]> git.proxmox.com Git - mirror_ovs.git/blob - tutorial/ovs-sandbox
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
sandbox: disable ssl for backup ovn southbound db
[mirror_ovs.git] / tutorial / ovs-sandbox
1 #! /bin/sh
2 #
3 # Copyright (c) 2013, 2015, 2016 Nicira, Inc.
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at:
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16
17 set -e
18
19 run() {
20 (cd "$sandbox" && "$@") || exit 1
21 }
22
23 run_xterm() {
24 title=$1;
25 shift
26 run xterm -T "$title" -e "$@" &
27 }
28
29 rungdb() {
30 under_gdb=$1
31 gdb_run=$2
32 shift
33 shift
34
35 # Remove the --detach and to put the process under gdb control.
36 # Also remove --vconsole:off to allow error message to show up
37 # on the console.
38 # Use "DISPLAY" variable to determine out if X is supported
39 if $under_gdb && [ "$DISPLAY" ]; then
40 args=`echo $@ |sed s/--detach//g | sed s/--vconsole:off//g`
41 xterm_title=$1
42
43 gdb_cmd=""
44 if $gdb_run; then
45 gdb_cmd="-ex run"
46 fi
47
48 run_xterm $xterm_title gdb $gdb_cmd --args $args
49 else
50 run $@
51 fi
52 }
53
54 gdb_vswitchd=false
55 gdb_ovsdb=false
56 gdb_vswitchd_ex=false
57 gdb_ovsdb_ex=false
58 gdb_ovn_northd=false
59 gdb_ovn_northd_ex=false
60 gdb_ovn_controller=false
61 gdb_ovn_controller_ex=false
62 gdb_ovn_controller_vtep=false
63 gdb_ovn_controller_vtep_ex=false
64 builddir=
65 srcdir=
66 schema=
67 installed=false
68 built=false
69 ovn=false
70 ovnsb_schema=
71 ovnnb_schema=
72 ovn_rbac=true
73 dummy=override
74
75 for option; do
76 # This option-parsing mechanism borrowed from a Autoconf-generated
77 # configure script under the following license:
78
79 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
80 # 2002, 2003, 2004, 2005, 2006, 2009, 2013 Free Software Foundation, Inc.
81 # This configure script is free software; the Free Software Foundation
82 # gives unlimited permission to copy, distribute and modify it.
83
84 # If the previous option needs an argument, assign it.
85 if test -n "$prev"; then
86 eval $prev=\$option
87 prev=
88 continue
89 fi
90 case $option in
91 *=*) optarg=`expr "X$option" : '[^=]*=\(.*\)'` ;;
92 *) optarg=yes ;;
93 esac
94
95 case $dashdash$option in
96 --)
97 dashdash=yes ;;
98 -h|--help)
99 cat <<EOF
100 ovs-sandbox, for starting a sandboxed dummy Open vSwitch environment
101 usage: $0 [OPTION...]
102
103 If you run ovs-sandbox from an OVS build directory, it uses the OVS that
104 you built. Otherwise, if you have an installed Open vSwitch, it uses
105 the installed version.
106
107 These options force ovs-sandbox to use a particular OVS build:
108 -b, --builddir=DIR specify Open vSwitch build directory
109 -s, --srcdir=DIR specify Open vSwitch source directory
110 These options force ovs-sandbox to use an installed Open vSwitch:
111 -i, --installed use installed Open vSwitch
112 -g, --gdb-vswitchd run ovs-vswitchd under gdb
113 -d, --gdb-ovsdb run ovsdb-server under gdb
114 --gdb-ovn-northd run ovn-northd under gdb
115 --gdb-ovn-controller run ovn-controller under gdb
116 --gdb-ovn-controller-vtep run ovn-controller-vtep under gdb
117 --dummy=ARG pass --enable-dummy=ARG to vswitchd (default: override)
118 -R, --gdb-run automatically start running the daemon in gdb
119 for any daemon set to run under gdb
120 -S, --schema=FILE use FILE as vswitch.ovsschema
121 -o, --ovn enable OVN
122 --no-ovn-rbac disable role-based access control for OVN
123
124 Other options:
125 -h, --help Print this usage message.
126 EOF
127 exit 0
128 ;;
129
130 --b*=*)
131 builddir=$optarg
132 built=:
133 ;;
134 -b|--b*)
135 prev=builddir
136 built=:
137 ;;
138 --sr*=*)
139 srcdir=$optarg
140 built=false
141 ;;
142 --dummy)
143 prev=dummy
144 ;;
145 --dummy=*)
146 dummy=$optarg
147 ;;
148 -s|--sr*)
149 prev=srcdir
150 built=false
151 ;;
152 -i|--installed)
153 installed=:
154 ;;
155 --sc*=*)
156 schema=$optarg
157 installed=:
158 ;;
159 -S|--sc*)
160 prev=schema
161 installed=:
162 ;;
163 -g|--gdb-v*)
164 gdb_vswitchd=true
165 gdb_vswitchd_ex=false
166 ;;
167 -e|--gdb-ex-v*)
168 gdb_vswitchd=true
169 gdb_vswitchd_ex=true
170 ;;
171 -d|--gdb-ovsdb)
172 gdb_ovsdb=true
173 gdb_ovsdb_ex=false
174 ;;
175 -r|--gdb-ex-o*)
176 gdb_ovsdb=true
177 gdb_ovsdb_ex=true
178 ;;
179 --gdb-ovn-northd)
180 gdb_ovn_northd=true
181 ;;
182 --gdb-ovn-controller)
183 gdb_ovn_controller=true
184 ;;
185 --gdb-ovn-controller-vtep)
186 gdb_ovn_controller_vtep=true
187 ;;
188 -o|--ovn)
189 ovn=true
190 ;;
191 --no-ovn-rbac)
192 ovn_rbac=false
193 ;;
194 -R|--gdb-run)
195 gdb_vswitchd_ex=true
196 gdb_ovsdb_ex=true
197 gdb_ovn_northd_ex=true
198 gdb_ovn_controller_ex=true
199 gdb_ovn_controller_vtep_ex=true
200 ;;
201 -*)
202 echo "unrecognized option $option (use --help for help)" >&2
203 exit 1
204 ;;
205 *)
206 echo "$option: non-option arguments not supported (use --help for help)" >&2
207 exit 1
208 ;;
209 esac
210 shift
211 done
212
213 if $installed && $built; then
214 echo "sorry, conflicting options (use --help for help)" >&2
215 exit 1
216 elif $installed || $built; then
217 :
218 elif test -e vswitchd/ovs-vswitchd; then
219 built=:
220 builddir=.
221 elif (ovs-vswitchd --version) >/dev/null 2>&1; then
222 installed=:
223 else
224 echo "can't find an OVS build or install (use --help for help)" >&2
225 exit 1
226 fi
227
228 if $built; then
229 if test ! -e "$builddir"/vswitchd/ovs-vswitchd; then
230 echo "$builddir does not appear to be an OVS build directory" >&2
231 exit 1
232 fi
233 builddir=`cd $builddir && pwd`
234
235 # Find srcdir.
236 case $srcdir in
237 '')
238 srcdir=$builddir
239 if test ! -e "$srcdir"/README.rst; then
240 srcdir=`cd $builddir/.. && pwd`
241 fi
242 ;;
243 /*) ;;
244 *) srcdir=`pwd`/$srcdir ;;
245 esac
246 schema=$srcdir/vswitchd/vswitch.ovsschema
247 if test ! -e "$schema"; then
248 echo >&2 'source directory not found, please use --srcdir'
249 exit 1
250 fi
251 if $ovn; then
252 ovnsb_schema=$srcdir/ovn/ovn-sb.ovsschema
253 if test ! -e "$ovnsb_schema"; then
254 echo >&2 'source directory not found, please use --srcdir'
255 exit 1
256 fi
257 ovnnb_schema=$srcdir/ovn/ovn-nb.ovsschema
258 if test ! -e "$ovnnb_schema"; then
259 echo >&2 'source directory not found, please use --srcdir'
260 exit 1
261 fi
262 vtep_schema=$srcdir/vtep/vtep.ovsschema
263 if test ! -e "$vtep_schema"; then
264 echo >&2 'source directory not found, please use --srcdir'
265 exit 1
266 fi
267 fi
268
269 # Put built tools early in $PATH.
270 if test ! -e $builddir/vswitchd/ovs-vswitchd; then
271 echo >&2 'build not found, please change set $builddir or change directory'
272 exit 1
273 fi
274 PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH
275 if $ovn; then
276 PATH=$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH
277 fi
278 export PATH
279 else
280 case $schema in
281 '')
282 for schema in \
283 /usr/local/share/openvswitch/vswitch.ovsschema \
284 /usr/share/openvswitch/vswitch.ovsschema \
285 none; do
286 if test -r $schema; then
287 break
288 fi
289 done
290 ;;
291 /*) ;;
292 *) schema=`pwd`/$schema ;;
293 esac
294 if test ! -r "$schema"; then
295 echo "can't find vswitch.ovsschema, please specify --schema" >&2
296 exit 1
297 fi
298 if $ovn; then
299 echo "running with ovn is only supported from the build dir." >&2
300 exit 1
301 fi
302 fi
303
304 # Create sandbox.
305 rm -rf sandbox
306 mkdir sandbox
307 sandbox=`cd sandbox && pwd`
308
309 # Set up environment for OVS programs to sandbox themselves.
310 OVS_RUNDIR=$sandbox; export OVS_RUNDIR
311 OVS_LOGDIR=$sandbox; export OVS_LOGDIR
312 OVS_DBDIR=$sandbox; export OVS_DBDIR
313 OVS_SYSCONFDIR=$sandbox; export OVS_SYSCONFDIR
314
315 if $built; then
316 # Easy access to OVS manpages.
317 (cd "$builddir" && ${MAKE-make} install-man mandir="$sandbox"/man)
318 MANPATH=$sandbox/man:; export MANPATH
319 fi
320
321 # Ensure cleanup.
322 trap 'kill `cat "$sandbox"/*.pid`' 0 1 2 3 13 14 15
323
324 # Create database and start ovsdb-server.
325 touch "$sandbox"/.conf.db.~lock~
326 run ovsdb-tool create conf.db "$schema"
327 ovsdb_server_args=
328 if $ovn; then
329 touch "$sandbox"/.ovnsb.db.~lock~
330 touch "$sandbox"/.ovnnb.db.~lock~
331 run ovsdb-tool create ovnsb.db "$ovnsb_schema"
332 run ovsdb-tool create ovnsb2.db "$ovnsb_schema"
333 run ovsdb-tool create ovnnb.db "$ovnnb_schema"
334 run ovsdb-tool create vtep.db "$vtep_schema"
335 ovsdb_server_args="vtep.db conf.db"
336 ovsdb_sb_server_args="ovnsb.db"
337 ovsdb_sb_backup_server_args="ovnsb2.db"
338 ovsdb_nb_server_args="ovnnb.db"
339
340 if [ "$HAVE_OPENSSL" = yes ]; then
341 OVS_PKI="run ovs-pki --dir=$sandbox/pki --log=$sandbox/ovs-pki.log"
342 $OVS_PKI -B 1024 init
343 $OVS_PKI -B 1024 req+sign ovnsb switch
344 $OVS_PKI -B 1024 req+sign ovnnb switch
345 $OVS_PKI -B 1024 -u req+sign chassis-1 switch
346 fi
347 fi
348 rungdb $gdb_ovsdb $gdb_ovsdb_ex ovsdb-server --detach --no-chdir --pidfile -vconsole:off --log-file \
349 --remote=punix:"$sandbox"/db.sock $ovsdb_server_args
350 if $ovn; then
351 rungdb $gdb_ovsdb $gdb_ovsdb_ex ovsdb-server --detach --no-chdir \
352 --pidfile="$sandbox"/ovnnb_db.pid -vconsole:off \
353 --log-file="$sandbox"/ovnnb_db.log \
354 --remote=db:OVN_Northbound,NB_Global,connections \
355 --private-key=db:OVN_Northbound,SSL,private_key \
356 --certificate=db:OVN_Northbound,SSL,certificate \
357 --ca-cert=db:OVN_Northbound,SSL,ca_cert \
358 --ssl-protocols=db:OVN_Northbound,SSL,ssl_protocols \
359 --ssl-ciphers=db:OVN_Northbound,SSL,ssl_ciphers \
360 --remote=punix:"$sandbox"/ovnnb_db.sock $ovsdb_nb_server_args
361 rungdb $gdb_ovsdb $gdb_ovsdb_ex ovsdb-server --detach --no-chdir \
362 --pidfile="$sandbox"/ovnsb_db.pid -vconsole:off \
363 --log-file="$sandbox"/ovnsb_db.log \
364 --remote=db:OVN_Southbound,SB_Global,connections \
365 --private-key=db:OVN_Southbound,SSL,private_key \
366 --certificate=db:OVN_Southbound,SSL,certificate \
367 --ca-cert=db:OVN_Southbound,SSL,ca_cert \
368 --ssl-protocols=db:OVN_Southbound,SSL,ssl_protocols \
369 --ssl-ciphers=db:OVN_Southbound,SSL,ssl_ciphers \
370 --remote=punix:"$sandbox"/ovnsb_db.sock $ovsdb_sb_server_args
371 # Start SB back up server
372 rungdb $gdb_ovsdb $gdb_ovsdb_ex ovsdb-server --detach --no-chdir \
373 --pidfile="$sandbox"/ovnsb_db2.pid -vconsole:off \
374 --log-file="$sandbox"/ovnsb_db2.log \
375 --private-key=db:OVN_Southbound,SSL,private_key \
376 --certificate=db:OVN_Southbound,SSL,certificate \
377 --ca-cert=db:OVN_Southbound,SSL,ca_cert \
378 --remote=punix:"$sandbox"/ovnsb_db2.sock \
379 --unixctl="$sandbox"/sb_backup_unixctl \
380 --sync-from=unix:"$sandbox"/ovnsb_db.sock $ovsdb_sb_backup_server_args
381 fi
382
383 #Add a small delay to allow ovsdb-server to launch.
384 sleep 0.1
385
386 #Wait for ovsdb-server to finish launching.
387 if test ! -e "$sandbox"/db.sock; then
388 echo -n "Waiting for ovsdb-server to start..."
389 while test ! -e "$sandbox"/db.sock; do
390 sleep 1;
391 done
392 echo " Done"
393 fi
394
395 # Initialize database.
396 run ovs-vsctl --no-wait -- init
397
398 # Start ovs-vswitchd.
399 rungdb $gdb_vswitchd $gdb_vswitchd_ex ovs-vswitchd --detach --no-chdir --pidfile -vconsole:off --log-file \
400 --enable-dummy=$dummy -vvconn -vnetdev_dummy
401
402 if $ovn; then
403 ovn-nbctl init
404 ovn-sbctl init
405
406 ovs-vsctl set open . external-ids:system-id=chassis-1
407 ovs-vsctl set open . external-ids:hostname=sandbox
408 ovs-vsctl set open . external-ids:ovn-encap-type=geneve
409 ovs-vsctl set open . external-ids:ovn-encap-ip=127.0.0.1
410
411 if [ "$HAVE_OPENSSL" = yes ]; then
412 ovn-nbctl set-ssl $sandbox/ovnnb-privkey.pem $sandbox/ovnnb-cert.pem $sandbox/pki/switchca/cacert.pem
413 ovn-nbctl set-connection pssl:6641
414 ovn-sbctl set-ssl $sandbox/ovnsb-privkey.pem $sandbox/ovnsb-cert.pem $sandbox/pki/switchca/cacert.pem
415 if $ovn_rbac; then
416 ovn-sbctl set-connection role=ovn-controller pssl:6642
417 else
418 ovn-sbctl set-connection pssl:6642
419 fi
420 ovs-vsctl set open . external-ids:ovn-remote=ssl:127.0.0.1:6642
421 OVN_CTRLR_PKI="-p $sandbox/chassis-1-privkey.pem -c $sandbox/chassis-1-cert.pem -C $sandbox/pki/switchca/cacert.pem"
422 else
423 ovs-vsctl set open . external-ids:ovn-remote=unix:"$sandbox"/ovnsb_db.sock
424 OVN_CTRLR_PKI=""
425 fi
426 rungdb $gdb_ovn_northd $gdb_ovn_northd_ex ovn-northd --detach \
427 --no-chdir --pidfile -vconsole:off --log-file \
428 --ovnsb-db=unix:"$sandbox"/ovnsb_db.sock \
429 --ovnnb-db=unix:"$sandbox"/ovnnb_db.sock
430 rungdb $gdb_ovn_controller $gdb_ovn_controller_ex ovn-controller \
431 $OVN_CTRLR_PKI --detach --no-chdir --pidfile -vconsole:off --log-file
432 rungdb $gdb_ovn_controller_vtep $gdb_ovn_controller_vtep_ex \
433 ovn-controller-vtep --detach --no-chdir --pidfile -vconsole:off \
434 $OVN_CTRLR_PKI --log-file --ovnsb-db=unix:"$sandbox"/ovnsb_db.sock
435 fi
436
437 cat <<EOF
438
439
440
441 ----------------------------------------------------------------------
442 You are running in a dummy Open vSwitch environment. You can use
443 ovs-vsctl, ovs-ofctl, ovs-appctl, and other tools to work with the
444 dummy switch.
445
446 EOF
447 if $ovn; then cat << EOF
448 This environment also has the OVN daemons and databases enabled.
449 You can use ovn-nbctl and ovn-sbctl to interact with the OVN databases.
450
451 The backup server of OVN SB can be accessed by:
452 * ovn-sbctl --db=unix:`pwd`/sandbox/ovnsb_db2.sock
453 * ovs-appctl -t `pwd`/sandbox/sb_backup_unixctl
454 The backup database file is "sandbox"/ovnsb2.db
455
456
457 EOF
458 fi
459 cat <<EOF
460 Log files, pidfiles, and the configuration database are in the
461 "sandbox" subdirectory.
462
463 Exit the shell to kill the running daemons.
464 EOF
465
466 status=0; $SHELL || status=$?
467
468 cat <<EOF
469 ----------------------------------------------------------------------
470
471
472
473 EOF
474
475 exit $status
openvswitch mirror