From 3b12addabb60c1eae0f58942281a388a6bc5d45b Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Wed, 3 Mar 2010 16:54:00 -0800 Subject: [PATCH] Update Open vSwitch documentation. --- INSTALL.Linux | 37 +++++++++++++++++++----------- INSTALL.OpenFlow | 19 +++++++-------- INSTALL.SSL | 25 ++++++++++---------- INSTALL.bridge | 29 ++++++++--------------- Makefile.am | 3 ++- README | 3 +++ REPORTING-BUGS | 4 ++-- utilities/ovs-openflowd.8.in | 3 +-- vswitchd/.gitignore | 1 - xenserver/etc_profile.d_vswitch.sh | 6 +---- 10 files changed, 65 insertions(+), 65 deletions(-) diff --git a/INSTALL.Linux b/INSTALL.Linux index c0344f230..e25c193c9 100644 --- a/INSTALL.Linux +++ b/INSTALL.Linux @@ -155,23 +155,34 @@ Prerequisites section, follow the procedure below to build. To verify that the modules have been loaded, run "/sbin/lsmod" and check that openvswitch_mod is listed. -Configuration -============= +7. Initialize the configuration database using ovsdb-tool, e.g.: -Open vSwitch is configured primarily through a configuration file, -whose name is specified on the ovs-vswitchd command line. Please -refer to ovs-vswitchd(8) and ovs-vswitchd.conf(5) for information on -how to start ovs-vswitchd and the syntax of its configuration file, -respectively. + % ovsdb-tool create /etc/ovs-vswitchd.conf.db vswitchd/vswitch.ovsschema -At runtime, you may make ovs-vswitchd reload its configuration file -and update its configuration accordingly by sending it a SIGHUP -signal. The ovs-appctl utility can also be used to do this: +Startup +======= - % ovs-appctl vswitchd/reload +Before starting ovs-vswitchd itself, you need to start its +configuration database, ovsdb-server. Configure it to use the +database you created during step 7 of installation, above, and to +listen on a Unix domain socket, e.g.: -In the latter case, ovs-appctl will wait for ovs-vswitchd to finish -reloading before it exits. + % ovsdb-server /etc/ovs-vswitchd.conf.db --remote=punix:/var/run/ovsdb-server + +Then start the main Open vSwitch daemon, telling it to connect to the +same Unix domain socket: + + % ovs-vswitchd unix:/var/run/ovsdb-server + +Now you may use ovs-vsctl to set up bridges and other Open vSwitch +features. For example, to create a bridge named br0 and add ports +eth0 and vif1.0 to it: + + % ovs-vsctl add-br br0 + % ovs-vsctl add-port br0 eth0 + % ovs-vsctl add-port br0 vif1.0 + +Please refer to ovs-vsctl(8) for more details. Bug Reporting ------------- diff --git a/INSTALL.OpenFlow b/INSTALL.OpenFlow index a1b77997f..7a4a7e6f1 100644 --- a/INSTALL.OpenFlow +++ b/INSTALL.OpenFlow @@ -1,15 +1,16 @@ Using Open vSwitch as a Simple OpenFlow Switch ============================================== -Open vSwitch uses OpenFlow as its preferred method of remote flow table -configuration. This is the simplest method of using it with an OpenFlow -controller. All that is required is to follow the instructions in -INSTALL.Linux and add the bridge..controller set of parameters to the -ovs-vswitchd(8) configuration file as described in ovs-vswitchd.conf(5). -We recommend using OpenFlow in this manner. However, it is also possible to -use Open vSwitch as a simple OpenFlow switch like that provided by the -OpenFlow reference implementation [1]. The remainder of this file describes -how to user it in that manner. +Open vSwitch uses OpenFlow as its preferred method of remote flow +table configuration. This is the simplest method of using it with an +OpenFlow controller. The ovs-vsctl "set-controller" command will set +the controller for one or more bridges. We recommend using OpenFlow +in this manner. + +However, it is also possible to use Open vSwitch as a simple OpenFlow +switch like that provided by the OpenFlow reference implementation +[1]. The remainder of this file describes how to use it in that +manner. What is OpenFlow? ----------------- diff --git a/INSTALL.SSL b/INSTALL.SSL index 8df47bc10..4ba092548 100644 --- a/INSTALL.SSL +++ b/INSTALL.SSL @@ -287,30 +287,31 @@ cacert.pem: OpenFlow controller by verifying a signature against this CA certificate. -Once you have these files, configure ovs-vswitchd to use them by -adding the following keys to your ovs-vswitchd.conf file: +Once you have these files, configure ovs-vswitchd to use them using +the ovs-vsctl "set-ssl" command, e.g.: - ssl.private-key=/etc/vswitch/sc-privkey.pem - ssl.certificate=/etc/vswitch/sc-cert.pem - ssl.ca-cert=/etc/vswitch/cacert.pem + ovs-vsctl set-ssl /etc/vswitch/sc-privkey.pem /etc/vswitch/sc-cert.pem /etc/vswitch/cacert.pem Substitute the correct file names, of course, if they differ from the -ones used above. +ones used above. You should use absolute file names (ones that begin +with "/"), because ovs-vswitchd's current directory is unrelated to +the one from which you run ovs-vsctl. If you are using self-signed certificates (see "SSL Concepts for OpenFlow") and you did not copy controllerca/cacert.pem from the PKI -machine to the Open vSwitch, then also add the following key: +machine to the Open vSwitch, then add the --bootstrap option, e.g.: - ssl.bootstrap-ca-cert=true + ovs-vsctl -- --bootstrap set-ssl /etc/vswitch/sc-privkey.pem /etc/vswitch/sc-cert.pem /etc/vswitch/cacert.pem After you have added all of these configuration keys, you may specify -"ssl:" connection methods elsewhere in ovs-vswitchd.conf, e.g.: - - mgmt.controller=ssl:192.168.0.1 - +"ssl:" connection methods elsewhere in the configuration database. "tcp:" connection methods are still allowed even after SSL has been configured, so for security you should use only "ssl:" connections. +Unlike most Open vSwitch settings, the SSL settings are read only +once, at ovs-vswitchd startup time. For changes to take effect, +ovs-vswitchd must be killed and restarted. + Reporting Bugs -------------- diff --git a/INSTALL.bridge b/INSTALL.bridge index b30152d4b..75caaceeb 100644 --- a/INSTALL.bridge +++ b/INSTALL.bridge @@ -42,23 +42,16 @@ to update system scripts to follow these steps. bridge interfaces), to ensure that the Open vSwitch kernel modules are loaded before the Linux kernel bridge module. -3. Create an initial version of the configuration file, for example - /etc/ovs-vswitchd.conf. This file may be empty initially or may - contain add any valid configuration directives described in - ovs-vswitchd.conf(5). However, it must exist when you start - ovs-vswitchd. +3. Start ovsdb-server, ovs-vswitchd, and ovs-brcompatd, e.g.: - To create an empty configuration file: - - % touch /etc/ovs-vswitchd.conf - -4. Start ovs-vswitchd and ovs-brcompatd, e.g.: + % ovsdb-server /etc/ovs-vswitchd.conf.db \ + --remote=punix:/var/run/ovsdb-server % ovs-vswitchd --pidfile --detach -vANY:console:EMER \ - /etc/ovs-vswitchd.conf + unix:/var/run/ovsdb-server % ovs-brcompatd --pidfile --detach -vANY:console:EMER \ - /etc/ovs-vswitchd.conf + unix:/var/run/ovsdb-server 5. Now you should be able to manage the Open vSwitch using brctl and related tools. For example, you can create an Open vSwitch bridge, @@ -71,11 +64,7 @@ to update system scripts to follow these steps. % brctl show Each of these commands actually uses or modifies the Open vSwitch - configuration file, then notifies the ovs-vswitchd daemon of the - change. For example, after executing the commands above starting - from an empty configuration file, "cat /etc/ovs-vswitchd.conf" - should show that the configuration file now contains the following: - - bridge.br0.port=br0 - bridge.br0.port=eth0 - bridge.br0.port=eth1 + configuration database, then notifies the ovs-vswitchd daemon of + the change. For example, after executing the commands above + starting from an empty configuration file, "ovs-vsctl list-ports + br0" should show that bridge br0 contains two ports, eth0 and eth1. diff --git a/Makefile.am b/Makefile.am index bb8245efd..6a82ba3ca 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,4 +1,4 @@ -# Copyright (C) 2007, 2008, 2009 Nicira Networks, Inc. +# Copyright (C) 2007, 2008, 2009, 2010 Nicira Networks, Inc. # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright @@ -40,6 +40,7 @@ bin_PROGRAMS = sbin_PROGRAMS = bin_SCRIPTS = dist_man_MANS = +dist_pkgdata_DATA = dist_pkgdata_SCRIPTS = dist_sbin_SCRIPTS = man_MANS = diff --git a/README b/README index a0c9a2e1d..5b8099890 100644 --- a/README +++ b/README @@ -47,6 +47,9 @@ The main components of this distribution are: * ovs-vswitchd, a daemon that implements the switch, along with a companion Linux kernel module for flow-based switching. + * ovsdb-server, a lightweight database server that ovs-vswitchd + queries to obtain its configuration. + * ovs-brcompatd, a daemon that allows ovs-vswitchd to act as a drop-in replacement for the Linux bridge in many environments, along with a companion Linux kernel module to intercept bridge diff --git a/REPORTING-BUGS b/REPORTING-BUGS index 8412ec633..75da3d6eb 100644 --- a/REPORTING-BUGS +++ b/REPORTING-BUGS @@ -20,8 +20,8 @@ as much of the following information as you can in your report: /proc/version) and the distribution and version number of your OS (e.g. "Centos 5.0"). - * The contents of the vswitchd configuration file (usually - /etc/ovs-vswitchd.conf). + * The contents of the vswitchd configuration database (usually + /etc/ovs-vswitchd.conf.db). * The output of "ovs-dpctl show". diff --git a/utilities/ovs-openflowd.8.in b/utilities/ovs-openflowd.8.in index 7b349b5ff..e65121eb8 100644 --- a/utilities/ovs-openflowd.8.in +++ b/utilities/ovs-openflowd.8.in @@ -429,5 +429,4 @@ switching. .BR ovs\-discover (8), .BR ovs\-dpctl (8), .BR ovs\-ofctl (8), -.BR ovs\-pki (8), -.BR ovs\-vswitchd.conf (5) +.BR ovs\-pki (8) diff --git a/vswitchd/.gitignore b/vswitchd/.gitignore index 872a72673..fd0945dc4 100644 --- a/vswitchd/.gitignore +++ b/vswitchd/.gitignore @@ -4,7 +4,6 @@ /ovs-brcompatd.8 /ovs-vswitchd /ovs-vswitchd.8 -/ovs-vswitchd.conf.5 /vswitch-idl.c /vswitch-idl.h /vswitch-idl.ovsidl diff --git a/xenserver/etc_profile.d_vswitch.sh b/xenserver/etc_profile.d_vswitch.sh index 527bfcf92..a001e2158 100644 --- a/xenserver/etc_profile.d_vswitch.sh +++ b/xenserver/etc_profile.d_vswitch.sh @@ -1,4 +1,4 @@ -# Copyright (C) 2009 Nicira Networks, Inc. +# Copyright (C) 2009, 2010 Nicira Networks, Inc. # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright @@ -7,10 +7,6 @@ alias vswitch='service vswitch' -function watchconf { - watch cat /etc/ovs-vswitchd.conf -} - function watchdp { watch ovs-dpctl show "$@" } -- 2.43.0