## start ##
## ----- ##
-insert_modules_if_required () {
+insert_openvswitch_mod_if_required () {
# If openvswitch_mod is already loaded then we're done.
test -e /sys/module/openvswitch_mod && return 0
action "Inserting openvswitch module" modprobe openvswitch_mod
}
+insert_brcompat_mod_if_required () {
+ test -e /sys/module/brcompat_mod && return 0
+ action "Inserting brcompat module" modprobe brcompat_mod
+}
+
ovs_vsctl () {
ovs-vsctl --no-wait --timeout=5 "$@"
}
ovsdb_tool () {
- ovsdb-tool -vANY:console:emer "$@"
+ ovsdb-tool -vANY:console:off "$@"
+}
+
+create_db () {
+ action "Creating empty database $DB_FILE" ovsdb_tool create "$DB_FILE" "$DB_SCHEMA"
}
upgrade_db () {
if test ! -e "$DB_FILE"; then
log_warning_msg "$DB_FILE does not exist"
install -d -m 755 -o root -g root `dirname $DB_FILE`
-
- action "Creating empty database $DB_FILE" true
- ovsdb_tool create "$DB_FILE" "$DB_SCHEMA"
+ create_db
elif test X"`ovsdb_tool needs-conversion "$DB_FILE" "$DB_SCHEMA"`" != Xno; then
# Back up the old version.
version=`ovsdb_tool db-version "$DB_FILE"`
cksum=`ovsdb_tool db-cksum "$DB_FILE" | awk '{print $1}'`
- cp "$DB_FILE" "$DB_FILE.backup$version-$cksum"
+ backup=$DB_FILE.backup$version-$cksum
+ action "Backing up database to $backup" cp "$DB_FILE" "$backup" || return 1
# Compact database. This is important if the old schema did not enable
# garbage collection (i.e. if it did not have any tables with "isRoot":
# does) would cause the record to be dropped by the first transaction,
# then the second transaction would cause a referential integrity
# failure (for a strong reference).
- ovsdb_tool compact "$DB_FILE"
+ #
+ # Errors might occur on an Open vSwitch downgrade if ovsdb-tool doesn't
+ # understand some feature of the schema used in the OVSDB version that
+ # we're downgrading from, so we don't give up on error.
+ action "Compacting database" ovsdb_tool compact "$DB_FILE"
# Upgrade or downgrade schema.
- ovsdb_tool convert "$DB_FILE" "$DB_SCHEMA"
+ if action "Converting database schema" ovsdb_tool convert "$DB_FILE" "$DB_SCHEMA"; then
+ :
+ else
+ log_warning_msg "Schema conversion failed, using empty database instead"
+ rm -f "$DB_FILE"
+ create_db
+ fi
fi
}
ulimit -Sc 67108864
fi
- insert_modules_if_required || return 1
+ insert_openvswitch_mod_if_required || return 1
+ if test X"$BRCOMPAT" = Xyes; then
+ insert_brcompat_mod_if_required || return 1
+ fi
if daemon_is_running ovsdb-server; then
log_success_msg "ovsdb-server is already running"
if test X"$MLOCKALL" != Xno; then
set "$@" --mlockall
fi
- start_daemon "$VSWITCHD_PRIORITY" "$@"
+ start_daemon "$OVS_VSWITCHD_PRIORITY" "$@"
+ fi
+
+ if daemon_is_running ovs-brcompatd; then
+ log_success_msg "ovs-brcompatd is already running"
+ elif test X"$BRCOMPAT" = Xyes; then
+ set ovs-brcompatd
+ set "$@" -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO
+ start_daemon "$OVS_BRCOMPATD_PRIORITY" "$@"
fi
}
## ---- ##
stop () {
+ stop_daemon ovs-brcompatd
stop_daemon ovs-vswitchd
stop_daemon ovsdb-server
}
chmod +x "$script"
for dp in `ovs-dpctl dump-dps`; do
- action "Removing datapath: $dp" "$dpctl" del-dp "$dp"
+ action "Removing datapath: $dp" ovs-dpctl del-dp "$dp"
done
+ if test -e /sys/module/brcompat_mod; then
+ action "Removing brcompat module" rmmod brcompat_mod
+ fi
if test -e /sys/module/openvswitch_mod; then
action "Removing openvswitch module" rmmod openvswitch_mod
fi
## --------------- ##
enable_protocol () {
- set X "-p $PROTOCOL"
+ # Translate the protocol name to a number, because "iptables -n -L" prints
+ # some protocols by name (despite the -n) and therefore we need to look for
+ # both forms.
+ #
+ # (iptables -S output is more uniform but old iptables doesn't have it.)
+ protonum=`grep "^$PROTOCOL[ ]" /etc/protocols | awk '{print $2}'`
+ if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
+ log_failure_msg "unknown protocol $PROTOCOL"
+ return 1
+ fi
+
name=$PROTOCOL
+ match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
+ insert="iptables -I INPUT -p $PROTOCOL"
if test X"$DPORT" != X; then
- set "$@" "--dport $DPORT"
name="$name to port $DPORT"
+ match="$match && /dpt:$DPORT/"
+ insert="$insert --dport $DPORT"
fi
if test X"$SPORT" != X; then
- set "$@" "--sport $SPORT"
name="$name from port $SPORT"
+ match="$match && /spt:$SPORT/"
+ insert="$insert --sport $SPORT"
fi
- shift
-
- search="/^-A INPUT/!d"
- insert="iptables -I INPUT"
- for arg; do
- search="$search
-/ $arg /!d"
- insert="$insert $arg"
- done
insert="$insert -j ACCEPT"
- if (iptables -S INPUT) >/dev/null 2>&1; then
- case `iptables -S INPUT | sed "$search"` in
- '')
- action "Enabling $name with iptables" $insert
- ;;
- *)
- # There's already a rule for this protocol. Don't override it.
- log_success_msg "iptables already has a rule for $name, not explicitly enabling"
- ;;
- esac
+ if (iptables -n -L INPUT) >/dev/null 2>&1; then
+ if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
+ then
+ # There's already a rule for this protocol. Don't override it.
+ log_success_msg "iptables already has a rule for $name, not explicitly enabling"
+ else
+ action "Enabling $name with iptables" $insert
+ fi
elif (iptables --version) >/dev/null 2>&1; then
- action "iptables binary not installed, not adding a rule for $name"
- else
action "cannot list iptables rules, not adding a rule for $name"
+ else
+ action "iptables binary not installed, not adding a rule for $name"
fi
}
SYSTEM_ID=
DELETE_BRIDGES=no
+ BRCOMPAT=no
DAEMON_CWD=/
FORCE_COREFILES=yes
MLOCKALL=yes
OVSDB_SERVER_PRIORITY=-10
OVS_VSWITCHD_PRIORITY=-10
+ OVS_BRCOMPATD_PRIORITY=-10
DB_FILE=$etcdir/conf.db
DB_SOCK=$rundir/db.sock
enable-protocol enable protocol specified in options with iptables
help display this help message
-One of the following options should be specified when starting Open vSwitch:
+One of the following options is required for "start" and "force-reload-kmod":
--system-id=UUID set specific ID to uniquely identify this system
--system-id=random use a random but persistent UUID to identify this system
-Other important options for starting Open vSwitch:
+Other important options for "start" and "force-reload-kmod":
--system-type=TYPE set system type (e.g. "XenServer")
--system-version=VERSION set system version (e.g. "5.6.100-39265p")
--external-id="key=value"
add given key-value pair to Open_vSwitch external-ids
--delete-bridges delete all bridges just before starting ovs-vswitchd
-Less important options for starting Open vSwitch:
- --daemon-cwd=DIR current working directory for OVS daemons (default: $DAEMON_CWD)
- --no-force-corefiles
- do not forcibly enable core dumps for OVS daemons
- --no-mlockall do not lock all of ovs-vswitchd into memory
- --ovsdb-server-priority=NICE
- set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
- --ovs-vswitchd-priority=NICE
- set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
+Less important options for "start" and "force-reload-kmod":
+ --daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD)
+ --no-force-corefiles do not force on core dumps for OVS daemons
+ --no-mlockall do not lock all of ovs-vswitchd into memory
+ --ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
+ --ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
+ --ovs-brcompatd-priority=NICE set ovs-brcompatd's niceness (default: $OVS_BRCOMPATD_PRIORITY)
+
+Options for "start", "force-reload-kmod", "status", and "version":
+ --brcompat enable Linux bridge compatibility module and daemon
File location options:
--db-file=FILE database file name (default: $DB_FILE)
--db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
--db-schema=FILE database schema file name (default: $DB_SCHEMA)
-Options for enable-protocol:
+Options for "enable-protocol":
--protocol=PROTOCOL protocol to enable with iptables (default: gre)
--sport=PORT source port to match (for tcp or udp protocol)
--dport=PORT ddestination port to match (for tcp or udp protocol)
eval $var=\$value
}
+daemons () {
+ echo ovsdb-server ovs-vswitchd
+ if test X"$BRCOMPAT" = Xyes; then
+ echo ovs-brcompatd
+ fi
+}
+
set_defaults
extra_ids=
command=
stop
;;
status)
- daemon_status ovsdb-server && daemon_status ovs-vswitchd
+ rc=0
+ for daemon in `daemons`; do
+ daemon_status $daemon || rc=$?
+ done
+ exit $rc
;;
version)
- ovsdb-server --version && ovs-vswitchd --version
+ for daemon in `daemons`; do
+ $daemon --version
+ done
;;
force-reload-kmod)
force_reload_kmod