkgdatadir)' \
@@ -502,6 +504,9 @@ ALL_LOCAL += ovn-sb.ovsschema.stamp
ovn-sb.ovsschema.stamp: ovn-sb.ovsschema
$(srcdir)/build-aux/cksum-schema-check $? $@
+pkgdata_DATA += ovn-nb.ovsschema
+pkgdata_DATA += ovn-sb.ovsschema
+
CLEANFILES += ovn-sb.ovsschema.stamp
include Documentation/automake.mk
diff --git a/configure.ac b/configure.ac
index 8a32d3a18..c74b17a1d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -123,6 +123,7 @@ AC_CHECK_HEADERS([net/if_mib.h], [], [], [[#include
OVS_CHECK_PKIDIR
OVS_CHECK_RUNDIR
+OVN_CHECK_RUNDIR
OVS_CHECK_DBDIR
OVS_CHECK_BACKTRACE
OVS_CHECK_PERF_EVENT
diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
index 86f29accf..e27b56b2b 100644
--- a/controller/ovn-controller.c
+++ b/controller/ovn-controller.c
@@ -1715,7 +1715,9 @@ main(int argc, char *argv[])
daemonize_start(false);
-retval = unixctl_server_create(NULL, );
+char *abs_unixctl_path = get_abs_unix_ctl_path();
+retval = unixctl_server_create(abs_unixctl_path, );
+free(abs_unixctl_path);
if (retval) {
exit(EXIT_FAILURE);
}
diff --git a/lib/automake.mk b/lib/automake.mk
index 8e7a1a937..637b2eb94 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -9,6 +9,7 @@ lib_libovn_la_SOURCES = \
lib/actions.c \
lib/chassis-index.c \
lib/chassis-index.h \
+ lib/ovn-dirs.h \
lib/expr.c \
lib/extend-table.h \
lib/extend-table.c \
@@ -24,6 +25,7 @@ lib_libovn_la_SOURCES = \
lib/inc-proc-eng.c \
lib/inc-proc-eng.h
nodist_lib_libovn_la_SOURCES = \
+ lib/ovn-dirs.c \
lib/ovn-nb-idl.c \
lib/ovn-nb-idl.h \
lib/ovn-sb-idl.c \
@@ -34,7 +36,23 @@ OVSIDL_BUILT += \
lib/ovn-sb-idl.c \
lib/ovn-sb-idl.h \
lib/ovn-sb-idl.ovsidl
-EXTRA_DIST += lib/ovn-sb-idl.ann
+EXTRA_DIST += \
+ lib/ovn-sb-idl.ann \
+ lib/ovn-dirs.c.in
+
+lib/ovn-dirs.c: lib/ovn-dirs.c.in Makefile
+ $(AM_V_GEN)($(ro_c) && sed < $(srcdir)/lib/ovn-dirs.c.in \
+ -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]LOGDIR[@],"$(LOGDIR)",g' \
+ -e 's,[@]RUNDIR[@],"$(RUNDIR)",g' \
+ -e 's,[@]OVN_RUNDIR[@],"$(OVN_RUNDIR)",g' \
+ -e 's,[@]DBDIR[@],"$(DBDIR)",g' \
+ -e 's,[@]bindir[@],"$(bindir)",g' \
+ -e 's,[@]sysconfdir[@],"$(sysconfdir)",g' \
+ -e 's,[@]pkgdatadir[@],"$(pkgdatadir)",g') \
+> lib/ovn-dirs.c.tmp && \
+ mv lib/ovn-dirs.c.tmp lib/ovn-dirs.c
+
OVN_SB_IDL_FILES = \
$(srcdir)/ovn-sb.ovsschema \
$(srcdir)/lib/ovn-sb-idl.ann
diff --git
[ovs-dev] [PATCH ovn] Add OVN schema version checks in Makefile.am
From: Numan Siddique This was left out during the OVS/OVN split. We still need to handle the below in the automake files - OVN northbound/southbound E-R diagram - OVN northbound/southbound schema documentation - ovn-architecture manpage generation. The above requires some amount of work (mainly in pointing to the correct path for ovsdb-doc/ovsdb-dot.in) and will be added in a separate patch. OVN schema version checks is very important and hence only that is considered in this patch. Signed-off-by: Numan Siddique --- Makefile.am | 14 ++ 1 file changed, 14 insertions(+) diff --git a/Makefile.am b/Makefile.am index 16d4d02e4..f886a8e63 100644 --- a/Makefile.am +++ b/Makefile.am @@ -490,6 +490,20 @@ dist-docs: VERSION=$(VERSION) MAKE='$(MAKE)' $(srcdir)/build-aux/dist-docs $(srcdir) $(docs) .PHONY: dist-docs + +# Version checking for ovn-nb.ovsschema. +ALL_LOCAL += ovn-nb.ovsschema.stamp +ovn-nb.ovsschema.stamp: ovn-nb.ovsschema + $(srcdir)/build-aux/cksum-schema-check $? $@ +CLEANFILES += ovn-nb.ovsschema.stamp + +# Version checking for ovn-sb.ovsschema. +ALL_LOCAL += ovn-sb.ovsschema.stamp +ovn-sb.ovsschema.stamp: ovn-sb.ovsschema + $(srcdir)/build-aux/cksum-schema-check $? $@ + +CLEANFILES += ovn-sb.ovsschema.stamp + include Documentation/automake.mk include m4/automake.mk include lib/automake.mk -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v3 ovn] Build OVN using external OVS directory
From: Numan Siddique
With this patch we have to configure OVN to refer to external OVS source/build
directory instead of the ovs subtree.
The new configuration options added are:
* --with-ovs-source=/path/to/ovs/source/dir
* --with-ovs-build=/path/to/ovs/build/dir
Before configuring OVN, user should configure and compile OVS. If the user has
configured OVS on a different directory than the source dir, then
'with-ovs-build'
should be specified.
If ovs-build dir is not defined, then ovs-source is used.
An upcoming patch will delete the ovs subtree.
Example usage:
$ # Clone OVS repo
$cd /home/foo/ovs
$./boot.sh
$mkdir _gcc
$cd _gcc && ../configure && cd ..
$make -C _gcc
$ # Clone OVN repo
$cd /home/foo/ovn
$./boot.sh
$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
$make
The test files ovn-controller-vtep.at, ovn-nbctl.at and ovn-sbctl.at needed to
be modified
because of this commit [1] in the openvswitch repo.
This patch also updates the tutorial/ovs-sandbox to use OVS binaries from the
OVS build
folder.
[1] -
https://github.com/openvswitch/ovs/commit/29004db273985088cdb60097bdfd4a6bc6a966d1
Acked-by: Lucas Alvares Gomes
Tested-by: Lorenzo Bianconi
Signed-off-by: Numan Siddique
---
v2 -> v3
* Test cases will failing in v2 becaue of commit [1] in ovs. Fixed it
* travis CI job for osx was also failing. Fixed it.
* ovs-sandbox was not working. Fixed that by adding few options -
--ovs-src and --ovs-build and refactored the ovs-sandbox code a bit.
* Here is a succesful run of the travis job -
https://travis-ci.com/numansiddique/ovn/builds/122333890
v1 -> v2
===
* Travis CI builds were failing as "make distcheck" was not working as
expected. Fixed it in v2.
.travis/linux-build.sh | 17 +-
.travis/osx-build.sh| 13 +-
Documentation/intro/install/general.rst | 32 ++-
Makefile.am | 24 +-
acinclude.m4| 35 +++
configure.ac| 29 +--
controller-vtep/automake.mk | 2 +-
include/ovn/version.h.in| 28 +++
lib/ovsdb_automake.mk | 7 +-
tests/automake.mk | 6 +-
tests/ofproto-macros.at | 4 +-
tests/ovn-controller-vtep.at| 12 +-
tests/ovn-nbctl.at | 6 +-
tests/ovn-sbctl.at | 20 +-
tests/ovn.at| 158 ++--
tests/ovsdb-macros.at | 2 +-
tutorial/automake.mk| 2 +-
tutorial/ovs-sandbox| 308
18 files changed, 404 insertions(+), 301 deletions(-)
create mode 100644 include/ovn/version.h.in
diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh
index a20474345..37a6844ab 100755
--- a/.travis/linux-build.sh
+++ b/.travis/linux-build.sh
@@ -10,7 +10,18 @@ TARGET="x86_64-native-linuxapp-gcc"
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $* || { cat config.log; exit 1; }
+make -j4
+popd
+}
+
+function configure_ovn()
+{
+configure_ovs $*
+./boot.sh && ./configure --with-ovs-source=$PWD/ovs_src $* || \
+{ cat config.log; exit 1; }
}
OPTS="$EXTRA_OPTS $*"
@@ -28,16 +39,16 @@ fi
if [ "$TESTSUITE" ]; then
# 'distcheck' will reconfigure with required options.
# Now we only need to prepare the Makefile without sparse-wrapped CC.
-configure_ovs
+configure_ovn
-export DISTCHECK_CONFIGURE_FLAGS="$OPTS"
+export DISTCHECK_CONFIGURE_FLAGS="$OPTS --with-ovs-source=$PWD/ovs_src"
if ! make distcheck -j4 TESTSUITEFLAGS="-j4 -k ovn" RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat */_build/tests/testsuite.log
exit 1
fi
else
-configure_ovs $OPTS
+configure_ovn $OPTS
make selinux-policy
make -j4
diff --git a/.travis/osx-build.sh b/.travis/osx-build.sh
index f11d7b9af..1d6ac54af 100755
--- a/.travis/osx-build.sh
+++ b/.travis/osx-build.sh
@@ -7,10 +7,20 @@ EXTRA_OPTS=""
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $*
+make -j4
+popd
}
-configure_ovs $EXTRA_OPTS $*
+function configure_ovn()
+{
+configure_ovs $*
+./boot.sh && ./configure $* --with-ovs-source=$PWD/ovs_src
+}
+
+configure_ovn $EXTRA_OPTS $*
if [ "$CC" = "clang" ]; then
make CFLAGS="$CFLAGS -Wno-error=unused-command-line-argument"
@@ -18,6 +28,7 @@ else
make CFLAGS="$CFLAGS $BUILD_ENV"
fi
if [ "$TESTSUITE" ] && [ "$CC" != "clang" ]; then
+export DISTCHECK_CONFIGURE_FLAGS="$EXTRA_OPTS
--with-ovs-source=$PWD/ovs_src"
if ! make distcheck RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat
[ovs-dev] [PATCH ovn] Enable OVN in tutorial/ovs-sandbox by default
From: Numan Siddique The patch removs the --ovn option and enables OVN by default. Signed-off-by: Numan Siddique --- tutorial/ovs-sandbox | 6 +- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox index 9b4c3e4f5..47032b499 100755 --- a/tutorial/ovs-sandbox +++ b/tutorial/ovs-sandbox @@ -67,7 +67,7 @@ srcdir= schema= installed=false built=false -ovn=false +ovn=true ovnsb_schema= ovnnb_schema= ovn_rbac=true @@ -129,7 +129,6 @@ General options: -S, --schema=FILEuse FILE as vswitch.ovsschema OVN options: - -o, --ovnenable OVN --no-ovn-rbacdisable role-based access control for OVN --n-northds=NUMBER run NUMBER copies of northd (default: 1) --nbdb-model=standalone|backup|clusterednorthbound database model @@ -201,9 +200,6 @@ EOF --gdb-ovn-controller-vtep) gdb_ovn_controller_vtep=true ;; --o|--ovn) -ovn=true -;; --no-ovn-rbac) ovn_rbac=false ;; -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] Correct the include path when including the header files from lib folder
From: Numan Siddique
Compilation will fail when we try to build ovn from external ovs directory.
Earlier commit [1] missed changing the include path for lib/*.c files.
[1] - a469954c00c4 ("Include ovn header files from lib/ instead of ovn/lib/")
Signed-off-by: Numan Siddique
---
controller/ip-mcast.c | 2 +-
lib/acl-log.c | 2 +-
lib/actions.c | 4 ++--
lib/extend-table.c | 2 +-
lib/mcast-group-index.c | 4 ++--
lib/ovn-nb-idl.ann | 2 +-
lib/ovn-util.c | 4 ++--
7 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/controller/ip-mcast.c b/controller/ip-mcast.c
index ef36be2ca..9b0b4465a 100644
--- a/controller/ip-mcast.c
+++ b/controller/ip-mcast.c
@@ -17,7 +17,7 @@
#include "ip-mcast.h"
#include "lport.h"
-#include "ovn/lib/ovn-sb-idl.h"
+#include "lib/ovn-sb-idl.h"
/*
* Used for (faster) updating of IGMP_Group ports.
diff --git a/lib/acl-log.c b/lib/acl-log.c
index f47b0af43..220b6dc30 100644
--- a/lib/acl-log.c
+++ b/lib/acl-log.c
@@ -15,7 +15,7 @@
*/
#include
-#include "ovn/lib/acl-log.h"
+#include "acl-log.h"
#include
#include "flow.h"
#include "openvswitch/json.h"
diff --git a/lib/actions.c b/lib/actions.c
index b0cb3490b..81950e7df 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -17,9 +17,11 @@
#include
#include
#include
+#include "acl-log.h"
#include "bitmap.h"
#include "byte-order.h"
#include "compiler.h"
+#include "extend-table.h"
#include "ovn-l7.h"
#include "hash.h"
#include "lib/packets.h"
@@ -33,8 +35,6 @@
#include "ovn/actions.h"
#include "ovn/expr.h"
#include "ovn/lex.h"
-#include "ovn/lib/acl-log.h"
-#include "ovn/lib/extend-table.h"
#include "packets.h"
#include "openvswitch/shash.h"
#include "simap.h"
diff --git a/lib/extend-table.c b/lib/extend-table.c
index ccf70ca72..77208feb5 100644
--- a/lib/extend-table.c
+++ b/lib/extend-table.c
@@ -18,10 +18,10 @@
#include
#include "bitmap.h"
+#include "extend-table.h"
#include "hash.h"
#include "lib/uuid.h"
#include "openvswitch/vlog.h"
-#include "ovn/lib/extend-table.h"
VLOG_DEFINE_THIS_MODULE(extend_table);
diff --git a/lib/mcast-group-index.c b/lib/mcast-group-index.c
index 740311e00..de80f545a 100644
--- a/lib/mcast-group-index.c
+++ b/lib/mcast-group-index.c
@@ -15,8 +15,8 @@
#include
-#include "ovn/lib/mcast-group-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
+#include "mcast-group-index.h"
+#include "ovn-sb-idl.h"
struct ovsdb_idl_index *
mcast_group_index_create(struct ovsdb_idl *idl)
diff --git a/lib/ovn-nb-idl.ann b/lib/ovn-nb-idl.ann
index 76d7384fc..ea813d658 100644
--- a/lib/ovn-nb-idl.ann
+++ b/lib/ovn-nb-idl.ann
@@ -6,4 +6,4 @@
# it can generate more programmer-friendly data structures.
s["idlPrefix"] = "nbrec_"
-s["idlHeader"] = "\"ovn/lib/ovn-nb-idl.h\""
+s["idlHeader"] = "\"lib/ovn-nb-idl.h\""
diff --git a/lib/ovn-util.c b/lib/ovn-util.c
index de745d73f..085498fd1 100644
--- a/lib/ovn-util.c
+++ b/lib/ovn-util.c
@@ -16,8 +16,8 @@
#include "ovn-util.h"
#include "dirs.h"
#include "openvswitch/vlog.h"
-#include "ovn/lib/ovn-nb-idl.h"
-#include "ovn/lib/ovn-sb-idl.h"
+#include "ovn-nb-idl.h"
+#include "ovn-sb-idl.h"
VLOG_DEFINE_THIS_MODULE(ovn_util);
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [branch 2.12] ovn-northd: fixed memory leak in ovn_port_update_sbrec()
From: Damijan Skvarc
Memory leak happens because of redundand memory allocation for array
of single pointer. Issue was solved by removing this redundand allocation
and using address of pointer to created chassis sb_ha_entity instead.
Signed-off-by: Damijan Skvarc
Acked-by: Numan Siddique
Signed-off-by: Numan Siddique
(cherry-picked from ovn commit 800c4f338411c41d4d15d76073b8472f98f5a044)
---
ovn/northd/ovn-northd.c | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index ae09cf338..5d519c3f6 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -2503,12 +2503,11 @@ ovn_port_update_sbrec(struct northd_context *ctx,
}
if (sb_ha_ch_grp->n_ha_chassis != 1) {
-struct sbrec_ha_chassis **sb_ha_ch =
-xcalloc(1, sizeof *sb_ha_ch);
-sb_ha_ch[0] = create_sb_ha_chassis(ctx, chassis,
- chassis->name, 0);
+struct sbrec_ha_chassis *sb_ha_ch =
+create_sb_ha_chassis(ctx, chassis,
+ chassis->name, 0);
sbrec_ha_chassis_group_set_ha_chassis(sb_ha_ch_grp,
- sb_ha_ch, 1);
+ _ha_ch, 1);
}
sbrec_port_binding_set_ha_chassis_group(op->sb,
sb_ha_ch_grp);
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [branch 2.12] ovn-controller: Encode the virtual port key in vport_bind action in network byte order
From: Numan Siddique
The commit [1] encoded the vport key using uint32_t and the test case
"action parsing" is failing for s380 arch.
This patch fixes this issue by encoding the vport key in the network byte
order.
[1] - 054f4c85c413("Add a new logical switch port type - 'virtual'")
Fixes: 054f4c85c413("Add a new logical switch port type - 'virtual'")
Signed-off-by: Numan Siddique
Signed-off-by: Numan Siddique
Acked-by: Dumitru Ceara
Signed-off-by: Mark Michelson
(cherry-picked from ovn commit - 3c39d7e21f6c24acfc9f934ee01263fa0dc3)
---
ovn/controller/pinctrl.c | 11 ++-
ovn/lib/actions.c| 3 ++-
tests/ovn.at | 2 +-
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index 357050eb5..e443449f5 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -4489,16 +4489,17 @@ pinctrl_handle_bind_vport(
uint32_t vport_parent_key = md->regs[MFF_LOG_INPORT - MFF_REG0];
/* Get the virtual port key from the userdata buffer. */
-uint32_t *vport_key = ofpbuf_try_pull(userdata, sizeof *vport_key);
+ovs_be32 *vp_key = ofpbuf_try_pull(userdata, sizeof *vp_key);
-if (!vport_key) {
+if (!vp_key) {
return;
}
-uint32_t hash = hash_2words(dp_key, *vport_key);
+uint32_t vport_key = ntohl(*vp_key);
+uint32_t hash = hash_2words(dp_key, vport_key);
struct put_vport_binding *vpb
-= pinctrl_find_put_vport_binding(dp_key, *vport_key, hash);
+= pinctrl_find_put_vport_binding(dp_key, vport_key, hash);
if (!vpb) {
if (hmap_count(_vport_bindings) >= 1000) {
COVERAGE_INC(pinctrl_drop_put_vport_binding);
@@ -4510,7 +4511,7 @@ pinctrl_handle_bind_vport(
}
vpb->dp_key = dp_key;
-vpb->vport_key = *vport_key;
+vpb->vport_key = vport_key;
vpb->vport_parent_key = vport_parent_key;
notify_pinctrl_main();
diff --git a/ovn/lib/actions.c b/ovn/lib/actions.c
index 66916a837..b0cb3490b 100644
--- a/ovn/lib/actions.c
+++ b/ovn/lib/actions.c
@@ -2645,7 +2645,8 @@ encode_BIND_VPORT(const struct ovnact_bind_vport *vp,
size_t oc_offset = encode_start_controller_op(ACTION_OPCODE_BIND_VPORT,
false, NX_CTLR_NO_METER,
ofpacts);
-ofpbuf_put(ofpacts, _key, sizeof(uint32_t));
+ovs_be32 vp_key = htonl(vport_key);
+ofpbuf_put(ofpacts, _key, sizeof(ovs_be32));
encode_finish_controller_op(oc_offset, ofpacts);
encode_restore_args(args, ARRAY_SIZE(args), ofpacts);
}
diff --git a/tests/ovn.at b/tests/ovn.at
index 5d6c90c5f..92307c158 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -1371,7 +1371,7 @@ reg0[0] = check_pkt_larger(foo);
# bind_vport
# lsp1's port key is 0x11.
bind_vport("lsp1", inport);
-encodes as controller(userdata=00.00.00.11.00.00.00.00.11.00.00.00)
+encodes as controller(userdata=00.00.00.11.00.00.00.00.00.00.00.11)
# lsp2 doesn't exist. So it should be encoded as drop.
bind_vport("lsp2", inport);
encodes as drop
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2 ovn] Build OVN using external OVS directory
From: Numan Siddique
With this patch we have to configure OVN to refer to external OVS source/build
directory instead of the ovs subtree.
The new configuration options added are:
* --with-ovs-source=/path/to/ovs/source/dir
* --with-ovs-build=/path/to/ovs/build/dir
Before configuring OVN, user should configure and compile OVS. If the user has
configured OVS on a different directory than the source dir, then
'with-ovs-build'
should be specified.
If ovs-build dir is not defined, then ovs-source is used.
An upcoming patch will delete the ovs subtree.
Example usage:
$ # Clone OVS repo
$cd /home/foo/ovs
$./boot.sh
$mkdir _gcc
$cd _gcc && ../configure && cd ..
$make -C _gcc
$ # Clone OVN repo
$cd /home/foo/ovn
$./boot.sh
$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
$make
Acked-by: Lucas Alvares Gomes
Signed-off-by: Numan Siddique
---
v1 -> v2
===
* Travis CI builds were failing as "make distcheck" was not working as
expected. Fixed it in v2.
.travis/linux-build.sh | 17 ++-
Documentation/intro/install/general.rst | 33 -
Makefile.am | 24 ++--
acinclude.m4| 35 ++
configure.ac| 29 ++---
controller-vtep/automake.mk | 2 +-
include/ovn/version.h.in| 28 +
lib/ovsdb_automake.mk | 7 +-
tests/automake.mk | 6 +-
tests/ofproto-macros.at | 4 +-
tests/ovn-controller-vtep.at| 4 +-
tests/ovn.at| 158
tests/ovsdb-macros.at | 2 +-
13 files changed, 218 insertions(+), 131 deletions(-)
create mode 100644 include/ovn/version.h.in
diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh
index a20474345..6f8d77ff4 100755
--- a/.travis/linux-build.sh
+++ b/.travis/linux-build.sh
@@ -10,7 +10,18 @@ TARGET="x86_64-native-linuxapp-gcc"
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git ovs_src
+pushd ovs_src
./boot.sh && ./configure $* || { cat config.log; exit 1; }
+make -j4
+popd
+}
+
+function configure_ovn()
+{
+configure_ovs
+./boot.sh && ./configure --with-ovs-source=$PWD/ovs_src $* || \
+{ cat config.log; exit 1; }
}
OPTS="$EXTRA_OPTS $*"
@@ -28,16 +39,16 @@ fi
if [ "$TESTSUITE" ]; then
# 'distcheck' will reconfigure with required options.
# Now we only need to prepare the Makefile without sparse-wrapped CC.
-configure_ovs
+configure_ovn
-export DISTCHECK_CONFIGURE_FLAGS="$OPTS"
+export DISTCHECK_CONFIGURE_FLAGS="$OPTS --with-ovs-source=$PWD/ovs_src"
if ! make distcheck -j4 TESTSUITEFLAGS="-j4 -k ovn" RECHECK=yes; then
# testsuite.log is necessary for debugging.
cat */_build/tests/testsuite.log
exit 1
fi
else
-configure_ovs $OPTS
+configure_ovn $OPTS
make selinux-policy
make -j4
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 99d8fec04..ab1cf57ed 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -42,9 +42,8 @@ out. This is the right branch for general development.
As of now there are no official OVN releases.
-Although building OVN, also builds OVS, it is recommended to clone
-and build OVS from its own repo. Please see the Open vSwitch
-documentation to build and install OVS.
+Before building OVN you should configure and build OVS.
+Please see the Open vSwitch documentation to build and install OVS.
.. _general-build-reqs:
@@ -143,16 +142,24 @@ the "configure" script::
$ ./boot.sh
+Before configuring OVN, clone, configure and build Open vSwitch.
+
.. _general-configuring:
Configuring
---
-Configure the package by running the configure script. You can usually
-invoke configure without any arguments. For example::
+Configure the package by running the configure script. You need to
+invoke configure with atleast the argument --with-ovs-source.
+For example::
+
+$ ./configure --with-ovs-source=/path/to/ovs/source
-$ ./configure
+If you have built Open vSwitch in a separate directory, then you
+need to provide that path in the option - --with-ovs-build.
+As of now, OVN uses all the run time directory of Open vSwitch. This
+will be changed to ``ovn`` specific directories.
By default all files are installed under ``/usr/local``. OVN and Open vSwitch
also expects to find its database in ``/usr/local/etc/openvswitch`` by default.
If you want to install all files into, e.g., ``/usr`` and ``/var`` instead of
@@ -272,6 +279,20 @@ you wish to link with jemalloc add it to LIBS::
$ ./configure LIBS=-ljemalloc
+Example usage::
+$ # Clone OVS repo
+$cd /home/foo/ovs
+$./boot.sh
+$mkdir _gcc
+$cd _gcc && ../configure &&
[ovs-dev] [PATCH v2 ovn] Encode the virtual port key in vport_bind action in network byte order
From: Numan Siddique
The commit [1] encoded the vport key using uint32_t and the test case
"action parsing" is failing for s380 arch.
This patch fixes this issue by encoding the vport key in the network byte
order.
[1] - 054f4c85c413("Add a new logical switch port type - 'virtual'")
Fixes: 054f4c85c413("Add a new logical switch port type - 'virtual'")
Signed-off-by: Numan Siddique
---
v1 -> v2
===
* There was a sparse compilation error when I missed checking when
submitting v1. Corrected it.
controller/pinctrl.c | 11 ++-
lib/actions.c| 3 ++-
tests/ovn.at | 2 +-
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/controller/pinctrl.c b/controller/pinctrl.c
index f05579fcc..f27718f55 100644
--- a/controller/pinctrl.c
+++ b/controller/pinctrl.c
@@ -4489,16 +4489,17 @@ pinctrl_handle_bind_vport(
uint32_t vport_parent_key = md->regs[MFF_LOG_INPORT - MFF_REG0];
/* Get the virtual port key from the userdata buffer. */
-uint32_t *vport_key = ofpbuf_try_pull(userdata, sizeof *vport_key);
+ovs_be32 *vp_key = ofpbuf_try_pull(userdata, sizeof *vp_key);
-if (!vport_key) {
+if (!vp_key) {
return;
}
-uint32_t hash = hash_2words(dp_key, *vport_key);
+uint32_t vport_key = ntohl(*vp_key);
+uint32_t hash = hash_2words(dp_key, vport_key);
struct put_vport_binding *vpb
-= pinctrl_find_put_vport_binding(dp_key, *vport_key, hash);
+= pinctrl_find_put_vport_binding(dp_key, vport_key, hash);
if (!vpb) {
if (hmap_count(_vport_bindings) >= 1000) {
COVERAGE_INC(pinctrl_drop_put_vport_binding);
@@ -4510,7 +4511,7 @@ pinctrl_handle_bind_vport(
}
vpb->dp_key = dp_key;
-vpb->vport_key = *vport_key;
+vpb->vport_key = vport_key;
vpb->vport_parent_key = vport_parent_key;
notify_pinctrl_main();
diff --git a/lib/actions.c b/lib/actions.c
index 66916a837..b0cb3490b 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -2645,7 +2645,8 @@ encode_BIND_VPORT(const struct ovnact_bind_vport *vp,
size_t oc_offset = encode_start_controller_op(ACTION_OPCODE_BIND_VPORT,
false, NX_CTLR_NO_METER,
ofpacts);
-ofpbuf_put(ofpacts, _key, sizeof(uint32_t));
+ovs_be32 vp_key = htonl(vport_key);
+ofpbuf_put(ofpacts, _key, sizeof(ovs_be32));
encode_finish_controller_op(oc_offset, ofpacts);
encode_restore_args(args, ARRAY_SIZE(args), ofpacts);
}
diff --git a/tests/ovn.at b/tests/ovn.at
index e88cffa20..344efad26 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -1371,7 +1371,7 @@ reg0[0] = check_pkt_larger(foo);
# bind_vport
# lsp1's port key is 0x11.
bind_vport("lsp1", inport);
-encodes as controller(userdata=00.00.00.11.00.00.00.00.11.00.00.00)
+encodes as controller(userdata=00.00.00.11.00.00.00.00.00.00.00.11)
# lsp2 doesn't exist. So it should be encoded as drop.
bind_vport("lsp2", inport);
encodes as drop
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] Encode the virtual port key in vport_bind action in network byte order
From: Numan Siddique
The commit [1] encoded the vport key using uint32_t and the test case
"action parsing" is failing for s380 arch.
This patch fixes this issue by encoding the vport key in the network byte
order.
[1] - 054f4c85c413("Add a new logical switch port type - 'virtual'")
Fixes: 054f4c85c413("Add a new logical switch port type - 'virtual'")
Signed-off-by: Numan Siddique
---
controller/pinctrl.c | 11 ++-
lib/actions.c| 3 ++-
tests/ovn.at | 2 +-
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/controller/pinctrl.c b/controller/pinctrl.c
index f05579fcc..f27718f55 100644
--- a/controller/pinctrl.c
+++ b/controller/pinctrl.c
@@ -4489,16 +4489,17 @@ pinctrl_handle_bind_vport(
uint32_t vport_parent_key = md->regs[MFF_LOG_INPORT - MFF_REG0];
/* Get the virtual port key from the userdata buffer. */
-uint32_t *vport_key = ofpbuf_try_pull(userdata, sizeof *vport_key);
+ovs_be32 *vp_key = ofpbuf_try_pull(userdata, sizeof *vp_key);
-if (!vport_key) {
+if (!vp_key) {
return;
}
-uint32_t hash = hash_2words(dp_key, *vport_key);
+uint32_t vport_key = ntohl(*vp_key);
+uint32_t hash = hash_2words(dp_key, vport_key);
struct put_vport_binding *vpb
-= pinctrl_find_put_vport_binding(dp_key, *vport_key, hash);
+= pinctrl_find_put_vport_binding(dp_key, vport_key, hash);
if (!vpb) {
if (hmap_count(_vport_bindings) >= 1000) {
COVERAGE_INC(pinctrl_drop_put_vport_binding);
@@ -4510,7 +4511,7 @@ pinctrl_handle_bind_vport(
}
vpb->dp_key = dp_key;
-vpb->vport_key = *vport_key;
+vpb->vport_key = vport_key;
vpb->vport_parent_key = vport_parent_key;
notify_pinctrl_main();
diff --git a/lib/actions.c b/lib/actions.c
index 66916a837..0b90da772 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -2645,7 +2645,8 @@ encode_BIND_VPORT(const struct ovnact_bind_vport *vp,
size_t oc_offset = encode_start_controller_op(ACTION_OPCODE_BIND_VPORT,
false, NX_CTLR_NO_METER,
ofpacts);
-ofpbuf_put(ofpacts, _key, sizeof(uint32_t));
+ovs_be32 vp_key = htonl(vp_key);
+ofpbuf_put(ofpacts, _key, sizeof(ovs_be32));
encode_finish_controller_op(oc_offset, ofpacts);
encode_restore_args(args, ARRAY_SIZE(args), ofpacts);
}
diff --git a/tests/ovn.at b/tests/ovn.at
index e88cffa20..344efad26 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -1371,7 +1371,7 @@ reg0[0] = check_pkt_larger(foo);
# bind_vport
# lsp1's port key is 0x11.
bind_vport("lsp1", inport);
-encodes as controller(userdata=00.00.00.11.00.00.00.00.11.00.00.00)
+encodes as controller(userdata=00.00.00.11.00.00.00.00.00.00.00.11)
# lsp2 doesn't exist. So it should be encoded as drop.
bind_vport("lsp2", inport);
encodes as drop
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] Encode the virtual port key in vport_bind action in network byte order
From: Numan Siddique
The commit [1] encoded the vport key using uint32_t and the test case
"action parsing" is failing for s380 arch.
This patch fixes this issue by encoding the vport key in the network byte
order.
[1] - 054f4c85c413("Add a new logical switch port type - 'virtual'")
Fixes: 054f4c85c413("Add a new logical switch port type - 'virtual'")
Signed-off-by: Numan Siddique
---
controller/pinctrl.c | 11 ++-
lib/actions.c| 3 ++-
tests/ovn.at | 2 +-
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/controller/pinctrl.c b/controller/pinctrl.c
index f05579fcc..f27718f55 100644
--- a/controller/pinctrl.c
+++ b/controller/pinctrl.c
@@ -4489,16 +4489,17 @@ pinctrl_handle_bind_vport(
uint32_t vport_parent_key = md->regs[MFF_LOG_INPORT - MFF_REG0];
/* Get the virtual port key from the userdata buffer. */
-uint32_t *vport_key = ofpbuf_try_pull(userdata, sizeof *vport_key);
+ovs_be32 *vp_key = ofpbuf_try_pull(userdata, sizeof *vp_key);
-if (!vport_key) {
+if (!vp_key) {
return;
}
-uint32_t hash = hash_2words(dp_key, *vport_key);
+uint32_t vport_key = ntohl(*vp_key);
+uint32_t hash = hash_2words(dp_key, vport_key);
struct put_vport_binding *vpb
-= pinctrl_find_put_vport_binding(dp_key, *vport_key, hash);
+= pinctrl_find_put_vport_binding(dp_key, vport_key, hash);
if (!vpb) {
if (hmap_count(_vport_bindings) >= 1000) {
COVERAGE_INC(pinctrl_drop_put_vport_binding);
@@ -4510,7 +4511,7 @@ pinctrl_handle_bind_vport(
}
vpb->dp_key = dp_key;
-vpb->vport_key = *vport_key;
+vpb->vport_key = vport_key;
vpb->vport_parent_key = vport_parent_key;
notify_pinctrl_main();
diff --git a/lib/actions.c b/lib/actions.c
index 66916a837..0b90da772 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -2645,7 +2645,8 @@ encode_BIND_VPORT(const struct ovnact_bind_vport *vp,
size_t oc_offset = encode_start_controller_op(ACTION_OPCODE_BIND_VPORT,
false, NX_CTLR_NO_METER,
ofpacts);
-ofpbuf_put(ofpacts, _key, sizeof(uint32_t));
+ovs_be32 vp_key = htonl(vp_key);
+ofpbuf_put(ofpacts, _key, sizeof(ovs_be32));
encode_finish_controller_op(oc_offset, ofpacts);
encode_restore_args(args, ARRAY_SIZE(args), ofpacts);
}
diff --git a/tests/ovn.at b/tests/ovn.at
index e88cffa20..344efad26 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -1371,7 +1371,7 @@ reg0[0] = check_pkt_larger(foo);
# bind_vport
# lsp1's port key is 0x11.
bind_vport("lsp1", inport);
-encodes as controller(userdata=00.00.00.11.00.00.00.00.11.00.00.00)
+encodes as controller(userdata=00.00.00.11.00.00.00.00.00.00.00.11)
# lsp2 doesn't exist. So it should be encoded as drop.
bind_vport("lsp2", inport);
encodes as drop
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [branch2.12] ovn: Add a new logical switch port type - 'virtual'
From: Numan Siddique
This new type is added for the following reasons:
- When a load balancer is created in an OpenStack deployment with Octavia
service, it creates a logical port 'VIP' for the virtual ip.
- This logical port is not bound to any VIF.
- Octavia service creates a service VM (with another logical port 'P' which
belongs to the same logical switch)
- The virtual ip 'VIP' is configured on this service VM.
- This service VM provides the load balancing for the VIP with the configured
backend IPs.
- Octavia service can be configured to create few service VMs with
active-standby mode
with the active VM configured with the VIP. The VIP can move between
these service nodes.
Presently there are few problems:
- When a floating ip (externally reachable IP) is associated to the VIP and if
the compute nodes have external connectivity then the external traffic
cannot
reach the VIP using the floating ip as the VIP logical port would be down.
dnat_and_snat entry in NAT table for this vip will have 'external_mac' and
'logical_port' configured.
- The only way to make it work is to clear the 'external_mac' entry so that
the gateway chassis does the DNAT for the VIP.
To solve these problems, this patch proposes a new logical port type - virtual.
CMS when creating the logical port for the VIP, should
- set the type as 'virtual'
- configure the VIP in the options - Logical_Switch_Port.options:virtual-ip
- And set the virtual parents in the options
Logical_Switch_Port.options:virtual-parents.
These virtual parents are the one which can be configured with the VIP.
If suppose the virtual_ip is configured to 10.0.0.10 on a virtual logical port
'sw0-vip'
and the virtual_parents are set to - [sw0-p1, sw0-p2] then below logical flows
are added in the
lsp_in_arp_rsp logical switch pipeline
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p1" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p2" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
The action bind_vport will claim the logical port - sw0-vip on the chassis
where this action
is executed. Since the port - sw0-vip is claimed by a chassis, the
dnat_and_snat rule for
the VIP will be handled by the compute node.
Co-authored-by: Ben Pfaff
Signed-off-by: Ben Pfaff
Acked-by: Gurucharan Shetty
Acked-by: Mark Michelson
Signed-off-by: Numan Siddique
(cherry picked from ovn commit 054f4c85c413e20d893e10ba053ec52ac15db49c)
---
NEWS| 1 +
include/ovn/actions.h | 18 ++-
ovn/controller/binding.c| 30 +++-
ovn/controller/pinctrl.c| 174
ovn/lib/actions.c | 59 +++
ovn/lib/ovn-util.c | 1 +
ovn/northd/ovn-northd.8.xml | 61 ++-
ovn/northd/ovn-northd.c | 306 +++-
ovn/ovn-nb.xml | 45 ++
ovn/ovn-sb.ovsschema| 6 +-
ovn/ovn-sb.xml | 46 ++
ovn/utilities/ovn-trace.c | 3 +
tests/ovn.at| 290 ++
tests/test-ovn.c| 1 +
14 files changed, 954 insertions(+), 87 deletions(-)
diff --git a/NEWS b/NEWS
index 8cf850823..be3ea42b4 100644
--- a/NEWS
+++ b/NEWS
@@ -60,6 +60,7 @@ v2.12.0 - xx xxx
logical groups which results in tunnels only been formed between
members of the same transport zone(s).
* Support for IGMP Snooping and IGMP Querier.
+ * Support for new logical switch port type - 'virtual'.
- New QoS type "linux-netem" on Linux.
- Added support for TLS Server Name Indication (SNI).
- Linux datapath:
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index 63d3907d8..0ca06537c 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -85,7 +85,8 @@ struct ovn_extend_table;
OVNACT(SET_METER, ovnact_set_meter) \
OVNACT(OVNFIELD_LOAD, ovnact_load)\
OVNACT(CHECK_PKT_LARGER, ovnact_check_pkt_larger) \
-OVNACT(TRIGGER_EVENT, ovnact_controller_event)
+OVNACT(TRIGGER_EVENT, ovnact_controller_event) \
+OVNACT(BIND_VPORT,ovnact_bind_vport)
/* enum ovnact_type, with a member OVNACT_ for each action. */
enum OVS_PACKED_ENUM ovnact_type {
@@ -328,6 +329,13 @@ struct ovnact_controller_event {
size_t n_options;
};
+/* OVNACT_BIND_VPORT. */
+struct ovnact_bind_vport {
+struct ovnact ovnact;
+char *vport;
+struct expr_field vport_parent; /* Logical virtual port's port name. */
+};
+
/* Internal use by
[ovs-dev] [PATCH ovn] Change the package name from openvswitch to ovn in AC_INIT()
From: Numan Siddique Signed-off-by: Numan Siddique --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 180bbcd7c..8a32d3a18 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ # limitations under the License. AC_PREREQ(2.63) -AC_INIT(openvswitch, 2.12.90, b...@openvswitch.org) +AC_INIT(ovn, 2.12.90, b...@openvswitch.org) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [branch2.12] ovn-northd: Add the option to pause and resume
From: Numan Siddique
This patch adds 3 unixctl socket comments - pause, resume and is-paused.
Usage: ovs-appctl -t ovn-northd pause/resume/is-paused
This feature will be useful if the CMS wants to
- deploy OVN DB servers in active/passive mode and
- run ovn-northd on all these nodes and use unix ctl sockets to
connect to the local OVN DB servers.
On the nodes where OVN Db ovsdb-servers are in passive mode, the local
ovn-northds
will process the DB changes and compute logical flows to be thrown out later,
because write transactions are not allowed by these ovsdb-servers. It results in
unncessary CPU usage.
With these commands, CMS can pause ovn-northd on these node. A node
which becomes master, can resume the ovn-northd.
One use case is to use this feature in ovn-kubernetes with the above deployment
model.
Acked-by: Mark Michelson
Acked-by: Dumitru Ceara
Signed-off-by: Numan Siddique
(cherry picked from ovn commit 03894e3e2374069c06ae97dafb24fb4fcb8c8e61)
---
ovn/northd/ovn-northd.8.xml | 48
ovn/northd/ovn-northd.c | 111 +++-
tests/ovn-northd.at | 38
3 files changed, 169 insertions(+), 28 deletions(-)
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index d2267de0e..1d0243656 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -70,6 +70,23 @@
Causes ovn-northd to gracefully terminate.
+
+ pause
+
+Pauses the ovn-northd operation from processing any Northbound and
+Southbound database changes.
+
+
+ resume
+
+Resumes the ovn-northd operation to process Northbound and
+Southbound database contents and generate logical flows.
+
+
+ is-paused
+
+Returns "true" if ovn-northd is currently paused, "false" otherwise.
+
@@ -82,6 +99,37 @@
of ovn-northd will automatically take over.
+ Active-Standby with multiple OVN DB servers
+
+ You may run multiple OVN DB servers in an OVN deployment with:
+
+
+ OVN DB servers deployed in active/passive mode with one active
+ and multiple passive ovsdb-servers.
+
+
+
+ ovn-northd also deployed on all these nodes,
+ using unix ctl sockets to connect to the local OVN DB servers.
+
+
+
+
+
+ In such deployments, the ovn-northds on the passive nodes will process
+ the DB changes and compute logical flows to be thrown out later,
+ because write transactions are not allowed by the passive ovsdb-servers.
+ It results in unnecessary CPU usage.
+
+
+
+ With the help of runtime management command pause, you can
+ pause ovn-northd on these nodes. When a passive node
+ becomes master, you can use the runtime management command
+ resume to resume the ovn-northd to process the
+ DB changes.
+
+
Logical Flow Table Structure
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index eb6c47cad..2e96e9cf4 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -52,6 +52,9 @@
VLOG_DEFINE_THIS_MODULE(ovn_northd);
static unixctl_cb_func ovn_northd_exit;
+static unixctl_cb_func ovn_northd_pause;
+static unixctl_cb_func ovn_northd_resume;
+static unixctl_cb_func ovn_northd_is_paused;
struct northd_context {
struct ovsdb_idl *ovnnb_idl;
@@ -9182,6 +9185,7 @@ main(int argc, char *argv[])
struct unixctl_server *unixctl;
int retval;
bool exiting;
+bool paused;
fatal_ignore_sigpipe();
ovs_cmdl_proctitle_init(argc, argv);
@@ -9196,6 +9200,10 @@ main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
unixctl_command_register("exit", "", 0, 0, ovn_northd_exit, );
+unixctl_command_register("pause", "", 0, 0, ovn_northd_pause, );
+unixctl_command_register("resume", "", 0, 0, ovn_northd_resume, );
+unixctl_command_register("is-paused", "", 0, 0, ovn_northd_is_paused,
+ );
daemonize_complete();
@@ -9384,34 +9392,51 @@ main(int argc, char *argv[])
/* Main loop. */
exiting = false;
+paused = false;
while (!exiting) {
-struct northd_context ctx = {
-.ovnnb_idl = ovnnb_idl_loop.idl,
-.ovnnb_txn = ovsdb_idl_loop_run(_idl_loop),
-.ovnsb_idl = ovnsb_idl_loop.idl,
-.ovnsb_txn = ovsdb_idl_loop_run(_idl_loop),
-.sbrec_ha_chassis_grp_by_name = sbrec_ha_chassis_grp_by_name,
-.sbrec_mcast_group_by_name_dp = sbrec_mcast_group_by_name_dp,
-.sbrec_ip_mcast_by_dp = sbrec_ip_mcast_by_dp,
-};
-
-if (!had_lock && ovsdb_idl_has_lock(ovnsb_idl_loop.idl)) {
-VLOG_INFO("ovn-northd lock acquired. "
- "This ovn-northd instance is now active.");
-had_lock = true;
-} else if
[ovs-dev] [PATCH ovn] Build OVN using external OVS directory
From: Numan Siddique
With this patch we have to configure OVN to refer to external OVS source/build
directory instead of the ovs subtree.
The new configuration options added are:
* --with-ovs-source=/path/to/ovs/source/dir
* --with-ovs-build=/path/to/ovs/build/dir
Before configuring OVN, user should configure and compile OVS. If the user has
configured OVS on a different directory than the source dir, then
'with-ovs-build'
should be specified.
If ovs-build dir is not defined, then ovs-source is used.
An upcoming patch will delete the ovs subtree.
Example usage:
$ # Clone OVS repo
$cd /home/foo/ovs
$./boot.sh
$mkdir _gcc
$cd _gcc && ../configure && cd ..
$make -C _gcc
$ # Clone OVN repo
$cd /home/foo/ovn
$./boot.sh
$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
$make
Signed-off-by: Numan Siddique
---
.travis/linux-build.sh | 16 +--
Documentation/intro/install/general.rst | 32 +-
Makefile.am | 24 +++--
acinclude.m4| 35 +
configure.ac| 29 ++--
controller-vtep/automake.mk | 2 +-
include/ovn/version.h.in| 28
lib/ovsdb_automake.mk | 12 -
tests/automake.mk | 2 +-
9 files changed, 136 insertions(+), 44 deletions(-)
create mode 100644 include/ovn/version.h.in
diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh
index a20474345..14c5413db 100755
--- a/.travis/linux-build.sh
+++ b/.travis/linux-build.sh
@@ -8,9 +8,21 @@ SPARSE_FLAGS=""
EXTRA_OPTS=""
TARGET="x86_64-native-linuxapp-gcc"
+ovs_dir=$PWD/ovs_src
+
function configure_ovs()
{
+git clone https://github.com/openvswitch/ovs.git $ovs_dir
+pushd $ovs_dir
./boot.sh && ./configure $* || { cat config.log; exit 1; }
+make -j4
+popd
+}
+
+function configure_ovn()
+{
+configure_ovs
+./boot.sh && ./configure --with-ovs-source=$ovs_dir $* || { cat
config.log; exit 1; }
}
OPTS="$EXTRA_OPTS $*"
@@ -28,7 +40,7 @@ fi
if [ "$TESTSUITE" ]; then
# 'distcheck' will reconfigure with required options.
# Now we only need to prepare the Makefile without sparse-wrapped CC.
-configure_ovs
+configure_ovn
export DISTCHECK_CONFIGURE_FLAGS="$OPTS"
if ! make distcheck -j4 TESTSUITEFLAGS="-j4 -k ovn" RECHECK=yes; then
@@ -37,7 +49,7 @@ if [ "$TESTSUITE" ]; then
exit 1
fi
else
-configure_ovs $OPTS
+configure_ovn $OPTS
make selinux-policy
make -j4
diff --git a/Documentation/intro/install/general.rst
b/Documentation/intro/install/general.rst
index 99d8fec04..dc1a347de 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -42,9 +42,8 @@ out. This is the right branch for general development.
As of now there are no official OVN releases.
-Although building OVN, also builds OVS, it is recommended to clone
-and build OVS from its own repo. Please see the Open vSwitch
-documentation to build and install OVS.
+Before building OVN you should configure and build OVS.
+Please see the Open vSwitch documentation to build and install OVS.
.. _general-build-reqs:
@@ -143,16 +142,24 @@ the "configure" script::
$ ./boot.sh
+Before configuring OVN, clone, configure and build Open vSwitch.
+
.. _general-configuring:
Configuring
---
-Configure the package by running the configure script. You can usually
-invoke configure without any arguments. For example::
+Configure the package by running the configure script. You need to
+invoke configure with atleast the argument --with-ovs-source.
+For example::
+
+$ ./configure --with-ovs-source=/path/to/ovs/source
-$ ./configure
+If you have built Open vSwitch in a separate directory, then you
+need to provide that path in the option - --with-ovs-build.
+As of now, OVN uses all the run time directory of Open vSwitch. This
+will be changed to ``ovn`` specific directories.
By default all files are installed under ``/usr/local``. OVN and Open vSwitch
also expects to find its database in ``/usr/local/etc/openvswitch`` by default.
If you want to install all files into, e.g., ``/usr`` and ``/var`` instead of
@@ -272,6 +279,19 @@ you wish to link with jemalloc add it to LIBS::
$ ./configure LIBS=-ljemalloc
+Example usage::
+$ # Clone OVS repo
+$cd /home/foo/ovs
+$./boot.sh
+$mkdir _gcc
+$cd _gcc && ../configure && cd ..
+$make -C _gcc
+
+$ # Clone OVN repo
+$cd /home/foo/ovn
+$./boot.sh
+$./configure --with-ovs-source=/home/foo/ovs/
--with-ovs-build=/home/foo/ovs/_gcc
+
.. _general-building:
Building
diff --git a/Makefile.am b/Makefile.am
index 16d4d02e4..26ff83f92 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -7,7 +7,7 @@
AUTOMAKE_OPTIONS = foreign
[ovs-dev] [PATCH v5 ovn] ovn-northd: Add the option to pause and resume
From: Numan Siddique
This patch adds 3 unixctl socket comments - pause, resume and is-paused.
Usage: ovs-appctl -t ovn-northd pause/resume/is-paused
This feature will be useful if the CMS wants to
- deploy OVN DB servers in active/passive mode and
- run ovn-northd on all these nodes and use unix ctl sockets to
connect to the local OVN DB servers.
On the nodes where OVN Db ovsdb-servers are in passive mode, the local
ovn-northds
will process the DB changes and compute logical flows to be thrown out later,
because write transactions are not allowed by these ovsdb-servers. It results in
unncessary CPU usage.
With these commands, CMS can pause ovn-northd on these node. A node
which becomes master, can resume the ovn-northd.
One use case is to use this feature in ovn-kubernetes with the above deployment
model.
Acked-by: Mark Michelson
Signed-off-by: Numan Siddique
---
v4 -> v5
==
* Addressed Dumitru's comments.
v3 -> v4
* Submitted the patch for the OVN repo
v2 -> v3
===
* Resolved merge conflicts.
v1 -> v2
===
* Addressed the review comments from Ben and add more documentation
about the runtime options added by this patch.
* v1 had an issue - When paused, it was not even waking up to process
the IDL updates. In v2, the main thread, wakes up to process any
IDL updates, but doesn't do any logical flow computations.
northd/ovn-northd.8.xml | 48 +
northd/ovn-northd.c | 111 ++--
tests/ovn-northd.at | 38 ++
3 files changed, 169 insertions(+), 28 deletions(-)
diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index d2267de0e..1d0243656 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -70,6 +70,23 @@
Causes ovn-northd to gracefully terminate.
+
+ pause
+
+Pauses the ovn-northd operation from processing any Northbound and
+Southbound database changes.
+
+
+ resume
+
+Resumes the ovn-northd operation to process Northbound and
+Southbound database contents and generate logical flows.
+
+
+ is-paused
+
+Returns "true" if ovn-northd is currently paused, "false" otherwise.
+
@@ -82,6 +99,37 @@
of ovn-northd will automatically take over.
+ Active-Standby with multiple OVN DB servers
+
+ You may run multiple OVN DB servers in an OVN deployment with:
+
+
+ OVN DB servers deployed in active/passive mode with one active
+ and multiple passive ovsdb-servers.
+
+
+
+ ovn-northd also deployed on all these nodes,
+ using unix ctl sockets to connect to the local OVN DB servers.
+
+
+
+
+
+ In such deployments, the ovn-northds on the passive nodes will process
+ the DB changes and compute logical flows to be thrown out later,
+ because write transactions are not allowed by the passive ovsdb-servers.
+ It results in unnecessary CPU usage.
+
+
+
+ With the help of runtime management command pause, you can
+ pause ovn-northd on these nodes. When a passive node
+ becomes master, you can use the runtime management command
+ resume to resume the ovn-northd to process the
+ DB changes.
+
+
Logical Flow Table Structure
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 979dea4a3..87ce3ed3f 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -52,6 +52,9 @@
VLOG_DEFINE_THIS_MODULE(ovn_northd);
static unixctl_cb_func ovn_northd_exit;
+static unixctl_cb_func ovn_northd_pause;
+static unixctl_cb_func ovn_northd_resume;
+static unixctl_cb_func ovn_northd_is_paused;
struct northd_context {
struct ovsdb_idl *ovnnb_idl;
@@ -9183,6 +9186,7 @@ main(int argc, char *argv[])
struct unixctl_server *unixctl;
int retval;
bool exiting;
+bool paused;
fatal_ignore_sigpipe();
ovs_cmdl_proctitle_init(argc, argv);
@@ -9197,6 +9201,10 @@ main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
unixctl_command_register("exit", "", 0, 0, ovn_northd_exit, );
+unixctl_command_register("pause", "", 0, 0, ovn_northd_pause, );
+unixctl_command_register("resume", "", 0, 0, ovn_northd_resume, );
+unixctl_command_register("is-paused", "", 0, 0, ovn_northd_is_paused,
+ );
daemonize_complete();
@@ -9385,34 +9393,51 @@ main(int argc, char *argv[])
/* Main loop. */
exiting = false;
+paused = false;
while (!exiting) {
-struct northd_context ctx = {
-.ovnnb_idl = ovnnb_idl_loop.idl,
-.ovnnb_txn = ovsdb_idl_loop_run(_idl_loop),
-.ovnsb_idl = ovnsb_idl_loop.idl,
-.ovnsb_txn = ovsdb_idl_loop_run(_idl_loop),
-.sbrec_ha_chassis_grp_by_name = sbrec_ha_chassis_grp_by_name,
-
[ovs-dev] [PATCH v10 ovn] Add a new logical switch port type - 'virtual'
From: Numan Siddique
This new type is added for the following reasons:
- When a load balancer is created in an OpenStack deployment with Octavia
service, it creates a logical port 'VIP' for the virtual ip.
- This logical port is not bound to any VIF.
- Octavia service creates a service VM (with another logical port 'P' which
belongs to the same logical switch)
- The virtual ip 'VIP' is configured on this service VM.
- This service VM provides the load balancing for the VIP with the configured
backend IPs.
- Octavia service can be configured to create few service VMs with
active-standby mode
with the active VM configured with the VIP. The VIP can move between
these service nodes.
Presently there are few problems:
- When a floating ip (externally reachable IP) is associated to the VIP and if
the compute nodes have external connectivity then the external traffic
cannot
reach the VIP using the floating ip as the VIP logical port would be down.
dnat_and_snat entry in NAT table for this vip will have 'external_mac' and
'logical_port' configured.
- The only way to make it work is to clear the 'external_mac' entry so that
the gateway chassis does the DNAT for the VIP.
To solve these problems, this patch proposes a new logical port type - virtual.
CMS when creating the logical port for the VIP, should
- set the type as 'virtual'
- configure the VIP in the options - Logical_Switch_Port.options:virtual-ip
- And set the virtual parents in the options
Logical_Switch_Port.options:virtual-parents.
These virtual parents are the one which can be configured with the VIP.
If suppose the virtual_ip is configured to 10.0.0.10 on a virtual logical port
'sw0-vip'
and the virtual_parents are set to - [sw0-p1, sw0-p2] then below logical flows
are added in the
lsp_in_arp_rsp logical switch pipeline
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p1" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p2" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
The action bind_vport will claim the logical port - sw0-vip on the chassis
where this action
is executed. Since the port - sw0-vip is claimed by a chassis, the
dnat_and_snat rule for
the VIP will be handled by the compute node.
Co-authored-by: Ben Pfaff
Signed-off-by: Ben Pfaff
Acked-by: Gurucharan Shetty
Signed-off-by: Numan Siddique
---
v9 -> v10
* Resubmitting targeting OVN repo.
v8 -> v9
===
* Added entry in NEWS.
v7 -> v8
===
* Applied the code suggestions from Ben.
v6 -> v7
* Resolved merge conflicts.
v5 -> v6
* Resolved conflicts after rebasing to latest master in tests/ovn.at
v4 -> v5
===
* Rebased to master to resolve merge conflicts.
v3 -> v4
===
* Addressed the review comment and removed the code in northd which
referenced the Southbound db state while adding the logical flows. Instead
using the ovn match - is_chassis_resident() - which I should have used
it in the first place.
v2 -> v3
===
* Addressed the review comments from Ben - deleted the new columns -
virtual_ip and virtual_parents from Logical_Switch_Port and instead
is making use of options column for this purpose.
v1 -> v2
* In v1, was not updating the 'put_vport_binding' struct if it already
exists in the put_vport_bindings hmap in the function -
pinctrl_handle_bind_vport().
In v2 handled it.
* Improved the if else check in binding.c when releasing the lports.
NEWS| 1 +
controller/binding.c| 30 +++-
controller/pinctrl.c| 174 +++
include/ovn/actions.h | 18 ++-
lib/actions.c | 59
lib/ovn-util.c | 1 +
northd/ovn-northd.8.xml | 61 +++-
northd/ovn-northd.c | 306 ++--
ovn-nb.xml | 45 ++
ovn-sb.ovsschema| 6 +-
ovn-sb.xml | 46 ++
tests/ovn.at| 290 +
tests/test-ovn.c| 1 +
utilities/ovn-trace.c | 3 +
14 files changed, 954 insertions(+), 87 deletions(-)
diff --git a/NEWS b/NEWS
index 293531db0..f47698470 100644
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,7 @@ Post-v2.11.0
* Support for Transport Zones, a way to separate chassis into
logical groups which results in tunnels only been formed between
members of the same transport zone(s).
+ * Support for new logical switch port type - 'virtual'.
- New QoS type "linux-netem" on Linux.
- Added
[ovs-dev] [branch 2.12] ovn-controller: Fix the chassis row recreation issue
From: Numan Siddique
Before the commit [1], ovn-controller would always recreate its
chassis row if deleted externally. After this commit, it no longer
recreates it. This is regression and needs to be fixed.
[1] - 242f1799fc22("ovn-controller: Refactor chassis.c to abstract the string
parsing")
Fixes: 242f1799fc22("ovn-controller: Refactor chassis.c to abstract the string
parsing")
Signed-off-by: Numan Siddique
(cherry picked from ovn repo commit b114775978a501dabd08bb15192940e574d45420)
---
ovn/controller/chassis.c | 4
tests/ovn-controller.at | 29 +
2 files changed, 33 insertions(+)
diff --git a/ovn/controller/chassis.c b/ovn/controller/chassis.c
index 04b98d86c..b74a42cc8 100644
--- a/ovn/controller/chassis.c
+++ b/ovn/controller/chassis.c
@@ -486,6 +486,10 @@ chassis_get_record(struct ovsdb_idl_txn *ovnsb_idl_txn,
if (!chassis_rec) {
VLOG_WARN("Could not find Chassis : stored (%s) ovs (%s)",
chassis_info_id(_state), chassis_id);
+if (ovnsb_idl_txn) {
+/* Recreate the chassis record. */
+chassis_rec = sbrec_chassis_insert(ovnsb_idl_txn);
+}
}
} else {
chassis_rec =
diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
index 343c2abed..63b2581c0 100644
--- a/tests/ovn-controller.at
+++ b/tests/ovn-controller.at
@@ -292,3 +292,32 @@ as ovn-sb
OVS_APP_EXIT_AND_WAIT([ovsdb-server])
AT_CLEANUP
+
+# Checks that ovn-controller recreates its chassis record when deleted
externally.
+AT_SETUP([ovn-controller - Chassis self record])
+AT_KEYWORDS([ovn])
+ovn_init_db ovn-sb
+
+net_add n1
+sim_add hv
+as hv
+ovs-vsctl \
+-- add-br br-phys \
+-- add-br br-eth0 \
+-- add-br br-eth1 \
+-- add-br br-eth2
+ovn_attach n1 br-phys 192.168.0.1
+
+OVS_WAIT_UNTIL([test xhv = x`ovn-sbctl --columns name --bare find chassis`])
+# Delete the chassis "hv"
+ovn-sbctl chassis-del hv
+# ovn-controller should recreate its chassis row.
+OVS_WAIT_UNTIL([test xhv = x`ovn-sbctl --columns name --bare find chassis`])
+
+# Gracefully terminate daemons
+OVN_CLEANUP_SBOX([hv])
+OVN_CLEANUP_VSWITCH([main])
+as ovn-sb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+AT_CLEANUP
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v4 ovn] ovn-northd: Add the option to pause and resume
From: Numan Siddique
This patch adds 3 unixctl socket comments - pause, resume and is-paused.
Usage: ovs-appctl -t ovn-northd pause/resume/is-paused
This feature will be useful if the CMS wants to
- deploy OVN DB servers in active/passive mode and
- run ovn-northd on all these nodes and use unix ctl sockets to
connect to the local OVN DB servers.
On the nodes where OVN Db ovsdb-servers are in passive mode, the local
ovn-northds
will process the DB changes and compute logical flows to be thrown out later,
because write transactions are not allowed by these ovsdb-servers. It results in
unncessary CPU usage.
With these commands, CMS can pause ovn-northd on these node. A node
which becomes master, can resume the ovn-northd.
One use case is to use this feature in ovn-kubernetes with the above deployment
model.
Acked-by: Mark Michelson
Signed-off-by: Numan Siddique
---
v3 -> v4
* Submitted the patch for the OVN repo
v2 -> v3
===
* Resolved merge conflicts.
v1 -> v2
===
* Addressed the review comments from Ben and add more documentation
about the runtime options added by this patch.
* v1 had an issue - When paused, it was not even waking up to process
the IDL updates. In v2, the main thread, wakes up to process any
IDL updates, but doesn't do any logical flow computations.
northd/ovn-northd.8.xml | 48
northd/ovn-northd.c | 121 ++--
tests/ovn-northd.at | 38 +
3 files changed, 179 insertions(+), 28 deletions(-)
diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index d2267de0e..1d0243656 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -70,6 +70,23 @@
Causes ovn-northd to gracefully terminate.
+
+ pause
+
+Pauses the ovn-northd operation from processing any Northbound and
+Southbound database changes.
+
+
+ resume
+
+Resumes the ovn-northd operation to process Northbound and
+Southbound database contents and generate logical flows.
+
+
+ is-paused
+
+Returns "true" if ovn-northd is currently paused, "false" otherwise.
+
@@ -82,6 +99,37 @@
of ovn-northd will automatically take over.
+ Active-Standby with multiple OVN DB servers
+
+ You may run multiple OVN DB servers in an OVN deployment with:
+
+
+ OVN DB servers deployed in active/passive mode with one active
+ and multiple passive ovsdb-servers.
+
+
+
+ ovn-northd also deployed on all these nodes,
+ using unix ctl sockets to connect to the local OVN DB servers.
+
+
+
+
+
+ In such deployments, the ovn-northds on the passive nodes will process
+ the DB changes and compute logical flows to be thrown out later,
+ because write transactions are not allowed by the passive ovsdb-servers.
+ It results in unnecessary CPU usage.
+
+
+
+ With the help of runtime management command pause, you can
+ pause ovn-northd on these nodes. When a passive node
+ becomes master, you can use the runtime management command
+ resume to resume the ovn-northd to process the
+ DB changes.
+
+
Logical Flow Table Structure
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index bed2993c2..fcb19b8a1 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -52,6 +52,9 @@
VLOG_DEFINE_THIS_MODULE(ovn_northd);
static unixctl_cb_func ovn_northd_exit;
+static unixctl_cb_func ovn_northd_pause;
+static unixctl_cb_func ovn_northd_resume;
+static unixctl_cb_func ovn_northd_is_paused;
struct northd_context {
struct ovsdb_idl *ovnnb_idl;
@@ -9182,6 +9185,7 @@ main(int argc, char *argv[])
struct unixctl_server *unixctl;
int retval;
bool exiting;
+bool paused;
fatal_ignore_sigpipe();
ovs_cmdl_proctitle_init(argc, argv);
@@ -9196,6 +9200,10 @@ main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
unixctl_command_register("exit", "", 0, 0, ovn_northd_exit, );
+unixctl_command_register("pause", "", 0, 0, ovn_northd_pause, );
+unixctl_command_register("resume", "", 0, 0, ovn_northd_resume, );
+unixctl_command_register("is-paused", "", 0, 0, ovn_northd_is_paused,
+ );
daemonize_complete();
@@ -9384,34 +9392,51 @@ main(int argc, char *argv[])
/* Main loop. */
exiting = false;
+paused = false;
while (!exiting) {
-struct northd_context ctx = {
-.ovnnb_idl = ovnnb_idl_loop.idl,
-.ovnnb_txn = ovsdb_idl_loop_run(_idl_loop),
-.ovnsb_idl = ovnsb_idl_loop.idl,
-.ovnsb_txn = ovsdb_idl_loop_run(_idl_loop),
-.sbrec_ha_chassis_grp_by_name = sbrec_ha_chassis_grp_by_name,
-.sbrec_mcast_group_by_name_dp =
[ovs-dev] [PATCH ovn] Fix the chassis row recreation issue
From: Numan Siddique
Before the commit [1], ovn-controller would always recreate its
chassis row if deleted externally. After this commit, it no longer
recreates it. This is regression and needs to be fixed.
[1] - 242f1799fc22("ovn-controller: Refactor chassis.c to abstract the string
parsing")
Fixes: 242f1799fc22("ovn-controller: Refactor chassis.c to abstract the string
parsing")
Acked-by: Dumitru Ceara
Acked-by: Han Zhou
Signed-off-by: Numan Siddique
---
controller/chassis.c| 4
tests/ovn-controller.at | 29 +
2 files changed, 33 insertions(+)
diff --git a/controller/chassis.c b/controller/chassis.c
index 8d9f7c8d0..937c5574b 100644
--- a/controller/chassis.c
+++ b/controller/chassis.c
@@ -486,6 +486,10 @@ chassis_get_record(struct ovsdb_idl_txn *ovnsb_idl_txn,
if (!chassis_rec) {
VLOG_WARN("Could not find Chassis : stored (%s) ovs (%s)",
chassis_info_id(_state), chassis_id);
+if (ovnsb_idl_txn) {
+/* Recreate the chassis record. */
+chassis_rec = sbrec_chassis_insert(ovnsb_idl_txn);
+}
}
} else {
chassis_rec =
diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
index 343c2abed..63b2581c0 100644
--- a/tests/ovn-controller.at
+++ b/tests/ovn-controller.at
@@ -292,3 +292,32 @@ as ovn-sb
OVS_APP_EXIT_AND_WAIT([ovsdb-server])
AT_CLEANUP
+
+# Checks that ovn-controller recreates its chassis record when deleted
externally.
+AT_SETUP([ovn-controller - Chassis self record])
+AT_KEYWORDS([ovn])
+ovn_init_db ovn-sb
+
+net_add n1
+sim_add hv
+as hv
+ovs-vsctl \
+-- add-br br-phys \
+-- add-br br-eth0 \
+-- add-br br-eth1 \
+-- add-br br-eth2
+ovn_attach n1 br-phys 192.168.0.1
+
+OVS_WAIT_UNTIL([test xhv = x`ovn-sbctl --columns name --bare find chassis`])
+# Delete the chassis "hv"
+ovn-sbctl chassis-del hv
+# ovn-controller should recreate its chassis row.
+OVS_WAIT_UNTIL([test xhv = x`ovn-sbctl --columns name --bare find chassis`])
+
+# Gracefully terminate daemons
+OVN_CLEANUP_SBOX([hv])
+OVN_CLEANUP_VSWITCH([main])
+as ovn-sb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+AT_CLEANUP
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v3 ovn] Include common ovn header files from include/ovn instead of ovs/include/ovn
From: Numan Siddique
For the other header files present in lib/, the previous commit [1]
changed the path. But few were left out. This patch fixes them too.
Also updated the end comments in the header files with the correct path.
[1] - a469954c00c4("Include ovn header files from lib/ instead of ovn/lib/")
Signed-off-by: Numan Siddique
---
v2 -> v3
==
* Updated the end comments in the header files.
v1 -> v2
===
* Addressed Dumitru's comments and updated lib/chassis-index.c
Makefile.am | 2 ++
controller/binding.h| 2 +-
controller/chassis.h| 2 +-
controller/encaps.h | 2 +-
controller/ip-mcast.h | 2 +-
controller/lflow.h | 2 +-
controller/lport.h | 2 +-
controller/ofctrl.h | 2 +-
controller/ovn-controller.h | 2 +-
controller/patch.h | 2 +-
controller/physical.h | 2 +-
controller/pinctrl.h| 2 +-
lib/acl-log.h | 2 +-
lib/chassis-index.c | 4 ++--
lib/chassis-index.h | 2 +-
lib/extend-table.h | 2 +-
lib/inc-proc-eng.h | 2 +-
lib/ip-mcast-index.c| 4 ++--
lib/ip-mcast-index.h| 2 +-
lib/mcast-group-index.h | 2 +-
lib/ovn-sb-idl.ann | 4 ++--
21 files changed, 25 insertions(+), 23 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index e3dea1912..4fe0d2899 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,6 +19,8 @@ AM_CPPFLAGS = $(SSL_CFLAGS)
AM_LDFLAGS = $(SSL_LDFLAGS)
AM_LDFLAGS += $(OVS_LDFLAGS)
+AM_CPPFLAGS += -I $(top_srcdir)/include
+
if WIN32
AM_CPPFLAGS += -I $(top_srcdir)/ovs/include
AM_CPPFLAGS += -I $(top_srcdir)/ovs/lib
diff --git a/controller/binding.h b/controller/binding.h
index 8d9492630..bae162ede 100644
--- a/controller/binding.h
+++ b/controller/binding.h
@@ -54,4 +54,4 @@ bool binding_evaluate_port_binding_changes(
struct sset *active_tunnels,
struct sset *local_lports);
-#endif /* ovn/binding.h */
+#endif /* controller/binding.h */
diff --git a/controller/chassis.h b/controller/chassis.h
index 16a131a3b..eb46ca3fc 100644
--- a/controller/chassis.h
+++ b/controller/chassis.h
@@ -43,4 +43,4 @@ bool chassis_get_mac(const struct sbrec_chassis *chassis,
struct eth_addr *chassis_mac);
const char *chassis_get_id(void);
-#endif /* ovn/chassis.h */
+#endif /* controller/chassis.h */
diff --git a/controller/encaps.h b/controller/encaps.h
index afa41830a..c919d18e6 100644
--- a/controller/encaps.h
+++ b/controller/encaps.h
@@ -45,4 +45,4 @@ bool encaps_tunnel_id_parse(const char *tunnel_id, char
**chassis_id,
bool encaps_tunnel_id_match(const char *tunnel_id, const char *chassis_id,
const char *encap_ip);
-#endif /* ovn/encaps.h */
+#endif /* controller/encaps.h */
diff --git a/controller/ip-mcast.h b/controller/ip-mcast.h
index 6014f43d5..b3447d4c7 100644
--- a/controller/ip-mcast.h
+++ b/controller/ip-mcast.h
@@ -49,4 +49,4 @@ void igmp_group_delete(const struct sbrec_igmp_group *g);
bool igmp_group_cleanup(struct ovsdb_idl_txn *ovnsb_idl_txn,
struct ovsdb_idl_index *igmp_groups);
-#endif /* ovn/controller/ip-mcast.h */
+#endif /* controller/ip-mcast.h */
diff --git a/controller/lflow.h b/controller/lflow.h
index 4e1086eb6..54da00b49 100644
--- a/controller/lflow.h
+++ b/controller/lflow.h
@@ -181,4 +181,4 @@ void lflow_handle_changed_neighbors(
void lflow_destroy(void);
-#endif /* ovn/lflow.h */
+#endif /* controller/lflow.h */
diff --git a/controller/lport.h b/controller/lport.h
index 7dcd5bee0..2d4bb7164 100644
--- a/controller/lport.h
+++ b/controller/lport.h
@@ -49,4 +49,4 @@ const struct sbrec_multicast_group *mcgroup_lookup_by_dp_name(
struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath,
const struct sbrec_datapath_binding *, const char *name);
-#endif /* ovn/lport.h */
+#endif /* controller/lport.h */
diff --git a/controller/ofctrl.h b/controller/ofctrl.h
index ed8918aae..114c9ef65 100644
--- a/controller/ofctrl.h
+++ b/controller/ofctrl.h
@@ -84,4 +84,4 @@ void ofctrl_check_and_add_flow(struct ovn_desired_flow_table
*,
bool ofctrl_is_connected(void);
void ofctrl_set_probe_interval(int probe_interval);
-#endif /* ovn/ofctrl.h */
+#endif /* controller/ofctrl.h */
diff --git a/controller/ovn-controller.h b/controller/ovn-controller.h
index be34a24c0..41feec378 100644
--- a/controller/ovn-controller.h
+++ b/controller/ovn-controller.h
@@ -82,4 +82,4 @@ enum chassis_tunnel_type {
uint32_t get_tunnel_type(const char *name);
-#endif /* ovn/ovn-controller.h */
+#endif /* controller/ovn-controller.h */
diff --git a/controller/patch.h b/controller/patch.h
index dd052cfd8..9018e4967 100644
--- a/controller/patch.h
+++ b/controller/patch.h
@@ -39,4 +39,4 @@ void patch_run(struct ovsdb_idl_txn *ovs_idl_txn,
const struct ovsrec_bridge *br_int,
const struct sbrec_chassis *);
-#endif /* ovn/patch.h */
+#endif /*
[ovs-dev] [PATCHv2 ovn] Include common ovn header files from include/ovn instead of ovs/include/ovn
From: Numan Siddique
For the other header files present in lib/, the previous commit [1]
changed the path. But few were left out. This patch fixes them too.
[1] - a469954c00c4("Include ovn header files from lib/ instead of ovn/lib/")
Signed-off-by: Numan Siddique
---
v1 -> v2
===
* Addressed Dumitru's comments and updated lib/chassis-index.c
Makefile.am | 2 ++
lib/chassis-index.c | 4 ++--
lib/ip-mcast-index.c | 4 ++--
lib/ovn-sb-idl.ann | 4 ++--
4 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index e3dea1912..4fe0d2899 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,6 +19,8 @@ AM_CPPFLAGS = $(SSL_CFLAGS)
AM_LDFLAGS = $(SSL_LDFLAGS)
AM_LDFLAGS += $(OVS_LDFLAGS)
+AM_CPPFLAGS += -I $(top_srcdir)/include
+
if WIN32
AM_CPPFLAGS += -I $(top_srcdir)/ovs/include
AM_CPPFLAGS += -I $(top_srcdir)/ovs/lib
diff --git a/lib/chassis-index.c b/lib/chassis-index.c
index 10f70fb4a..39066f4cc 100644
--- a/lib/chassis-index.c
+++ b/lib/chassis-index.c
@@ -13,8 +13,8 @@
*/
#include
-#include "ovn/lib/chassis-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
+#include "lib/chassis-index.h"
+#include "lib/ovn-sb-idl.h"
struct ovsdb_idl_index *
chassis_index_create(struct ovsdb_idl *idl)
diff --git a/lib/ip-mcast-index.c b/lib/ip-mcast-index.c
index 1f6ebc4ae..6b01041cc 100644
--- a/lib/ip-mcast-index.c
+++ b/lib/ip-mcast-index.c
@@ -15,8 +15,8 @@
#include
-#include "ovn/lib/ip-mcast-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
+#include "lib/ip-mcast-index.h"
+#include "lib/ovn-sb-idl.h"
struct ovsdb_idl_index *
ip_mcast_index_create(struct ovsdb_idl *idl)
diff --git a/lib/ovn-sb-idl.ann b/lib/ovn-sb-idl.ann
index e51238b92..22124b868 100644
--- a/lib/ovn-sb-idl.ann
+++ b/lib/ovn-sb-idl.ann
@@ -6,9 +6,9 @@
# it can generate more programmer-friendly data structures.
s["idlPrefix"] = "sbrec_"
-s["idlHeader"] = "\"ovn/lib/ovn-sb-idl.h\""
+s["idlHeader"] = "\"lib/ovn-sb-idl.h\""
-s["hDecls"] = '#include "ovn/lib/ovn-util.h"'
+s["hDecls"] = '#include "lib/ovn-util.h"'
# Adds an integer column named 'column' to 'table' in 's'. The column
# values is calculated with 'expression' based on the values of the columns
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] Include common ovn header files from include/ovn instead of ovs/include/ovn
From: Numan Siddique
For the other header files present in lib/, the previous commit [1]
changed the path. But few were left out. This patch fixes them too.
[1] - a469954c00c4("Include ovn header files from lib/ instead of ovn/lib/")
Signed-off-by: Numan Siddique
---
Makefile.am | 2 ++
lib/ip-mcast-index.c | 4 ++--
lib/ovn-sb-idl.ann | 4 ++--
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index e3dea1912..4fe0d2899 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,6 +19,8 @@ AM_CPPFLAGS = $(SSL_CFLAGS)
AM_LDFLAGS = $(SSL_LDFLAGS)
AM_LDFLAGS += $(OVS_LDFLAGS)
+AM_CPPFLAGS += -I $(top_srcdir)/include
+
if WIN32
AM_CPPFLAGS += -I $(top_srcdir)/ovs/include
AM_CPPFLAGS += -I $(top_srcdir)/ovs/lib
diff --git a/lib/ip-mcast-index.c b/lib/ip-mcast-index.c
index 1f6ebc4ae..6b01041cc 100644
--- a/lib/ip-mcast-index.c
+++ b/lib/ip-mcast-index.c
@@ -15,8 +15,8 @@
#include
-#include "ovn/lib/ip-mcast-index.h"
-#include "ovn/lib/ovn-sb-idl.h"
+#include "lib/ip-mcast-index.h"
+#include "lib/ovn-sb-idl.h"
struct ovsdb_idl_index *
ip_mcast_index_create(struct ovsdb_idl *idl)
diff --git a/lib/ovn-sb-idl.ann b/lib/ovn-sb-idl.ann
index e51238b92..22124b868 100644
--- a/lib/ovn-sb-idl.ann
+++ b/lib/ovn-sb-idl.ann
@@ -6,9 +6,9 @@
# it can generate more programmer-friendly data structures.
s["idlPrefix"] = "sbrec_"
-s["idlHeader"] = "\"ovn/lib/ovn-sb-idl.h\""
+s["idlHeader"] = "\"lib/ovn-sb-idl.h\""
-s["hDecls"] = '#include "ovn/lib/ovn-util.h"'
+s["hDecls"] = '#include "lib/ovn-util.h"'
# Adds an integer column named 'column' to 'table' in 's'. The column
# values is calculated with 'expression' based on the values of the columns
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH ovn] Include ovn header files from lib/ instead of ovn/lib/
From: Numan Siddique If we don't change this, we will be including the header files from ovs subtree - ovs/ovn/lib/ Signed-off-by: Numan Siddique --- controller-vtep/binding.c | 2 +- controller-vtep/gateway.c | 2 +- controller-vtep/ovn-controller-vtep.c | 4 ++-- controller-vtep/ovn-controller-vtep.h | 2 +- controller-vtep/vtep.c| 2 +- controller/bfd.c | 2 +- controller/binding.c | 4 ++-- controller/chassis.c | 4 ++-- controller/encaps.c | 2 +- controller/ha-chassis.c | 2 +- controller/lflow.c| 6 +++--- controller/lport.c| 2 +- controller/ofctrl.c | 2 +- controller/ovn-controller.c | 12 ++-- controller/ovn-controller.h | 2 +- controller/physical.c | 6 +++--- controller/pinctrl.c | 10 +- northd/ovn-northd.c | 14 +++--- tests/test-ovn.c | 4 ++-- utilities/ovn-nbctl.c | 6 +++--- utilities/ovn-sbctl.c | 4 ++-- utilities/ovn-trace.c | 8 22 files changed, 51 insertions(+), 51 deletions(-) diff --git a/controller-vtep/binding.c b/controller-vtep/binding.c index 9cbfadc71..83377157e 100644 --- a/controller-vtep/binding.c +++ b/controller-vtep/binding.c @@ -21,7 +21,7 @@ #include "lib/util.h" #include "openvswitch/vlog.h" #include "ovn-controller-vtep.h" -#include "ovn/lib/ovn-sb-idl.h" +#include "lib/ovn-sb-idl.h" #include "vtep/vtep-idl.h" VLOG_DEFINE_THIS_MODULE(binding); diff --git a/controller-vtep/gateway.c b/controller-vtep/gateway.c index 619c3c49a..636dab365 100644 --- a/controller-vtep/gateway.c +++ b/controller-vtep/gateway.c @@ -21,7 +21,7 @@ #include "lib/sset.h" #include "lib/util.h" #include "openvswitch/vlog.h" -#include "ovn/lib/ovn-sb-idl.h" +#include "lib/ovn-sb-idl.h" #include "vtep/vtep-idl.h" #include "ovn-controller-vtep.h" diff --git a/controller-vtep/ovn-controller-vtep.c b/controller-vtep/ovn-controller-vtep.c index 292a3f464..ec4d8c1b6 100644 --- a/controller-vtep/ovn-controller-vtep.c +++ b/controller-vtep/ovn-controller-vtep.c @@ -34,8 +34,8 @@ #include "util.h" #include "openvswitch/vconn.h" #include "openvswitch/vlog.h" -#include "ovn/lib/ovn-sb-idl.h" -#include "ovn/lib/ovn-util.h" +#include "lib/ovn-sb-idl.h" +#include "lib/ovn-util.h" #include "vtep/vtep-idl.h" #include "binding.h" diff --git a/controller-vtep/ovn-controller-vtep.h b/controller-vtep/ovn-controller-vtep.h index 435a730d9..0eacdbe30 100644 --- a/controller-vtep/ovn-controller-vtep.h +++ b/controller-vtep/ovn-controller-vtep.h @@ -17,7 +17,7 @@ #ifndef OVN_CONTROLLER_VTEP_H #define OVN_CONTROLLER_VTEP_H 1 -#include "ovn/lib/ovn-sb-idl.h" +#include "lib/ovn-sb-idl.h" struct ovsdb_idl; struct ovsdb_idl_txn; diff --git a/controller-vtep/vtep.c b/controller-vtep/vtep.c index a72b149eb..e2baca5a7 100644 --- a/controller-vtep/vtep.c +++ b/controller-vtep/vtep.c @@ -25,7 +25,7 @@ #include "lib/util.h" #include "ovn-controller-vtep.h" #include "openvswitch/vlog.h" -#include "ovn/lib/ovn-sb-idl.h" +#include "lib/ovn-sb-idl.h" #include "vtep/vtep-idl.h" VLOG_DEFINE_THIS_MODULE(vtep); diff --git a/controller/bfd.c b/controller/bfd.c index 22db00af7..10cd5fcd2 100644 --- a/controller/bfd.c +++ b/controller/bfd.c @@ -24,7 +24,7 @@ #include "lib/util.h" #include "lib/vswitch-idl.h" #include "openvswitch/vlog.h" -#include "ovn/lib/ovn-sb-idl.h" +#include "lib/ovn-sb-idl.h" #include "ovn-controller.h" VLOG_DEFINE_THIS_MODULE(ovn_bfd); diff --git a/controller/binding.c b/controller/binding.c index ace0f811b..c52acec11 100644 --- a/controller/binding.c +++ b/controller/binding.c @@ -27,8 +27,8 @@ #include "lib/vswitch-idl.h" #include "openvswitch/hmap.h" #include "openvswitch/vlog.h" -#include "ovn/lib/chassis-index.h" -#include "ovn/lib/ovn-sb-idl.h" +#include "lib/chassis-index.h" +#include "lib/ovn-sb-idl.h" #include "ovn-controller.h" VLOG_DEFINE_THIS_MODULE(binding); diff --git a/controller/chassis.c b/controller/chassis.c index 04b98d86c..8d9f7c8d0 100644 --- a/controller/chassis.c +++ b/controller/chassis.c @@ -24,8 +24,8 @@ #include "openvswitch/dynamic-string.h" #include "openvswitch/vlog.h" #include "openvswitch/ofp-parse.h" -#include "ovn/lib/chassis-index.h" -#include "ovn/lib/ovn-sb-idl.h" +#include "lib/chassis-index.h" +#include "lib/ovn-sb-idl.h" #include "ovn-controller.h" #include "lib/util.h" diff --git a/controller/encaps.c b/controller/encaps.c index d4a436df3..db48b707a 100644 --- a/controller/encaps.c +++ b/controller/encaps.c @@ -21,7 +21,7 @@ #include "lib/util.h" #include "lib/vswitch-idl.h" #include "openvswitch/vlog.h" -#include "ovn/lib/ovn-sb-idl.h" +#include "lib/ovn-sb-idl.h" #include "ovn-controller.h" VLOG_DEFINE_THIS_MODULE(encaps); diff
[ovs-dev] [PATCH] ovn-controller: Fix the chassis row recreation issue
From: Numan Siddique
Before the commit [1], ovn-controller would always recreate its
chassis row if deleted externally. After this commit, it no longer
recreates it. This is regression and needs to be fixed.
[1] - 242f1799fc22("ovn-controller: Refactor chassis.c to abstract the string
parsing")
Fixes: 242f1799fc22("ovn-controller: Refactor chassis.c to abstract the string
parsing")
CC: Dumitru Ceara
Signed-off-by: Numan Siddique
---
ovn/controller/chassis.c | 4
tests/ovn-controller.at | 29 +
2 files changed, 33 insertions(+)
diff --git a/ovn/controller/chassis.c b/ovn/controller/chassis.c
index 04b98d86c..b74a42cc8 100644
--- a/ovn/controller/chassis.c
+++ b/ovn/controller/chassis.c
@@ -486,6 +486,10 @@ chassis_get_record(struct ovsdb_idl_txn *ovnsb_idl_txn,
if (!chassis_rec) {
VLOG_WARN("Could not find Chassis : stored (%s) ovs (%s)",
chassis_info_id(_state), chassis_id);
+if (ovnsb_idl_txn) {
+/* Recreate the chassis record. */
+chassis_rec = sbrec_chassis_insert(ovnsb_idl_txn);
+}
}
} else {
chassis_rec =
diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
index 343c2abed..63b2581c0 100644
--- a/tests/ovn-controller.at
+++ b/tests/ovn-controller.at
@@ -292,3 +292,32 @@ as ovn-sb
OVS_APP_EXIT_AND_WAIT([ovsdb-server])
AT_CLEANUP
+
+# Checks that ovn-controller recreates its chassis record when deleted
externally.
+AT_SETUP([ovn-controller - Chassis self record])
+AT_KEYWORDS([ovn])
+ovn_init_db ovn-sb
+
+net_add n1
+sim_add hv
+as hv
+ovs-vsctl \
+-- add-br br-phys \
+-- add-br br-eth0 \
+-- add-br br-eth1 \
+-- add-br br-eth2
+ovn_attach n1 br-phys 192.168.0.1
+
+OVS_WAIT_UNTIL([test xhv = x`ovn-sbctl --columns name --bare find chassis`])
+# Delete the chassis "hv"
+ovn-sbctl chassis-del hv
+# ovn-controller should recreate its chassis row.
+OVS_WAIT_UNTIL([test xhv = x`ovn-sbctl --columns name --bare find chassis`])
+
+# Gracefully terminate daemons
+OVN_CLEANUP_SBOX([hv])
+OVN_CLEANUP_VSWITCH([main])
+as ovn-sb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+AT_CLEANUP
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v9] ovn: Add a new logical switch port type - 'virtual'
From: Numan Siddique
This new type is added for the following reasons:
- When a load balancer is created in an OpenStack deployment with Octavia
service, it creates a logical port 'VIP' for the virtual ip.
- This logical port is not bound to any VIF.
- Octavia service creates a service VM (with another logical port 'P' which
belongs to the same logical switch)
- The virtual ip 'VIP' is configured on this service VM.
- This service VM provides the load balancing for the VIP with the configured
backend IPs.
- Octavia service can be configured to create few service VMs with
active-standby mode
with the active VM configured with the VIP. The VIP can move between
these service nodes.
Presently there are few problems:
- When a floating ip (externally reachable IP) is associated to the VIP and if
the compute nodes have external connectivity then the external traffic
cannot
reach the VIP using the floating ip as the VIP logical port would be down.
dnat_and_snat entry in NAT table for this vip will have 'external_mac' and
'logical_port' configured.
- The only way to make it work is to clear the 'external_mac' entry so that
the gateway chassis does the DNAT for the VIP.
To solve these problems, this patch proposes a new logical port type - virtual.
CMS when creating the logical port for the VIP, should
- set the type as 'virtual'
- configure the VIP in the options - Logical_Switch_Port.options:virtual-ip
- And set the virtual parents in the options
Logical_Switch_Port.options:virtual-parents.
These virtual parents are the one which can be configured with the VIP.
If suppose the virtual_ip is configured to 10.0.0.10 on a virtual logical port
'sw0-vip'
and the virtual_parents are set to - [sw0-p1, sw0-p2] then below logical flows
are added in the
lsp_in_arp_rsp logical switch pipeline
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p1" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p2" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
The action bind_vport will claim the logical port - sw0-vip on the chassis
where this action
is executed. Since the port - sw0-vip is claimed by a chassis, the
dnat_and_snat rule for
the VIP will be handled by the compute node.
Co-authored-by: Ben Pfaff
Signed-off-by: Numan Siddique
---
v8 -> v9
===
* Added entry in NEWS.
v7 -> v8
===
* Applied the code suggestions from Ben.
v6 -> v7
* Resolved merge conflicts.
v5 -> v6
* Resolved conflicts after rebasing to latest master in tests/ovn.at
v4 -> v5
===
* Rebased to master to resolve merge conflicts.
v3 -> v4
===
* Addressed the review comment and removed the code in northd which
referenced the Southbound db state while adding the logical flows. Instead
using the ovn match - is_chassis_resident() - which I should have used
it in the first place.
v2 -> v3
===
* Addressed the review comments from Ben - deleted the new columns -
virtual_ip and virtual_parents from Logical_Switch_Port and instead
is making use of options column for this purpose.
v1 -> v2
* In v1, was not updating the 'put_vport_binding' struct if it already
exists in the put_vport_bindings hmap in the function -
pinctrl_handle_bind_vport().
In v2 handled it.
* Improved the if else check in binding.c when releasing the lports.
NEWS| 1 +
include/ovn/actions.h | 18 ++-
ovn/controller/binding.c| 30 +++-
ovn/controller/pinctrl.c| 174
ovn/lib/actions.c | 59 +++
ovn/lib/ovn-util.c | 1 +
ovn/northd/ovn-northd.8.xml | 61 ++-
ovn/northd/ovn-northd.c | 306 +++-
ovn/ovn-nb.xml | 45 ++
ovn/ovn-sb.ovsschema| 6 +-
ovn/ovn-sb.xml | 46 ++
ovn/utilities/ovn-trace.c | 3 +
tests/ovn.at| 290 ++
tests/test-ovn.c| 1 +
14 files changed, 954 insertions(+), 87 deletions(-)
diff --git a/NEWS b/NEWS
index feae994e8..c2698d2e3 100644
--- a/NEWS
+++ b/NEWS
@@ -55,6 +55,7 @@ Post-v2.11.0
logical groups which results in tunnels only been formed between
members of the same transport zone(s).
* Support for IGMP Snooping and IGMP Querier.
+ * Support for new logical switch port type - 'virtual'.
- New QoS type "linux-netem" on Linux.
- Added support for TLS Server Name Indication (SNI).
- Linux datapath:
diff --git
[ovs-dev] [PATCH v8] ovn: Add a new logical switch port type - 'virtual'
From: Numan Siddique
This new type is added for the following reasons:
- When a load balancer is created in an OpenStack deployment with Octavia
service, it creates a logical port 'VIP' for the virtual ip.
- This logical port is not bound to any VIF.
- Octavia service creates a service VM (with another logical port 'P' which
belongs to the same logical switch)
- The virtual ip 'VIP' is configured on this service VM.
- This service VM provides the load balancing for the VIP with the configured
backend IPs.
- Octavia service can be configured to create few service VMs with
active-standby mode
with the active VM configured with the VIP. The VIP can move between
these service nodes.
Presently there are few problems:
- When a floating ip (externally reachable IP) is associated to the VIP and if
the compute nodes have external connectivity then the external traffic
cannot
reach the VIP using the floating ip as the VIP logical port would be down.
dnat_and_snat entry in NAT table for this vip will have 'external_mac' and
'logical_port' configured.
- The only way to make it work is to clear the 'external_mac' entry so that
the gateway chassis does the DNAT for the VIP.
To solve these problems, this patch proposes a new logical port type - virtual.
CMS when creating the logical port for the VIP, should
- set the type as 'virtual'
- configure the VIP in the options - Logical_Switch_Port.options:virtual-ip
- And set the virtual parents in the options
Logical_Switch_Port.options:virtual-parents.
These virtual parents are the one which can be configured with the VIP.
If suppose the virtual_ip is configured to 10.0.0.10 on a virtual logical port
'sw0-vip'
and the virtual_parents are set to - [sw0-p1, sw0-p2] then below logical flows
are added in the
lsp_in_arp_rsp logical switch pipeline
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p1" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p2" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
The action bind_vport will claim the logical port - sw0-vip on the chassis
where this action
is executed. Since the port - sw0-vip is claimed by a chassis, the
dnat_and_snat rule for
the VIP will be handled by the compute node.
Co-authored-by: Ben Pfaff
Signed-off-by: Numan Siddique
---
v7 -> v8
===
* Applied the code suggestions from Ben.
v6 -> v7
* Resolved merge conflicts.
v5 -> v6
* Resolved conflicts after rebasing to latest master in tests/ovn.at
v4 -> v5
===
* Rebased to master to resolve merge conflicts.
v3 -> v4
===
* Addressed the review comment and removed the code in northd which
referenced the Southbound db state while adding the logical flows. Instead
using the ovn match - is_chassis_resident() - which I should have used
it in the first place.
v2 -> v3
===
* Addressed the review comments from Ben - deleted the new columns -
virtual_ip and virtual_parents from Logical_Switch_Port and instead
is making use of options column for this purpose.
v1 -> v2
* In v1, was not updating the 'put_vport_binding' struct if it already
exists in the put_vport_bindings hmap in the function -
pinctrl_handle_bind_vport().
In v2 handled it.
* Improved the if else check in binding.c when releasing the lports.
include/ovn/actions.h | 18 ++-
ovn/controller/binding.c| 30 +++-
ovn/controller/pinctrl.c| 174
ovn/lib/actions.c | 59 +++
ovn/lib/ovn-util.c | 1 +
ovn/northd/ovn-northd.8.xml | 61 ++-
ovn/northd/ovn-northd.c | 306 +++-
ovn/ovn-nb.xml | 45 ++
ovn/ovn-sb.ovsschema| 6 +-
ovn/ovn-sb.xml | 46 ++
ovn/utilities/ovn-trace.c | 3 +
tests/ovn.at| 290 ++
tests/test-ovn.c| 1 +
13 files changed, 953 insertions(+), 87 deletions(-)
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index 63d3907d8..0ca06537c 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -85,7 +85,8 @@ struct ovn_extend_table;
OVNACT(SET_METER, ovnact_set_meter) \
OVNACT(OVNFIELD_LOAD, ovnact_load)\
OVNACT(CHECK_PKT_LARGER, ovnact_check_pkt_larger) \
-OVNACT(TRIGGER_EVENT, ovnact_controller_event)
+OVNACT(TRIGGER_EVENT, ovnact_controller_event) \
+OVNACT(BIND_VPORT,ovnact_bind_vport)
/* enum ovnact_type, with a
[ovs-dev] [PATCH v3] ovn-northd: Add the option to pause and resume
From: Numan Siddique
This patch adds 3 unixctl socket comments - pause, resume and is-paused.
Usage: ovs-appctl -t ovn-northd pause/resume/is-paused
This feature will be useful if the CMS wants to
- deploy OVN DB servers in active/passive mode and
- run ovn-northd on all these nodes and use unix ctl sockets to
connect to the local OVN DB servers.
On the nodes where OVN Db ovsdb-servers are in passive mode, the local
ovn-northds
will process the DB changes and compute logical flows to be thrown out later,
because write transactions are not allowed by these ovsdb-servers. It results in
unncessary CPU usage.
With these commands, CMS can pause ovn-northd on these node. A node
which becomes master, can resume the ovn-northd.
One use case is to use this feature in ovn-kubernetes with the above deployment
model.
Signed-off-by: Numan Siddique
---
v2 -> v3
===
* Resolved merge conflicts.
v1 -> v2
===
* Addressed the review comments from Ben and add more documentation
about the runtime options added by this patch.
* v1 had an issue - When paused, it was not even waking up to process
the IDL updates. In v2, the main thread, wakes up to process any
IDL updates, but doesn't do any logical flow computations.
ovn/northd/ovn-northd.8.xml | 48 ++
ovn/northd/ovn-northd.c | 121 +++-
tests/ovn-northd.at | 38 +++
3 files changed, 179 insertions(+), 28 deletions(-)
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index d2267de0e..1d0243656 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -70,6 +70,23 @@
Causes ovn-northd to gracefully terminate.
+
+ pause
+
+Pauses the ovn-northd operation from processing any Northbound and
+Southbound database changes.
+
+
+ resume
+
+Resumes the ovn-northd operation to process Northbound and
+Southbound database contents and generate logical flows.
+
+
+ is-paused
+
+Returns "true" if ovn-northd is currently paused, "false" otherwise.
+
@@ -82,6 +99,37 @@
of ovn-northd will automatically take over.
+ Active-Standby with multiple OVN DB servers
+
+ You may run multiple OVN DB servers in an OVN deployment with:
+
+
+ OVN DB servers deployed in active/passive mode with one active
+ and multiple passive ovsdb-servers.
+
+
+
+ ovn-northd also deployed on all these nodes,
+ using unix ctl sockets to connect to the local OVN DB servers.
+
+
+
+
+
+ In such deployments, the ovn-northds on the passive nodes will process
+ the DB changes and compute logical flows to be thrown out later,
+ because write transactions are not allowed by the passive ovsdb-servers.
+ It results in unnecessary CPU usage.
+
+
+
+ With the help of runtime management command pause, you can
+ pause ovn-northd on these nodes. When a passive node
+ becomes master, you can use the runtime management command
+ resume to resume the ovn-northd to process the
+ DB changes.
+
+
Logical Flow Table Structure
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index eb6c47cad..8e13901e0 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -52,6 +52,9 @@
VLOG_DEFINE_THIS_MODULE(ovn_northd);
static unixctl_cb_func ovn_northd_exit;
+static unixctl_cb_func ovn_northd_pause;
+static unixctl_cb_func ovn_northd_resume;
+static unixctl_cb_func ovn_northd_is_paused;
struct northd_context {
struct ovsdb_idl *ovnnb_idl;
@@ -9182,6 +9185,7 @@ main(int argc, char *argv[])
struct unixctl_server *unixctl;
int retval;
bool exiting;
+bool paused;
fatal_ignore_sigpipe();
ovs_cmdl_proctitle_init(argc, argv);
@@ -9196,6 +9200,10 @@ main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
unixctl_command_register("exit", "", 0, 0, ovn_northd_exit, );
+unixctl_command_register("pause", "", 0, 0, ovn_northd_pause, );
+unixctl_command_register("resume", "", 0, 0, ovn_northd_resume, );
+unixctl_command_register("is-paused", "", 0, 0, ovn_northd_is_paused,
+ );
daemonize_complete();
@@ -9384,34 +9392,51 @@ main(int argc, char *argv[])
/* Main loop. */
exiting = false;
+paused = false;
while (!exiting) {
-struct northd_context ctx = {
-.ovnnb_idl = ovnnb_idl_loop.idl,
-.ovnnb_txn = ovsdb_idl_loop_run(_idl_loop),
-.ovnsb_idl = ovnsb_idl_loop.idl,
-.ovnsb_txn = ovsdb_idl_loop_run(_idl_loop),
-.sbrec_ha_chassis_grp_by_name = sbrec_ha_chassis_grp_by_name,
-.sbrec_mcast_group_by_name_dp = sbrec_mcast_group_by_name_dp,
-.sbrec_ip_mcast_by_dp =
[ovs-dev] [PATCH v7] ovn: Add a new logical switch port type - 'virtual'
From: Numan Siddique
This new type is added for the following reasons:
- When a load balancer is created in an OpenStack deployment with Octavia
service, it creates a logical port 'VIP' for the virtual ip.
- This logical port is not bound to any VIF.
- Octavia service creates a service VM (with another logical port 'P' which
belongs to the same logical switch)
- The virtual ip 'VIP' is configured on this service VM.
- This service VM provides the load balancing for the VIP with the configured
backend IPs.
- Octavia service can be configured to create few service VMs with
active-standby mode
with the active VM configured with the VIP. The VIP can move between
these service nodes.
Presently there are few problems:
- When a floating ip (externally reachable IP) is associated to the VIP and if
the compute nodes have external connectivity then the external traffic
cannot
reach the VIP using the floating ip as the VIP logical port would be down.
dnat_and_snat entry in NAT table for this vip will have 'external_mac' and
'logical_port' configured.
- The only way to make it work is to clear the 'external_mac' entry so that
the gateway chassis does the DNAT for the VIP.
To solve these problems, this patch proposes a new logical port type - virtual.
CMS when creating the logical port for the VIP, should
- set the type as 'virtual'
- configure the VIP in the options - Logical_Switch_Port.options:virtual-ip
- And set the virtual parents in the options
Logical_Switch_Port.options:virtual-parents.
These virtual parents are the one which can be configured with the VIP.
If suppose the virtual_ip is configured to 10.0.0.10 on a virtual logical port
'sw0-vip'
and the virtual_parents are set to - [sw0-p1, sw0-p2] then below logical flows
are added in the
lsp_in_arp_rsp logical switch pipeline
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p1" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p2" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
The action bind_vport will claim the logical port - sw0-vip on the chassis
where this action
is executed. Since the port - sw0-vip is claimed by a chassis, the
dnat_and_snat rule for
the VIP will be handled by the compute node.
Signed-off-by: Numan Siddique
---
v6 -> v7
* Resolved merge conflicts.
v5 -> v6
* Resolved conflicts after rebasing to latest master in tests/ovn.at
v4 -> v5
===
* Rebased to master to resolve merge conflicts.
v3 -> v4
===
* Addressed the review comment and removed the code in northd which
referenced the Southbound db state while adding the logical flows. Instead
using the ovn match - is_chassis_resident() - which I should have used
it in the first place.
v2 -> v3
===
* Addressed the review comments from Ben - deleted the new columns -
virtual_ip and virtual_parents from Logical_Switch_Port and instead
is making use of options column for this purpose.
v1 -> v2
* In v1, was not updating the 'put_vport_binding' struct if it already
exists in the put_vport_bindings hmap in the function -
pinctrl_handle_bind_vport().
In v2 handled it.
* Improved the if else check in binding.c when releasing the lports.
include/ovn/actions.h | 18 ++-
ovn/controller/binding.c| 30 +++-
ovn/controller/pinctrl.c| 174
ovn/lib/actions.c | 60 +++
ovn/lib/ovn-util.c | 1 +
ovn/northd/ovn-northd.8.xml | 61 ++-
ovn/northd/ovn-northd.c | 306 +++-
ovn/ovn-nb.xml | 45 ++
ovn/ovn-sb.ovsschema| 6 +-
ovn/ovn-sb.xml | 46 ++
ovn/utilities/ovn-trace.c | 3 +
tests/ovn.at| 281 +
tests/test-ovn.c| 1 +
13 files changed, 945 insertions(+), 87 deletions(-)
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index 63d3907d8..0ca06537c 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -85,7 +85,8 @@ struct ovn_extend_table;
OVNACT(SET_METER, ovnact_set_meter) \
OVNACT(OVNFIELD_LOAD, ovnact_load)\
OVNACT(CHECK_PKT_LARGER, ovnact_check_pkt_larger) \
-OVNACT(TRIGGER_EVENT, ovnact_controller_event)
+OVNACT(TRIGGER_EVENT, ovnact_controller_event) \
+OVNACT(BIND_VPORT,ovnact_bind_vport)
/* enum ovnact_type, with a member OVNACT_ for each action. */
enum OVS_PACKED_ENUM ovnact_type {
@@ -328,6 +329,13 @@
[ovs-dev] [PATCH v2] ovn-northd: Fix the ovn-northd continuous looping
From: Numan Siddique
ovn-northd wakes up continuously from poll_block(). This issue can be reproduced
in the sandbox with the below commands
ovn-nbctl lr-add lr0
ovn-nbctl ls-add public
ovn-nbctl lrp-add lr0 lr0-public 00:00:20:20:12:13 172.168.0.100/24
ovn-nbctl lsp-add public public-lr0
ovn-nbctl lsp-set-type public-lr0 router
ovn-nbctl lsp-set-addresses public-lr0 router
ovn-nbctl lsp-set-options public-lr0 router-port=lr0-public
ovn-nbctl lrp-set-gateway-chassis lr0-public chassis-1 20
This issue is seen after the commit [1], which makes use of the function -
sbrec_port_binding_update_nat_addresses_addvalue() to add a value to
Port_Binding.nat_addresses column.
Looks like the IDL client code is sending the transactions to the ovsdb-server
repeatedly
to update the Port_Binding.nat_addresses even though the Southbound DB has
updated
the column when this function is used. The actual bug seems to be in the IDL
client code
and that needs to be fixed. This patch as a quick fix, fixes ovn-northd's
continuous loop
by not using this function, instead making use of
sbrec_port_binding_set_nat_addresses().
The below messages are seen continuously when the ovn-nortdh debug logs are
enabled.
2019-07-12T17:26:13.837Z|74512|jsonrpc|DBG|unix:sb1.ovsdb: received reply,
result=[{},{"count":1},{"count":1}], id=18628
2019-07-12T17:26:13.837Z|74513|poll_loop|DBG|wakeup due to 0-ms timeout at
../lib/ovsdb-idl.c:5397 (75% CPU usage)
2019-07-12T17:26:13.837Z|74514|jsonrpc|DBG|unix:sb1.ovsdb: send request,
method="transact", params=["OVN_Southbound",{"lock":"ovn_northd","op":"assert"},
{"where":[["_uuid","==",["uuid","56a9eb75-8d3b-4144-b4e7-1bb749645011"]]],"row":
{"nat_addresses":["set",[]]},"op":"update","table":"Port_Binding"},{"mutations":[["nat_addresses",
"insert",["set",["00:00:20:20:12:13 172.168.0.100
is_chassis_resident(\"cr-lr0-public\")",
"where":[["_uuid","==",["uuid","56a9eb75-8d3b-4144-b4e7-1bb749645011"]]],"op":"mutate","table":"Port_Binding"}],
id=18629
2019-07-12T17:26:13.837Z|74516|jsonrpc|DBG|unix:sb1.ovsdb: received reply,
result=[{},{"count":1},{"count":1}], id=18629
2019-07-12T17:26:13.837Z|74517|poll_loop|DBG|wakeup due to 0-ms timeout at
../lib/ovsdb-idl.c:5397 (75% CPU usage)
2019-07-12T17:26:13.837Z|74518|jsonrpc|DBG|unix:sb1.ovsdb: send request,
method="transact", params=["OVN_Southbound",{"lock":"ovn_northd","op":"assert"},
{"where":[["_uuid","==",["uuid","56a9eb75-8d3b-4144-b4e7-1bb749645011"]]],
"row":{"nat_addresses":["set",[]]},"op":"update","table":"Port_Binding"},
{"mutations":[["nat_addresses","insert",["set",["00:00:20:20:12:13 172.168.0.100
is_chassis_resident(\"cr-lr0-public\")","where":[["_uuid","==",["uuid",
"56a9eb75-8d3b-4144-b4e7-1bb749645011"]]],"op":"mutate","table":"Port_Binding"}],
id=18630
2019-07-12T17:26:13.837Z|74520|jsonrpc|DBG|unix:sb1.ovsdb: received reply,
result=[{},{"count":1},{"count":1}], id=18630
**
The OpenStack CI tests for networking-ovn is frequently failing few tests after
this
commit. The failure seems to be related to timing issues as ovn-northd is
hogging
the CPU continuously. We are also seeing travis CI test failures after this
commit.
[1] - ed198fb3b92e
Fixes: ed198fb3b92e("ovn: Send GARP for the router ports with
reside-on-redirect-chassis options set")
Signed-off-by: Numan Siddique
Tested-by: Greg Rose
Reviewed-by: Greg Rose
---
v1 -> v2
--
* Fixed the typo in subject line - s/continous/continuous/
ovn/northd/ovn-northd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 4929fb666..dd0d3d816 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -2532,13 +2532,6 @@ ovn_port_update_sbrec(struct northd_context *ctx,
}
}
-sbrec_port_binding_set_nat_addresses(op->sb,
- (const char **) nats, n_nats);
-for (size_t i = 0; i < n_nats; i++) {
-free(nats[i]);
-}
-free(nats);
-
/* Add the router mac and IPv4 addresses to
* Port_Binding.nat_addresses so that GARP is sent for these
* IPs by the ovn-controller on which the distributed gateway
@@ -2580,10 +2573,18 @@ ovn_port_update_sbrec(struct northd_context *ctx,
op->peer->od->l3redirect_port->json_key);
}
-sbrec_port_binding_update_nat_addresses_addvalue(
-op->sb, ds_cstr(_info));
+n_nats++;
+nats = xrealloc(nats, (n_nats * sizeof *nats));
+nats[n_nats - 1] = ds_steal_cstr(_info);
ds_destroy(_info);
}
+
+sbrec_port_binding_set_nat_addresses(op->sb,
+ (const char **) nats, n_nats);
+for (size_t i = 0; i < n_nats; i++) {
+
[ovs-dev] [PATCH v6] ovn: Add a new logical switch port type - 'virtual'
From: Numan Siddique
This new type is added for the following reasons:
- When a load balancer is created in an OpenStack deployment with Octavia
service, it creates a logical port 'VIP' for the virtual ip.
- This logical port is not bound to any VIF.
- Octavia service creates a service VM (with another logical port 'P' which
belongs to the same logical switch)
- The virtual ip 'VIP' is configured on this service VM.
- This service VM provides the load balancing for the VIP with the configured
backend IPs.
- Octavia service can be configured to create few service VMs with
active-standby mode
with the active VM configured with the VIP. The VIP can move between
these service nodes.
Presently there are few problems:
- When a floating ip (externally reachable IP) is associated to the VIP and if
the compute nodes have external connectivity then the external traffic
cannot
reach the VIP using the floating ip as the VIP logical port would be down.
dnat_and_snat entry in NAT table for this vip will have 'external_mac' and
'logical_port' configured.
- The only way to make it work is to clear the 'external_mac' entry so that
the gateway chassis does the DNAT for the VIP.
To solve these problems, this patch proposes a new logical port type - virtual.
CMS when creating the logical port for the VIP, should
- set the type as 'virtual'
- configure the VIP in the options - Logical_Switch_Port.options:virtual-ip
- And set the virtual parents in the options
Logical_Switch_Port.options:virtual-parents.
These virtual parents are the one which can be configured with the VIP.
If suppose the virtual_ip is configured to 10.0.0.10 on a virtual logical port
'sw0-vip'
and the virtual_parents are set to - [sw0-p1, sw0-p2] then below logical flows
are added in the
lsp_in_arp_rsp logical switch pipeline
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p1" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p2" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
The action bind_vport will claim the logical port - sw0-vip on the chassis
where this action
is executed. Since the port - sw0-vip is claimed by a chassis, the
dnat_and_snat rule for
the VIP will be handled by the compute node.
Signed-off-by: Numan Siddique
---
v5 -> v6
* Resolved conflicts after rebasing to latest master in tests/ovn.at
v4 -> v5
===
* Rebased to master to resolve merge conflicts.
v3 -> v4
===
* Addressed the review comment and removed the code in northd which
referenced the Southbound db state while adding the logical flows. Instead
using the ovn match - is_chassis_resident() - which I should have used
it in the first place.
v2 -> v3
===
* Addressed the review comments from Ben - deleted the new columns -
virtual_ip and virtual_parents from Logical_Switch_Port and instead
is making use of options column for this purpose.
v1 -> v2
* In v1, was not updating the 'put_vport_binding' struct if it already
exists in the put_vport_bindings hmap in the function -
pinctrl_handle_bind_vport().
In v2 handled it.
* Improved the if else check in binding.c when releasing the lports.
include/ovn/actions.h | 18 ++-
ovn/controller/binding.c| 30 +++-
ovn/controller/pinctrl.c| 174
ovn/lib/actions.c | 60 +++
ovn/lib/ovn-util.c | 1 +
ovn/northd/ovn-northd.8.xml | 61 ++-
ovn/northd/ovn-northd.c | 306 +++-
ovn/ovn-nb.xml | 45 ++
ovn/ovn-sb.ovsschema| 6 +-
ovn/ovn-sb.xml | 46 ++
ovn/utilities/ovn-trace.c | 3 +
tests/ovn.at| 281 +
tests/test-ovn.c| 1 +
13 files changed, 945 insertions(+), 87 deletions(-)
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index f42bbc277..48c64f792 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -83,7 +83,8 @@ struct ovn_extend_table;
OVNACT(ND_NS, ovnact_nest)\
OVNACT(SET_METER, ovnact_set_meter) \
OVNACT(OVNFIELD_LOAD, ovnact_load)\
-OVNACT(CHECK_PKT_LARGER, ovnact_check_pkt_larger)
+OVNACT(CHECK_PKT_LARGER, ovnact_check_pkt_larger)\
+OVNACT(BIND_VPORT,ovnact_bind_vport)
/* enum ovnact_type, with a member OVNACT_ for each action. */
enum OVS_PACKED_ENUM ovnact_type {
@@ -318,6 +319,13 @@ struct ovnact_check_pkt_larger {
struct
[ovs-dev] [PATCH] ovn-northd: Fix the ovn-northd continous looping
From: Numan Siddique
ovn-northd wakes up continuously from poll_block(). This issue can be reproduced
in the sandbox with the below commands
ovn-nbctl lr-add lr0
ovn-nbctl ls-add public
ovn-nbctl lrp-add lr0 lr0-public 00:00:20:20:12:13 172.168.0.100/24
ovn-nbctl lsp-add public public-lr0
ovn-nbctl lsp-set-type public-lr0 router
ovn-nbctl lsp-set-addresses public-lr0 router
ovn-nbctl lsp-set-options public-lr0 router-port=lr0-public
ovn-nbctl lrp-set-gateway-chassis lr0-public chassis-1 20
This issue is seen after the commit [1], which makes use of the function -
sbrec_port_binding_update_nat_addresses_addvalue() to add a value to
Port_Binding.nat_addresses column.
Looks like the IDL client code is sending the transactions to the ovsdb-server
repeatedly
to update the Port_Binding.nat_addresses even though the Southbound DB has
updated
the column when this function is used. The actual bug seems to be in the IDL
client code
and that needs to be fixed. This patch as a quick fix, fixes ovn-northd's
continuous loop
by not using this function, instead making use of
sbrec_port_binding_set_nat_addresses().
The below messages are seen continuously when the ovn-nortdh debug logs are
enabled.
2019-07-12T17:26:13.837Z|74512|jsonrpc|DBG|unix:sb1.ovsdb: received reply,
result=[{},{"count":1},{"count":1}], id=18628
2019-07-12T17:26:13.837Z|74513|poll_loop|DBG|wakeup due to 0-ms timeout at
../lib/ovsdb-idl.c:5397 (75% CPU usage)
2019-07-12T17:26:13.837Z|74514|jsonrpc|DBG|unix:sb1.ovsdb: send request,
method="transact", params=["OVN_Southbound",{"lock":"ovn_northd","op":"assert"},
{"where":[["_uuid","==",["uuid","56a9eb75-8d3b-4144-b4e7-1bb749645011"]]],"row":
{"nat_addresses":["set",[]]},"op":"update","table":"Port_Binding"},{"mutations":[["nat_addresses",
"insert",["set",["00:00:20:20:12:13 172.168.0.100
is_chassis_resident(\"cr-lr0-public\")",
"where":[["_uuid","==",["uuid","56a9eb75-8d3b-4144-b4e7-1bb749645011"]]],"op":"mutate","table":"Port_Binding"}],
id=18629
2019-07-12T17:26:13.837Z|74516|jsonrpc|DBG|unix:sb1.ovsdb: received reply,
result=[{},{"count":1},{"count":1}], id=18629
2019-07-12T17:26:13.837Z|74517|poll_loop|DBG|wakeup due to 0-ms timeout at
../lib/ovsdb-idl.c:5397 (75% CPU usage)
2019-07-12T17:26:13.837Z|74518|jsonrpc|DBG|unix:sb1.ovsdb: send request,
method="transact", params=["OVN_Southbound",{"lock":"ovn_northd","op":"assert"},
{"where":[["_uuid","==",["uuid","56a9eb75-8d3b-4144-b4e7-1bb749645011"]]],
"row":{"nat_addresses":["set",[]]},"op":"update","table":"Port_Binding"},
{"mutations":[["nat_addresses","insert",["set",["00:00:20:20:12:13 172.168.0.100
is_chassis_resident(\"cr-lr0-public\")","where":[["_uuid","==",["uuid",
"56a9eb75-8d3b-4144-b4e7-1bb749645011"]]],"op":"mutate","table":"Port_Binding"}],
id=18630
2019-07-12T17:26:13.837Z|74520|jsonrpc|DBG|unix:sb1.ovsdb: received reply,
result=[{},{"count":1},{"count":1}], id=18630
**
The OpenStack CI tests for networking-ovn is frequently failing few tests after
this
commit. The failure seems to be related to timing issues as ovn-northd is
hogging
the CPU continuously. We are also seeing travis CI test failures after this
commit.
[1] - ed198fb3b92e
Fixes: ed198fb3b92e("ovn: Send GARP for the router ports with
reside-on-redirect-chassis options set")
Signed-off-by: Numan Siddique
---
ovn/northd/ovn-northd.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index ce382ac89..127227712 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -2530,13 +2530,6 @@ ovn_port_update_sbrec(struct northd_context *ctx,
}
}
-sbrec_port_binding_set_nat_addresses(op->sb,
- (const char **) nats, n_nats);
-for (size_t i = 0; i < n_nats; i++) {
-free(nats[i]);
-}
-free(nats);
-
/* Add the router mac and IPv4 addresses to
* Port_Binding.nat_addresses so that GARP is sent for these
* IPs by the ovn-controller on which the distributed gateway
@@ -2578,10 +2571,18 @@ ovn_port_update_sbrec(struct northd_context *ctx,
op->peer->od->l3redirect_port->json_key);
}
-sbrec_port_binding_update_nat_addresses_addvalue(
-op->sb, ds_cstr(_info));
+n_nats++;
+nats = xrealloc(nats, (n_nats * sizeof *nats));
+nats[n_nats - 1] = ds_steal_cstr(_info);
ds_destroy(_info);
}
+
+sbrec_port_binding_set_nat_addresses(op->sb,
+ (const char **) nats, n_nats);
+for (size_t i = 0; i < n_nats; i++) {
+free(nats[i]);
+}
+free(nats);
}
sbrec_port_binding_set_parent_port(op->sb,
[ovs-dev] [PATCH] ovn: Fix the test failures in travis CI.
From: Numan Siddique
After the commit [1], below test cases are failing repeatedly in travis CI.
2663: ovn -- 4 HV, 1 LS, 1 LR, packet test with HA distributed router gateway
port FAILED (ovn.at:8597)
2664: ovn -- 4 HV, 3 LS, 2 LR, packet test with HA distributed router gateway
port FAILED (ovn.at:8844)
2667: ovn -- vlan traffic for external network with distributed router gateway
port FAILED (ovn.at:9580)
2691: ovn -- router - check packet length - icmp defrag FAILED (ovn.at:13624)
With the commit [1], ovn-controller sends GARPs for the IPs of the distributed
router ports. The failing tests did not handle the situation if multiple GARPs
are sent. The failures are mostly timing related. This patch fixes these issues.
[1] - d65586b6fa97 ("ovn: Send GARP for router port IPs of a router port
connected to bridged logical switch")
Fixes: d65586b6fa97 ("ovn: Send GARP for router port IPs of a router port
connected to bridged logical switch")
CC: Ilya Maximets
Signed-off-by: Numan Siddique
---
tests/ovn.at | 53 ++--
1 file changed, 35 insertions(+), 18 deletions(-)
diff --git a/tests/ovn.at b/tests/ovn.at
index 4da7059b3..95980f2f1 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -8593,7 +8593,9 @@ grep actions=mod_dl_dst:f0:00:00:01:02:04 | wc -l` -eq 1
OVN_CHECK_PACKETS([ext1/vif1-tx.pcap], [ext1-vif1.expected])
$PYTHON "$top_srcdir/utilities/ovs-pcap.in" $active_gw/br-phys_n1-tx.pcap
> packets
cat packets | grep $expected > exp
-cat packets | grep $exp_gw_ip_garp >> exp
+# Its possible that $active_gw/br-phys_n1-tx.pcap may have received
multiple
+# garp packets. So consider only the first packet.
+cat packets | grep $exp_gw_ip_garp | head -1 >> exp
AT_CHECK([cat exp], [0], [expout])
rm -f expout
if test $backup_vswitchd_dead != 1; then
@@ -8840,7 +8842,7 @@ grep actions=mod_dl_dst:f0:00:00:01:02:04 | wc -l` -eq 1
OVN_CHECK_PACKETS([ext1/vif1-tx.pcap], [ext1-vif1.expected])
$PYTHON "$top_srcdir/utilities/ovs-pcap.in" $active_gw/br-phys_n1-tx.pcap
> packets
cat packets | grep $expected > exp
-cat packets | grep $exp_gw_ip_garp >> exp
+cat packets | grep $exp_gw_ip_garp | head -1 >> exp
AT_CHECK([cat exp], [0], [expout])
$PYTHON "$top_srcdir/utilities/ovs-pcap.in" $backup_gw/br-phys_n1-tx.pcap
> packets
@@ -9567,20 +9569,9 @@ options:rxq_pcap=${pcap_file}-rx.pcap
as hv1 reset_pcap_file br-ex_n2 hv1/br-ex_n2
as hv3 reset_pcap_file hv3-vif1 hv3/vif1
-sleep 2
-# Take note of how many packets arrived on the VLAN switch before generating
-# further traffic
-n_packets=`as hv1 ovs-ofctl dump-flows br-int table=65 | grep
"priority=100,reg15=0x1,metadata=0x2" | grep actions=clone | sed
's/.*n_packets=\([[0-9]]*\),.*/\1/'`
as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
sleep 2
-# On hv1, the packet should not go from vlan switch pipleline to router
-# pipeline
-as hv1 ovs-ofctl dump-flows br-int
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=65 | grep
"priority=100,reg15=0x1,metadata=0x2" \
-| grep actions=clone | grep -v n_packets=$n_packets | wc -l], [0], [[0
-]])
-
# On hv1, table 32 check that no packet goes via the tunnel port
AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=32 \
| grep "NXM_NX_TUN_ID" | grep -v n_packets=0 | wc -l], [0], [[0
@@ -9624,21 +9615,38 @@ echo $exp_garp_on_foo1 > foo1.expout
# ovn-controller on hv2 should send garp with VLAN tag
sent_garp="0101020381020806000108000604000101010203c0a80101c0a80101"
-echo $sent_garp > br-ex_n2.expout
OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [foo1.expout])
-OVN_CHECK_PACKETS([hv2/br-ex_n2-tx.pcap], [br-ex_n2.expout])
+# Wait until we receive atleast 1 packet
+OVS_WAIT_UNTIL([test 1=`$PYTHON "$top_srcdir/utilities/ovs-pcap.in"
hv2/br-ex_n2-tx.pcap | wc -l`])
+$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv2/br-ex_n2-tx.pcap | head -1 >
packets
+echo $sent_garp > expout
+AT_CHECK([cat packets], [0], [expout])
$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv4/br-ex_n2-tx.pcap > empty
AT_CHECK([cat empty], [0], [])
# Make hv4 master
as hv1 reset_pcap_file hv1-vif1 hv1/vif1
-as hv2 reset_pcap_file br-ex_n2 hv2/br-ex_n2
as hv4 reset_pcap_file br-ex_n2 hv4/br-ex_n2
ovn-nbctl --wait=sb ha-chassis-group-add-chassis hagrp1 hv4 40
+# Wait till cr-alice is claimed by hv4
+hv4_chassis=$(ovn-sbctl --bare --columns=_uuid find Chassis name=hv4)
+# check that the chassis redirect port has been claimed by the gw1 chassis
+OVS_WAIT_UNTIL([ovn-sbctl --columns chassis --bare find Port_Binding \
+logical_port=cr-alice | grep $hv4_chassis | wc -l], [0],[[1
+]])
+
+# Reset the pcap file for hv2/br-ex_n2. From now on ovn-controller in hv2
+# should not send GARPs for the router ports.
+as hv2 reset_pcap_file br-ex_n2 hv2/br-ex_n2
+
+echo $sent_garp > br-ex_n2.expout
OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [foo1.expout])
[ovs-dev] [PATCH v3] ovn-northd: Add the option to pause and resume
From: Numan Siddique
This patch adds 3 unixctl socket comments - pause, resume and is-paused.
Usage: ovs-appctl -t ovn-northd pause/resume/is-paused
This feature will be useful if the CMS wants to
- deploy OVN DB servers in active/passive mode and
- run ovn-northd on all these nodes and use unix ctl sockets to
connect to the local OVN DB servers.
On the nodes where OVN Db ovsdb-servers are in passive mode, the local
ovn-northds
will process the DB changes and compute logical flows to be thrown out later,
because write transactions are not allowed by these ovsdb-servers. It results in
unncessary CPU usage.
With these commands, CMS can pause ovn-northd on these node. A node
which becomes master, can resume the ovn-northd.
One use case is to use this feature in ovn-kubernetes with the above deployment
model.
Signed-off-by: Numan Siddique
---
v2 -> v3
===
* Fixed the typos pointed out by Mark in ovn-northd.8.xml
v1 -> v2
===
* Addressed the review comments from Ben and add more documentation
about the runtime options added by this patch.
* v1 had an issue - When paused, it was not even waking up to process
the IDL updates. In v2, the main thread, wakes up to process any
IDL updates, but doesn't do any logical flow computations.
ovn/northd/ovn-northd.8.xml | 48 +++
ovn/northd/ovn-northd.c | 117
tests/ovn-northd.at | 38
3 files changed, 177 insertions(+), 26 deletions(-)
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index d2267de0e..1d0243656 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -70,6 +70,23 @@
Causes ovn-northd to gracefully terminate.
+
+ pause
+
+Pauses the ovn-northd operation from processing any Northbound and
+Southbound database changes.
+
+
+ resume
+
+Resumes the ovn-northd operation to process Northbound and
+Southbound database contents and generate logical flows.
+
+
+ is-paused
+
+Returns "true" if ovn-northd is currently paused, "false" otherwise.
+
@@ -82,6 +99,37 @@
of ovn-northd will automatically take over.
+ Active-Standby with multiple OVN DB servers
+
+ You may run multiple OVN DB servers in an OVN deployment with:
+
+
+ OVN DB servers deployed in active/passive mode with one active
+ and multiple passive ovsdb-servers.
+
+
+
+ ovn-northd also deployed on all these nodes,
+ using unix ctl sockets to connect to the local OVN DB servers.
+
+
+
+
+
+ In such deployments, the ovn-northds on the passive nodes will process
+ the DB changes and compute logical flows to be thrown out later,
+ because write transactions are not allowed by the passive ovsdb-servers.
+ It results in unnecessary CPU usage.
+
+
+
+ With the help of runtime management command pause, you can
+ pause ovn-northd on these nodes. When a passive node
+ becomes master, you can use the runtime management command
+ resume to resume the ovn-northd to process the
+ DB changes.
+
+
Logical Flow Table Structure
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index ce382ac89..50f4ebf99 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -50,6 +50,9 @@
VLOG_DEFINE_THIS_MODULE(ovn_northd);
static unixctl_cb_func ovn_northd_exit;
+static unixctl_cb_func ovn_northd_pause;
+static unixctl_cb_func ovn_northd_resume;
+static unixctl_cb_func ovn_northd_is_paused;
struct northd_context {
struct ovsdb_idl *ovnnb_idl;
@@ -8710,6 +8713,7 @@ main(int argc, char *argv[])
struct unixctl_server *unixctl;
int retval;
bool exiting;
+bool paused;
fatal_ignore_sigpipe();
ovs_cmdl_proctitle_init(argc, argv);
@@ -8724,6 +8728,10 @@ main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
unixctl_command_register("exit", "", 0, 0, ovn_northd_exit, );
+unixctl_command_register("pause", "", 0, 0, ovn_northd_pause, );
+unixctl_command_register("resume", "", 0, 0, ovn_northd_resume, );
+unixctl_command_register("is-paused", "", 0, 0, ovn_northd_is_paused,
+ );
daemonize_complete();
@@ -8880,32 +,49 @@ main(int argc, char *argv[])
/* Main loop. */
exiting = false;
+paused = false;
while (!exiting) {
-struct northd_context ctx = {
-.ovnnb_idl = ovnnb_idl_loop.idl,
-.ovnnb_txn = ovsdb_idl_loop_run(_idl_loop),
-.ovnsb_idl = ovnsb_idl_loop.idl,
-.ovnsb_txn = ovsdb_idl_loop_run(_idl_loop),
-.sbrec_ha_chassis_grp_by_name = sbrec_ha_chassis_grp_by_name,
-};
-
-if (!had_lock && ovsdb_idl_has_lock(ovnsb_idl_loop.idl)) {
-
[ovs-dev] [PATCH v2] ovn-northd: Add the option to pause and resume
From: Numan Siddique
This patch adds 3 unixctl socket comments - pause, resume and is-paused.
Usage: ovs-appctl -t ovn-northd pause/resume/is-paused
This feature will be useful if the CMS wants to
- deploy OVN DB servers in active/passive mode and
- run ovn-northd on all these nodes and use unix ctl sockets to
connect to the local OVN DB servers.
On the nodes where OVN Db ovsdb-servers are in passive mode, the local
ovn-northds
will process the DB changes and calculate logical flows to be throw out later
because write txns are not allowed by these ovsdb-servers. It results in
unncessary CPU usage.
With these commands, CMS can pause ovn-northd on these node. A node
which becomes master, can resume the ovn-northd.
This feature will be useful in ovn-kubernetes if the above deployment model
is chosen.
Signed-off-by: Numan Siddique
---
v1 -> v2
===
* Addressed the review comments from Ben and add more documentation
about the runtime options added by this patch.
* v1 had an issue - When paused, it was not even waking up to process
the IDL updates. In v2, the main thread, wakes up to process any
IDL updates, but doesn't do any logical flow computations.
ovn/northd/ovn-northd.8.xml | 48 +++
ovn/northd/ovn-northd.c | 117
tests/ovn-northd.at | 38
3 files changed, 177 insertions(+), 26 deletions(-)
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index e6417220f..0766902db 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -70,6 +70,23 @@
Causes ovn-northd to gracefully terminate.
+
+ pause
+
+Pauses the ovn-northd operation from processing any Northbound and
+Southbound database changes.
+
+
+ resume
+
+Resumes the ovn-northd operation to process Northbound and
+Southbound database contents and generate logical flows.
+
+
+ is-paused
+
+Returns "true" if ovn-northd is currently paused, "false" otherwise.
+
@@ -82,6 +99,37 @@
of ovn-northd will automatically take over.
+ Active-Standby with multiple OVN DB servers
+
+ You may run multiple OVN DB servers in an OVN deployment with:
+
+
+ OVN DB servers deployed in active/passive mode with one active
+ and multiple passive ovsdb-servers.
+
+
+
+ ovn-northd also deployed on all thes nodes
+ using unix ctl sockets to connect to the local OVN DB servers.
+
+
+
+
+
+ In such deployments, the ovn-northds on the passive nodes will process
+ the DB changes and calculate logical flows to be throw out later
+ because write txns are not allowed by the passive ovsdb-servers.
+ It results in unncessary CPU usage.
+
+
+
+ With the help of runtime management command pause, you can
+ pause ovn-northd on these nodes. When a passive node
+ becomes master, you can use the runtime management command
+ resume to resume the ovn-northd to process the
+ DB changes.
+
+
Logical Flow Table Structure
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 0b0a96a3a..05ddd60e3 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -50,6 +50,9 @@
VLOG_DEFINE_THIS_MODULE(ovn_northd);
static unixctl_cb_func ovn_northd_exit;
+static unixctl_cb_func ovn_northd_pause;
+static unixctl_cb_func ovn_northd_resume;
+static unixctl_cb_func ovn_northd_is_paused;
struct northd_context {
struct ovsdb_idl *ovnnb_idl;
@@ -8639,6 +8642,7 @@ main(int argc, char *argv[])
struct unixctl_server *unixctl;
int retval;
bool exiting;
+bool paused;
fatal_ignore_sigpipe();
ovs_cmdl_proctitle_init(argc, argv);
@@ -8653,6 +8657,10 @@ main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
unixctl_command_register("exit", "", 0, 0, ovn_northd_exit, );
+unixctl_command_register("pause", "", 0, 0, ovn_northd_pause, );
+unixctl_command_register("resume", "", 0, 0, ovn_northd_resume, );
+unixctl_command_register("is-paused", "", 0, 0, ovn_northd_is_paused,
+ );
daemonize_complete();
@@ -8809,32 +8817,49 @@ main(int argc, char *argv[])
/* Main loop. */
exiting = false;
+paused = false;
while (!exiting) {
-struct northd_context ctx = {
-.ovnnb_idl = ovnnb_idl_loop.idl,
-.ovnnb_txn = ovsdb_idl_loop_run(_idl_loop),
-.ovnsb_idl = ovnsb_idl_loop.idl,
-.ovnsb_txn = ovsdb_idl_loop_run(_idl_loop),
-.sbrec_ha_chassis_grp_by_name = sbrec_ha_chassis_grp_by_name,
-};
-
-if (!had_lock && ovsdb_idl_has_lock(ovnsb_idl_loop.idl)) {
-VLOG_INFO("ovn-northd lock acquired. "
- "This ovn-northd instance is
[ovs-dev] [PATCH] ovn: Add a new logical switch port type - 'virtual'
From: Numan Siddique
This new type is added for the following reasons:
- When a load balancer is created in an OpenStack deployment with Octavia
service, it creates a logical port 'VIP' for the virtual ip.
- This logical port is not bound to any VIF.
- Octavia service creates a service VM (with another logical port 'P' which
belongs to the same logical switch)
- The virtual ip 'VIP' is configured on this service VM.
- This service VM provides the load balancing for the VIP with the configured
backend IPs.
- Octavia service can be configured to create few service VMs with
active-standby mode
with the active VM configured with the VIP. The VIP can move between
these service nodes.
Presently there are few problems:
- When a floating ip (externally reachable IP) is associated to the VIP and if
the compute nodes have external connectivity then the external traffic
cannot
reach the VIP using the floating ip as the VIP logical port would be down.
dnat_and_snat entry in NAT table for this vip will have 'external_mac' and
'logical_port' configured.
- The only way to make it work is to clear the 'external_mac' entry so that
the gateway chassis does the DNAT for the VIP.
To solve these problems, this patch proposes a new logical port type - virtual.
CMS when creating the logical port for the VIP, should
- set the type as 'virtual'
- configure the VIP in the options - Logical_Switch_Port.options:virtual-ip
- And set the virtual parents in the options
Logical_Switch_Port.options:virtual-parents.
These virtual parents are the one which can be configured with the VIP.
If suppose the virtual_ip is configured to 10.0.0.10 on a virtual logical port
'sw0-vip'
and the virtual_parents are set to - [sw0-p1, sw0-p2] then below logical flows
are added in the
lsp_in_arp_rsp logical switch pipeline
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p1" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p2" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
The action bind_vport will claim the logical port - sw0-vip on the chassis
where this action
is executed. Since the port - sw0-vip is claimed by a chassis, the
dnat_and_snat rule for
the VIP will be handled by the compute node.
Signed-off-by: Numan Siddique
---
v4 -> v5
===
* Rebased to master to resolve merge conflicts.
v3 -> v4
===
* Addressed the review comment and removed the code in northd which
referenced the Southbound db state while adding the logical flows. Instead
using the ovn match - is_chassis_resident() - which I should have used
it in the first place.
v2 -> v3
===
* Addressed the review comments from Ben - deleted the new columns -
virtual_ip and virtual_parents from Logical_Switch_Port and instead
is making use of options column for this purpose.
v1 -> v2
* In v1, was not updating the 'put_vport_binding' struct if it already
exists in the put_vport_bindings hmap in the function -
pinctrl_handle_bind_vport().
In v2 handled it.
* Improved the if else check in binding.c when releasing the lports.
include/ovn/actions.h | 18 ++-
ovn/controller/binding.c| 30 +++-
ovn/controller/pinctrl.c| 174
ovn/lib/actions.c | 60 +++
ovn/lib/ovn-util.c | 1 +
ovn/northd/ovn-northd.8.xml | 61 ++-
ovn/northd/ovn-northd.c | 306 +++-
ovn/ovn-nb.xml | 45 ++
ovn/ovn-sb.ovsschema| 6 +-
ovn/ovn-sb.xml | 46 ++
ovn/utilities/ovn-trace.c | 3 +
tests/ovn.at| 281 +
tests/test-ovn.c| 1 +
13 files changed, 945 insertions(+), 87 deletions(-)
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index f42bbc277..48c64f792 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -83,7 +83,8 @@ struct ovn_extend_table;
OVNACT(ND_NS, ovnact_nest)\
OVNACT(SET_METER, ovnact_set_meter) \
OVNACT(OVNFIELD_LOAD, ovnact_load)\
-OVNACT(CHECK_PKT_LARGER, ovnact_check_pkt_larger)
+OVNACT(CHECK_PKT_LARGER, ovnact_check_pkt_larger)\
+OVNACT(BIND_VPORT,ovnact_bind_vport)
/* enum ovnact_type, with a member OVNACT_ for each action. */
enum OVS_PACKED_ENUM ovnact_type {
@@ -318,6 +319,13 @@ struct ovnact_check_pkt_larger {
struct expr_field dst; /* 1-bit destination field. */
};
+/* OVNACT_BIND_VPORT. */
+struct
[ovs-dev] [PATCH v3 3/3] ovn: Send GARP for router port IPs of a router port connected to bridged logical switch
From: Numan Siddique
This patch handles sending GARPs for
- router port IPs of a distributed router port
- router port IPs of a router port which belongs to gateway router
(with the option - redirect-chassis set in Logical_Router.options)
Signed-off-by: Numan Siddique
---
ovn/northd/ovn-northd.c | 44
tests/ovn.at| 89 +++--
2 files changed, 105 insertions(+), 28 deletions(-)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index e0af234f8..e8cbc3534 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -1983,9 +1983,23 @@ get_nat_addresses(const struct ovn_port *op, size_t *n)
}
} else {
/* Centralized NAT rule, either on gateway router or distributed
- * router. */
-ds_put_format(_addresses, " %s", nat->external_ip);
-central_ip_address = true;
+ * router.
+ * Check if external_ip is same as router ip. If so, then there
+ * is no need to add this to the nat_addresses. The router IPs
+ * will be added separately. */
+bool is_router_ip = false;
+for (size_t j = 0; j < op->lrp_networks.n_ipv4_addrs; j++) {
+if (!strcmp(nat->external_ip,
+op->lrp_networks.ipv4_addrs[j].addr_s)) {
+is_router_ip = true;
+break;
+}
+}
+
+if (!is_router_ip) {
+ds_put_format(_addresses, " %s", nat->external_ip);
+central_ip_address = true;
+}
}
}
@@ -2531,13 +2545,26 @@ ovn_port_update_sbrec(struct northd_context *ctx,
* - op->peer has 'reside-on-gateway-chassis' set and the
*the logical router datapath has distributed router port.
*
+ * - op->peer is distributed gateway router port.
+ *
+ * - op->peer's router is a gateway router and op has a localnet
+ *port.
+ *
* Note: Port_Binding.nat_addresses column is also used for
* sending the GARPs for the router port IPs.
* */
+bool add_router_port_garp = false;
if (op->peer && op->peer->nbrp && op->peer->od->l3dgw_port &&
op->peer->od->l3redirect_port &&
-smap_get_bool(>peer->nbrp->options,
- "reside-on-redirect-chassis", false)) {
+(smap_get_bool(>peer->nbrp->options,
+ "reside-on-redirect-chassis", false) ||
+op->peer == op->peer->od->l3dgw_port)) {
+add_router_port_garp = true;
+} else if (chassis && op->od->localnet_port) {
+add_router_port_garp = true;
+}
+
+if (add_router_port_garp) {
struct ds garp_info = DS_EMPTY_INITIALIZER;
ds_put_format(_info, "%s", op->peer->lrp_networks.ea_s);
for (size_t i = 0; i < op->peer->lrp_networks.n_ipv4_addrs;
@@ -2545,8 +2572,11 @@ ovn_port_update_sbrec(struct northd_context *ctx,
ds_put_format(_info, " %s",
op->peer->lrp_networks.ipv4_addrs[i].addr_s);
}
-ds_put_format(_info, " is_chassis_resident(%s)",
- op->peer->od->l3redirect_port->json_key);
+
+if (op->peer->od->l3redirect_port) {
+ds_put_format(_info, " is_chassis_resident(%s)",
+ op->peer->od->l3redirect_port->json_key);
+}
sbrec_port_binding_update_nat_addresses_addvalue(
op->sb, ds_cstr(_info));
diff --git a/tests/ovn.at b/tests/ovn.at
index ea627e128..2e266d94a 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -6730,6 +6730,9 @@ AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
AT_CHECK([ovn-nbctl lsp-set-options ln_port network_name=physnet1])
+# Wait until the patch ports are created in hv1 to connect br-int to br-eth0
+OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-vsctl show | \
+grep "Port patch-br-int-to-ln_port" | wc -l`])
# Wait for packet to be received.
OVS_WAIT_UNTIL([test `wc -c < "hv1/snoopvif-tx.pcap"` -ge 50])
@@ -6737,10 +6740,11 @@ trim_zeros() {
sed 's/\(00\)\{1,\}$//'
}
$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/snoopvif-tx.pcap | trim_zeros
> packets
-expected="f00108060001080006040001f001c0a80002c0a80002"
+expected="f00108060001080006040001f001c0a80001c0a80001"
echo $expected > expout
+expected="f00108060001080006040001f001c0a80002c0a80002"
+echo $expected >> expout
AT_CHECK([sort packets],
[ovs-dev] [PATCH v3 2/3] ovn: Send GARP for the router ports with reside-on-redirect-chassis options set
From: Numan Siddique
With the commit [1], the routing for the provider logical switches
connected to a router is centralized on the master gateway chassis
(if the option - reside-on-redirect-chassis) is set. When the
failover happens and a standby gateway chassis becomes master,
it should send GARPs for the router port macs. Without this, the
physical switch doesn't learn the new location of the router port macs
immediately and this could result in traffic disruption.
This patch addresses this issue so that the ovn-controller which claims the
distributed gatweway router port sends out the GARPs.
ovn-controller sends the GARPs if the Port_Binding.nat_addresses column
is set. This patch makes use of this column, instead of adding a new column
even though the name - nat_addresses seems a bit misnomer. The documentation is
updated to highlight the usage of this column.
This patch doesn't handle sending the GARPs for the gateway router port IPs.
This will be handled in a separate patch.
[1] - 85706c34d53d ("ovn: Avoid tunneling for VLAN packets redirected to a
gateway chassis")
Signed-off-by: Numan Siddique
---
ovn/northd/ovn-northd.c | 31 ++
tests/ovn.at| 58 +++--
2 files changed, 87 insertions(+), 2 deletions(-)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index c43adb51c..e0af234f8 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -2522,7 +2522,38 @@ ovn_port_update_sbrec(struct northd_context *ctx,
free(nats[i]);
}
free(nats);
+
+/* Add the router mac and IPv4 addresses to
+ * Port_Binding.nat_addresses so that GARP is sent for these
+ * IPs by the ovn-controller on which the distributed gateway
+ * router port resides if:
+ *
+ * - op->peer has 'reside-on-gateway-chassis' set and the
+ *the logical router datapath has distributed router port.
+ *
+ * Note: Port_Binding.nat_addresses column is also used for
+ * sending the GARPs for the router port IPs.
+ * */
+if (op->peer && op->peer->nbrp && op->peer->od->l3dgw_port &&
+op->peer->od->l3redirect_port &&
+smap_get_bool(>peer->nbrp->options,
+ "reside-on-redirect-chassis", false)) {
+struct ds garp_info = DS_EMPTY_INITIALIZER;
+ds_put_format(_info, "%s", op->peer->lrp_networks.ea_s);
+for (size_t i = 0; i < op->peer->lrp_networks.n_ipv4_addrs;
+ i++) {
+ds_put_format(_info, " %s",
+ op->peer->lrp_networks.ipv4_addrs[i].addr_s);
+}
+ds_put_format(_info, " is_chassis_resident(%s)",
+ op->peer->od->l3redirect_port->json_key);
+
+sbrec_port_binding_update_nat_addresses_addvalue(
+op->sb, ds_cstr(_info));
+ds_destroy(_info);
+}
}
+
sbrec_port_binding_set_parent_port(op->sb, op->nbsp->parent_name);
sbrec_port_binding_set_tag(op->sb, op->nbsp->tag, op->nbsp->n_tag);
sbrec_port_binding_set_mac(op->sb, (const char **) op->nbsp->addresses,
diff --git a/tests/ovn.at b/tests/ovn.at
index daf85a55d..ea627e128 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -9317,9 +9317,10 @@ ovn_start
# # (i.e 8.8.8.8 as destination ip).
# Physical network:
-# # Three hypervisors hv[123].
+# # Four hypervisors hv[1234].
# # hv1 hosts vif foo1.
# # hv2 is the "redirect-chassis" that hosts the distributed router gateway
port.
+# # Later to test GARPs for the router port - foo, hv2 and hv4 are added to
the ha_chassis_group
# # hv3 hosts nexthop port vif outside1.
# # All other tests connect hypervisors to network n1 through br-phys for
tunneling.
# # But in this test, hv1 won't connect to n1(and no br-phys in hv1), and
@@ -9344,6 +9345,8 @@ ovs-vsctl \
start_daemon ovn-controller
ovs-vsctl -- add-port br-int hv1-vif1 -- \
set interface hv1-vif1 external-ids:iface-id=foo1 \
+options:tx_pcap=hv1/vif1-tx.pcap \
+options:rxq_pcap=hv1/vif1-rx.pcap \
ofport-request=1
sim_add hv2
@@ -9363,6 +9366,12 @@ ovs-vsctl -- add-port br-int hv3-vif1 -- \
ofport-request=1
ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings="phys:br-phys"
+sim_add hv4
+as hv4
+ovs-vsctl add-br br-phys
+ovn_attach n1 br-phys 192.168.0.4
+ovs-vsctl set Open_vSwitch .
external-ids:ovn-bridge-mappings="public:br-ex,phys:br-phys"
+
# Create network n2 for vlan connectivity between hv1 and hv2
net_add n2
@@ -9374,6 +9383,10 @@ as hv2
ovs-vsctl add-br br-ex
net_attach n2 br-ex
+as hv4
+ovs-vsctl add-br br-ex
+net_attach n2 br-ex
+
OVN_POPULATE_ARP
ovn-nbctl create Logical_Router name=R1
@@ -9556,7 +9569,48 @@ $PYTHON
[ovs-dev] [PATCH v3 1/3] ovn-northd: Refactor the code which sets nat_addresses
From: Numan Siddique
The present code which sets the Port_Binding.nat_addresses
can be simplied. This patch does this. This would help in
upcoming commits to set the nat_addresses column with the
mac and IPs of distributed logical router ports and logical
router ports with 'reside-on-redirect-chassis' set.
Signed-off-by: Numan Siddique
---
ovn/northd/ovn-northd.c | 32 +---
1 file changed, 13 insertions(+), 19 deletions(-)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 0b0a96a3a..c43adb51c 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -2493,23 +2493,12 @@ ovn_port_update_sbrec(struct northd_context *ctx,
const char *nat_addresses = smap_get(>nbsp->options,
"nat-addresses");
+size_t n_nats = 0;
+char **nats = NULL;
if (nat_addresses && !strcmp(nat_addresses, "router")) {
if (op->peer && op->peer->od
&& (chassis || op->peer->od->l3redirect_port)) {
-size_t n_nats;
-char **nats = get_nat_addresses(op->peer, _nats);
-if (n_nats) {
-sbrec_port_binding_set_nat_addresses(op->sb,
-(const char **) nats, n_nats);
-for (size_t i = 0; i < n_nats; i++) {
-free(nats[i]);
-}
-free(nats);
-} else {
-sbrec_port_binding_set_nat_addresses(op->sb, NULL, 0);
-}
-} else {
-sbrec_port_binding_set_nat_addresses(op->sb, NULL, 0);
+nats = get_nat_addresses(op->peer, _nats);
}
/* Only accept manual specification of ethernet address
* followed by IPv4 addresses on type "l3gateway" ports. */
@@ -2519,15 +2508,20 @@ ovn_port_update_sbrec(struct northd_context *ctx,
static struct vlog_rate_limit rl =
VLOG_RATE_LIMIT_INIT(1, 1);
VLOG_WARN_RL(, "Error extracting nat-addresses.");
-sbrec_port_binding_set_nat_addresses(op->sb, NULL, 0);
} else {
-sbrec_port_binding_set_nat_addresses(op->sb,
- _addresses, 1);
destroy_lport_addresses();
+n_nats = 1;
+nats = xcalloc(1, sizeof *nats);
+nats[0] = xstrdup(nat_addresses);
}
-} else {
-sbrec_port_binding_set_nat_addresses(op->sb, NULL, 0);
}
+
+sbrec_port_binding_set_nat_addresses(op->sb,
+ (const char **) nats, n_nats);
+for (size_t i = 0; i < n_nats; i++) {
+free(nats[i]);
+}
+free(nats);
}
sbrec_port_binding_set_parent_port(op->sb, op->nbsp->parent_name);
sbrec_port_binding_set_tag(op->sb, op->nbsp->tag, op->nbsp->n_tag);
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] ovn-controller: Provide the option to configure inactivity probe interval for OpenFlow conn
From: Numan Siddique
If the ovn-controller main loop takes more than 5 seconds (if there are lots of
logical
flows) before it calls poll_block(), it causes the poll_block to wake up
immediately,
since rconn module has to send echo request. With the incremental processing,
this is
not an issue as ovn-controller will not recompute again. But for older
versions, this
is an issue as it causes flow recomputations and this would result in 100% cpu
all the
time.
With this patch, CMS can configure a higher value depending the workload.
The main intention of this patch is to fix this recompuation issue for older
versions
(there by requesting backport), it still would be beneficial with the
incremental processing engine.
Signed-off-by: Numan Siddique
Tested-by: Dumitru Ceara
---
v1 -> v2
-
* Defined the macro OFCTRL_DEFAULT_PROBE_INTERVAL_SEC instead of using
hard coded value of 5 in get_ofctrl_probe_interval() as suggested by
Dumitru Ceara
ovn/controller/ofctrl.c | 14 --
ovn/controller/ofctrl.h | 4 +++-
ovn/controller/ovn-controller.8.xml | 14 ++
ovn/controller/ovn-controller.c | 14 +-
4 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/ovn/controller/ofctrl.c b/ovn/controller/ofctrl.c
index 47a915aea..043abd69d 100644
--- a/ovn/controller/ofctrl.c
+++ b/ovn/controller/ofctrl.c
@@ -169,9 +169,11 @@ static void ofctrl_recv(const struct ofp_header *, enum
ofptype);
void
ofctrl_init(struct ovn_extend_table *group_table,
-struct ovn_extend_table *meter_table)
+struct ovn_extend_table *meter_table,
+int inactivity_probe_interval)
{
-swconn = rconn_create(5, 0, DSCP_DEFAULT, 1 << OFP13_VERSION);
+swconn = rconn_create(inactivity_probe_interval, 0,
+ DSCP_DEFAULT, 1 << OFP13_VERSION);
tx_counter = rconn_packet_counter_create();
hmap_init(_flows);
ovs_list_init(_updates);
@@ -1381,3 +1383,11 @@ ofctrl_is_connected(void)
{
return rconn_is_connected(swconn);
}
+
+void
+ofctrl_set_probe_interval(int probe_interval)
+{
+if (swconn) {
+rconn_set_probe_interval(swconn, probe_interval);
+}
+}
diff --git a/ovn/controller/ofctrl.h b/ovn/controller/ofctrl.h
index b39cdf88b..ed8918aae 100644
--- a/ovn/controller/ofctrl.h
+++ b/ovn/controller/ofctrl.h
@@ -41,7 +41,8 @@ struct ovn_desired_flow_table {
/* Interface for OVN main loop. */
void ofctrl_init(struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table);
+ struct ovn_extend_table *meter_table,
+ int inactivity_probe_interval);
void ofctrl_run(const struct ovsrec_bridge *br_int,
struct shash *pending_ct_zones);
enum mf_field_id ofctrl_get_mf_field_id(void);
@@ -81,5 +82,6 @@ void ofctrl_check_and_add_flow(struct ovn_desired_flow_table
*,
const struct uuid *, bool log_duplicate_flow);
bool ofctrl_is_connected(void);
+void ofctrl_set_probe_interval(int probe_interval);
#endif /* ovn/ofctrl.h */
diff --git a/ovn/controller/ovn-controller.8.xml
b/ovn/controller/ovn-controller.8.xml
index 9721d9a5b..8f9c64838 100644
--- a/ovn/controller/ovn-controller.8.xml
+++ b/ovn/controller/ovn-controller.8.xml
@@ -112,6 +112,20 @@
+ external_ids:ovn-openflow-probe-interval
+
+
+ The inactivity probe interval of the OpenFlow connection to the
+ OpenvSwitch integration bridge, in seconds.
+ If the value is zero, it disables the connection keepalive feature.
+
+
+
+ If the value is nonzero, then it will be forced to a value of
+ at least 5s.
+
+
+
external_ids:ovn-encap-type
diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c
index 60190161f..c2c68e467 100644
--- a/ovn/controller/ovn-controller.c
+++ b/ovn/controller/ovn-controller.c
@@ -73,6 +73,7 @@ static unixctl_cb_func ovn_controller_conn_show;
#define DEFAULT_BRIDGE_NAME "br-int"
#define DEFAULT_PROBE_INTERVAL_MSEC 5000
+#define OFCTRL_DEFAULT_PROBE_INTERVAL_SEC 5
#define CONTROLLER_LOOP_STOPWATCH_NAME "ovn-controller-flow-generation"
@@ -390,6 +391,15 @@ update_ssl_config(const struct ovsrec_ssl_table *ssl_table)
}
}
+static int
+get_ofctrl_probe_interval(struct ovsdb_idl *ovs_idl)
+{
+const struct ovsrec_open_vswitch *cfg = ovsrec_open_vswitch_first(ovs_idl);
+return smap_get_int(>external_ids,
+"ovn-openflow-probe-interval",
+OFCTRL_DEFAULT_PROBE_INTERVAL_SEC);
+}
+
/* Retrieves the pointer to the OVN Southbound database from 'ovs_idl' and
* updates 'sbdb_idl' with that pointer. */
static void
@@ -1817,7 +1827,8 @@ main(int argc, char *argv[])
engine_init(_flow_output);
ofctrl_init(_flow_output.group_table,
-
[ovs-dev] [PATCH v3 0/3] Handle GARPs for logical router port IPs
From: Numan Siddique The v1 of the patch series had just one patch which handled sending GARPs for the logical router ports with the option - reside-on-redirect-chassis set. The v2+ has totall 3 patches. Patch 1 is a simple refactor in ovn-northd code which sets the Port_Binding.nat_addresses column in Southbound db. Patch 2 takes care of sending GARPs for the logical router ports which has the option - reside-on-redirect-chassis set. This option is used when provider (or bridged) logical switches are connected a logical router with a distributed gateway router port. Patch 3 takes care of sending GARPs for the IPs of the distributed gateway router port. It also handles sendig the GARPs for the IPs of the router ports which belong to a gateway router and whoe peer is connected to a provider (or bridged) logical switch. --- v2 -> v3 --- * Addressed review comments from Dumitru for p1 and p2. Numan Siddique (3): ovn-northd: Refactor the code which sets nat_addresses ovn: Send GARP for the router ports with reside-on-redirect-chassis options set ovn: Send GARP for router port IPs of a router port connected to bridged logical switch ovn/northd/ovn-northd.c | 99 +-- tests/ovn.at| 147 +--- 2 files changed, 201 insertions(+), 45 deletions(-) -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v4] ovn-controller: Omit tracking external_ids columns
From: Numan Siddique Running the command "ovn-nbctl set logical_switch_port foo external_ids:foo=bar" results in the incremetal processing engine to recompute the flows on the chassis where the logical port 'foo' is claimed. This patch avoids this unnecessary recomputation by omitting the tracking of external_ids column of all the Southbound DB tables except DNS, Chassis and Datapath_Binding tables. ovn-controller is refering to the external_ids column of these tables. Signed-off-by: Numan Siddique --- v3 -> v4 --- * Using 'ovsdb_idl_omit' as suggested by Ben. Also omitting external_ids column for most of the SB tables. v2 -> v3 -- * Based on the review comments from Han, dropped p2 and p3 from the series. ovn/controller/ovn-controller.c | 24 1 file changed, 24 insertions(+) diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c index 60190161f..7fb322ed1 100644 --- a/ovn/controller/ovn-controller.c +++ b/ovn/controller/ovn-controller.c @@ -1732,6 +1732,30 @@ main(int argc, char *argv[]) ovsdb_idl_track_add_all(ovnsb_idl_loop.idl); ovsdb_idl_omit_alert(ovnsb_idl_loop.idl, _chassis_col_nb_cfg); + +/* Omit the external_ids column of all the tables except for - + * - DNS. pinctrl.c uses the external_ids column of DNS, + *which it shouldn't. This should be removed. + * + * - Chassis - chassis.c copies the chassis configuration from + * local open_vswitch table to the external_ids of + * chassis. + * + * - Datapath_binding - lflow.c is using this to check if the datapath + * is switch or not. This should be removed. + * */ + +ovsdb_idl_omit(ovnsb_idl_loop.idl, _sb_global_col_external_ids); +ovsdb_idl_omit(ovnsb_idl_loop.idl, _logical_flow_col_external_ids); +ovsdb_idl_omit(ovnsb_idl_loop.idl, _port_binding_col_external_ids); +ovsdb_idl_omit(ovnsb_idl_loop.idl, _connection_col_external_ids); +ovsdb_idl_omit(ovnsb_idl_loop.idl, _ssl_col_external_ids); +ovsdb_idl_omit(ovnsb_idl_loop.idl, + _gateway_chassis_col_external_ids); +ovsdb_idl_omit(ovnsb_idl_loop.idl, _ha_chassis_col_external_ids); +ovsdb_idl_omit(ovnsb_idl_loop.idl, + _ha_chassis_group_col_external_ids); + update_sb_monitors(ovnsb_idl_loop.idl, NULL, NULL, NULL); stopwatch_create(CONTROLLER_LOOP_STOPWATCH_NAME, SW_MS); -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] ovn-controller: Provide the option to configure inactivity probe interval for OpenFlow conn
From: Numan Siddique
If the ovn-controller main loop takes more than 5 seconds (if there are lots of
logical
flows) before it calls poll_block(), it causes the poll_block to wake up
immediately,
since rconn module has to send echo request. With the incremental processing,
this is
not an issue as ovn-controller will not recompute again. But for older
versions, this
is an issue as it causes flow recomputations and this would result in 100% cpu
all the
time.
With this patch, CMS can configure a higher value depending the workload.
The main intention of this patch is to fix this recompuation issue for older
versions
(there by requesting backport), it still would be beneficial with the
incremental processing engine.
Signed-off-by: Numan Siddique
---
ovn/controller/ofctrl.c | 14 --
ovn/controller/ofctrl.h | 4 +++-
ovn/controller/ovn-controller.8.xml | 14 ++
ovn/controller/ovn-controller.c | 12 +++-
4 files changed, 40 insertions(+), 4 deletions(-)
diff --git a/ovn/controller/ofctrl.c b/ovn/controller/ofctrl.c
index 47a915aea..043abd69d 100644
--- a/ovn/controller/ofctrl.c
+++ b/ovn/controller/ofctrl.c
@@ -169,9 +169,11 @@ static void ofctrl_recv(const struct ofp_header *, enum
ofptype);
void
ofctrl_init(struct ovn_extend_table *group_table,
-struct ovn_extend_table *meter_table)
+struct ovn_extend_table *meter_table,
+int inactivity_probe_interval)
{
-swconn = rconn_create(5, 0, DSCP_DEFAULT, 1 << OFP13_VERSION);
+swconn = rconn_create(inactivity_probe_interval, 0,
+ DSCP_DEFAULT, 1 << OFP13_VERSION);
tx_counter = rconn_packet_counter_create();
hmap_init(_flows);
ovs_list_init(_updates);
@@ -1381,3 +1383,11 @@ ofctrl_is_connected(void)
{
return rconn_is_connected(swconn);
}
+
+void
+ofctrl_set_probe_interval(int probe_interval)
+{
+if (swconn) {
+rconn_set_probe_interval(swconn, probe_interval);
+}
+}
diff --git a/ovn/controller/ofctrl.h b/ovn/controller/ofctrl.h
index b39cdf88b..ed8918aae 100644
--- a/ovn/controller/ofctrl.h
+++ b/ovn/controller/ofctrl.h
@@ -41,7 +41,8 @@ struct ovn_desired_flow_table {
/* Interface for OVN main loop. */
void ofctrl_init(struct ovn_extend_table *group_table,
- struct ovn_extend_table *meter_table);
+ struct ovn_extend_table *meter_table,
+ int inactivity_probe_interval);
void ofctrl_run(const struct ovsrec_bridge *br_int,
struct shash *pending_ct_zones);
enum mf_field_id ofctrl_get_mf_field_id(void);
@@ -81,5 +82,6 @@ void ofctrl_check_and_add_flow(struct ovn_desired_flow_table
*,
const struct uuid *, bool log_duplicate_flow);
bool ofctrl_is_connected(void);
+void ofctrl_set_probe_interval(int probe_interval);
#endif /* ovn/ofctrl.h */
diff --git a/ovn/controller/ovn-controller.8.xml
b/ovn/controller/ovn-controller.8.xml
index 9721d9a5b..8f9c64838 100644
--- a/ovn/controller/ovn-controller.8.xml
+++ b/ovn/controller/ovn-controller.8.xml
@@ -112,6 +112,20 @@
+ external_ids:ovn-openflow-probe-interval
+
+
+ The inactivity probe interval of the OpenFlow connection to the
+ OpenvSwitch integration bridge, in seconds.
+ If the value is zero, it disables the connection keepalive feature.
+
+
+
+ If the value is nonzero, then it will be forced to a value of
+ at least 5s.
+
+
+
external_ids:ovn-encap-type
diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c
index 60190161f..4e8b261e8 100644
--- a/ovn/controller/ovn-controller.c
+++ b/ovn/controller/ovn-controller.c
@@ -390,6 +390,14 @@ update_ssl_config(const struct ovsrec_ssl_table *ssl_table)
}
}
+static int
+get_ofctrl_probe_interval(struct ovsdb_idl *ovs_idl)
+{
+const struct ovsrec_open_vswitch *cfg = ovsrec_open_vswitch_first(ovs_idl);
+return smap_get_int(>external_ids,
+"ovn-openflow-probe-interval", 5);
+}
+
/* Retrieves the pointer to the OVN Southbound database from 'ovs_idl' and
* updates 'sbdb_idl' with that pointer. */
static void
@@ -1817,7 +1825,8 @@ main(int argc, char *argv[])
engine_init(_flow_output);
ofctrl_init(_flow_output.group_table,
-_flow_output.meter_table);
+_flow_output.meter_table,
+get_ofctrl_probe_interval(ovs_idl_loop.idl));
unixctl_command_register("group-table-list", "", 0, 0,
group_table_list, _flow_output.group_table);
@@ -1844,6 +1853,7 @@ main(int argc, char *argv[])
while (!exiting) {
update_sb_db(ovs_idl_loop.idl, ovnsb_idl_loop.idl);
update_ssl_config(ovsrec_ssl_table_get(ovs_idl_loop.idl));
+ofctrl_set_probe_interval(get_ofctrl_probe_interval(ovs_idl_loop.idl));
[ovs-dev] [PATCH v3] ovn-controller: Omit alert for Port_Binding.external_ids changes
From: Numan Siddique Running the command "ovn-nbctl set logical_switch_port foo external_ids:foo=bar" results in the incremetal processing engine to recompute the flows on the chassis where the logical port 'foo' is claimed. This patch avoids this unnecessary recomputation by omitting the alert for the Port_Binding.external_ids column. Signed-off-by: Numan Siddique Acked-by: Han Zhou --- v2 -> v3 -- * Based on the review comments from Han, dropped p2 and p3 from the series. ovn/controller/ovn-controller.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c index 60190161f..ddfd05c71 100644 --- a/ovn/controller/ovn-controller.c +++ b/ovn/controller/ovn-controller.c @@ -1732,6 +1732,8 @@ main(int argc, char *argv[]) ovsdb_idl_track_add_all(ovnsb_idl_loop.idl); ovsdb_idl_omit_alert(ovnsb_idl_loop.idl, _chassis_col_nb_cfg); +ovsdb_idl_omit_alert(ovnsb_idl_loop.idl, + _port_binding_col_external_ids); update_sb_monitors(ovnsb_idl_loop.idl, NULL, NULL, NULL); stopwatch_create(CONTROLLER_LOOP_STOPWATCH_NAME, SW_MS); -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2 3/3] ovn-controller: Consider only port binding changes of normal type for run_time dataengine
From: Numan Siddique
Any changes for Port_Bindings rows of type - "chassisredirect", "patch",
"l3gateway" etc
which are not related to the chassis can be ignored in the function
'binding_evaluate_port_binding_changes()'. Presently this returns true and this
results
in unnecessary flow computation on a chassis.
Changes to these Port_Bindings (of type != "") will be handled by the engine
handler
flow_output_sb_port_binding_handler() for the engine node 'en_sb_port_binding'
(which
is input to 'en_flow_output'.
For example, if a chassisredirect port is claimed by a gateway chassis, the
compute
nodes only need to update the flow in table 32 in the bundle action. Where as
presently
flow computation is triggered and this causes wastage of CPU.
Signed-off-by: Numan Siddique
---
ovn/controller/binding.c | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/ovn/controller/binding.c b/ovn/controller/binding.c
index 87d0b6d88..7d287ece9 100644
--- a/ovn/controller/binding.c
+++ b/ovn/controller/binding.c
@@ -715,11 +715,21 @@ binding_evaluate_port_binding_changes(
* - If a regular VIF is unbound from this chassis, the local ovsdb
* interface table will be updated, which will trigger recompute.
*
- * - If the port is not a regular VIF, always trigger recompute. */
+ * If the port is not a regular VIF, then ignore it. */
if (binding_rec->chassis == chassis_rec
|| is_our_chassis(chassis_rec, binding_rec,
- active_tunnels, _to_iface, local_lports)
-|| strcmp(binding_rec->type, "")) {
+ active_tunnels, _to_iface,
+ local_lports)) {
+changed = true;
+break;
+}
+
+/* Any changes to chassisredirect port (not claimed by this chassis),
+ * doesn't require any logical flow computation. It only requires
+ * physical flow update and thiss will be handled by
+ * flow_output_sb_port_binding_handler() in ovn-controller.c */
+if (strcmp(binding_rec->type, "") &&
+strcmp(binding_rec->type, "chassisredirect")) {
changed = true;
break;
}
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2 2/3] ovn-controller: Remove the run_id check in engine_run
From: Numan Siddique
engine_node 'en_sb_port_binding' is added as input to engine nodes
- 'en_runtime_data' with the handler runtime_data_sb_port_binding_handler()
and
- 'en_flow_output' with the handler flow_output_sb_port_binding_handler()
nodes.
Also 'en_runtime_data' is input to node 'en_flow_output'.
The function 'engine_run()' returns immediately if the run_id param is same as
the engine_node->run_id. Because of which the handler
'flow_output_sb_port_binding_handler()'
is never called.
This patch removes this check in engine_run().
Signed-off-by: Numan Siddique
---
ovn/lib/inc-proc-eng.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/ovn/lib/inc-proc-eng.c b/ovn/lib/inc-proc-eng.c
index 1ddea1a85..10ebd047b 100644
--- a/ovn/lib/inc-proc-eng.c
+++ b/ovn/lib/inc-proc-eng.c
@@ -124,9 +124,6 @@ engine_ovsdb_node_add_index(struct engine_node *node, const
char *name,
void
engine_run(struct engine_node *node, uint64_t run_id)
{
-if (node->run_id == run_id) {
-return;
-}
node->run_id = run_id;
node->changed = false;
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2 1/3] ovn-controller: Omit alert for Port_Binding.external_ids changes
From: Numan Siddique Running the command "ovn-nbctl set logical_switch_port foo external_ids:foo=bar" results in the incremetal processing engine to recompute the flows on the chassis where the logical port 'foo' is claimed. This patch avoids this unnecessary recomputation by omitting the alert for the Port_Binding.external_ids column. Signed-off-by: Numan Siddique --- ovn/controller/ovn-controller.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c index 60190161f..ddfd05c71 100644 --- a/ovn/controller/ovn-controller.c +++ b/ovn/controller/ovn-controller.c @@ -1732,6 +1732,8 @@ main(int argc, char *argv[]) ovsdb_idl_track_add_all(ovnsb_idl_loop.idl); ovsdb_idl_omit_alert(ovnsb_idl_loop.idl, _chassis_col_nb_cfg); +ovsdb_idl_omit_alert(ovnsb_idl_loop.idl, + _port_binding_col_external_ids); update_sb_monitors(ovnsb_idl_loop.idl, NULL, NULL, NULL); stopwatch_create(CONTROLLER_LOOP_STOPWATCH_NAME, SW_MS); -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2 0/3] ovn-controller: Some IP improvements
From: Numan Siddique This patch series does few incremental processing improvements. Right now recomputation is triggered for some scenarios and this patch series tries to avoid that. Please see the ML discussion = https://mail.openvswitch.org/pipermail/ovs-discuss/2019-June/048822.html for more details. v1 -> v2 * In patch 3, fixed the check_patch > 80 line length warning and also added some extra comments. Numan Siddique (3): ovn-controller: Omit alert for Port_Binding.external_ids changes ovn-controller: Remove the run_id check in engine_run ovn-controller: Consider only port binding changes of normal type for run_time dataengine ovn/controller/binding.c| 16 +--- ovn/controller/ovn-controller.c | 1 + ovn/lib/inc-proc-eng.c | 3 --- 3 files changed, 14 insertions(+), 6 deletions(-) -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 3/3] ovn-controller: Consider only port binding changes of normal type for run_time dataengine
From: Numan Siddique
Any changes for Port_Bindings rows of type - "chassisredirect", "patch",
"l3gateway" etc
which are not related to the chassis can be ignored in the function
'binding_evaluate_port_binding_changes()'. Presently this returns true and this
results
in unnecessary flow computation on a chassis.
Changes to these Port_Bindings (of type != "") will be handled by the engine
handler
flow_output_sb_port_binding_handler() for the engine node 'en_sb_port_binding'
(which
is input to 'en_flow_output'.
For example, if a chassisredirect port is claimed by a gateway chassis, the
compute
nodes only need to update the flow in table 32 in the bundle action. Where as
presently
flow computation is triggered and this causes wastage of CPU.
Signed-off-by: Numan Siddique
---
ovn/controller/binding.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/ovn/controller/binding.c b/ovn/controller/binding.c
index 87d0b6d88..a7f82d3ce 100644
--- a/ovn/controller/binding.c
+++ b/ovn/controller/binding.c
@@ -715,11 +715,16 @@ binding_evaluate_port_binding_changes(
* - If a regular VIF is unbound from this chassis, the local ovsdb
* interface table will be updated, which will trigger recompute.
*
- * - If the port is not a regular VIF, always trigger recompute. */
+ * If the port is not a regular VIF, then ignore it. */
if (binding_rec->chassis == chassis_rec
|| is_our_chassis(chassis_rec, binding_rec,
- active_tunnels, _to_iface, local_lports)
-|| strcmp(binding_rec->type, "")) {
+ active_tunnels, _to_iface,
+ local_lports)) {
+changed = true;
+break;
+}
+
+if (strcmp(binding_rec->type, "") && strcmp(binding_rec->type,
"chassisredirect")) {
changed = true;
break;
}
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 1/3] ovn-controller: Omit alert for Port_Binding.external_ids changes
From: Numan Siddique Running the command "ovn-nbctl set logical_switch_port foo external_ids:foo=bar" results in the incremetal processing engine to recompute the flows on the chassis where the logical port 'foo' is claimed. This patch avoids this unnecessary recomputation by omitting the alert for the Port_Binding.external_ids column. Signed-off-by: Numan Siddique --- ovn/controller/ovn-controller.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c index 60190161f..5dbb8f857 100644 --- a/ovn/controller/ovn-controller.c +++ b/ovn/controller/ovn-controller.c @@ -1732,6 +1732,7 @@ main(int argc, char *argv[]) ovsdb_idl_track_add_all(ovnsb_idl_loop.idl); ovsdb_idl_omit_alert(ovnsb_idl_loop.idl, _chassis_col_nb_cfg); +ovsdb_idl_omit_alert(ovnsb_idl_loop.idl, _port_binding_col_external_ids); update_sb_monitors(ovnsb_idl_loop.idl, NULL, NULL, NULL); stopwatch_create(CONTROLLER_LOOP_STOPWATCH_NAME, SW_MS); -- 2.21.0 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH 2/3] ovn-controller: Remove the run_id check in engine_run
From: Numan Siddique
engine_node 'en_sb_port_binding' is added as input to engine nodes
- 'en_runtime_data' with the handler runtime_data_sb_port_binding_handler()
and
- 'en_flow_output' with the handler flow_output_sb_port_binding_handler()
nodes.
Also 'en_runtime_data' is input to node 'en_flow_output'.
The function 'engine_run()' returns immediately if the run_id param is same as
the engine_node->run_id. Because of which the handler
'flow_output_sb_port_binding_handler()'
is never called.
This patch removes this check in engine_run().
Signed-off-by: Numan Siddique
---
ovn/lib/inc-proc-eng.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/ovn/lib/inc-proc-eng.c b/ovn/lib/inc-proc-eng.c
index 1ddea1a85..10ebd047b 100644
--- a/ovn/lib/inc-proc-eng.c
+++ b/ovn/lib/inc-proc-eng.c
@@ -124,9 +124,6 @@ engine_ovsdb_node_add_index(struct engine_node *node, const
char *name,
void
engine_run(struct engine_node *node, uint64_t run_id)
{
-if (node->run_id == run_id) {
-return;
-}
node->run_id = run_id;
node->changed = false;
--
2.21.0
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH] ovn-northd: Add the option to pause and resume
From: Numan Siddique
This patch adds 3 unixctl socket comments - pause, resume and is-paused.
Usage: ovs-appctl -t ovn-northd pause/resume/is-paused
This feature will be useful if the CMS wants to
- deploy OVN DB servers in active/passive mode and
- run ovn-northd on all these nodes and use unix ctl sockets to
connect to the local OVN DB servers.
On the nodes where OVN Db ovsdb-servers are in passive mode, the local
ovn-northds
will process the DB changes and calculate logical flows to be throw out later
because write txns are not allowed by these ovsdb-servers. It results in
unncessary CPU usage.
With these commands, CMS can pause ovn-northd on these node. A node
which becomes master, can resume the ovn-northd.
This feature will be useful in ovn-kubernetes if the above deployment model
is chosen.
Signed-off-by: Numan Siddique
---
ovn/northd/ovn-northd.8.xml | 17 ++
ovn/northd/ovn-northd.c | 103 +++-
tests/ovn-northd.at | 38 +
3 files changed, 132 insertions(+), 26 deletions(-)
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index e6417220f..ffec67079 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -70,6 +70,23 @@
Causes ovn-northd to gracefully terminate.
+
+ pause
+
+Pauses the ovn-northd operation from processing any Northbound and
+Southbound database changes.
+
+
+ resume
+
+Resumes the ovn-northd operation to process Northbound and
+Southbound database contents and generate logical flows.
+
+
+ is-paused
+
+Returns "true" if ovn-northd is currently paused, "false" otherwise.
+
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 0b0a96a3a..d3606dc30 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -50,6 +50,9 @@
VLOG_DEFINE_THIS_MODULE(ovn_northd);
static unixctl_cb_func ovn_northd_exit;
+static unixctl_cb_func ovn_northd_pause;
+static unixctl_cb_func ovn_northd_resume;
+static unixctl_cb_func ovn_northd_is_paused;
struct northd_context {
struct ovsdb_idl *ovnnb_idl;
@@ -8639,6 +8642,7 @@ main(int argc, char *argv[])
struct unixctl_server *unixctl;
int retval;
bool exiting;
+bool paused;
fatal_ignore_sigpipe();
ovs_cmdl_proctitle_init(argc, argv);
@@ -8653,6 +8657,10 @@ main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
unixctl_command_register("exit", "", 0, 0, ovn_northd_exit, );
+unixctl_command_register("pause", "", 0, 0, ovn_northd_pause, );
+unixctl_command_register("resume", "", 0, 0, ovn_northd_resume, );
+unixctl_command_register("is-paused", "", 0, 0, ovn_northd_is_paused,
+ );
daemonize_complete();
@@ -8809,31 +8817,39 @@ main(int argc, char *argv[])
/* Main loop. */
exiting = false;
+paused = false;
while (!exiting) {
-struct northd_context ctx = {
-.ovnnb_idl = ovnnb_idl_loop.idl,
-.ovnnb_txn = ovsdb_idl_loop_run(_idl_loop),
-.ovnsb_idl = ovnsb_idl_loop.idl,
-.ovnsb_txn = ovsdb_idl_loop_run(_idl_loop),
-.sbrec_ha_chassis_grp_by_name = sbrec_ha_chassis_grp_by_name,
-};
-
-if (!had_lock && ovsdb_idl_has_lock(ovnsb_idl_loop.idl)) {
-VLOG_INFO("ovn-northd lock acquired. "
- "This ovn-northd instance is now active.");
-had_lock = true;
-} else if (had_lock && !ovsdb_idl_has_lock(ovnsb_idl_loop.idl)) {
-VLOG_INFO("ovn-northd lock lost. "
- "This ovn-northd instance is now on standby.");
-had_lock = false;
-}
-
-if (ovsdb_idl_has_lock(ovnsb_idl_loop.idl)) {
-ovn_db_run(, sbrec_chassis_by_name, _idl_loop);
-if (ctx.ovnsb_txn) {
-check_and_add_supported_dhcp_opts_to_sb_db();
-check_and_add_supported_dhcpv6_opts_to_sb_db();
-check_and_update_rbac();
+/* unixctl_server_run could modify the value of 'paused'.
+ * So store the value in local 'paused_' so that we run
+ * 'ovsdb_idl_loop_commit_and_wait() at the end of the loop. */
+bool paused_ = paused;
+
+if (!paused_) {
+struct northd_context ctx = {
+.ovnnb_idl = ovnnb_idl_loop.idl,
+.ovnnb_txn = ovsdb_idl_loop_run(_idl_loop),
+.ovnsb_idl = ovnsb_idl_loop.idl,
+.ovnsb_txn = ovsdb_idl_loop_run(_idl_loop),
+.sbrec_ha_chassis_grp_by_name = sbrec_ha_chassis_grp_by_name,
+};
+
+if (!had_lock && ovsdb_idl_has_lock(ovnsb_idl_loop.idl)) {
+VLOG_INFO("ovn-northd lock acquired. "
+"This ovn-northd instance is now active.");
+had_lock = true;
+
[ovs-dev] [PATCH v4] ovn: Add a new logical switch port type - 'virtual'
From: Numan Siddique
This new type is added for the following reasons:
- When a load balancer is created in an OpenStack deployment with Octavia
service, it creates a logical port 'VIP' for the virtual ip.
- This logical port is not bound to any VIF.
- Octavia service creates a service VM (with another logical port 'P' which
belongs to the same logical switch)
- The virtual ip 'VIP' is configured on this service VM.
- This service VM provides the load balancing for the VIP with the configured
backend IPs.
- Octavia service can be configured to create few service VMs with
active-standby mode
with the active VM configured with the VIP. The VIP can move between
these service nodes.
Presently there are few problems:
- When a floating ip (externally reachable IP) is associated to the VIP and if
the compute nodes have external connectivity then the external traffic
cannot
reach the VIP using the floating ip as the VIP logical port would be down.
dnat_and_snat entry in NAT table for this vip will have 'external_mac' and
'logical_port' configured.
- The only way to make it work is to clear the 'external_mac' entry so that
the gateway chassis does the DNAT for the VIP.
To solve these problems, this patch proposes a new logical port type - virtual.
CMS when creating the logical port for the VIP, should
- set the type as 'virtual'
- configure the VIP in the options - Logical_Switch_Port.options:virtual-ip
- And set the virtual parents in the options
Logical_Switch_Port.options:virtual-parents.
These virtual parents are the one which can be configured with the VIP.
If suppose the virtual_ip is configured to 10.0.0.10 on a virtual logical port
'sw0-vip'
and the virtual_parents are set to - [sw0-p1, sw0-p2] then below logical flows
are added in the
lsp_in_arp_rsp logical switch pipeline
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p1" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p2" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
The action bind_vport will claim the logical port - sw0-vip on the chassis
where this action
is executed. Since the port - sw0-vip is claimed by a chassis, the
dnat_and_snat rule for
the VIP will be handled by the compute node.
Signed-off-by: Numan Siddique
---
v3 -> v4
===
* Addressed the review comment and removed the code in northd which
referenced the Southbound db state while adding the logical flows. Instead
using the ovn match - is_chassis_resident() - which I should have used
it in the first place.
v2 -> v3
===
* Addressed the review comments from Ben - deleted the new columns -
virtual_ip and virtual_parents from Logical_Switch_Port and instead
is making use of options column for this purpose.
v1 -> v2
* In v1, was not updating the 'put_vport_binding' struct if it already
exists in the put_vport_bindings hmap in the function -
pinctrl_handle_bind_vport().
In v2 handled it.
* Improved the if else check in binding.c when releasing the lports.
include/ovn/actions.h | 18 ++-
ovn/controller/binding.c| 30 +++-
ovn/controller/pinctrl.c| 174
ovn/lib/actions.c | 60 +++
ovn/lib/ovn-util.c | 1 +
ovn/northd/ovn-northd.8.xml | 61 ++-
ovn/northd/ovn-northd.c | 306 +++-
ovn/ovn-nb.xml | 45 ++
ovn/ovn-sb.ovsschema| 6 +-
ovn/ovn-sb.xml | 46 ++
ovn/utilities/ovn-trace.c | 3 +
tests/ovn.at| 281 +
tests/test-ovn.c| 1 +
13 files changed, 945 insertions(+), 87 deletions(-)
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index f42bbc277..48c64f792 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -83,7 +83,8 @@ struct ovn_extend_table;
OVNACT(ND_NS, ovnact_nest)\
OVNACT(SET_METER, ovnact_set_meter) \
OVNACT(OVNFIELD_LOAD, ovnact_load)\
-OVNACT(CHECK_PKT_LARGER, ovnact_check_pkt_larger)
+OVNACT(CHECK_PKT_LARGER, ovnact_check_pkt_larger)\
+OVNACT(BIND_VPORT,ovnact_bind_vport)
/* enum ovnact_type, with a member OVNACT_ for each action. */
enum OVS_PACKED_ENUM ovnact_type {
@@ -318,6 +319,13 @@ struct ovnact_check_pkt_larger {
struct expr_field dst; /* 1-bit destination field. */
};
+/* OVNACT_BIND_VPORT. */
+struct ovnact_bind_vport {
+struct ovnact ovnact;
+char *vport;
+
[ovs-dev] [PATCH v2 3/3] ovn: Send GARP for router port IPs of a router port connected to bridged logical switch
From: Numan Siddique
This patch handles sending GARPs for
- router port IPs of a distributed router port
- router port IPs of a router port which belongs to gateway router
(with the option - redirect-chassis set in Logical_Router.options)
Signed-off-by: Numan Siddique
---
ovn/northd/ovn-northd.c | 44
tests/ovn.at| 89 +++--
2 files changed, 105 insertions(+), 28 deletions(-)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 26ad3583a..63b97b727 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -1983,9 +1983,23 @@ get_nat_addresses(const struct ovn_port *op, size_t *n)
}
} else {
/* Centralized NAT rule, either on gateway router or distributed
- * router. */
-ds_put_format(_addresses, " %s", nat->external_ip);
-central_ip_address = true;
+ * router.
+ * Check if external_ip is same as router ip. If so, then there
+ * is no need to add this to the nat_addresses. The router IPs
+ * will be added separately. */
+bool is_router_ip = false;
+for (size_t j = 0; j < op->lrp_networks.n_ipv4_addrs; j++) {
+if (!strcmp(nat->external_ip,
+op->lrp_networks.ipv4_addrs[j].addr_s)) {
+is_router_ip = true;
+break;
+}
+}
+
+if (!is_router_ip) {
+ds_put_format(_addresses, " %s", nat->external_ip);
+central_ip_address = true;
+}
}
}
@@ -2526,13 +2540,26 @@ ovn_port_update_sbrec(struct northd_context *ctx,
* - op->peer has 'reside-on-gateway-chassis' set and the
*the logical router datapath has distributed router port.
*
+ * - op->peer is distributed gateway router port.
+ *
+ * - op->peer's router is a gateway router and op has a localnet
+ *port.
+ *
* Note: Port_Binding.nat_addresses column is also used for
* sending the GARPs for the router port IPs.
* */
+bool add_router_port_garp = false;
if (op->peer && op->peer->nbrp && op->peer->od->l3dgw_port &&
op->peer->od->l3redirect_port &&
-smap_get_bool(>peer->nbrp->options,
- "reside-on-redirect-chassis", false)) {
+(smap_get_bool(>peer->nbrp->options,
+ "reside-on-redirect-chassis", false) ||
+op->peer == op->peer->od->l3dgw_port)) {
+add_router_port_garp = true;
+} else if (chassis && op->od->localnet_port) {
+add_router_port_garp = true;
+}
+
+if (add_router_port_garp) {
struct ds garp_info = DS_EMPTY_INITIALIZER;
ds_put_format(_info, "%s", op->peer->lrp_networks.ea_s);
for (size_t i = 0; i < op->peer->lrp_networks.n_ipv4_addrs;
@@ -2540,8 +2567,11 @@ ovn_port_update_sbrec(struct northd_context *ctx,
ds_put_format(_info, " %s",
op->peer->lrp_networks.ipv4_addrs[i].addr_s);
}
-ds_put_format(_info, " is_chassis_resident(%s)",
- op->peer->od->l3redirect_port->json_key);
+
+if (op->peer->od->l3redirect_port) {
+ds_put_format(_info, " is_chassis_resident(%s)",
+ op->peer->od->l3redirect_port->json_key);
+}
n_nats++;
nats = xrealloc(nats, (n_nats * sizeof *nats));
diff --git a/tests/ovn.at b/tests/ovn.at
index ea627e128..2e266d94a 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -6730,6 +6730,9 @@ AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
AT_CHECK([ovn-nbctl lsp-set-options ln_port network_name=physnet1])
+# Wait until the patch ports are created in hv1 to connect br-int to br-eth0
+OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-vsctl show | \
+grep "Port patch-br-int-to-ln_port" | wc -l`])
# Wait for packet to be received.
OVS_WAIT_UNTIL([test `wc -c < "hv1/snoopvif-tx.pcap"` -ge 50])
@@ -6737,10 +6740,11 @@ trim_zeros() {
sed 's/\(00\)\{1,\}$//'
}
$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/snoopvif-tx.pcap | trim_zeros
> packets
-expected="f00108060001080006040001f001c0a80002c0a80002"
+expected="f00108060001080006040001f001c0a80001c0a80001"
echo $expected > expout
+expected="f00108060001080006040001f001c0a80002c0a80002"
+echo $expected >> expout
AT_CHECK([sort packets], [0], [expout])
-cat
