2 # Copyright (C) 2009, 2010, 2011, 2012 Nicira Networks, Inc.
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at:
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
17 */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
20 . "$dir0/ovs-lib" || exit 1
22 for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
33 insert_openvswitch_mod_if_required () {
34 # If openvswitch is already loaded then we're done.
35 test -e /sys/module/openvswitch -o -e /sys/module/openvswitch_mod && \
38 # Load openvswitch. If that's successful then we're done.
39 action "Inserting openvswitch module" modprobe openvswitch && return 0
41 # If the bridge module is loaded, then that might be blocking
42 # openvswitch. Try to unload it, if there are no bridges.
43 test -e /sys/module/bridge || return 1
44 bridges=`echo /sys/class/net/*/bridge | sed 's,/sys/class/net/,,g;s,/bridge,,g'`
45 if test "$bridges" != "*"; then
46 log_warning_msg "not removing bridge module because bridges exist ($bridges)"
49 action "removing bridge module" rmmod bridge || return 1
51 # Try loading openvswitch again.
52 action "Inserting openvswitch module" modprobe openvswitch
55 insert_brcompat_mod_if_required () {
56 if test -e /sys/module/bridge; then
57 log_warning_msg "bridge module is loaded, not loading brcompat"
60 test -e /sys/module/brcompat -o -e /sys/module/brcompat_mod && return 0
61 action "Inserting brcompat module" modprobe brcompat
64 insert_mod_if_required () {
65 insert_openvswitch_mod_if_required || return 1
66 if test X"$BRCOMPAT" = Xyes; then
67 insert_brcompat_mod_if_required || return 1
72 ovs-vsctl --no-wait --timeout=5 "$@"
76 ovsdb-tool -vANY:console:off "$@"
80 action "Creating empty database $DB_FILE" ovsdb_tool create "$DB_FILE" "$DB_SCHEMA"
84 schemaver=`ovsdb_tool schema-version "$DB_SCHEMA"`
85 if test ! -e "$DB_FILE"; then
86 log_warning_msg "$DB_FILE does not exist"
87 install -d -m 755 -o root -g root `dirname $DB_FILE`
89 elif test X"`ovsdb_tool needs-conversion "$DB_FILE" "$DB_SCHEMA"`" != Xno; then
90 # Back up the old version.
91 version=`ovsdb_tool db-version "$DB_FILE"`
92 cksum=`ovsdb_tool db-cksum "$DB_FILE" | awk '{print $1}'`
93 backup=$DB_FILE.backup$version-$cksum
94 action "Backing up database to $backup" cp "$DB_FILE" "$backup" || return 1
96 # Compact database. This is important if the old schema did not enable
97 # garbage collection (i.e. if it did not have any tables with "isRoot":
98 # true) but the new schema does. In that situation the old database
99 # may contain a transaction that creates a record followed by a
100 # transaction that creates the first use of the record. Replaying that
101 # series of transactions against the new database schema (as "convert"
102 # does) would cause the record to be dropped by the first transaction,
103 # then the second transaction would cause a referential integrity
104 # failure (for a strong reference).
106 # Errors might occur on an Open vSwitch downgrade if ovsdb-tool doesn't
107 # understand some feature of the schema used in the OVSDB version that
108 # we're downgrading from, so we don't give up on error.
109 action "Compacting database" ovsdb_tool compact "$DB_FILE"
111 # Upgrade or downgrade schema.
112 if action "Converting database schema" ovsdb_tool convert "$DB_FILE" "$DB_SCHEMA"; then
115 log_warning_msg "Schema conversion failed, using empty database instead"
123 set ovs_vsctl set Open_vSwitch .
125 OVS_VERSION=`ovs-vswitchd --version | sed 's/.*) //;1q'`
126 set "$@" ovs-version="$OVS_VERSION"
130 id_file=$etcdir/system-id.conf
131 uuid_file=$etcdir/install_uuid.conf
132 if test -e "$id_file"; then
133 SYSTEM_ID=`cat "$id_file"`
134 elif test -e "$uuid_file"; then
135 # Migrate from old file name.
137 SYSTEM_ID=$INSTALLATION_UUID
138 echo "$SYSTEM_ID" > "$id_file"
139 elif SYSTEM_ID=`uuidgen`; then
140 echo "$SYSTEM_ID" > "$id_file"
142 log_failure_msg "missing uuidgen, could not generate system ID"
147 log_failure_msg "system ID not configured, please use --system-id"
153 set "$@" external-ids:system-id="\"$SYSTEM_ID\""
155 if test X"$SYSTEM_TYPE" != X; then
156 set "$@" system-type="\"$SYSTEM_TYPE\""
158 log_failure_msg "no default system type, please use --system-type"
161 if test X"$SYSTEM_VERSION" != X; then
162 set "$@" system-version="\"$SYSTEM_VERSION\""
164 log_failure_msg "no default system version, please use --system-version"
167 action "Configuring Open vSwitch system IDs" "$@" $extra_ids
171 if test X"$FORCE_COREFILES" = Xyes; then
175 insert_mod_if_required || return 1
177 if daemon_is_running ovsdb-server; then
178 log_success_msg "ovsdb-server is already running"
180 # Create initial database or upgrade database schema.
181 upgrade_db || return 1
183 # Start ovsdb-server.
184 set ovsdb-server "$DB_FILE"
185 set "$@" -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO
186 set "$@" --remote=punix:"$DB_SOCK"
187 set "$@" --remote=db:Open_vSwitch,manager_options
188 set "$@" --private-key=db:SSL,private_key
189 set "$@" --certificate=db:SSL,certificate
190 set "$@" --bootstrap-ca-cert=db:SSL,ca_cert
191 start_daemon "$OVSDB_SERVER_PRIORITY" "$@" || return 1
193 # Initialize database settings.
194 ovs_vsctl -- init -- set Open_vSwitch . db-version="$schemaver" \
196 set_system_ids || return 1
197 if test X"$DELETE_BRIDGES" = Xyes; then
198 for bridge in `ovs_vsctl list-br`; do
199 ovs_vsctl del-br $bridge
204 if daemon_is_running ovs-vswitchd; then
205 log_success_msg "ovs-vswitchd is already running"
207 # Increase the limit on the number of open file descriptors.
208 # ovs-vswitchd needs 16 per datapath, plus a few extra, so this
209 # should allow for 256 (or more) bridges.
212 # Start ovs-vswitchd.
213 set ovs-vswitchd unix:"$DB_SOCK"
214 set "$@" -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO
215 if test X"$MLOCKALL" != Xno; then
218 start_daemon "$OVS_VSWITCHD_PRIORITY" "$@"
221 if daemon_is_running ovs-brcompatd; then
222 log_success_msg "ovs-brcompatd is already running"
223 elif test X"$BRCOMPAT" = Xyes; then
225 set "$@" -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO
226 start_daemon "$OVS_BRCOMPATD_PRIORITY" "$@"
235 stop_daemon ovs-brcompatd
236 stop_daemon ovs-vswitchd
237 stop_daemon ovsdb-server
240 ## ----------------- ##
241 ## force-reload-kmod ##
242 ## ----------------- ##
244 internal_interfaces () {
245 # Outputs a list of internal interfaces:
247 # - There is an internal interface for every bridge, whether it
248 # has an Interface record or not and whether the Interface
249 # record's 'type' is properly set or not.
251 # - There is an internal interface for each Interface record whose
252 # 'type' is 'internal'.
254 # But ignore interfaces that don't really exist.
255 for d in `(ovs_vsctl --bare \
256 -- --columns=name find Interface type=internal \
257 -- list-br) | sort -u`
259 if test -e "/sys/class/net/$d"; then
266 "$datadir/scripts/ovs-save" $ifaces > "$script"
269 force_reload_kmod () {
270 ifaces=`internal_interfaces`
271 action "Detected internal interfaces: $ifaces" true
276 trap 'rm -f "$script"' 0 1 2 13 15
277 if action "Saving interface configuration" save_interfaces; then
280 log_warning_msg "Failed to save configuration, not replacing kernel module"
286 for dp in `ovs-dpctl dump-dps`; do
287 action "Removing datapath: $dp" ovs-dpctl del-dp "$dp"
290 # try both old and new names in case this is post upgrade
291 if test -e /sys/module/brcompat_mod; then
292 action "Removing brcompat module" rmmod brcompat_mod
293 elif test -e /sys/module/brcompat; then
294 action "Removing brcompat module" rmmod brcompat
296 if test -e /sys/module/openvswitch_mod; then
297 action "Removing openvswitch module" rmmod openvswitch_mod
298 elif test -e /sys/module/openvswitch; then
299 action "Removing openvswitch module" rmmod openvswitch
304 action "Restoring interface configuration" "$script"
306 if test $rc = 0; then
311 log="logger -p daemon.$level -t ovs-save"
312 $log "force-reload-kmod interface restore script exited with status $rc:"
316 ## --------------- ##
317 ## enable-protocol ##
318 ## --------------- ##
321 # Translate the protocol name to a number, because "iptables -n -L" prints
322 # some protocols by name (despite the -n) and therefore we need to look for
325 # (iptables -S output is more uniform but old iptables doesn't have it.)
326 protonum=`grep "^$PROTOCOL[ ]" /etc/protocols | awk '{print $2}'`
327 if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
328 log_failure_msg "unknown protocol $PROTOCOL"
333 match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
334 insert="iptables -I INPUT -p $PROTOCOL"
335 if test X"$DPORT" != X; then
336 name="$name to port $DPORT"
337 match="$match && /dpt:$DPORT/"
338 insert="$insert --dport $DPORT"
340 if test X"$SPORT" != X; then
341 name="$name from port $SPORT"
342 match="$match && /spt:$SPORT/"
343 insert="$insert --sport $SPORT"
345 insert="$insert -j ACCEPT"
347 if (iptables -n -L INPUT) >/dev/null 2>&1; then
348 if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
350 # There's already a rule for this protocol. Don't override it.
351 log_success_msg "iptables already has a rule for $name, not explicitly enabling"
353 action "Enabling $name with iptables" $insert
355 elif (iptables --version) >/dev/null 2>&1; then
356 action "cannot list iptables rules, not adding a rule for $name"
358 action "iptables binary not installed, not adding a rule for $name"
375 OVSDB_SERVER_PRIORITY=-10
376 OVS_VSWITCHD_PRIORITY=-10
377 OVS_BRCOMPATD_PRIORITY=-10
379 DB_FILE=$etcdir/conf.db
380 DB_SOCK=$rundir/db.sock
381 DB_SCHEMA=$datadir/vswitch.ovsschema
387 type_file=$etcdir/system-type.conf
388 version_file=$etcdir/system-version.conf
390 if test -e "$type_file" ; then
391 SYSTEM_TYPE=`cat $type_file`
392 SYSTEM_VERSION=`cat $version_file`
393 elif (lsb_release --id) >/dev/null 2>&1; then
394 SYSTEM_TYPE=`lsb_release --id -s`
395 system_release=`lsb_release --release -s`
396 system_codename=`lsb_release --codename -s`
397 SYSTEM_VERSION="${system_release}-${system_codename}"
400 SYSTEM_VERSION=unknown
407 $0: controls Open vSwitch daemons
408 usage: $0 [OPTIONS] COMMAND
410 This program is intended to be invoked internally by Open vSwitch startup
411 scripts. System administrators should not normally invoke it directly.
414 start start Open vSwitch daemons
415 stop stop Open vSwitch daemons
416 status check whether Open vSwitch daemons are running
417 version print versions of Open vSwitch daemons
418 load-kmod insert modules if not already present
419 force-reload-kmod save OVS network device state, stop OVS, unload kernel
420 module, reload kernel module, start OVS, restore state
421 enable-protocol enable protocol specified in options with iptables
422 help display this help message
424 One of the following options is required for "start" and "force-reload-kmod":
425 --system-id=UUID set specific ID to uniquely identify this system
426 --system-id=random use a random but persistent UUID to identify this system
428 Other important options for "start" and "force-reload-kmod":
429 --system-type=TYPE set system type (e.g. "XenServer")
430 --system-version=VERSION set system version (e.g. "5.6.100-39265p")
431 --external-id="key=value"
432 add given key-value pair to Open_vSwitch external-ids
433 --delete-bridges delete all bridges just before starting ovs-vswitchd
435 Less important options for "start" and "force-reload-kmod":
436 --daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD)
437 --no-force-corefiles do not force on core dumps for OVS daemons
438 --no-mlockall do not lock all of ovs-vswitchd into memory
439 --ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
440 --ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
441 --ovs-brcompatd-priority=NICE set ovs-brcompatd's niceness (default: $OVS_BRCOMPATD_PRIORITY)
443 Options for "start", "force-reload-kmod", "load-kmod", "status", and "version":
444 --brcompat enable Linux bridge compatibility module and daemon
446 File location options:
447 --db-file=FILE database file name (default: $DB_FILE)
448 --db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
449 --db-schema=FILE database schema file name (default: $DB_SCHEMA)
451 Options for "enable-protocol":
452 --protocol=PROTOCOL protocol to enable with iptables (default: gre)
453 --sport=PORT source port to match (for tcp or udp protocol)
454 --dport=PORT ddestination port to match (for tcp or udp protocol)
457 -h, --help display this help message
458 -V, --version display version information
460 Default directories with "configure" option and environment variable override:
461 logs: @LOGDIR@ (--log-dir, OVS_LOGDIR)
462 pidfiles and sockets: @RUNDIR@ (--run-dir, OVS_RUNDIR)
463 system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
464 data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
465 user binaries: @bindir@ (--bindir, OVS_BINDIR)
466 system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)
468 Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
475 var=`echo "$option" | tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
476 eval set=\${$var+yes}
477 eval old_value=\$$var
478 if test X$set = X || \
479 (test $type = bool && \
480 test X"$old_value" != Xno && test X"$old_value" != Xyes); then
481 echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
488 echo ovsdb-server ovs-vswitchd
489 if test X"$BRCOMPAT" = Xyes; then
504 echo "$0 (Open vSwitch) $VERSION"
508 value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
511 extra_ids="$extra_ids external-ids:$value"
514 echo >&2 "$0: --external-id argument not in the form \"key=value\""
520 option=`expr X"$arg" : 'X--\([^=]*\)'`
521 value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
526 option=`expr X"$arg" : 'X--no-\(.*\)'`
532 option=`expr X"$arg" : 'X--\(.*\)'`
538 echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
542 if test X"$command" = X; then
545 echo >&2 "$0: exactly one non-option argument required (use --help for help)"
560 for daemon in `daemons`; do
561 daemon_status $daemon || rc=$?
566 for daemon in `daemons`; do
574 insert_mod_if_required
583 echo >&2 "$0: missing command name (use --help for help)"
587 echo >&2 "$0: unknown command \"$command\" (use --help for help)"