From: Ben Pfaff Date: Mon, 5 Jan 2009 18:52:57 +0000 (-0800) Subject: Prevent Debian package upgrades from prompting. X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=babafd41040722d8a64bd0d344591852734bbe51;p=openvswitch Prevent Debian package upgrades from prompting. Before, we were using dpkg "conffiles" for our configuration. This means that if the admin has customized the configuration (as is necessary to make the switch work) and the default configuration included in the package changed, then dpkg would prompt the user interactively about what to do. Now, we take responsibility for creating, upgrading, and removing the configuration file ourselves, and do not prompt. --- diff --git a/debian/ofp-switch-setup b/debian/ofp-switch-setup index c21f1e05..5a999ab4 100755 --- a/debian/ofp-switch-setup +++ b/debian/ofp-switch-setup @@ -14,6 +14,7 @@ use warnings; my $debconf_owner = 'openflow-switch'; my $default = '/etc/default/openflow-switch'; +my $template = '/usr/share/openflow/switch/default.template'; my $etc = '/etc/openflow-switch'; my $rundir = '/var/run'; my $privkey_file = "$etc/of0-privkey.pem"; @@ -62,6 +63,8 @@ if (-e $default) { local $_ = $oldconfig{$key}; &{$map{$key}}() if defined && !/^\s*$/; } +} elsif (-e $template) { + %oldconfig = load_config($template); } my $cacert_preverified = -e $cacert_file; diff --git a/debian/openflow-switch.default b/debian/openflow-switch.default deleted file mode 100644 index 7eedab52..00000000 --- a/debian/openflow-switch.default +++ /dev/null @@ -1,134 +0,0 @@ -# This is a POSIX shell fragment -*- sh -*- - -# To configure the secure channel, fill in the following properly and -# uncomment them. Afterward, the secure channel will come up -# automatically at boot time. It can be started immediately with -# /etc/init.d/openflow-switch start -# Alternatively, use the ofp-switch-setup program (from the -# openflow-switch-config package) to do everything automatically. - -# NETDEVS: Which network devices should the OpenFlow switch include? -# -# List the network devices that should become part of the OpenFlow -# switch, separated by spaces. At least two devices must be selected -# for this machine to be a useful switch. Unselecting all network -# devices will disable the OpenFlow switch entirely. -# -# The network devices that you select should not be configured with IP -# or IPv6 addresses, even if the switch contacts the controller over -# one of the selected network devices. This is because a running -# OpenFlow switch takes over network devices at a low level: they -# become part of the switch and cannot be used for other purposes. -#NETDEVS="" - -# MODE: The OpenFlow switch has three modes that determine how it -# reaches the controller: -# -# * in-band with discovery: A single network is used for OpenFlow -# traffic and other data traffic; that is, the switch contacts the -# controller over one of the network devices selected as OpenFlow -# switch ports. The switch automatically determines the location of -# the controller using a DHCP request with an OpenFlow-specific -# vendor option. This is the most common case. -# -# * in-band: As above, but the location of the controller is manually -# configured. -# -# * out-of-band: OpenFlow traffic uses a network separate from the -# data traffic that it controls. If this is the case, the control -# network must already be configured on a network device other than -# one of those selected as an OpenFlow switch port in the previous -# question. -# -# Set MODE to 'discovery', 'in-band', or 'out-of-band' for these -# respective cases. -MODE=discovery - -# SWITCH_IP: In 'in-band' mode, the switch's IP address may be -# configured statically or dynamically: -# -# * For static configuration, specify the switch's IP address as a -# string. In this case you may also set SWITCH_NETMASK and -# SWITCH_GATEWAY appropriately. -# -# * For dynamic configuration with DHCP (the most common case), -# specify "dhcp". Configuration with DHCP will only work reliably -# if the network topology allows the switch to contact the DHCP -# server before it connects to the OpenFlow controller. -# -# This setting has no effect unless MODE is set to 'in-band'. -SWITCH_IP=dhcp -#SWITCH_NETMASK=255.255.255.0 -#SWITCH_GATEWAY=192.168.1.1 - -# CONTROLLER: Location of controller. -# One of the following formats: -# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST -# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST -# The default below assumes that the controller is running locally. -# This setting has no effect when MODE is set to 'discovery'. -#CONTROLLER="tcp:127.0.0.1" - -# PRIVKEY: Name of file containing switch's private key. -# Required if SSL enabled. -#PRIVKEY=/etc/openflow-switch/of0-privkey.pem - -# CERT: Name of file containing certificate for private key. -# Required if SSL enabled. -#CERT=/etc/openflow-switch/of0-cert.pem - -# CACERT: Name of file containing controller CA certificate. -# Required if SSL enabled. -#CACERT=/etc/openflow-switch/cacert.pem - -# CACERT_MODE: Two modes are available: -# -# * secure: The controller CA certificate named in CACERT above must exist. -# (You must copy it manually from the PKI server or another trusted source.) -# -# * bootstrap: If the controller CA certificate named in CACERT above does -# not exist, the switch will obtain it from the controller the first time -# it connects and save a copy to the file named in CACERT. This is insecure, -# in the same way that initial connections with ssh are insecure, but -# it is convenient. -# -# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases. -#CACERT_MODE=secure - -# MGMT_VCONNS: List of vconns (space-separated) on which secchan -# should listen for management connections from dpctl, etc. -# openflow-switchui by default connects to -# unix:/var/run/secchan.mgmt, so do not disable this if you want to -# use openflow-switchui. -MGMT_VCONNS="punix:/var/run/secchan.mgmt" - -# MONITOR_VCONN: Name of vconn on which secchan should listen for -# monitoring connections from dpctl. -MONITOR_VCONN="punix:/var/run/secchan.monitor" - -# COMMANDS: Access control list for the commands that can be executed -# remotely over the OpenFlow protocol, as a comma-separated list of -# shell glob patterns. Negative patterns (beginning with !) act as a -# blacklist. To be executable, a command name must match one positive -# pattern and not match any negative patterns. -#COMMANDS="reboot,update" - -# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open" -DAEMON_OPTS="" - -# CORE_LIMIT: Maximum size for core dumps. -# -# Leaving this unset will use the system default. Setting it to 0 -# will disable core dumps. Setting it to "unlimited" will dump all -# core files regardless of size. -#CORE_LIMIT=unlimited - -# DATAPATH_ID: Identifier for this switch. -# -# By default, the switch generates a new, random datapath ID every time -# it starts up. By setting this value, the datapath ID will be consistent -# from one run to the next. -# -# Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each -# X is a hexadecimal digit (0-9 or a-f). -#DATAPATH_ID=XX:XX:XX:XX:XX:XX diff --git a/debian/openflow-switch.dirs b/debian/openflow-switch.dirs index 6cf04b51..a53002ff 100644 --- a/debian/openflow-switch.dirs +++ b/debian/openflow-switch.dirs @@ -1 +1,2 @@ /etc/openflow-switch +/usr/share/openflow/switch diff --git a/debian/openflow-switch.postinst b/debian/openflow-switch.postinst new file mode 100755 index 00000000..6e75786e --- /dev/null +++ b/debian/openflow-switch.postinst @@ -0,0 +1,46 @@ +#!/bin/sh +# postinst script for openflow-switch +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + DEFAULT=/etc/default/openflow-switch + TEMPLATE=/usr/share/openflow/switch/default.template + if ! test -e $DEFAULT; then + cp $TEMPLATE $DEFAULT + elif ! grep DATAPATH_ID $DEFAULT; then + echo >> $DEFAULT + sed -n '/DATAPATH_ID:/,/DATAPATH_ID=/p' $TEMPLATE >> $DEFAULT + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 + + diff --git a/debian/openflow-switch.postrm b/debian/openflow-switch.postrm new file mode 100755 index 00000000..20bab0e0 --- /dev/null +++ b/debian/openflow-switch.postrm @@ -0,0 +1,43 @@ +#!/bin/sh +# postrm script for openflow-switch +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + rm -f /etc/default/openflow-switch + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/openflow-switch.template b/debian/openflow-switch.template new file mode 100644 index 00000000..7eedab52 --- /dev/null +++ b/debian/openflow-switch.template @@ -0,0 +1,134 @@ +# This is a POSIX shell fragment -*- sh -*- + +# To configure the secure channel, fill in the following properly and +# uncomment them. Afterward, the secure channel will come up +# automatically at boot time. It can be started immediately with +# /etc/init.d/openflow-switch start +# Alternatively, use the ofp-switch-setup program (from the +# openflow-switch-config package) to do everything automatically. + +# NETDEVS: Which network devices should the OpenFlow switch include? +# +# List the network devices that should become part of the OpenFlow +# switch, separated by spaces. At least two devices must be selected +# for this machine to be a useful switch. Unselecting all network +# devices will disable the OpenFlow switch entirely. +# +# The network devices that you select should not be configured with IP +# or IPv6 addresses, even if the switch contacts the controller over +# one of the selected network devices. This is because a running +# OpenFlow switch takes over network devices at a low level: they +# become part of the switch and cannot be used for other purposes. +#NETDEVS="" + +# MODE: The OpenFlow switch has three modes that determine how it +# reaches the controller: +# +# * in-band with discovery: A single network is used for OpenFlow +# traffic and other data traffic; that is, the switch contacts the +# controller over one of the network devices selected as OpenFlow +# switch ports. The switch automatically determines the location of +# the controller using a DHCP request with an OpenFlow-specific +# vendor option. This is the most common case. +# +# * in-band: As above, but the location of the controller is manually +# configured. +# +# * out-of-band: OpenFlow traffic uses a network separate from the +# data traffic that it controls. If this is the case, the control +# network must already be configured on a network device other than +# one of those selected as an OpenFlow switch port in the previous +# question. +# +# Set MODE to 'discovery', 'in-band', or 'out-of-band' for these +# respective cases. +MODE=discovery + +# SWITCH_IP: In 'in-band' mode, the switch's IP address may be +# configured statically or dynamically: +# +# * For static configuration, specify the switch's IP address as a +# string. In this case you may also set SWITCH_NETMASK and +# SWITCH_GATEWAY appropriately. +# +# * For dynamic configuration with DHCP (the most common case), +# specify "dhcp". Configuration with DHCP will only work reliably +# if the network topology allows the switch to contact the DHCP +# server before it connects to the OpenFlow controller. +# +# This setting has no effect unless MODE is set to 'in-band'. +SWITCH_IP=dhcp +#SWITCH_NETMASK=255.255.255.0 +#SWITCH_GATEWAY=192.168.1.1 + +# CONTROLLER: Location of controller. +# One of the following formats: +# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST +# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST +# The default below assumes that the controller is running locally. +# This setting has no effect when MODE is set to 'discovery'. +#CONTROLLER="tcp:127.0.0.1" + +# PRIVKEY: Name of file containing switch's private key. +# Required if SSL enabled. +#PRIVKEY=/etc/openflow-switch/of0-privkey.pem + +# CERT: Name of file containing certificate for private key. +# Required if SSL enabled. +#CERT=/etc/openflow-switch/of0-cert.pem + +# CACERT: Name of file containing controller CA certificate. +# Required if SSL enabled. +#CACERT=/etc/openflow-switch/cacert.pem + +# CACERT_MODE: Two modes are available: +# +# * secure: The controller CA certificate named in CACERT above must exist. +# (You must copy it manually from the PKI server or another trusted source.) +# +# * bootstrap: If the controller CA certificate named in CACERT above does +# not exist, the switch will obtain it from the controller the first time +# it connects and save a copy to the file named in CACERT. This is insecure, +# in the same way that initial connections with ssh are insecure, but +# it is convenient. +# +# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases. +#CACERT_MODE=secure + +# MGMT_VCONNS: List of vconns (space-separated) on which secchan +# should listen for management connections from dpctl, etc. +# openflow-switchui by default connects to +# unix:/var/run/secchan.mgmt, so do not disable this if you want to +# use openflow-switchui. +MGMT_VCONNS="punix:/var/run/secchan.mgmt" + +# MONITOR_VCONN: Name of vconn on which secchan should listen for +# monitoring connections from dpctl. +MONITOR_VCONN="punix:/var/run/secchan.monitor" + +# COMMANDS: Access control list for the commands that can be executed +# remotely over the OpenFlow protocol, as a comma-separated list of +# shell glob patterns. Negative patterns (beginning with !) act as a +# blacklist. To be executable, a command name must match one positive +# pattern and not match any negative patterns. +#COMMANDS="reboot,update" + +# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open" +DAEMON_OPTS="" + +# CORE_LIMIT: Maximum size for core dumps. +# +# Leaving this unset will use the system default. Setting it to 0 +# will disable core dumps. Setting it to "unlimited" will dump all +# core files regardless of size. +#CORE_LIMIT=unlimited + +# DATAPATH_ID: Identifier for this switch. +# +# By default, the switch generates a new, random datapath ID every time +# it starts up. By setting this value, the datapath ID will be consistent +# from one run to the next. +# +# Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each +# X is a hexadecimal digit (0-9 or a-f). +#DATAPATH_ID=XX:XX:XX:XX:XX:XX diff --git a/debian/rules b/debian/rules index fa3cea85..539c8f3d 100755 --- a/debian/rules +++ b/debian/rules @@ -125,6 +125,7 @@ install-arch: build-arch dh_installdirs -s $(MAKE) -C _debian DESTDIR=$(CURDIR)/debian/openflow install cp debian/openflow-switch-config.overrides debian/openflow-switch-config/usr/share/lintian/overrides/openflow-switch-config + cp debian/openflow-switch.template debian/openflow-switch/usr/share/openflow/switch/default.template dh_install -s $(ext_install_arch)