Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/net/openvswitch/files/openvswitch.init
Stijn Tintel 653716eb19 openvswitch: add SSL support 
Open vSwitch supports SSL to connect to an OpenFlow controller. This is
recommended for security. Expand the UCI ovs config section to allow
configuring SSL CA, certificate and private key.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-07-29 12:30:39 +03:00

230 lines
4.8 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh /etc/rc.common
# Copyright (C) 2013 Julius Schulz-Zander <julius@net.t-labs.tu-berlin.de>
# Copyright (C) 2014-2017 OpenWrt.org
# Copyright (C) 2018 Yousong Zhou <yszhou4tech@gmail.com>
# Copyright (C) 2021 Felix Fietkau <nbd@nbd.name>
. /lib/functions/procd.sh
START=15
basescript=$(readlink "$initscript")
ovs_ctl="/usr/share/openvswitch/scripts/ovs-ctl"; [ -x "$ovs_ctl" ] || ovs_ctl=:
ovn_ctl="/usr/share/ovn/scripts/ovn-ctl"; [ -x "$ovn_ctl" ] || ovn_ctl=:
extra_command "status" "Get status information"
service_triggers() {
procd_add_reload_trigger openvswitch
}
init_triggers() {
procd_open_service "$(basename ${basescript:-$initscript})" "$initscript"
procd_close_service set
}
start() {
init_triggers
ovs_action start "$@"
}
reload() {
start
}
running() {
return 0
}
stop() {
procd_kill "$(basename ${basescript:-$initscript})"
ovs_action stop "$@"
}
restart() {
init_triggers
ovs_action restart "$@"
}
status() {
ovs_action status "$@"
}
ovs_action_cfgs=
ovs_action() {
local action="$1"; shift
local cfgtype
ovs_action_cfgs="$*"
config_load openvswitch
for cfgtype in ovs ovn_northd ovn_controller; do
config_foreach "ovs_xx" "$cfgtype" "$action" "$cfgtype"
done
case "$action" in
restart|start)
config_foreach ovs_bridge_init "ovs_bridge"
;;
esac
}
ovs_xx() {
local cfg="$1"
local action="$2"
local cfgtype="$3"
local disabled
if [ -n "$ovs_action_cfgs" ] && ! list_contains "ovs_action_cfgs" "$cfg"; then
return
fi
case "$action" in
status|stop) ;;
*)
config_get_bool disabled "$cfg" disabled 0
[ "$disabled" == "0" ] || return
;;
esac
case "$cfgtype" in
ovs)
"$ovs_ctl" "$action" \
--system-id=random 1000>&-
ovs_set_ssl
;;
ovn_*)
"$ovn_ctl" "${action}_${cfgtype#ovn_}"
;;
esac
}
ovs_bridge_parse_port() {
case "$1" in
*:*)
port="${1%%:*}"
type="${1#*:}"
;;
*)
port="$1"
type=""
;;
esac
}
ovs_bridge_port_add() {
[ -n "$1" ] || return
ovs_bridge_parse_port "$1"
cur_type="$(ovs-vsctl get interface "$port" type 2>/dev/null)"
[ "$?" = 0 ] && {
[ "$type" = "$cur_type" ] || ovs-vsctl del-port "$port"
}
ovs-vsctl --may-exist add-port "$name" "$port" ${type:+ -- set interface "$port" type="$type"}
__port_list="$__port_list ${port} "
}
ovs_bridge_port_add_complex() {
local cfg="$1"
local cur_bridge="$2"
local bridge disabled ofport port tag type
local cur_tag cur_type del_port
config_get_bool disabled "$cfg" disabled 0
[ "$disabled" = "0" ] || return
config_get bridge "$cfg" bridge
[ "$bridge" = "$cur_bridge" ] || return
ovs-vsctl br-exists "$bridge" || return
config_get port "$cfg" port
[ -n "$port" ] || return
config_get ofport "$cfg" ofport
config_get tag "$cfg" tag
if [ -n "$tag" ]; then
if cur_tag="$(ovs-vsctl get port "$port" tag 2>/dev/null)"; then
[ "$tag" = "$cur_tag" ] || del_port=1
fi
fi
config_get type "$cfg" type
if [ -n "$type" ]; then
if cur_type="$(ovs-vsctl get interface "$port" type 2>/dev/null)"; then
[ "$type" = "$cur_type" ] || del_port=1
fi
fi
[ "${del_port:-0}" -eq 1 ] && ovs-vsctl --if-exists del-port "$bridge" "$port"
ovs-vsctl --may-exist add-port "$bridge" "$port" ${tag:+tag="$tag"} \
${ofport:+ -- set interface "$port" ofport_request="$ofport"} \
${type:+ -- set interface "$port" type="$type"}
__port_list="$__port_list ${port} "
}
ovs_bridge_port_cleanup() {
for port in `ovs-vsctl list-ports "$name"`; do
case "$__port_list" in
*" $port "*);;
*) ovs-vsctl del-port "$port";;
esac
done
}
ovs_bridge_validate_datapath_id() {
local dpid="$1"
if expr "$dpid" : '[[:xdigit:]]\{16\}$' > /dev/null; then
return 0
elif expr "$dpid" : '0x[[:xdigit:]]\{1,16\}$' > /dev/null; then
return 0
else
logger -t openvswitch "invalid datapath_id: $dpid"
return 1
fi
}
ovs_bridge_init() {
local cfg="$1"
local disabled
local name
local controller
local datapath_id
config_get_bool disabled "$cfg" disabled 0
[ "$disabled" == "0" ] || return
config_get name "$cfg" name $cfg
ovs-vsctl --may-exist add-br "$name"
config_get datapath_id "$cfg" datapath_id
[ -n "$datapath_id" ] && {
ovs_bridge_validate_datapath_id "$datapath_id" && {
ovs-vsctl --if-exists set bridge "$name" other-config:datapath-id="$datapath_id"
}
}
config_list_foreach "$cfg" "ports" ovs_bridge_port_add
config_foreach ovs_bridge_port_add_complex ovs_port "$name"
config_get_bool drop "$cfg" "drop_unknown_ports" 0
[ "$drop" == 1 ] && ovs_bridge_port_cleanup
config_get controller "$cfg" controller
[ -n "$controller" ] && \
ovs-vsctl set-controller "$name" "$controller"
}
ovs_set_ssl() {
local ca="$(uci -q get openvswitch.ovs.ca)"
[ -f "$ca" ] || return
local cert="$(uci get openvswitch.ovs.cert)"
[ -f "$cert" ] || return
local key="$(uci get openvswitch.ovs.key)"
[ -f "$key" ] || return
ovs-vsctl set-ssl "$key" "$cert" "$ca"
}
Reference in a new issue View git blame Copy permalink