[mirror_ovs.git] / utilities / ovs-ctl.in

#! /bin/sh
# Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014, 2016, 2017 Nicira, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

case $0 in
    */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
    *) dir0=./ ;;
esac
. "$dir0/ovs-lib" || exit 1

for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
    case :$PATH: in
        *:$dir:*) ;;
        *) PATH=$PATH:$dir ;;
    esac
done

## ----- ##
## start ##
## ----- ##

insert_mod_if_required () {
    ## This takes care of inserting any required kernel modules
    ovs_kmod_ctl insert
}

set_hostname () {
    # 'hostname -f' needs network connectivity to work.  So we should
    # call this only after ovs-vswitchd is running.
    if test X$FULL_HOSTNAME = Xyes; then
        hn="$(hostname -f)" || hn="$(uname -n)"
    else
        hn="$(uname -n)"
    fi
    ovs_vsctl set Open_vSwitch . external-ids:hostname="$hn"
}

set_system_ids () {
    set ovs_vsctl set Open_vSwitch .

    OVS_VERSION=`ovs-vswitchd --version | awk '/Open vSwitch/{print $NF}'`
    set "$@" ovs-version="$OVS_VERSION"

    case $SYSTEM_ID in
        random)
            id_file=$etcdir/system-id.conf
            uuid_file=$etcdir/install_uuid.conf
            if test -e "$id_file"; then
                SYSTEM_ID=`cat "$id_file"`
            elif test -e "$uuid_file"; then
                # Migrate from old file name.
                . "$uuid_file"
                SYSTEM_ID=$INSTALLATION_UUID
                run_as_ovsuser touch "$id_file"
                echo "$SYSTEM_ID" > "$id_file"
            elif SYSTEM_ID=`uuidgen`; then
                run_as_ovsuser touch "$id_file"
                echo "$SYSTEM_ID" > "$id_file"
            else
                log_failure_msg "missing uuidgen, could not generate system ID"
            fi
            ;;

        '')
            log_failure_msg "system ID not configured, please use --system-id"
            ;;

        *)
            ;;
    esac
    set "$@" external-ids:system-id="\"$SYSTEM_ID\""

    set "$@" external-ids:rundir="\"$rundir\""

    if test X"$SYSTEM_TYPE" != X; then
        set "$@" system-type="\"$SYSTEM_TYPE\""
    else
        log_failure_msg "no default system type, please use --system-type"
    fi

    if test X"$SYSTEM_VERSION" != X; then
        set "$@" system-version="\"$SYSTEM_VERSION\""
    else
        log_failure_msg "no default system version, please use --system-version"
    fi

    action "Configuring Open vSwitch system IDs" "$@" $extra_ids
}

check_force_cores () {
    if test X"$FORCE_COREFILES" = Xyes; then
        ulimit -c 67108864
    fi
}

del_transient_ports () {
    for port in `ovs-vsctl --bare -- --columns=name find port other_config:transient=true`; do
        ovs_vsctl -- del-port "$port"
    done
}

do_start_ovsdb () {
    check_force_cores

    if daemon_is_running ovsdb-server; then
        log_success_msg "ovsdb-server is already running"
    else
        # Create initial database or upgrade database schema.
        upgrade_db $DB_FILE $DB_SCHEMA || return 1

        # Start ovsdb-server.
        set ovsdb-server "$DB_FILE"
        for db in $EXTRA_DBS; do
            case $db in
                /*) ;;
                *) db=$dbdir/$db ;;
            esac

            if test ! -f "$db"; then
                log_warning_msg "$db (from \$EXTRA_DBS) does not exist."
            elif ovsdb-tool db-version "$db" >/dev/null; then
                set "$@" "$db"
            else
                log_warning_msg "$db (from \$EXTRA_DBS) cannot be read as a database (see error message above)"
            fi
        done
        if test X"$SELF_CONFINEMENT" = Xno; then
            set "$@" --no-self-confinement
        fi
        set "$@" -vconsole:emer -vsyslog:err -vfile:info
        set "$@" --remote=punix:"$DB_SOCK"
        set "$@" --private-key=db:Open_vSwitch,SSL,private_key
        set "$@" --certificate=db:Open_vSwitch,SSL,certificate
        set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
        [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
        [ "$OVSDB_SERVER_OPTIONS" != "" ] && set "$@" $OVSDB_SERVER_OPTIONS

        start_daemon "$OVSDB_SERVER_PRIORITY" "$OVSDB_SERVER_WRAPPER" "$@" \
            || return 1

        # Initialize database settings.
        ovs_vsctl -- init -- set Open_vSwitch . db-version="$schemaver" \
            || return 1
        set_system_ids || return 1
        if test X"$DELETE_BRIDGES" = Xyes; then
            for bridge in `ovs_vsctl list-br`; do
                ovs_vsctl del-br $bridge
            done
        fi
        if test X"$DELETE_TRANSIENT_PORTS" = Xyes; then
            del_transient_ports
        fi
    fi
}

start_ovsdb() {
    if test X"$OVSDB_SERVER" = Xyes; then
        do_start_ovsdb || return 1
    fi
    return 0
}

add_managers () {
    # Tell ovsdb-server to connect to the remote managers. If ovs-vswitchd
    # is not finished configuring, it may mean that remote managers will
    # see more churn in the database at startup or restart. (For example,
    # managers may briefly see empty datapath-id or ofport columns for
    # records that exist at startup.).  However, the alternative is a
    # 'bricked' system, so we allow database connectivity regardless.
    if test X"$OVSDB_SERVER" = Xyes || test X"$OVS_VSWITCHD" = Xyes; then
        if daemon_is_running ovsdb-server; then
            action "Enabling remote OVSDB managers" \
                   ovs-appctl -t ovsdb-server ovsdb-server/add-remote \
                   db:Open_vSwitch,Open_vSwitch,manager_options
        fi
    fi
}

do_start_forwarding () {
    check_force_cores

    insert_mod_if_required || return 1

    if daemon_is_running ovs-vswitchd; then
        log_success_msg "ovs-vswitchd is already running"
    else
        # Increase the limit on the number of open file descriptors.
        # On Linux, ovs-vswitchd needs about three file descriptors
        # per bridge and "n-handler-threads" file descriptors per bridge
        # port, so this allows a very large number of bridges and ports.
        MAXFD=65535
        if [ $(ulimit -n) -lt $MAXFD ]; then
            ulimit -n $MAXFD
        fi

        # Start ovs-vswitchd.
        set ovs-vswitchd unix:"$DB_SOCK"
        set "$@" -vconsole:emer -vsyslog:err -vfile:info
        if test X"$MLOCKALL" != Xno; then
            set "$@" --mlockall
        fi
        if test X"$SELF_CONFINEMENT" = Xno; then
            set "$@" --no-self-confinement
        fi
        [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
        [ "$OVS_VSWITCHD_OPTIONS" != "" ] &&set "$@" $OVS_VSWITCHD_OPTIONS

        start_daemon "$OVS_VSWITCHD_PRIORITY" "$OVS_VSWITCHD_WRAPPER" "$@" ||
            return 1
    fi
}

start_forwarding () {
    if test X"$OVS_VSWITCHD" = Xyes; then
        do_start_forwarding || return 1
    fi
    set_hostname &
    return 0
}

start_ovs_ipsec () {
    ${datadir}/scripts/ovs-monitor-ipsec \
        --pidfile=${rundir}/ovs-monitor-ipsec.pid \
        --ike-daemon=$IKE_DAEMON \
        --log-file --detach --monitor unix:${rundir}/db.sock || return 1
    return 0
}

## ---- ##
## stop ##
## ---- ##

stop_ovsdb () {
    if test X"$OVSDB_SERVER" = Xyes; then
        stop_daemon ovsdb-server
    fi
}

stop_forwarding () {
    if test X"$OVS_VSWITCHD" = Xyes; then
        stop_daemon ovs-vswitchd
    fi
}

stop_ovs_ipsec () {
    ${bindir}/ovs-appctl -t ovs-monitor-ipsec exit || return 1
    return 0
}

## --------------- ##
## enable-protocol ##
## --------------- ##

enable_protocol () {
    # Translate the protocol name to a number, because "iptables -n -L" prints
    # some protocols by name (despite the -n) and therefore we need to look for
    # both forms.
    #
    # (iptables -S output is more uniform but old iptables doesn't have it.)
    protonum=`grep "^$PROTOCOL[ 	]" /etc/protocols | awk '{print $2}'`
    if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
        log_failure_msg "unknown protocol $PROTOCOL"
        return 1
    fi

    name=$PROTOCOL
    match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
    insert="iptables -I INPUT -p $PROTOCOL"
    if test X"$DPORT" != X; then
        name="$name to port $DPORT"
        match="$match && /dpt:$DPORT/"
        insert="$insert --dport $DPORT"
    fi
    if test X"$SPORT" != X; then
        name="$name from port $SPORT"
        match="$match && /spt:$SPORT/"
        insert="$insert --sport $SPORT"
    fi
    insert="$insert -j ACCEPT"

    if (iptables -n -L INPUT) >/dev/null 2>&1; then
        if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
        then
            # There's already a rule for this protocol.  Don't override it.
            log_success_msg "iptables already has a rule for $name, not explicitly enabling"
        else
            action "Enabling $name with iptables" $insert
        fi
    elif (iptables --version) >/dev/null 2>&1; then
        action "cannot list iptables rules, not adding a rule for $name"
    else
        action "iptables binary not installed, not adding a rule for $name"
    fi
}

## ---- ##
## main ##
## ---- ##

set_defaults () {
    SYSTEM_ID=

    FULL_HOSTNAME=yes

    DELETE_BRIDGES=no
    DELETE_TRANSIENT_PORTS=no

    DAEMON_CWD=/
    FORCE_COREFILES=yes
    MLOCKALL=yes
    SELF_CONFINEMENT=yes
    MONITOR=yes
    OVS_USER=
    OVSDB_SERVER=yes
    OVS_VSWITCHD=yes
    OVSDB_SERVER_PRIORITY=-10
    OVS_VSWITCHD_PRIORITY=-10
    OVSDB_SERVER_WRAPPER=
    OVS_VSWITCHD_WRAPPER=
    OVSDB_SERVER_OPTIONS=
    OVS_VSWITCHD_OPTIONS=

    DB_FILE=$dbdir/conf.db
    DB_SOCK=$rundir/db.sock
    DB_SCHEMA=$datadir/vswitch.ovsschema
    EXTRA_DBS=

    PROTOCOL=gre
    DPORT=
    SPORT=

    IKE_DAEMON=

    type_file=$etcdir/system-type.conf
    version_file=$etcdir/system-version.conf

    if test -e "$type_file" ; then
        SYSTEM_TYPE=`cat $type_file`
        SYSTEM_VERSION=`cat $version_file`
    elif test -e "@sysconfdir@/os-release"; then
        SYSTEM_TYPE=`. '@sysconfdir@/os-release' && echo "$ID"`
        SYSTEM_VERSION=`. '@sysconfdir@/os-release' && echo "$VERSION_ID"`
    elif (lsb_release --id) >/dev/null 2>&1; then
        SYSTEM_TYPE=`lsb_release --id -s`
        system_release=`lsb_release --release -s`
        system_codename=`lsb_release --codename -s`
        SYSTEM_VERSION="${system_release}-${system_codename}"
    else
        SYSTEM_TYPE=unknown
        SYSTEM_VERSION=unknown
    fi
}

usage () {
    set_defaults
    cat <<EOF
$0: controls Open vSwitch daemons
usage: $0 [OPTIONS] COMMAND

This program is intended to be invoked internally by Open vSwitch startup
scripts.  System administrators should not normally invoke it directly.

Commands:
  start                   start Open vSwitch daemons
  stop                    stop Open vSwitch daemons
  restart                 stop and start Open vSwitch daemons
  status                  check whether Open vSwitch daemons are running
  version                 print versions of Open vSwitch daemons
  load-kmod               insert modules if not already present
  force-reload-kmod       save OVS network device state, stop OVS, unload kernel
                          module, reload kernel module, start OVS, restore state
  enable-protocol         enable protocol specified in options with iptables
  delete-transient-ports  delete transient (other_config:transient=true) ports
  start-ovs-ipsec         start Open vSwitch ipsec daemon
  stop-ovs-ipsec          stop Open vSwitch ipsec daemon
  help                    display this help message

One of the following options is required for "start", "restart" and "force-reload-kmod":
  --system-id=UUID   set specific ID to uniquely identify this system
  --system-id=random  use a random but persistent UUID to identify this system

Other important options for "start", "restart" and "force-reload-kmod":
  --system-type=TYPE  set system type (e.g. "XenServer")
  --system-version=VERSION  set system version (e.g. "5.6.100-39265p")
  --external-id="key=value"
                     add given key-value pair to Open_vSwitch external-ids
  --delete-bridges   delete all bridges just before starting ovs-vswitchd
  --ovs-user="user[:group]"  pass the --user flag to ovs daemons

Less important options for "start", "restart" and "force-reload-kmod":
  --daemon-cwd=DIR               set working dir for OVS daemons (default: $DAEMON_CWD)
  --no-force-corefiles           do not force on core dumps for OVS daemons
  --no-mlockall                  do not lock all of ovs-vswitchd into memory
  --ovsdb-server-priority=NICE   set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
  --ovs-vswitchd-priority=NICE   set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
  --no-full-hostname             set short hostname instead of full hostname

Debugging options for "start", "restart" and "force-reload-kmod":
  --ovsdb-server-wrapper=WRAPPER
  --ovs-vswitchd-wrapper=WRAPPER
     run specified daemon under WRAPPER (either 'valgrind' or 'strace')

File location options:
  --db-file=FILE     database file name (default: $DB_FILE)
  --db-sock=SOCKET   JSON-RPC socket name (default: $DB_SOCK)
  --db-schema=FILE   database schema file name (default: $DB_SCHEMA)

Options for "enable-protocol":
  --protocol=PROTOCOL  protocol to enable with iptables (default: gre)
  --sport=PORT       source port to match (for tcp or udp protocol)
  --dport=PORT       ddestination port to match (for tcp or udp protocol)

Option for "start-ovs-ipsec":
  --ike-daemon=IKE_DAEMON
      the IKE daemon for ipsec tunnels (either libreswan or strongswan)

Other options:
  -h, --help                  display this help message
  -V, --version               display version information

Default directories with "configure" option and environment variable override:
  logs: @LOGDIR@ (--with-logdir, OVS_LOGDIR)
  pidfiles and sockets: @RUNDIR@ (--with-rundir, OVS_RUNDIR)
  conf.db: @DBDIR@ (--with-dbdir, OVS_DBDIR)
  system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
  data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
  user binaries: @bindir@ (--bindir, OVS_BINDIR)
  system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)

Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
EOF

    exit 0
}

set_option () {
    var=`echo "$option" | tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
    eval set=\${$var+yes}
    eval old_value=\$$var
    if test X$set = X || \
        (test $type = bool && \
        test X"$old_value" != Xno && test X"$old_value" != Xyes); then
        echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
        return
    fi
    eval $var=\$value
}

daemons () {
    echo ovsdb-server ovs-vswitchd
}

set_defaults
extra_ids=
command=
for arg
do
    case $arg in
        -h | --help)
            usage
            ;;
        -V | --version)
            echo "$0 (Open vSwitch) $VERSION"
            exit 0
            ;;
        --external-id=*)
            value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
            case $value in
                *=*)
                    extra_ids="$extra_ids external-ids:$value"
                    ;;
                *)
                    echo >&2 "$0: --external-id argument not in the form \"key=value\""
                    exit 1
                    ;;
            esac
            ;;
        --[a-z]*=*)
            option=`expr X"$arg" : 'X--\([^=]*\)'`
            value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
            type=string
            set_option
            ;;
        --no-[a-z]*)
            option=`expr X"$arg" : 'X--no-\(.*\)'`
            value=no
            type=bool
            set_option
            ;;
        --[a-z]*)
            option=`expr X"$arg" : 'X--\(.*\)'`
            value=yes
            type=bool
            set_option
            ;;
        -*)
            echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
            exit 1
            ;;
        *)
            if test X"$command" = X; then
                command=$arg
            else
                echo >&2 "$0: exactly one non-option argument required (use --help for help)"
                exit 1
            fi
            ;;
    esac
done
case $command in
    start)
        start_ovsdb || exit 1
        start_forwarding || exit 1
        add_managers
        ;;
    stop)
        stop_forwarding
        stop_ovsdb
        ;;
    restart)
        restart
        ;;
    status)
        rc=0
        for daemon in `daemons`; do
            daemon_status $daemon || rc=$?
        done
        exit $rc
        ;;
    version)
        for daemon in `daemons`; do
            $daemon --version
        done
        ;;
    force-reload-kmod)
            force_reload_kmod
        ;;
    load-kmod)
        insert_mod_if_required
        ;;
    enable-protocol)
        enable_protocol
        ;;
    delete-transient-ports)
        del_transient_ports
        ;;
    start-ovs-ipsec)
        start_ovs_ipsec
        ;;
    stop-ovs-ipsec)
        stop_ovs_ipsec
        ;;
    help)
        usage
        ;;
    '')
        echo >&2 "$0: missing command name (use --help for help)"
        exit 1
        ;;
    *)
        echo >&2 "$0: unknown command \"$command\" (use --help for help)"
        exit 1
        ;;
esac
Commit	Line	Data
43bb5f82	1	#! /bin/sh
34d4f74d	2	# Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014, 2016, 2017 Nicira, Inc.
43bb5f82 BP	3	#
	4	# Licensed under the Apache License, Version 2.0 (the "License");
	5	# you may not use this file except in compliance with the License.
	6	# You may obtain a copy of the License at:
	7	#
	8	# http://www.apache.org/licenses/LICENSE-2.0
	9	#
	10	# Unless required by applicable law or agreed to in writing, software
	11	# distributed under the License is distributed on an "AS IS" BASIS,
	12	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	# See the License for the specific language governing permissions and
	14	# limitations under the License.
	15
	16	case $0 in
	17	/) dir0=`echo "$0" \| sed 's,/[^/]*$,,'` ;;
	18	*) dir0=./ ;;
	19	esac
d422c118	20	. "$dir0/ovs-lib" \|\| exit 1
43bb5f82 BP	21
	22	for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
	23	case :$PATH: in
	24	:$dir:) ;;
	25	*) PATH=$PATH:$dir ;;
	26	esac
	27	done
	28
	29	## ----- ##
	30	## start ##
	31	## ----- ##
	32
0a69a5e4	33	insert_mod_if_required () {
15117123 AC	34	## This takes care of inserting any required kernel modules
15117123 AC	35	ovs_kmod_ctl insert
43bb5f82 BP	36	}
43bb5f82 BP	37
6ff72646 GS	38	set_hostname () {
	39	# 'hostname -f' needs network connectivity to work. So we should
	40	# call this only after ovs-vswitchd is running.
dd091e16 YZ	41	if test X$FULL_HOSTNAME = Xyes; then
	42	hn="$(hostname -f)" \|\| hn="$(uname -n)"
	43	else
	44	hn="$(uname -n)"
298115b9 HZ	45	fi
298115b9 HZ	46	ovs_vsctl set Open_vSwitch . external-ids:hostname="$hn"
6ff72646 GS	47	}
6ff72646 GS	48
43bb5f82 BP	49	set_system_ids () {
	50	set ovs_vsctl set Open_vSwitch .
	51
40c23a57	52	OVS_VERSION=`ovs-vswitchd --version \| awk '/Open vSwitch/{print $NF}'`
43bb5f82 BP	53	set "$@" ovs-version="$OVS_VERSION"
	54
	55	case $SYSTEM_ID in
	56	random)
	57	id_file=$etcdir/system-id.conf
	58	uuid_file=$etcdir/install_uuid.conf
	59	if test -e "$id_file"; then
	60	SYSTEM_ID=`cat "$id_file"`
	61	elif test -e "$uuid_file"; then
	62	# Migrate from old file name.
	63	. "$uuid_file"
	64	SYSTEM_ID=$INSTALLATION_UUID
741fd33e	65	run_as_ovsuser touch "$id_file"
43bb5f82 BP	66	echo "$SYSTEM_ID" > "$id_file"
43bb5f82 BP	67	elif SYSTEM_ID=`uuidgen`; then
741fd33e	68	run_as_ovsuser touch "$id_file"
43bb5f82 BP	69	echo "$SYSTEM_ID" > "$id_file"
	70	else
	71	log_failure_msg "missing uuidgen, could not generate system ID"
	72	fi
	73	;;
	74
	75	'')
	76	log_failure_msg "system ID not configured, please use --system-id"
	77	;;
	78
	79	*)
	80	;;
	81	esac
	82	set "$@" external-ids:system-id="\"$SYSTEM_ID\""
	83
34d4f74d RW	84	set "$@" external-ids:rundir="\"$rundir\""
34d4f74d RW	85
43bb5f82 BP	86	if test X"$SYSTEM_TYPE" != X; then
	87	set "$@" system-type="\"$SYSTEM_TYPE\""
	88	else
	89	log_failure_msg "no default system type, please use --system-type"
	90	fi
	91
	92	if test X"$SYSTEM_VERSION" != X; then
	93	set "$@" system-version="\"$SYSTEM_VERSION\""
	94	else
	95	log_failure_msg "no default system version, please use --system-version"
	96	fi
	97
	98	action "Configuring Open vSwitch system IDs" "$@" $extra_ids
	99	}
	100
522839ab	101	check_force_cores () {
43bb5f82	102	if test X"$FORCE_COREFILES" = Xyes; then
a5d873f4	103	ulimit -c 67108864
43bb5f82	104	fi
522839ab	105	}
43bb5f82	106
54b21db7 TLSC	107	del_transient_ports () {
	108	for port in `ovs-vsctl --bare -- --columns=name find port other_config:transient=true`; do
	109	ovs_vsctl -- del-port "$port"
	110	done
	111	}
	112
7fc28c50	113	do_start_ovsdb () {
522839ab	114	check_force_cores
43bb5f82 BP	115
43bb5f82 BP	116	if daemon_is_running ovsdb-server; then
c707d418	117	log_success_msg "ovsdb-server is already running"
43bb5f82	118	else
c707d418	119	# Create initial database or upgrade database schema.
2db1b5d8	120	upgrade_db $DB_FILE $DB_SCHEMA \|\| return 1
c707d418 JP	121
	122	# Start ovsdb-server.
	123	set ovsdb-server "$DB_FILE"
b4e8d170 BP	124	for db in $EXTRA_DBS; do
	125	case $db in
	126	/*) ;;
	127	*) db=$dbdir/$db ;;
	128	esac
	129
	130	if test ! -f "$db"; then
	131	log_warning_msg "$db (from \$EXTRA_DBS) does not exist."
	132	elif ovsdb-tool db-version "$db" >/dev/null; then
	133	set "$@" "$db"
	134	else
	135	log_warning_msg "$db (from \$EXTRA_DBS) cannot be read as a database (see error message above)"
	136	fi
	137	done
81d2f75c AA	138	if test X"$SELF_CONFINEMENT" = Xno; then
	139	set "$@" --no-self-confinement
	140	fi
c707d418 JP	141	set "$@" -vconsole:emer -vsyslog:err -vfile:info
c707d418 JP	142	set "$@" --remote=punix:"$DB_SOCK"
4206b80f HM	143	set "$@" --private-key=db:Open_vSwitch,SSL,private_key
	144	set "$@" --certificate=db:Open_vSwitch,SSL,certificate
	145	set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
9ab5390d	146	[ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
fce20b8b	147	[ "$OVSDB_SERVER_OPTIONS" != "" ] && set "$@" $OVSDB_SERVER_OPTIONS
9ab5390d	148
c707d418	149	start_daemon "$OVSDB_SERVER_PRIORITY" "$OVSDB_SERVER_WRAPPER" "$@" \
d0c06099	150	\|\| return 1
43bb5f82	151
c707d418 JP	152	# Initialize database settings.
	153	ovs_vsctl -- init -- set Open_vSwitch . db-version="$schemaver" \
	154	\|\| return 1
	155	set_system_ids \|\| return 1
	156	if test X"$DELETE_BRIDGES" = Xyes; then
43bb5f82	157	for bridge in `ovs_vsctl list-br`; do
c6f4d298	158	ovs_vsctl del-br $bridge
43bb5f82	159	done
c707d418	160	fi
54b21db7 TLSC	161	if test X"$DELETE_TRANSIENT_PORTS" = Xyes; then
	162	del_transient_ports
	163	fi
43bb5f82	164	fi
522839ab JP	165	}
522839ab JP	166
7fc28c50 AC	167	start_ovsdb() {
7fc28c50 AC	168	if test X"$OVSDB_SERVER" = Xyes; then
452a1f59	169	do_start_ovsdb \|\| return 1
7fc28c50	170	fi
452a1f59	171	return 0
7fc28c50 AC	172	}
7fc28c50 AC	173
1259a0c4	174	add_managers () {
70738f0b DB	175	# Tell ovsdb-server to connect to the remote managers. If ovs-vswitchd
	176	# is not finished configuring, it may mean that remote managers will
	177	# see more churn in the database at startup or restart. (For example,
	178	# managers may briefly see empty datapath-id or ofport columns for
	179	# records that exist at startup.). However, the alternative is a
	180	# 'bricked' system, so we allow database connectivity regardless.
0cfd47f9	181	if test X"$OVSDB_SERVER" = Xyes \|\| test X"$OVS_VSWITCHD" = Xyes; then
70738f0b	182	if daemon_is_running ovsdb-server; then
0cfd47f9 AC	183	action "Enabling remote OVSDB managers" \
	184	ovs-appctl -t ovsdb-server ovsdb-server/add-remote \
	185	db:Open_vSwitch,Open_vSwitch,manager_options
	186	fi
	187	fi
1259a0c4 GS	188	}
1259a0c4 GS	189
7fc28c50	190	do_start_forwarding () {
522839ab JP	191	check_force_cores
	192
	193	insert_mod_if_required \|\| return 1
43bb5f82 BP	194
43bb5f82 BP	195	if daemon_is_running ovs-vswitchd; then
c707d418	196	log_success_msg "ovs-vswitchd is already running"
43bb5f82	197	else
c707d418	198	# Increase the limit on the number of open file descriptors.
991d922c	199	# On Linux, ovs-vswitchd needs about three file descriptors
7a6cf343 AW	200	# per bridge and "n-handler-threads" file descriptors per bridge
	201	# port, so this allows a very large number of bridges and ports.
	202	MAXFD=65535
bfe4277e TG	203	if [ $(ulimit -n) -lt $MAXFD ]; then
	204	ulimit -n $MAXFD
	205	fi
c707d418	206
81d2f75c AA	207	# Start ovs-vswitchd.
	208	set ovs-vswitchd unix:"$DB_SOCK"
	209	set "$@" -vconsole:emer -vsyslog:err -vfile:info
	210	if test X"$MLOCKALL" != Xno; then
	211	set "$@" --mlockall
	212	fi
	213	if test X"$SELF_CONFINEMENT" = Xno; then
	214	set "$@" --no-self-confinement
	215	fi
9ab5390d	216	[ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
fce20b8b	217	[ "$OVS_VSWITCHD_OPTIONS" != "" ] &&set "$@" $OVS_VSWITCHD_OPTIONS
9ab5390d	218
452a1f59 MC	219	start_daemon "$OVS_VSWITCHD_PRIORITY" "$OVS_VSWITCHD_WRAPPER" "$@" \|\|
452a1f59 MC	220	return 1
43bb5f82 BP	221	fi
	222	}
	223
7fc28c50 AC	224	start_forwarding () {
7fc28c50 AC	225	if test X"$OVS_VSWITCHD" = Xyes; then
452a1f59	226	do_start_forwarding \|\| return 1
7fc28c50	227	fi
6ff72646	228	set_hostname &
452a1f59	229	return 0
7fc28c50 AC	230	}
7fc28c50 AC	231
bdddc715 QX	232	start_ovs_ipsec () {
	233	${datadir}/scripts/ovs-monitor-ipsec \
	234	--pidfile=${rundir}/ovs-monitor-ipsec.pid \
	235	--ike-daemon=$IKE_DAEMON \
	236	--log-file --detach --monitor unix:${rundir}/db.sock \|\| return 1
	237	return 0
	238	}
	239
43bb5f82 BP	240	## ---- ##
	241	## stop ##
	242	## ---- ##
	243
522839ab	244	stop_ovsdb () {
7fc28c50 AC	245	if test X"$OVSDB_SERVER" = Xyes; then
	246	stop_daemon ovsdb-server
	247	fi
522839ab JP	248	}
	249
	250	stop_forwarding () {
7fc28c50 AC	251	if test X"$OVS_VSWITCHD" = Xyes; then
	252	stop_daemon ovs-vswitchd
	253	fi
43bb5f82 BP	254	}
43bb5f82 BP	255
bdddc715 QX	256	stop_ovs_ipsec () {
	257	${bindir}/ovs-appctl -t ovs-monitor-ipsec exit \|\| return 1
	258	return 0
	259	}
	260
b3a375f2 BP	261	## --------------- ##
	262	## enable-protocol ##
	263	## --------------- ##
	264
	265	enable_protocol () {
b053c7c1 BP	266	# Translate the protocol name to a number, because "iptables -n -L" prints
	267	# some protocols by name (despite the -n) and therefore we need to look for
	268	# both forms.
	269	#
	270	# (iptables -S output is more uniform but old iptables doesn't have it.)
	271	protonum=`grep "^$PROTOCOL[ ]" /etc/protocols \| awk '{print $2}'`
	272	if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
	273	log_failure_msg "unknown protocol $PROTOCOL"
	274	return 1
	275	fi
	276
b3a375f2	277	name=$PROTOCOL
b053c7c1 BP	278	match="(\$2 == \"$PROTOCOL\" \|\| \$2 == $protonum)"
b053c7c1 BP	279	insert="iptables -I INPUT -p $PROTOCOL"
b3a375f2	280	if test X"$DPORT" != X; then
b3a375f2	281	name="$name to port $DPORT"
b053c7c1 BP	282	match="$match && /dpt:$DPORT/"
b053c7c1 BP	283	insert="$insert --dport $DPORT"
b3a375f2 BP	284	fi
b3a375f2 BP	285	if test X"$SPORT" != X; then
b3a375f2	286	name="$name from port $SPORT"
b053c7c1 BP	287	match="$match && /spt:$SPORT/"
b053c7c1 BP	288	insert="$insert --sport $SPORT"
b3a375f2	289	fi
b3a375f2 BP	290	insert="$insert -j ACCEPT"
b3a375f2 BP	291
b053c7c1 BP	292	if (iptables -n -L INPUT) >/dev/null 2>&1; then
	293	if iptables -n -L INPUT \| awk "$match { n++ } END { exit n == 0 }"
	294	then
	295	# There's already a rule for this protocol. Don't override it.
	296	log_success_msg "iptables already has a rule for $name, not explicitly enabling"
	297	else
	298	action "Enabling $name with iptables" $insert
	299	fi
b3a375f2	300	elif (iptables --version) >/dev/null 2>&1; then
b3a375f2	301	action "cannot list iptables rules, not adding a rule for $name"
2ae9d860 BP	302	else
2ae9d860 BP	303	action "iptables binary not installed, not adding a rule for $name"
b3a375f2 BP	304	fi
	305	}
	306
43bb5f82 BP	307	## ---- ##
	308	## main ##
	309	## ---- ##
	310
	311	set_defaults () {
	312	SYSTEM_ID=
	313
298115b9 HZ	314	FULL_HOSTNAME=yes
298115b9 HZ	315
43bb5f82	316	DELETE_BRIDGES=no
54b21db7	317	DELETE_TRANSIENT_PORTS=no
43bb5f82 BP	318
	319	DAEMON_CWD=/
	320	FORCE_COREFILES=yes
	321	MLOCKALL=yes
81d2f75c	322	SELF_CONFINEMENT=yes
48458307	323	MONITOR=yes
9ab5390d	324	OVS_USER=
7fc28c50 AC	325	OVSDB_SERVER=yes
7fc28c50 AC	326	OVS_VSWITCHD=yes
43bb5f82 BP	327	OVSDB_SERVER_PRIORITY=-10
43bb5f82 BP	328	OVS_VSWITCHD_PRIORITY=-10
d0c06099 BP	329	OVSDB_SERVER_WRAPPER=
d0c06099 BP	330	OVS_VSWITCHD_WRAPPER=
fce20b8b TR	331	OVSDB_SERVER_OPTIONS=
fce20b8b TR	332	OVS_VSWITCHD_OPTIONS=
43bb5f82	333
f973f2af	334	DB_FILE=$dbdir/conf.db
43bb5f82 BP	335	DB_SOCK=$rundir/db.sock
43bb5f82 BP	336	DB_SCHEMA=$datadir/vswitch.ovsschema
b4e8d170	337	EXTRA_DBS=
43bb5f82	338
b3a375f2 BP	339	PROTOCOL=gre
	340	DPORT=
	341	SPORT=
	342
bdddc715 QX	343	IKE_DAEMON=
bdddc715 QX	344
a685eb5a GS	345	type_file=$etcdir/system-type.conf
	346	version_file=$etcdir/system-version.conf
	347
	348	if test -e "$type_file" ; then
	349	SYSTEM_TYPE=`cat $type_file`
	350	SYSTEM_VERSION=`cat $version_file`
c60d6b09	351	elif test -e "@sysconfdir@/os-release"; then
2c96044f BP	352	SYSTEM_TYPE=`. '@sysconfdir@/os-release' && echo "$ID"`
2c96044f BP	353	SYSTEM_VERSION=`. '@sysconfdir@/os-release' && echo "$VERSION_ID"`
a685eb5a	354	elif (lsb_release --id) >/dev/null 2>&1; then
43bb5f82 BP	355	SYSTEM_TYPE=`lsb_release --id -s`
	356	system_release=`lsb_release --release -s`
	357	system_codename=`lsb_release --codename -s`
	358	SYSTEM_VERSION="${system_release}-${system_codename}"
	359	else
	360	SYSTEM_TYPE=unknown
	361	SYSTEM_VERSION=unknown
	362	fi
	363	}
	364
	365	usage () {
	366	set_defaults
	367	cat <<EOF
	368	$0: controls Open vSwitch daemons
	369	usage: $0 [OPTIONS] COMMAND
	370
	371	This program is intended to be invoked internally by Open vSwitch startup
	372	scripts. System administrators should not normally invoke it directly.
	373
	374	Commands:
61c7478a TR	375	start start Open vSwitch daemons
	376	stop stop Open vSwitch daemons
	377	restart stop and start Open vSwitch daemons
	378	status check whether Open vSwitch daemons are running
	379	version print versions of Open vSwitch daemons
	380	load-kmod insert modules if not already present
	381	force-reload-kmod save OVS network device state, stop OVS, unload kernel
	382	module, reload kernel module, start OVS, restore state
	383	enable-protocol enable protocol specified in options with iptables
	384	delete-transient-ports delete transient (other_config:transient=true) ports
bdddc715 QX	385	start-ovs-ipsec start Open vSwitch ipsec daemon
bdddc715 QX	386	stop-ovs-ipsec stop Open vSwitch ipsec daemon
61c7478a	387	help display this help message
43bb5f82	388
a4175433	389	One of the following options is required for "start", "restart" and "force-reload-kmod":
43bb5f82 BP	390	--system-id=UUID set specific ID to uniquely identify this system
	391	--system-id=random use a random but persistent UUID to identify this system
	392
a4175433	393	Other important options for "start", "restart" and "force-reload-kmod":
43bb5f82 BP	394	--system-type=TYPE set system type (e.g. "XenServer")
	395	--system-version=VERSION set system version (e.g. "5.6.100-39265p")
	396	--external-id="key=value"
	397	add given key-value pair to Open_vSwitch external-ids
	398	--delete-bridges delete all bridges just before starting ovs-vswitchd
9ab5390d	399	--ovs-user="user[:group]" pass the --user flag to ovs daemons
43bb5f82	400
a4175433	401	Less important options for "start", "restart" and "force-reload-kmod":
9fc47ed7 BP	402	--daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD)
	403	--no-force-corefiles do not force on core dumps for OVS daemons
	404	--no-mlockall do not lock all of ovs-vswitchd into memory
	405	--ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
	406	--ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
298115b9	407	--no-full-hostname set short hostname instead of full hostname
9fc47ed7	408
a4175433	409	Debugging options for "start", "restart" and "force-reload-kmod":
d0c06099	410	--ovsdb-server-wrapper=WRAPPER
d0c06099 BP	411	--ovs-vswitchd-wrapper=WRAPPER
	412	run specified daemon under WRAPPER (either 'valgrind' or 'strace')
	413
43bb5f82 BP	414	File location options:
	415	--db-file=FILE database file name (default: $DB_FILE)
	416	--db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
	417	--db-schema=FILE database schema file name (default: $DB_SCHEMA)
	418
9fc47ed7	419	Options for "enable-protocol":
b3a375f2 BP	420	--protocol=PROTOCOL protocol to enable with iptables (default: gre)
	421	--sport=PORT source port to match (for tcp or udp protocol)
	422	--dport=PORT ddestination port to match (for tcp or udp protocol)
	423
bdddc715 QX	424	Option for "start-ovs-ipsec":
	425	--ike-daemon=IKE_DAEMON
	426	the IKE daemon for ipsec tunnels (either libreswan or strongswan)
	427
43bb5f82 BP	428	Other options:
	429	-h, --help display this help message
	430	-V, --version display version information
	431
	432	Default directories with "configure" option and environment variable override:
f973f2af BP	433	logs: @LOGDIR@ (--with-logdir, OVS_LOGDIR)
	434	pidfiles and sockets: @RUNDIR@ (--with-rundir, OVS_RUNDIR)
	435	conf.db: @DBDIR@ (--with-dbdir, OVS_DBDIR)
43bb5f82 BP	436	system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
	437	data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
	438	user binaries: @bindir@ (--bindir, OVS_BINDIR)
	439	system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)
	440
	441	Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
	442	EOF
	443
	444	exit 0
	445	}
	446
	447	set_option () {
	448	var=`echo "$option" \| tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
	449	eval set=\${$var+yes}
	450	eval old_value=\$$var
	451	if test X$set = X \|\| \
	452	(test $type = bool && \
	453	test X"$old_value" != Xno && test X"$old_value" != Xyes); then
	454	echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
	455	return
	456	fi
	457	eval $var=\$value
	458	}
	459
9fc47ed7 BP	460	daemons () {
9fc47ed7 BP	461	echo ovsdb-server ovs-vswitchd
9fc47ed7 BP	462	}
9fc47ed7 BP	463
43bb5f82 BP	464	set_defaults
	465	extra_ids=
	466	command=
	467	for arg
	468	do
	469	case $arg in
	470	-h \| --help)
	471	usage
	472	;;
	473	-V \| --version)
8a07709c	474	echo "$0 (Open vSwitch) $VERSION"
43bb5f82 BP	475	exit 0
	476	;;
	477	--external-id=*)
	478	value=`expr X"$arg" : 'X[^=]=\(.\)'`
	479	case $value in
	480	=)
	481	extra_ids="$extra_ids external-ids:$value"
	482	;;
	483	*)
	484	echo >&2 "$0: --external-id argument not in the form \"key=value\""
	485	exit 1
	486	;;
	487	esac
	488	;;
	489	--[a-z]=)
	490	option=`expr X"$arg" : 'X--\([^=]*\)'`
	491	value=`expr X"$arg" : 'X[^=]=\(.\)'`
	492	type=string
	493	set_option
	494	;;
	495	--no-[a-z]*)
	496	option=`expr X"$arg" : 'X--no-\(.*\)'`
	497	value=no
	498	type=bool
	499	set_option
	500	;;
	501	--[a-z]*)
	502	option=`expr X"$arg" : 'X--\(.*\)'`
	503	value=yes
	504	type=bool
	505	set_option
	506	;;
	507	-*)
	508	echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
	509	exit 1
	510	;;
	511	*)
	512	if test X"$command" = X; then
	513	command=$arg
	514	else
	515	echo >&2 "$0: exactly one non-option argument required (use --help for help)"
	516	exit 1
	517	fi
	518	;;
	519	esac
	520	done
	521	case $command in
	522	start)
9fc789b9	523	start_ovsdb \|\| exit 1
452a1f59	524	start_forwarding \|\| exit 1
1259a0c4	525	add_managers
43bb5f82 BP	526	;;
43bb5f82 BP	527	stop)
522839ab JP	528	stop_forwarding
522839ab JP	529	stop_ovsdb
43bb5f82	530	;;
a4175433 GS	531	restart)
	532	restart
	533	;;
43bb5f82	534	status)
9fc47ed7 BP	535	rc=0
	536	for daemon in `daemons`; do
	537	daemon_status $daemon \|\| rc=$?
	538	done
	539	exit $rc
43bb5f82 BP	540	;;
43bb5f82 BP	541	version)
9fc47ed7 BP	542	for daemon in `daemons`; do
	543	$daemon --version
	544	done
43bb5f82 BP	545	;;
43bb5f82 BP	546	force-reload-kmod)
5a0e4aec	547	force_reload_kmod
43bb5f82	548	;;
da3db88f SH	549	load-kmod)
	550	insert_mod_if_required
	551	;;
b3a375f2 BP	552	enable-protocol)
	553	enable_protocol
	554	;;
61c7478a TR	555	delete-transient-ports)
	556	del_transient_ports
	557	;;
bdddc715 QX	558	start-ovs-ipsec)
	559	start_ovs_ipsec
	560	;;
	561	stop-ovs-ipsec)
	562	stop_ovs_ipsec
	563	;;
43bb5f82 BP	564	help)
	565	usage
	566	;;
	567	'')
	568	echo >&2 "$0: missing command name (use --help for help)"
	569	exit 1
	570	;;
	571	*)
	572	echo >&2 "$0: unknown command \"$command\" (use --help for help)"
	573	exit 1
	574	;;
	575	esac