]> git.proxmox.com Git - mirror_ovs.git/blob - tutorial/ovs-sandbox
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ovn: ssl proto/cipher configuration in nb/sb db
[mirror_ovs.git] / tutorial / ovs-sandbox
1 #! /bin/sh
2 #
3 # Copyright (c) 2013, 2015, 2016 Nicira, Inc.
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at:
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16
17 set -e
18
19 run() {
20 (cd "$sandbox" && "$@") || exit 1
21 }
22
23 run_xterm() {
24 title=$1;
25 shift
26 run xterm -T "$title" -e "$@" &
27 }
28
29 rungdb() {
30 under_gdb=$1
31 gdb_run=$2
32 shift
33 shift
34
35 # Remove the --detach and to put the process under gdb control.
36 # Also remove --vconsole:off to allow error message to show up
37 # on the console.
38 # Use "DISPLAY" variable to determine out if X is supported
39 if $under_gdb && [ "$DISPLAY" ]; then
40 args=`echo $@ |sed s/--detach//g | sed s/--vconsole:off//g`
41 xterm_title=$1
42
43 gdb_cmd=""
44 if $gdb_run; then
45 gdb_cmd="-ex run"
46 fi
47
48 run_xterm $xterm_title gdb $gdb_cmd --args $args
49 else
50 run $@
51 fi
52 }
53
54 gdb_vswitchd=false
55 gdb_ovsdb=false
56 gdb_vswitchd_ex=false
57 gdb_ovsdb_ex=false
58 gdb_ovn_northd=false
59 gdb_ovn_northd_ex=false
60 gdb_ovn_controller=false
61 gdb_ovn_controller_ex=false
62 gdb_ovn_controller_vtep=false
63 gdb_ovn_controller_vtep_ex=false
64 builddir=
65 srcdir=
66 schema=
67 installed=false
68 built=false
69 ovn=false
70 ovnsb_schema=
71 ovnnb_schema=
72 dummy=override
73
74 for option; do
75 # This option-parsing mechanism borrowed from a Autoconf-generated
76 # configure script under the following license:
77
78 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
79 # 2002, 2003, 2004, 2005, 2006, 2009, 2013 Free Software Foundation, Inc.
80 # This configure script is free software; the Free Software Foundation
81 # gives unlimited permission to copy, distribute and modify it.
82
83 # If the previous option needs an argument, assign it.
84 if test -n "$prev"; then
85 eval $prev=\$option
86 prev=
87 continue
88 fi
89 case $option in
90 *=*) optarg=`expr "X$option" : '[^=]*=\(.*\)'` ;;
91 *) optarg=yes ;;
92 esac
93
94 case $dashdash$option in
95 --)
96 dashdash=yes ;;
97 -h|--help)
98 cat <<EOF
99 ovs-sandbox, for starting a sandboxed dummy Open vSwitch environment
100 usage: $0 [OPTION...]
101
102 If you run ovs-sandbox from an OVS build directory, it uses the OVS that
103 you built. Otherwise, if you have an installed Open vSwitch, it uses
104 the installed version.
105
106 These options force ovs-sandbox to use a particular OVS build:
107 -b, --builddir=DIR specify Open vSwitch build directory
108 -s, --srcdir=DIR specify Open vSwitch source directory
109 These options force ovs-sandbox to use an installed Open vSwitch:
110 -i, --installed use installed Open vSwitch
111 -g, --gdb-vswitchd run ovs-vswitchd under gdb
112 -d, --gdb-ovsdb run ovsdb-server under gdb
113 --gdb-ovn-northd run ovn-northd under gdb
114 --gdb-ovn-controller run ovn-controller under gdb
115 --gdb-ovn-controller-vtep run ovn-controller-vtep under gdb
116 --dummy=ARG pass --enable-dummy=ARG to vswitchd (default: override)
117 -R, --gdb-run automatically start running the daemon in gdb
118 for any daemon set to run under gdb
119 -S, --schema=FILE use FILE as vswitch.ovsschema
120 -o, --ovn enable OVN
121
122 Other options:
123 -h, --help Print this usage message.
124 EOF
125 exit 0
126 ;;
127
128 --b*=*)
129 builddir=$optarg
130 built=:
131 ;;
132 -b|--b*)
133 prev=builddir
134 built=:
135 ;;
136 --sr*=*)
137 srcdir=$optarg
138 built=false
139 ;;
140 --dummy)
141 prev=dummy
142 ;;
143 --dummy=*)
144 dummy=$optarg
145 ;;
146 -s|--sr*)
147 prev=srcdir
148 built=false
149 ;;
150 -i|--installed)
151 installed=:
152 ;;
153 --sc*=*)
154 schema=$optarg
155 installed=:
156 ;;
157 -S|--sc*)
158 prev=schema
159 installed=:
160 ;;
161 -g|--gdb-v*)
162 gdb_vswitchd=true
163 gdb_vswitchd_ex=false
164 ;;
165 -e|--gdb-ex-v*)
166 gdb_vswitchd=true
167 gdb_vswitchd_ex=true
168 ;;
169 -d|--gdb-ovsdb)
170 gdb_ovsdb=true
171 gdb_ovsdb_ex=false
172 ;;
173 -r|--gdb-ex-o*)
174 gdb_ovsdb=true
175 gdb_ovsdb_ex=true
176 ;;
177 --gdb-ovn-northd)
178 gdb_ovn_northd=true
179 ;;
180 --gdb-ovn-controller)
181 gdb_ovn_controller=true
182 ;;
183 --gdb-ovn-controller-vtep)
184 gdb_ovn_controller_vtep=true
185 ;;
186 -o|--ovn)
187 ovn=true
188 ;;
189 -R|--gdb-run)
190 gdb_vswitchd_ex=true
191 gdb_ovsdb_ex=true
192 gdb_ovn_northd_ex=true
193 gdb_ovn_controller_ex=true
194 gdb_ovn_controller_vtep_ex=true
195 ;;
196 -*)
197 echo "unrecognized option $option (use --help for help)" >&2
198 exit 1
199 ;;
200 *)
201 echo "$option: non-option arguments not supported (use --help for help)" >&2
202 exit 1
203 ;;
204 esac
205 shift
206 done
207
208 if $installed && $built; then
209 echo "sorry, conflicting options (use --help for help)" >&2
210 exit 1
211 elif $installed || $built; then
212 :
213 elif test -e vswitchd/ovs-vswitchd; then
214 built=:
215 builddir=.
216 elif (ovs-vswitchd --version) >/dev/null 2>&1; then
217 installed=:
218 else
219 echo "can't find an OVS build or install (use --help for help)" >&2
220 exit 1
221 fi
222
223 if $built; then
224 if test ! -e "$builddir"/vswitchd/ovs-vswitchd; then
225 echo "$builddir does not appear to be an OVS build directory" >&2
226 exit 1
227 fi
228 builddir=`cd $builddir && pwd`
229
230 # Find srcdir.
231 case $srcdir in
232 '')
233 srcdir=$builddir
234 if test ! -e "$srcdir"/README.rst; then
235 srcdir=`cd $builddir/.. && pwd`
236 fi
237 ;;
238 /*) ;;
239 *) srcdir=`pwd`/$srcdir ;;
240 esac
241 schema=$srcdir/vswitchd/vswitch.ovsschema
242 if test ! -e "$schema"; then
243 echo >&2 'source directory not found, please use --srcdir'
244 exit 1
245 fi
246 if $ovn; then
247 ovnsb_schema=$srcdir/ovn/ovn-sb.ovsschema
248 if test ! -e "$ovnsb_schema"; then
249 echo >&2 'source directory not found, please use --srcdir'
250 exit 1
251 fi
252 ovnnb_schema=$srcdir/ovn/ovn-nb.ovsschema
253 if test ! -e "$ovnnb_schema"; then
254 echo >&2 'source directory not found, please use --srcdir'
255 exit 1
256 fi
257 vtep_schema=$srcdir/vtep/vtep.ovsschema
258 if test ! -e "$vtep_schema"; then
259 echo >&2 'source directory not found, please use --srcdir'
260 exit 1
261 fi
262 fi
263
264 # Put built tools early in $PATH.
265 if test ! -e $builddir/vswitchd/ovs-vswitchd; then
266 echo >&2 'build not found, please change set $builddir or change directory'
267 exit 1
268 fi
269 PATH=$builddir/ovsdb:$builddir/vswitchd:$builddir/utilities:$builddir/vtep:$PATH
270 if $ovn; then
271 PATH=$builddir/ovn/controller:$builddir/ovn/controller-vtep:$builddir/ovn/northd:$builddir/ovn/utilities:$PATH
272 fi
273 export PATH
274 else
275 case $schema in
276 '')
277 for schema in \
278 /usr/local/share/openvswitch/vswitch.ovsschema \
279 /usr/share/openvswitch/vswitch.ovsschema \
280 none; do
281 if test -r $schema; then
282 break
283 fi
284 done
285 ;;
286 /*) ;;
287 *) schema=`pwd`/$schema ;;
288 esac
289 if test ! -r "$schema"; then
290 echo "can't find vswitch.ovsschema, please specify --schema" >&2
291 exit 1
292 fi
293 if $ovn; then
294 echo "running with ovn is only supported from the build dir." >&2
295 exit 1
296 fi
297 fi
298
299 # Create sandbox.
300 rm -rf sandbox
301 mkdir sandbox
302 sandbox=`cd sandbox && pwd`
303
304 # Set up environment for OVS programs to sandbox themselves.
305 OVS_RUNDIR=$sandbox; export OVS_RUNDIR
306 OVS_LOGDIR=$sandbox; export OVS_LOGDIR
307 OVS_DBDIR=$sandbox; export OVS_DBDIR
308 OVS_SYSCONFDIR=$sandbox; export OVS_SYSCONFDIR
309
310 if $built; then
311 # Easy access to OVS manpages.
312 (cd "$builddir" && ${MAKE-make} install-man mandir="$sandbox"/man)
313 MANPATH=$sandbox/man:; export MANPATH
314 fi
315
316 # Ensure cleanup.
317 trap 'kill `cat "$sandbox"/*.pid`' 0 1 2 3 13 14 15
318
319 # Create database and start ovsdb-server.
320 touch "$sandbox"/.conf.db.~lock~
321 run ovsdb-tool create conf.db "$schema"
322 ovsdb_server_args=
323 if $ovn; then
324 touch "$sandbox"/.ovnsb.db.~lock~
325 touch "$sandbox"/.ovnnb.db.~lock~
326 run ovsdb-tool create ovnsb.db "$ovnsb_schema"
327 run ovsdb-tool create ovnsb2.db "$ovnsb_schema"
328 run ovsdb-tool create ovnnb.db "$ovnnb_schema"
329 run ovsdb-tool create vtep.db "$vtep_schema"
330 ovsdb_server_args="vtep.db conf.db"
331 ovsdb_sb_server_args="ovnsb.db"
332 ovsdb_sb_backup_server_args="ovnsb2.db"
333 ovsdb_nb_server_args="ovnnb.db"
334
335 if [ "$HAVE_OPENSSL" = yes ]; then
336 OVS_PKI="run ovs-pki --dir=$sandbox/pki --log=$sandbox/ovs-pki.log"
337 $OVS_PKI -B 1024 init
338 $OVS_PKI -B 1024 req+sign ovnsb switch
339 $OVS_PKI -B 1024 req+sign ovnnb switch
340 $OVS_PKI -B 1024 req+sign ovn-controller switch
341 fi
342 fi
343 rungdb $gdb_ovsdb $gdb_ovsdb_ex ovsdb-server --detach --no-chdir --pidfile -vconsole:off --log-file \
344 --remote=punix:"$sandbox"/db.sock $ovsdb_server_args
345 if $ovn; then
346 rungdb $gdb_ovsdb $gdb_ovsdb_ex ovsdb-server --detach --no-chdir \
347 --pidfile="$sandbox"/ovnnb_db.pid -vconsole:off \
348 --log-file="$sandbox"/ovnnb_db.log \
349 --remote=db:OVN_Northbound,NB_Global,connections \
350 --private-key=db:OVN_Northbound,SSL,private_key \
351 --certificate=db:OVN_Northbound,SSL,certificate \
352 --ca-cert=db:OVN_Northbound,SSL,ca_cert \
353 --ssl-protocols=db:OVN_Northbound,SSL,ssl_protocols \
354 --ssl-ciphers=db:OVN_Northbound,SSL,ssl_ciphers \
355 --remote=punix:"$sandbox"/ovnnb_db.sock $ovsdb_nb_server_args
356 rungdb $gdb_ovsdb $gdb_ovsdb_ex ovsdb-server --detach --no-chdir \
357 --pidfile="$sandbox"/ovnsb_db.pid -vconsole:off \
358 --log-file="$sandbox"/ovnsb_db.log \
359 --remote=db:OVN_Southbound,SB_Global,connections \
360 --private-key=db:OVN_Southbound,SSL,private_key \
361 --certificate=db:OVN_Southbound,SSL,certificate \
362 --ca-cert=db:OVN_Southbound,SSL,ca_cert \
363 --ssl-protocols=db:OVN_Southbound,SSL,ssl_protocols \
364 --ssl-ciphers=db:OVN_Southbound,SSL,ssl_ciphers \
365 --remote=punix:"$sandbox"/ovnsb_db.sock $ovsdb_sb_server_args
366 # Start SB back up server
367 rungdb $gdb_ovsdb $gdb_ovsdb_ex ovsdb-server --detach --no-chdir \
368 --pidfile="$sandbox"/ovnsb_db2.pid -vconsole:off \
369 --log-file="$sandbox"/ovnsb_db2.log \
370 --remote=db:OVN_Southbound,SB_Global,connections \
371 --private-key=db:OVN_Southbound,SSL,private_key \
372 --certificate=db:OVN_Southbound,SSL,certificate \
373 --ca-cert=db:OVN_Southbound,SSL,ca_cert \
374 --remote=punix:"$sandbox"/ovnsb_db2.sock \
375 --unixctl="$sandbox"/sb_backup_unixctl \
376 --sync-from=unix:"$sandbox"/ovnsb_db.sock $ovsdb_sb_backup_server_args
377 fi
378
379 #Add a small delay to allow ovsdb-server to launch.
380 sleep 0.1
381
382 #Wait for ovsdb-server to finish launching.
383 if test ! -e "$sandbox"/db.sock; then
384 echo -n "Waiting for ovsdb-server to start..."
385 while test ! -e "$sandbox"/db.sock; do
386 sleep 1;
387 done
388 echo " Done"
389 fi
390
391 # Initialize database.
392 run ovs-vsctl --no-wait -- init
393
394 # Start ovs-vswitchd.
395 rungdb $gdb_vswitchd $gdb_vswitchd_ex ovs-vswitchd --detach --no-chdir --pidfile -vconsole:off --log-file \
396 --enable-dummy=$dummy -vvconn -vnetdev_dummy
397
398 if $ovn; then
399 ovn-nbctl init
400 ovn-sbctl init
401
402 ovs-vsctl set open . external-ids:system-id=56b18105-5706-46ef-80c4-ff20979ab068
403 ovs-vsctl set open . external-ids:hostname=sandbox
404 ovs-vsctl set open . external-ids:ovn-encap-type=geneve
405 ovs-vsctl set open . external-ids:ovn-encap-ip=127.0.0.1
406
407 if [ "$HAVE_OPENSSL" = yes ]; then
408 ovn-nbctl set-ssl $sandbox/ovnnb-privkey.pem $sandbox/ovnnb-cert.pem $sandbox/pki/switchca/cacert.pem
409 ovn-nbctl set-connection pssl:6641
410 ovn-sbctl set-ssl $sandbox/ovnsb-privkey.pem $sandbox/ovnsb-cert.pem $sandbox/pki/switchca/cacert.pem
411 ovn-sbctl set-connection pssl:6642
412 ovs-vsctl set open . external-ids:ovn-remote=ssl:127.0.0.1:6642
413 OVN_CTRLR_PKI="-p $sandbox/ovn-controller-privkey.pem -c $sandbox/ovn-controller-cert.pem -C $sandbox/pki/switchca/cacert.pem"
414 else
415 ovs-vsctl set open . external-ids:ovn-remote=unix:"$sandbox"/ovnsb_db.sock
416 OVN_CTRLR_PKI=""
417 fi
418 rungdb $gdb_ovn_northd $gdb_ovn_northd_ex ovn-northd --detach \
419 --no-chdir --pidfile -vconsole:off --log-file \
420 --ovnsb-db=unix:"$sandbox"/ovnsb_db.sock \
421 --ovnnb-db=unix:"$sandbox"/ovnnb_db.sock
422 rungdb $gdb_ovn_controller $gdb_ovn_controller_ex ovn-controller \
423 $OVN_CTRLR_PKI --detach --no-chdir --pidfile -vconsole:off --log-file
424 rungdb $gdb_ovn_controller_vtep $gdb_ovn_controller_vtep_ex \
425 ovn-controller-vtep --detach --no-chdir --pidfile -vconsole:off \
426 $OVN_CTRLR_PKI --log-file --ovnsb-db=unix:"$sandbox"/ovnsb_db.sock
427 fi
428
429 cat <<EOF
430
431
432
433 ----------------------------------------------------------------------
434 You are running in a dummy Open vSwitch environment. You can use
435 ovs-vsctl, ovs-ofctl, ovs-appctl, and other tools to work with the
436 dummy switch.
437
438 EOF
439 if $ovn; then cat << EOF
440 This environment also has the OVN daemons and databases enabled.
441 You can use ovn-nbctl and ovn-sbctl to interact with the OVN databases.
442
443 The backup server of OVN SB can be accessed by:
444 * ovn-sbctl --db=unix:`pwd`/sandbox/ovnsb_db2.sock
445 * ovs-appctl -t `pwd`/sandbox/sb_backup_unixctl
446 The backup database file is "sandbox"/ovnsb2.db
447
448
449 EOF
450 fi
451 cat <<EOF
452 Log files, pidfiles, and the configuration database are in the
453 "sandbox" subdirectory.
454
455 Exit the shell to kill the running daemons.
456 EOF
457
458 status=0; $SHELL || status=$?
459
460 cat <<EOF
461 ----------------------------------------------------------------------
462
463
464
465 EOF
466
467 exit $status
openvswitch mirror