]> git.proxmox.com Git - ovs.git/blob - utilities/ovs-save
projects / ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ovs-ctl.in: Ability to save flows and kernel datapath config.
[ovs.git] / utilities / ovs-save
1 #! /bin/sh
2
3 # Copyright (c) 2011 Nicira, Inc.
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at:
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16
17 usage() {
18 UTIL=$(basename $0)
19 cat <<EOF
20 ${UTIL}: Provides helper functions to save Open vSwitch's configuration.
21 usage: $0 COMMAND
22
23 Commands:
24 save-interfaces Outputs a shell script on stdout that will restore
25 the current kernel configuration of the specified
26 network interfaces, as well as the system iptables
27 configuration.
28 save-flows Outputs a shell script on stdout that will restore
29 Openflow flows of each Open vSwitch bridge.
30 save-datapaths Outputs a shell script on stdout that will restore
31 the datapaths with the same port numbers as before.
32
33 This script is meant as a helper for the Open vSwitch init script commands.
34 EOF
35 }
36
37 PATH=/sbin:/bin:/usr/sbin:/usr/bin
38
39 missing_program () {
40 save_IFS=$IFS
41 IFS=:
42 for dir in $PATH; do
43 IFS=$save_IFS
44 if test -x $dir/$1; then
45 return 1
46 fi
47 done
48 IFS=$save_IFS
49 return 0
50 }
51
52 save_interfaces () {
53 if missing_program ip; then
54 echo "$0: ip not found in $PATH" >&2
55 exit 1
56 fi
57
58 if test "$#" = 0; then
59 exit 0
60 fi
61
62 devs="$@"
63 for dev in $devs; do
64 state=`ip link show dev $dev` || continue
65
66 echo "# $dev"
67 # Link state (Ethernet addresses, up/down, ...)
68 linkcmd=
69 case $state in
70 *"state UP"* | *[,\<]"UP"[,\>]* )
71 linkcmd="$linkcmd up"
72 ;;
73 *"state DOWN"*)
74 linkcmd="$linkcmd down"
75 ;;
76 esac
77 if expr "$state" : '.*\bdynamic\b' > /dev/null; then
78 linkcmd="$linkcmd dynamic"
79 fi
80 if qlen=`expr "$state" : '.*qlen \([0-9]+\)'`; then
81 linkcmd="$linkcmd txqueuelen $qlen"
82 fi
83 if hwaddr=`expr "$state" : '.*link/ether \([^ ]*\)'`; then
84 linkcmd="$linkcmd address $hwaddr"
85 fi
86 if brd=`expr "$state" : '.*brd \([^ ]*\)'`; then
87 linkcmd="$linkcmd broadcast $brd"
88 fi
89 if mtu=`expr "$state" : '.*mtu \([0-9]+\)'`; then
90 linkcmd="$linkcmd mtu $mtu"
91 fi
92 if test -n "$linkcmd"; then
93 echo ip link set dev $dev down # Required to change hwaddr.
94 echo ip link set dev $dev $linkcmd
95 fi
96
97 # IP addresses (including IPv6).
98 echo "ip addr flush dev $dev 2>/dev/null" # Suppresses "Nothing to flush".
99 ip addr show dev $dev | while read addr; do
100 set -- $addr
101
102 # Check and trim family.
103 family=$1
104 shift
105 case $family in
106 inet | inet6) ;;
107 *) continue ;;
108 esac
109
110 # Trim device off the end--"ip" insists on having "dev" precede it.
111 addrcmd=
112 while test $# != 0; do
113 case $1 in
114 dynamic)
115 # Omit kernel-maintained route.
116 continue 2
117 ;;
118 scope)
119 if test "$2" = link; then
120 # Omit route derived from IP address, e.g.
121 # 172.16.0.0/16 derived from 172.16.12.34.
122 continue 2
123 fi
124 ;;
125 "$dev"|"$dev:"*)
126 # Address label string
127 addrcmd="$addrcmd label $1"
128 shift
129 continue
130 ;;
131 esac
132 addrcmd="$addrcmd $1"
133 shift
134 done
135 if test "$1" != "$dev"; then
136 addrcmd="$addrcmd $1"
137 fi
138
139 echo ip -f $family addr add $addrcmd dev $dev
140 done
141
142 # Routes.
143 echo "ip route flush dev $dev proto boot 2>/dev/null" # Suppresses "Nothing to flush".
144 ip route show dev $dev | while read route; do
145 # "proto kernel" routes are installed by the kernel automatically.
146 case $route in
147 *" proto kernel "*) continue ;;
148 esac
149
150 echo "ip route add $route dev $dev"
151 done
152
153 echo
154 done
155
156 if missing_program iptables-save; then
157 echo "# iptables-save not found in $PATH, not saving iptables state"
158 else
159 echo "# global"
160 echo "iptables-restore <<'EOF'"
161 iptables-save
162 echo "EOF"
163 fi
164 }
165
166 save_flows () {
167 if missing_program ovs-ofctl; then
168 echo "$0: ovs-ofctl not found in $PATH" >&2
169 exit 1
170 fi
171
172 for bridge in "$@"; do
173 echo "ovs-ofctl add-flows ${bridge} - << EOF"
174 ovs-ofctl dump-flows "${bridge}" | sed -e '/NXST_FLOW/d' \
175 -e 's/\(idle\|hard\)_age=[^,]*,//g'
176 echo "EOF"
177 done
178 }
179
180 save_datapaths () {
181 if missing_program ovs-dpctl; then
182 echo "$0: ovs-dpctl not found in $PATH" >&2
183 exit 1
184 fi
185 if missing_program ovs-vsctl; then
186 echo "$0: ovs-vsctl not found in $PATH" >&2
187 exit 1
188 fi
189
190 for dp in "$@"; do
191 echo "ovs-dpctl add-dp ${dp}"
192 ovs-dpctl show $dp | while read line; do
193 # An example 'ovs-dpctl show' output looks like this:
194 # system@br1:
195 # lookups: hit:0 missed:0 lost:0
196 # flows: 0
197 # port 0: br1 (internal)
198 # port 2: gre2886795521 (ipsec_gre: key=flow, pmtud=false, remote_ip=172.17.1.1, tos=inherit)
199 # port 3: gre1 (ipsec_gre: remote_ip=192.168.113.1)
200 # port 14: gre2 (gre: remote_ip=192.168.115.1)
201 # port 15: gre3 (gre64: remote_ip=192.168.116.1)
202 # port 16: eth0
203 # port 17: br1- (patch: peer=br1+)
204
205 # Skip lines which do not have 'port'
206 if port_no=`expr "${line}" : '.*port \([0-9]\+\):'`; then :; else
207 continue
208 fi
209
210 netdev=`echo ${line} | awk '{print $3}'`
211
212 # Do not add port that has the same name as the datapath. It gets
213 # added by default.
214 [ "${dp#system@}" = "${netdev}" ] && continue
215
216 type=`echo ${line} | awk '{print $4}' | sed 's/[:)(]//g'`
217 [ ! -n "${type}" ] && type="system"
218
219 command="ovs-dpctl add-if ${dp}\
220 ${netdev},type=${type},port_no=${port_no}"
221
222 options=`echo ${line} | awk -F: '{print $3}' | sed 's/[) ]//g'`
223 [ -n "${options}" ] && command="${command},${options}"
224
225 # For ipsec, ovs-dpctl does not show the key value pairs related
226 # to certificates. Get that information from ovs-vsctl.
227 if [ "${type}" = "ipsec_gre" ] ; then
228 if peer_cert=`ovs-vsctl get interface \
229 "${netdev}" options:peer_cert 2>/dev/null`; then
230 # The option peer_cert comes with an accompanying
231 # "certificate" or "use_ssl_cert"
232 if certificate=`ovs-vsctl get interface "${netdev}" \
233 options:certificate 2>/dev/null` ; then
234 command="${command},peer_cert=${peer_cert},certificate=${certificate}"
235 else
236 use_ssl_cert=`ovs-vsctl get interface "${netdev}" \
237 options:use_ssl_cert 2>/dev/null`
238 command="${command},peer_cert=${peer_cert},use_ssl_cert=${use_ssl_cert}"
239 fi
240 else
241 psk=`ovs-vsctl get interface "${netdev}" \
242 options:psk 2>/dev/null`
243 command="${command},psk=${psk}"
244 fi
245 fi
246 echo ${command}
247 done
248 done
249 }
250
251 while [ $# -ne 0 ]
252 do
253 case $1 in
254 "save-datapaths")
255 shift
256 save_datapaths "$@"
257 exit 0
258 ;;
259 "save-flows")
260 shift
261 save_flows "$@"
262 exit 0
263 ;;
264 "save-interfaces")
265 shift
266 save_interfaces "$@"
267 exit 0
268 ;;
269 -h | --help)
270 usage
271 exit 0
272 ;;
273 *)
274 echo >&2 "$0: unknown command \"$1\" (use --help for help)"
275 exit 1
276 ;;
277 esac
278 done
279
280 exit 0
openvswitch packages for PVE