Open vSwitch does not bring up ports automatically. This is not a
problem for wireless ports, or for ports configured in
/etc/config/network, but other ports will be down, and require manual
interaction to be brought up. Configuring them with proto none will
cause netifd to do some actions on them, which might cause undefined
results, and will also bloat the UCI config file.
The cleanest solution is to bring all member ports up as part of the
init script.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
When Open vSwitch is configured to use a controller, but is unable to
connect to it, Open vSwitch will setup flows to allow all traffic, if
the failure mode is not configured, or set to standalone.
As this might be a security hazard, it is also possible to configure
Open vSwitch in a secure failure mode. Enabling this mode causes Open
vSwitch to drop all traffic if it is unable to connect to the
controller.
Redirect stderr of the command to /dev/null as it does not support the
--if-exists option.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Add a UCI config option to set the OpenFlow datapath description. This
allows setting a human readable description of the bridge, e.g.
"Building x, Floor y, AP z", which makes it easier to recognize the AP.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Open vSwitch supports SSL to connect to an OpenFlow controller. This is
recommended for security. Expand the UCI ovs config section to allow
configuring SSL CA, certificate and private key.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The Open vSwitch init script does not set USE_PROCD=1. Instead, it
defines most of the functions and variables that would be set when
USE_PROCD is set to 1, but with some minor changes.
The basescript variable however, which is used when calling
procd_open_service and procd_kill, is not set. As a result, basename of
the contents of the initscript variable is used as the service name. As
the service is automatically started via its symlink in /etc/rc.d,
S15openvswitch, the service name is S15openvswitch.
Set the basescript variable so that the service name is openvswitch.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
By default, Open vSwitch will generate the OpenFlow datapath ID of a
bridge based on the MAC address of one of its ports. Due to this, it's
possible that the datapath ID changes when new ports are added. When the
datapath ID changes, Open vSwitch disconnects from the controller, as
there is no way to notify the controller that the datapath ID has
changed.
Add an option to set the datapath ID so that the above situation can be
avoided. The option takes either exactly 16 hex characters, or when
prefixed with 0x, between 1 and 16 hex characters.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The current way to add ports to an Open vSwitch bridge does not allow
complex port configurations. Use a dedicated uci config section per port
instead of the current port:type syntax. This way we can easily support
more features like setting the VLAN tag or the OpenFlow port number.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Calling the ovs_bridge_init function when stopping the service will
result in ovs-vsctl being called after ovsdb-server has been shut down.
This causes the following error:
ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)
Calling the ovs_bridge_init function when requesting the service status
has no added value.
Only call ovs_bridge_init during start or restart to fix this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Add limited procd support to handle config reload
Option drop_unknown_ports can be used to ensure that only configured ports
are part of the bridge
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This new config section in package openvswitch
supports creating a named bridge, and setting
its' OpenFlow controller end-point.
An example config is included in /rom/etc/config/openvswitch
Signed-off-by: Simon Kinane <skinane@fb.com>
python2 library is now removed as the transition has been done by the
upstream project
OVN is now a separate project released with its own release plan and
it's not included within openvswitch starting with ovs 2.13.
openvswitch.mk is split out from the main Makefile for adding ovn
packages back in following commits.
The following two patches are already included in 2.13
- ovsdb-idlc-fix-dict-change-during-iteration.patch
- compat-Include-confirm_neigh-parameter-if-needed.patch
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- initscript: skip when ctl scripts are absent. When only ovs is
installed, this will quash error messages of ovn-ctl not found when
invoking stop
- openvswitch-common: include ovs-kmod-ctl
- patches: ovs-save: compatible with busybox ip command
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
New scheme mainly provides three packages: openvswitch,
openvswitch-ovn-north, openvswitch-ovn-controller. These should fit
most usage scenarios. Other subpackages like openvswitch-libXXX
etc. are there for dependency management and are hidden from the
menu.
Many python and shell scripts are removed in this revision. Most of
them cannot run out of box at all for lack of dependencies. Others
being legacy ones are not that useful now. Add them back at later time
when real need appears
Below are a simple listing of additions
- initscript now incorporate also ovn north and controller support
- ovn-ctl and ovs-ctl can be invoked directly from within $PATH
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
I should have packaged the OVN stuff, VTEP and what-not
earlier, but was not inspired to do this earlier.
I made some time now to package those parts.
Disabling flake8 & python3 explicitly.
They might get detected and cause weird build errors.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This is default if ovs is started through ovs-ctl but we start it directly, hence
tell procd to use nice -10 for ovs.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
