[ovs-dev] [PATCH ovn v4] ovn-ctl: Add ssl-ciphers and protocols support.

From: Aliasgar Ginwala Setting up OVN on new kernel bumps openssl version. Since OVS PKI infrastructure that generated older ssl certs based on old openssl version, raft fails with error 2024-02-27T19:28:39.673Z|00022|stream_ssl|WARN|SSL_connect: error:1416F086:SSL

[ovs-dev] [PATCH ovn v3] ovn-ctl: Add ssl-ciphers and protocols support.

From: Aliasgar Ginwala Setting up OVN on new kernel bumps openssl version. Since OVS PKI infrastructure that generated older ssl certs based on old openssl version, raft fails with error 2024-02-27T19:28:39.673Z|00022|stream_ssl|WARN|SSL_connect: error:1416F086:SSL

[ovs-dev] [PATCH ovn v2] ovn-ctl: Add ssl-ciphers and protocols support.

From: Aliasgar Ginwala Signed-off-by: Aliasgar Ginwala --- ovs | 2 +- utilities/ovn-ctl | 25 +++-- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/ovs b/ovs index fe55ce37a..ec1d73016 16 --- a/ovs +++ b/ovs @@ -1 +1 @@ -Subproject commit

[ovs-dev] [PATCH ovn] ovn-ctl: Add ssl-ciphers and protocols support.

From: Aliasgar Ginwala Setting up OVN on new kernel bumps openssl version. Since OVS PKI infrastructure that generated older ssl certs based on old openssl version, raft fails with error 2024-02-27T19:28:39.673Z|00022|stream_ssl|WARN|SSL_connect: error:1416F086:SSL

[ovs-dev] [PATCH ovn v2] fix segfault due to ssl-ciphers

From: Aliasgar Ginwala To avoid invalidating existing certs setup by old version of ovs pki. openssl supports setting ciphers but it fails with ovn as below ovn-controller --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' Aborted (core dumped) Avoid invalidating existing certs when bumping to new

[ovs-dev] [PATCH ovn 2/2] add tests for ssl ciphers

From: Aliasgar Ginwala Signed-off-by: Aliasgar Ginwala --- tests/ovn-controller.at | 26 ++ tests/ovn.at| 182 2 files changed, 208 insertions(+) diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at index 9d2a37c72..df5662527

[ovs-dev] [PATCH ovn 1/2] fix segfault due to ssl-ciphers

From: Aliasgar Ginwala To avoid invalidating existing certs setup by old version of ovs pki. openssl supports setting ciphers but it fails with ovn as below ovn-controller --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' Aborted (core dumped) Avoid invalidating existing certs when bumping to new

[ovs-dev] [PATCH] ovn fix segfault due to ssl-ciphers

From: Aliasgar Ginwala Fixes: ovn-controller --ssl-ciphers='xxx' Aborted (core dumped) Avoid invalidating existing certs when bumping to new ovn version SSL_connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed while connecting to control plane.

[ovs-dev] [PATCH ovn v1] test/ovstest: fix shared library deps.

From: Aliasgar Ginwala When using --enable-shared for configure, make fails with error lib/.libs/libovn.so: undefined reference to `set_pidfile' collect2: error: ld returned 1 exit status Makefile:1616: recipe for target 'tests/ovstest' failed make[1]: *** [tests/ovstest] Error 1 make[1]:

[ovs-dev] [PATCH ovn] test/ovstest: fix shared library deps.

From: Aliasgar Ginwala When using --enable-shared for configure, make fails with error lib/.libs/libovn.so: undefined reference to `set_pidfile' collect2: error: ld returned 1 exit status Makefile:1616: recipe for target 'tests/ovstest' failed make[1]: *** [tests/ovstest] Error 1 make[1]:

[ovs-dev] [PATCH branch-2.11 1/2] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db Acked-by: Han Zhou Signed-off-by: Aliasgar Ginwala Signed-off-by: Ben

[ovs-dev] [PATCH branch-2.11 2/2] ovsdb-tool: fix memory leak while converting cluster into standalone database

From: Damijan Skvarc memory leak is reported by valgrind while executing functional test "ovsdb-tool convert-to-standalone" ==13842== 2,850 (280 direct, 2,570 indirect) bytes in 7 blocks are definitely lost in loss record 20 of 20 ==13842==at 0x4C2DB8F: malloc (in

[ovs-dev] [PATCH ovn] OVN container scripts: Support for cluster mode

From: Aliasgar Ginwala 1. Container scripts for starting ovn central node containers in HA using cluster mode 2. Update documentation about the same. Signed-off-by: Aliasgar Ginwala --- Documentation/intro/install/general.rst | 34 +- utilities/docker/start-ovn

[ovs-dev] [PATCH v2] ovs container build: Make kernel module configurable

From: Aliasgar Ginwala --with-linux can be made configurable while building containers for leveraging kernel modules installed on host. KERNEL_VERSION=host should be used in env variable for the same. Signed-off-by: Aliasgar Ginwala --- utilities/docker/Makefile | 2 +-

[ovs-dev] [PATCH v1] ovs container build: Make kernel module configurable

From: Aliasgar Ginwala --with-linux can be made configurable while building containers for leveraging kernel modules installed on host. KERNEL_VERSION=host should be used in env variable for the same. Signed-off-by: Aliasgar Ginwala --- utilities/docker/Makefile | 2 +-

[ovs-dev] [PATCH ovn 2/3] Refactor install scripts for ovn container

From: Aliasgar Ginwala Signed-off-by: Aliasgar Ginwala --- utilities/automake.mk | 3 ++- utilities/docker/Makefile | 2 +- utilities/docker/debian/Dockerfile | 1 + utilities/docker/debian/build.sh | 24 +- utilities/docker/install_ovn.sh| 40

[ovs-dev] [PATCH ovn 3/3] rhel support for ovn container

From: Aliasgar Ginwala Current code only had support for starting ovn in ubuntu containers. This patch adds supprt for rhel using centos7 as a base image Signed-off-by: Aliasgar Ginwala --- Documentation/intro/install/general.rst | 2 +- utilities/automake.mk | 2 ++

[ovs-dev] [PATCH v3 ovn] ovn-nb/sbctl.c: Use env variables for passing options.

From: Aliasgar Ginwala Add new env variables OVN_NBCTL_OPTIONS and OVN_SBCTL_OPTIONS for ovn-nbctl and ovn-sbctl respectively where user can set supported ovn-nb/sbctl options using environment variable. e.g. OVN_SBCTL_OPTIONS="--db=unix:sb1.ovsdb --no-leader-only" Signed-off-by: Aliasgar

[ovs-dev] [PATCH v3] command-line.c: Support parsing ctl options via env variable

From: Aliasgar Ginwala Signed-off-by: Aliasgar Ginwala --- lib/command-line.c | 29 + lib/command-line.h | 3 +++ 2 files changed, 32 insertions(+) diff --git a/lib/command-line.c b/lib/command-line.c index 9e000bd28..2fc8b6e48 100644 --- a/lib/command-line.c +++

[ovs-dev] [PATCH v2] command-line.c: Support parsing ctl options via env variable

From: Aliasgar Ginwala Signed-off-by: Aliasgar Ginwala --- lib/command-line.c | 55 ++ lib/command-line.h | 3 +++ 2 files changed, 58 insertions(+) diff --git a/lib/command-line.c b/lib/command-line.c index 9e000bd28..d13cca294 100644 ---

[ovs-dev] [PATCH v2 ovn] ovn-nb/sbctl.c: Use env variables for passing options.

From: Aliasgar Ginwala Add new env variables OVN_NBCTL_OPTIONS and OVN_SBCTL_OPTIONS for ovn-nbctl and ovn-sbctl respectively where user can set supported ovn-nb/sbctl options using environment variable. e.g. OVN_SBCTL_OPTIONS="--db=unix:sb1.ovsdb --no-leader-only" Signed-off-by: Aliasgar

[ovs-dev] [PATCH v1] command-line.c: Support parsing ctl options via env variable

From: Aliasgar Ginwala Signed-off-by: Aliasgar Ginwala --- lib/command-line.c | 50 ++ lib/command-line.h | 3 +++ 2 files changed, 53 insertions(+) diff --git a/lib/command-line.c b/lib/command-line.c index 9e000bd28..64a84efa8 100644 ---

[ovs-dev] [PATCH v1 ovn] ovs container build.sh requires python3

From: Aliasgar Ginwala building ovn/ovs container breaks while configure: checking for Python 3 (version 3.4 or later)... no configure: error: Python 3.4 or later is required but not found in /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin, please install it or set to point to it

[ovs-dev] [PATCH v1] ovs container build.sh requires python3

From: Aliasgar Ginwala building ovn/ovs container breaks while configure: checking for Python 3 (version 3.4 or later)... no configure: error: Python 3.4 or later is required but not found in /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin, please install it or set to point to it

[ovs-dev] [PATCH v1 ovn] ovn-nb/sbctl.c: Use env variables for passing options.

From: Aliasgar Ginwala Add new env variables OVN_NBCTL_OPTIONS and OVN_SBCTL_OPTIONS for ovn-nbctl and ovn-sbctl respectively where user can set any single supported option. e.g export OVN_NBCTL_OPTIONS=--no-leader-only. Above env var OVN_NBCTL_OPTIONS have no effect if user runs command as

[ovs-dev] [PATCH v1 ovn] ovn-nb/sbctl.c: Set no-leader-only as default for clustered dbs

From: Aliasgar Ginwala When using ovn-nb/sbctl running in cluster, one can use local socket to run different commands. It is very inconvenient to pass no-leader-only in different tools using ovn-nb/sbctl instead of allowing one to to connect to any nodes in the cluster including itself. e.g

[ovs-dev] [PATCH v2.11] ovn-ctl: Support passing ssl certs for northd

From: Aliasgar Ginwala When using ssl mode for ovn nb/sb active-standby/cluster db service models, northd can use ssl mode too. e.g. one can pass --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and --ovn-northd-ssl-cert to start northd with ssl Signed-off-by: Aliasgar Ginwala Acked-by: Han

[ovs-dev] [PATCH v2 2/2 ovn] Support starting containers with unix socket

From: Aliasgar Ginwala Signed-off-by: Aliasgar Ginwala --- Documentation/intro/install/general.rst | 14 ++ utilities/docker/start-ovn | 9 + 2 files changed, 23 insertions(+) diff --git a/Documentation/intro/install/general.rst

[ovs-dev] [PATCH v2 1/2 ovn] OVN: Fix container build.

From: Aliasgar Ginwala Current code changes in ovs/ovn split replaced openvswitch with ovn and caused container patches to break. Also, as per ff4439d, one should build ovn specifying ovs source. This patch fixes the same. Signed-off-by: Aliasgar Ginwala --- utilities/automake.mk

[ovs-dev] [PATCH v1 ovn] ovn-ctl: Support passing ssl certs for northd

From: Aliasgar Ginwala When using ssl mode for ovn nb/sb active-standby/cluster db service models, northd can use ssl mode too. e.g. one can pass --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and --ovn-northd-ssl-cert to start northd with ssl Signed-off-by: Aliasgar Ginwala ---

[ovs-dev] [PATCH 1/2 ovn] OVN: Fix container build.

From: Aliasgar Ginwala Current code changes in ovs/ovn split replaced openvswitch with ovn and caused container patches to break. Also, as per ff4439d, one should build ovn specifying ovs source. This patch fixes the same. --- utilities/docker/create_ovn_dbs.sh | 18 --

[ovs-dev] [PATCH 2/2 ovn] Support starting containers with unix socket

From: Aliasgar Ginwala --- Documentation/intro/install/general.rst | 14 ++ utilities/docker/start-ovn | 9 + 2 files changed, 23 insertions(+) diff --git a/Documentation/intro/install/general.rst b/Documentation/intro/install/general.rst index

[ovs-dev] [PATCH v10] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala Acked-by: Han Zhou ---

[ovs-dev] [PATCH v9] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala --- Documentation/ref/ovsdb.7.rst | 3 +

[ovs-dev] [PATCH v8] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala --- Documentation/ref/ovsdb.7.rst | 3 +

[ovs-dev] [PATCH v7] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala --- Documentation/ref/ovsdb.7.rst | 3 +

[ovs-dev] [PATCH v6] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala --- Documentation/ref/ovsdb.7.rst | 3 +

[ovs-dev] [PATCH v5] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala --- Documentation/ref/ovsdb.7.rst | 3 +

[ovs-dev] [PATCHi v5] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala --- Documentation/ref/ovsdb.7.rst | 3 +

[ovs-dev] [PATCH v4] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala --- Documentation/ref/ovsdb.7.rst | 3 +

[ovs-dev] [PATCH v3] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala --- Documentation/ref/ovsdb.7.rst | 3 +

[ovs-dev] [PATCH v1] ovsdb.7.rst: some corrections in ovsdb-client usage.

From: Aliasgar Ginwala 1. Correct typo where it should be ovsdb-client backup vs ovsdb-tool backup. 2. Update for which case will ovsdb-client not work. Signed-off-by: Aliasgar Ginwala --- Documentation/ref/ovsdb.7.rst | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git

[ovs-dev] [PATCH v2] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool migrate-cluster-db ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala --- ovsdb/ovsdb-tool.c | 154

[ovs-dev] [PATCH v1] ovsdb-tool: Convert clustered db to standalone db.

From: Aliasgar Ginwala Add support in ovsdb-tool for migrating clustered dbs to standalone dbs. E.g. usage to migrate nb/sb db to standalone db from raft: ovsdb-tool migrate-cluster-db ovnnb_db.db ovnnb_db_cluster.db Signed-off-by: Aliasgar Ginwala --- ovsdb/ovsdb-tool.c | 154

[ovs-dev] [PATCH v4 ovn] Containerize components

From: Aliasgar Ginwala 1. Containerize ovn central components 2. Containerize ovn host 3. Update documentation about building/running ovn in containers. Signed-off-by: Aliasgar Ginwala --- Documentation/intro/install/general.rst | 83 utilities/automake.mk

[ovs-dev] [PATCH v3 ovn] Containerize components

From: Aliasgar Ginwala 1. Containerize ovn central components 2. Containerize ovn host 3. Update documentation about building/running ovn in containers. Signed-off-by: Aliasgar Ginwala --- Documentation/intro/install/general.rst | 83 utilities/automake.mk

[ovs-dev] [PATCH v2 2/2] ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP.

When starting OVN DBs in HA using pacemaker with ssl, we need to pass ssl certs for starting standby DBs. Hence, we need this change. Signed-off-by: aginwala Acked-by: Han Zhou --- ovn/utilities/ovndb-servers.ocf | 72 - 1 file changed, 71 insertions(+),

[ovs-dev] [PATCH v2 1/2] ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.

For OVN DBs to work with SSL in HA, we need to have capability to pass ssl certs when starting OVN DBs. Say when starting OVN DBs in active passive mode, in order for the standby DBs to sync from master node, it cannot sync because the required ssl certs are not passed when standby DBs are

[ovs-dev] [PATCH 2/2] ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP.

When starting OVN DBs in HA using pacemaker with ssl, we need to pass ssl certs for starting standby DBs. Hence, we need this change. Signed-off-by: aginwala --- ovn/utilities/ovndb-servers.ocf | 74 - 1 file changed, 73 insertions(+), 1 deletion(-)

[ovs-dev] [PATCH 1/2] ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.

For OVN DBs to work with SSL in HA, we need to have capability to pass ssl certs when starting OVN DBs. Say when starting OVN DBs in active passive mode, in order for the standby DBs to sync from master node, it cannot sync because the required ssl certs are not passed when standby DBs are

[ovs-dev] [PATCH] Use new default nb and sb dbs for sandbox northd:

From: aginwala As per new clustering change, ovn-northd sandbox should use nb1.ovsdb and sb1.ovsdb. It was updated in ovn-northd --help section but missed for sandbox. This commit fixes the same Reported-by: Mark Michelson Reported-at:

[ovs-dev] [PATCH] Show total_ports_on_switch when displaying logical_switch:

From: aginwala e.g. when running ovn-nbctl show ls, it's good to have total ports that are attached to the switch. Signed-off-by: Aliasgar Ginwala --- ovn/utilities/ovn-nbctl.c | 1 + tests/ovn-nbctl.at| 10 ++ 2 files changed, 7