2 # Copyright (C) 2009, 2010, 2011, 2012 Nicira, Inc.
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at:
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
17 */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
20 . "$dir0/ovs-lib" || exit 1
22 for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
33 restore_datapaths () {
34 [ -n "${script_datapaths}" ] && \
35 action "Restoring datapath configuration" "${script_datapaths}"
38 insert_openvswitch_mod_if_required () {
39 # If openvswitch is already loaded then we're done.
40 test -e /sys/module/openvswitch -o -e /sys/module/openvswitch_mod && \
43 # Load openvswitch. If that's successful then we're done.
44 if action "Inserting openvswitch module" modprobe openvswitch; then
49 # If the bridge module is loaded, then that might be blocking
50 # openvswitch. Try to unload it, if there are no bridges.
51 test -e /sys/module/bridge || return 1
52 bridges=`echo /sys/class/net/*/bridge | sed 's,/sys/class/net/,,g;s,/bridge,,g'`
53 if test "$bridges" != "*"; then
54 log_warning_msg "not removing bridge module because bridges exist ($bridges)"
57 action "removing bridge module" rmmod bridge || return 1
59 # Try loading openvswitch again.
60 action "Inserting openvswitch module" modprobe openvswitch
64 insert_brcompat_mod_if_required () {
65 if test -e /sys/module/bridge; then
66 log_warning_msg "bridge module is loaded, not loading brcompat"
69 test -e /sys/module/brcompat -o -e /sys/module/brcompat_mod && return 0
70 action "Inserting brcompat module" modprobe brcompat
73 insert_mod_if_required () {
74 insert_openvswitch_mod_if_required || return 1
75 if test X"$BRCOMPAT" = Xyes; then
76 if insert_brcompat_mod_if_required; then
79 log_warning_msg "could not load brcompat module, disabling bridge compatibility"
86 ovs-vsctl --no-wait --timeout=5 "$@"
90 ovsdb-tool -vconsole:off "$@"
94 action "Creating empty database $DB_FILE" ovsdb_tool create "$DB_FILE" "$DB_SCHEMA"
98 schemaver=`ovsdb_tool schema-version "$DB_SCHEMA"`
99 if test ! -e "$DB_FILE"; then
100 log_warning_msg "$DB_FILE does not exist"
101 install -d -m 755 -o root -g root `dirname $DB_FILE`
103 elif test X"`ovsdb_tool needs-conversion "$DB_FILE" "$DB_SCHEMA"`" != Xno; then
104 # Back up the old version.
105 version=`ovsdb_tool db-version "$DB_FILE"`
106 cksum=`ovsdb_tool db-cksum "$DB_FILE" | awk '{print $1}'`
107 backup=$DB_FILE.backup$version-$cksum
108 action "Backing up database to $backup" cp "$DB_FILE" "$backup" || return 1
110 # Compact database. This is important if the old schema did not enable
111 # garbage collection (i.e. if it did not have any tables with "isRoot":
112 # true) but the new schema does. In that situation the old database
113 # may contain a transaction that creates a record followed by a
114 # transaction that creates the first use of the record. Replaying that
115 # series of transactions against the new database schema (as "convert"
116 # does) would cause the record to be dropped by the first transaction,
117 # then the second transaction would cause a referential integrity
118 # failure (for a strong reference).
120 # Errors might occur on an Open vSwitch downgrade if ovsdb-tool doesn't
121 # understand some feature of the schema used in the OVSDB version that
122 # we're downgrading from, so we don't give up on error.
123 action "Compacting database" ovsdb_tool compact "$DB_FILE"
125 # Upgrade or downgrade schema.
126 if action "Converting database schema" ovsdb_tool convert "$DB_FILE" "$DB_SCHEMA"; then
129 log_warning_msg "Schema conversion failed, using empty database instead"
137 set ovs_vsctl set Open_vSwitch .
139 OVS_VERSION=`ovs-vswitchd --version | sed 's/.*) //;1q'`
140 set "$@" ovs-version="$OVS_VERSION"
144 id_file=$etcdir/system-id.conf
145 uuid_file=$etcdir/install_uuid.conf
146 if test -e "$id_file"; then
147 SYSTEM_ID=`cat "$id_file"`
148 elif test -e "$uuid_file"; then
149 # Migrate from old file name.
151 SYSTEM_ID=$INSTALLATION_UUID
152 echo "$SYSTEM_ID" > "$id_file"
153 elif SYSTEM_ID=`uuidgen`; then
154 echo "$SYSTEM_ID" > "$id_file"
156 log_failure_msg "missing uuidgen, could not generate system ID"
161 log_failure_msg "system ID not configured, please use --system-id"
167 set "$@" external-ids:system-id="\"$SYSTEM_ID\""
169 if test X"$SYSTEM_TYPE" != X; then
170 set "$@" system-type="\"$SYSTEM_TYPE\""
172 log_failure_msg "no default system type, please use --system-type"
175 if test X"$SYSTEM_VERSION" != X; then
176 set "$@" system-version="\"$SYSTEM_VERSION\""
178 log_failure_msg "no default system version, please use --system-version"
181 action "Configuring Open vSwitch system IDs" "$@" $extra_ids
184 check_force_cores () {
185 if test X"$FORCE_COREFILES" = Xyes; then
193 if daemon_is_running ovsdb-server; then
194 log_success_msg "ovsdb-server is already running"
196 # Create initial database or upgrade database schema.
197 upgrade_db || return 1
199 # Start ovsdb-server.
200 set ovsdb-server "$DB_FILE"
201 for db in $EXTRA_DBS; do
207 if test ! -f "$db"; then
208 log_warning_msg "$db (from \$EXTRA_DBS) does not exist."
209 elif ovsdb-tool db-version "$db" >/dev/null; then
212 log_warning_msg "$db (from \$EXTRA_DBS) cannot be read as a database (see error message above)"
215 set "$@" -vconsole:emer -vsyslog:err -vfile:info
216 set "$@" --remote=punix:"$DB_SOCK"
217 set "$@" --remote=db:Open_vSwitch,Open_vSwitch,manager_options
218 set "$@" --private-key=db:Open_vSwitch,SSL,private_key
219 set "$@" --certificate=db:Open_vSwitch,SSL,certificate
220 set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
221 start_daemon "$OVSDB_SERVER_PRIORITY" "$OVSDB_SERVER_WRAPPER" "$@" \
224 # Initialize database settings.
225 ovs_vsctl -- init -- set Open_vSwitch . db-version="$schemaver" \
227 set_system_ids || return 1
228 if test X"$DELETE_BRIDGES" = Xyes; then
229 for bridge in `ovs_vsctl list-br`; do
230 ovs_vsctl del-br $bridge
236 start_forwarding () {
239 insert_mod_if_required || return 1
241 if daemon_is_running ovs-vswitchd; then
242 log_success_msg "ovs-vswitchd is already running"
244 # Increase the limit on the number of open file descriptors.
245 # ovs-vswitchd needs 16 per datapath, plus a few extra, so this
246 # should allow for 256 (or more) bridges.
249 # Start ovs-vswitchd.
250 set ovs-vswitchd unix:"$DB_SOCK"
251 set "$@" -vconsole:emer -vsyslog:err -vfile:info
252 if test X"$MLOCKALL" != Xno; then
255 start_daemon "$OVS_VSWITCHD_PRIORITY" "$OVS_VSWITCHD_WRAPPER" "$@"
258 if daemon_is_running ovs-brcompatd; then
259 log_success_msg "ovs-brcompatd is already running"
260 elif test X"$BRCOMPAT" = Xyes; then
262 set "$@" -vconsole:emer -vsyslog:err -vfile:info
263 start_daemon "$OVS_BRCOMPATD_PRIORITY" "$OVS_BRCOMPATD_WRAPPER" "$@"
272 stop_daemon ovsdb-server
276 stop_daemon ovs-brcompatd
277 stop_daemon ovs-vswitchd
280 ## ----------------- ##
281 ## force-reload-kmod ##
282 ## ----------------- ##
284 internal_interfaces () {
285 # Outputs a list of internal interfaces:
287 # - There is an internal interface for every bridge, whether it
288 # has an Interface record or not and whether the Interface
289 # record's 'type' is properly set or not.
291 # - There is an internal interface for each Interface record whose
292 # 'type' is 'internal'.
294 # But ignore interfaces that don't really exist.
295 for d in `(ovs_vsctl --bare \
296 -- --columns=name find Interface type=internal \
297 -- list-br) | sort -u`
299 if test -e "/sys/class/net/$d"; then
306 if set X `ovs_vsctl list-br`; then
308 if "$datadir/scripts/ovs-save" save-flows "$@" > "$script_flows"; then
309 chmod +x "$script_flows"
318 "$datadir/scripts/ovs-save" save-interfaces ${ifaces} \
319 > "${script_interfaces}"
323 "$datadir/scripts/ovs-save" save-datapaths ${datapaths} \
324 > "${script_datapaths}"
328 [ -n "${script_flows}" ] && \
329 action "Restoring saved flows" "${script_flows}"
332 force_reload_kmod () {
333 ifaces=`internal_interfaces`
334 action "Detected internal interfaces: $ifaces" true
336 script_interfaces=`mktemp`
337 script_datapaths=`mktemp`
338 script_flows=`mktemp`
339 trap 'rm -f "${script_interfaces}" "${script_flows}" \
340 "${script_datapaths}"' 0 1 2 13 15
342 action "Saving flows" save_flows
344 # Restart the database first, since a large database may take a
345 # while to load, and we want to minimize forwarding disruption.
351 if action "Saving interface configuration" save_interfaces; then
354 log_warning_msg "Failed to save configuration, not replacing kernel module"
358 chmod +x "$script_interfaces"
360 datapaths=`ovs-dpctl dump-dps`
361 if action "Saving datapath configuration" save_datapaths; then
362 chmod +x "${script_datapaths}"
364 log_warning_msg "Failed to save datapath configuration. The port\
365 numbers may change after the restart"
369 for dp in ${datapaths}; do
370 action "Removing datapath: $dp" ovs-dpctl del-dp "$dp"
373 # try both old and new names in case this is post upgrade
374 if test -e /sys/module/brcompat_mod; then
375 action "Removing brcompat module" rmmod brcompat_mod
376 elif test -e /sys/module/brcompat; then
377 action "Removing brcompat module" rmmod brcompat
379 if test -e /sys/module/openvswitch_mod; then
380 action "Removing openvswitch module" rmmod openvswitch_mod
381 elif test -e /sys/module/openvswitch; then
382 action "Removing openvswitch module" rmmod openvswitch
389 action "Restoring interface configuration" "$script_interfaces"
391 if test $rc = 0; then
396 log="logger -p daemon.$level -t ovs-save"
397 $log "force-reload-kmod interface restore script exited with status $rc:"
398 $log -f "$script_interfaces"
400 "$datadir/scripts/ovs-check-dead-ifs"
408 if daemon_is_running ovsdb-server && daemon_is_running ovs-vswitchd; then
409 script_flows=`mktemp`
410 trap 'rm -f "${script_flows}"' 0 1 2 13 15
412 action "Saving flows" save_flows
415 # Restart the database first, since a large database may take a
416 # while to load, and we want to minimize forwarding disruption.
423 # Restore the saved flows. Do not return error if restore fails.
424 restore_flows || true
427 ## --------------- ##
428 ## enable-protocol ##
429 ## --------------- ##
432 # Translate the protocol name to a number, because "iptables -n -L" prints
433 # some protocols by name (despite the -n) and therefore we need to look for
436 # (iptables -S output is more uniform but old iptables doesn't have it.)
437 protonum=`grep "^$PROTOCOL[ ]" /etc/protocols | awk '{print $2}'`
438 if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
439 log_failure_msg "unknown protocol $PROTOCOL"
444 match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
445 insert="iptables -I INPUT -p $PROTOCOL"
446 if test X"$DPORT" != X; then
447 name="$name to port $DPORT"
448 match="$match && /dpt:$DPORT/"
449 insert="$insert --dport $DPORT"
451 if test X"$SPORT" != X; then
452 name="$name from port $SPORT"
453 match="$match && /spt:$SPORT/"
454 insert="$insert --sport $SPORT"
456 insert="$insert -j ACCEPT"
458 if (iptables -n -L INPUT) >/dev/null 2>&1; then
459 if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
461 # There's already a rule for this protocol. Don't override it.
462 log_success_msg "iptables already has a rule for $name, not explicitly enabling"
464 action "Enabling $name with iptables" $insert
466 elif (iptables --version) >/dev/null 2>&1; then
467 action "cannot list iptables rules, not adding a rule for $name"
469 action "iptables binary not installed, not adding a rule for $name"
486 OVSDB_SERVER_PRIORITY=-10
487 OVS_VSWITCHD_PRIORITY=-10
488 OVS_BRCOMPATD_PRIORITY=-10
489 OVSDB_SERVER_WRAPPER=
490 OVS_VSWITCHD_WRAPPER=
491 OVS_BRCOMPATD_WRAPPER=
493 DB_FILE=$dbdir/conf.db
494 DB_SOCK=$rundir/db.sock
495 DB_SCHEMA=$datadir/vswitch.ovsschema
502 type_file=$etcdir/system-type.conf
503 version_file=$etcdir/system-version.conf
505 if test -e "$type_file" ; then
506 SYSTEM_TYPE=`cat $type_file`
507 SYSTEM_VERSION=`cat $version_file`
508 elif (lsb_release --id) >/dev/null 2>&1; then
509 SYSTEM_TYPE=`lsb_release --id -s`
510 system_release=`lsb_release --release -s`
511 system_codename=`lsb_release --codename -s`
512 SYSTEM_VERSION="${system_release}-${system_codename}"
515 SYSTEM_VERSION=unknown
522 $0: controls Open vSwitch daemons
523 usage: $0 [OPTIONS] COMMAND
525 This program is intended to be invoked internally by Open vSwitch startup
526 scripts. System administrators should not normally invoke it directly.
529 start start Open vSwitch daemons
530 stop stop Open vSwitch daemons
531 restart stop and start Open vSwitch daemons
532 status check whether Open vSwitch daemons are running
533 version print versions of Open vSwitch daemons
534 load-kmod insert modules if not already present
535 force-reload-kmod save OVS network device state, stop OVS, unload kernel
536 module, reload kernel module, start OVS, restore state
537 enable-protocol enable protocol specified in options with iptables
538 help display this help message
540 One of the following options is required for "start", "restart" and "force-reload-kmod":
541 --system-id=UUID set specific ID to uniquely identify this system
542 --system-id=random use a random but persistent UUID to identify this system
544 Other important options for "start", "restart" and "force-reload-kmod":
545 --system-type=TYPE set system type (e.g. "XenServer")
546 --system-version=VERSION set system version (e.g. "5.6.100-39265p")
547 --external-id="key=value"
548 add given key-value pair to Open_vSwitch external-ids
549 --delete-bridges delete all bridges just before starting ovs-vswitchd
551 Less important options for "start", "restart" and "force-reload-kmod":
552 --daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD)
553 --no-force-corefiles do not force on core dumps for OVS daemons
554 --no-mlockall do not lock all of ovs-vswitchd into memory
555 --ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
556 --ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
557 --ovs-brcompatd-priority=NICE set ovs-brcompatd's niceness (default: $OVS_BRCOMPATD_PRIORITY)
559 Debugging options for "start", "restart" and "force-reload-kmod":
560 --ovsdb-server-wrapper=WRAPPER
561 --ovs-vswitchd-wrapper=WRAPPER
562 --ovs-vswitchd-wrapper=WRAPPER
563 run specified daemon under WRAPPER (either 'valgrind' or 'strace')
565 Options for "start", "restart", "force-reload-kmod", "load-kmod", "status", and "version":
566 --brcompat enable Linux bridge compatibility module and daemon
568 File location options:
569 --db-file=FILE database file name (default: $DB_FILE)
570 --db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
571 --db-schema=FILE database schema file name (default: $DB_SCHEMA)
573 Options for "enable-protocol":
574 --protocol=PROTOCOL protocol to enable with iptables (default: gre)
575 --sport=PORT source port to match (for tcp or udp protocol)
576 --dport=PORT ddestination port to match (for tcp or udp protocol)
579 -h, --help display this help message
580 -V, --version display version information
582 Default directories with "configure" option and environment variable override:
583 logs: @LOGDIR@ (--with-logdir, OVS_LOGDIR)
584 pidfiles and sockets: @RUNDIR@ (--with-rundir, OVS_RUNDIR)
585 conf.db: @DBDIR@ (--with-dbdir, OVS_DBDIR)
586 system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
587 data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
588 user binaries: @bindir@ (--bindir, OVS_BINDIR)
589 system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)
591 Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
598 var=`echo "$option" | tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
599 eval set=\${$var+yes}
600 eval old_value=\$$var
601 if test X$set = X || \
602 (test $type = bool && \
603 test X"$old_value" != Xno && test X"$old_value" != Xyes); then
604 echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
611 echo ovsdb-server ovs-vswitchd
612 if test X"$BRCOMPAT" = Xyes; then
627 echo "$0 (Open vSwitch) $VERSION"
631 value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
634 extra_ids="$extra_ids external-ids:$value"
637 echo >&2 "$0: --external-id argument not in the form \"key=value\""
643 option=`expr X"$arg" : 'X--\([^=]*\)'`
644 value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
649 option=`expr X"$arg" : 'X--no-\(.*\)'`
655 option=`expr X"$arg" : 'X--\(.*\)'`
661 echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
665 if test X"$command" = X; then
668 echo >&2 "$0: exactly one non-option argument required (use --help for help)"
688 for daemon in `daemons`; do
689 daemon_status $daemon || rc=$?
694 for daemon in `daemons`; do
702 insert_mod_if_required
711 echo >&2 "$0: missing command name (use --help for help)"
715 echo >&2 "$0: unknown command \"$command\" (use --help for help)"