]>
Commit | Line | Data |
---|---|---|
76d5beb9 YT |
1 | How to Install Open vSwitch on Linux, FreeBSD and NetBSD |
2 | ======================================================== | |
4b11d5e8 BP |
3 | |
4 | This document describes how to build and install Open vSwitch on a | |
76d5beb9 YT |
5 | generic Linux, FreeBSD, or NetBSD host. For specifics around installation |
6 | on a specific platform, please see one of these files: | |
4b11d5e8 | 7 | |
6494ea4c BP |
8 | - INSTALL.Debian |
9 | - INSTALL.Fedora | |
10 | - INSTALL.RHEL | |
11 | - INSTALL.XenServer | |
4b11d5e8 BP |
12 | |
13 | Build Requirements | |
14 | ------------------ | |
15 | ||
16 | To compile the userspace programs in the Open vSwitch distribution, | |
17 | you will need the following software: | |
18 | ||
380b39f7 | 19 | - GNU make. |
4b11d5e8 BP |
20 | |
21 | - The GNU C compiler. We generally test with version 4.1, 4.2, or | |
22 | 4.3. | |
23 | ||
24 | - libssl, from OpenSSL, is optional but recommended if you plan to | |
25 | connect the Open vSwitch to an OpenFlow controller. libssl is | |
26 | required to establish confidentiality and authenticity in the | |
f272ec73 BP |
27 | connections from an Open vSwitch to an OpenFlow controller. If |
28 | libssl is installed, then Open vSwitch will automatically build | |
29 | with support for it. | |
4b11d5e8 | 30 | |
97be1538 EJ |
31 | - clang, from LLVM, is optional. It provides useful static semantic |
32 | analyzer and thread-safety check. clang version must be 3.4 or | |
33 | later. For Ubuntu, there are nightly built packages available on | |
34 | clang's website. | |
35 | ||
f6eb6b20 GL |
36 | To compile the kernel module on Linux, you must also install the |
37 | following. If you cannot build or install the kernel module, you may | |
38 | use the userspace-only implementation, at a cost in performance. The | |
d377243b BP |
39 | userspace implementation may also lack some features. Refer to |
40 | INSTALL.userspace for more information. | |
4b11d5e8 BP |
41 | |
42 | - A supported Linux kernel version. Please refer to README for a | |
43 | list of supported versions. | |
44 | ||
45 | The Open vSwitch datapath requires bridging support | |
46 | (CONFIG_BRIDGE) to be built as a kernel module. (This is common | |
47 | in kernels provided by Linux distributions.) The bridge module | |
48 | must not be loaded or in use. If the bridge module is running | |
49 | (check with "lsmod | grep bridge"), you must remove it ("rmmod | |
50 | bridge") before starting the datapath. | |
51 | ||
52 | For optional support of ingress policing, you must enable kernel | |
f8500004 JP |
53 | configuration options NET_CLS_BASIC, NET_SCH_INGRESS, and |
54 | NET_ACT_POLICE, either built-in or as modules. (NET_CLS_POLICE is | |
55 | obsolete and not needed.) | |
4b11d5e8 | 56 | |
2be0b371 JG |
57 | To use GRE tunneling on Linux 2.6.37 or newer, kernel support |
58 | for GRE must be compiled in or available as a module | |
59 | (CONFIG_NET_IPGRE_DEMUX). | |
6f470982 | 60 | |
c9d3af4e BP |
61 | To configure HTB or HFSC quality of service with Open vSwitch, |
62 | you must enable the respective configuration options. | |
63 | ||
26bb189d BP |
64 | To use Open vSwitch support for TAP devices, you must enable |
65 | CONFIG_TUN. | |
66 | ||
4b11d5e8 BP |
67 | - To build a kernel module, you need the same version of GCC that |
68 | was used to build that kernel. | |
69 | ||
70 | - A kernel build directory corresponding to the Linux kernel image | |
71 | the module is to run on. Under Debian and Ubuntu, for example, | |
72 | each linux-image package containing a kernel binary has a | |
73 | corresponding linux-headers package with the required build | |
74 | infrastructure. | |
75 | ||
76 | If you are working from a Git tree or snapshot (instead of from a | |
c9d3af4e BP |
77 | distribution tarball), or if you modify the Open vSwitch build system |
78 | or the database schema, you will also need the following software: | |
4b11d5e8 | 79 | |
55aa00e0 | 80 | - Autoconf version 2.64 or later. |
4b11d5e8 BP |
81 | |
82 | - Automake version 1.10 or later. | |
83 | ||
195b5c35 BP |
84 | - Python 2.x, for x >= 4. |
85 | ||
436f27dd AS |
86 | If you modify the ovsdbmonitor tool, then you will also need the |
87 | following: | |
88 | ||
89 | - pyuic4 from PyQt4 (http://www.riverbankcomputing.co.uk). | |
90 | ||
c9d3af4e BP |
91 | To run the unit tests, you also need: |
92 | ||
93 | - Perl. Version 5.10.1 is known to work. Earlier versions should | |
94 | also work. | |
95 | ||
f8d739a9 BP |
96 | If you modify the vswitchd database schema, then the E-R diagram in |
97 | the ovs-vswitchd.conf.db(5) manpage will be updated properly only if | |
98 | you have the following: | |
99 | ||
100 | - "dot" from graphviz (http://www.graphviz.org/). | |
101 | ||
c9d3af4e BP |
102 | - Perl. Version 5.10.1 is known to work. Earlier versions should |
103 | also work. | |
104 | ||
105 | - Python 2.x, for x >= 4. | |
106 | ||
f8f26e98 BP |
107 | If you are going to extensively modify Open vSwitch, please consider |
108 | installing the following to obtain better warnings: | |
109 | ||
110 | - "sparse" version 0.4.4 or later | |
111 | (http://www.kernel.org/pub/software/devel/sparse/dist/). | |
112 | ||
113 | - GNU make. | |
114 | ||
97be1538 EJ |
115 | - clang, version 3.4 or later |
116 | ||
fef5244f EJ |
117 | Also, you may find the ovs-dev script found in utilities/ovs-dev.py useful. |
118 | ||
4b11d5e8 BP |
119 | Installation Requirements |
120 | ------------------------- | |
121 | ||
122 | The machine on which Open vSwitch is to be installed must have the | |
123 | following software: | |
124 | ||
125 | - libc compatible with the libc used for build. | |
126 | ||
127 | - libssl compatible with the libssl used for build, if OpenSSL was | |
128 | used for the build. | |
129 | ||
f6eb6b20 | 130 | - On Linux, the same kernel version configured as part of the build. |
4b11d5e8 | 131 | |
f6eb6b20 GL |
132 | - For optional support of ingress policing on Linux, the "tc" program |
133 | from iproute2 (part of all major distributions and available at | |
4b11d5e8 BP |
134 | http://www.linux-foundation.org/en/Net:Iproute2). |
135 | ||
f6eb6b20 GL |
136 | On Linux you should ensure that /dev/urandom exists. To support TAP |
137 | devices, you must also ensure that /dev/net/tun exists. | |
6e8e271c | 138 | |
2ac7bbf5 | 139 | To run the ovsdbmonitor tool, the machine must also have the following |
436f27dd AS |
140 | software: |
141 | ||
142 | - Python 2.x, for x >= 4. | |
143 | ||
144 | - Python Twisted Conch. | |
145 | ||
146 | - Python JSON. | |
147 | ||
148 | - PySide or PyQt4. | |
149 | ||
150 | - Python Zope interface module. | |
151 | ||
152 | (On Debian "lenny" the above can be installed with "apt-get install | |
153 | python-json python-qt4 python-zopeinterface python-twisted-conch".) | |
154 | ||
76d5beb9 YT |
155 | Building and Installing Open vSwitch for Linux, FreeBSD or NetBSD |
156 | ================================================================= | |
4b11d5e8 BP |
157 | |
158 | Once you have installed all the prerequisites listed above in the Base | |
159 | Prerequisites section, follow the procedure below to build. | |
160 | ||
f6eb6b20 | 161 | 1. If you pulled the sources directly from an Open vSwitch Git tree, |
30746a1b JP |
162 | run boot.sh in the top source directory: |
163 | ||
164 | % ./boot.sh | |
165 | ||
166 | 2. In the top source directory, configure the package by running the | |
4b11d5e8 BP |
167 | configure script. You can usually invoke configure without any |
168 | arguments: | |
169 | ||
170 | % ./configure | |
171 | ||
172 | By default all files are installed under /usr/local. If you want | |
173 | to install into, e.g., /usr and /var instead of /usr/local and | |
174 | /usr/local/var, add options as shown here: | |
175 | ||
176 | % ./configure --prefix=/usr --localstatedir=/var | |
177 | ||
178 | To use a specific C compiler for compiling Open vSwitch user | |
179 | programs, also specify it on the configure command line, like so: | |
180 | ||
181 | % ./configure CC=gcc-4.2 | |
182 | ||
97be1538 EJ |
183 | To use 'clang' compiler: |
184 | ||
185 | % ./configure CC=clang | |
186 | ||
4b11d5e8 BP |
187 | To build the Linux kernel module, so that you can run the |
188 | kernel-based switch, pass the location of the kernel build | |
338fb44a | 189 | directory on --with-linux. For example, to build for a running |
8a2d6596 | 190 | instance of Linux: |
4b11d5e8 | 191 | |
8a2d6596 | 192 | % ./configure --with-linux=/lib/modules/`uname -r`/build |
4b11d5e8 BP |
193 | |
194 | If you wish to build the kernel module for an architecture other | |
195 | than the architecture of the machine used for the build, you may | |
196 | specify the kernel architecture string using the KARCH variable | |
197 | when invoking the configure script. For example, to build for MIPS | |
8a2d6596 | 198 | with Linux: |
4b11d5e8 | 199 | |
22bcc0e7 | 200 | % ./configure --with-linux=/path/to/linux KARCH=mips |
4b11d5e8 BP |
201 | |
202 | The configure script accepts a number of other options and honors | |
203 | additional environment variables. For a full list, invoke | |
204 | configure with the --help option. | |
205 | ||
380b39f7 | 206 | 3. Run GNU make in the top source directory, e.g.: |
4b11d5e8 BP |
207 | |
208 | % make | |
209 | ||
380b39f7 BP |
210 | or if GNU make is installed as "gmake": |
211 | ||
212 | % gmake | |
f6eb6b20 | 213 | |
f8f26e98 | 214 | For improved warnings if you installed "sparse" (see |
380b39f7 | 215 | "Prerequisites"), add C=1 to the command line. |
f8f26e98 | 216 | |
875ef81b KM |
217 | 4. Consider running the testsuite. Refer to "Running the Testsuite" |
218 | below, for instructions. | |
4b11d5e8 | 219 | |
875ef81b KM |
220 | 5. Become root by running "su" or another program. |
221 | ||
222 | 6. Run "make install" to install the executables and manpages into the | |
4b11d5e8 BP |
223 | running system, by default under /usr/local. |
224 | ||
ffd6065a | 225 | 7. If you built kernel modules, you may install and load them, e.g.: |
4b11d5e8 | 226 | |
ffd6065a JG |
227 | % make modules_install |
228 | % /sbin/modprobe openvswitch | |
4b11d5e8 | 229 | |
4b11d5e8 | 230 | To verify that the modules have been loaded, run "/sbin/lsmod" and |
9b80f761 | 231 | check that openvswitch is listed. |
4b11d5e8 | 232 | |
ffd6065a | 233 | If the "modprobe" operation fails, look at the last few kernel log |
dd2d79ce BP |
234 | messages (e.g. with "dmesg | tail"): |
235 | ||
9b80f761 | 236 | - The message "openvswitch: exports duplicate symbol |
dd2d79ce BP |
237 | br_should_route_hook (owned by bridge)" means that the bridge |
238 | module is loaded. Run "/sbin/rmmod bridge" to remove it. | |
239 | ||
240 | If "/sbin/rmmod bridge" fails with "ERROR: Module bridge does | |
241 | not exist in /proc/modules", then the bridge is compiled into | |
242 | the kernel, rather than as a module. Open vSwitch does not | |
243 | support this configuration (see "Build Requirements", above). | |
244 | ||
9b80f761 | 245 | - The message "openvswitch: exports duplicate symbol |
dd2d79ce BP |
246 | dp_ioctl_hook (owned by ofdatapath)" means that the ofdatapath |
247 | module from the OpenFlow reference implementation is loaded. | |
248 | Run "/sbin/rmmod ofdatapath" to remove it. (You might have to | |
249 | delete any existing datapaths beforehand, using the "dpctl" | |
250 | program included with the OpenFlow reference implementation. | |
251 | "ovs-dpctl" will not work.) | |
252 | ||
253 | - Otherwise, the most likely problem is that Open vSwitch was | |
254 | built for a kernel different from the one into which you are | |
9b80f761 | 255 | trying to load it. Run "modinfo" on openvswitch.ko and on |
dd2d79ce BP |
256 | a module built for the running kernel, e.g.: |
257 | ||
9b80f761 | 258 | % /sbin/modinfo openvswitch.ko |
dd2d79ce BP |
259 | % /sbin/modinfo /lib/modules/`uname -r`/kernel/net/bridge/bridge.ko |
260 | ||
261 | Compare the "vermagic" lines output by the two commands. If | |
262 | they differ, then Open vSwitch was built for the wrong kernel. | |
263 | ||
264 | - If you decide to report a bug or ask a question related to | |
265 | module loading, please include the output from the "dmesg" and | |
266 | "modinfo" commands mentioned above. | |
267 | ||
9b80f761 | 268 | There is an optional module parameter to openvswitch.ko called |
3f6256af JG |
269 | vlan_tso that enables TCP segmentation offload over VLANs on NICs |
270 | that support it. Many drivers do not expose support for TSO on VLANs | |
271 | in a way that Open vSwitch can use but there is no way to detect | |
272 | whether this is the case. If you know that your particular driver can | |
273 | handle it (for example by testing sending large TCP packets over VLANs) | |
274 | then passing in a value of 1 may improve performance. Modules built for | |
431488e6 BP |
275 | Linux kernels 2.6.37 and later, as well as specially patched versions |
276 | of earlier kernels, do not need this and do not have this parameter. If | |
277 | you do not understand what this means or do not know if your driver | |
278 | will work, do not set this. | |
3f6256af | 279 | |
875ef81b | 280 | 8. Initialize the configuration database using ovsdb-tool, e.g.: |
4b11d5e8 | 281 | |
028415b6 BP |
282 | % mkdir -p /usr/local/etc/openvswitch |
283 | % ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema | |
4b11d5e8 | 284 | |
3b12adda BP |
285 | Startup |
286 | ======= | |
4b11d5e8 | 287 | |
3b12adda | 288 | Before starting ovs-vswitchd itself, you need to start its |
cb8141b2 BP |
289 | configuration database, ovsdb-server. Each machine on which Open |
290 | vSwitch is installed should run its own copy of ovsdb-server. | |
291 | Configure it to use the database you created during step 7 of | |
8084a280 BP |
292 | installation, above, to listen on a Unix domain socket, to connect to |
293 | any managers specified in the database itself, and to use the SSL | |
294 | configuration in the database: | |
295 | ||
29701194 | 296 | % ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \ |
6faab099 JP |
297 | --remote=db:Open_vSwitch,Open_vSwitch,manager_options \ |
298 | --private-key=db:Open_vSwitch,SSL,private_key \ | |
299 | --certificate=db:Open_vSwitch,SSL,certificate \ | |
300 | --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \ | |
29701194 | 301 | --pidfile --detach |
3b12adda | 302 | |
d3e3fb58 BP |
303 | (If you built Open vSwitch without SSL support, then omit |
304 | --private-key, --certificate, and --bootstrap-ca-cert.) | |
305 | ||
de4f3c10 | 306 | Then initialize the database using ovs-vsctl. This is only |
332b4e09 BP |
307 | necessary the first time after you create the database with |
308 | ovsdb-tool (but running it at any time is harmless): | |
309 | ||
de4f3c10 | 310 | % ovs-vsctl --no-wait init |
332b4e09 | 311 | |
3b12adda BP |
312 | Then start the main Open vSwitch daemon, telling it to connect to the |
313 | same Unix domain socket: | |
314 | ||
80df177a | 315 | % ovs-vswitchd --pidfile --detach |
3b12adda BP |
316 | |
317 | Now you may use ovs-vsctl to set up bridges and other Open vSwitch | |
318 | features. For example, to create a bridge named br0 and add ports | |
319 | eth0 and vif1.0 to it: | |
320 | ||
321 | % ovs-vsctl add-br br0 | |
322 | % ovs-vsctl add-port br0 eth0 | |
323 | % ovs-vsctl add-port br0 vif1.0 | |
324 | ||
325 | Please refer to ovs-vsctl(8) for more details. | |
4b11d5e8 | 326 | |
8b055d92 BP |
327 | Upgrading |
328 | ========= | |
329 | ||
330 | When you upgrade Open vSwitch from one version to another, you should | |
331 | also upgrade the database schema: | |
332 | ||
333 | 1. Stop the Open vSwitch daemons, e.g.: | |
334 | ||
012f5c4b | 335 | % kill `cd /usr/local/var/run/openvswitch && cat ovsdb-server.pid ovs-vswitchd.pid` |
8b055d92 BP |
336 | |
337 | 2. Install the new Open vSwitch release. | |
338 | ||
339 | 3. Upgrade the database, in one of the following two ways: | |
340 | ||
341 | - If there is no important data in your database, then you may | |
342 | delete the database file and recreate it with ovsdb-tool, | |
343 | following the instructions under "Building and Installing Open | |
76d5beb9 | 344 | vSwitch for Linux, FreeBSD or NetBSD". |
8b055d92 BP |
345 | |
346 | - If you want to preserve the contents of your database, back it | |
347 | up first, then use "ovsdb-tool convert" to upgrade it, e.g.: | |
348 | ||
028415b6 | 349 | % ovsdb-tool convert /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema |
8b055d92 BP |
350 | |
351 | 4. Start the Open vSwitch daemons as described under "Building and | |
76d5beb9 | 352 | Installing Open vSwitch for Linux, FreeBSD or NetBSD" above. |
8b055d92 | 353 | |
4e375050 GS |
354 | Hot Upgrading |
355 | ============= | |
356 | Upgrading Open vSwitch from one version to the next version with minimum | |
357 | disruption of traffic going through the system that is using that Open vSwitch | |
358 | needs some considerations: | |
359 | ||
360 | 1. If the upgrade only involves upgrading the userspace utilities and daemons | |
361 | of Open vSwitch, make sure that the new userspace version is compatible with | |
362 | the previously loaded kernel module. | |
363 | ||
364 | 2. An upgrade of userspace daemons means that they have to be restarted. | |
365 | Restarting the daemons means that the Openflow flows in the ovs-vswitchd daemon | |
366 | will be lost. One way to restore the flows is to let the controller | |
367 | re-populate it. Another way is to save the previous flows using a utility | |
368 | like ovs-ofctl and then re-add them after the restart. Restoring the old flows | |
369 | is accurate only if the new Open vSwitch interfaces retain the old 'ofport' | |
370 | values. | |
371 | ||
372 | 3. When the new userspace daemons get restarted, they automatically flush | |
373 | the old flows setup in the kernel. This can be expensive if there are hundreds | |
374 | of new flows that are entering the kernel but userspace daemons are busy | |
375 | setting up new userspace flows from either the controller or an utility like | |
376 | ovs-ofctl. Open vSwitch database provides an option to solve this problem | |
377 | through the other_config:flow-restore-wait column of the Open_vSwitch table. | |
378 | Refer to the ovs-vswitchd.conf.db(5) manpage for details. | |
379 | ||
380 | 4. If the upgrade also involves upgrading the kernel module, the old kernel | |
381 | module needs to be unloaded and the new kernel module should be loaded. This | |
382 | means that the kernel network devices belonging to Open vSwitch is recreated | |
383 | and the kernel flows are lost. The downtime of the traffic can be reduced | |
384 | if the userspace daemons are restarted immediately and the userspace flows | |
385 | are restored as soon as possible. | |
386 | ||
387 | The ovs-ctl utility's "restart" function only restarts the userspace daemons, | |
388 | makes sure that the 'ofport' values remain consistent across restarts, restores | |
389 | userspace flows using the ovs-ofctl utility and also uses the | |
390 | other_config:flow-restore-wait column to keep the traffic downtime to the | |
391 | minimum. The ovs-ctl utility's "force-reload-kmod" function does all of the | |
392 | above, but also replaces the old kernel module with the new one. Open vSwitch | |
393 | startup scripts for Debian, XenServer and RHEL use ovs-ctl's functions and it | |
394 | is recommended that these functions be used for other software platforms too. | |
395 | ||
875ef81b KM |
396 | Running the Testsuite |
397 | ===================== | |
398 | ||
399 | Open vSwitch includes a testsuite. Before you submit patches | |
400 | upstream, we advise that you run the tests and ensure that they pass. | |
401 | If you add new features to Open vSwitch, then adding tests for those | |
402 | features will ensure your features don't break as developers modify | |
403 | other areas of Open vSwitch. | |
404 | ||
405 | You must configure and build Open vSwitch (steps 1 through 3 in | |
76d5beb9 | 406 | "Building and Installing Open vSwitch for Linux, FreeBSD or NetBSD" above) |
875ef81b KM |
407 | before you run the testsuite. You do not need to install Open vSwitch |
408 | or to build or load the kernel module to run the testsuite. You do | |
409 | not need supervisor privilege to run the testsuite. | |
410 | ||
411 | To run all the unit tests in Open vSwitch, one at a time: | |
412 | make check | |
413 | This takes under 5 minutes on a modern desktop system. | |
414 | ||
415 | To run all the unit tests in Open vSwitch, up to 8 in parallel: | |
416 | make check TESTSUITEFLAGS=-j8 | |
417 | This takes under a minute on a modern 4-core desktop system. | |
418 | ||
419 | To see a list of all the available tests, run: | |
420 | make check TESTSUITEFLAGS=--list | |
421 | ||
422 | To run only a subset of tests, e.g. test 123 and tests 477 through 484: | |
423 | make check TESTSUITEFLAGS='123 477-484' | |
424 | (Tests do not have inter-dependencies, so you may run any subset.) | |
425 | ||
426 | To run tests matching a keyword, e.g. "ovsdb": | |
427 | make check TESTSUITEFLAGS='-k ovsdb' | |
428 | ||
429 | To see a complete list of test options: | |
430 | make check TESTSUITEFLAGS=--help | |
431 | ||
432 | The results of a testing run are reported in tests/testsuite.log. | |
433 | Please report test failures as bugs and include the testsuite.log in | |
434 | your report. | |
435 | ||
436 | If you have "valgrind" installed, then you can also run the testsuite | |
437 | under valgrind by using "make check-valgrind" in place of "make | |
438 | check". All the same options are available via TESTSUITEFLAGS. When | |
439 | you do this, the "valgrind" results for test <N> are reported in files | |
440 | named tests/testsuite.dir/<N>/valgrind.*. You may find that the | |
441 | valgrind results are easier to interpret if you put "-q" in | |
447fe5cf | 442 | ~/.valgrindrc, since that reduces the amount of output. |
875ef81b KM |
443 | |
444 | Sometimes a few tests may fail on some runs but not others. This is | |
445 | usually a bug in the testsuite, not a bug in Open vSwitch itself. If | |
446 | you find that a test fails intermittently, please report it, since the | |
447 | developers may not have noticed. | |
448 | ||
4b11d5e8 BP |
449 | Bug Reporting |
450 | ------------- | |
451 | ||
37ea6436 | 452 | Please report problems to bugs@openvswitch.org. |