X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=debian%2Fopenflow-switch.init;h=1df4ea0b951bd0f6ff6999d3304f7329e651bb78;hb=91bdbe0c017a1dbda0128c44b862234ddb85eec2;hp=2d0ff60f7119bf4efdf110dfd482bc2f5098e4da;hpb=28318b5fdf26d6960b84e69aff1d084ab4a9f60c;p=sliver-openvswitch.git diff --git a/debian/openflow-switch.init b/debian/openflow-switch.init index 2d0ff60f7..1df4ea0b9 100755 --- a/debian/openflow-switch.init +++ b/debian/openflow-switch.init @@ -34,6 +34,18 @@ DODTIME=1 # Time to wait for the server to die, in seconds # 'restart' will not work # Include secchan defaults if available +unset NETDEVS +unset MODE +unset SWITCH_IP +unset CONTROLLER +unset PRIVKEY +unset CERT +unset CACERT +unset CACERT_MODE +unset MGMT_VCONNS +unset COMMANDS +unset DAEMON_OPTS +unset CORE_LIMIT default=/etc/default/openflow-switch if [ -f $default ] ; then . $default @@ -115,30 +127,42 @@ check_op() { } configure_ssl() { - if test ! -e "$PRIVKEY" || test ! -e "$CERT" || test ! -e "$CACERT"; then + if (test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap) \ + || test ! -e "$PRIVKEY" || test ! -e "$CERT" \ + || (test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap); then + if test "$CACERT_MODE" != secure && test "$CACERT_MODE" != bootstrap + then + echo "CACERT_MODE is not set to 'secure' or 'bootstrap'" + fi if test ! -e "$PRIVKEY"; then echo "$PRIVKEY: private key missing" >&2 fi if test ! -e "$CERT"; then echo "$CERT: certificate for private key missing" >&2 fi - if test ! -e "$CACERT"; then - echo "$CACERT: CA certificate missing" >&2 + if test ! -e "$CACERT" && test "$CACERT_MODE" != bootstrap; then + echo "$CACERT: CA certificate missing (and CA certificate bootstrapping not enabled)" >&2 fi - echo "Run ofp-switch-setup or edit /etc/default/openflow-switch to configure" >&2 + echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2 if test "$MODE" = discovery; then echo "You may also delete or rename $PRIVKEY to disable SSL requirement" >&2 fi exit 1 fi - SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT --ca-cert=$CACERT" + + SSL_OPTS="--private-key=$PRIVKEY --certificate=$CERT" + if test ! -e "$CACERT" && test "$CACERT_MODE" = bootstrap; then + SSL_OPTS="$SSL_OPTS --bootstrap-ca-cert=$CACERT" + else + SSL_OPTS="$SSL_OPTS --ca-cert=$CACERT" + fi } case "$1" in start) if test -z "$NETDEVS"; then echo "$default: No network devices configured, switch disabled" >&2 - echo "Run ofp-switch-setup or edit /etc/default/openflow-switch to configure" >&2 + echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2 exit 0 fi if test "$MODE" = discovery; then @@ -146,12 +170,12 @@ case "$1" in elif test "$MODE" = in-band || test "$MODE" = out-of-band; then if test -z "$CONTROLLER"; then echo "$default: No controller configured and not configured for discovery, switch disabled" >&2 - echo "Run ofp-switch-setup or edit /etc/default/openflow-switch to configure" >&2 + echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2 exit 0 fi else echo "$default: MODE must set to 'discovery', 'in-band', or 'out-of-band'" >&2 - echo "Run ofp-switch-setup or edit /etc/default/openflow-switch to configure" >&2 + echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2 exit 1 fi : ${PRIVKEY:=/etc/openflow-switch/of0-privkey.pem} @@ -171,15 +195,17 @@ case "$1" in ;; *) echo "$default: CONTROLLER must be in the form 'ssl:HOST[:PORT]' or 'tcp:HOST[:PORT]' when not in discovery mode" >&2 - echo "Run ofp-switch-setup or edit /etc/default/openflow-switch to configure" >&2 + echo "Run ofp-switch-setup (in the openflow-switch-config package) or edit /etc/default/openflow-switch to configure" >&2 exit 1 esac echo -n "Loading openflow_mod: " - if modprobe openflow_mod; then + if grep -q '^openflow_mod$' /proc/modules; then + echo "already loaded, nothing to do." + elif modprobe openflow_mod; then echo "success." else - echo " ERROR." + echo "ERROR." echo "openflow_mod has probably not been built for this kernel." if ! test -d /usr/share/doc/openflow-datapath-source; then echo "Install the openflow-datapath-source package, then read" @@ -200,16 +226,45 @@ case "$1" in if test "$SWITCH_IP" = dhcp; then must_succeed "Temporarily disabling of0" ifconfig of0 down else - must_succeed "Configuring of0 as $SWITCH_IP" ifconfig of0 $SWITCH_IP + COMMAND="ifconfig of0 $SWITCH_IP" + if test -n "$SWITCH_NETMASK"; then + COMMAND="$COMMAND netmask $SWITCH_NETMASK" + fi + must_succeed "Configuring of0: $COMMAND" $COMMAND + if test -n "$SWITCH_GATEWAY"; then + # This can fail because the route already exists, + # so we don't insist that it succeed. + COMMAND="route add default gw $SWITCH_GATEWAY" + check_op "Adding default route: $COMMAND" $COMMAND + fi fi else must_succeed "Disabling of0" ifconfig of0 down fi + MGMT_OPTS= + for vconn in $MGMT_VCONNS; do + MGMT_OPTS="$MGMT_OPTS --listen=$vconn" + done + + COMMAND_OPT= + if test -n "$COMMANDS"; then + COMMAND_OPT="--command-acl=$COMMANDS" + fi + + if test "$MODE" = out-of-band; then + DAEMON_OPTS="$DAEMON_OPTS --out-of-band" + fi + + if test -n "$CORE_LIMIT"; then + check_ops "Setting core limit to $CORE_LIMIT" ulimit -c "$CORE_LIMIT" + fi + echo -n "Starting $DESC: " start-stop-daemon --start --quiet --pidfile $PIDFILE \ --exec $DAEMON -- nl:0 $CONTROLLER --detach --pidfile=$PIDFILE \ - $DAEMON_OPTS $SSL_OPTS + --verbose=ANY:console:emer --verbose=ANY:syslog:err --log-file \ + $DAEMON_OPTS $MGMT_OPTS $SSL_OPTS "$COMMAND_OPT" if running; then echo "$NAME." else @@ -244,6 +299,7 @@ case "$1" in check_op "Removing $netdev from datapath" dpctl delif nl:0 $netdev done check_op "Deleting datapath" dpctl deldp nl:0 + check_op "Unloading kernel module" modprobe -r openflow_mod ;; force-stop) echo -n "Forcefully stopping $DESC: "