2 # Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at:
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
17 */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
20 . "$dir0/ovs-lib" || exit 1
22 for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
33 # Keep track of removed vports so we can reload them if needed
37 # Try loading openvswitch again.
38 action "Inserting openvswitch module" modprobe openvswitch
40 for vport in $removed_vports; do
41 # Don't treat failures to load vports as fatal error
42 action "Inserting $vport module" modprobe $vport || true
46 insert_mod_if_required () {
47 # If this kernel has no module support, expect we're done.
48 if test ! -e /proc/modules
50 log_success_msg "Kernel has no loadable module support. Skipping modprobe"
54 # If openvswitch is already loaded then we're done.
55 test -e /sys/module/openvswitch -o -e /sys/module/openvswitch_mod && \
58 # Load openvswitch. If that's successful then we're done.
59 insert_mods && return 0
61 # If the bridge module is loaded, then that might be blocking
62 # openvswitch. Try to unload it, if there are no bridges.
63 test -e /sys/module/bridge || return 1
64 bridges=`echo /sys/class/net/*/bridge | sed 's,/sys/class/net/,,g;s,/bridge,,g'`
65 if test "$bridges" != "*"; then
66 log_warning_msg "not removing bridge module because bridges exist ($bridges)"
69 action "removing bridge module" rmmod bridge || return 1
71 # Try loading openvswitch again.
76 ovs-vsctl --no-wait "$@"
80 set ovs_vsctl set Open_vSwitch .
82 OVS_VERSION=`ovs-vswitchd --version | sed 's/.*) //;1q'`
83 set "$@" ovs-version="$OVS_VERSION"
87 id_file=$etcdir/system-id.conf
88 uuid_file=$etcdir/install_uuid.conf
89 if test -e "$id_file"; then
90 SYSTEM_ID=`cat "$id_file"`
91 elif test -e "$uuid_file"; then
92 # Migrate from old file name.
94 SYSTEM_ID=$INSTALLATION_UUID
95 echo "$SYSTEM_ID" > "$id_file"
96 elif SYSTEM_ID=`uuidgen`; then
97 echo "$SYSTEM_ID" > "$id_file"
99 log_failure_msg "missing uuidgen, could not generate system ID"
104 log_failure_msg "system ID not configured, please use --system-id"
110 set "$@" external-ids:system-id="\"$SYSTEM_ID\""
112 if test X"$SYSTEM_TYPE" != X; then
113 set "$@" system-type="\"$SYSTEM_TYPE\""
115 log_failure_msg "no default system type, please use --system-type"
118 if test X"$SYSTEM_VERSION" != X; then
119 set "$@" system-version="\"$SYSTEM_VERSION\""
121 log_failure_msg "no default system version, please use --system-version"
124 action "Configuring Open vSwitch system IDs" "$@" $extra_ids
127 check_force_cores () {
128 if test X"$FORCE_COREFILES" = Xyes; then
133 del_transient_ports () {
134 for port in `ovs-vsctl --bare -- --columns=name find port other_config:transient=true`; do
135 ovs_vsctl -- del-port "$port"
142 if daemon_is_running ovsdb-server; then
143 log_success_msg "ovsdb-server is already running"
145 # Create initial database or upgrade database schema.
146 upgrade_db $DB_FILE $DB_SCHEMA || return 1
148 # Start ovsdb-server.
149 set ovsdb-server "$DB_FILE"
150 for db in $EXTRA_DBS; do
156 if test ! -f "$db"; then
157 log_warning_msg "$db (from \$EXTRA_DBS) does not exist."
158 elif ovsdb-tool db-version "$db" >/dev/null; then
161 log_warning_msg "$db (from \$EXTRA_DBS) cannot be read as a database (see error message above)"
164 set "$@" -vconsole:emer -vsyslog:err -vfile:info
165 set "$@" --remote=punix:"$DB_SOCK"
166 set "$@" --private-key=db:Open_vSwitch,SSL,private_key
167 set "$@" --certificate=db:Open_vSwitch,SSL,certificate
168 set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
169 start_daemon "$OVSDB_SERVER_PRIORITY" "$OVSDB_SERVER_WRAPPER" "$@" \
172 # Initialize database settings.
173 ovs_vsctl -- init -- set Open_vSwitch . db-version="$schemaver" \
175 set_system_ids || return 1
176 if test X"$DELETE_BRIDGES" = Xyes; then
177 for bridge in `ovs_vsctl list-br`; do
178 ovs_vsctl del-br $bridge
181 if test X"$DELETE_TRANSIENT_PORTS" = Xyes; then
188 # Now that ovs-vswitchd has started and completed its initial
189 # configuration, tell ovsdb-server to conenct to the remote managers. We
190 # used to do this at ovsdb-server startup time, but waiting for
191 # ovs-vswitchd to finish configuring means that remote managers see less
192 # churn in the database at startup or restart. (For example, managers
193 # won't briefly see empty datapath-id or ofport columns for records that
195 action "Enabling remote OVSDB managers" \
196 ovs-appctl -t ovsdb-server ovsdb-server/add-remote \
197 db:Open_vSwitch,Open_vSwitch,manager_options
200 start_forwarding () {
203 insert_mod_if_required || return 1
205 if daemon_is_running ovs-vswitchd; then
206 log_success_msg "ovs-vswitchd is already running"
208 # Increase the limit on the number of open file descriptors.
209 # On Linux, ovs-vswitchd needs about three file descriptors
210 # per bridge and "n-handler-threads" file descriptors per bridge
211 # port, so this allows a very large number of bridges and ports.
213 if [ $(ulimit -n) -lt $MAXFD ]; then
217 # Start ovs-vswitchd.
218 set ovs-vswitchd unix:"$DB_SOCK"
219 set "$@" -vconsole:emer -vsyslog:err -vfile:info
220 if test X"$MLOCKALL" != Xno; then
223 start_daemon "$OVS_VSWITCHD_PRIORITY" "$OVS_VSWITCHD_WRAPPER" "$@"
232 stop_daemon ovsdb-server
236 stop_daemon ovs-vswitchd
239 ## ----------------- ##
240 ## force-reload-kmod ##
241 ## ----------------- ##
243 internal_interfaces () {
244 # Outputs a list of internal interfaces:
246 # - There is an internal interface for every bridge, whether it
247 # has an Interface record or not and whether the Interface
248 # record's 'type' is properly set or not.
250 # - There is an internal interface for each Interface record whose
251 # 'type' is 'internal'.
253 # But ignore interfaces that don't really exist.
254 for d in `(ovs_vsctl --bare \
255 -- --columns=name find Interface type=internal \
256 -- list-br) | sort -u`
258 if test -e "/sys/class/net/$d"; then
265 bridges=`ovs_vsctl -- --real list-br`
266 if [ -n "${bridges}" ] && \
267 "$datadir/scripts/ovs-save" "$1" ${bridges} > "$2"; then
271 [ -z "${bridges}" ] && return 0
274 save_ofports_if_required () {
275 # Save OpenFlow port numbers if we are upgrading from a pre-1.10 branch.
277 # (Versions 1.10 and later save OpenFlow port numbers without assistance,
278 # so we don't have to do anything for them.
279 case `ovs-appctl version | sed 1q` in
280 "ovs-vswitchd (Open vSwitch) 1."[0-9].*)
281 action "Saving ofport values" ovs_save save-ofports \
287 save_flows_if_required () {
288 if test X"$DELETE_BRIDGES" != Xyes; then
289 action "Saving flows" ovs_save save-flows "${script_flows}"
294 "$datadir/scripts/ovs-save" save-interfaces ${ifaces} \
295 > "${script_interfaces}"
299 [ -x "${script_ofports}" ] && \
300 action "Restoring ofport values" "${script_ofports}"
303 flow_restore_wait () {
304 ovs_vsctl set open_vswitch . other_config:flow-restore-wait="true"
307 flow_restore_complete () {
308 ovs_vsctl --if-exists remove open_vswitch . other_config \
309 flow-restore-wait="true"
313 [ -x "${script_flows}" ] && \
314 action "Restoring saved flows" "${script_flows}"
317 restore_interfaces () {
318 [ ! -x "${script_interfaces}" ] && return 0
319 action "Restoring interface configuration" "${script_interfaces}"
321 if test $rc = 0; then
326 log="logger -p daemon.$level -t ovs-save"
327 $log "interface restore script exited with status $rc:"
328 $log -f "$script_interfaces"
331 init_restore_scripts () {
332 script_interfaces=`mktemp`
333 script_flows=`mktemp`
334 script_ofports=`mktemp`
335 trap 'rm -f "${script_interfaces}" "${script_flows}" "${script_ofports}"' 0
338 force_reload_kmod () {
339 ifaces=`internal_interfaces`
340 action "Detected internal interfaces: $ifaces" true
343 save_flows_if_required
344 save_ofports_if_required
346 # Restart the database first, since a large database may take a
347 # while to load, and we want to minimize forwarding disruption.
351 # Restore of ofports should happen before vswitchd is restarted.
356 if action "Saving interface configuration" save_interfaces; then
359 log_warning_msg "Failed to save configuration, not replacing kernel module"
364 chmod +x "$script_interfaces"
366 for dp in `ovs-dpctl dump-dps`; do
367 action "Removing datapath: $dp" ovs-dpctl del-dp "$dp"
370 for vport in `awk '/^vport_/ { print $1 }' /proc/modules`; do
371 action "Removing $vport module" rmmod $vport
372 if ! grep -q $vport /proc/modules; then
373 removed_vports="$removed_vports $vport"
377 # try both old and new names in case this is post upgrade
378 if test -e /sys/module/openvswitch_mod; then
379 action "Removing openvswitch module" rmmod openvswitch_mod
380 elif test -e /sys/module/openvswitch; then
381 action "Removing openvswitch module" rmmod openvswitch
384 # Start vswitchd by asking it to wait till flow restore is finished.
388 # Restore saved flows and inform vswitchd that we are done.
390 flow_restore_complete
395 "$datadir/scripts/ovs-check-dead-ifs"
402 save_interfaces_if_required () {
403 # Save interfaces if we are upgrading from a pre-1.10 branch.
404 case `ovs-appctl version | sed 1q` in
405 "ovs-vswitchd (Open vSwitch) 1."[0-9].*)
406 ifaces=`internal_interfaces`
407 action "Detected internal interfaces: $ifaces" true
408 if action "Saving interface configuration" save_interfaces; then
409 chmod +x "$script_interfaces"
416 if daemon_is_running ovsdb-server && daemon_is_running ovs-vswitchd; then
418 save_interfaces_if_required
419 save_flows_if_required
420 save_ofports_if_required
423 # Restart the database first, since a large database may take a
424 # while to load, and we want to minimize forwarding disruption.
428 # Restore of ofports, if required, should happen before vswitchd is
434 # Start vswitchd by asking it to wait till flow restore is finished.
438 # Restore saved flows and inform vswitchd that we are done.
440 flow_restore_complete
443 # Restore the interfaces if required. Return true even if restore fails.
444 restore_interfaces || true
447 ## --------------- ##
448 ## enable-protocol ##
449 ## --------------- ##
452 # Translate the protocol name to a number, because "iptables -n -L" prints
453 # some protocols by name (despite the -n) and therefore we need to look for
456 # (iptables -S output is more uniform but old iptables doesn't have it.)
457 protonum=`grep "^$PROTOCOL[ ]" /etc/protocols | awk '{print $2}'`
458 if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
459 log_failure_msg "unknown protocol $PROTOCOL"
464 match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
465 insert="iptables -I INPUT -p $PROTOCOL"
466 if test X"$DPORT" != X; then
467 name="$name to port $DPORT"
468 match="$match && /dpt:$DPORT/"
469 insert="$insert --dport $DPORT"
471 if test X"$SPORT" != X; then
472 name="$name from port $SPORT"
473 match="$match && /spt:$SPORT/"
474 insert="$insert --sport $SPORT"
476 insert="$insert -j ACCEPT"
478 if (iptables -n -L INPUT) >/dev/null 2>&1; then
479 if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
481 # There's already a rule for this protocol. Don't override it.
482 log_success_msg "iptables already has a rule for $name, not explicitly enabling"
484 action "Enabling $name with iptables" $insert
486 elif (iptables --version) >/dev/null 2>&1; then
487 action "cannot list iptables rules, not adding a rule for $name"
489 action "iptables binary not installed, not adding a rule for $name"
501 DELETE_TRANSIENT_PORTS=no
506 OVSDB_SERVER_PRIORITY=-10
507 OVS_VSWITCHD_PRIORITY=-10
508 OVSDB_SERVER_WRAPPER=
509 OVS_VSWITCHD_WRAPPER=
511 DB_FILE=$dbdir/conf.db
512 DB_SOCK=$rundir/db.sock
513 DB_SCHEMA=$datadir/vswitch.ovsschema
520 type_file=$etcdir/system-type.conf
521 version_file=$etcdir/system-version.conf
523 if test -e "$type_file" ; then
524 SYSTEM_TYPE=`cat $type_file`
525 SYSTEM_VERSION=`cat $version_file`
526 elif (lsb_release --id) >/dev/null 2>&1; then
527 SYSTEM_TYPE=`lsb_release --id -s`
528 system_release=`lsb_release --release -s`
529 system_codename=`lsb_release --codename -s`
530 SYSTEM_VERSION="${system_release}-${system_codename}"
533 SYSTEM_VERSION=unknown
540 $0: controls Open vSwitch daemons
541 usage: $0 [OPTIONS] COMMAND
543 This program is intended to be invoked internally by Open vSwitch startup
544 scripts. System administrators should not normally invoke it directly.
547 start start Open vSwitch daemons
548 stop stop Open vSwitch daemons
549 restart stop and start Open vSwitch daemons
550 status check whether Open vSwitch daemons are running
551 version print versions of Open vSwitch daemons
552 load-kmod insert modules if not already present
553 force-reload-kmod save OVS network device state, stop OVS, unload kernel
554 module, reload kernel module, start OVS, restore state
555 enable-protocol enable protocol specified in options with iptables
556 help display this help message
558 One of the following options is required for "start", "restart" and "force-reload-kmod":
559 --system-id=UUID set specific ID to uniquely identify this system
560 --system-id=random use a random but persistent UUID to identify this system
562 Other important options for "start", "restart" and "force-reload-kmod":
563 --system-type=TYPE set system type (e.g. "XenServer")
564 --system-version=VERSION set system version (e.g. "5.6.100-39265p")
565 --external-id="key=value"
566 add given key-value pair to Open_vSwitch external-ids
567 --delete-bridges delete all bridges just before starting ovs-vswitchd
569 Less important options for "start", "restart" and "force-reload-kmod":
570 --daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD)
571 --no-force-corefiles do not force on core dumps for OVS daemons
572 --no-mlockall do not lock all of ovs-vswitchd into memory
573 --ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
574 --ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
576 Debugging options for "start", "restart" and "force-reload-kmod":
577 --ovsdb-server-wrapper=WRAPPER
578 --ovs-vswitchd-wrapper=WRAPPER
579 --ovs-vswitchd-wrapper=WRAPPER
580 run specified daemon under WRAPPER (either 'valgrind' or 'strace')
582 File location options:
583 --db-file=FILE database file name (default: $DB_FILE)
584 --db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
585 --db-schema=FILE database schema file name (default: $DB_SCHEMA)
587 Options for "enable-protocol":
588 --protocol=PROTOCOL protocol to enable with iptables (default: gre)
589 --sport=PORT source port to match (for tcp or udp protocol)
590 --dport=PORT ddestination port to match (for tcp or udp protocol)
593 -h, --help display this help message
594 -V, --version display version information
596 Default directories with "configure" option and environment variable override:
597 logs: @LOGDIR@ (--with-logdir, OVS_LOGDIR)
598 pidfiles and sockets: @RUNDIR@ (--with-rundir, OVS_RUNDIR)
599 conf.db: @DBDIR@ (--with-dbdir, OVS_DBDIR)
600 system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
601 data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
602 user binaries: @bindir@ (--bindir, OVS_BINDIR)
603 system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)
605 Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
612 var=`echo "$option" | tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
613 eval set=\${$var+yes}
614 eval old_value=\$$var
615 if test X$set = X || \
616 (test $type = bool && \
617 test X"$old_value" != Xno && test X"$old_value" != Xyes); then
618 echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
625 echo ovsdb-server ovs-vswitchd
638 echo "$0 (Open vSwitch) $VERSION"
642 value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
645 extra_ids="$extra_ids external-ids:$value"
648 echo >&2 "$0: --external-id argument not in the form \"key=value\""
654 option=`expr X"$arg" : 'X--\([^=]*\)'`
655 value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
660 option=`expr X"$arg" : 'X--no-\(.*\)'`
666 option=`expr X"$arg" : 'X--\(.*\)'`
672 echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
676 if test X"$command" = X; then
679 echo >&2 "$0: exactly one non-option argument required (use --help for help)"
687 start_ovsdb || exit 1
700 for daemon in `daemons`; do
701 daemon_status $daemon || rc=$?
706 for daemon in `daemons`; do
714 insert_mod_if_required
723 echo >&2 "$0: missing command name (use --help for help)"
727 echo >&2 "$0: unknown command \"$command\" (use --help for help)"