[mirror_ovs.git] / INSTALL.XenServer.md

How to Install Open vSwitch on Citrix XenServer
===============================================

This document describes how to build and install Open vSwitch on a
Citrix XenServer host.  If you want to install Open vSwitch on a
generic Linux or BSD host, see [INSTALL.md] instead.

Open vSwitch should work with XenServer 5.6.100 and later.  However,
Open vSwitch requires Python 2.7 or later, so using Open vSwitch with
XenServer 6.5 or earlier requires installing Python 2.7.


Building Open vSwitch for XenServer
-----------------------------------

You may build from an Open vSwitch distribution tarball or from an
Open vSwitch Git tree.  The recommended build environment to build
RPMs for Citrix XenServer is the DDK VM available from Citrix.

1. If you are building from an Open vSwitch Git tree, then you will
   need to first create a distribution tarball by running `./boot.sh;
   ./configure; make dist` in the Git tree.  You cannot run this in
   the DDK VM, because it lacks tools that are necessary to bootstrap
   the Open vSwitch distribution.  Instead, you must run this on a
   machine that has the tools listed in [INSTALL.md] as prerequisites
   for building from a Git tree.

2. Copy the distribution tarball into /usr/src/redhat/SOURCES inside
   the DDK VM.

3. In the DDK VM, unpack the distribution tarball into a temporary
   directory and "cd" into the root of the distribution tarball.

4. To build Open vSwitch userspace, run:

       `rpmbuild -bb xenserver/openvswitch-xen.spec`

   This produces three RPMs in /usr/src/redhat/RPMS/i386:
   "openvswitch", "openvswitch-modules-xen", and
   "openvswitch-debuginfo".

   The above command automatically runs the Open vSwitch unit tests.
   To disable the unit tests, run:

       `rpmbuild -bb --without check xenserver/openvswitch-xen.spec`

Build Parameters
----------------

openvswitch-xen.spec needs to know a number of pieces of information
about the XenServer kernel.  Usually, it can figure these out for
itself, but if it does not do it correctly then you can specify them
yourself as parameters to the build.  Thus, the final "rpmbuild" step
above can be elaborated as:

   ```
   VERSION=<Open vSwitch version>
   KERNEL_NAME=<Xen Kernel name>
   KERNEL_VERSION=<Xen Kernel version>
   KERNEL_FLAVOR=<Xen Kernel flavor(suffix) >
   rpmbuild \
        -D "openvswitch_version $VERSION" \
        -D "kernel_name $KERNEL_NAME" \
        -D "kernel_version $KERNEL_VERSION" \
        -D "kernel_flavor $KERNEL_FLAVOR" \
        -bb xenserver/openvswitch-xen.spec
   ```

where:

    `<openvswitch version>` is the version number that appears in the
    name of the Open vSwitch tarball, e.g. 0.90.0.

    `<Xen Kernel name>` is the name of the XenServer kernel package,
    e.g. kernel-xen or kernel-NAME-xen, without the "kernel-" prefix.

    `<Xen Kernel version>` is the output of:
    rpm -q --queryformat "%{Version}-%{Release}" <kernel-devel-package>,
    e.g. 2.6.32.12-0.7.1.xs5.6.100.323.170596, where <kernel-devel-package> is
    the name of the -devel package corresponding to <Xen Kernel name>.

    `<Xen Kernel flavor (suffix) >` is either "xen" or "kdump".
    The "xen" flavor is the main running kernel flavor and the "kdump" flavor is
    the crashdump kernel flavor. Commonly, one would specify "xen" here.

For XenServer 6.5 or above, the kernel version naming no longer contains
KERNEL_FLAVOR.  In fact, only providing the `uname -r` output is enough.
So, the final "rpmbuild" step changes to:

   ```
   KERNEL_UNAME=<`uname -r` output>
   rpmbuild \
        -D "kenel_uname $KERNEL_UNAME" \
        -bb xenserver/openvswitch-xen.spec
   ```


Installing Open vSwitch for XenServer
-------------------------------------

To install Open vSwitch on a XenServer host, or to upgrade to a newer version,
copy the "openvswitch" and "openvswitch-modules-xen" RPMs to that host with
"scp", then install them with "rpm -U", e.g.:

     ```
     scp openvswitch-$VERSION-1.i386.rpm \
         openvswitch-modules-xen-$XEN_KERNEL_VERSION-$VERSION-1.i386.rpm \
         root@<host>:
(At this point you will have to enter <host>'s root password.)
     ssh root@<host>
(At this point you will have to enter <host>'s root password again.)
     rpm -U openvswitch-$VERSION-1.i386.rpm \
         openvswitch-modules-xen-$XEN_KERNEL_VERSION-$VERSION-1.i386.rpm
     ```

To uninstall Open vSwitch from a XenServer host, remove the packages:

     `ssh root@<host>`
(At this point you will have to enter <host>'s root password again.)
     `rpm -e openvswitch openvswitch-modules-xen-$XEN_KERNEL_VERSION`

After installing or uninstalling Open vSwitch, the XenServer should be
rebooted as soon as possible.

Open vSwitch Boot Sequence on XenServer
---------------------------------------

When Open vSwitch is installed on XenServer, its startup script
/etc/init.d/openvswitch runs early in boot.  It does roughly the
following:

        * Loads the OVS kernel module, openvswitch.

        * Starts ovsdb-server, the OVS configuration database.

        * XenServer expects there to be no bridges configured at
          startup, but the OVS configuration database likely still has
          bridges configured from before reboot.  To match XenServer
          expectations, the startup script deletes all configured
          bridges from the database.

        * Starts ovs-vswitchd, the OVS switching daemon.

At this point in the boot process, then, there are no Open vSwitch
bridges, even though all of the Open vSwitch daemons are running.
Later on in boot, /etc/init.d/management-interface (part of XenServer,
not Open vSwitch) creates the bridge for the XAPI management interface
by invoking /opt/xensource/libexec/interface-reconfigure.  Normally
this program consults XAPI's database to obtain information about how
to configure the bridge, but XAPI is not running yet[*] so it instead
consults /var/xapi/network.dbcache, which is a cached copy of the most
recent network configuration.

[*] Even if XAPI were running, if this XenServer node is a pool slave
    then the query would have to consult the master, which requires
    network access, which begs the question of how to configure the
    management interface.

XAPI starts later on in the boot process.  XAPI can then create other
bridges on demand using /opt/xensource/libexec/interface-reconfigure.
Now that XAPI is running, that program consults XAPI directly instead
of reading the cache.

As part of its own startup, XAPI invokes the Open vSwitch XAPI plugin
script /etc/xapi.d/openvswitch-cfg-update passing the "update"
command.  The plugin script does roughly the following:

        * Calls /opt/xensource/libexec/interface-reconfigure with the
          "rewrite" command, to ensure that the network cache is
          up-to-date.

        * Queries the Open vSwitch manager setting (named
          "vswitch_controller") from the XAPI database for the
          XenServer pool.

        * If XAPI and OVS are configured for different managers, or if
          OVS is configured for a manager but XAPI is not, runs
          "ovs-vsctl emer-reset" to bring the Open vSwitch
          configuration to a known state.  One effect of emer-reset is
          to deconfigure any manager from the OVS database.

        * If XAPI is configured for a manager, configures the OVS
          manager to match with "ovs-vsctl set-manager".

Notes
-----

* The Open vSwitch boot sequence only configures an OVS configuration
database manager.  There is no way to directly configure an OpenFlow
controller on XenServer and, as a consequence of the step above that
deletes all of the bridges at boot time, controller configuration only
persists until XenServer reboot.  The configuration database manager
can, however, configure controllers for bridges.  See the BUGS section
of ovs-testcontroller(8) for more information on this topic.

* The Open vSwitch startup script automatically adds a firewall rule
to allow GRE traffic. This rule is needed for the XenServer feature
called "Cross-Host Internal Networks" (CHIN) that uses GRE. If a user
configures tunnels other than GRE (ex: Geneve, VXLAN, LISP), they will have
to either manually add a iptables firewall rule to allow the tunnel traffic
or add it through a startup script (Please refer to the "enable-protocol"
command in the ovs-ctl(8) manpage).

Reporting Bugs
--------------

Please report problems to bugs@openvswitch.org.

[INSTALL.md]:INSTALL.md
Commit	Line	Data
542cc9bb TG	1	How to Install Open vSwitch on Citrix XenServer
542cc9bb TG	2	===============================================
4b11d5e8 BP	3
4b11d5e8 BP	4	This document describes how to build and install Open vSwitch on a
a320b341	5	Citrix XenServer host. If you want to install Open vSwitch on a
9feb1017	6	generic Linux or BSD host, see [INSTALL.md] instead.
4b11d5e8	7
e23812fc BP	8	Open vSwitch should work with XenServer 5.6.100 and later. However,
	9	Open vSwitch requires Python 2.7 or later, so using Open vSwitch with
	10	XenServer 6.5 or earlier requires installing Python 2.7.
	11
a320b341	12
4b11d5e8 BP	13	Building Open vSwitch for XenServer
	14	-----------------------------------
	15
7b007006 BP	16	You may build from an Open vSwitch distribution tarball or from an
	17	Open vSwitch Git tree. The recommended build environment to build
	18	RPMs for Citrix XenServer is the DDK VM available from Citrix.
	19
	20	1. If you are building from an Open vSwitch Git tree, then you will
542cc9bb TG	21	need to first create a distribution tarball by running `./boot.sh;
542cc9bb TG	22	./configure; make dist` in the Git tree. You cannot run this in
7b007006 BP	23	the DDK VM, because it lacks tools that are necessary to bootstrap
7b007006 BP	24	the Open vSwitch distribution. Instead, you must run this on a
9feb1017 TG	25	machine that has the tools listed in [INSTALL.md] as prerequisites
9feb1017 TG	26	for building from a Git tree.
7b007006 BP	27
	28	2. Copy the distribution tarball into /usr/src/redhat/SOURCES inside
	29	the DDK VM.
	30
	31	3. In the DDK VM, unpack the distribution tarball into a temporary
	32	directory and "cd" into the root of the distribution tarball.
	33
	34	4. To build Open vSwitch userspace, run:
	35
542cc9bb	36	`rpmbuild -bb xenserver/openvswitch-xen.spec`
7b007006 BP	37
	38	This produces three RPMs in /usr/src/redhat/RPMS/i386:
	39	"openvswitch", "openvswitch-modules-xen", and
	40	"openvswitch-debuginfo".
	41
329cf232 GS	42	The above command automatically runs the Open vSwitch unit tests.
	43	To disable the unit tests, run:
	44
542cc9bb	45	`rpmbuild -bb --without check xenserver/openvswitch-xen.spec`
329cf232	46
7b007006 BP	47	Build Parameters
	48	----------------
	49
	50	openvswitch-xen.spec needs to know a number of pieces of information
	51	about the XenServer kernel. Usually, it can figure these out for
	52	itself, but if it does not do it correctly then you can specify them
	53	yourself as parameters to the build. Thus, the final "rpmbuild" step
	54	above can be elaborated as:
4b11d5e8	55
542cc9bb	56	```
4b11d5e8	57	VERSION=<Open vSwitch version>
97658708 SL	58	KERNEL_NAME=<Xen Kernel name>
	59	KERNEL_VERSION=<Xen Kernel version>
	60	KERNEL_FLAVOR=<Xen Kernel flavor(suffix) >
4b11d5e8	61	rpmbuild \
bc391960	62	-D "openvswitch_version $VERSION" \
97658708 SL	63	-D "kernel_name $KERNEL_NAME" \
	64	-D "kernel_version $KERNEL_VERSION" \
	65	-D "kernel_flavor $KERNEL_FLAVOR" \
7b007006	66	-bb xenserver/openvswitch-xen.spec
542cc9bb	67	```
4b11d5e8 BP	68
	69	where:
	70
542cc9bb	71	`<openvswitch version>` is the version number that appears in the
4b11d5e8 BP	72	name of the Open vSwitch tarball, e.g. 0.90.0.
4b11d5e8 BP	73
542cc9bb	74	`<Xen Kernel name>` is the name of the XenServer kernel package,
b080ed09	75	e.g. kernel-xen or kernel-NAME-xen, without the "kernel-" prefix.
97658708	76
542cc9bb	77	`<Xen Kernel version>` is the output of:
b080ed09 BP	78	rpm -q --queryformat "%{Version}-%{Release}" <kernel-devel-package>,
	79	e.g. 2.6.32.12-0.7.1.xs5.6.100.323.170596, where <kernel-devel-package> is
	80	the name of the -devel package corresponding to <Xen Kernel name>.
97658708	81
542cc9bb	82	`<Xen Kernel flavor (suffix) >` is either "xen" or "kdump".
97658708 SL	83	The "xen" flavor is the main running kernel flavor and the "kdump" flavor is
97658708 SL	84	the crashdump kernel flavor. Commonly, one would specify "xen" here.
4b11d5e8	85
5748c7e9	86	For XenServer 6.5 or above, the kernel version naming no longer contains
2c3f6a74 EC	87	KERNEL_FLAVOR. In fact, only providing the `uname -r` output is enough.
2c3f6a74 EC	88	So, the final "rpmbuild" step changes to:
5748c7e9 EC	89
5748c7e9 EC	90	```
2c3f6a74	91	KERNEL_UNAME=<`uname -r` output>
5748c7e9	92	rpmbuild \
2c3f6a74	93	-D "kenel_uname $KERNEL_UNAME" \
5748c7e9 EC	94	-bb xenserver/openvswitch-xen.spec
	95	```
	96
5748c7e9	97
4b11d5e8 BP	98	Installing Open vSwitch for XenServer
	99	-------------------------------------
	100
a2bfbad7 AE	101	To install Open vSwitch on a XenServer host, or to upgrade to a newer version,
	102	copy the "openvswitch" and "openvswitch-modules-xen" RPMs to that host with
	103	"scp", then install them with "rpm -U", e.g.:
4b11d5e8	104
542cc9bb	105	```
a2bfbad7 AE	106	scp openvswitch-$VERSION-1.i386.rpm \
	107	openvswitch-modules-xen-$XEN_KERNEL_VERSION-$VERSION-1.i386.rpm \
	108	root@<host>:
	109	(At this point you will have to enter <host>'s root password.)
4b11d5e8	110	ssh root@<host>
a2bfbad7 AE	111	(At this point you will have to enter <host>'s root password again.)
	112	rpm -U openvswitch-$VERSION-1.i386.rpm \
	113	openvswitch-modules-xen-$XEN_KERNEL_VERSION-$VERSION-1.i386.rpm
542cc9bb	114	```
4b11d5e8	115
a2bfbad7	116	To uninstall Open vSwitch from a XenServer host, remove the packages:
4b11d5e8	117
542cc9bb	118	`ssh root@<host>`
a2bfbad7	119	(At this point you will have to enter <host>'s root password again.)
542cc9bb	120	`rpm -e openvswitch openvswitch-modules-xen-$XEN_KERNEL_VERSION`
4b11d5e8 BP	121
	122	After installing or uninstalling Open vSwitch, the XenServer should be
	123	rebooted as soon as possible.
	124
be559760 BP	125	Open vSwitch Boot Sequence on XenServer
	126	---------------------------------------
	127
	128	When Open vSwitch is installed on XenServer, its startup script
	129	/etc/init.d/openvswitch runs early in boot. It does roughly the
	130	following:
	131
9b80f761	132	* Loads the OVS kernel module, openvswitch.
be559760 BP	133
	134	* Starts ovsdb-server, the OVS configuration database.
	135
	136	* XenServer expects there to be no bridges configured at
	137	startup, but the OVS configuration database likely still has
	138	bridges configured from before reboot. To match XenServer
	139	expectations, the startup script deletes all configured
	140	bridges from the database.
	141
	142	* Starts ovs-vswitchd, the OVS switching daemon.
	143
	144	At this point in the boot process, then, there are no Open vSwitch
	145	bridges, even though all of the Open vSwitch daemons are running.
	146	Later on in boot, /etc/init.d/management-interface (part of XenServer,
	147	not Open vSwitch) creates the bridge for the XAPI management interface
	148	by invoking /opt/xensource/libexec/interface-reconfigure. Normally
	149	this program consults XAPI's database to obtain information about how
	150	to configure the bridge, but XAPI is not running yet[*] so it instead
	151	consults /var/xapi/network.dbcache, which is a cached copy of the most
	152	recent network configuration.
	153
	154	[*] Even if XAPI were running, if this XenServer node is a pool slave
	155	then the query would have to consult the master, which requires
	156	network access, which begs the question of how to configure the
	157	management interface.
	158
	159	XAPI starts later on in the boot process. XAPI can then create other
	160	bridges on demand using /opt/xensource/libexec/interface-reconfigure.
	161	Now that XAPI is running, that program consults XAPI directly instead
	162	of reading the cache.
	163
	164	As part of its own startup, XAPI invokes the Open vSwitch XAPI plugin
	165	script /etc/xapi.d/openvswitch-cfg-update passing the "update"
	166	command. The plugin script does roughly the following:
	167
	168	* Calls /opt/xensource/libexec/interface-reconfigure with the
	169	"rewrite" command, to ensure that the network cache is
	170	up-to-date.
	171
	172	* Queries the Open vSwitch manager setting (named
	173	"vswitch_controller") from the XAPI database for the
	174	XenServer pool.
	175
	176	* If XAPI and OVS are configured for different managers, or if
	177	OVS is configured for a manager but XAPI is not, runs
	178	"ovs-vsctl emer-reset" to bring the Open vSwitch
	179	configuration to a known state. One effect of emer-reset is
	180	to deconfigure any manager from the OVS database.
	181
dfeefc6f	182	* If XAPI is configured for a manager, configures the OVS
be559760 BP	183	manager to match with "ovs-vsctl set-manager".
be559760 BP	184
781d4472 GS	185	Notes
	186	-----
	187
	188	* The Open vSwitch boot sequence only configures an OVS configuration
be559760 BP	189	database manager. There is no way to directly configure an OpenFlow
	190	controller on XenServer and, as a consequence of the step above that
	191	deletes all of the bridges at boot time, controller configuration only
	192	persists until XenServer reboot. The configuration database manager
	193	can, however, configure controllers for bridges. See the BUGS section
0bc1b46a	194	of ovs-testcontroller(8) for more information on this topic.
be559760	195
781d4472 GS	196	* The Open vSwitch startup script automatically adds a firewall rule
	197	to allow GRE traffic. This rule is needed for the XenServer feature
	198	called "Cross-Host Internal Networks" (CHIN) that uses GRE. If a user
271e6bc7	199	configures tunnels other than GRE (ex: Geneve, VXLAN, LISP), they will have
781d4472 GS	200	to either manually add a iptables firewall rule to allow the tunnel traffic
	201	or add it through a startup script (Please refer to the "enable-protocol"
	202	command in the ovs-ctl(8) manpage).
	203
4b11d5e8 BP	204	Reporting Bugs
	205	--------------
	206
37ea6436	207	Please report problems to bugs@openvswitch.org.
9feb1017 TG	208
9feb1017 TG	209	[INSTALL.md]:INSTALL.md