# 'restart' will not work
# Include secchan defaults if available
+unset NETDEVS
+unset MODE
+unset SWITCH_IP
+unset CONTROLLER
+unset PRIVKEY
+unset CERT
+unset CACERT
+unset CACERT_MODE
+unset MGMT_VCONNS
+unset COMMANDS
+unset DAEMON_OPTS
default=/etc/default/openflow-switch
if [ -f $default ] ; then
. $default
}
configure_ssl() {
- if test ! -e "$PRIVKEY" || test ! -e "$CERT" || test ! -e "$CACERT"; then
+ if (test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap) \
+ || test ! -e "$PRIVKEY" || test ! -e "$CERT" \
+ || (test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap); then
+ if test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap
+ then
+ echo "CACERT_MODE is not set to 'secure' or 'bootstrap'"
+ fi
if test ! -e "$PRIVKEY"; then
echo "$PRIVKEY: private key missing" >&2
fi
if test ! -e "$CERT"; then
echo "$CERT: certificate for private key missing" >&2
fi
- if test ! -e "$CACERT"; then
- echo "$CACERT: CA certificate missing" >&2
+ if test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap; then
+ echo "$CACERT: CA certificate missing (and CA certificate bootstrapping not enabled)" >&2
fi
- echo "Run ofp-switch-setup or edit /etc/default/openflow-switch to configure" >&2
+ echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2
if test "$MODE" = discovery; then
echo "You may also delete or rename $PRIVKEY to disable SSL requirement" >&2
fi
exit 1
fi
- SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT --ca-cert=$CACERT"
+
+ SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT"
+ if test ! -e "$CACERT" && test "$CACERT_MODE" = bootstrap; then
+ SSL_OPTS="$SSL_OPTS --bootstrap-ca-cert=$CACERT"
+ else
+ SSL_OPTS="$SSL_OPTS --ca-cert=$CACERT"
+ fi
}
case "$1" in
start)
if test -z "$NETDEVS"; then
echo "$default: No network devices configured, switch disabled" >&2
- echo "Run ofp-switch-setup or edit /etc/default/openflow-switch to configure" >&2
+ echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2
exit 0
fi
if test "$MODE" = discovery; then
elif test "$MODE" = in-band || test "$MODE" = out-of-band; then
if test -z "$CONTROLLER"; then
echo "$default: No controller configured and not configured for discovery, switch disabled" >&2
- echo "Run ofp-switch-setup or edit /etc/default/openflow-switch to configure" >&2
+ echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2
exit 0
fi
else
echo "$default: MODE must set to 'discovery', 'in-band', or 'out-of-band'" >&2
- echo "Run ofp-switch-setup or edit /etc/default/openflow-switch to configure" >&2
+ echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2
exit 1
fi
: ${PRIVKEY:=/etc/openflow-switch/of0-privkey.pem}
;;
*)
echo "$default: CONTROLLER must be in the form 'ssl:HOST[:PORT]' or 'tcp:HOST[:PORT]' when not in discovery mode" >&2
- echo "Run ofp-switch-setup or edit /etc/default/openflow-switch to configure" >&2
+ echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2
exit 1
esac
echo -n "Loading openflow_mod: "
- if modprobe openflow_mod; then
+ if grep -q '^openflow_mod$' /proc/modules; then
+ echo "already loaded, nothing to do."
+ elif modprobe openflow_mod; then
echo "success."
else
- echo " ERROR."
+ echo "ERROR."
echo "openflow_mod has probably not been built for this kernel."
if ! test -d /usr/share/doc/openflow-datapath-source; then
echo "Install the openflow-datapath-source package, then read"
if test "$SWITCH_IP" = dhcp; then
must_succeed "Temporarily disabling of0" ifconfig of0 down
else
- must_succeed "Configuring of0 as $SWITCH_IP" ifconfig of0 $SWITCH_IP
+ COMMAND="ifconfig of0 $SWITCH_IP"
+ if test -n "$SWITCH_NETMASK"; then
+ COMMAND="$COMMAND netmask $SWITCH_NETMASK"
+ fi
+ must_succeed "Configuring of0: $COMMAND" $COMMAND
+ if test -n "$SWITCH_GATEWAY"; then
+ # This can fail because the route already exists,
+ # so we don't insist that it succeed.
+ COMMAND="route add default gw $SWITCH_GATEWAY"
+ check_op "Adding default route: $COMMAND" $COMMAND
+ fi
fi
else
must_succeed "Disabling of0" ifconfig of0 down
fi
+ MGMT_OPTS=
+ for vconn in $MGMT_VCONNS; do
+ MGMT_OPTS="$MGMT_OPTS --listen=$vconn"
+ done
+
+ COMMAND_OPT=
+ if test -n "$COMMANDS"; then
+ COMMAND_OPT="--command-acl=$COMMANDS"
+ fi
+
+ if test "$MODE" = out-of-band; then
+ DAEMON_OPTS="$DAEMON_OPTS --out-of-band"
+ fi
+
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- nl:0 $CONTROLLER --detach --pidfile=$PIDFILE \
- $DAEMON_OPTS $SSL_OPTS
+ --verbose=ANY:console:emer --verbose=ANY:syslog:err --log-file \
+ $DAEMON_OPTS $MGMT_OPTS $SSL_OPTS "$COMMAND_OPT"
if running; then
echo "$NAME."
else
check_op "Removing $netdev from datapath" dpctl delif nl:0 $netdev
done
check_op "Deleting datapath" dpctl deldp nl:0
+ check_op "Unloading kernel module" modprobe -r openflow_mod
;;
force-stop)
echo -n "Forcefully stopping $DESC: "
git://git.onelab.eu / sliver-openvswitch.git / blobdiff