2 # Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014, 2016, 2017 Nicira, Inc.
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at:
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
17 */*) dir0
=`echo "$0" | sed 's,/[^/]*$,,'` ;;
20 .
"$dir0/ovs-lib" ||
exit 1
22 for dir
in "$sbindir" "$bindir" /sbin
/bin
/usr
/sbin
/usr
/bin
; do
27 $sbindir |
$bindir) PATH
=$dir:$PATH ;;
37 insert_mod_if_required
() {
38 ## This takes care of inserting any required kernel modules
43 # 'hostname -f' needs network connectivity to work. So we should
44 # call this only after ovs-vswitchd is running.
45 if test X
$FULL_HOSTNAME = Xyes
; then
46 hn
="$(hostname -f)" || hn
="$(uname -n)"
50 # Set the hostname if it wasn't set before
51 ovs_vsctl add Open_vSwitch . external-ids hostname
="$hn"
55 set ovs_vsctl
set Open_vSwitch .
57 OVS_VERSION
=`ovs-vswitchd --version | awk '/Open vSwitch/{print $NF}'`
58 set "$@" ovs-version
="$OVS_VERSION"
62 id_file
=$etcdir/system-id.conf
63 uuid_file
=$etcdir/install_uuid.conf
64 if test -e "$id_file"; then
65 SYSTEM_ID
=`cat "$id_file"`
66 elif test -e "$uuid_file"; then
67 # Migrate from old file name.
69 SYSTEM_ID
=$INSTALLATION_UUID
70 run_as_ovsuser
touch "$id_file"
71 echo "$SYSTEM_ID" > "$id_file"
72 elif SYSTEM_ID
=`uuidgen`; then
73 run_as_ovsuser
touch "$id_file"
74 echo "$SYSTEM_ID" > "$id_file"
76 log_failure_msg
"missing uuidgen, could not generate system ID"
81 log_failure_msg
"system ID not configured, please use --system-id"
87 set "$@" external-ids
:system-id
="\"$SYSTEM_ID\""
89 set "$@" external-ids
:rundir
="\"$rundir\""
91 if test X
"$SYSTEM_TYPE" != X
; then
92 set "$@" system-type
="\"$SYSTEM_TYPE\""
94 log_failure_msg
"no default system type, please use --system-type"
97 if test X
"$SYSTEM_VERSION" != X
; then
98 set "$@" system-version
="\"$SYSTEM_VERSION\""
100 log_failure_msg
"no default system version, please use --system-version"
103 action
"Configuring Open vSwitch system IDs" "$@" $extra_ids
106 check_force_cores
() {
107 if test X
"$FORCE_COREFILES" = Xyes
; then
112 del_transient_ports
() {
113 for port
in `ovs-vsctl --bare -- --columns=name find port other_config:transient=true`; do
114 ovs_vsctl
-- del-port
"$port"
121 if daemon_is_running ovsdb-server
; then
122 log_success_msg
"ovsdb-server is already running"
124 # Create initial database or upgrade database schema.
125 upgrade_db
$DB_FILE $DB_SCHEMA ||
return 1
127 # Start ovsdb-server.
128 set ovsdb-server
"$DB_FILE"
129 for db
in $EXTRA_DBS; do
135 if test ! -f "$db"; then
136 log_warning_msg
"$db (from \$EXTRA_DBS) does not exist."
137 elif ovsdb-tool db-version
"$db" >/dev
/null
; then
140 log_warning_msg
"$db (from \$EXTRA_DBS) cannot be read as a database (see error message above)"
143 if test X
"$SELF_CONFINEMENT" = Xno
; then
144 set "$@" --no-self-confinement
146 set "$@" -vconsole:emer
-vsyslog:err
-vfile:info
147 set "$@" --remote=punix
:"$DB_SOCK"
148 set "$@" --private-key=db
:Open_vSwitch
,SSL
,private_key
149 set "$@" --certificate=db
:Open_vSwitch
,SSL
,certificate
150 set "$@" --bootstrap-ca-cert=db
:Open_vSwitch
,SSL
,ca_cert
151 [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
152 [ "$OVSDB_SERVER_OPTIONS" != "" ] && set "$@" $OVSDB_SERVER_OPTIONS
154 start_daemon
"$OVSDB_SERVER_PRIORITY" "$OVSDB_SERVER_WRAPPER" "$@" \
157 # Initialize database settings.
158 ovs_vsctl
-- init
-- set Open_vSwitch . db-version
="$schemaver" \
160 set_system_ids ||
return 1
161 if test X
"$DELETE_BRIDGES" = Xyes
; then
162 for bridge
in `ovs_vsctl list-br`; do
163 ovs_vsctl del-br
$bridge
166 if test X
"$DELETE_TRANSIENT_PORTS" = Xyes
; then
173 if test X
"$OVSDB_SERVER" = Xyes
; then
174 do_start_ovsdb ||
return 1
180 # Tell ovsdb-server to connect to the remote managers. If ovs-vswitchd
181 # is not finished configuring, it may mean that remote managers will
182 # see more churn in the database at startup or restart. (For example,
183 # managers may briefly see empty datapath-id or ofport columns for
184 # records that exist at startup.). However, the alternative is a
185 # 'bricked' system, so we allow database connectivity regardless.
186 if test X
"$OVSDB_SERVER" = Xyes ||
test X
"$OVS_VSWITCHD" = Xyes
; then
187 if daemon_is_running ovsdb-server
; then
188 action
"Enabling remote OVSDB managers" \
189 ovs-appctl
-t ovsdb-server ovsdb-server
/add-remote \
190 db
:Open_vSwitch
,Open_vSwitch
,manager_options
195 do_start_forwarding
() {
198 insert_mod_if_required ||
return 1
200 if daemon_is_running ovs-vswitchd
; then
201 log_success_msg
"ovs-vswitchd is already running"
203 # Increase the limit on the number of open file descriptors.
204 # On Linux, ovs-vswitchd needs about three file descriptors
205 # per bridge and "n-handler-threads" file descriptors per bridge
206 # port, so this allows a very large number of bridges and ports.
208 if [ $
(ulimit -n) -lt $MAXFD ]; then
212 # Start ovs-vswitchd.
213 set ovs-vswitchd unix
:"$DB_SOCK"
214 set "$@" -vconsole:emer
-vsyslog:err
-vfile:info
215 if test X
"$MLOCKALL" != Xno
; then
218 if test X
"$SELF_CONFINEMENT" = Xno
; then
219 set "$@" --no-self-confinement
221 [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
222 [ "$OVS_VSWITCHD_OPTIONS" != "" ] &&set "$@" $OVS_VSWITCHD_OPTIONS
224 start_daemon
"$OVS_VSWITCHD_PRIORITY" "$OVS_VSWITCHD_WRAPPER" "$@" ||
229 start_forwarding
() {
230 if test X
"$OVS_VSWITCHD" = Xyes
; then
231 do_start_forwarding ||
return 1
238 if test X
$RESTART_IKE_DAEMON = Xno
; then
239 no_restart
="--no-restart-ike-daemon"
242 ${datadir}/scripts
/ovs-monitor-ipsec \
243 --pidfile=${rundir}/ovs-monitor-ipsec.pid \
244 --ike-daemon=$IKE_DAEMON \
246 --log-file --detach --monitor unix
:${rundir}/db.sock ||
return 1
255 if test X
"$OVSDB_SERVER" = Xyes
; then
256 stop_daemon ovsdb-server
261 if test X
"$OVS_VSWITCHD" = Xyes
; then
262 stop_daemon ovs-vswitchd
267 stop_daemon ovs-monitor-ipsec
270 ## --------------- ##
271 ## enable-protocol ##
272 ## --------------- ##
275 # Translate the protocol name to a number, because "iptables -n -L" prints
276 # some protocols by name (despite the -n) and therefore we need to look for
279 # (iptables -S output is more uniform but old iptables doesn't have it.)
280 protonum
=`grep "^$PROTOCOL[ ]" /etc/protocols | awk '{print $2}'`
281 if expr X
"$protonum" : X
'[0-9]\{1,\}$' > /dev
/null
; then :; else
282 log_failure_msg
"unknown protocol $PROTOCOL"
287 match
="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
288 insert
="iptables -I INPUT -p $PROTOCOL"
289 if test X
"$DPORT" != X
; then
290 name
="$name to port $DPORT"
291 match
="$match && /dpt:$DPORT/"
292 insert
="$insert --dport $DPORT"
294 if test X
"$SPORT" != X
; then
295 name
="$name from port $SPORT"
296 match
="$match && /spt:$SPORT/"
297 insert
="$insert --sport $SPORT"
299 insert
="$insert -j ACCEPT"
301 if (iptables
-n -L INPUT
) >/dev
/null
2>&1; then
302 if iptables
-n -L INPUT |
awk "$match { n++ } END { exit n == 0 }"
304 # There's already a rule for this protocol. Don't override it.
305 log_success_msg
"iptables already has a rule for $name, not explicitly enabling"
307 action
"Enabling $name with iptables" $insert
309 elif (iptables
--version) >/dev
/null
2>&1; then
310 action
"cannot list iptables rules, not adding a rule for $name"
312 action
"iptables binary not installed, not adding a rule for $name"
326 DELETE_TRANSIENT_PORTS
=no
336 OVSDB_SERVER_PRIORITY
=-10
337 OVS_VSWITCHD_PRIORITY
=-10
338 OVSDB_SERVER_WRAPPER
=
339 OVS_VSWITCHD_WRAPPER
=
340 OVSDB_SERVER_OPTIONS
=
341 OVS_VSWITCHD_OPTIONS
=
343 DB_FILE
=$dbdir/conf.db
344 DB_SOCK
=$rundir/db.sock
345 DB_SCHEMA
=$datadir/vswitch.ovsschema
353 RESTART_IKE_DAEMON
=yes
355 type_file
=$etcdir/system-type.conf
356 version_file
=$etcdir/system-version.conf
358 if test -e "$type_file" ; then
359 SYSTEM_TYPE
=`cat $type_file`
360 SYSTEM_VERSION
=`cat $version_file`
361 elif test -e "@sysconfdir@/os-release"; then
362 SYSTEM_TYPE
=`. '@sysconfdir@/os-release' && echo "$ID"`
363 SYSTEM_VERSION
=`. '@sysconfdir@/os-release' && echo "$VERSION_ID"`
364 elif (lsb_release
--id) >/dev
/null
2>&1; then
365 SYSTEM_TYPE
=`lsb_release --id -s`
366 system_release
=`lsb_release --release -s`
367 system_codename
=`lsb_release --codename -s`
368 SYSTEM_VERSION
="${system_release}-${system_codename}"
371 SYSTEM_VERSION
=unknown
378 $0: controls Open vSwitch daemons
379 usage: $0 [OPTIONS] COMMAND
381 This program is intended to be invoked internally by Open vSwitch startup
382 scripts. System administrators should not normally invoke it directly.
385 start start Open vSwitch daemons
386 stop stop Open vSwitch daemons
387 restart stop and start Open vSwitch daemons
388 status check whether Open vSwitch daemons are running
389 version print versions of Open vSwitch daemons
390 load-kmod insert modules if not already present
391 force-reload-kmod save OVS network device state, stop OVS, unload kernel
392 module, reload kernel module, start OVS, restore state
393 enable-protocol enable protocol specified in options with iptables
394 delete-transient-ports delete transient (other_config:transient=true) ports
395 start-ovs-ipsec start Open vSwitch ipsec daemon
396 stop-ovs-ipsec stop Open vSwitch ipsec daemon
397 help display this help message
399 One of the following options is required for "start", "restart" and "force-reload-kmod":
400 --system-id=UUID set specific ID to uniquely identify this system
401 --system-id=random use a random but persistent UUID to identify this system
403 Other important options for "start", "restart" and "force-reload-kmod":
404 --system-type=TYPE set system type (e.g. "XenServer")
405 --system-version=VERSION set system version (e.g. "5.6.100-39265p")
406 --external-id="key=value"
407 add given key-value pair to Open_vSwitch external-ids
408 --delete-bridges delete all bridges just before starting ovs-vswitchd
409 --ovs-user="user[:group]" pass the --user flag to ovs daemons
411 Less important options for "start", "restart" and "force-reload-kmod":
412 --daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD)
413 --no-force-corefiles do not force on core dumps for OVS daemons
414 --no-mlockall do not lock all of ovs-vswitchd into memory
415 --ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
416 --ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
417 --no-full-hostname set short hostname instead of full hostname
419 Debugging options for "start", "restart" and "force-reload-kmod":
420 --ovsdb-server-wrapper=WRAPPER
421 --ovs-vswitchd-wrapper=WRAPPER
422 run specified daemon under WRAPPER (either 'valgrind' or 'strace')
424 File location options:
425 --db-file=FILE database file name (default: $DB_FILE)
426 --db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK)
427 --db-schema=FILE database schema file name (default: $DB_SCHEMA)
429 Options for "enable-protocol":
430 --protocol=PROTOCOL protocol to enable with iptables (default: gre)
431 --sport=PORT source port to match (for tcp or udp protocol)
432 --dport=PORT ddestination port to match (for tcp or udp protocol)
434 Option for "start-ovs-ipsec":
435 --ike-daemon=IKE_DAEMON
436 the IKE daemon for ipsec tunnels (either libreswan or strongswan)
437 --no-restart-ike-daemon
438 do not restart the IKE daemon on startup
441 -h, --help display this help message
442 -V, --version display version information
444 Default directories with "configure" option and environment variable override:
445 logs: @LOGDIR@ (--with-logdir, OVS_LOGDIR)
446 pidfiles and sockets: @RUNDIR@ (--with-rundir, OVS_RUNDIR)
447 conf.db: @DBDIR@ (--with-dbdir, OVS_DBDIR)
448 system configuration: @sysconfdir@ (--sysconfdir, OVS_SYSCONFDIR)
449 data files: @pkgdatadir@ (--pkgdatadir, OVS_PKGDATADIR)
450 user binaries: @bindir@ (--bindir, OVS_BINDIR)
451 system binaries: @sbindir@ (--sbindir, OVS_SBINDIR)
453 Please report bugs to bugs@openvswitch.org (see REPORTING-BUGS for details).
460 var
=`echo "$option" | tr abcdefghijklmnopqrstuvwxyz- ABCDEFGHIJKLMNOPQRSTUVWXYZ_`
461 eval set=\
${$var+yes}
462 eval old_value
=\$
$var
463 if test X
$set = X || \
464 (test $type = bool
&& \
465 test X
"$old_value" != Xno
&& test X
"$old_value" != Xyes
); then
466 echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
473 echo ovsdb-server ovs-vswitchd
486 echo "$0 (Open vSwitch) $VERSION"
490 value
=`expr X"$arg" : 'X[^=]*=\(.*\)'`
493 extra_ids
="$extra_ids external-ids:$value"
496 echo >&2 "$0: --external-id argument not in the form \"key=value\""
502 option
=`expr X"$arg" : 'X--\([^=]*\)'`
503 value
=`expr X"$arg" : 'X[^=]*=\(.*\)'`
508 option
=`expr X"$arg" : 'X--no-\(.*\)'`
514 option
=`expr X"$arg" : 'X--\(.*\)'`
520 echo >&2 "$0: unknown option \"$arg\" (use --help for help)"
524 if test X
"$command" = X
; then
527 echo >&2 "$0: exactly one non-option argument required (use --help for help)"
535 start_ovsdb ||
exit 1
536 start_forwarding ||
exit 1
548 for daemon
in `daemons`; do
549 daemon_status
$daemon || rc
=$?
554 for daemon
in `daemons`; do
562 insert_mod_if_required
567 delete-transient-ports
)
580 echo >&2 "$0: missing command name (use --help for help)"
584 echo >&2 "$0: unknown command \"$command\" (use --help for help)"