[mirror_ovs.git] / utilities / ovs-ctl.in

#! /bin/sh
# Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014, 2016, 2017 Nicira, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

case $0 in
    */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
    *) dir0=./ ;;
esac
. "$dir0/ovs-lib" || exit 1

for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
    case :$PATH: in
        *:$dir:*) ;;
        *) PATH=$PATH:$dir ;;
    esac
done

## ----- ##
## start ##
## ----- ##

insert_mods () {
    # Try loading openvswitch again.
    action "Inserting openvswitch module" modprobe openvswitch
}

insert_mod_if_required () {
    # If this kernel has no module support, expect we're done.
    if test ! -e /proc/modules
    then
        log_success_msg "Kernel has no loadable module support. Skipping modprobe"
        return 0
    fi

    # If openvswitch is already loaded then we're done.
    test -e /sys/module/openvswitch && return 0

    # Load openvswitch.  If that's successful then we're done.
    insert_mods && return 0

    # If the bridge module is loaded, then that might be blocking
    # openvswitch.  Try to unload it, if there are no bridges.
    test -e /sys/module/bridge || return 1
    bridges=`echo /sys/class/net/*/bridge | sed 's,/sys/class/net/,,g;s,/bridge,,g'`
    if test "$bridges" != "*"; then
        log_warning_msg "not removing bridge module because bridges exist ($bridges)"
        return 1
    fi
    action "removing bridge module" rmmod bridge || return 1

    # Try loading openvswitch again.
    insert_mods
}

set_hostname () {
    # 'hostname -f' needs network connectivity to work.  So we should
    # call this only after ovs-vswitchd is running.
    ovs_vsctl set Open_vSwitch . external-ids:hostname="$(hostname -f)"
}

set_system_ids () {
    set ovs_vsctl set Open_vSwitch .

    OVS_VERSION=`ovs-vswitchd --version | awk '/Open vSwitch/{print $NF}'`
    set "$@" ovs-version="$OVS_VERSION"

    case $SYSTEM_ID in
        random)
            id_file=$etcdir/system-id.conf
            uuid_file=$etcdir/install_uuid.conf
            if test -e "$id_file"; then
                SYSTEM_ID=`cat "$id_file"`
            elif test -e "$uuid_file"; then
                # Migrate from old file name.
                . "$uuid_file"
                SYSTEM_ID=$INSTALLATION_UUID
                echo "$SYSTEM_ID" > "$id_file"
            elif SYSTEM_ID=`uuidgen`; then
                echo "$SYSTEM_ID" > "$id_file"
            else
                log_failure_msg "missing uuidgen, could not generate system ID"
            fi
            ;;

        '')
            log_failure_msg "system ID not configured, please use --system-id"
            ;;

        *)
            ;;
    esac
    set "$@" external-ids:system-id="\"$SYSTEM_ID\""

    set "$@" external-ids:rundir="\"$rundir\""

    if test X"$SYSTEM_TYPE" != X; then
        set "$@" system-type="\"$SYSTEM_TYPE\""
    else
        log_failure_msg "no default system type, please use --system-type"
    fi

    if test X"$SYSTEM_VERSION" != X; then
        set "$@" system-version="\"$SYSTEM_VERSION\""
    else
        log_failure_msg "no default system version, please use --system-version"
    fi

    action "Configuring Open vSwitch system IDs" "$@" $extra_ids
}

check_force_cores () {
    if test X"$FORCE_COREFILES" = Xyes; then
        ulimit -c 67108864
    fi
}

del_transient_ports () {
    for port in `ovs-vsctl --bare -- --columns=name find port other_config:transient=true`; do
        ovs_vsctl -- del-port "$port"
    done
}

do_start_ovsdb () {
    check_force_cores

    if daemon_is_running ovsdb-server; then
        log_success_msg "ovsdb-server is already running"
    else
        # Create initial database or upgrade database schema.
        upgrade_db $DB_FILE $DB_SCHEMA || return 1

        # Start ovsdb-server.
        set ovsdb-server "$DB_FILE"
        for db in $EXTRA_DBS; do
            case $db in
                /*) ;;
                *) db=$dbdir/$db ;;
            esac

            if test ! -f "$db"; then
                log_warning_msg "$db (from \$EXTRA_DBS) does not exist."
            elif ovsdb-tool db-version "$db" >/dev/null; then
                set "$@" "$db"
            else
                log_warning_msg "$db (from \$EXTRA_DBS) cannot be read as a database (see error message above)"
            fi
        done
        if test X"$SELF_CONFINEMENT" = Xno; then
            set "$@" --no-self-confinement
        fi
        set "$@" -vconsole:emer -vsyslog:err -vfile:info
        set "$@" --remote=punix:"$DB_SOCK"
        set "$@" --private-key=db:Open_vSwitch,SSL,private_key
        set "$@" --certificate=db:Open_vSwitch,SSL,certificate
        set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
        [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"

        start_daemon "$OVSDB_SERVER_PRIORITY" "$OVSDB_SERVER_WRAPPER" "$@" \
            || return 1

        # Initialize database settings.
        ovs_vsctl -- init -- set Open_vSwitch . db-version="$schemaver" \
            || return 1
        set_system_ids || return 1
        if test X"$DELETE_BRIDGES" = Xyes; then
            for bridge in `ovs_vsctl list-br`; do
                ovs_vsctl del-br $bridge
            done
        fi
        if test X"$DELETE_TRANSIENT_PORTS" = Xyes; then
            del_transient_ports
        fi
    fi
}

start_ovsdb() {
    if test X"$OVSDB_SERVER" = Xyes; then
        do_start_ovsdb || return 1
    fi
    return 0
}

add_managers () {
    # Now that ovs-vswitchd has started and completed its initial
    # configuration, tell ovsdb-server to connect to the remote managers.  We
    # used to do this at ovsdb-server startup time, but waiting for
    # ovs-vswitchd to finish configuring means that remote managers see less
    # churn in the database at startup or restart.  (For example, managers
    # won't briefly see empty datapath-id or ofport columns for records that
    # exist at startup.)
    if test X"$OVSDB_SERVER" = Xyes || test X"$OVS_VSWITCHD" = Xyes; then
        if daemon_is_running ovsdb-server \
                && daemon_is_running ovs-vswitchd; then
            action "Enabling remote OVSDB managers" \
                   ovs-appctl -t ovsdb-server ovsdb-server/add-remote \
                   db:Open_vSwitch,Open_vSwitch,manager_options
        fi
    fi
}

do_start_forwarding () {
    check_force_cores

    insert_mod_if_required || return 1

    if daemon_is_running ovs-vswitchd; then
        log_success_msg "ovs-vswitchd is already running"
    else
        # Increase the limit on the number of open file descriptors.
        # On Linux, ovs-vswitchd needs about three file descriptors
        # per bridge and "n-handler-threads" file descriptors per bridge
        # port, so this allows a very large number of bridges and ports.
        MAXFD=65535
        if [ $(ulimit -n) -lt $MAXFD ]; then
            ulimit -n $MAXFD
        fi

        # Start ovs-vswitchd.
        set ovs-vswitchd unix:"$DB_SOCK"
        set "$@" -vconsole:emer -vsyslog:err -vfile:info
        if test X"$MLOCKALL" != Xno; then
            set "$@" --mlockall
        fi
        if test X"$SELF_CONFINEMENT" = Xno; then
            set "$@" --no-self-confinement
        fi
        [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"

        start_daemon "$OVS_VSWITCHD_PRIORITY" "$OVS_VSWITCHD_WRAPPER" "$@" ||
            return 1
    fi
}

start_forwarding () {
    if test X"$OVS_VSWITCHD" = Xyes; then
        do_start_forwarding || return 1
    fi
    set_hostname &
    return 0
}

## ---- ##
## stop ##
## ---- ##

stop_ovsdb () {
    if test X"$OVSDB_SERVER" = Xyes; then
        stop_daemon ovsdb-server
    fi
}

stop_forwarding () {
    if test X"$OVS_VSWITCHD" = Xyes; then
        stop_daemon ovs-vswitchd
    fi
}

## --------------- ##
## enable-protocol ##
## --------------- ##

enable_protocol () {
    # Translate the protocol name to a number, because "iptables -n -L" prints
    # some protocols by name (despite the -n) and therefore we need to look for
    # both forms.
    #
    # (iptables -S output is more uniform but old iptables doesn't have it.)
    protonum=`grep "^$PROTOCOL[ 	]" /etc/protocols | awk '{print $2}'`
    if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
        log_failure_msg "unknown protocol $PROTOCOL"
        return 1
    fi

    name=$PROTOCOL
    match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
    insert="iptables -I INPUT -p $PROTOCOL"
    if test X"$DPORT" != X; then
        name="$name to port $DPORT"
        match="$match && /dpt:$DPORT/"
        insert="$insert --dport $DPORT"
    fi
    if test X"$SPORT" != X; then
        name="$name from port $SPORT"
        match="$match && /spt:$SPORT/"
        insert="$insert --sport $SPORT"
    fi
    insert="$insert -j ACCEPT"

    if (iptables -n -L INPUT) >/dev/null 2>&1; then
        if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
        then
            # There's already a rule for this protocol.  Don't override it.
            log_success_msg "iptables already has a rule for $name, not explicitly enabling"
        else
            action "Enabling $name with iptables" $insert
        fi
    elif (iptables --version) >/dev/null 2>&1; then
        action "cannot list iptables rules, not adding a rule for $name"
    else
        action "iptables binary not installed, not adding a rule for $name"
    fi
}

## ---- ##
## main ##
## ---- ##

set_defaults () {
    SYSTEM_ID=

    DELETE_BRIDGES=no
    DELETE_TRANSIENT_PORTS=no

    DAEMON_CWD=/
    FORCE_COREFILES=yes
    MLOCKALL=yes
    SELF_CONFINEMENT=yes
    MONITOR=yes
    OVS_USER=
    OVSDB_SERVER=yes
    OVS_VSWITCHD=yes
    OVSDB_SERVER_PRIORITY=-10
    OVS_VSWITCHD_PRIORITY=-10
    OVSDB_SERVER_WRAPPER=
    OVS_VSWITCHD_WRAPPER=

    DB_FILE=$dbdir/conf.db
    DB_SOCK=$rundir/db.sock
    DB_SCHEMA=$datadir/vswitch.ovsschema
    EXTRA_DBS=

    PROTOCOL=gre
    DPORT=
    SPORT=

    type_file=$etcdir/system-type.conf
    version_file=$etcdir/system-version.conf

    if test -e "$type_file" ; then
        SYSTEM_TYPE=`cat $type_file`
        SYSTEM_VERSION=`cat $version_file`
    elif test -e "@sysconfdir@/os-release"; then
        SYSTEM_TYPE=`. '@sysconfdir@/os-release' && echo "$ID"`
        SYSTEM_VERSION=`. '@sysconfdir@/os-release' && echo "$VERSION_ID"`
    elif (lsb_release --id) >/dev/null 2>&1; then
        SYSTEM_TYPE=`lsb_release --id -s`
        system_release=`lsb_release --release -s`
        system_codename=`lsb_release --codename -s`
        SYSTEM_VERSION="${system_release}-${system_codename}"
    else
        SYSTEM_TYPE=unknown
        SYSTEM_VERSION=unknown
    fi
}

usage () {
    set_defaults
    cat <<EOF
$0: controls Open vSwitch daemons
usage: $0 [OPTIONS] COMMAND

This program is intended to be invoked internally by Open vSwitch startup
scripts.  System administrators should not normally invoke it directly.

Commands:
  start                   start Open vSwitch daemons
  stop                    stop Open vSwitch daemons
  restart                 stop and start Open vSwitch daemons
  status                  check whether Open vSwitch daemons are running
  version                 print versions of Open vSwitch daemons
  load-kmod               insert modules if not already present
  force-reload-kmod       save OVS network device state, stop OVS, unload kernel
                          module, reload kernel module, start OVS, restore state
  enable-protocol         enable protocol specified in options with iptables
  delete-transient-ports  delete transient (other_config:transient=true) ports
  help                    display this help message

One of the following options is required for "start", "restart" and "force-reload-kmod":
  --system-id=UUID   set specific ID to uniquely identify this system
  --system-id=random  use a random but persistent UUID to identify this system

Other important options for "start", "restart" and "force-reload-kmod":
  --system-type=TYPE  set system type (e.g. "XenServer")
  --system-version=VERSION  set system version (e.g. "5.6.100-39265p")
  --external-id="key=value"
                     add given key-value pair to Open_vSwitch external-ids
  --delete-bridges   delete all bridges just before starting ovs-vswitchd
  --ovs-user="user[:group]"  pass the --user flag to ovs daemons

Less important options for "start", "restart" and "force-reload-kmod":
  --daemon-cwd=DIR               set working dir for OVS daemons (default: $DAEMON_CWD)
  --no-force-corefiles           do not force on core dumps for OVS daemons
  --no-mlockall                  do not lock all of ovs-vswitchd into memory
  --ovsdb-server-priority=NICE   set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
  --ovs-vswitchd-priority=NICE   set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)

Debugging options for "start", "restart" and "force-reload-kmod":
  --ovsdb-server-wrapper=WRAPPER
  --ovs-vswitchd-wrapper=WRAPPER
     run specified daemon under WRAPPER (either 'valgrind' or 'strace')

File location options:
  --db-file=FILE     database file name (default: $DB_FILE)
  --db-sock=SOCKET   JSON-RPC socket name (default: $DB_SOCK)
  --db-schema=FILE   database schema file name (default: $DB_SCHEMA)

Options for "enable-protocol":
  --protocol=PROTOCOL  protocol to enable with iptables (default: gre)
  --sport=PORT       source port to match (for tcp or udp protocol)
  --dport=PORT       ddestination port to match (for tcp or udp protocol)

Other options:
  -h, --help                  display this help message
  -V, --version               display version information

Default directories with "configure" option and environment variable override:
  logs: @LOGDIR@ (--with-logdir, OVS_LOGDIR)
  pidfiles and sockets: @RUNDIR@ (--with-rundir, OVS_RUNDIR)
  conf.db: @DBDIR@ (--with-dbdir, OVS_DBDIR)
  system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
  data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
  user binaries: @bindir@ (--bindir, OVS_BINDIR)
  system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)

Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
EOF

    exit 0
}

set_option () {
    var=`echo "$option" | tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
    eval set=\${$var+yes}
    eval old_value=\$$var
    if test X$set = X || \
        (test $type = bool && \
        test X"$old_value" != Xno && test X"$old_value" != Xyes); then
        echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
        return
    fi
    eval $var=\$value
}

daemons () {
    echo ovsdb-server ovs-vswitchd
}

set_defaults
extra_ids=
command=
for arg
do
    case $arg in
        -h | --help)
            usage
            ;;
        -V | --version)
            echo "$0 (Open vSwitch) $VERSION"
            exit 0
            ;;
        --external-id=*)
            value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
            case $value in
                *=*)
                    extra_ids="$extra_ids external-ids:$value"
                    ;;
                *)
                    echo >&2 "$0: --external-id argument not in the form \"key=value\""
                    exit 1
                    ;;
            esac
            ;;
        --[a-z]*=*)
            option=`expr X"$arg" : 'X--\([^=]*\)'`
            value=`expr X"$arg" : 'X[^=]*=\(.*\)'`
            type=string
            set_option
            ;;
        --no-[a-z]*)
            option=`expr X"$arg" : 'X--no-\(.*\)'`
            value=no
            type=bool
            set_option
            ;;
        --[a-z]*)
            option=`expr X"$arg" : 'X--\(.*\)'`
            value=yes
            type=bool
            set_option
            ;;
        -*)
            echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
            exit 1
            ;;
        *)
            if test X"$command" = X; then
                command=$arg
            else
                echo >&2 "$0: exactly one non-option argument required (use --help for help)"
                exit 1
            fi
            ;;
    esac
done
case $command in
    start)
        start_ovsdb || exit 1
        start_forwarding || exit 1
        add_managers
        ;;
    stop)
        stop_forwarding
        stop_ovsdb
        ;;
    restart)
        restart
        ;;
    status)
        rc=0
        for daemon in `daemons`; do
            daemon_status $daemon || rc=$?
        done
        exit $rc
        ;;
    version)
        for daemon in `daemons`; do
            $daemon --version
        done
        ;;
    force-reload-kmod)
            force_reload_kmod
        ;;
    load-kmod)
        insert_mod_if_required
        ;;
    enable-protocol)
        enable_protocol
        ;;
    delete-transient-ports)
        del_transient_ports
        ;;
    help)
        usage
        ;;
    '')
        echo >&2 "$0: missing command name (use --help for help)"
        exit 1
        ;;
    *)
        echo >&2 "$0: unknown command \"$command\" (use --help for help)"
        exit 1
        ;;
esac
Commit	Line	Data
43bb5f82	1	#! /bin/sh
34d4f74d	2	# Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014, 2016, 2017 Nicira, Inc.
43bb5f82 BP	3	#
	4	# Licensed under the Apache License, Version 2.0 (the "License");
	5	# you may not use this file except in compliance with the License.
	6	# You may obtain a copy of the License at:
	7	#
	8	# http://www.apache.org/licenses/LICENSE-2.0
	9	#
	10	# Unless required by applicable law or agreed to in writing, software
	11	# distributed under the License is distributed on an "AS IS" BASIS,
	12	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	# See the License for the specific language governing permissions and
	14	# limitations under the License.
	15
	16	case $0 in
	17	/) dir0=`echo "$0" \| sed 's,/[^/]*$,,'` ;;
	18	*) dir0=./ ;;
	19	esac
d422c118	20	. "$dir0/ovs-lib" \|\| exit 1
43bb5f82 BP	21
	22	for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
	23	case :$PATH: in
	24	:$dir:) ;;
	25	*) PATH=$PATH:$dir ;;
	26	esac
	27	done
	28
	29	## ----- ##
	30	## start ##
	31	## ----- ##
	32
a6df8ea0 TG	33	insert_mods () {
	34	# Try loading openvswitch again.
	35	action "Inserting openvswitch module" modprobe openvswitch
a6df8ea0 TG	36	}
a6df8ea0 TG	37
0a69a5e4	38	insert_mod_if_required () {
42165119 PB	39	# If this kernel has no module support, expect we're done.
	40	if test ! -e /proc/modules
	41	then
	42	log_success_msg "Kernel has no loadable module support. Skipping modprobe"
	43	return 0
	44	fi
	45
9b80f761	46	# If openvswitch is already loaded then we're done.
87530bc1	47	test -e /sys/module/openvswitch && return 0
43bb5f82	48
9b80f761	49	# Load openvswitch. If that's successful then we're done.
a6df8ea0	50	insert_mods && return 0
43bb5f82 BP	51
43bb5f82 BP	52	# If the bridge module is loaded, then that might be blocking
9b80f761	53	# openvswitch. Try to unload it, if there are no bridges.
43bb5f82 BP	54	test -e /sys/module/bridge \|\| return 1
	55	bridges=`echo /sys/class/net/*/bridge \| sed 's,/sys/class/net/,,g;s,/bridge,,g'`
	56	if test "$bridges" != "*"; then
	57	log_warning_msg "not removing bridge module because bridges exist ($bridges)"
	58	return 1
	59	fi
	60	action "removing bridge module" rmmod bridge \|\| return 1
	61
9b80f761	62	# Try loading openvswitch again.
a6df8ea0	63	insert_mods
43bb5f82 BP	64	}
43bb5f82 BP	65
6ff72646 GS	66	set_hostname () {
	67	# 'hostname -f' needs network connectivity to work. So we should
	68	# call this only after ovs-vswitchd is running.
	69	ovs_vsctl set Open_vSwitch . external-ids:hostname="$(hostname -f)"
	70	}
	71
43bb5f82 BP	72	set_system_ids () {
	73	set ovs_vsctl set Open_vSwitch .
	74
40c23a57	75	OVS_VERSION=`ovs-vswitchd --version \| awk '/Open vSwitch/{print $NF}'`
43bb5f82 BP	76	set "$@" ovs-version="$OVS_VERSION"
	77
	78	case $SYSTEM_ID in
	79	random)
	80	id_file=$etcdir/system-id.conf
	81	uuid_file=$etcdir/install_uuid.conf
	82	if test -e "$id_file"; then
	83	SYSTEM_ID=`cat "$id_file"`
	84	elif test -e "$uuid_file"; then
	85	# Migrate from old file name.
	86	. "$uuid_file"
	87	SYSTEM_ID=$INSTALLATION_UUID
	88	echo "$SYSTEM_ID" > "$id_file"
	89	elif SYSTEM_ID=`uuidgen`; then
	90	echo "$SYSTEM_ID" > "$id_file"
	91	else
	92	log_failure_msg "missing uuidgen, could not generate system ID"
	93	fi
	94	;;
	95
	96	'')
	97	log_failure_msg "system ID not configured, please use --system-id"
	98	;;
	99
	100	*)
	101	;;
	102	esac
	103	set "$@" external-ids:system-id="\"$SYSTEM_ID\""
	104
34d4f74d RW	105	set "$@" external-ids:rundir="\"$rundir\""
34d4f74d RW	106
43bb5f82 BP	107	if test X"$SYSTEM_TYPE" != X; then
	108	set "$@" system-type="\"$SYSTEM_TYPE\""
	109	else
	110	log_failure_msg "no default system type, please use --system-type"
	111	fi
	112
	113	if test X"$SYSTEM_VERSION" != X; then
	114	set "$@" system-version="\"$SYSTEM_VERSION\""
	115	else
	116	log_failure_msg "no default system version, please use --system-version"
	117	fi
	118
	119	action "Configuring Open vSwitch system IDs" "$@" $extra_ids
	120	}
	121
522839ab	122	check_force_cores () {
43bb5f82	123	if test X"$FORCE_COREFILES" = Xyes; then
a5d873f4	124	ulimit -c 67108864
43bb5f82	125	fi
522839ab	126	}
43bb5f82	127
54b21db7 TLSC	128	del_transient_ports () {
	129	for port in `ovs-vsctl --bare -- --columns=name find port other_config:transient=true`; do
	130	ovs_vsctl -- del-port "$port"
	131	done
	132	}
	133
7fc28c50	134	do_start_ovsdb () {
522839ab	135	check_force_cores
43bb5f82 BP	136
43bb5f82 BP	137	if daemon_is_running ovsdb-server; then
c707d418	138	log_success_msg "ovsdb-server is already running"
43bb5f82	139	else
c707d418	140	# Create initial database or upgrade database schema.
2db1b5d8	141	upgrade_db $DB_FILE $DB_SCHEMA \|\| return 1
c707d418 JP	142
	143	# Start ovsdb-server.
	144	set ovsdb-server "$DB_FILE"
b4e8d170 BP	145	for db in $EXTRA_DBS; do
	146	case $db in
	147	/*) ;;
	148	*) db=$dbdir/$db ;;
	149	esac
	150
	151	if test ! -f "$db"; then
	152	log_warning_msg "$db (from \$EXTRA_DBS) does not exist."
	153	elif ovsdb-tool db-version "$db" >/dev/null; then
	154	set "$@" "$db"
	155	else
	156	log_warning_msg "$db (from \$EXTRA_DBS) cannot be read as a database (see error message above)"
	157	fi
	158	done
81d2f75c AA	159	if test X"$SELF_CONFINEMENT" = Xno; then
	160	set "$@" --no-self-confinement
	161	fi
c707d418 JP	162	set "$@" -vconsole:emer -vsyslog:err -vfile:info
c707d418 JP	163	set "$@" --remote=punix:"$DB_SOCK"
4206b80f HM	164	set "$@" --private-key=db:Open_vSwitch,SSL,private_key
	165	set "$@" --certificate=db:Open_vSwitch,SSL,certificate
	166	set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
9ab5390d AC	167	[ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
9ab5390d AC	168
c707d418	169	start_daemon "$OVSDB_SERVER_PRIORITY" "$OVSDB_SERVER_WRAPPER" "$@" \
d0c06099	170	\|\| return 1
43bb5f82	171
c707d418 JP	172	# Initialize database settings.
	173	ovs_vsctl -- init -- set Open_vSwitch . db-version="$schemaver" \
	174	\|\| return 1
	175	set_system_ids \|\| return 1
	176	if test X"$DELETE_BRIDGES" = Xyes; then
43bb5f82	177	for bridge in `ovs_vsctl list-br`; do
c6f4d298	178	ovs_vsctl del-br $bridge
43bb5f82	179	done
c707d418	180	fi
54b21db7 TLSC	181	if test X"$DELETE_TRANSIENT_PORTS" = Xyes; then
	182	del_transient_ports
	183	fi
43bb5f82	184	fi
522839ab JP	185	}
522839ab JP	186
7fc28c50 AC	187	start_ovsdb() {
7fc28c50 AC	188	if test X"$OVSDB_SERVER" = Xyes; then
452a1f59	189	do_start_ovsdb \|\| return 1
7fc28c50	190	fi
452a1f59	191	return 0
7fc28c50 AC	192	}
7fc28c50 AC	193
1259a0c4 GS	194	add_managers () {
1259a0c4 GS	195	# Now that ovs-vswitchd has started and completed its initial
e3f9dfb0	196	# configuration, tell ovsdb-server to connect to the remote managers. We
1259a0c4 GS	197	# used to do this at ovsdb-server startup time, but waiting for
	198	# ovs-vswitchd to finish configuring means that remote managers see less
	199	# churn in the database at startup or restart. (For example, managers
	200	# won't briefly see empty datapath-id or ofport columns for records that
	201	# exist at startup.)
0cfd47f9 AC	202	if test X"$OVSDB_SERVER" = Xyes \|\| test X"$OVS_VSWITCHD" = Xyes; then
	203	if daemon_is_running ovsdb-server \
	204	&& daemon_is_running ovs-vswitchd; then
	205	action "Enabling remote OVSDB managers" \
	206	ovs-appctl -t ovsdb-server ovsdb-server/add-remote \
	207	db:Open_vSwitch,Open_vSwitch,manager_options
	208	fi
	209	fi
1259a0c4 GS	210	}
1259a0c4 GS	211
7fc28c50	212	do_start_forwarding () {
522839ab JP	213	check_force_cores
	214
	215	insert_mod_if_required \|\| return 1
43bb5f82 BP	216
43bb5f82 BP	217	if daemon_is_running ovs-vswitchd; then
c707d418	218	log_success_msg "ovs-vswitchd is already running"
43bb5f82	219	else
c707d418	220	# Increase the limit on the number of open file descriptors.
991d922c	221	# On Linux, ovs-vswitchd needs about three file descriptors
7a6cf343 AW	222	# per bridge and "n-handler-threads" file descriptors per bridge
	223	# port, so this allows a very large number of bridges and ports.
	224	MAXFD=65535
bfe4277e TG	225	if [ $(ulimit -n) -lt $MAXFD ]; then
	226	ulimit -n $MAXFD
	227	fi
c707d418	228
81d2f75c AA	229	# Start ovs-vswitchd.
	230	set ovs-vswitchd unix:"$DB_SOCK"
	231	set "$@" -vconsole:emer -vsyslog:err -vfile:info
	232	if test X"$MLOCKALL" != Xno; then
	233	set "$@" --mlockall
	234	fi
	235	if test X"$SELF_CONFINEMENT" = Xno; then
	236	set "$@" --no-self-confinement
	237	fi
9ab5390d AC	238	[ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
9ab5390d AC	239
452a1f59 MC	240	start_daemon "$OVS_VSWITCHD_PRIORITY" "$OVS_VSWITCHD_WRAPPER" "$@" \|\|
452a1f59 MC	241	return 1
43bb5f82 BP	242	fi
	243	}
	244
7fc28c50 AC	245	start_forwarding () {
7fc28c50 AC	246	if test X"$OVS_VSWITCHD" = Xyes; then
452a1f59	247	do_start_forwarding \|\| return 1
7fc28c50	248	fi
6ff72646	249	set_hostname &
452a1f59	250	return 0
7fc28c50 AC	251	}
7fc28c50 AC	252
43bb5f82 BP	253	## ---- ##
	254	## stop ##
	255	## ---- ##
	256
522839ab	257	stop_ovsdb () {
7fc28c50 AC	258	if test X"$OVSDB_SERVER" = Xyes; then
	259	stop_daemon ovsdb-server
	260	fi
522839ab JP	261	}
	262
	263	stop_forwarding () {
7fc28c50 AC	264	if test X"$OVS_VSWITCHD" = Xyes; then
	265	stop_daemon ovs-vswitchd
	266	fi
43bb5f82 BP	267	}
43bb5f82 BP	268
b3a375f2 BP	269	## --------------- ##
	270	## enable-protocol ##
	271	## --------------- ##
	272
	273	enable_protocol () {
b053c7c1 BP	274	# Translate the protocol name to a number, because "iptables -n -L" prints
	275	# some protocols by name (despite the -n) and therefore we need to look for
	276	# both forms.
	277	#
	278	# (iptables -S output is more uniform but old iptables doesn't have it.)
	279	protonum=`grep "^$PROTOCOL[ ]" /etc/protocols \| awk '{print $2}'`
	280	if expr X"$protonum" : X'[0-9]\{1,\}$' > /dev/null; then :; else
	281	log_failure_msg "unknown protocol $PROTOCOL"
	282	return 1
	283	fi
	284
b3a375f2	285	name=$PROTOCOL
b053c7c1 BP	286	match="(\$2 == \"$PROTOCOL\" \|\| \$2 == $protonum)"
b053c7c1 BP	287	insert="iptables -I INPUT -p $PROTOCOL"
b3a375f2	288	if test X"$DPORT" != X; then
b3a375f2	289	name="$name to port $DPORT"
b053c7c1 BP	290	match="$match && /dpt:$DPORT/"
b053c7c1 BP	291	insert="$insert --dport $DPORT"
b3a375f2 BP	292	fi
b3a375f2 BP	293	if test X"$SPORT" != X; then
b3a375f2	294	name="$name from port $SPORT"
b053c7c1 BP	295	match="$match && /spt:$SPORT/"
b053c7c1 BP	296	insert="$insert --sport $SPORT"
b3a375f2	297	fi
b3a375f2 BP	298	insert="$insert -j ACCEPT"
b3a375f2 BP	299
b053c7c1 BP	300	if (iptables -n -L INPUT) >/dev/null 2>&1; then
	301	if iptables -n -L INPUT \| awk "$match { n++ } END { exit n == 0 }"
	302	then
	303	# There's already a rule for this protocol. Don't override it.
	304	log_success_msg "iptables already has a rule for $name, not explicitly enabling"
	305	else
	306	action "Enabling $name with iptables" $insert
	307	fi
b3a375f2	308	elif (iptables --version) >/dev/null 2>&1; then
b3a375f2	309	action "cannot list iptables rules, not adding a rule for $name"
2ae9d860 BP	310	else
2ae9d860 BP	311	action "iptables binary not installed, not adding a rule for $name"
b3a375f2 BP	312	fi
	313	}
	314
43bb5f82 BP	315	## ---- ##
	316	## main ##
	317	## ---- ##
	318
	319	set_defaults () {
	320	SYSTEM_ID=
	321
	322	DELETE_BRIDGES=no
54b21db7	323	DELETE_TRANSIENT_PORTS=no
43bb5f82 BP	324
	325	DAEMON_CWD=/
	326	FORCE_COREFILES=yes
	327	MLOCKALL=yes
81d2f75c	328	SELF_CONFINEMENT=yes
48458307	329	MONITOR=yes
9ab5390d	330	OVS_USER=
7fc28c50 AC	331	OVSDB_SERVER=yes
7fc28c50 AC	332	OVS_VSWITCHD=yes
43bb5f82 BP	333	OVSDB_SERVER_PRIORITY=-10
43bb5f82 BP	334	OVS_VSWITCHD_PRIORITY=-10
d0c06099 BP	335	OVSDB_SERVER_WRAPPER=
d0c06099 BP	336	OVS_VSWITCHD_WRAPPER=
43bb5f82	337
f973f2af	338	DB_FILE=$dbdir/conf.db
43bb5f82 BP	339	DB_SOCK=$rundir/db.sock
43bb5f82 BP	340	DB_SCHEMA=$datadir/vswitch.ovsschema
b4e8d170	341	EXTRA_DBS=
43bb5f82	342
b3a375f2 BP	343	PROTOCOL=gre
	344	DPORT=
	345	SPORT=
	346
a685eb5a GS	347	type_file=$etcdir/system-type.conf
	348	version_file=$etcdir/system-version.conf
	349
	350	if test -e "$type_file" ; then
	351	SYSTEM_TYPE=`cat $type_file`
	352	SYSTEM_VERSION=`cat $version_file`
c60d6b09	353	elif test -e "@sysconfdir@/os-release"; then
2c96044f BP	354	SYSTEM_TYPE=`. '@sysconfdir@/os-release' && echo "$ID"`
2c96044f BP	355	SYSTEM_VERSION=`. '@sysconfdir@/os-release' && echo "$VERSION_ID"`
a685eb5a	356	elif (lsb_release --id) >/dev/null 2>&1; then
43bb5f82 BP	357	SYSTEM_TYPE=`lsb_release --id -s`
	358	system_release=`lsb_release --release -s`
	359	system_codename=`lsb_release --codename -s`
	360	SYSTEM_VERSION="${system_release}-${system_codename}"
	361	else
	362	SYSTEM_TYPE=unknown
	363	SYSTEM_VERSION=unknown
	364	fi
	365	}
	366
	367	usage () {
	368	set_defaults
	369	cat <<EOF
	370	$0: controls Open vSwitch daemons
	371	usage: $0 [OPTIONS] COMMAND
	372
	373	This program is intended to be invoked internally by Open vSwitch startup
	374	scripts. System administrators should not normally invoke it directly.
	375
	376	Commands:
61c7478a TR	377	start start Open vSwitch daemons
	378	stop stop Open vSwitch daemons
	379	restart stop and start Open vSwitch daemons
	380	status check whether Open vSwitch daemons are running
	381	version print versions of Open vSwitch daemons
	382	load-kmod insert modules if not already present
	383	force-reload-kmod save OVS network device state, stop OVS, unload kernel
	384	module, reload kernel module, start OVS, restore state
	385	enable-protocol enable protocol specified in options with iptables
	386	delete-transient-ports delete transient (other_config:transient=true) ports
	387	help display this help message
43bb5f82	388
a4175433	389	One of the following options is required for "start", "restart" and "force-reload-kmod":
43bb5f82 BP	390	--system-id=UUID set specific ID to uniquely identify this system
	391	--system-id=random use a random but persistent UUID to identify this system
	392
a4175433	393	Other important options for "start", "restart" and "force-reload-kmod":
43bb5f82 BP	394	--system-type=TYPE set system type (e.g. "XenServer")
	395	--system-version=VERSION set system version (e.g. "5.6.100-39265p")
	396	--external-id="key=value"
	397	add given key-value pair to Open_vSwitch external-ids
	398	--delete-bridges delete all bridges just before starting ovs-vswitchd
9ab5390d	399	--ovs-user="user[:group]" pass the --user flag to ovs daemons
43bb5f82	400
a4175433	401	Less important options for "start", "restart" and "force-reload-kmod":
9fc47ed7 BP	402	--daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD)
	403	--no-force-corefiles do not force on core dumps for OVS daemons
	404	--no-mlockall do not lock all of ovs-vswitchd into memory
	405	--ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
	406	--ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
9fc47ed7	407
a4175433	408	Debugging options for "start", "restart" and "force-reload-kmod":
d0c06099	409	--ovsdb-server-wrapper=WRAPPER
d0c06099 BP	410	--ovs-vswitchd-wrapper=WRAPPER
	411	run specified daemon under WRAPPER (either 'valgrind' or 'strace')
	412
43bb5f82 BP	413	File location options:
	414	--db-file=FILE database file name (default: $DB_FILE)
	415	--db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
	416	--db-schema=FILE database schema file name (default: $DB_SCHEMA)
	417
9fc47ed7	418	Options for "enable-protocol":
b3a375f2 BP	419	--protocol=PROTOCOL protocol to enable with iptables (default: gre)
	420	--sport=PORT source port to match (for tcp or udp protocol)
	421	--dport=PORT ddestination port to match (for tcp or udp protocol)
	422
43bb5f82 BP	423	Other options:
	424	-h, --help display this help message
	425	-V, --version display version information
	426
	427	Default directories with "configure" option and environment variable override:
f973f2af BP	428	logs: @LOGDIR@ (--with-logdir, OVS_LOGDIR)
	429	pidfiles and sockets: @RUNDIR@ (--with-rundir, OVS_RUNDIR)
	430	conf.db: @DBDIR@ (--with-dbdir, OVS_DBDIR)
43bb5f82 BP	431	system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
	432	data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
	433	user binaries: @bindir@ (--bindir, OVS_BINDIR)
	434	system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)
	435
	436	Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
	437	EOF
	438
	439	exit 0
	440	}
	441
	442	set_option () {
	443	var=`echo "$option" \| tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
	444	eval set=\${$var+yes}
	445	eval old_value=\$$var
	446	if test X$set = X \|\| \
	447	(test $type = bool && \
	448	test X"$old_value" != Xno && test X"$old_value" != Xyes); then
	449	echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
	450	return
	451	fi
	452	eval $var=\$value
	453	}
	454
9fc47ed7 BP	455	daemons () {
9fc47ed7 BP	456	echo ovsdb-server ovs-vswitchd
9fc47ed7 BP	457	}
9fc47ed7 BP	458
43bb5f82 BP	459	set_defaults
	460	extra_ids=
	461	command=
	462	for arg
	463	do
	464	case $arg in
	465	-h \| --help)
	466	usage
	467	;;
	468	-V \| --version)
8a07709c	469	echo "$0 (Open vSwitch) $VERSION"
43bb5f82 BP	470	exit 0
	471	;;
	472	--external-id=*)
	473	value=`expr X"$arg" : 'X[^=]=\(.\)'`
	474	case $value in
	475	=)
	476	extra_ids="$extra_ids external-ids:$value"
	477	;;
	478	*)
	479	echo >&2 "$0: --external-id argument not in the form \"key=value\""
	480	exit 1
	481	;;
	482	esac
	483	;;
	484	--[a-z]=)
	485	option=`expr X"$arg" : 'X--\([^=]*\)'`
	486	value=`expr X"$arg" : 'X[^=]=\(.\)'`
	487	type=string
	488	set_option
	489	;;
	490	--no-[a-z]*)
	491	option=`expr X"$arg" : 'X--no-\(.*\)'`
	492	value=no
	493	type=bool
	494	set_option
	495	;;
	496	--[a-z]*)
	497	option=`expr X"$arg" : 'X--\(.*\)'`
	498	value=yes
	499	type=bool
	500	set_option
	501	;;
	502	-*)
	503	echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
	504	exit 1
	505	;;
	506	*)
	507	if test X"$command" = X; then
	508	command=$arg
	509	else
	510	echo >&2 "$0: exactly one non-option argument required (use --help for help)"
	511	exit 1
	512	fi
	513	;;
	514	esac
	515	done
	516	case $command in
	517	start)
9fc789b9	518	start_ovsdb \|\| exit 1
452a1f59	519	start_forwarding \|\| exit 1
1259a0c4	520	add_managers
43bb5f82 BP	521	;;
43bb5f82 BP	522	stop)
522839ab JP	523	stop_forwarding
522839ab JP	524	stop_ovsdb
43bb5f82	525	;;
a4175433 GS	526	restart)
	527	restart
	528	;;
43bb5f82	529	status)
9fc47ed7 BP	530	rc=0
	531	for daemon in `daemons`; do
	532	daemon_status $daemon \|\| rc=$?
	533	done
	534	exit $rc
43bb5f82 BP	535	;;
43bb5f82 BP	536	version)
9fc47ed7 BP	537	for daemon in `daemons`; do
	538	$daemon --version
	539	done
43bb5f82 BP	540	;;
43bb5f82 BP	541	force-reload-kmod)
5a0e4aec	542	force_reload_kmod
43bb5f82	543	;;
da3db88f SH	544	load-kmod)
	545	insert_mod_if_required
	546	;;
b3a375f2 BP	547	enable-protocol)
	548	enable_protocol
	549	;;
61c7478a TR	550	delete-transient-ports)
	551	del_transient_ports
	552	;;
43bb5f82 BP	553	help)
	554	usage
	555	;;
	556	'')
	557	echo >&2 "$0: missing command name (use --help for help)"
	558	exit 1
	559	;;
	560	*)
	561	echo >&2 "$0: unknown command \"$command\" (use --help for help)"
	562	exit 1
	563	;;
	564	esac