[ovs.git] / utilities / ovs-ctl.in

#! /bin/sh
# Copyright (C) 2009, 2010, 2011 Nicira Networks, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

case $0 in
    */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
    *) dir0=./ ;;
esac
. "$dir0/ovs-lib" || exit 1

for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
    case :$PATH: in
        *:$dir:*) ;;
        *) PATH=$PATH:$dir ;;
    esac
done

## ----- ##
## start ##
## ----- ##

insert_openvswitch_mod_if_required () {
    # If openvswitch_mod is already loaded then we're done.
    test -e /sys/module/openvswitch_mod && return 0

    # Load openvswitch_mod.  If that's successful then we're done.
    action "Inserting openvswitch module" modprobe openvswitch_mod && return 0

    # If the bridge module is loaded, then that might be blocking
    # openvswitch_mod.  Try to unload it, if there are no bridges.
    test -e /sys/module/bridge || return 1
    bridges=`echo /sys/class/net/*/bridge | sed 's,/sys/class/net/,,g;s,/bridge,,g'`
    if test "$bridges" != "*"; then
        log_warning_msg "not removing bridge module because bridges exist ($bridges)"
        return 1
    fi
    action "removing bridge module" rmmod bridge || return 1

    # Try loading openvswitch_mod again.
    action "Inserting openvswitch module" modprobe openvswitch_mod
}

insert_brcompat_mod_if_required () {
    test -e /sys/module/brcompat_mod && return 0
    action "Inserting brcompat module" modprobe brcompat_mod
}

insert_mod_if_required () {
    insert_openvswitch_mod_if_required || return 1
    if test X"$BRCOMPAT" = Xyes; then
        insert_brcompat_mod_if_required || return 1
    fi
}

ovs_vsctl () {
    ovs-vsctl --no-wait --timeout=5 "$@"
}

ovsdb_tool () {
    ovsdb-tool -vANY:console:off "$@"
}

create_db () {
    action "Creating empty database $DB_FILE" ovsdb_tool create "$DB_FILE" "$DB_SCHEMA"
}

upgrade_db () {
    schemaver=`ovsdb_tool schema-version "$DB_SCHEMA"`
    if test ! -e "$DB_FILE"; then
        log_warning_msg "$DB_FILE does not exist"
        install -d -m 755 -o root -g root `dirname $DB_FILE`
        create_db
    elif test X"`ovsdb_tool needs-conversion "$DB_FILE" "$DB_SCHEMA"`" != Xno; then
        # Back up the old version.
        version=`ovsdb_tool db-version "$DB_FILE"`
        cksum=`ovsdb_tool db-cksum "$DB_FILE" | awk '{print $1}'`
        backup=$DB_FILE.backup$version-$cksum
        action "Backing up database to $backup" cp "$DB_FILE" "$backup" || return 1

        # Compact database.  This is important if the old schema did not enable
        # garbage collection (i.e. if it did not have any tables with "isRoot":
        # true) but the new schema does.  In that situation the old database
        # may contain a transaction that creates a record followed by a
        # transaction that creates the first use of the record.  Replaying that
        # series of transactions against the new database schema (as "convert"
        # does) would cause the record to be dropped by the first transaction,
        # then the second transaction would cause a referential integrity
        # failure (for a strong reference).
        #
        # Errors might occur on an Open vSwitch downgrade if ovsdb-tool doesn't
        # understand some feature of the schema used in the OVSDB version that
        # we're downgrading from, so we don't give up on error.
        action "Compacting database" ovsdb_tool compact "$DB_FILE"

        # Upgrade or downgrade schema.
        if action "Converting database schema" ovsdb_tool convert "$DB_FILE" "$DB_SCHEMA"; then
            :
        else
            log_warning_msg "Schema conversion failed, using empty database instead"
            rm -f "$DB_FILE"
            create_db
        fi
    fi
}

set_system_ids () {
    set ovs_vsctl set Open_vSwitch .

    OVS_VERSION=`ovs-vswitchd --version | sed 's/.*) //;1q'`
    set "$@" ovs-version="$OVS_VERSION"

    case $SYSTEM_ID in
        random)
            id_file=$etcdir/system-id.conf
            uuid_file=$etcdir/install_uuid.conf
            if test -e "$id_file"; then
                SYSTEM_ID=`cat "$id_file"`
            elif test -e "$uuid_file"; then
                # Migrate from old file name.
                . "$uuid_file"
                SYSTEM_ID=$INSTALLATION_UUID
                echo "$SYSTEM_ID" > "$id_file"
            elif SYSTEM_ID=`uuidgen`; then
                echo "$SYSTEM_ID" > "$id_file"
            else
                log_failure_msg "missing uuidgen, could not generate system ID"
            fi
            ;;

        '')
            log_failure_msg "system ID not configured, please use --system-id"
            ;;

        *)
            ;;
    esac
    set "$@" external-ids:system-id="\"$SYSTEM_ID\""

    if test X"$SYSTEM_TYPE" != X; then
        set "$@" system-type="\"$SYSTEM_TYPE\""
    else
        log_failure_msg "no default system type, please use --system-type"
    fi

    if test X"$SYSTEM_VERSION" != X; then
        set "$@" system-version="\"$SYSTEM_VERSION\""
    else
        log_failure_msg "no default system version, please use --system-version"
    fi

    action "Configuring Open vSwitch system IDs" "$@" $extra_ids
}

start () {
    if test X"$FORCE_COREFILES" = Xyes; then
        ulimit -Sc 67108864
    fi

    insert_mod_if_required || return 1

    if daemon_is_running ovsdb-server; then
	log_success_msg "ovsdb-server is already running"
    else
	# Create initial database or upgrade database schema.
	upgrade_db || return 1

	# Start ovsdb-server.
	set ovsdb-server "$DB_FILE"
	set "$@" -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO
	set "$@" --remote=punix:"$DB_SOCK"
	set "$@" --remote=db:Open_vSwitch,manager_options
	set "$@" --private-key=db:SSL,private_key
	set "$@" --certificate=db:SSL,certificate
	set "$@" --bootstrap-ca-cert=db:SSL,ca_cert
	start_daemon "$OVSDB_SERVER_PRIORITY" "$@" || return 1

	# Initialize database settings.
	ovs_vsctl -- init -- set Open_vSwitch . db-version="$schemaver" \
	    || return 1
	set_system_ids || return 1
	if test X"$DELETE_BRIDGES" = Xyes; then
            for bridge in `ovs_vsctl list-br`; do
		ovs_vsctl del-br $bridge
            done
	fi
    fi

    if daemon_is_running ovs-vswitchd; then
	log_success_msg "ovs-vswitchd is already running"
    else
	# Increase the limit on the number of open file descriptors since
	# ovs-vswitchd needs a few per bridge
	ulimit -n 4096

	# Start ovs-vswitchd.
	set ovs-vswitchd unix:"$DB_SOCK"
	set "$@" -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO
	if test X"$MLOCKALL" != Xno; then
	    set "$@" --mlockall
	fi
	start_daemon "$OVS_VSWITCHD_PRIORITY" "$@"
    fi

    if daemon_is_running ovs-brcompatd; then
	log_success_msg "ovs-brcompatd is already running"
    elif test X"$BRCOMPAT" = Xyes; then
        set ovs-brcompatd
	set "$@" -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO
	start_daemon "$OVS_BRCOMPATD_PRIORITY" "$@"
    fi
}

## ---- ##
## stop ##
## ---- ##

stop () {
    stop_daemon ovs-brcompatd
    stop_daemon ovs-vswitchd
    stop_daemon ovsdb-server
}

## ----------------- ##
## force-reload-kmod ##
## ----------------- ##

internal_interfaces () {
    # Outputs a list of internal interfaces:
    #
    #   - There is an internal interface for every bridge, whether it
    #     has an Interface record or not and whether the Interface
    #     record's 'type' is properly set or not.
    #
    #   - There is an internal interface for each Interface record whose
    #     'type' is 'internal'.
    #
    # But ignore interfaces that don't really exist.
    for d in `(ovs_vsctl --bare \
                -- --columns=name find Interface type=internal \
		-- list-br) | sort -u`
    do
        if test -e "/sys/class/net/$d"; then
	    printf "%s " "$d"
	fi
    done
}

save_interfaces () {
    "$datadir/scripts/ovs-save" $ifaces > "$script"
}

force_reload_kmod () {
    ifaces=`internal_interfaces`
    action "Detected internal interfaces: $ifaces" true

    stop

    script=`mktemp`
    trap 'rm -f "$script"' 0 1 2 13 15
    if action "Saving interface configuration" save_interfaces; then
        :
    else
        log_warning_msg "Failed to save configuration, not replacing kernel module"
        start
        exit 1
    fi
    chmod +x "$script"

    for dp in `ovs-dpctl dump-dps`; do
        action "Removing datapath: $dp" ovs-dpctl del-dp "$dp"
    done

    if test -e /sys/module/brcompat_mod; then
        action "Removing brcompat module" rmmod brcompat_mod
    fi
    if test -e /sys/module/openvswitch_mod; then
        action "Removing openvswitch module" rmmod openvswitch_mod
    fi

    start

    action "Restoring interface configuration" "$script"
    rc=$?
    if test $rc = 0; then
        level=debug
    else
        level=err
    fi
    log="logger -p daemon.$level -t ovs-save"
    $log "force-reload-kmod interface restore script exited with status $rc:"
    $log -f "$script"
}

## --------------- ##
## enable-protocol ##
## --------------- ##

enable_protocol () {
    # Translate the protocol name to a number, because "iptables -n -L" prints
    # some protocols by name (despite the -n) and therefore we need to look for
    # both forms.
    #
    # (iptables -S output is more uniform but old iptables doesn't have it.)
    protonum=`grep "^$PROTOCOL[ 	]" /etc/protocols | awk '{print $2}'`
    if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
        log_failure_msg "unknown protocol $PROTOCOL"
        return 1
    fi

    name=$PROTOCOL
    match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
    insert="iptables -I INPUT -p $PROTOCOL"
    if test X"$DPORT" != X; then
        name="$name to port $DPORT"
        match="$match && /dpt:$DPORT/"
        insert="$insert --dport $DPORT"
    fi
    if test X"$SPORT" != X; then
        name="$name from port $SPORT"
        match="$match && /spt:$SPORT/"
        insert="$insert --sport $SPORT"
    fi
    insert="$insert -j ACCEPT"

    if (iptables -n -L INPUT) >/dev/null 2>&1; then
        if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
        then
            # There's already a rule for this protocol.  Don't override it.
            log_success_msg "iptables already has a rule for $name, not explicitly enabling"
        else
            action "Enabling $name with iptables" $insert
        fi
    elif (iptables --version) >/dev/null 2>&1; then
        action "cannot list iptables rules, not adding a rule for $name"
    else
        action "iptables binary not installed, not adding a rule for $name"
    fi
}

## ---- ##
## main ##
## ---- ##

set_defaults () {
    SYSTEM_ID=

    DELETE_BRIDGES=no
    BRCOMPAT=no

    DAEMON_CWD=/
    FORCE_COREFILES=yes
    MLOCKALL=yes
    OVSDB_SERVER_PRIORITY=-10
    OVS_VSWITCHD_PRIORITY=-10
    OVS_BRCOMPATD_PRIORITY=-10

    DB_FILE=$etcdir/conf.db
    DB_SOCK=$rundir/db.sock
    DB_SCHEMA=$datadir/vswitch.ovsschema

    PROTOCOL=gre
    DPORT=
    SPORT=

    type_file=$etcdir/system-type.conf
    version_file=$etcdir/system-version.conf

    if test -e "$type_file" ; then
        SYSTEM_TYPE=`cat $type_file`
        SYSTEM_VERSION=`cat $version_file`
    elif (lsb_release --id) >/dev/null 2>&1; then
        SYSTEM_TYPE=`lsb_release --id -s`
        system_release=`lsb_release --release -s`
        system_codename=`lsb_release --codename -s`
        SYSTEM_VERSION="${system_release}-${system_codename}"
    else
        SYSTEM_TYPE=unknown
        SYSTEM_VERSION=unknown
    fi
}

usage () {
    set_defaults
    cat <<EOF
$0: controls Open vSwitch daemons
usage: $0 [OPTIONS] COMMAND

This program is intended to be invoked internally by Open vSwitch startup
scripts.  System administrators should not normally invoke it directly.

Commands:
  start              start Open vSwitch daemons
  stop               stop Open vSwitch daemons
  status             check whether Open vSwitch daemons are running
  version            print versions of Open vSwitch daemons
  load-kmod          insert modules if not already present
  force-reload-kmod  save OVS network device state, stop OVS, unload kernel
                     module, reload kernel module, start OVS, restore state
  enable-protocol    enable protocol specified in options with iptables
  help               display this help message

One of the following options is required for "start" and "force-reload-kmod":
  --system-id=UUID   set specific ID to uniquely identify this system
  --system-id=random  use a random but persistent UUID to identify this system

Other important options for "start" and "force-reload-kmod":
  --system-type=TYPE  set system type (e.g. "XenServer")
  --system-version=VERSION  set system version (e.g. "5.6.100-39265p")
  --external-id="key=value"
                     add given key-value pair to Open_vSwitch external-ids
  --delete-bridges   delete all bridges just before starting ovs-vswitchd

Less important options for "start" and "force-reload-kmod":
  --daemon-cwd=DIR               set working dir for OVS daemons (default: $DAEMON_CWD)
  --no-force-corefiles           do not force on core dumps for OVS daemons
  --no-mlockall                  do not lock all of ovs-vswitchd into memory
  --ovsdb-server-priority=NICE   set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
  --ovs-vswitchd-priority=NICE   set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
  --ovs-brcompatd-priority=NICE  set ovs-brcompatd's niceness (default: $OVS_BRCOMPATD_PRIORITY)

Options for "start", "force-reload-kmod", "load-kmod", "status", and "version":
  --brcompat         enable Linux bridge compatibility module and daemon

File location options:
  --db-file=FILE     database file name (default: $DB_FILE)
  --db-sock=SOCKET   JSON-RPC socket name (default: $DB_SOCK)
  --db-schema=FILE   database schema file name (default: $DB_SCHEMA)

Options for "enable-protocol":
  --protocol=PROTOCOL  protocol to enable with iptables (default: gre)
  --sport=PORT       source port to match (for tcp or udp protocol)
  --dport=PORT       ddestination port to match (for tcp or udp protocol)

Other options:
  -h, --help                  display this help message
  -V, --version               display version information

Default directories with "configure" option and environment variable override:
  logs: @LOGDIR@ (--log-dir, OVS_LOGDIR)
  pidfiles and sockets: @RUNDIR@ (--run-dir, OVS_RUNDIR)
  system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
  data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
  user binaries: @bindir@ (--bindir, OVS_BINDIR)
  system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)

Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
EOF

    exit 0
}

set_option () {
    var=`echo "$option" | tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
    eval set=\${$var+yes}
    eval old_value=\$$var
    if test X$set = X || \
        (test $type = bool && \
        test X"$old_value" != Xno && test X"$old_value" != Xyes); then
        echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
        return
    fi
    eval $var=\$value
}

daemons () {
    echo ovsdb-server ovs-vswitchd
    if test X"$BRCOMPAT" = Xyes; then
        echo ovs-brcompatd
    fi
}

set_defaults
extra_ids=
command=
for arg
do
    case $arg in
        -h | --help)
            usage
            ;;
        -V | --version)
            echo "$0 (Open vSwitch) $VERSION$BUILDNR"
            exit 0
            ;;
        --external-id=*)
            value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
            case $value in
                *=*)
                    extra_ids="$extra_ids external-ids:$value"
                    ;;
                *)
                    echo >&2 "$0: --external-id argument not in the form \"key=value\""
                    exit 1
                    ;;
            esac
            ;;
        --[a-z]*=*)
            option=`expr X"$arg" : 'X--\([^=]*\)'`
            value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
            type=string
            set_option
            ;;
        --no-[a-z]*)
            option=`expr X"$arg" : 'X--no-\(.*\)'`
            value=no
            type=bool
            set_option
            ;;
        --[a-z]*)
            option=`expr X"$arg" : 'X--\(.*\)'`
            value=yes
            type=bool
            set_option
            ;;
        -*)
            echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
            exit 1
            ;;
        *)
            if test X"$command" = X; then
                command=$arg
            else
                echo >&2 "$0: exactly one non-option argument required (use --help for help)"
                exit 1
            fi
            ;;
    esac
done
case $command in
    start)
        start
        ;;
    stop)
        stop
        ;;
    status)
        rc=0
        for daemon in `daemons`; do
            daemon_status $daemon || rc=$?
        done
        exit $rc
        ;;
    version)
        for daemon in `daemons`; do
            $daemon --version
        done
        ;;
    force-reload-kmod)
	force_reload_kmod
        ;;
    load-kmod)
        insert_mod_if_required
        ;;
    enable-protocol)
        enable_protocol
        ;;
    help)
        usage
        ;;
    '')
        echo >&2 "$0: missing command name (use --help for help)"
        exit 1
        ;;
    *)
        echo >&2 "$0: unknown command \"$command\" (use --help for help)"
        exit 1
        ;;
esac
Commit	Line	Data
43bb5f82 BP	1	#! /bin/sh
	2	# Copyright (C) 2009, 2010, 2011 Nicira Networks, Inc.
	3	#
	4	# Licensed under the Apache License, Version 2.0 (the "License");
	5	# you may not use this file except in compliance with the License.
	6	# You may obtain a copy of the License at:
	7	#
	8	# http://www.apache.org/licenses/LICENSE-2.0
	9	#
	10	# Unless required by applicable law or agreed to in writing, software
	11	# distributed under the License is distributed on an "AS IS" BASIS,
	12	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	# See the License for the specific language governing permissions and
	14	# limitations under the License.
	15
	16	case $0 in
	17	/) dir0=`echo "$0" \| sed 's,/[^/]*$,,'` ;;
	18	*) dir0=./ ;;
	19	esac
d422c118	20	. "$dir0/ovs-lib" \|\| exit 1
43bb5f82 BP	21
	22	for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
	23	case :$PATH: in
	24	:$dir:) ;;
	25	*) PATH=$PATH:$dir ;;
	26	esac
	27	done
	28
	29	## ----- ##
	30	## start ##
	31	## ----- ##
	32
9fc47ed7	33	insert_openvswitch_mod_if_required () {
43bb5f82 BP	34	# If openvswitch_mod is already loaded then we're done.
	35	test -e /sys/module/openvswitch_mod && return 0
	36
	37	# Load openvswitch_mod. If that's successful then we're done.
	38	action "Inserting openvswitch module" modprobe openvswitch_mod && return 0
	39
	40	# If the bridge module is loaded, then that might be blocking
	41	# openvswitch_mod. Try to unload it, if there are no bridges.
	42	test -e /sys/module/bridge \|\| return 1
	43	bridges=`echo /sys/class/net/*/bridge \| sed 's,/sys/class/net/,,g;s,/bridge,,g'`
	44	if test "$bridges" != "*"; then
	45	log_warning_msg "not removing bridge module because bridges exist ($bridges)"
	46	return 1
	47	fi
	48	action "removing bridge module" rmmod bridge \|\| return 1
	49
	50	# Try loading openvswitch_mod again.
	51	action "Inserting openvswitch module" modprobe openvswitch_mod
	52	}
	53
9fc47ed7 BP	54	insert_brcompat_mod_if_required () {
	55	test -e /sys/module/brcompat_mod && return 0
	56	action "Inserting brcompat module" modprobe brcompat_mod
	57	}
	58
da3db88f SH	59	insert_mod_if_required () {
	60	insert_openvswitch_mod_if_required \|\| return 1
	61	if test X"$BRCOMPAT" = Xyes; then
	62	insert_brcompat_mod_if_required \|\| return 1
	63	fi
	64	}
	65
43bb5f82 BP	66	ovs_vsctl () {
	67	ovs-vsctl --no-wait --timeout=5 "$@"
	68	}
	69
	70	ovsdb_tool () {
c1a543a8	71	ovsdb-tool -vANY:console:off "$@"
43bb5f82 BP	72	}
43bb5f82 BP	73
046d84c2 BP	74	create_db () {
	75	action "Creating empty database $DB_FILE" ovsdb_tool create "$DB_FILE" "$DB_SCHEMA"
	76	}
	77
43bb5f82 BP	78	upgrade_db () {
	79	schemaver=`ovsdb_tool schema-version "$DB_SCHEMA"`
	80	if test ! -e "$DB_FILE"; then
	81	log_warning_msg "$DB_FILE does not exist"
	82	install -d -m 755 -o root -g root `dirname $DB_FILE`
046d84c2	83	create_db
43bb5f82 BP	84	elif test X"`ovsdb_tool needs-conversion "$DB_FILE" "$DB_SCHEMA"`" != Xno; then
	85	# Back up the old version.
	86	version=`ovsdb_tool db-version "$DB_FILE"`
	87	cksum=`ovsdb_tool db-cksum "$DB_FILE" \| awk '{print $1}'`
65420cc6	88	backup=$DB_FILE.backup$version-$cksum
046d84c2	89	action "Backing up database to $backup" cp "$DB_FILE" "$backup" \|\| return 1
43bb5f82 BP	90
	91	# Compact database. This is important if the old schema did not enable
	92	# garbage collection (i.e. if it did not have any tables with "isRoot":
	93	# true) but the new schema does. In that situation the old database
	94	# may contain a transaction that creates a record followed by a
	95	# transaction that creates the first use of the record. Replaying that
	96	# series of transactions against the new database schema (as "convert"
	97	# does) would cause the record to be dropped by the first transaction,
	98	# then the second transaction would cause a referential integrity
	99	# failure (for a strong reference).
046d84c2 BP	100	#
	101	# Errors might occur on an Open vSwitch downgrade if ovsdb-tool doesn't
	102	# understand some feature of the schema used in the OVSDB version that
	103	# we're downgrading from, so we don't give up on error.
65420cc6	104	action "Compacting database" ovsdb_tool compact "$DB_FILE"
43bb5f82 BP	105
43bb5f82 BP	106	# Upgrade or downgrade schema.
046d84c2 BP	107	if action "Converting database schema" ovsdb_tool convert "$DB_FILE" "$DB_SCHEMA"; then
	108	:
	109	else
	110	log_warning_msg "Schema conversion failed, using empty database instead"
	111	rm -f "$DB_FILE"
	112	create_db
	113	fi
43bb5f82 BP	114	fi
	115	}
	116
	117	set_system_ids () {
	118	set ovs_vsctl set Open_vSwitch .
	119
	120	OVS_VERSION=`ovs-vswitchd --version \| sed 's/.*) //;1q'`
	121	set "$@" ovs-version="$OVS_VERSION"
	122
	123	case $SYSTEM_ID in
	124	random)
	125	id_file=$etcdir/system-id.conf
	126	uuid_file=$etcdir/install_uuid.conf
	127	if test -e "$id_file"; then
	128	SYSTEM_ID=`cat "$id_file"`
	129	elif test -e "$uuid_file"; then
	130	# Migrate from old file name.
	131	. "$uuid_file"
	132	SYSTEM_ID=$INSTALLATION_UUID
	133	echo "$SYSTEM_ID" > "$id_file"
	134	elif SYSTEM_ID=`uuidgen`; then
	135	echo "$SYSTEM_ID" > "$id_file"
	136	else
	137	log_failure_msg "missing uuidgen, could not generate system ID"
	138	fi
	139	;;
	140
	141	'')
	142	log_failure_msg "system ID not configured, please use --system-id"
	143	;;
	144
	145	*)
	146	;;
	147	esac
	148	set "$@" external-ids:system-id="\"$SYSTEM_ID\""
	149
	150	if test X"$SYSTEM_TYPE" != X; then
	151	set "$@" system-type="\"$SYSTEM_TYPE\""
	152	else
	153	log_failure_msg "no default system type, please use --system-type"
	154	fi
	155
	156	if test X"$SYSTEM_VERSION" != X; then
	157	set "$@" system-version="\"$SYSTEM_VERSION\""
	158	else
	159	log_failure_msg "no default system version, please use --system-version"
	160	fi
	161
	162	action "Configuring Open vSwitch system IDs" "$@" $extra_ids
	163	}
	164
	165	start () {
	166	if test X"$FORCE_COREFILES" = Xyes; then
	167	ulimit -Sc 67108864
	168	fi
	169
da3db88f	170	insert_mod_if_required \|\| return 1
43bb5f82 BP	171
	172	if daemon_is_running ovsdb-server; then
	173	log_success_msg "ovsdb-server is already running"
	174	else
	175	# Create initial database or upgrade database schema.
	176	upgrade_db \|\| return 1
	177
	178	# Start ovsdb-server.
	179	set ovsdb-server "$DB_FILE"
	180	set "$@" -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO
	181	set "$@" --remote=punix:"$DB_SOCK"
	182	set "$@" --remote=db:Open_vSwitch,manager_options
	183	set "$@" --private-key=db:SSL,private_key
	184	set "$@" --certificate=db:SSL,certificate
	185	set "$@" --bootstrap-ca-cert=db:SSL,ca_cert
	186	start_daemon "$OVSDB_SERVER_PRIORITY" "$@" \|\| return 1
	187
	188	# Initialize database settings.
	189	ovs_vsctl -- init -- set Open_vSwitch . db-version="$schemaver" \
	190	\|\| return 1
	191	set_system_ids \|\| return 1
	192	if test X"$DELETE_BRIDGES" = Xyes; then
	193	for bridge in `ovs_vsctl list-br`; do
	194	ovs_vsctl del-br $bridge
	195	done
	196	fi
	197	fi
	198
	199	if daemon_is_running ovs-vswitchd; then
	200	log_success_msg "ovs-vswitchd is already running"
	201	else
	202	# Increase the limit on the number of open file descriptors since
	203	# ovs-vswitchd needs a few per bridge
	204	ulimit -n 4096
	205
	206	# Start ovs-vswitchd.
	207	set ovs-vswitchd unix:"$DB_SOCK"
	208	set "$@" -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO
	209	if test X"$MLOCKALL" != Xno; then
	210	set "$@" --mlockall
	211	fi
a835b061	212	start_daemon "$OVS_VSWITCHD_PRIORITY" "$@"
43bb5f82	213	fi
9fc47ed7 BP	214
	215	if daemon_is_running ovs-brcompatd; then
	216	log_success_msg "ovs-brcompatd is already running"
	217	elif test X"$BRCOMPAT" = Xyes; then
	218	set ovs-brcompatd
	219	set "$@" -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO
	220	start_daemon "$OVS_BRCOMPATD_PRIORITY" "$@"
	221	fi
43bb5f82 BP	222	}
	223
	224	## ---- ##
	225	## stop ##
	226	## ---- ##
	227
	228	stop () {
9fc47ed7	229	stop_daemon ovs-brcompatd
43bb5f82 BP	230	stop_daemon ovs-vswitchd
	231	stop_daemon ovsdb-server
	232	}
	233
	234	## ----------------- ##
	235	## force-reload-kmod ##
	236	## ----------------- ##
	237
	238	internal_interfaces () {
	239	# Outputs a list of internal interfaces:
	240	#
	241	# - There is an internal interface for every bridge, whether it
	242	# has an Interface record or not and whether the Interface
	243	# record's 'type' is properly set or not.
	244	#
	245	# - There is an internal interface for each Interface record whose
	246	# 'type' is 'internal'.
	247	#
	248	# But ignore interfaces that don't really exist.
	249	for d in `(ovs_vsctl --bare \
	250	-- --columns=name find Interface type=internal \
	251	-- list-br) \| sort -u`
	252	do
	253	if test -e "/sys/class/net/$d"; then
	254	printf "%s " "$d"
	255	fi
	256	done
	257	}
	258
751d0ddb BP	259	save_interfaces () {
	260	"$datadir/scripts/ovs-save" $ifaces > "$script"
	261	}
	262
43bb5f82 BP	263	force_reload_kmod () {
	264	ifaces=`internal_interfaces`
	265	action "Detected internal interfaces: $ifaces" true
	266
	267	stop
	268
	269	script=`mktemp`
bb9f6963 BP	270	trap 'rm -f "$script"' 0 1 2 13 15
bb9f6963 BP	271	if action "Saving interface configuration" save_interfaces; then
43bb5f82 BP	272	:
	273	else
	274	log_warning_msg "Failed to save configuration, not replacing kernel module"
	275	start
	276	exit 1
	277	fi
	278	chmod +x "$script"
	279
	280	for dp in `ovs-dpctl dump-dps`; do
de061b24	281	action "Removing datapath: $dp" ovs-dpctl del-dp "$dp"
43bb5f82 BP	282	done
43bb5f82 BP	283
9fc47ed7 BP	284	if test -e /sys/module/brcompat_mod; then
	285	action "Removing brcompat module" rmmod brcompat_mod
	286	fi
43bb5f82 BP	287	if test -e /sys/module/openvswitch_mod; then
	288	action "Removing openvswitch module" rmmod openvswitch_mod
	289	fi
	290
	291	start
	292
bb9f6963 BP	293	action "Restoring interface configuration" "$script"
	294	rc=$?
	295	if test $rc = 0; then
	296	level=debug
	297	else
	298	level=err
	299	fi
	300	log="logger -p daemon.$level -t ovs-save"
	301	$log "force-reload-kmod interface restore script exited with status $rc:"
	302	$log -f "$script"
43bb5f82 BP	303	}
43bb5f82 BP	304
b3a375f2 BP	305	## --------------- ##
	306	## enable-protocol ##
	307	## --------------- ##
	308
	309	enable_protocol () {
b053c7c1 BP	310	# Translate the protocol name to a number, because "iptables -n -L" prints
	311	# some protocols by name (despite the -n) and therefore we need to look for
	312	# both forms.
	313	#
	314	# (iptables -S output is more uniform but old iptables doesn't have it.)
	315	protonum=`grep "^$PROTOCOL[ ]" /etc/protocols \| awk '{print $2}'`
	316	if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
	317	log_failure_msg "unknown protocol $PROTOCOL"
	318	return 1
	319	fi
	320
b3a375f2	321	name=$PROTOCOL
b053c7c1 BP	322	match="(\$2 == \"$PROTOCOL\" \|\| \$2 == $protonum)"
b053c7c1 BP	323	insert="iptables -I INPUT -p $PROTOCOL"
b3a375f2	324	if test X"$DPORT" != X; then
b3a375f2	325	name="$name to port $DPORT"
b053c7c1 BP	326	match="$match && /dpt:$DPORT/"
b053c7c1 BP	327	insert="$insert --dport $DPORT"
b3a375f2 BP	328	fi
b3a375f2 BP	329	if test X"$SPORT" != X; then
b3a375f2	330	name="$name from port $SPORT"
b053c7c1 BP	331	match="$match && /spt:$SPORT/"
b053c7c1 BP	332	insert="$insert --sport $SPORT"
b3a375f2	333	fi
b3a375f2 BP	334	insert="$insert -j ACCEPT"
b3a375f2 BP	335
b053c7c1 BP	336	if (iptables -n -L INPUT) >/dev/null 2>&1; then
	337	if iptables -n -L INPUT \| awk "$match { n++ } END { exit n == 0 }"
	338	then
	339	# There's already a rule for this protocol. Don't override it.
	340	log_success_msg "iptables already has a rule for $name, not explicitly enabling"
	341	else
	342	action "Enabling $name with iptables" $insert
	343	fi
b3a375f2	344	elif (iptables --version) >/dev/null 2>&1; then
b3a375f2	345	action "cannot list iptables rules, not adding a rule for $name"
2ae9d860 BP	346	else
2ae9d860 BP	347	action "iptables binary not installed, not adding a rule for $name"
b3a375f2 BP	348	fi
	349	}
	350
43bb5f82 BP	351	## ---- ##
	352	## main ##
	353	## ---- ##
	354
	355	set_defaults () {
	356	SYSTEM_ID=
	357
	358	DELETE_BRIDGES=no
9fc47ed7	359	BRCOMPAT=no
43bb5f82 BP	360
	361	DAEMON_CWD=/
	362	FORCE_COREFILES=yes
	363	MLOCKALL=yes
	364	OVSDB_SERVER_PRIORITY=-10
	365	OVS_VSWITCHD_PRIORITY=-10
9fc47ed7	366	OVS_BRCOMPATD_PRIORITY=-10
43bb5f82 BP	367
	368	DB_FILE=$etcdir/conf.db
	369	DB_SOCK=$rundir/db.sock
	370	DB_SCHEMA=$datadir/vswitch.ovsschema
	371
b3a375f2 BP	372	PROTOCOL=gre
	373	DPORT=
	374	SPORT=
	375
a685eb5a GS	376	type_file=$etcdir/system-type.conf
	377	version_file=$etcdir/system-version.conf
	378
	379	if test -e "$type_file" ; then
	380	SYSTEM_TYPE=`cat $type_file`
	381	SYSTEM_VERSION=`cat $version_file`
	382	elif (lsb_release --id) >/dev/null 2>&1; then
43bb5f82 BP	383	SYSTEM_TYPE=`lsb_release --id -s`
	384	system_release=`lsb_release --release -s`
	385	system_codename=`lsb_release --codename -s`
	386	SYSTEM_VERSION="${system_release}-${system_codename}"
	387	else
	388	SYSTEM_TYPE=unknown
	389	SYSTEM_VERSION=unknown
	390	fi
	391	}
	392
	393	usage () {
	394	set_defaults
	395	cat <<EOF
	396	$0: controls Open vSwitch daemons
	397	usage: $0 [OPTIONS] COMMAND
	398
	399	This program is intended to be invoked internally by Open vSwitch startup
	400	scripts. System administrators should not normally invoke it directly.
	401
	402	Commands:
	403	start start Open vSwitch daemons
	404	stop stop Open vSwitch daemons
	405	status check whether Open vSwitch daemons are running
	406	version print versions of Open vSwitch daemons
da3db88f	407	load-kmod insert modules if not already present
43bb5f82 BP	408	force-reload-kmod save OVS network device state, stop OVS, unload kernel
43bb5f82 BP	409	module, reload kernel module, start OVS, restore state
b3a375f2	410	enable-protocol enable protocol specified in options with iptables
43bb5f82 BP	411	help display this help message
43bb5f82 BP	412
9fc47ed7	413	One of the following options is required for "start" and "force-reload-kmod":
43bb5f82 BP	414	--system-id=UUID set specific ID to uniquely identify this system
	415	--system-id=random use a random but persistent UUID to identify this system
	416
9fc47ed7	417	Other important options for "start" and "force-reload-kmod":
43bb5f82 BP	418	--system-type=TYPE set system type (e.g. "XenServer")
	419	--system-version=VERSION set system version (e.g. "5.6.100-39265p")
	420	--external-id="key=value"
	421	add given key-value pair to Open_vSwitch external-ids
	422	--delete-bridges delete all bridges just before starting ovs-vswitchd
	423
9fc47ed7 BP	424	Less important options for "start" and "force-reload-kmod":
	425	--daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD)
	426	--no-force-corefiles do not force on core dumps for OVS daemons
	427	--no-mlockall do not lock all of ovs-vswitchd into memory
	428	--ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
	429	--ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
	430	--ovs-brcompatd-priority=NICE set ovs-brcompatd's niceness (default: $OVS_BRCOMPATD_PRIORITY)
	431
da3db88f	432	Options for "start", "force-reload-kmod", "load-kmod", "status", and "version":
9fc47ed7	433	--brcompat enable Linux bridge compatibility module and daemon
43bb5f82 BP	434
	435	File location options:
	436	--db-file=FILE database file name (default: $DB_FILE)
	437	--db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
	438	--db-schema=FILE database schema file name (default: $DB_SCHEMA)
	439
9fc47ed7	440	Options for "enable-protocol":
b3a375f2 BP	441	--protocol=PROTOCOL protocol to enable with iptables (default: gre)
	442	--sport=PORT source port to match (for tcp or udp protocol)
	443	--dport=PORT ddestination port to match (for tcp or udp protocol)
	444
43bb5f82 BP	445	Other options:
	446	-h, --help display this help message
	447	-V, --version display version information
	448
	449	Default directories with "configure" option and environment variable override:
	450	logs: @LOGDIR@ (--log-dir, OVS_LOGDIR)
	451	pidfiles and sockets: @RUNDIR@ (--run-dir, OVS_RUNDIR)
	452	system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
	453	data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
	454	user binaries: @bindir@ (--bindir, OVS_BINDIR)
	455	system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)
	456
	457	Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
	458	EOF
	459
	460	exit 0
	461	}
	462
	463	set_option () {
	464	var=`echo "$option" \| tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
	465	eval set=\${$var+yes}
	466	eval old_value=\$$var
	467	if test X$set = X \|\| \
	468	(test $type = bool && \
	469	test X"$old_value" != Xno && test X"$old_value" != Xyes); then
	470	echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
	471	return
	472	fi
	473	eval $var=\$value
	474	}
	475
9fc47ed7 BP	476	daemons () {
	477	echo ovsdb-server ovs-vswitchd
	478	if test X"$BRCOMPAT" = Xyes; then
	479	echo ovs-brcompatd
	480	fi
	481	}
	482
43bb5f82 BP	483	set_defaults
	484	extra_ids=
	485	command=
	486	for arg
	487	do
	488	case $arg in
	489	-h \| --help)
	490	usage
	491	;;
	492	-V \| --version)
	493	echo "$0 (Open vSwitch) $VERSION$BUILDNR"
	494	exit 0
	495	;;
	496	--external-id=*)
	497	value=`expr X"$arg" : 'X[^=]=\(.\)'`
	498	case $value in
	499	=)
	500	extra_ids="$extra_ids external-ids:$value"
	501	;;
	502	*)
	503	echo >&2 "$0: --external-id argument not in the form \"key=value\""
	504	exit 1
	505	;;
	506	esac
	507	;;
	508	--[a-z]=)
	509	option=`expr X"$arg" : 'X--\([^=]*\)'`
	510	value=`expr X"$arg" : 'X[^=]=\(.\)'`
	511	type=string
	512	set_option
	513	;;
	514	--no-[a-z]*)
	515	option=`expr X"$arg" : 'X--no-\(.*\)'`
	516	value=no
	517	type=bool
	518	set_option
	519	;;
	520	--[a-z]*)
	521	option=`expr X"$arg" : 'X--\(.*\)'`
	522	value=yes
	523	type=bool
	524	set_option
	525	;;
	526	-*)
	527	echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
	528	exit 1
	529	;;
	530	*)
	531	if test X"$command" = X; then
	532	command=$arg
	533	else
	534	echo >&2 "$0: exactly one non-option argument required (use --help for help)"
	535	exit 1
	536	fi
	537	;;
	538	esac
	539	done
	540	case $command in
	541	start)
	542	start
	543	;;
	544	stop)
	545	stop
	546	;;
547	status)
9fc47ed7 BP	548	rc=0
	549	for daemon in `daemons`; do
	550	daemon_status $daemon \|\| rc=$?
	551	done
	552	exit $rc
43bb5f82 BP	553	;;
43bb5f82 BP	554	version)
9fc47ed7 BP	555	for daemon in `daemons`; do
	556	$daemon --version
	557	done
43bb5f82 BP	558	;;
	559	force-reload-kmod)
	560	force_reload_kmod
	561	;;
da3db88f SH	562	load-kmod)
	563	insert_mod_if_required
	564	;;
b3a375f2 BP	565	enable-protocol)
	566	enable_protocol
	567	;;
43bb5f82 BP	568	help)
	569	usage
	570	;;
	571	'')
	572	echo >&2 "$0: missing command name (use --help for help)"
	573	exit 1
	574	;;
	575	*)
	576	echo >&2 "$0: unknown command \"$command\" (use --help for help)"
	577	exit 1
	578	;;
	579	esac
	580