2 # Copyright (C) 2009, 2010, 2011, 2012 Nicira, Inc.
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at:
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
17 */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
20 . "$dir0/ovs-lib" || exit 1
22 for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
33 insert_openvswitch_mod_if_required () {
34 # If openvswitch is already loaded then we're done.
35 test -e /sys/module/openvswitch -o -e /sys/module/openvswitch_mod && \
38 # Load openvswitch. If that's successful then we're done.
39 action "Inserting openvswitch module" modprobe openvswitch && return 0
41 # If the bridge module is loaded, then that might be blocking
42 # openvswitch. Try to unload it, if there are no bridges.
43 test -e /sys/module/bridge || return 1
44 bridges=`echo /sys/class/net/*/bridge | sed 's,/sys/class/net/,,g;s,/bridge,,g'`
45 if test "$bridges" != "*"; then
46 log_warning_msg "not removing bridge module because bridges exist ($bridges)"
49 action "removing bridge module" rmmod bridge || return 1
51 # Try loading openvswitch again.
52 action "Inserting openvswitch module" modprobe openvswitch
55 insert_brcompat_mod_if_required () {
56 if test -e /sys/module/bridge; then
57 log_warning_msg "bridge module is loaded, not loading brcompat"
60 test -e /sys/module/brcompat -o -e /sys/module/brcompat_mod && return 0
61 action "Inserting brcompat module" modprobe brcompat
64 insert_mod_if_required () {
65 insert_openvswitch_mod_if_required || return 1
66 if test X"$BRCOMPAT" = Xyes; then
67 if insert_brcompat_mod_if_required; then
70 log_warning_msg "could not load brcompat module, disabling bridge compatibility"
77 ovs-vsctl --no-wait --timeout=5 "$@"
81 ovsdb-tool -vconsole:off "$@"
85 action "Creating empty database $DB_FILE" ovsdb_tool create "$DB_FILE" "$DB_SCHEMA"
89 schemaver=`ovsdb_tool schema-version "$DB_SCHEMA"`
90 if test ! -e "$DB_FILE"; then
91 log_warning_msg "$DB_FILE does not exist"
92 install -d -m 755 -o root -g root `dirname $DB_FILE`
94 elif test X"`ovsdb_tool needs-conversion "$DB_FILE" "$DB_SCHEMA"`" != Xno; then
95 # Back up the old version.
96 version=`ovsdb_tool db-version "$DB_FILE"`
97 cksum=`ovsdb_tool db-cksum "$DB_FILE" | awk '{print $1}'`
98 backup=$DB_FILE.backup$version-$cksum
99 action "Backing up database to $backup" cp "$DB_FILE" "$backup" || return 1
101 # Compact database. This is important if the old schema did not enable
102 # garbage collection (i.e. if it did not have any tables with "isRoot":
103 # true) but the new schema does. In that situation the old database
104 # may contain a transaction that creates a record followed by a
105 # transaction that creates the first use of the record. Replaying that
106 # series of transactions against the new database schema (as "convert"
107 # does) would cause the record to be dropped by the first transaction,
108 # then the second transaction would cause a referential integrity
109 # failure (for a strong reference).
111 # Errors might occur on an Open vSwitch downgrade if ovsdb-tool doesn't
112 # understand some feature of the schema used in the OVSDB version that
113 # we're downgrading from, so we don't give up on error.
114 action "Compacting database" ovsdb_tool compact "$DB_FILE"
116 # Upgrade or downgrade schema.
117 if action "Converting database schema" ovsdb_tool convert "$DB_FILE" "$DB_SCHEMA"; then
120 log_warning_msg "Schema conversion failed, using empty database instead"
128 set ovs_vsctl set Open_vSwitch .
130 OVS_VERSION=`ovs-vswitchd --version | sed 's/.*) //;1q'`
131 set "$@" ovs-version="$OVS_VERSION"
135 id_file=$etcdir/system-id.conf
136 uuid_file=$etcdir/install_uuid.conf
137 if test -e "$id_file"; then
138 SYSTEM_ID=`cat "$id_file"`
139 elif test -e "$uuid_file"; then
140 # Migrate from old file name.
142 SYSTEM_ID=$INSTALLATION_UUID
143 echo "$SYSTEM_ID" > "$id_file"
144 elif SYSTEM_ID=`uuidgen`; then
145 echo "$SYSTEM_ID" > "$id_file"
147 log_failure_msg "missing uuidgen, could not generate system ID"
152 log_failure_msg "system ID not configured, please use --system-id"
158 set "$@" external-ids:system-id="\"$SYSTEM_ID\""
160 if test X"$SYSTEM_TYPE" != X; then
161 set "$@" system-type="\"$SYSTEM_TYPE\""
163 log_failure_msg "no default system type, please use --system-type"
166 if test X"$SYSTEM_VERSION" != X; then
167 set "$@" system-version="\"$SYSTEM_VERSION\""
169 log_failure_msg "no default system version, please use --system-version"
172 action "Configuring Open vSwitch system IDs" "$@" $extra_ids
176 if test X"$FORCE_COREFILES" = Xyes; then
180 insert_mod_if_required || return 1
182 if daemon_is_running ovsdb-server; then
183 log_success_msg "ovsdb-server is already running"
185 # Create initial database or upgrade database schema.
186 upgrade_db || return 1
188 # Start ovsdb-server.
189 set ovsdb-server "$DB_FILE"
190 set "$@" -vconsole:emer -vsyslog:err -vfile:info
191 set "$@" --remote=punix:"$DB_SOCK"
192 set "$@" --remote=db:Open_vSwitch,manager_options
193 set "$@" --private-key=db:SSL,private_key
194 set "$@" --certificate=db:SSL,certificate
195 set "$@" --bootstrap-ca-cert=db:SSL,ca_cert
196 start_daemon "$OVSDB_SERVER_PRIORITY" "$OVSDB_SERVER_WRAPPER" "$@" \
199 # Initialize database settings.
200 ovs_vsctl -- init -- set Open_vSwitch . db-version="$schemaver" \
202 set_system_ids || return 1
203 if test X"$DELETE_BRIDGES" = Xyes; then
204 for bridge in `ovs_vsctl list-br`; do
205 ovs_vsctl del-br $bridge
210 if daemon_is_running ovs-vswitchd; then
211 log_success_msg "ovs-vswitchd is already running"
213 # Increase the limit on the number of open file descriptors.
214 # ovs-vswitchd needs 16 per datapath, plus a few extra, so this
215 # should allow for 256 (or more) bridges.
218 # Start ovs-vswitchd.
219 set ovs-vswitchd unix:"$DB_SOCK"
220 set "$@" -vconsole:emer -vsyslog:err -vfile:info
221 if test X"$MLOCKALL" != Xno; then
224 start_daemon "$OVS_VSWITCHD_PRIORITY" "$OVS_VSWITCHD_WRAPPER" "$@"
227 if daemon_is_running ovs-brcompatd; then
228 log_success_msg "ovs-brcompatd is already running"
229 elif test X"$BRCOMPAT" = Xyes; then
231 set "$@" -vconsole:emer -vsyslog:err -vfile:info
232 start_daemon "$OVS_BRCOMPATD_PRIORITY" "$OVS_BRCOMPATD_WRAPPER" "$@"
241 stop_daemon ovs-brcompatd
242 stop_daemon ovs-vswitchd
243 stop_daemon ovsdb-server
246 ## ----------------- ##
247 ## force-reload-kmod ##
248 ## ----------------- ##
250 internal_interfaces () {
251 # Outputs a list of internal interfaces:
253 # - There is an internal interface for every bridge, whether it
254 # has an Interface record or not and whether the Interface
255 # record's 'type' is properly set or not.
257 # - There is an internal interface for each Interface record whose
258 # 'type' is 'internal'.
260 # But ignore interfaces that don't really exist.
261 for d in `(ovs_vsctl --bare \
262 -- --columns=name find Interface type=internal \
263 -- list-br) | sort -u`
265 if test -e "/sys/class/net/$d"; then
272 "$datadir/scripts/ovs-save" $ifaces > "$script"
275 force_reload_kmod () {
276 ifaces=`internal_interfaces`
277 action "Detected internal interfaces: $ifaces" true
282 trap 'rm -f "$script"' 0 1 2 13 15
283 if action "Saving interface configuration" save_interfaces; then
286 log_warning_msg "Failed to save configuration, not replacing kernel module"
292 for dp in `ovs-dpctl dump-dps`; do
293 action "Removing datapath: $dp" ovs-dpctl del-dp "$dp"
296 # try both old and new names in case this is post upgrade
297 if test -e /sys/module/brcompat_mod; then
298 action "Removing brcompat module" rmmod brcompat_mod
299 elif test -e /sys/module/brcompat; then
300 action "Removing brcompat module" rmmod brcompat
302 if test -e /sys/module/openvswitch_mod; then
303 action "Removing openvswitch module" rmmod openvswitch_mod
304 elif test -e /sys/module/openvswitch; then
305 action "Removing openvswitch module" rmmod openvswitch
310 action "Restoring interface configuration" "$script"
312 if test $rc = 0; then
317 log="logger -p daemon.$level -t ovs-save"
318 $log "force-reload-kmod interface restore script exited with status $rc:"
321 "$datadir/scripts/ovs-check-dead-ifs"
324 ## --------------- ##
325 ## enable-protocol ##
326 ## --------------- ##
329 # Translate the protocol name to a number, because "iptables -n -L" prints
330 # some protocols by name (despite the -n) and therefore we need to look for
333 # (iptables -S output is more uniform but old iptables doesn't have it.)
334 protonum=`grep "^$PROTOCOL[ ]" /etc/protocols | awk '{print $2}'`
335 if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
336 log_failure_msg "unknown protocol $PROTOCOL"
341 match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
342 insert="iptables -I INPUT -p $PROTOCOL"
343 if test X"$DPORT" != X; then
344 name="$name to port $DPORT"
345 match="$match && /dpt:$DPORT/"
346 insert="$insert --dport $DPORT"
348 if test X"$SPORT" != X; then
349 name="$name from port $SPORT"
350 match="$match && /spt:$SPORT/"
351 insert="$insert --sport $SPORT"
353 insert="$insert -j ACCEPT"
355 if (iptables -n -L INPUT) >/dev/null 2>&1; then
356 if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
358 # There's already a rule for this protocol. Don't override it.
359 log_success_msg "iptables already has a rule for $name, not explicitly enabling"
361 action "Enabling $name with iptables" $insert
363 elif (iptables --version) >/dev/null 2>&1; then
364 action "cannot list iptables rules, not adding a rule for $name"
366 action "iptables binary not installed, not adding a rule for $name"
383 OVSDB_SERVER_PRIORITY=-10
384 OVS_VSWITCHD_PRIORITY=-10
385 OVS_BRCOMPATD_PRIORITY=-10
386 OVSDB_SERVER_WRAPPER=
387 OVS_VSWITCHD_WRAPPER=
388 OVS_BRCOMPATD_WRAPPER=
390 DB_FILE=$etcdir/conf.db
391 DB_SOCK=$rundir/db.sock
392 DB_SCHEMA=$datadir/vswitch.ovsschema
398 type_file=$etcdir/system-type.conf
399 version_file=$etcdir/system-version.conf
401 if test -e "$type_file" ; then
402 SYSTEM_TYPE=`cat $type_file`
403 SYSTEM_VERSION=`cat $version_file`
404 elif (lsb_release --id) >/dev/null 2>&1; then
405 SYSTEM_TYPE=`lsb_release --id -s`
406 system_release=`lsb_release --release -s`
407 system_codename=`lsb_release --codename -s`
408 SYSTEM_VERSION="${system_release}-${system_codename}"
411 SYSTEM_VERSION=unknown
418 $0: controls Open vSwitch daemons
419 usage: $0 [OPTIONS] COMMAND
421 This program is intended to be invoked internally by Open vSwitch startup
422 scripts. System administrators should not normally invoke it directly.
425 start start Open vSwitch daemons
426 stop stop Open vSwitch daemons
427 status check whether Open vSwitch daemons are running
428 version print versions of Open vSwitch daemons
429 load-kmod insert modules if not already present
430 force-reload-kmod save OVS network device state, stop OVS, unload kernel
431 module, reload kernel module, start OVS, restore state
432 enable-protocol enable protocol specified in options with iptables
433 help display this help message
435 One of the following options is required for "start" and "force-reload-kmod":
436 --system-id=UUID set specific ID to uniquely identify this system
437 --system-id=random use a random but persistent UUID to identify this system
439 Other important options for "start" and "force-reload-kmod":
440 --system-type=TYPE set system type (e.g. "XenServer")
441 --system-version=VERSION set system version (e.g. "5.6.100-39265p")
442 --external-id="key=value"
443 add given key-value pair to Open_vSwitch external-ids
444 --delete-bridges delete all bridges just before starting ovs-vswitchd
446 Less important options for "start" and "force-reload-kmod":
447 --daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD)
448 --no-force-corefiles do not force on core dumps for OVS daemons
449 --no-mlockall do not lock all of ovs-vswitchd into memory
450 --ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
451 --ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
452 --ovs-brcompatd-priority=NICE set ovs-brcompatd's niceness (default: $OVS_BRCOMPATD_PRIORITY)
454 Debugging options for "start" and "force-reload-kmod":
455 --ovsdb-server-wrapper=WRAPPER
456 --ovs-vswitchd-wrapper=WRAPPER
457 --ovs-vswitchd-wrapper=WRAPPER
458 run specified daemon under WRAPPER (either 'valgrind' or 'strace')
460 Options for "start", "force-reload-kmod", "load-kmod", "status", and "version":
461 --brcompat enable Linux bridge compatibility module and daemon
463 File location options:
464 --db-file=FILE database file name (default: $DB_FILE)
465 --db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
466 --db-schema=FILE database schema file name (default: $DB_SCHEMA)
468 Options for "enable-protocol":
469 --protocol=PROTOCOL protocol to enable with iptables (default: gre)
470 --sport=PORT source port to match (for tcp or udp protocol)
471 --dport=PORT ddestination port to match (for tcp or udp protocol)
474 -h, --help display this help message
475 -V, --version display version information
477 Default directories with "configure" option and environment variable override:
478 logs: @LOGDIR@ (--log-dir, OVS_LOGDIR)
479 pidfiles and sockets: @RUNDIR@ (--run-dir, OVS_RUNDIR)
480 system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
481 data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
482 user binaries: @bindir@ (--bindir, OVS_BINDIR)
483 system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)
485 Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
492 var=`echo "$option" | tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
493 eval set=\${$var+yes}
494 eval old_value=\$$var
495 if test X$set = X || \
496 (test $type = bool && \
497 test X"$old_value" != Xno && test X"$old_value" != Xyes); then
498 echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
505 echo ovsdb-server ovs-vswitchd
506 if test X"$BRCOMPAT" = Xyes; then
521 echo "$0 (Open vSwitch) $VERSION"
525 value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
528 extra_ids="$extra_ids external-ids:$value"
531 echo >&2 "$0: --external-id argument not in the form \"key=value\""
537 option=`expr X"$arg" : 'X--\([^=]*\)'`
538 value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
543 option=`expr X"$arg" : 'X--no-\(.*\)'`
549 option=`expr X"$arg" : 'X--\(.*\)'`
555 echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
559 if test X"$command" = X; then
562 echo >&2 "$0: exactly one non-option argument required (use --help for help)"
577 for daemon in `daemons`; do
578 daemon_status $daemon || rc=$?
583 for daemon in `daemons`; do
591 insert_mod_if_required
600 echo >&2 "$0: missing command name (use --help for help)"
604 echo >&2 "$0: unknown command \"$command\" (use --help for help)"