/openvswitch-pki
/openvswitch-pki-server
/openvswitch-switch
-/openvswitch-switch-config
/openvswitch-switch.copyright
debian/openvswitch-pki-server.install \
debian/openvswitch-pki-server.postinst \
debian/openvswitch-pki.postinst \
- debian/openvswitch-switch-config.dirs \
- debian/openvswitch-switch-config.install \
- debian/openvswitch-switch-config.manpages \
- debian/openvswitch-switch-config.overrides \
- debian/openvswitch-switch-config.templates \
debian/openvswitch-switch.README.Debian \
debian/openvswitch-switch.dirs \
debian/openvswitch-switch.init \
debian/openvswitch-switch.postinst \
debian/openvswitch-switch.postrm \
debian/openvswitch-switch.template \
- debian/ovs-switch-setup \
- debian/ovs-switch-setup.8 \
- debian/po/POTFILES.in \
- debian/po/templates.pot \
- debian/reconfigure \
debian/rules \
debian/rules.modules
.
Open vSwitch is a full-featured software-based Ethernet switch.
-Package: openvswitch-switch-config
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, openvswitch-switch (= ${binary:Version}), libwww-perl, libdigest-sha1-perl
-Description: Open vSwitch switch implementations
- openvswitch-switch-config provides a utility for interactively configuring
- the Open vSwitch switch provided in the openvswitch-switch package.
- .
- Open vSwitch is a full-featured software-based Ethernet switch.
-
Package: openvswitch-pki
Architecture: all
Depends:
+++ /dev/null
-/usr/share/lintian/overrides
+++ /dev/null
-debian/ovs-switch-setup usr/sbin
+++ /dev/null
-debian/ovs-switch-setup.8
+++ /dev/null
-debconf-is-not-a-registry
+++ /dev/null
-Template: openvswitch-switch/netdevs
-Type: multiselect
-_Choices: ${choices}
-_Description: Open vSwitch network devices:
- Choose the network devices that should become part of the Open vSwitch
- instance. At least two devices must be selected for this machine to be
- a useful switch. Unselecting all network devices will disable
- Open vSwitch entirely.
- .
- The network devices that you select should not be configured with IP
- or IPv6 addresses, even if the switch contacts the controller over
- one of the selected network devices. This is because a running
- Open vSwitch takes over network devices at a low level: they
- become part of the switch and cannot be used for other purposes.
-
-Template: openvswitch-switch/no-netdevs
-Type: error
-_Description: No network devices were selected.
- No network devices were selected for inclusion in the Open vSwitch
- instance. The switch will be disabled.
-
-Template: openvswitch-switch/configured-netdevs
-Type: note
-_Description: Some Network Devices Have IP or IPv6 Addresses
- The following network devices selected to be part of the Open vSwitch
- instance have IP or IPv6 addresses configured:
- .
- ${configured-netdevs}
- .
- This is usually a mistake, even if the switch contacts the controller over
- one of the selected network devices. This is because running Open vSwitch
- takes over network devices at a low level: they become part of the switch
- and cannot be used for other purposes.
- .
- If this is an unintentional mistake, move back and fix the selection,
- or de-configure the IP or IPv6 from these network devices.
-
-Template: openvswitch-switch/mode
-Type: select
-_Choices: discovery, in-band, out-of-band
-Default: discovery
-_Description: Switch-to-controller access method:
- Open vSwitch must be able to contact the OpenFlow controller over the
- network. It can do so in one of three ways:
- .
- discovery: A single network is used for OpenFlow traffic and other
- data traffic; that is, the switch contacts the controller over one of
- the network devices selected as Open vSwitch network devices in
- the previous question. The switch automatically determines the
- location of the controller using a DHCP request with an
- OpenFlow-specific vendor option. This is the most common case.
- .
- in-band: As above, but the location of the controller is manually
- configured.
- .
- out-of-band: OpenFlow traffic uses a network separate from the data traffic
- that it controls. If this is the case, the control network must already
- be configured on a network device other than one of those selected as
- an Open vSwitch netdev in the previous question.
-
-Template: openvswitch-switch/discover
-Type: note
-_Description: Preparing to discover controller
- The setup program will now attempt to discover the OpenFlow controller.
- Controller discovery may take up to 30 seconds. Please be patient.
- .
- See ovs-openflowd(8) for instructions on how to configure a DHCP server for
- controller discovery.
-
-Template: openvswitch-switch/discovery-failure
-Type: error
-_Description: Controller discovery failed.
- The controller's location could not be determined automatically.
- .
- Ensure that the OpenFlow DHCP server is properly configured. See
- ovs-openflowd(8) for instructions on how to configure a DHCP server for
- controller discovery.
-
-Template: openvswitch-switch/discovery-success
-Type: boolean
-Default: true
-_Description: Use discovered settings?
- Controller discovery obtained the following settings:
- .
- Controller location: ${controller-vconn}
- .
- PKI URL: ${pki-uri}
- .
- Please verify that these settings are correct.
-
-Template: openvswitch-switch/switch-ip
-Type: string
-Default: dhcp
-_Description: Switch IP address:
- For in-band communication with the controller, the Open vSwitch instance
- must be able to determine its own IP address. Its IP address may be
- configured statically or dynamically.
- .
- For static configuration, specify the switch's IP address as a string.
- .
- For dynamic configuration with DHCP (the most common case), specify "dhcp".
- Configuration with DHCP will only work reliably if the network topology
- allows the switch to contact the DHCP server before it connects to the
- OpenFlow controller.
-
-Template: openvswitch-switch/switch-ip-error
-Type: error
-_Description: The switch IP address is invalid.
- The switch IP address must specified as "dhcp" or a valid IP address in
- dotted-octet form (e.g. "1.2.3.4").
-
-Template: openvswitch-switch/controller-vconn
-Type: string
-_Description: Controller location:
- Specify how Open vSwitch should connect to the OpenFlow controller. The
- value should be in form "ssl:IP[:PORT]" to connect to the controller
- over SSL (recommended for security) or "tcp:IP[:PORT]" to connect over
- cleartext TCP.
-
-Template: openvswitch-switch/controller-vconn-error
-Type: error
-_Description: The controller location is invalid.
- The controller location must be specifed as "ssl:IP[:PORT]" to
- connect to the controller over SSL (recommended for security) or
- "tcp:IP[:PORT]" to connect over cleartext TCP.
-
-Template: openvswitch-switch/pki-uri
-Type: string
-_Description: Open vSwitch PKI server host name or URL:
- Specify a URL to the Open vSwitch public key infrastructure (PKI). If a
- host name or IP address is specified in place of a URL, then
- http://<host>/openvswitch/pki/ will be used,
- where <host> is the specified host name or IP address.
- .
- The Open vSwitch PKI is usually on the same machine as the OpenFlow
- controller.
- .
- The setup process will connect to the Open vSwitch PKI server over
- HTTP, using the system's configured default HTTP proxy (if any).
-
-Template: openvswitch-switch/fetch-cacert-failed
-Type: error
-_Description: The switch CA certificate could not be retrieved.
- Retrieval of ${url} failed, with the following status: "${error}".
- .
- Ensure that the Open vSwitch PKI server is correctly configured and
- available at ${pki-uri}. If the system is configured to use an HTTP
- proxy, also make sure that the HTTP proxy is available and that the
- PKI server can be reached through it.
-
-Template: openvswitch-switch/verify-controller-ca
-Type: boolean
-Default: true
-_Description: Is ${fingerprint} the controller CA's fingerprint?
- If a man-in-the-middle attack is possible in your network
- environment, check that the controller CA's fingerprint is really
- ${fingerprint}. Answer "true" if it matches, "false" if
- there is a discrepancy.
- .
- If a man-in-the-middle attack is not a concern, there is no need to
- verify the fingerprint. Simply answer "true".
-
-Template: openvswitch-switch/send-cert-req
-Type: boolean
-Default: true
-_Description: Send certificate request to switch CA?
- Before it can connect to the controller over SSL, the Open vSwitch's
- key must be signed by the switch certificate authority (CA) located
- on the Open vSwitch PKI server, which is usually collocated with
- the OpenFlow controller. A signing request can be sent to the PKI
- server now.
- .
- Answer "true" to send a signing request to the switch CA now. This is
- ordinarily the correct choice. There is no harm in sending a given
- signing request more than once.
- .
- Answer "false" to skip sending a signing request to the switch CA.
- Unless the request has already been sent to the switch CA, manual
- sending of the request and signing will be necessary.
-
-Template: openvswitch-switch/send-cert-req-failed
-Type: error
-_Description: The certificate request could not be sent.
- Posting to ${url} failed, with the following status: "${error}".
- .
- Ensure that the Open vSwitch PKI server is correctly configured and
- available at ${pki-uri}.
-
-Template: openvswitch-switch/fetch-switch-cert
-Type: boolean
-_Description: Fetch signed switch certificate from PKI server?
- Before it can connect to the controller over SSL, the Open vSwitch's
- key must be signed by the switch certificate authority (CA) located
- on the Open vSwitch PKI server, which is usually collocated with the
- OpenFlow controller.
- .
- At this point, a signing request has been sent to the switch CA (or
- sending a request has been manually skipped), but the signed
- certificate has not yet been retrieved. Manual action may need to be
- taken at the PKI server to approve the signing request.
- .
- Answer "true" to attempt to retrieve the signed switch certificate
- from the switch CA. If the switch certificate request has been
- signed at the PKI server, this is the correct choice.
- .
- Answer "false" to postpone switch configuration. The configuration
- process must be restarted later, when the switch certificate request
- has been signed.
-
-Template: openvswitch-switch/fetch-switch-cert-failed
-Type: error
-_Description: Signed switch certificate could not be retrieved.
- The signed switch certificate could not be retrieved from the switch
- CA: retrieval of ${url} failed, with the following status: "${error}".
- .
- This probably indicates that the switch's certificate request has not
- yet been signed. If this is the problem, it may be fixed by signing
- the certificate request at ${pki-uri}, then trying to fetch the
- signed switch certificate again.
-
-Template: openvswitch-switch/complete
-Type: note
-_Description: Open vSwitch Setup Finished
- Setup of this Open vSwitch instance is finished. Complete the setup
- procedure to enable the switch.
README.Debian for openvswitch-switch
---------------------------------
-* The switch must be configured before it can be used. To configure
- it interactively, install the openvswitch-switch-config package and run
- the ovs-switch-setup program. Alternatively, edit
- /etc/default/openvswitch-switch by hand, then start the switch manually
- with "/etc/init.d/openvswitch-switch start".
+* The switch must be configured before it can be used. Edit
+ /etc/default/openvswitch-switch, then start the switch manually with
+ "/etc/init.d/openvswitch-switch start".
* To use the Linux kernel-based switch implementation, you will need
to build and install the Open vSwitch kernel module. To do so, install
* This package does not yet support the userspace datapath-based
switch implementation.
- -- Ben Pfaff <blp@nicira.com>, Mon, 11 May 2009 13:29:43 -0700
+ -- Ben Pfaff <blp@nicira.com>, Mon, 30 Aug 2010 09:51:19 -0700
+++ /dev/null
-#! /usr/bin/perl
-
-use POSIX;
-use Debconf::Client::ConfModule ':all';
-use HTTP::Request;
-use LWP::UserAgent;
-use Digest::SHA1 'sha1_hex';
-use strict;
-use warnings;
-
-# XXX should support configuring SWITCH_NETMASK and SWITCH_GATEWAY
-# when the mode is in-band.
-
-my $debconf_owner = 'openvswitch-switch';
-
-my $default = '/etc/default/openvswitch-switch';
-my $template = '/usr/share/openvswitch/switch/default.template';
-my $etc = '/etc/openvswitch';
-my $rundir = '/var/run/openvswitch';
-my $privkey_file = "$etc/of0-privkey.pem";
-my $req_file = "$etc/of0-req.pem";
-my $cert_file = "$etc/of0-cert.pem";
-my $cacert_file = "$etc/cacert.pem";
-my $ovs_discover_pidfile = "$rundir/ovs-discover.pid";
-
-my $ua = LWP::UserAgent->new;
-$ua->timeout(10);
-$ua->env_proxy;
-
-system("/etc/init.d/openvswitch-switch stop 1>&2");
-kill_ovs_discover();
-
-version('2.0');
-capb('backup');
-title('Open vSwitch Switch Setup');
-
-my (%netdevs) = find_netdevs();
-db_subst('netdevs', 'choices',
- join(', ', map($netdevs{$_}, sort(keys(%netdevs)))));
-db_set('netdevs', join(', ', grep(!/IP/, values(%netdevs))));
-
-my %oldconfig;
-if (-e $default) {
- %oldconfig = load_config($default);
-
- my (%map) =
- (NETDEVS => sub {
- db_set('netdevs', join(', ', map($netdevs{$_},
- grep(exists $netdevs{$_}, split))))
- },
- MODE => sub {
- db_set('mode',
- $_ eq 'in-band' || $_ eq 'out-of-band' ? $_ : 'discovery')
- },
- SWITCH_IP => sub { db_set('switch-ip', $_) },
- CONTROLLER => sub { db_set('controller-vconn', $_) },
- PRIVKEY => sub { $privkey_file = $_ },
- CERT => sub { $cert_file = $_ },
- CACERT => sub { $cacert_file = $_ },
- );
-
- for my $key (keys(%map)) {
- local $_ = $oldconfig{$key};
- &{$map{$key}}() if defined && !/^\s*$/;
- }
-} elsif (-e $template) {
- %oldconfig = load_config($template);
-}
-
-my $cacert_preverified = -e $cacert_file;
-my ($req, $req_fingerprint);
-
-my %options;
-
-my (@states) =
- (sub {
- # User backed up from first dialog box.
- exit(10);
- },
- sub {
- # Prompt for ports to include in switch.
- db_input('netdevs');
- return;
- },
- sub {
- # Validate the chosen ports.
- my (@netdevs) = split(', ', db_get('netdevs'));
- if (!@netdevs) {
- # No ports chosen. Disable switch.
- db_input('no-netdevs');
- return 'prev' if db_go();
- return 'done';
- } elsif (my (@conf_netdevs) = grep(/IP/, @netdevs)) {
- # Point out that some ports have configured IP addresses.
- db_subst('configured-netdevs', 'configured-netdevs',
- join(', ', @conf_netdevs));
- db_input('configured-netdevs');
- return;
- } else {
- # Otherwise proceed.
- return 'skip';
- }
- },
- sub {
- # Discovery or in-band or out-of-band controller?
- db_input('mode');
- return;
- },
- sub {
- return 'skip' if db_get('mode') ne 'discovery';
- for (;;) {
- # Notify user that we are going to do discovery.
- db_input('discover');
- return 'prev' if db_go();
- print STDERR "Please wait up to 30 seconds for discovery...\n";
-
- # Make sure that there's no running discovery process.
- kill_ovs_discover();
-
- # Do discovery.
- %options = ();
- open(DISCOVER, '-|', 'ovs-discover --timeout=30 --pidfile '
- . join(' ', netdev_names()));
- while (<DISCOVER>) {
- chomp;
- if (my ($name, $value) = /^([^=]+)=(.*)$/) {
- if ($value =~ /^"(.*)"$/) {
- $value = $1;
- $value =~ s/\\([0-7][0-7][0-7])/chr($1)/ge;
- } else {
- $value =~ s/^(0x[[:xdigit:]]+)$/hex($1)/e;
- $value = '' if $value eq 'empty';
- next if $value eq 'null'; # Shouldn't happen.
- }
- $options{$name} = $value;
- }
- last if /^$/;
- }
-
- # Check results.
- my $vconn = $options{'ovs-controller-vconn'};
- my $pki_uri = $options{'ovs-pki-uri'};
- return 'next'
- if (defined($vconn)
- && is_valid_vconn($vconn)
- && (!is_ssl_vconn($vconn) || defined($pki_uri)));
-
- # Try again?
- kill_ovs_discover();
- db_input('discovery-failure');
- db_go();
- }
- },
- sub {
- return 'skip' if db_get('mode') ne 'discovery';
-
- my $vconn = $options{'ovs-controller-vconn'};
- my $pki_uri = $options{'ovs-pki-uri'};
- db_subst('discovery-success', 'controller-vconn', $vconn);
- db_subst('discovery-success',
- 'pki-uri', is_ssl_vconn($vconn) ? $pki_uri : "no PKI in use");
- db_input('discovery-success');
- return 'prev' if db_go();
- db_set('controller-vconn', $vconn);
- db_set('pki-uri', $pki_uri);
- return 'next';
- },
- sub {
- return 'skip' if db_get('mode') ne 'in-band';
- for (;;) {
- db_input('switch-ip');
- return 'prev' if db_go();
-
- my $ip = db_get('switch-ip');
- return 'next' if $ip =~ /^dhcp|\d+\.\d+.\d+.\d+$/i;
-
- db_input('switch-ip-error');
- db_go();
- }
- },
- sub {
- return 'skip' if db_get('mode') eq 'discovery';
- for (;;) {
- my $old_vconn = db_get('controller-vconn');
- db_input('controller-vconn');
- return 'prev' if db_go();
-
- my $vconn = db_get('controller-vconn');
- if (is_valid_vconn($vconn)) {
- if ($old_vconn ne $vconn || db_get('pki-uri') eq '') {
- db_set('pki-uri', pki_host_to_uri($2));
- }
- return 'next';
- }
-
- db_input('controller-vconn-error');
- db_go();
- }
- },
- sub {
- return 'skip' if !ssl_enabled();
-
- if (! -e $privkey_file) {
- my $old_umask = umask(077);
- run_cmd("ovs-pki req $etc/of0 >&2 2>/dev/null");
- chmod(0644, $req_file) or die "$req_file: chmod: $!\n";
- umask($old_umask);
- }
-
- if (! -e $cert_file) {
- open(REQ, '<', $req_file) or die "$req_file: open: $!\n";
- $req = join('', <REQ>);
- close(REQ);
- $req_fingerprint = sha1_hex($req);
- }
- return 'skip';
- },
- sub {
- return 'skip' if !ssl_enabled();
- return 'skip' if -e $cacert_file && -e $cert_file;
-
- db_input('pki-uri');
- return 'prev' if db_go();
- return;
- },
- sub {
- return 'skip' if !ssl_enabled();
- return 'skip' if -e $cacert_file;
-
- my $pki_uri = db_get('pki-uri');
- if ($pki_uri !~ /:/) {
- $pki_uri = pki_host_to_uri($pki_uri);
- } else {
- # Trim trailing slashes.
- $pki_uri =~ s%/+$%%;
- }
- db_set('pki-uri', $pki_uri);
-
- my $url = "$pki_uri/controllerca/cacert.pem";
- my $response = $ua->get($url, ':content_file' => $cacert_file);
- if ($response->is_success) {
- return 'next';
- }
-
- db_subst('fetch-cacert-failed', 'url', $url);
- db_subst('fetch-cacert-failed', 'error', $response->status_line);
- db_subst('fetch-cacert-failed', 'pki-uri', $pki_uri);
- db_input('fetch-cacert-failed');
- db_go();
- return 'prev';
- },
- sub {
- return 'skip' if !ssl_enabled();
- return 'skip' if -e $cert_file;
-
- for (;;) {
- db_set('send-cert-req', 'true');
- db_input('send-cert-req');
- return 'prev' if db_go();
- return 'next' if db_get('send-cert-req') eq 'false';
-
- my $pki_uri = db_get('pki-uri');
- my ($pki_base_uri) = $pki_uri =~ m%^([^/]+://[^/]+)/%;
- my $url = "$pki_base_uri/cgi-bin/ovs-pki-cgi";
- my $response = $ua->post($url, {'type' => 'switch',
- 'req' => $req});
- return 'next' if $response->is_success;
-
- db_subst('send-cert-req-failed', 'url', $url);
- db_subst('send-cert-req-failed', 'error',
- $response->status_line);
- db_subst('send-cert-req-failed', 'pki-uri', $pki_uri);
- db_input('send-cert-req-failed');
- db_go();
- }
- },
- sub {
- return 'skip' if !ssl_enabled();
- return 'skip' if $cacert_preverified;
-
- my ($cacert_fingerprint) = x509_fingerprint($cacert_file);
- db_subst('verify-controller-ca', 'fingerprint', $cacert_fingerprint);
- db_input('verify-controller-ca');
- return 'prev' if db_go();
- return 'next' if db_get('verify-controller-ca') eq 'true';
- unlink($cacert_file);
- return 'prev';
- },
- sub {
- return 'skip' if !ssl_enabled();
- return 'skip' if -e $cert_file;
-
- for (;;) {
- db_set('fetch-switch-cert', 'true');
- db_input('fetch-switch-cert');
- return 'prev' if db_go();
- exit(1) if db_get('fetch-switch-cert') eq 'false';
-
- my $pki_uri = db_get('pki-uri');
- my $url = "$pki_uri/switchca/certs/$req_fingerprint-cert.pem";
- my $response = $ua->get($url, ':content_file' => $cert_file);
- if ($response->is_success) {
- return 'next';
- }
-
- db_subst('fetch-switch-cert-failed', 'url', $url);
- db_subst('fetch-switch-cert-failed', 'error',
- $response->status_line);
- db_subst('fetch-switch-cert-failed', 'pki-uri', $pki_uri);
- db_input('fetch-switch-cert-failed');
- db_go();
- }
- },
- sub {
- db_input('complete');
- db_go();
- return;
- },
- sub {
- return 'done';
- },
-);
-
-my $state = 1;
-my $direction = 1;
-for (;;) {
- my $ret = &{$states[$state]}();
- $ret = db_go() ? 'prev' : 'next' if !defined $ret;
- if ($ret eq 'next') {
- $direction = 1;
- } elsif ($ret eq 'prev') {
- $direction = -1;
- } elsif ($ret eq 'skip') {
- # Nothing to do.
- } elsif ($ret eq 'done') {
- last;
- } else {
- die "unknown ret $ret";
- }
- $state += $direction;
-}
-
-my %config = %oldconfig;
-$config{NETDEVS} = join(' ', netdev_names());
-$config{MODE} = db_get('mode');
-if (db_get('mode') eq 'in-band') {
- $config{SWITCH_IP} = db_get('switch-ip');
-}
-if (db_get('mode') ne 'discovery') {
- $config{CONTROLLER} = db_get('controller-vconn');
-}
-$config{PRIVKEY} = $privkey_file;
-$config{CERT} = $cert_file;
-$config{CACERT} = $cacert_file;
-save_config($default, %config);
-
-dup2(2, 1); # Get stdout back.
-kill_ovs_discover();
-system("/etc/init.d/openvswitch-switch start");
-
-sub ssl_enabled {
- return is_ssl_vconn(db_get('controller-vconn'));
-}
-
-sub db_subst {
- my ($question, $key, $value) = @_;
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = subst($question, $key, $value);
- if ($ret && $ret != 30) {
- die "Error substituting $value for $key in debconf question "
- . "$question: $seen";
- }
-}
-
-sub db_set {
- my ($question, $value) = @_;
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = set($question, $value);
- if ($ret && $ret != 30) {
- die "Error setting debconf question $question to $value: $seen";
- }
-}
-
-sub db_get {
- my ($question) = @_;
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = get($question);
- if ($ret) {
- die "Error getting debconf question $question answer: $seen";
- }
- return $seen;
-}
-
-sub db_fset {
- my ($question, $flag, $value) = @_;
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = fset($question, $flag, $value);
- if ($ret && $ret != 30) {
- die "Error setting debconf question $question flag $flag to $value: "
- . "$seen";
- }
-}
-
-sub db_fget {
- my ($question, $flag) = @_;
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = fget($question, $flag);
- if ($ret) {
- die "Error getting debconf question $question flag $flag: $seen";
- }
- return $seen;
-}
-
-sub db_input {
- my ($question) = @_;
- db_fset($question, "seen", "false");
-
- $question = "$debconf_owner/$question";
- my ($ret, $seen) = input('high', $question);
- if ($ret && $ret != 30) {
- die "Error requesting debconf question $question: $seen";
- }
- return $ret;
-}
-
-sub db_go {
- my ($ret, $seen) = go();
- if (!defined($ret)) {
- exit(1); # Cancel button was pushed.
- }
- if ($ret && $ret != 30) {
- die "Error asking debconf questions: $seen";
- }
- return $ret;
-}
-
-sub run_cmd {
- my ($cmd) = @_;
- return if system($cmd) == 0;
-
- if ($? == -1) {
- die "$cmd: failed to execute: $!\n";
- } elsif ($? & 127) {
- die sprintf("$cmd: child died with signal %d, %s coredump\n",
- ($? & 127), ($? & 128) ? 'with' : 'without');
- } else {
- die sprintf("$cmd: child exited with value %d\n", $? >> 8);
- }
-}
-
-sub x509_fingerprint {
- my ($file) = @_;
- my $cmd = "openssl x509 -noout -in $file -fingerprint";
- open(OPENSSL, '-|', $cmd) or die "$cmd: failed to execute: $!\n";
- my $line = <OPENSSL>;
- close(OPENSSL);
- my ($fingerprint) = $line =~ /SHA1 Fingerprint=(.*)/;
- return $line if !defined $fingerprint;
- $fingerprint =~ s/://g;
- return $fingerprint;
-}
-
-sub find_netdevs {
- my ($netdev, %netdevs);
- open(IFCONFIG, "/sbin/ifconfig -a|") or die "ifconfig failed: $!";
- while (<IFCONFIG>) {
- if (my ($nd) = /^([^\s]+)/) {
- $netdev = $nd;
- $netdevs{$netdev} = "$netdev";
- if (my ($hwaddr) = /HWaddr (\S+)/) {
- $netdevs{$netdev} .= " (MAC: $hwaddr)";
- }
- } elsif (my ($ip4) = /^\s*inet addr:(\S+)/) {
- $netdevs{$netdev} .= " (IP: $ip4)";
- } elsif (my ($ip6) = /^\s*inet6 addr:(\S+)/) {
- $netdevs{$netdev} .= " (IPv6: $ip6)";
- }
- }
- foreach my $nd (keys(%netdevs)) {
- delete $netdevs{$nd} if $nd eq 'lo' || $nd =~ /^wmaster/;
- }
- close(IFCONFIG);
- return %netdevs;
-}
-
-sub load_config {
- my ($file) = @_;
-
- # Get the list of the variables that the shell sets automatically.
- my (%auto_vars) = read_vars("set -a && env");
-
- # Get the variables from $default.
- my (%config) = read_vars("set -a && . '$default' && env");
-
- # Subtract.
- delete @config{keys %auto_vars};
-
- return %config;
-}
-
-sub read_vars {
- my ($cmd) = @_;
- local @ENV;
- if (!open(VARS, '-|', $cmd)) {
- print STDERR "$cmd: failed to execute: $!\n";
- return ();
- }
- my (%config);
- while (<VARS>) {
- my ($var, $value) = /^([^=]+)=(.*)$/ or next;
- $config{$var} = $value;
- }
- close(VARS);
- return %config;
-}
-
-sub shell_escape {
- local $_ = $_[0];
- if ($_ eq '') {
- return '""';
- } elsif (m&^[-a-zA-Z0-9:./%^_+,]*$&) {
- return $_;
- } else {
- s/'/'\\''/;
- return "'$_'";
- }
-}
-
-sub shell_assign {
- my ($var, $value) = @_;
- return $var . '=' . shell_escape($value);
-}
-
-sub save_config {
- my ($file, %config) = @_;
- my (@lines);
- if (open(FILE, '<', $file)) {
- @lines = <FILE>;
- chomp @lines;
- close(FILE);
- }
-
- # Replace all existing variable assignments.
- for (my ($i) = 0; $i <= $#lines; $i++) {
- local $_ = $lines[$i];
- my ($var, $value) = /^\s*([^=#]+)=(.*)$/ or next;
- if (exists($config{$var})) {
- $lines[$i] = shell_assign($var, $config{$var});
- delete $config{$var};
- } else {
- $lines[$i] = "#$lines[$i]";
- }
- }
-
- # Find a place to put any remaining variable assignments.
- VAR:
- for my $var (keys(%config)) {
- my $assign = shell_assign($var, $config{$var});
-
- # Replace the last commented-out variable assignment to $var, if any.
- for (my ($i) = $#lines; $i >= 0; $i--) {
- local $_ = $lines[$i];
- if (/^\s*#\s*$var=/) {
- $lines[$i] = $assign;
- next VAR;
- }
- }
-
- # Find a place to add the var: after the final commented line
- # just after a line that contains "$var:".
- for (my ($i) = 0; $i <= $#lines; $i++) {
- if ($lines[$i] =~ /^\s*#\s*$var:/) {
- for (my ($j) = $i + 1; $j <= $#lines; $j++) {
- if ($lines[$j] !~ /^\s*#/) {
- splice(@lines, $j, 0, $assign);
- next VAR;
- }
- }
- }
- }
-
- # Just append it.
- push(@lines, $assign);
- }
-
- open(NEWFILE, '>', "$file.tmp") or die "$file.tmp: create: $!\n";
- print NEWFILE join('', map("$_\n", @lines));
- close(NEWFILE);
- rename("$file.tmp", $file) or die "$file.tmp: rename to $file: $!\n";
-}
-
-sub pki_host_to_uri {
- my ($pki_host) = @_;
- return "http://$pki_host/openvswitch/pki";
-}
-
-sub kill_ovs_discover {
- # Delegate this to a subprocess because there is no portable way
- # to invoke fcntl(F_GETLK) from Perl.
- system("ovs-kill --force $ovs_discover_pidfile");
-}
-
-sub netdev_names {
- return map(/^(\S+)/, split(', ', db_get('netdevs')));
-}
-
-sub is_valid_vconn {
- my ($vconn) = @_;
- return scalar($vconn =~ /^(tcp|ssl):([^:]+)(:.*)?/);
-}
-
-sub is_ssl_vconn {
- my ($vconn) = @_;
- return scalar($vconn =~ /^ssl:/);
-}
+++ /dev/null
-.TH ovs\-switch\-setup 8 "June 2008" "Open vSwitch" "Open vSwitch Manual"
-
-.SH NAME
-ovs\-switch\-setup \- interactive setup for Open vSwitch switch
-
-.SH SYNOPSIS
-.B ovs\-switch\-setup
-
-.SH DESCRIPTION
-The \fBovs\-switch\-setup\fR program is an interactive program that
-assists the system administrator in configuring an Open vSwitch switch,
-including the underlying public key infrastructure (PKI).
-
-.SH OPTIONS
-ovs\-switch\-setup does not accept any command-line options.
-
-.SH FILES
-.IP /etc/default/openvswitch\-switch
-Main configuration file for Open vSwitch switch.
-
-.IP /etc/openvswitch/cacert.pem
-Default location of CA certificate for OpenFlow controllers.
-
-.IP /etc/openvswitch/of0\-cert.pem
-Default location of certificate for the Open vSwitch switch's private key.
-
-.IP /etc/openvswitch/of0\-privkey.pem
-Default location of the Open vSwitch switch's private key. This file
-should be readable only by \fBroot\fR.
-
-.IP /etc/openvswitch/of0\-req.pem
-Default location of certificate request for the Open vSwitch switch's
-certificate. This file is not used after the signed certificate
-(typically \fB/etc/openvswitch/of0\-cert.pem\fR, above) has been
-obtained from the OpenFlow PKI server.
-
-.SH "SEE ALSO"
-
-.BR ovs\-dpctl (8),
-.BR ovs\-pki (8),
-.BR ovs\-openflowd (8)
+++ /dev/null
-[type: gettext/rfc822deb] openvswitch-switch-config.templates
+++ /dev/null
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: openvswitch@packages.debian.org\n"
-"POT-Creation-Date: 2010-03-31 23:19-0700\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=CHARSET\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#. Type: multiselect
-#. Choices
-#: ../openvswitch-switch-config.templates:1001
-msgid "${choices}"
-msgstr ""
-
-#. Type: multiselect
-#. Description
-#: ../openvswitch-switch-config.templates:1002
-msgid "Open vSwitch network devices:"
-msgstr ""
-
-#. Type: multiselect
-#. Description
-#: ../openvswitch-switch-config.templates:1002
-msgid ""
-"Choose the network devices that should become part of the Open vSwitch "
-"instance. At least two devices must be selected for this machine to be a "
-"useful switch. Unselecting all network devices will disable Open vSwitch "
-"entirely."
-msgstr ""
-
-#. Type: multiselect
-#. Description
-#: ../openvswitch-switch-config.templates:1002
-msgid ""
-"The network devices that you select should not be configured with IP or IPv6 "
-"addresses, even if the switch contacts the controller over one of the "
-"selected network devices. This is because a running Open vSwitch takes over "
-"network devices at a low level: they become part of the switch and cannot be "
-"used for other purposes."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:2001
-msgid "No network devices were selected."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:2001
-msgid ""
-"No network devices were selected for inclusion in the Open vSwitch "
-"instance. The switch will be disabled."
-msgstr ""
-
-#. Type: note
-#. Description
-#: ../openvswitch-switch-config.templates:3001
-msgid "Some Network Devices Have IP or IPv6 Addresses"
-msgstr ""
-
-#. Type: note
-#. Description
-#: ../openvswitch-switch-config.templates:3001
-msgid ""
-"The following network devices selected to be part of the Open vSwitch "
-"instance have IP or IPv6 addresses configured:"
-msgstr ""
-
-#. Type: note
-#. Description
-#: ../openvswitch-switch-config.templates:3001
-msgid "${configured-netdevs}"
-msgstr ""
-
-#. Type: note
-#. Description
-#: ../openvswitch-switch-config.templates:3001
-msgid ""
-"This is usually a mistake, even if the switch contacts the controller over "
-"one of the selected network devices. This is because running Open vSwitch "
-"takes over network devices at a low level: they become part of the switch "
-"and cannot be used for other purposes."
-msgstr ""
-
-#. Type: note
-#. Description
-#: ../openvswitch-switch-config.templates:3001
-msgid ""
-"If this is an unintentional mistake, move back and fix the selection, or de-"
-"configure the IP or IPv6 from these network devices."
-msgstr ""
-
-#. Type: select
-#. Choices
-#: ../openvswitch-switch-config.templates:4001
-msgid "discovery, in-band, out-of-band"
-msgstr ""
-
-#. Type: select
-#. Description
-#: ../openvswitch-switch-config.templates:4002
-msgid "Switch-to-controller access method:"
-msgstr ""
-
-#. Type: select
-#. Description
-#: ../openvswitch-switch-config.templates:4002
-msgid ""
-"Open vSwitch must be able to contact the OpenFlow controller over the "
-"network. It can do so in one of three ways:"
-msgstr ""
-
-#. Type: select
-#. Description
-#: ../openvswitch-switch-config.templates:4002
-msgid ""
-"discovery: A single network is used for OpenFlow traffic and other data "
-"traffic; that is, the switch contacts the controller over one of the network "
-"devices selected as Open vSwitch network devices in the previous question. "
-"The switch automatically determines the location of the controller using a "
-"DHCP request with an OpenFlow-specific vendor option. This is the most "
-"common case."
-msgstr ""
-
-#. Type: select
-#. Description
-#: ../openvswitch-switch-config.templates:4002
-msgid ""
-"in-band: As above, but the location of the controller is manually configured."
-msgstr ""
-
-#. Type: select
-#. Description
-#: ../openvswitch-switch-config.templates:4002
-msgid ""
-"out-of-band: OpenFlow traffic uses a network separate from the data traffic "
-"that it controls. If this is the case, the control network must already be "
-"configured on a network device other than one of those selected as an Open "
-"vSwitch netdev in the previous question."
-msgstr ""
-
-#. Type: note
-#. Description
-#: ../openvswitch-switch-config.templates:5001
-msgid "Preparing to discover controller"
-msgstr ""
-
-#. Type: note
-#. Description
-#: ../openvswitch-switch-config.templates:5001
-msgid ""
-"The setup program will now attempt to discover the OpenFlow controller. "
-"Controller discovery may take up to 30 seconds. Please be patient."
-msgstr ""
-
-#. Type: note
-#. Description
-#: ../openvswitch-switch-config.templates:5001
-msgid ""
-"See ovs-openflowd(8) for instructions on how to configure a DHCP server for "
-"controller discovery."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:6001
-msgid "Controller discovery failed."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:6001
-msgid "The controller's location could not be determined automatically."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:6001
-msgid ""
-"Ensure that the OpenFlow DHCP server is properly configured. See ovs-"
-"openflowd(8) for instructions on how to configure a DHCP server for "
-"controller discovery."
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:7001
-msgid "Use discovered settings?"
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:7001
-msgid "Controller discovery obtained the following settings:"
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:7001
-msgid "Controller location: ${controller-vconn}"
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:7001
-msgid "PKI URL: ${pki-uri}"
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:7001
-msgid "Please verify that these settings are correct."
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../openvswitch-switch-config.templates:8001
-msgid "Switch IP address:"
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../openvswitch-switch-config.templates:8001
-msgid ""
-"For in-band communication with the controller, the Open vSwitch instance "
-"must be able to determine its own IP address. Its IP address may be "
-"configured statically or dynamically."
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../openvswitch-switch-config.templates:8001
-msgid "For static configuration, specify the switch's IP address as a string."
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../openvswitch-switch-config.templates:8001
-msgid ""
-"For dynamic configuration with DHCP (the most common case), specify \"dhcp"
-"\". Configuration with DHCP will only work reliably if the network topology "
-"allows the switch to contact the DHCP server before it connects to the "
-"OpenFlow controller."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:9001
-msgid "The switch IP address is invalid."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:9001
-msgid ""
-"The switch IP address must specified as \"dhcp\" or a valid IP address in "
-"dotted-octet form (e.g. \"1.2.3.4\")."
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../openvswitch-switch-config.templates:10001
-msgid "Controller location:"
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../openvswitch-switch-config.templates:10001
-msgid ""
-"Specify how Open vSwitch should connect to the OpenFlow controller. The "
-"value should be in form \"ssl:IP[:PORT]\" to connect to the controller over "
-"SSL (recommended for security) or \"tcp:IP[:PORT]\" to connect over "
-"cleartext TCP."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:11001
-msgid "The controller location is invalid."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:11001
-msgid ""
-"The controller location must be specifed as \"ssl:IP[:PORT]\" to connect to "
-"the controller over SSL (recommended for security) or \"tcp:IP[:PORT]\" to "
-"connect over cleartext TCP."
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../openvswitch-switch-config.templates:12001
-msgid "Open vSwitch PKI server host name or URL:"
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../openvswitch-switch-config.templates:12001
-msgid ""
-"Specify a URL to the Open vSwitch public key infrastructure (PKI). If a "
-"host name or IP address is specified in place of a URL, then http://<host>/"
-"openvswitch/pki/ will be used, where <host> is the specified host name or IP "
-"address."
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../openvswitch-switch-config.templates:12001
-msgid ""
-"The Open vSwitch PKI is usually on the same machine as the OpenFlow "
-"controller."
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../openvswitch-switch-config.templates:12001
-msgid ""
-"The setup process will connect to the Open vSwitch PKI server over HTTP, "
-"using the system's configured default HTTP proxy (if any)."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:13001
-msgid "The switch CA certificate could not be retrieved."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:13001
-msgid "Retrieval of ${url} failed, with the following status: \"${error}\"."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:13001
-msgid ""
-"Ensure that the Open vSwitch PKI server is correctly configured and "
-"available at ${pki-uri}. If the system is configured to use an HTTP proxy, "
-"also make sure that the HTTP proxy is available and that the PKI server can "
-"be reached through it."
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:14001
-msgid "Is ${fingerprint} the controller CA's fingerprint?"
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:14001
-msgid ""
-"If a man-in-the-middle attack is possible in your network environment, check "
-"that the controller CA's fingerprint is really ${fingerprint}. Answer \"true"
-"\" if it matches, \"false\" if there is a discrepancy."
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:14001
-msgid ""
-"If a man-in-the-middle attack is not a concern, there is no need to verify "
-"the fingerprint. Simply answer \"true\"."
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:15001
-msgid "Send certificate request to switch CA?"
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:15001
-msgid ""
-"Before it can connect to the controller over SSL, the Open vSwitch's key "
-"must be signed by the switch certificate authority (CA) located on the Open "
-"vSwitch PKI server, which is usually collocated with the OpenFlow "
-"controller. A signing request can be sent to the PKI server now."
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:15001
-msgid ""
-"Answer \"true\" to send a signing request to the switch CA now. This is "
-"ordinarily the correct choice. There is no harm in sending a given signing "
-"request more than once."
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:15001
-msgid ""
-"Answer \"false\" to skip sending a signing request to the switch CA. Unless "
-"the request has already been sent to the switch CA, manual sending of the "
-"request and signing will be necessary."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:16001
-msgid "The certificate request could not be sent."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:16001
-msgid "Posting to ${url} failed, with the following status: \"${error}\"."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:16001
-msgid ""
-"Ensure that the Open vSwitch PKI server is correctly configured and "
-"available at ${pki-uri}."
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:17001
-msgid "Fetch signed switch certificate from PKI server?"
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:17001
-msgid ""
-"Before it can connect to the controller over SSL, the Open vSwitch's key "
-"must be signed by the switch certificate authority (CA) located on the Open "
-"vSwitch PKI server, which is usually collocated with the OpenFlow "
-"controller."
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:17001
-msgid ""
-"At this point, a signing request has been sent to the switch CA (or sending "
-"a request has been manually skipped), but the signed certificate has not yet "
-"been retrieved. Manual action may need to be taken at the PKI server to "
-"approve the signing request."
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:17001
-msgid ""
-"Answer \"true\" to attempt to retrieve the signed switch certificate from "
-"the switch CA. If the switch certificate request has been signed at the PKI "
-"server, this is the correct choice."
-msgstr ""
-
-#. Type: boolean
-#. Description
-#: ../openvswitch-switch-config.templates:17001
-msgid ""
-"Answer \"false\" to postpone switch configuration. The configuration "
-"process must be restarted later, when the switch certificate request has "
-"been signed."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:18001
-msgid "Signed switch certificate could not be retrieved."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:18001
-msgid ""
-"The signed switch certificate could not be retrieved from the switch CA: "
-"retrieval of ${url} failed, with the following status: \"${error}\"."
-msgstr ""
-
-#. Type: error
-#. Description
-#: ../openvswitch-switch-config.templates:18001
-msgid ""
-"This probably indicates that the switch's certificate request has not yet "
-"been signed. If this is the problem, it may be fixed by signing the "
-"certificate request at ${pki-uri}, then trying to fetch the signed switch "
-"certificate again."
-msgstr ""
-
-#. Type: note
-#. Description
-#: ../openvswitch-switch-config.templates:19001
-msgid "Open vSwitch Setup Finished"
-msgstr ""
-
-#. Type: note
-#. Description
-#: ../openvswitch-switch-config.templates:19001
-msgid ""
-"Setup of this Open vSwitch instance is finished. Complete the setup "
-"procedure to enable the switch."
-msgstr ""
+++ /dev/null
-#! /usr/bin/perl
-
-use POSIX;
-use strict;
-use warnings;
-
-my $default = '/etc/default/openvswitch-switch';
-
-my (%config) = load_config($default);
-if (@ARGV) {
- foreach my $arg (@ARGV) {
- my ($key, $value) = $arg =~ /^([^=]+)=(.*)/
- or die "bad argument '$arg'\n";
- if ($value ne '') {
- $config{$key} = $value;
- } else {
- delete $config{$key};
- }
- }
- save_config($default, %config);
-}
-print "$_=$config{$_}\n" foreach sort(keys(%config));
-
-sub load_config {
- my ($file) = @_;
-
- # Get the list of the variables that the shell sets automatically.
- my (%auto_vars) = read_vars("set -a && env");
-
- # Get the variables from $default.
- my (%config) = read_vars("set -a && . '$default' && env");
-
- # Subtract.
- delete @config{keys %auto_vars};
-
- return %config;
-}
-
-sub read_vars {
- my ($cmd) = @_;
- local @ENV;
- if (!open(VARS, '-|', $cmd)) {
- print STDERR "$cmd: failed to execute: $!\n";
- return ();
- }
- my (%config);
- while (<VARS>) {
- my ($var, $value) = /^([^=]+)=(.*)$/ or next;
- $config{$var} = $value;
- }
- close(VARS);
- return %config;
-}
-
-sub shell_escape {
- local $_ = $_[0];
- if ($_ eq '') {
- return '""';
- } elsif (m&^[-a-zA-Z0-9:./%^_+,]*$&) {
- return $_;
- } else {
- s/'/'\\''/;
- return "'$_'";
- }
-}
-
-sub shell_assign {
- my ($var, $value) = @_;
- return $var . '=' . shell_escape($value);
-}
-
-sub save_config {
- my ($file, %config) = @_;
- my (@lines);
- if (open(FILE, '<', $file)) {
- @lines = <FILE>;
- chomp @lines;
- close(FILE);
- }
-
- # Replace all existing variable assignments.
- for (my ($i) = 0; $i <= $#lines; $i++) {
- local $_ = $lines[$i];
- my ($var, $value) = /^\s*([^=#]+)=(.*)$/ or next;
- if (exists($config{$var})) {
- $lines[$i] = shell_assign($var, $config{$var});
- delete $config{$var};
- } else {
- $lines[$i] = "#$lines[$i]";
- }
- }
-
- # Find a place to put any remaining variable assignments.
- VAR:
- for my $var (keys(%config)) {
- my $assign = shell_assign($var, $config{$var});
-
- # Replace the last commented-out variable assignment to $var, if any.
- for (my ($i) = $#lines; $i >= 0; $i--) {
- local $_ = $lines[$i];
- if (/^\s*#\s*$var=/) {
- $lines[$i] = $assign;
- next VAR;
- }
- }
-
- # Find a place to add the var: after the final commented line
- # just after a line that contains "$var:".
- for (my ($i) = 0; $i <= $#lines; $i++) {
- if ($lines[$i] =~ /^\s*#\s*$var:/) {
- for (my ($j) = $i + 1; $j <= $#lines; $j++) {
- if ($lines[$j] !~ /^\s*#/) {
- splice(@lines, $j, 0, $assign);
- next VAR;
- }
- }
- }
- }
-
- # Just append it.
- push(@lines, $assign);
- }
-
- open(NEWFILE, '>', "$file.tmp") or die "$file.tmp: create: $!\n";
- print NEWFILE join('', map("$_\n", @lines));
- close(NEWFILE);
- rename("$file.tmp", $file) or die "$file.tmp: rename to $file: $!\n";
-}
rm -rf _debian
[ ! -f Makefile ] || $(MAKE) distclean
dh_clean
- debconf-updatepo
install: install-indep install-arch
install-indep: build-indep
dh_clean -k -s
dh_installdirs -s
$(MAKE) -C _debian DESTDIR=$(CURDIR)/debian/openvswitch install
- cp debian/openvswitch-switch-config.overrides debian/openvswitch-switch-config/usr/share/lintian/overrides/openvswitch-switch-config
cp debian/openvswitch-switch.template debian/openvswitch-switch/usr/share/openvswitch/switch/default.template
dh_install -s
projects / openvswitch / commitdiff