[ovs-dev] [PATCH ovn v4] ovn-ctl: Add ssl-ciphers and protocols support.

[amginwal]

From: Aliasgar Ginwala 

Setting up OVN on new kernel bumps openssl version.
Since OVS PKI infrastructure that generated older ssl certs based on
old openssl version, raft fails with error

2024-02-27T19:28:39.673Z|00022|stream_ssl|WARN|SSL_connect: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed

For running ovn-controller in container, we can still pin ssl-ciphers directly.
This was missed to set via ovn-ctl utility and hence setting the same.

e.g. pin ciphers to 'HIGH:!aNULL:!MD5:@SECLEVEL=1'
for raft/ovn-controllers, etc.

Also update options to show up ssl-ciphers and ssl-protocols for each
components in help.

Signed-off-by: Aliasgar Ginwala 
---
 utilities/ovn-ctl   | 69 +++--
 utilities/ovn-ctl.8.xml | 16 ++
 2 files changed, 83 insertions(+), 2 deletions(-)

diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index 50d588358..700efe35a 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -185,6 +185,8 @@ start_ovsdb__() {
 local ovn_db_election_timer
 local relay_mode
 local cluster_db_upgrade
+local ovn_db_ssl_protocols
+local ovn_db_ssl_ciphers
 eval db_pid_file=\$DB_${DB}_PIDFILE
 eval cluster_local_addr=\$DB_${DB}_CLUSTER_LOCAL_ADDR
 eval cluster_local_port=\$DB_${DB}_CLUSTER_LOCAL_PORT
@@ -214,6 +216,8 @@ start_ovsdb__() {
 eval relay_mode=\$RELAY_MODE
 eval relay_remote=\$DB_${DB}_REMOTE
 eval cluster_db_upgrade=\$DB_CLUSTER_SCHEMA_UPGRADE
+eval ovn_db_ssl_protocols=\$OVN_${DB}_DB_SSL_PROTOCOLS
+eval ovn_db_ssl_ciphers=\$OVN_${DB}_DB_SSL_CIPHERS
 
 ovn_install_dir "$OVN_RUNDIR"
 ovn_install_dir "$ovn_logdir"
@@ -313,8 +317,17 @@ $cluster_remote_port
 set "$@" --ca-cert=db:$schema_name,SSL,ca_cert
 fi
 
-set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
-set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+if test X"$ovn_db_ssl_protocols" != X; then
+set "$@" --ssl-protocols=$ovn_db_ssl_protocols
+else
+set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
+fi
+
+if test X"$ovn_db_ssl_ciphers" != X; then
+set "$@" --ssl-ciphers=$ovn_db_ssl_ciphers
+else
+set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+fi
 
 if test X"$create_insecure_remote" = Xyes; then
 set "$@" --remote=ptcp:$port:$addr
@@ -523,6 +536,12 @@ start_northd () {
 if test "$OVN_NORTHD_N_THREADS" != 1; then
 set "$@" --n-threads=$OVN_NORTHD_N_THREADS
 fi
+if test X"$OVN_NORTHD_SSL_PROTOCOLS" != X; then
+set "$@" --ssl-protocols=$OVN_NORTHD_SSL_PROTOCOLS
+fi
+if test X"$OVN_NORTHD_SSL_CIPHERS" != X; then
+set "$@" --ssl-ciphers=$OVN_NORTHD_SSL_CIPHERS
+fi
 
 [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
 
@@ -558,6 +577,12 @@ start_ic () {
 if test X"$OVN_IC_SSL_CA_CERT" != X; then
 set "$@" --ca-cert=$OVN_IC_SSL_CA_CERT
 fi
+if test X"$OVN_IC_SSL_PROTOCOLS" != X; then
+set "$@" --ssl-protocols=$OVN_IC_SSL_PROTOCOLS
+fi
+if test X"$OVN_IC_SSL_CIPHERS" != X; then
+set "$@" --ssl-ciphers=$OVN_IC_SSL_CIPHERS
+fi
 
 [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
 
@@ -586,6 +611,12 @@ start_controller () {
 if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
 set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
 fi
+if test X"$OVN_CONTROLLER_SSL_PROTOCOLS" != X; then
+set "$@" --ssl-protocols=$OVN_CONTROLLER_SSL_PROTOCOLS
+fi
+if test X"$OVN_CONTROLLER_SSL_CIPHERS" != X; then
+set "$@" --ssl-ciphers=$OVN_CONTROLLER_SSL_CIPHERS
+fi
 
 [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
 
@@ -611,6 +642,12 @@ start_controller_vtep () {
 if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then
 set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT
 fi
+if test X"$OVN_CONTROLLER_SSL_PROTOCOLS" != X; then
+set "$@" --ssl-protocols=$OVN_CONTROLLER_SSL_PROTOCOLS
+fi
+if test X"$OVN_CONTROLLER_SSL_CIPHERS" != X; then
+set "$@" --ssl-ciphers=$OVN_CONTROLLER_SSL_CIPHERS
+fi
 if test X"$DB_SOCK" != X; then
 set "$@" --vtep-db=$DB_SOCK
 fi
@@ -814,14 +851,20 @@ set_defaults () {
 OVN_CONTROLLER_SSL_CERT=""
 OVN_CONTROLLER_SSL_CA_CERT=""
 OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
+OVN_CONTROLLER_SSL_PROTOCOLS=""
+OVN_CONTROLLER_SSL_CIPHERS=""
 
 OVN_NORTHD_SSL_KEY=""
 OVN_NORTHD_SSL_CERT=""
 OVN_NORTHD_SSL_CA_CERT=""
+OVN_NORTHD_SSL_PROTOCOLS=""
+OVN_NORTHD_SSL_CIPHERS=""
 
 OVN_IC_SSL_KEY=""
 OVN_IC_SSL_CERT=""
 OVN_IC_SSL_CA_CERT=""
+OVN_IC_SSL_PROTOCOLS=""
+OVN_IC_SSL_CIPHERS=""
 
 DB_SB_CREATE_INSECURE_REMOTE="no"
 DB_NB_CREATE_INSECURE_REMOTE="no"
@@ -878,18 +921,26 @@ set

[ovs-dev] [PATCH ovn v3] ovn-ctl: Add ssl-ciphers and protocols support.

[amginwal]

From: Aliasgar Ginwala 

Setting up OVN on new kernel bumps openssl version.
Since OVS PKI infrastructure that generated older ssl certs based on
old openssl version, raft fails with error

2024-02-27T19:28:39.673Z|00022|stream_ssl|WARN|SSL_connect: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed

This was missed to set via ovn-ctl utility and hence setting the same.

Signed-off-by: Aliasgar Ginwala 
---
 utilities/ovn-ctl | 25 +++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index 50d588358..0d88ee4b2 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -185,6 +185,8 @@ start_ovsdb__() {
 local ovn_db_election_timer
 local relay_mode
 local cluster_db_upgrade
+local ovn_db_ssl_protocols
+local ovn_db_ssl_ciphers
 eval db_pid_file=\$DB_${DB}_PIDFILE
 eval cluster_local_addr=\$DB_${DB}_CLUSTER_LOCAL_ADDR
 eval cluster_local_port=\$DB_${DB}_CLUSTER_LOCAL_PORT
@@ -214,6 +216,8 @@ start_ovsdb__() {
 eval relay_mode=\$RELAY_MODE
 eval relay_remote=\$DB_${DB}_REMOTE
 eval cluster_db_upgrade=\$DB_CLUSTER_SCHEMA_UPGRADE
+eval ovn_db_ssl_protocols=\$OVN_${DB}_DB_SSL_PROTOCOLS
+eval ovn_db_ssl_ciphers=\$OVN_${DB}_DB_SSL_CIPHERS
 
 ovn_install_dir "$OVN_RUNDIR"
 ovn_install_dir "$ovn_logdir"
@@ -313,8 +317,17 @@ $cluster_remote_port
 set "$@" --ca-cert=db:$schema_name,SSL,ca_cert
 fi
 
-set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
-set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+if test X"$ovn_db_ssl_protocols" != X; then
+set "$@" --ssl-protocols=$ovn_db_ssl_protocols
+else
+set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
+fi
+
+if test X"$ovn_db_ssl_ciphers" != X; then
+set "$@" --ssl-ciphers=$ovn_db_ssl_ciphers
+else
+set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+fi
 
 if test X"$create_insecure_remote" = Xyes; then
 set "$@" --remote=ptcp:$port:$addr
@@ -878,18 +891,26 @@ set_defaults () {
 OVN_NB_DB_SSL_KEY=""
 OVN_NB_DB_SSL_CERT=""
 OVN_NB_DB_SSL_CA_CERT=""
+OVN_NB_DB_SSL_PROTOCOLS=""
+OVN_NB_DB_SSL_CIPHERS=""
 
 OVN_SB_DB_SSL_KEY=""
 OVN_SB_DB_SSL_CERT=""
 OVN_SB_DB_SSL_CA_CERT=""
+OVN_SB_DB_SSL_PROTOCOLS=""
+OVN_SB_DB_SSL_CIPHERS=""
 
 OVN_IC_NB_DB_SSL_KEY=""
 OVN_IC_NB_DB_SSL_CERT=""
 OVN_IC_NB_DB_SSL_CA_CERT=""
+OVN_IC_NB_DB_SSL_PROTOCOLS=""
+OVN_IC_NB_DB_SSL_CIPHERS=""
 
 OVN_IC_SB_DB_SSL_KEY=""
 OVN_IC_SB_DB_SSL_CERT=""
 OVN_IC_SB_DB_SSL_CA_CERT=""
+OVN_IC_SB_DB_SSL_PROTOCOLS=""
+OVN_IC_SB_DB_SSL_CIPHERS=""
 
 RELAY_MODE=no
 DB_SB_RELAY_REMOTE=
-- 
2.39.3 (Apple Git-145)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2] ovn-ctl: Add ssl-ciphers and protocols support.

[amginwal]

From: Aliasgar Ginwala 

Signed-off-by: Aliasgar Ginwala 
---
 ovs   |  2 +-
 utilities/ovn-ctl | 25 +++--
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/ovs b/ovs
index fe55ce37a..ec1d73016 16
--- a/ovs
+++ b/ovs
@@ -1 +1 @@
-Subproject commit fe55ce37a7b090d09dee5c01ae0797320ad678f6
+Subproject commit ec1d730163d984934c467e050ebf6d39f8c09384
diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index 50d588358..0d88ee4b2 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -185,6 +185,8 @@ start_ovsdb__() {
 local ovn_db_election_timer
 local relay_mode
 local cluster_db_upgrade
+local ovn_db_ssl_protocols
+local ovn_db_ssl_ciphers
 eval db_pid_file=\$DB_${DB}_PIDFILE
 eval cluster_local_addr=\$DB_${DB}_CLUSTER_LOCAL_ADDR
 eval cluster_local_port=\$DB_${DB}_CLUSTER_LOCAL_PORT
@@ -214,6 +216,8 @@ start_ovsdb__() {
 eval relay_mode=\$RELAY_MODE
 eval relay_remote=\$DB_${DB}_REMOTE
 eval cluster_db_upgrade=\$DB_CLUSTER_SCHEMA_UPGRADE
+eval ovn_db_ssl_protocols=\$OVN_${DB}_DB_SSL_PROTOCOLS
+eval ovn_db_ssl_ciphers=\$OVN_${DB}_DB_SSL_CIPHERS
 
 ovn_install_dir "$OVN_RUNDIR"
 ovn_install_dir "$ovn_logdir"
@@ -313,8 +317,17 @@ $cluster_remote_port
 set "$@" --ca-cert=db:$schema_name,SSL,ca_cert
 fi
 
-set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
-set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+if test X"$ovn_db_ssl_protocols" != X; then
+set "$@" --ssl-protocols=$ovn_db_ssl_protocols
+else
+set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
+fi
+
+if test X"$ovn_db_ssl_ciphers" != X; then
+set "$@" --ssl-ciphers=$ovn_db_ssl_ciphers
+else
+set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+fi
 
 if test X"$create_insecure_remote" = Xyes; then
 set "$@" --remote=ptcp:$port:$addr
@@ -878,18 +891,26 @@ set_defaults () {
 OVN_NB_DB_SSL_KEY=""
 OVN_NB_DB_SSL_CERT=""
 OVN_NB_DB_SSL_CA_CERT=""
+OVN_NB_DB_SSL_PROTOCOLS=""
+OVN_NB_DB_SSL_CIPHERS=""
 
 OVN_SB_DB_SSL_KEY=""
 OVN_SB_DB_SSL_CERT=""
 OVN_SB_DB_SSL_CA_CERT=""
+OVN_SB_DB_SSL_PROTOCOLS=""
+OVN_SB_DB_SSL_CIPHERS=""
 
 OVN_IC_NB_DB_SSL_KEY=""
 OVN_IC_NB_DB_SSL_CERT=""
 OVN_IC_NB_DB_SSL_CA_CERT=""
+OVN_IC_NB_DB_SSL_PROTOCOLS=""
+OVN_IC_NB_DB_SSL_CIPHERS=""
 
 OVN_IC_SB_DB_SSL_KEY=""
 OVN_IC_SB_DB_SSL_CERT=""
 OVN_IC_SB_DB_SSL_CA_CERT=""
+OVN_IC_SB_DB_SSL_PROTOCOLS=""
+OVN_IC_SB_DB_SSL_CIPHERS=""
 
 RELAY_MODE=no
 DB_SB_RELAY_REMOTE=
-- 
2.39.3 (Apple Git-145)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] ovn-ctl: Add ssl-ciphers and protocols support.

[amginwal]

From: Aliasgar Ginwala 

Setting up OVN on new kernel bumps openssl version.
Since OVS PKI infrastructure that generated older ssl certs based on
old openssl version, raft fails with error

2024-02-27T19:28:39.673Z|00022|stream_ssl|WARN|SSL_connect: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed

This was missed to set via ovn-ctl utility and hence setting the same.

Signed-off-by: Aliasgar Ginwala 
---
 utilities/ovn-ctl | 25 +++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index dc8865abf..3f652af80 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -184,6 +184,8 @@ start_ovsdb__() {
 local ovn_db_ssl_cacert
 local ovn_db_election_timer
 local relay_mode
+local ovn_db_ssl_protocols
+local ovn_db_ssl_ciphers
 eval db_pid_file=\$DB_${DB}_PIDFILE
 eval cluster_local_addr=\$DB_${DB}_CLUSTER_LOCAL_ADDR
 eval cluster_local_port=\$DB_${DB}_CLUSTER_LOCAL_PORT
@@ -212,6 +214,8 @@ start_ovsdb__() {
 eval ovn_db_election_timer=\$DB_${DB}_ELECTION_TIMER
 eval relay_mode=\$RELAY_MODE
 eval relay_remote=\$DB_${DB}_REMOTE
+eval ovn_db_ssl_protocols=\$OVN_${DB}_DB_SSL_PROTOCOLS
+eval ovn_db_ssl_ciphers=\$OVN_${DB}_DB_SSL_CIPHERS
 
 ovn_install_dir "$OVN_RUNDIR"
 ovn_install_dir "$ovn_logdir"
@@ -311,8 +315,17 @@ $cluster_remote_port
 set "$@" --ca-cert=db:$schema_name,SSL,ca_cert
 fi
 
-set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
-set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+if test X"$ovn_db_ssl_protocols" != X; then
+set "$@" --ssl-protocols=$ovn_db_ssl_protocols
+else
+set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
+fi
+
+if test X"$ovn_db_ssl_ciphers" != X; then
+set "$@" --ssl-ciphers=$ovn_db_ssl_ciphers
+else
+set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+fi
 
 if test X"$create_insecure_remote" = Xyes; then
 set "$@" --remote=ptcp:$port:$addr
@@ -877,18 +890,26 @@ set_defaults () {
 OVN_NB_DB_SSL_KEY=""
 OVN_NB_DB_SSL_CERT=""
 OVN_NB_DB_SSL_CA_CERT=""
+OVN_NB_DB_SSL_PROTOCOLS=""
+OVN_NB_DB_SSL_CIPHERS=""
 
 OVN_SB_DB_SSL_KEY=""
 OVN_SB_DB_SSL_CERT=""
 OVN_SB_DB_SSL_CA_CERT=""
+OVN_SB_DB_SSL_PROTOCOLS=""
+OVN_SB_DB_SSL_CIPHERS=""
 
 OVN_IC_NB_DB_SSL_KEY=""
 OVN_IC_NB_DB_SSL_CERT=""
 OVN_IC_NB_DB_SSL_CA_CERT=""
+OVN_IC_NB_DB_SSL_PROTOCOLS=""
+OVN_IC_NB_DB_SSL_CIPHERS=""
 
 OVN_IC_SB_DB_SSL_KEY=""
 OVN_IC_SB_DB_SSL_CERT=""
 OVN_IC_SB_DB_SSL_CA_CERT=""
+OVN_IC_SB_DB_SSL_PROTOCOLS=""
+OVN_IC_SB_DB_SSL_CIPHERS=""
 
 RELAY_MODE=no
 DB_SB_RELAY_REMOTE=
-- 
2.39.3 (Apple Git-145)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v2] fix segfault due to ssl-ciphers

[amginwal]

From: Aliasgar Ginwala 

To avoid invalidating existing certs setup by old version of ovs pki.
openssl supports setting ciphers but it fails with ovn as below
ovn-controller --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1'
Aborted (core dumped)

Avoid invalidating existing certs when bumping to new ovn version
SSL_connect: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed while 
connecting to control plane.

Also amend ovn ic northd and ovn ctl utilities

Add tests for ssl ciphers

Signed-off-by: Aliasgar Ginwala 
---
 controller/ovn-controller.c |   7 ++
 ic/ovn-ic.c |   8 ++
 northd/ovn-northd.c |   8 ++
 tests/ovn-controller.at |  23 +
 tests/ovn.at| 182 
 utilities/ovn-dbctl.c   |   8 ++
 6 files changed, 236 insertions(+)

diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
index 856e5e270..4b16818a6 100644
--- a/controller/ovn-controller.c
+++ b/controller/ovn-controller.c
@@ -6166,6 +6166,13 @@ parse_options(int argc, char *argv[])
 ssl_ca_cert_file = optarg;
 break;
 
+case OPT_SSL_PROTOCOLS:
+stream_ssl_set_protocols(optarg);
+break;
+
+case OPT_SSL_CIPHERS:
+stream_ssl_set_ciphers(optarg);
+break;
 
 case OPT_PEER_CA_CERT:
 stream_ssl_set_peer_ca_cert_file(optarg);
diff --git a/ic/ovn-ic.c b/ic/ovn-ic.c
index 8ceb34d7c..6f8f5734d 100644
--- a/ic/ovn-ic.c
+++ b/ic/ovn-ic.c
@@ -1846,6 +1846,14 @@ parse_options(int argc OVS_UNUSED, char *argv[] 
OVS_UNUSED)
 ssl_ca_cert_file = optarg;
 break;
 
+case OPT_SSL_PROTOCOLS:
+stream_ssl_set_protocols(optarg);
+break;
+
+case OPT_SSL_CIPHERS:
+stream_ssl_set_ciphers(optarg);
+break;
+
 case 'd':
 ovnsb_db = optarg;
 break;
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index f3868068d..dadc1af38 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -611,6 +611,14 @@ parse_options(int argc OVS_UNUSED, char *argv[] OVS_UNUSED,
 ssl_ca_cert_file = optarg;
 break;
 
+case OPT_SSL_PROTOCOLS:
+stream_ssl_set_protocols(optarg);
+break;
+
+case OPT_SSL_CIPHERS:
+stream_ssl_set_ciphers(optarg);
+break;
+
 case 'd':
 ovnsb_db = optarg;
 break;
diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
index 9d2a37c72..9cc8730e9 100644
--- a/tests/ovn-controller.at
+++ b/tests/ovn-controller.at
@@ -2712,3 +2712,26 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=40 | 
grep -q controller], [1]
 OVN_CLEANUP([hv1])
 AT_CLEANUP
 ])
+
+
+AT_SETUP([ovn-controller - ssl ciphers using command line options])
+AT_KEYWORDS([ovn])
+AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
+ovn_start
+
+net_add n1
+sim_add hv1
+ovs-vsctl add-br br-phys
+ovn_attach n1 br-phys 192.168.0.20
+
+# Set cipher and and it should connect
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
+start_daemon ovn-controller --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' 
--ssl-protocols='TLSv1,TLSv1.1,TLSv1.2'
+
+OVS_WAIT_FOR_OUTPUT([ovn-appctl -t ovn-controller connection-status], [0], 
[connected
+])
+
+cat hv1/ovn-controller.log
+
+OVN_CLEANUP([hv1])
+AT_CLEANUP
diff --git a/tests/ovn.at b/tests/ovn.at
index c3644ac78..34f277ef9 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -37588,3 +37588,185 @@ OVN_CLEANUP([hv1])
 
 AT_CLEANUP
 ])
+
+AT_SETUP([read-only sb db:pssl access with ssl-ciphers and ssl-protocols])
+AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
+PKIDIR="$(cd $abs_top_builddir/tests && pwd)"
+AT_SKIP_IF([expr "$PKIDIR" : ".*[[ '\"
+\\]]"])
+
+: > .$1.db.~lock~
+ovsdb-tool create ovn-sb.db "$abs_top_srcdir"/ovn-sb.ovsschema
+
+# Add read-only remote to sb ovsdb-server
+AT_CHECK(
+  [ovsdb-tool transact ovn-sb.db \
+ ['["OVN_Southbound",
+   {"op": "insert",
+"table": "SB_Global",
+"row": {
+  "connections": ["set", [["named-uuid", "xyz"]]]}},
+   {"op": "insert",
+"table": "Connection",
+"uuid-name": "xyz",
+"row": {"target": "pssl:0:127.0.0.1",
+   "read_only": true}}]']], [0], [ignore], [ignore])
+
+start_daemon ovsdb-server --remote=punix:ovn-sb.sock \
+  --remote=db:OVN_Southbound,SB_Global,connections \
+  --private-key="$PKIDIR/testpki-test2-privkey.pem" \
+  --certificate="$PKIDIR/testpki-test2-cert.pem" \
+  --ca-cert="$PKIDIR/testpki-cacert.pem" \
+  --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \
+  --ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \
+  ovn-sb.db
+
+PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
+
+# read-only accesses should succeed
+AT_CHECK([ovn-sbctl 

[ovs-dev] [PATCH ovn 2/2] add tests for ssl ciphers

[amginwal]

From: Aliasgar Ginwala 

Signed-off-by: Aliasgar Ginwala 
---
 tests/ovn-controller.at |  26 ++
 tests/ovn.at| 182 
 2 files changed, 208 insertions(+)

diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
index 9d2a37c72..df5662527 100644
--- a/tests/ovn-controller.at
+++ b/tests/ovn-controller.at
@@ -2712,3 +2712,29 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=40 | 
grep -q controller], [1]
 OVN_CLEANUP([hv1])
 AT_CLEANUP
 ])
+
+
+AT_SETUP([ovn-controller - ssl ciphers using command line options])
+AT_KEYWORDS([ovn])
+AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
+PKIDIR="$(cd $abs_top_builddir/tests && pwd)"
+AT_SKIP_IF([expr "$PKIDIR" : ".*[[ '\"
+\\]]"])
+ovn_start
+
+net_add n1
+sim_add hv1
+ovs-vsctl add-br br-phys
+ovn_attach n1 br-phys 192.168.0.20
+
+# Set cipher and and it should connect
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
+start_daemon ovn-controller --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' 
--ssl-protocols='TLSv1,TLSv1.1,TLSv1.2'
+
+OVS_WAIT_FOR_OUTPUT([ovn-appctl -t ovn-controller connection-status], [0], 
[connected
+])
+
+cat hv1/ovn-controller.log
+
+OVN_CLEANUP([hv1])
+AT_CLEANUP
diff --git a/tests/ovn.at b/tests/ovn.at
index c3644ac78..34f277ef9 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -37588,3 +37588,185 @@ OVN_CLEANUP([hv1])
 
 AT_CLEANUP
 ])
+
+AT_SETUP([read-only sb db:pssl access with ssl-ciphers and ssl-protocols])
+AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
+PKIDIR="$(cd $abs_top_builddir/tests && pwd)"
+AT_SKIP_IF([expr "$PKIDIR" : ".*[[ '\"
+\\]]"])
+
+: > .$1.db.~lock~
+ovsdb-tool create ovn-sb.db "$abs_top_srcdir"/ovn-sb.ovsschema
+
+# Add read-only remote to sb ovsdb-server
+AT_CHECK(
+  [ovsdb-tool transact ovn-sb.db \
+ ['["OVN_Southbound",
+   {"op": "insert",
+"table": "SB_Global",
+"row": {
+  "connections": ["set", [["named-uuid", "xyz"]]]}},
+   {"op": "insert",
+"table": "Connection",
+"uuid-name": "xyz",
+"row": {"target": "pssl:0:127.0.0.1",
+   "read_only": true}}]']], [0], [ignore], [ignore])
+
+start_daemon ovsdb-server --remote=punix:ovn-sb.sock \
+  --remote=db:OVN_Southbound,SB_Global,connections \
+  --private-key="$PKIDIR/testpki-test2-privkey.pem" \
+  --certificate="$PKIDIR/testpki-test2-cert.pem" \
+  --ca-cert="$PKIDIR/testpki-cacert.pem" \
+  --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \
+  --ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \
+  ovn-sb.db
+
+PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
+
+# read-only accesses should succeed
+AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
+--private-key=$PKIDIR/testpki-test-privkey.pem \
+--certificate=$PKIDIR/testpki-test-cert.pem \
+--ca-cert=$PKIDIR/testpki-cacert.pem \
+--ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \
+--ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \
+list SB_Global], [0], [stdout], [ignore])
+AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
+--private-key=$PKIDIR/testpki-test-privkey.pem \
+--certificate=$PKIDIR/testpki-test-cert.pem \
+--ca-cert=$PKIDIR/testpki-cacert.pem \
+--ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \
+--ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \
+list Connection], [0], [stdout], [ignore])
+
+# write access should fail
+AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
+--private-key=$PKIDIR/testpki-test-privkey.pem \
+--certificate=$PKIDIR/testpki-test-cert.pem \
+--ca-cert=$PKIDIR/testpki-cacert.pem \
+--ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \
+--ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \
+chassis-add ch vxlan 1.2.4.8], [1], [ignore],
+[ovn-sbctl: transaction error: {"details":"insert operation not allowed when 
database server is in read only mode","error":"not allowed"}
+])
+
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+AT_CLEANUP
+
+AT_SETUP([nb connection/ssl commands with ssl-ciphers and ssl-protocols])
+AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
+PKIDIR="$(cd $abs_top_builddir/tests && pwd)"
+AT_SKIP_IF([expr "$PKIDIR" : ".*[[ '\"
+\\]]"])
+
+: > .$1.db.~lock~
+ovsdb-tool create ovn-nb.db "$abs_top_srcdir"/ovn-nb.ovsschema
+
+# Start nb db server using db connection/ssl entries (unpopulated initially)
+start_daemon ovsdb-server --remote=punix:ovnnb_db.sock \
+  --remote=db:OVN_Northbound,NB_Global,connections \
+  --private-key=db:OVN_Northbound,SSL,private_key \
+  --certificate=db:OVN_Northbound,SSL,certificate \

[ovs-dev] [PATCH ovn 1/2] fix segfault due to ssl-ciphers

[amginwal]

From: Aliasgar Ginwala 

To avoid invalidating existing certs setup by old version of ovs pki.
openssl supports setting ciphers but it fails with ovn as below
ovn-controller --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1'
Aborted (core dumped)

Avoid invalidating existing certs when bumping to new ovn version
SSL_connect: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed while 
connecting to control plane.

Also amend ovn ic northd and ovn ctl utilities

Signed-off-by: Aliasgar Ginwala 
---
 controller/ovn-controller.c | 7 +++
 ic/ovn-ic.c | 8 
 northd/ovn-northd.c | 8 
 utilities/ovn-dbctl.c   | 8 
 4 files changed, 31 insertions(+)

diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
index 856e5e270..4b16818a6 100644
--- a/controller/ovn-controller.c
+++ b/controller/ovn-controller.c
@@ -6166,6 +6166,13 @@ parse_options(int argc, char *argv[])
 ssl_ca_cert_file = optarg;
 break;
 
+case OPT_SSL_PROTOCOLS:
+stream_ssl_set_protocols(optarg);
+break;
+
+case OPT_SSL_CIPHERS:
+stream_ssl_set_ciphers(optarg);
+break;
 
 case OPT_PEER_CA_CERT:
 stream_ssl_set_peer_ca_cert_file(optarg);
diff --git a/ic/ovn-ic.c b/ic/ovn-ic.c
index 8ceb34d7c..6f8f5734d 100644
--- a/ic/ovn-ic.c
+++ b/ic/ovn-ic.c
@@ -1846,6 +1846,14 @@ parse_options(int argc OVS_UNUSED, char *argv[] 
OVS_UNUSED)
 ssl_ca_cert_file = optarg;
 break;
 
+case OPT_SSL_PROTOCOLS:
+stream_ssl_set_protocols(optarg);
+break;
+
+case OPT_SSL_CIPHERS:
+stream_ssl_set_ciphers(optarg);
+break;
+
 case 'd':
 ovnsb_db = optarg;
 break;
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index f3868068d..dadc1af38 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -611,6 +611,14 @@ parse_options(int argc OVS_UNUSED, char *argv[] OVS_UNUSED,
 ssl_ca_cert_file = optarg;
 break;
 
+case OPT_SSL_PROTOCOLS:
+stream_ssl_set_protocols(optarg);
+break;
+
+case OPT_SSL_CIPHERS:
+stream_ssl_set_ciphers(optarg);
+break;
+
 case 'd':
 ovnsb_db = optarg;
 break;
diff --git a/utilities/ovn-dbctl.c b/utilities/ovn-dbctl.c
index 2e9348c47..92be27b2c 100644
--- a/utilities/ovn-dbctl.c
+++ b/utilities/ovn-dbctl.c
@@ -610,6 +610,14 @@ apply_options_direct(const struct ovn_dbctl_options 
*dbctl_options,
 ssl_ca_cert_file = optarg;
 break;
 
+case OPT_SSL_PROTOCOLS:
+stream_ssl_set_protocols(optarg);
+break;
+
+case OPT_SSL_CIPHERS:
+stream_ssl_set_ciphers(optarg);
+break;
+
 case OPT_BOOTSTRAP_CA_CERT:
 stream_ssl_set_ca_cert_file(po->arg, true);
 break;
-- 
2.39.3 (Apple Git-145)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] ovn fix segfault due to ssl-ciphers

[amginwal]

From: Aliasgar Ginwala 

Fixes:
ovn-controller --ssl-ciphers='xxx'
Aborted (core dumped)

Avoid invalidating existing certs when bumping to new ovn version
SSL_connect: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed while 
connecting to control plane.

Signed-off-by: Aliasgar Ginwala 
---
 controller/ovn-controller.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
index 856e5e270..4b16818a6 100644
--- a/controller/ovn-controller.c
+++ b/controller/ovn-controller.c
@@ -6166,6 +6166,13 @@ parse_options(int argc, char *argv[])
 ssl_ca_cert_file = optarg;
 break;
 
+case OPT_SSL_PROTOCOLS:
+stream_ssl_set_protocols(optarg);
+break;
+
+case OPT_SSL_CIPHERS:
+stream_ssl_set_ciphers(optarg);
+break;
 
 case OPT_PEER_CA_CERT:
 stream_ssl_set_peer_ca_cert_file(optarg);
-- 
2.39.3 (Apple Git-145)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn v1] test/ovstest: fix shared library deps.

[amginwal]

From: Aliasgar Ginwala 

When using --enable-shared for configure, make fails with error
lib/.libs/libovn.so: undefined reference to `set_pidfile'
collect2: error: ld returned 1 exit status
Makefile:1616: recipe for target 'tests/ovstest' failed
make[1]: *** [tests/ovstest] Error 1
make[1]: Leaving directory '/ovn'
Makefile:1283: recipe for target 'all' failed
make: *** [all] Error 2

Because commit 94cb7648d8c32246ac0bed61484e2e27332ed68c started using
daemon.h for setting set_pidfile. Hence, need to link the same for ovstest to 
avoid failure.

It also fixes current CI failing on master for:
TESTSUITE=1 OPTS="--enable-shared"

Signed-off-by: Aliasgar Ginwala 
---
 tests/automake.mk | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/automake.mk b/tests/automake.mk
index 3d39a8ac2..26b6d11b4 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -202,7 +202,8 @@ tests_ovstest_SOURCES = \
tests/ovstest.h \
tests/test-ovn.c
 
-tests_ovstest_LDADD = $(OVS_LIBDIR)/libopenvswitch.la lib/libovn.la
+tests_ovstest_LDADD = $(OVS_LIBDIR)/daemon.lo \
+$(OVS_LIBDIR)/libopenvswitch.la lib/libovn.la
 
 # Python tests.
 CHECK_PYFILES = \
-- 
2.26.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] test/ovstest: fix shared library deps.

[amginwal]

From: Aliasgar Ginwala 

When using --enable-shared for configure, make fails with error
lib/.libs/libovn.so: undefined reference to `set_pidfile'
collect2: error: ld returned 1 exit status
Makefile:1616: recipe for target 'tests/ovstest' failed
make[1]: *** [tests/ovstest] Error 1
make[1]: Leaving directory '/ovn'
Makefile:1283: recipe for target 'all' failed
make: *** [all] Error 2

Because commit 94cb7648d8c32246ac0bed61484e2e27332ed68c started using
daemon.h for setting set_pidfile. Hence, need to link the same for ovstest to 
avoid failure.

It also fixes current CI failing on master for:
TESTSUITE=1 OPTS="--enable-shared"

Signed-off-by: Aliasgar Ginwala 
---
 .travis.yml   | 2 +-
 tests/automake.mk | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index cd853fddd..7b8bfc36c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -44,4 +44,4 @@ script: ./.travis/${TRAVIS_OS_NAME}-build.sh $OPTS
 notifications:
   email:
 recipients:
-  - ovs-bu...@openvswitch.org
+  - aginw...@asu.edu
diff --git a/tests/automake.mk b/tests/automake.mk
index 3d39a8ac2..26b6d11b4 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -202,7 +202,8 @@ tests_ovstest_SOURCES = \
tests/ovstest.h \
tests/test-ovn.c
 
-tests_ovstest_LDADD = $(OVS_LIBDIR)/libopenvswitch.la lib/libovn.la
+tests_ovstest_LDADD = $(OVS_LIBDIR)/daemon.lo \
+$(OVS_LIBDIR)/libopenvswitch.la lib/libovn.la
 
 # Python tests.
 CHECK_PYFILES = \
-- 
2.26.2

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH branch-2.11 1/2] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db

Acked-by: Han Zhou 
Signed-off-by: Aliasgar Ginwala 
Signed-off-by: Ben Pfaff 
---
 Documentation/ref/ovsdb.7.rst |   3 +
 NEWS  |   6 +-
 ovsdb/ovsdb-tool.1.in |   8 +++
 ovsdb/ovsdb-tool.c| 101 +-
 tests/ovsdb-tool.at   |  38 +
 5 files changed, 154 insertions(+), 2 deletions(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index c43fe1709..f6cbc537b 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -512,6 +512,9 @@ Use ``ovsdb-tool create-cluster`` to create a clustered 
database from the
 contents of a standalone database.  Use ``ovsdb-tool backup`` to create a
 standalone database from the contents of a clustered database.
 
+Use ``ovsdb-tool cluster-to-standalone`` to convert clustered database to
+standalone database when the cluster is down and cannot be revived.
+
 Upgrading or Downgrading a Database
 ---
 
diff --git a/NEWS b/NEWS
index be1f38e23..dd62abfcc 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,10 @@ v2.11.2 - 03 Sep 2019
- Bug fixes
- DPDK
  * OVS validated with DPDK 18.11.2 which is recommended to be used.
+   - OVSDB
+ * Support to convert from cluster database to standalone database is now
+   available when clustered is down and cannot be revived using ovsdb-tool
+   . Check "Database Migration Commands" in ovsdb-tool man section.
 
 v2.11.1 - 30 Mar 2019
 -
@@ -1386,4 +1390,4 @@ v0.90.6 - 6 Oct 2009
 v0.90.5 - 21 Sep 2009
 -
 - Generalize in-band control to more diverse network setups
-- Bug fixes
+- Bug fixes
\ No newline at end of file
diff --git a/ovsdb/ovsdb-tool.1.in b/ovsdb/ovsdb-tool.1.in
index ec85e14c4..31a918d90 100644
--- a/ovsdb/ovsdb-tool.1.in
+++ b/ovsdb/ovsdb-tool.1.in
@@ -147,6 +147,14 @@ avoid this possibility, specify \fB\-\-cid=\fIuuid\fR, 
where
 \fIuuid\fR is the cluster ID of the cluster to join, as printed by
 \fBovsdb\-tool get\-cid\fR.
 .
+.SS "Database Migration Commands"
+This commands will convert cluster database to standalone database.
+.
+.IP "\fBcluster\-to\-standalone\fI db clusterdb"
+Use this command to convert to standalone database from clustered database
+when the cluster is down and cannot be revived. It creates new standalone
+\fIdb\fR file from the given cluster \fIdb\fR file.
+.
 .SS "Version Management Commands"
 .so ovsdb/ovsdb-schemas.man
 .PP
diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 45e656d3d..ba78760ef 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,9 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  cluster-to-standalone DB DBConvert clustered DB to\n"
+   "  standalone DB when cluster is down and cannot be\n"
+   "revived\n"
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -944,6 +947,55 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static void
+raft_header_to_standalone_log(const struct raft_header *h,
+  struct ovsdb_log *db_log_data)
+{
+if (h->snap_index) {
+if (!h->snap.data || json_array(h->snap.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft header data array length");
+}
+
+struct json *schema_json = json_array(h->snap.data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+ovsdb_schema_destroy(schema);
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   schema_json));
+}
+
+struct json *data_json = json_array(h->snap.data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "Invalid raft header data");
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   data_json));
+}
+}
+}
+
+static void
+raft_record_to_standalone_log(const struct raft_record *r,
+  struct ovsdb_log *db_log_data)
+{
+if (r->type == RAFT_REC_ENTRY) {
+if (!r->entry.data) {
+return;
+}
+if (json_array(r->entry.data)->n != 2) {
+ovs_fa

[ovs-dev] [PATCH branch-2.11 2/2] ovsdb-tool: fix memory leak while converting cluster into standalone database

[amginwal]

From: Damijan Skvarc 

memory leak is reported by valgrind while executing functional test
"ovsdb-tool convert-to-standalone"

==13842== 2,850 (280 direct, 2,570 indirect) bytes in 7 blocks are definitely 
lost in loss record 20 of 20
==13842==at 0x4C2DB8F: malloc (in 
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13842==by 0x45EE2E: xmalloc (util.c:138)
==13842==by 0x43E386: json_create (json.c:1451)
==13842==by 0x43BDD2: json_object_create (json.c:254)
==13842==by 0x43DEE3: json_parser_push_object (json.c:1273)
==13842==by 0x43E167: json_parser_input (json.c:1371)
==13842==by 0x43D6EA: json_lex_input (json.c:991)
==13842==by 0x43DAC1: json_parser_feed (json.c:1149)
==13842==by 0x40D108: parse_body (log.c:411)
==13842==by 0x40D386: ovsdb_log_read (log.c:476)
==13842==by 0x406A0B: do_convert_to_standalone (ovsdb-tool.c:1571)
==13842==by 0x406A0B: do_cluster_standalone (ovsdb-tool.c:1606)
==13842==by 0x438670: ovs_cmdl_run_command__ (command-line.c:223)
==13842==by 0x438720: ovs_cmdl_run_command (command-line.c:254)
==13842==by 0x405A4C: main (ovsdb-tool.c:79)

The problem was in do_convert_to_standalone() function which while reading log 
file
allocate json object which was not deallocated at the end.

Signed-off-by: Damijan Skvarc 
Signed-off-by: Ben Pfaff 
Signed-off-by: Aliasgar Ginwala 
---
 ovsdb/ovsdb-tool.c | 37 +
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index ba78760ef..91662cab8 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -953,26 +953,30 @@ raft_header_to_standalone_log(const struct raft_header *h,
 {
 if (h->snap_index) {
 if (!h->snap.data || json_array(h->snap.data)->n != 2) {
-ovs_fatal(0, "Incorrect raft header data array length");
+ovs_fatal(0, "Incorrect raft header data array length");
 }
 
-struct json *schema_json = json_array(h->snap.data)->elems[0];
+struct json_array *pa = json_array(h->snap.data);
+struct json *schema_json = pa->elems[0];
+struct ovsdb_error *error = NULL;
+
 if (schema_json->type != JSON_NULL) {
 struct ovsdb_schema *schema;
 check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
 ovsdb_schema_destroy(schema);
-check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
-   schema_json));
+error = ovsdb_log_write(db_log_data, schema_json);
 }
 
-struct json *data_json = json_array(h->snap.data)->elems[1];
-if (!data_json || data_json->type != JSON_OBJECT) {
-ovs_fatal(0, "Invalid raft header data");
-}
-if (data_json->type != JSON_NULL) {
-check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
-   data_json));
+if (!error) {
+struct json *data_json = pa->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "Invalid raft header data");
+}
+if (data_json->type != JSON_NULL) {
+error = ovsdb_log_write(db_log_data, data_json);
+}
 }
+check_ovsdb_error(error);
 }
 }
 
@@ -984,14 +988,14 @@ raft_record_to_standalone_log(const struct raft_record *r,
 if (!r->entry.data) {
 return;
 }
-if (json_array(r->entry.data)->n != 2) {
+struct json_array *pa = json_array(r->entry.data);
+
+if (pa->n != 2) {
 ovs_fatal(0, "Incorrect raft record array length");
 }
-
-struct json *data_json = json_array(r->entry.data)->elems[1];
+struct json *data_json = pa->elems[1];
 if (data_json->type != JSON_NULL) {
-check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
-   data_json));
+check_ovsdb_error(ovsdb_log_write(db_log_data, data_json));
 }
 }
 }
@@ -1586,6 +1590,7 @@ do_convert_to_standalone(struct ovsdb_log *log, struct 
ovsdb_log *db_log_data)
 raft_record_to_standalone_log(&r, db_log_data);
 raft_record_uninit(&r);
 }
+json_destroy(json);
 }
 }
 
-- 
2.25.0

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] OVN container scripts: Support for cluster mode

[amginwal]

From: Aliasgar Ginwala 

1. Container scripts for starting ovn central node
   containers in HA using cluster mode
2. Update documentation about the same.

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/intro/install/general.rst | 34 +-
 utilities/docker/start-ovn  | 46 +++--
 2 files changed, 77 insertions(+), 3 deletions(-)

diff --git a/Documentation/intro/install/general.rst 
b/Documentation/intro/install/general.rst
index 52bfd7d18..4df1a5538 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -449,6 +449,38 @@ Start OVN containers using below command::
 $ docker run -itd --net=host --name=ovn-northd \
   : ovn-northd-tcp
 
+Start OVN containers in cluster mode for a 3 node cluster using below command
+on node1::
+
+$ docker run -e "host_ip=" -e "nb_db_port=" -itd \
+  --name=ovn-nb-raft --net=host --privileged : \
+  ovn-nb-cluster-create
+
+$ docker run -e "host_ip=" -e "sb_db_port=" -itd \
+  --name=ovn-sb-raft --net=host --privileged : \
+  ovn-sb-cluster-create
+
+$ docker run -e "OVN_NB_DB=tcp::6641,tcp::6641,\
+  tcp::6641" -e "OVN_SB_DB=tcp::6642,tcp::6642,\
+  tcp::6642" -itd --name=ovn-northd-raft : \
+  ovn-northd-cluster
+
+Start OVN containers in cluster mode using below command on node2 and node3 \
+to make them join the peer using below command::
+
+$ docker run -e "host_ip=" -e "remote_host=" \
+  -e "nb_db_port=" -itd --name=ovn-nb-raft --net=host \
+  --privileged : ovn-nb-cluster-join
+
+$ docker run -e "host_ip=" -e "remote_host=" \
+  -e "sb_db_port=" -itd --name=ovn-sb-raft --net=host \
+  --privileged : ovn-sb-cluster-join
+
+$ docker run -e "OVN_NB_DB=tcp::6641,tcp::6641,\
+  tcp::6641" -e "OVN_SB_DB=tcp::6642,tcp::6642,\
+  tcp::6642" -itd --name=ovn-northd-raft : \
+  ovn-northd-cluster
+
 Start OVN containers using unix socket::
 
 $ docker run -itd --net=host --name=ovn-nb \
@@ -465,7 +497,7 @@ Start OVN containers using unix socket::
 
 .. note::
 Current ovn central components comes up in docker image in a standalone
-mode with protocol tcp.
+and cluster mode with protocol tcp.
 
 The debian docker file use ubuntu 16.04 as a base image for reference.
 
diff --git a/utilities/docker/start-ovn b/utilities/docker/start-ovn
index fbdd2af91..51e5162c5 100755
--- a/utilities/docker/start-ovn
+++ b/utilities/docker/start-ovn
@@ -22,12 +22,34 @@ case $1 in
   --ovnsb-db="unix:/var/run/ovn/ovnsb_db.sock" \
   --log-file=/var/log/ovn/ovn-northd.log
 ;;
+"ovn-northd-cluster") ovn-northd --pidfile \
+  --ovnnb-db=$OVN_NB_DB \
+  --ovnsb-db=$OVN_SB_DB \
+  --log-file=/var/log/ovn/ovn-northd.log
+;;
 "ovn-nb-tcp") source /etc/ovn/ovn_default_nb_port
   /usr/share/ovn/scripts/ovn-ctl start_ovsdb
   ovn-nbctl set-connection ptcp:$nb_db_port
   /usr/share/ovn/scripts/ovn-ctl stop_ovsdb
   /usr/share/ovn/scripts/ovn-ctl run_nb_ovsdb
 ;;
+"ovn-nb-cluster-create") /usr/share/ovn/scripts/ovn-ctl \
+ --db-nb-addr=$host_ip \
+ --db-nb-cluster-local-addr=$host_ip \
+ start_nb_ovsdb
+ ovn-nbctl set-connection ptcp:$nb_db_port
+ /usr/share/ovn/scripts/ovn-ctl stop_nb_ovsdb
+ /usr/share/ovn/scripts/ovn-ctl \
+ --db-nb-addr=$host_ip \
+ --db-nb-cluster-local-addr=$host_ip \
+ run_nb_ovsdb
+;;
+"ovn-nb-cluster-join") /usr/share/ovn/scripts/ovn-ctl \
+   --db-nb-addr=$host_ip \
+   --db-nb-cluster-local-addr=$host_ip \
+   --db-nb-cluster-remote-addr=$remote_host \
+   run_nb_ovsdb
+;;
 "ovn-sb-tcp") source /etc/ovn/ovn_default_sb_port
   /usr/share/ovn/scripts/ovn-ctl start_ovsdb
   ovn-sbctl set-connection ptcp:$sb_db_port
@@ -42,8 +64,28 @@ case $1 in
   --ovnsb-db="tcp:$northd_host:$sb_db_port" \
   --log-file=/var/log/ovn/ovn-northd.log
 ;;
+"ovn-sb-cluster-create") /usr/share/ovn/scripts/ovn-ctl \
+ --db-sb-addr=$host_ip \
+ --db-sb-cluster-local-addr=$host_ip \
+ start_sb_ovsdb
+ ovn-sbctl set-connection ptcp:$sb_db_port
+ /usr/share/ovn/scripts/ovn-ctl stop

[ovs-dev] [PATCH v2] ovs container build: Make kernel module configurable

[amginwal]

From: Aliasgar Ginwala 

--with-linux can be made configurable while building containers
for leveraging kernel modules installed on host.
KERNEL_VERSION=host should be used in env variable for the same.

Signed-off-by: Aliasgar Ginwala 
---
 utilities/docker/Makefile |  2 +-
 .../docker/debian/build-kernel-modules.sh | 21 +++
 utilities/docker/start-ovs| 11 --
 3 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/utilities/docker/Makefile b/utilities/docker/Makefile
index 8c2f7810e..d8b08a3c9 100644
--- a/utilities/docker/Makefile
+++ b/utilities/docker/Makefile
@@ -10,7 +10,7 @@
 #   make push
 
 REPO = ${DOCKER_REPO}
-tag = ${OVS_VERSION}_${KERNEL_VERSION}
+tag = ${OVS_VERSION}_${DISTRO}_${KERNEL_VERSION}
 
 build: ;docker build -t ${REPO}:${tag} --build-arg DISTRO=${DISTRO} \
 --build-arg OVS_BRANCH=${OVS_BRANCH} \
diff --git a/utilities/docker/debian/build-kernel-modules.sh 
b/utilities/docker/debian/build-kernel-modules.sh
index 18ac35764..db770ed51 100755
--- a/utilities/docker/debian/build-kernel-modules.sh
+++ b/utilities/docker/debian/build-kernel-modules.sh
@@ -17,13 +17,17 @@ OVS_BRANCH=$2
 GITHUB_SRC=$3
 
 # Install deps
-linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION"
 build_deps="apt-utils libelf-dev build-essential libssl-dev python3 \
 python3-six wget gdb autoconf libtool git automake bzip2 debhelper \
 dh-autoreconf openssl"
 
 apt-get update
-apt-get install -y ${linux} ${build_deps}
+if [ $KERNEL_VERSION != "host" ]; then
+linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION"
+apt-get install -y ${linux}
+fi
+
+apt-get install -y ${build_deps}
 
 # get the source
 mkdir /build; cd /build
@@ -32,8 +36,17 @@ cd ovs
 
 # build and install
 ./boot.sh
-./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
---with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl
+
+config="./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr"
+--enable-ssl"
+
+if [ $KERNEL_VERSION = "host" ]; then
+   eval $config
+else
+withlinux=" --with-linux=/lib/modules/$KERNEL_VERSION/build"
+eval $config$withlinux
+fi
+
 make -j8; make install; make modules_install
 
 # remove deps to make the container light weight.
diff --git a/utilities/docker/start-ovs b/utilities/docker/start-ovs
index 4a1a16cd1..516b5d91c 100755
--- a/utilities/docker/start-ovs
+++ b/utilities/docker/start-ovs
@@ -38,5 +38,12 @@ case $1 in
 -vfile:info --mlockall --no-chdir \
 --log-file=/var/log/openvswitch/ovs-vswitchd.log
 ;;
-*) echo "$0 [ovsdb-server|ovs-vswitchd]"
-esac
+"ovs-vswitchd-host") /usr/share/openvswitch/scripts/ovs-ctl \
+ --no-ovsdb-server start
+ /usr/share/openvswitch/scripts/ovs-ctl stop
+ ovs-vswitchd --pidfile -vconsole:emer \
+ -vsyslog:err -vfile:info --mlockall --no-chdir \
+ --log-file=/var/log/openvswitch/ovs-vswitchd.log
+;;
+*) echo "$0 [ovsdb-server|ovs-vswitchd|ovs-vswitchd-host]"
+esac
\ No newline at end of file
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v1] ovs container build: Make kernel module configurable

[amginwal]

From: Aliasgar Ginwala 

--with-linux can be made configurable while building containers
for leveraging kernel modules installed on host.
KERNEL_VERSION=host should be used in env variable for the same.

Signed-off-by: Aliasgar Ginwala 
---
 utilities/docker/Makefile   |  2 +-
 utilities/docker/debian/build-kernel-modules.sh | 16 +---
 utilities/docker/start-ovs  |  9 -
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/utilities/docker/Makefile b/utilities/docker/Makefile
index 8c2f7810e..d8b08a3c9 100644
--- a/utilities/docker/Makefile
+++ b/utilities/docker/Makefile
@@ -10,7 +10,7 @@
 #   make push
 
 REPO = ${DOCKER_REPO}
-tag = ${OVS_VERSION}_${KERNEL_VERSION}
+tag = ${OVS_VERSION}_${DISTRO}_${KERNEL_VERSION}
 
 build: ;docker build -t ${REPO}:${tag} --build-arg DISTRO=${DISTRO} \
 --build-arg OVS_BRANCH=${OVS_BRANCH} \
diff --git a/utilities/docker/debian/build-kernel-modules.sh 
b/utilities/docker/debian/build-kernel-modules.sh
index 18ac35764..17a67bfcb 100755
--- a/utilities/docker/debian/build-kernel-modules.sh
+++ b/utilities/docker/debian/build-kernel-modules.sh
@@ -17,13 +17,17 @@ OVS_BRANCH=$2
 GITHUB_SRC=$3
 
 # Install deps
-linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION"
 build_deps="apt-utils libelf-dev build-essential libssl-dev python3 \
 python3-six wget gdb autoconf libtool git automake bzip2 debhelper \
 dh-autoreconf openssl"
 
 apt-get update
-apt-get install -y ${linux} ${build_deps}
+
+if [ $KERNEL_VERSION != "host" ]; then
+linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION"
+apt-get install -y ${linux}
+fi
+apt-get install -y ${build_deps}
 
 # get the source
 mkdir /build; cd /build
@@ -32,8 +36,14 @@ cd ovs
 
 # build and install
 ./boot.sh
-./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
+if [ $KERNEL_VERSION == "host" ]; then
+   ./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
+--enable-ssl
+else
+./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
 --with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl
+fi
+
 make -j8; make install; make modules_install
 
 # remove deps to make the container light weight.
diff --git a/utilities/docker/start-ovs b/utilities/docker/start-ovs
index 4a1a16cd1..c99380519 100755
--- a/utilities/docker/start-ovs
+++ b/utilities/docker/start-ovs
@@ -38,5 +38,12 @@ case $1 in
 -vfile:info --mlockall --no-chdir \
 --log-file=/var/log/openvswitch/ovs-vswitchd.log
 ;;
-*) echo "$0 [ovsdb-server|ovs-vswitchd]"
+"ovs-vswitchd-host") /usr/share/openvswitch/scripts/ovs-ctl \
+ --no-ovsdb-server start
+ /usr/share/openvswitch/scripts/ovs-ctl stop
+ ovs-vswitchd --pidfile -vconsole:emer \
+ -vsyslog:err -vfile:info --mlockall --no-chdir \
+ --log-file=/var/log/openvswitch/ovs-vswitchd.log
+;;
+*) echo "$0 [ovsdb-server|ovs-vswitchd|ovs-vswitchd-host]"
 esac
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn 2/3] Refactor install scripts for ovn container

[amginwal]

From: Aliasgar Ginwala 

Signed-off-by: Aliasgar Ginwala 
---
 utilities/automake.mk  |  3 ++-
 utilities/docker/Makefile  |  2 +-
 utilities/docker/debian/Dockerfile |  1 +
 utilities/docker/debian/build.sh   | 24 +-
 utilities/docker/install_ovn.sh| 40 ++
 5 files changed, 45 insertions(+), 25 deletions(-)
 create mode 100755 utilities/docker/install_ovn.sh

diff --git a/utilities/automake.mk b/utilities/automake.mk
index 197cc7011..0b7e38dc0 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -39,7 +39,8 @@ EXTRA_DIST += \
 utilities/docker/ovn_default_sb_port \
 utilities/docker/ovn_default_northd_host \
 utilities/docker/debian/Dockerfile \
-utilities/docker/debian/build.sh
+utilities/docker/debian/build.sh \
+utilities/docker/install_ovn.sh
 
 CLEANFILES += \
 utilities/ovn-ctl.8 \
diff --git a/utilities/docker/Makefile b/utilities/docker/Makefile
index 304723f8f..57e95651c 100644
--- a/utilities/docker/Makefile
+++ b/utilities/docker/Makefile
@@ -9,7 +9,7 @@
 #   make push
 
 REPO = ${DOCKER_REPO}
-tag = ${OVN_VERSION}_${KERNEL_VERSION}
+tag = ${OVN_VERSION}_${DISTRO}_${OVN_BRANCH}
 
 build: ;docker build -t ${REPO}:${tag} --build-arg DISTRO=${DISTRO} \
 --build-arg OVN_BRANCH=${OVN_BRANCH} \
diff --git a/utilities/docker/debian/Dockerfile 
b/utilities/docker/debian/Dockerfile
index 9c35f6b16..366ad6d4f 100644
--- a/utilities/docker/debian/Dockerfile
+++ b/utilities/docker/debian/Dockerfile
@@ -6,6 +6,7 @@ ARG GITHUB_SRC
 ARG DISTRO
 
 copy $DISTRO/build.sh /build.sh
+copy install_ovn.sh /install_ovn.sh
 RUN /build.sh $OVN_BRANCH $GITHUB_SRC
 
 COPY ovn_default_nb_port /etc/ovn/ovn_default_nb_port
diff --git a/utilities/docker/debian/build.sh b/utilities/docker/debian/build.sh
index 8e492bf76..0d0c8cfd8 100755
--- a/utilities/docker/debian/build.sh
+++ b/utilities/docker/debian/build.sh
@@ -23,29 +23,7 @@ dh-autoreconf openssl"
 apt-get update
 apt-get install -y ${build_deps}
 
-# get ovs source always from master as its needed as dependency
-mkdir /build; cd /build
-git clone --depth 1 -b master https://github.com/openvswitch/ovs.git
-cd ovs;
-mkdir _gcc;
-
-# build and install
-./boot.sh
-cd _gcc
-../configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
---enable-ssl
-cd ..; make -C _gcc install; cd ..
-
-
-# get ovn source
-git clone --depth 1 -b $OVN_BRANCH $GITHUB_SRC
-cd ovn
-
-# build and install
-./boot.sh
-./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
---enable-ssl --with-ovs-source=/build/ovs/ --with-ovs-build=/build/ovs/_gcc
-make -j8; make install
+./install_ovn.sh $OVN_BRANCH $GITHUB_SRC
 
 # remove deps to make the container light weight.
 apt-get remove --purge -y ${build_deps}
diff --git a/utilities/docker/install_ovn.sh b/utilities/docker/install_ovn.sh
new file mode 100755
index 0..55c189aae
--- /dev/null
+++ b/utilities/docker/install_ovn.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+OVN_BRANCH=$1
+GITHUB_SRC=$2
+
+# get ovs source always from master as its needed as dependency
+mkdir /build; cd /build
+git clone --depth 1 -b master https://github.com/openvswitch/ovs.git
+cd ovs;
+mkdir _gcc;
+
+# build and install
+./boot.sh
+cd _gcc
+../configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
+--enable-ssl
+cd ..; make -C _gcc install; cd ..
+
+
+# get ovn source
+git clone --depth 1 -b $OVN_BRANCH $GITHUB_SRC
+cd ovn
+
+# build and install
+./boot.sh
+./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
+--enable-ssl --with-ovs-source=/build/ovs/ --with-ovs-build=/build/ovs/_gcc
+make -j8; make install
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn 3/3] rhel support for ovn container

[amginwal]

From: Aliasgar Ginwala 

Current code only had support for starting ovn in ubuntu containers.
This patch adds supprt for rhel using centos7 as a base image

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/intro/install/general.rst |  2 +-
 utilities/automake.mk   |  2 ++
 utilities/docker/rhel/Dockerfile| 20 +
 utilities/docker/rhel/build.sh  | 38 +
 4 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100755 utilities/docker/rhel/Dockerfile
 create mode 100755 utilities/docker/rhel/build.sh

diff --git a/Documentation/intro/install/general.rst 
b/Documentation/intro/install/general.rst
index cdd78f7f7..52bfd7d18 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -471,7 +471,7 @@ Start OVN containers using unix socket::
 
 User can use any other base image for debian, e.g. u14.04, etc.
 
-RHEL based docker build support needs to be added.
+RHEL based docker support is now added with centos7 as a base image.
 
 Starting OVN host service
 
diff --git a/utilities/automake.mk b/utilities/automake.mk
index 0b7e38dc0..73018ca66 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -40,6 +40,8 @@ EXTRA_DIST += \
 utilities/docker/ovn_default_northd_host \
 utilities/docker/debian/Dockerfile \
 utilities/docker/debian/build.sh \
+utilities/docker/rhel/Dockerfile \
+utilities/docker/rhel/build.sh \
 utilities/docker/install_ovn.sh
 
 CLEANFILES += \
diff --git a/utilities/docker/rhel/Dockerfile b/utilities/docker/rhel/Dockerfile
new file mode 100755
index 0..e4f5cfece
--- /dev/null
+++ b/utilities/docker/rhel/Dockerfile
@@ -0,0 +1,20 @@
+FROM centos:7
+MAINTAINER "Aliasgar Ginwala" 
+
+ARG OVN_BRANCH
+ARG GITHUB_SRC
+ARG DISTRO
+
+copy $DISTRO/build.sh /build.sh
+copy install_ovn.sh /install_ovn.sh
+RUN /build.sh $OVN_BRANCH $GITHUB_SRC
+
+COPY ovn_default_nb_port /etc/ovn/ovn_default_nb_port
+COPY ovn_default_sb_port /etc/ovn/ovn_default_sb_port
+COPY ovn_default_northd_host /etc/ovn/ovn_default_northd_host
+
+COPY start-ovn /bin/start-ovn
+VOLUME ["/var/log/openvswitch", \
+"/var/lib/openvswitch", "/var/run/openvswitch", "/etc/openvswitch", \
+"/var/log/ovn", "/var/lib/ovn", "/var/run/ovn", "/etc/ovn"]
+ENTRYPOINT ["start-ovn"]
diff --git a/utilities/docker/rhel/build.sh b/utilities/docker/rhel/build.sh
new file mode 100755
index 0..eb6f85a4a
--- /dev/null
+++ b/utilities/docker/rhel/build.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+OVN_BRANCH=$1
+GITHUB_SRC=$2
+
+# Install deps
+build_deps="rpm-build yum-utils yum-builddep automake autoconf openssl-devel \
+epel-release python3 gdb libtool git bzip2 perl-core zlib-devel openssl git \
+libtool"
+
+yum update -y
+yum install @'Development Tools'  ${build_deps} -y
+pip3 install six
+
+./install_ovn.sh $OVN_BRANCH $GITHUB_SRC
+
+# remove unused packages to make the container light weight.
+for i in $(package-cleanup --leaves --all);
+do yum remove -y $i; yum autoremove -y;
+done
+yum remove ${build_deps} -y
+cd ..; rm -rf ovs; rm -rf ovn
+
+# Install basic utils
+basic_utils="vim-minimal.x86_64 net-tools.x86_64 uuid.x86_64 iproute.x86_64"
+yum install -y ${basic_utils}
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn 1/3] Skip using with-linux for ovn container build scripts

[amginwal]

From: Aliasgar Ginwala 

Signed-off-by: Aliasgar Ginwala 
---
 utilities/docker/Makefile  |  2 --
 utilities/docker/debian/Dockerfile |  3 +--
 utilities/docker/debian/build.sh   | 13 +
 3 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/utilities/docker/Makefile b/utilities/docker/Makefile
index e2b2c2a17..304723f8f 100644
--- a/utilities/docker/Makefile
+++ b/utilities/docker/Makefile
@@ -1,6 +1,5 @@
 #export OVN_BRANCH=master
 #export OVN_VERSION=2.12
-#export KERNEL_VERSION=4.15.0-54-generic
 #export DISTRO=debian
 #export GITHUB_SRC=https://github.com/ovn-org/ovn.git
 #export DOCKER_REPO=ovn-org/ovn
@@ -14,7 +13,6 @@ tag = ${OVN_VERSION}_${KERNEL_VERSION}
 
 build: ;docker build -t ${REPO}:${tag} --build-arg DISTRO=${DISTRO} \
 --build-arg OVN_BRANCH=${OVN_BRANCH} \
---build-arg KERNEL_VERSION=${KERNEL_VERSION} \
 --build-arg GITHUB_SRC=${GITHUB_SRC} -f ${DISTRO}/Dockerfile .
 
 .PHONY: build
diff --git a/utilities/docker/debian/Dockerfile 
b/utilities/docker/debian/Dockerfile
index 30504480d..9c35f6b16 100644
--- a/utilities/docker/debian/Dockerfile
+++ b/utilities/docker/debian/Dockerfile
@@ -2,12 +2,11 @@ FROM ubuntu:16.04
 MAINTAINER "Aliasgar Ginwala" 
 
 ARG OVN_BRANCH
-ARG KERNEL_VERSION
 ARG GITHUB_SRC
 ARG DISTRO
 
 copy $DISTRO/build.sh /build.sh
-RUN /build.sh $KERNEL_VERSION $OVN_BRANCH $GITHUB_SRC
+RUN /build.sh $OVN_BRANCH $GITHUB_SRC
 
 COPY ovn_default_nb_port /etc/ovn/ovn_default_nb_port
 COPY ovn_default_sb_port /etc/ovn/ovn_default_sb_port
diff --git a/utilities/docker/debian/build.sh b/utilities/docker/debian/build.sh
index 981ff796e..8e492bf76 100755
--- a/utilities/docker/debian/build.sh
+++ b/utilities/docker/debian/build.sh
@@ -12,18 +12,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-KERNEL_VERSION=$1
-OVN_BRANCH=$2
-GITHUB_SRC=$3
+OVN_BRANCH=$1
+GITHUB_SRC=$2
 
 # Install deps
-linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION"
 build_deps="apt-utils libelf-dev build-essential libssl-dev python3 \
 python3-six wget gdb autoconf libtool git automake bzip2 debhelper \
 dh-autoreconf openssl"
 
 apt-get update
-apt-get install -y ${linux} ${build_deps}
+apt-get install -y ${build_deps}
 
 # get ovs source always from master as its needed as dependency
 mkdir /build; cd /build
@@ -35,7 +33,7 @@ mkdir _gcc;
 ./boot.sh
 cd _gcc
 ../configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
---with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl
+--enable-ssl
 cd ..; make -C _gcc install; cd ..
 
 
@@ -46,8 +44,7 @@ cd ovn
 # build and install
 ./boot.sh
 ./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
---with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl \
---with-ovs-source=/build/ovs/ --with-ovs-build=/build/ovs/_gcc
+--enable-ssl --with-ovs-source=/build/ovs/ --with-ovs-build=/build/ovs/_gcc
 make -j8; make install
 
 # remove deps to make the container light weight.
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v3 ovn] ovn-nb/sbctl.c: Use env variables for passing options.

[amginwal]

From: Aliasgar Ginwala 

Add new env variables OVN_NBCTL_OPTIONS and OVN_SBCTL_OPTIONS for
ovn-nbctl and ovn-sbctl respectively where user can set
supported ovn-nb/sbctl options using environment variable.
e.g. OVN_SBCTL_OPTIONS="--db=unix:sb1.ovsdb --no-leader-only"

Signed-off-by: Aliasgar Ginwala 
---
 utilities/ovn-nbctl.8.xml | 25 +
 utilities/ovn-nbctl.c |  3 +++
 utilities/ovn-sbctl.8.in  |  8 
 utilities/ovn-sbctl.c |  3 +++
 4 files changed, 39 insertions(+)

diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml
index fd75c0e44..b207dac46 100644
--- a/utilities/ovn-nbctl.8.xml
+++ b/utilities/ovn-nbctl.8.xml
@@ -1178,6 +1178,31 @@
   wait at all.  Use the sync command to override this
   behavior.
 
+
+
+  User can set one or more OVN_NBCTL_OPTIONS options in
+  environment variable. Under the Bourne shell this might be
+  done like this:
+
+
+
+  OVN_NBCTL_OPTIONS="--db=unix:nb1.ovsdb --no-leader-only"
+
+
+
+  When OVN_NBCTL_OPTIONS is set, ovn-nbctl
+  automatically and transparently uses the environment variable to
+  execute its commands. However user can still over-ride environment
+  options by passing different in cli.
+
+
+
+  When the environment variable is no longer needed, unset it, e.g.:
+
+
+
+  unset OVN_NBCTL_OPTIONS
+
   
 
 --db database
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index a89a9cb4d..9bc465209 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -136,6 +136,9 @@ main(int argc, char *argv[])
 
 nbctl_cmd_init();
 
+/* Check if options are set via env var. */
+argv = ovs_cmdl_env_parse_all(&argc, argv, getenv("OVN_NBCTL_OPTIONS"));
+
 /* ovn-nbctl has three operation modes:
  *
  *- Direct: Executes commands by contacting ovsdb-server directly.
diff --git a/utilities/ovn-sbctl.8.in b/utilities/ovn-sbctl.8.in
index 2aaa457e8..b3c21d625 100644
--- a/utilities/ovn-sbctl.8.in
+++ b/utilities/ovn-sbctl.8.in
@@ -93,6 +93,14 @@ to approximately \fIsecs\fR seconds.  If the timeout expires,
 would normally happen only if the database cannot be contacted, or if
 the system is overloaded.)
 .
+.IP "\fBOVN_SBCTL_OPTIONS\fR"
+.User can set one or more options using \fBOVN_SBCTL_OPTIONS\fR environment
+.variable. Under the Bourne shell this might be done like this:
+.export \fBOVN_SBCTL_OPTIONS\fR"="--db=unix:sb1.ovsdb --no-leader-only".
+.However user can still over-ride environment options by passing different
+.options in cli. When the environment variable is no longer needed, unset it,
+.e.g.: unset \fBOVN_SBCTL_OPTIONS\fR"
+.
 .so lib/vlog.man
 .so lib/common.man
 .
diff --git a/utilities/ovn-sbctl.c b/utilities/ovn-sbctl.c
index 9a9b6f0ec..ffcaee2c4 100644
--- a/utilities/ovn-sbctl.c
+++ b/utilities/ovn-sbctl.c
@@ -108,6 +108,9 @@ main(int argc, char *argv[])
 
 sbctl_cmd_init();
 
+/* Check if options are set via env var. */
+argv = ovs_cmdl_env_parse_all(&argc, argv, getenv("OVN_SBCTL_OPTIONS"));
+
 /* Parse command line. */
 char *args = process_escape_args(argv);
 shash_init(&local_options);
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v3] command-line.c: Support parsing ctl options via env variable

[amginwal]

From: Aliasgar Ginwala 

Signed-off-by: Aliasgar Ginwala 
---
 lib/command-line.c | 29 +
 lib/command-line.h |  3 +++
 2 files changed, 32 insertions(+)

diff --git a/lib/command-line.c b/lib/command-line.c
index 9e000bd28..2fc8b6e48 100644
--- a/lib/command-line.c
+++ b/lib/command-line.c
@@ -19,6 +19,7 @@
 #include 
 #include 
 #include 
+#include "svec.h"
 #include "openvswitch/dynamic-string.h"
 #include "ovs-thread.h"
 #include "util.h"
@@ -77,6 +78,34 @@ find_option_by_value(const struct option *options, int value)
 return NULL;
 }
 
+/* Parses options set using environment variable.  The caller specifies the
+ * supported options in environment variable.  On success, adds the parsed
+ * env variables in 'argv', the number of options in 'argc', and returns argv.
+ *  */
+char **
+ovs_cmdl_env_parse_all(int *argcp, char *argv[],
+   char *env_options)
+{
+struct svec args = SVEC_EMPTY_INITIALIZER;
+
+/* argv[0] stays in place. */
+ovs_assert(*argcp > 0);
+svec_add(&args, argv[0]);
+
+/* Anything from the environment variable goes next. */
+if (env_options) {
+svec_parse_words(&args, env_options);
+}
+
+/* Remaining command-line options go at the end. */
+for (int i = 1; i < *argcp; i++) {
+svec_add(&args, argv[i]);
+}
+
+*argcp = args.n;
+return args.names;
+}
+
 /* Parses the command-line options in 'argc' and 'argv'.  The caller specifies
  * the supported options in 'options'.  On success, stores the parsed options
  * in '*pop', the number of options in '*n_pop', and returns NULL.  On failure,
diff --git a/lib/command-line.h b/lib/command-line.h
index 9d62dc250..4b8f76da7 100644
--- a/lib/command-line.h
+++ b/lib/command-line.h
@@ -54,6 +54,9 @@ char *ovs_cmdl_parse_all(int argc, char *argv[], const struct 
option *,
  struct ovs_cmdl_parsed_option **, size_t *)
 OVS_WARN_UNUSED_RESULT;
 
+char **ovs_cmdl_env_parse_all(int *argcp, char *argv_[],
+  char *env_options);
+
 void ovs_cmdl_print_options(const struct option *options);
 void ovs_cmdl_print_commands(const struct ovs_cmdl_command *commands);
 
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2] command-line.c: Support parsing ctl options via env variable

[amginwal]

From: Aliasgar Ginwala 

Signed-off-by: Aliasgar Ginwala 
---
 lib/command-line.c | 55 ++
 lib/command-line.h |  3 +++
 2 files changed, 58 insertions(+)

diff --git a/lib/command-line.c b/lib/command-line.c
index 9e000bd28..d13cca294 100644
--- a/lib/command-line.c
+++ b/lib/command-line.c
@@ -19,6 +19,7 @@
 #include 
 #include 
 #include 
+#include "svec.h"
 #include "openvswitch/dynamic-string.h"
 #include "ovs-thread.h"
 #include "util.h"
@@ -77,6 +78,60 @@ find_option_by_value(const struct option *options, int value)
 return NULL;
 }
 
+/* Parses options set using environment variable.  The caller specifies the
+ * supported options in environment variable.  On success, adds the parsed
+ * env variables in 'argv', the number of options in 'argc', and returns argv.
+ *  */
+char **
+ovs_cmdl_env_parse_all(int *argcp, char *argv_[],
+   char *env_options)
+{
+char *str1, *token, *saveptr1;
+char **argv = NULL;
+int i, j, total_args, argc;
+int env_argc = 0;
+
+argc = *argcp;
+if (!env_options) {
+/* Copy args for parsing as is from argv_ */
+argv = xcalloc(argc + 1, sizeof( *argv_) + 1 );
+for (i = 0; i < argc; i++) {
+argv[i] = xstrdup(argv_[i]);
+}
+return argv;
+}
+
+/* Count number of options passed via environment variable */
+struct svec env_vars;
+svec_init(&env_vars);
+for (j = 1, str1 = env_options; ; j++, str1 = NULL) {
+token = strtok_r(str1, " ", &saveptr1);
+if (token == NULL) {
+break;
+}
+svec_add(&env_vars, token);
+env_argc++;
+}
+total_args = argc + env_argc + 1;
+argv = xcalloc(total_args, sizeof( *argv_) + env_argc + 1);
+
+/* Construct argv with command line + environment options. */
+for (i = 0, j = 0; i < argc; i++, j++) {
+if (j == 1) {
+const char *env;
+size_t k;
+SVEC_FOR_EACH (k, env, &env_vars) {
+argv[j] = xstrdup(env);
+j++;
+}
+}
+argv[j] = xstrdup(argv_[i]);
+}
+svec_destroy(&env_vars);
+*argcp = j;
+return argv;
+}
+
 /* Parses the command-line options in 'argc' and 'argv'.  The caller specifies
  * the supported options in 'options'.  On success, stores the parsed options
  * in '*pop', the number of options in '*n_pop', and returns NULL.  On failure,
diff --git a/lib/command-line.h b/lib/command-line.h
index 9d62dc250..4b8f76da7 100644
--- a/lib/command-line.h
+++ b/lib/command-line.h
@@ -54,6 +54,9 @@ char *ovs_cmdl_parse_all(int argc, char *argv[], const struct 
option *,
  struct ovs_cmdl_parsed_option **, size_t *)
 OVS_WARN_UNUSED_RESULT;
 
+char **ovs_cmdl_env_parse_all(int *argcp, char *argv_[],
+  char *env_options);
+
 void ovs_cmdl_print_options(const struct option *options);
 void ovs_cmdl_print_commands(const struct ovs_cmdl_command *commands);
 
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2 ovn] ovn-nb/sbctl.c: Use env variables for passing options.

[amginwal]

From: Aliasgar Ginwala 

Add new env variables OVN_NBCTL_OPTIONS and OVN_SBCTL_OPTIONS for
ovn-nbctl and ovn-sbctl respectively where user can set
supported ovn-nb/sbctl options using environment variable.
e.g. OVN_SBCTL_OPTIONS="--db=unix:sb1.ovsdb --no-leader-only"

Signed-off-by: Aliasgar Ginwala 
---

v1 -> v2
---
  * Addressed Ben's comment - Write ovs_cmdl_env_parse_all for parsing
  env options in lib/command-line.c and update docs about new env var
  usage.

 utilities/ovn-nbctl.8.xml | 25 +
 utilities/ovn-nbctl.c | 19 +--
 utilities/ovn-sbctl.8.in  |  8 
 utilities/ovn-sbctl.c | 19 +--
 4 files changed, 67 insertions(+), 4 deletions(-)

diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml
index fd75c0e44..b207dac46 100644
--- a/utilities/ovn-nbctl.8.xml
+++ b/utilities/ovn-nbctl.8.xml
@@ -1178,6 +1178,31 @@
   wait at all.  Use the sync command to override this
   behavior.
 
+
+
+  User can set one or more OVN_NBCTL_OPTIONS options in
+  environment variable. Under the Bourne shell this might be
+  done like this:
+
+
+
+  OVN_NBCTL_OPTIONS="--db=unix:nb1.ovsdb --no-leader-only"
+
+
+
+  When OVN_NBCTL_OPTIONS is set, ovn-nbctl
+  automatically and transparently uses the environment variable to
+  execute its commands. However user can still over-ride environment
+  options by passing different in cli.
+
+
+
+  When the environment variable is no longer needed, unset it, e.g.:
+
+
+
+  unset OVN_NBCTL_OPTIONS
+
   
 
 --db database
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index a89a9cb4d..684f0f40b 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -124,18 +124,33 @@ static char * OVS_WARN_UNUSED_RESULT main_loop(const char 
*args,
 static void server_loop(struct ovsdb_idl *idl, int argc, char *argv[]);
 
 int
-main(int argc, char *argv[])
+main(int argc, char *argv_[])
 {
 struct ovsdb_idl *idl;
 struct shash local_options;
 
-set_program_name(argv[0]);
+set_program_name(argv_[0]);
 fatal_ignore_sigpipe();
 vlog_set_levels(NULL, VLF_CONSOLE, VLL_WARN);
 vlog_set_levels_from_string_assert("reconnect:warn");
 
 nbctl_cmd_init();
 
+/* Check if options are set via env var. */
+char *ctl_options = getenv("OVN_NBCTL_OPTIONS");
+char **argv;
+int *argcp;
+argcp = xmalloc(sizeof(int));
+*argcp = argc;
+argv = ovs_cmdl_env_parse_all(argcp, argv_,
+  ctl_options);
+if (!argv) {
+/* This situation should never occur, but... */
+ctl_fatal("Unable to read argv");
+}
+argc = *argcp;
+free(argcp);
+
 /* ovn-nbctl has three operation modes:
  *
  *- Direct: Executes commands by contacting ovsdb-server directly.
diff --git a/utilities/ovn-sbctl.8.in b/utilities/ovn-sbctl.8.in
index 2aaa457e8..b3c21d625 100644
--- a/utilities/ovn-sbctl.8.in
+++ b/utilities/ovn-sbctl.8.in
@@ -93,6 +93,14 @@ to approximately \fIsecs\fR seconds.  If the timeout expires,
 would normally happen only if the database cannot be contacted, or if
 the system is overloaded.)
 .
+.IP "\fBOVN_SBCTL_OPTIONS\fR"
+.User can set one or more options using \fBOVN_SBCTL_OPTIONS\fR environment
+.variable. Under the Bourne shell this might be done like this:
+.export \fBOVN_SBCTL_OPTIONS\fR"="--db=unix:sb1.ovsdb --no-leader-only".
+.However user can still over-ride environment options by passing different
+.options in cli. When the environment variable is no longer needed, unset it,
+.e.g.: unset \fBOVN_SBCTL_OPTIONS\fR"
+.
 .so lib/vlog.man
 .so lib/common.man
 .
diff --git a/utilities/ovn-sbctl.c b/utilities/ovn-sbctl.c
index 9a9b6f0ec..7c991a5fc 100644
--- a/utilities/ovn-sbctl.c
+++ b/utilities/ovn-sbctl.c
@@ -93,7 +93,7 @@ static bool do_sbctl(const char *args, struct ctl_command *, 
size_t n,
  struct ovsdb_idl *);
 
 int
-main(int argc, char *argv[])
+main(int argc, char *argv_[])
 {
 struct ovsdb_idl *idl;
 struct ctl_command *commands;
@@ -101,13 +101,28 @@ main(int argc, char *argv[])
 unsigned int seqno;
 size_t n_commands;
 
-set_program_name(argv[0]);
+set_program_name(argv_[0]);
 fatal_ignore_sigpipe();
 vlog_set_levels(NULL, VLF_CONSOLE, VLL_WARN);
 vlog_set_levels_from_string_assert("reconnect:warn");
 
 sbctl_cmd_init();
 
+/* Check if options are set via env var. */
+char *ctl_options = getenv("OVN_SBCTL_OPTIONS");
+char **argv;
+int *argcp;
+argcp = xmalloc(sizeof(int));
+*argcp = argc;
+argv = ovs_cmdl_env_parse_all(argcp, argv_,
+  ctl_options);
+if (!argv) {
+/* This situation should never occur, but... */
+ctl_fatal("Unable to read argv");
+   

[ovs-dev] [PATCH v1] command-line.c: Support parsing ctl options via env variable

[amginwal]

From: Aliasgar Ginwala 

Signed-off-by: Aliasgar Ginwala 
---
 lib/command-line.c | 50 ++
 lib/command-line.h |  3 +++
 2 files changed, 53 insertions(+)

diff --git a/lib/command-line.c b/lib/command-line.c
index 9e000bd28..64a84efa8 100644
--- a/lib/command-line.c
+++ b/lib/command-line.c
@@ -77,6 +77,56 @@ find_option_by_value(const struct option *options, int value)
 return NULL;
 }
 
+/* Parses options set using environment variable.  The caller specifies the
+ * supported options in environment variable.  On success, adds the parsed
+ * env variables in 'argv', the number of options in 'argc', and returns argv.
+ *  */
+char **
+ovs_cmdl_env_parse_all(int *argcp, char *argv_[],
+   char *env_options)
+{
+char *str1, *token, *saveptr1;
+char **argv = NULL;
+int i, j, total_args, argc;
+int env_argc = 0;
+
+argc = *argcp;
+if (!env_options) {
+/* Copy args for parsing as is from argv_ */
+argv = xcalloc(argc + 1, sizeof( *argv_) + 1 );
+for (i = 0; i < argc; i++) {
+argv[i] = xstrdup(argv_[i]);
+}
+return argv;
+}
+/* Count number of options passed via environment variable */
+for (j = 1, str1 = env_options; ; j++, str1 = NULL) {
+token = strtok_r(str1, " ", &saveptr1);
+if (token == NULL) {
+break;
+}
+env_argc++;
+}
+total_args = argc + env_argc + 1;
+argv = xcalloc(total_args, sizeof( *argv_) + env_argc + 1);
+
+/* Construct argv with command line + environment options. */
+for (i = 0, j = 0; i < argc; i++, j++) {
+if (j == 1) {
+for (j = 1, str1 = env_options; ; j++, str1 = NULL) {
+token = strtok_r(str1, " ", &saveptr1);
+if (token == NULL) {
+break;
+}
+argv[j] = token;
+}
+}
+argv[j] = xstrdup(argv_[i]);
+}
+*argcp = j;
+return argv;
+}
+
 /* Parses the command-line options in 'argc' and 'argv'.  The caller specifies
  * the supported options in 'options'.  On success, stores the parsed options
  * in '*pop', the number of options in '*n_pop', and returns NULL.  On failure,
diff --git a/lib/command-line.h b/lib/command-line.h
index 9d62dc250..4b8f76da7 100644
--- a/lib/command-line.h
+++ b/lib/command-line.h
@@ -54,6 +54,9 @@ char *ovs_cmdl_parse_all(int argc, char *argv[], const struct 
option *,
  struct ovs_cmdl_parsed_option **, size_t *)
 OVS_WARN_UNUSED_RESULT;
 
+char **ovs_cmdl_env_parse_all(int *argcp, char *argv_[],
+  char *env_options);
+
 void ovs_cmdl_print_options(const struct option *options);
 void ovs_cmdl_print_commands(const struct ovs_cmdl_command *commands);
 
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v1 ovn] ovs container build.sh requires python3

[amginwal]

From: Aliasgar Ginwala 

building ovn/ovs container breaks while configure:
checking for Python 3 (version 3.4 or later)... no
configure: error: Python 3.4 or later is required but not found in
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin,
please install it or set  to point to it

As per commit 1ca0323e7c29dc7ef5a615c265df0460208f92de
Require Python 3 and remove support for Python 2.

Signed-off-by: Aliasgar Ginwala 
---
 utilities/docker/debian/build.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utilities/docker/debian/build.sh b/utilities/docker/debian/build.sh
index 3c404bc39..981ff796e 100755
--- a/utilities/docker/debian/build.sh
+++ b/utilities/docker/debian/build.sh
@@ -18,8 +18,8 @@ GITHUB_SRC=$3
 
 # Install deps
 linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION"
-build_deps="apt-utils libelf-dev build-essential libssl-dev python \
-python-six wget gdb autoconf libtool git automake bzip2 debhelper \
+build_deps="apt-utils libelf-dev build-essential libssl-dev python3 \
+python3-six wget gdb autoconf libtool git automake bzip2 debhelper \
 dh-autoreconf openssl"
 
 apt-get update
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v1] ovs container build.sh requires python3

[amginwal]

From: Aliasgar Ginwala 

building ovn/ovs container breaks while configure:
checking for Python 3 (version 3.4 or later)... no
configure: error: Python 3.4 or later is required but not found in
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin,
please install it or set  to point to it

As per commit 1ca0323e7c29dc7ef5a615c265df0460208f92de
Require Python 3 and remove support for Python 2.

Signed-off-by: Aliasgar Ginwala 
---
 utilities/docker/debian/build-kernel-modules.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utilities/docker/debian/build-kernel-modules.sh 
b/utilities/docker/debian/build-kernel-modules.sh
index 1b12720b9..18ac35764 100755
--- a/utilities/docker/debian/build-kernel-modules.sh
+++ b/utilities/docker/debian/build-kernel-modules.sh
@@ -18,8 +18,8 @@ GITHUB_SRC=$3
 
 # Install deps
 linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION"
-build_deps="apt-utils libelf-dev build-essential libssl-dev python \
-python-six wget gdb autoconf libtool git automake bzip2 debhelper \
+build_deps="apt-utils libelf-dev build-essential libssl-dev python3 \
+python3-six wget gdb autoconf libtool git automake bzip2 debhelper \
 dh-autoreconf openssl"
 
 apt-get update
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v1 ovn] ovn-nb/sbctl.c: Use env variables for passing options.

[amginwal]

From: Aliasgar Ginwala 

Add new env variables OVN_NBCTL_OPTIONS and OVN_SBCTL_OPTIONS for
ovn-nbctl and ovn-sbctl respectively where user can set any single
supported option. e.g export OVN_NBCTL_OPTIONS=--no-leader-only.
Above env var OVN_NBCTL_OPTIONS have no effect if user runs
command as ovn-nbctl --no-leader-only 

Signed-off-by: Aliasgar Ginwala 
---
 utilities/ovn-nbctl.8.xml |  7 +++
 utilities/ovn-nbctl.c | 36 ++--
 utilities/ovn-sbctl.8.in  |  6 ++
 utilities/ovn-sbctl.c | 36 ++--
 4 files changed, 81 insertions(+), 4 deletions(-)

diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml
index fd75c0e44..6a7962973 100644
--- a/utilities/ovn-nbctl.8.xml
+++ b/utilities/ovn-nbctl.8.xml
@@ -1178,6 +1178,13 @@
   wait at all.  Use the sync command to override this
   behavior.
 
+
+
+  If the OVN_NBCTL_OPTIONS environment variable is set,
+  its value is used as the default to set above options. If user
+  passes options via cli, OVN_NBCTL_OPTIONS environment
+  variable will have no effect.
+
   
 
 --db database
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index a89a9cb4d..8d2bc0968 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -124,18 +124,49 @@ static char * OVS_WARN_UNUSED_RESULT main_loop(const char 
*args,
 static void server_loop(struct ovsdb_idl *idl, int argc, char *argv[]);
 
 int
-main(int argc, char *argv[])
+main(int argc, char *argv_[])
 {
 struct ovsdb_idl *idl;
 struct shash local_options;
 
-set_program_name(argv[0]);
+set_program_name(argv_[0]);
 fatal_ignore_sigpipe();
 vlog_set_levels(NULL, VLF_CONSOLE, VLL_WARN);
 vlog_set_levels_from_string_assert("reconnect:warn");
 
 nbctl_cmd_init();
 
+/* Check if options are set via env var. */
+static int ops_passed = false;
+int i, j = 0;
+char *ovn_nbctl_options = getenv("OVN_NBCTL_OPTIONS");
+char **argv = xcalloc(argc + 1, sizeof( *argv_) + 1);
+if (ovn_nbctl_options) {
+for (i = 0; i < argc; i++) {
+if (strcmp(argv_[i], ovn_nbctl_options) == 0) {
+ops_passed = true;
+break;
+}
+}
+/* if option not passed via cli, read env var set by user.*/
+if (!ops_passed) {
+for (i = 0, j = 0; i < argc; i++, j++) {
+if (j == 1) {
+argv[j] = ovn_nbctl_options;
+j++;
+}
+argv[j] = xstrdup(argv_[i]);
+}
+argc = j;
+}
+}
+if (ops_passed || !ovn_nbctl_options) {
+/* Copy args for parsing as is from argv_ */
+for (i = 0; i < argc; i++) {
+argv[i] = xstrdup(argv_[i]);
+}
+}
+
 /* ovn-nbctl has three operation modes:
  *
  *- Direct: Executes commands by contacting ovsdb-server directly.
@@ -240,6 +271,7 @@ main(int argc, char *argv[])
 idl = the_idl = NULL;
 
 free(args);
+free(argv);
 exit(EXIT_SUCCESS);
 }
 
diff --git a/utilities/ovn-sbctl.8.in b/utilities/ovn-sbctl.8.in
index 2aaa457e8..b9cfde897 100644
--- a/utilities/ovn-sbctl.8.in
+++ b/utilities/ovn-sbctl.8.in
@@ -93,6 +93,12 @@ to approximately \fIsecs\fR seconds.  If the timeout expires,
 would normally happen only if the database cannot be contacted, or if
 the system is overloaded.)
 .
+.IP "\fBOVN_SBCTL_OPTIONS\fR"
+If \fBOVN_SBCTL_OPTIONS\fR environment variable is set,
+its value is used as the default to set above options. If user
+passes options via cli, \fBOVN_SBCTL_OPTIONS\fR environment
+variable will have no effect.
+.
 .so lib/vlog.man
 .so lib/common.man
 .
diff --git a/utilities/ovn-sbctl.c b/utilities/ovn-sbctl.c
index 9a9b6f0ec..51bfe7101 100644
--- a/utilities/ovn-sbctl.c
+++ b/utilities/ovn-sbctl.c
@@ -93,7 +93,7 @@ static bool do_sbctl(const char *args, struct ctl_command *, 
size_t n,
  struct ovsdb_idl *);
 
 int
-main(int argc, char *argv[])
+main(int argc, char *argv_[])
 {
 struct ovsdb_idl *idl;
 struct ctl_command *commands;
@@ -101,13 +101,44 @@ main(int argc, char *argv[])
 unsigned int seqno;
 size_t n_commands;
 
-set_program_name(argv[0]);
+set_program_name(argv_[0]);
 fatal_ignore_sigpipe();
 vlog_set_levels(NULL, VLF_CONSOLE, VLL_WARN);
 vlog_set_levels_from_string_assert("reconnect:warn");
 
 sbctl_cmd_init();
 
+/* Check if options are set via env var. */
+static int ops_passed = false;
+int i, j = 0;
+char *ovn_sbctl_options = getenv("OVN_SBCTL_OPTIONS");
+char **argv = xcalloc(argc + 1, sizeof( *argv_) + 1);
+if (ovn_sbctl_options) {
+for (i = 0; i < argc; i++) {
+if (strcmp(argv_[i], ovn_sbctl_options) == 0) {
+ops_passed = true;
+break;
+}
+}
+/

[ovs-dev] [PATCH v1 ovn] ovn-nb/sbctl.c: Set no-leader-only as default for clustered dbs

[amginwal]

From: Aliasgar Ginwala 

When using ovn-nb/sbctl running in cluster, one can use local
socket to run different commands. It is very inconvenient to pass
no-leader-only in different tools using ovn-nb/sbctl instead of
allowing one to to connect to any nodes in the cluster including
itself.
e.g common usage ovn-nb/sbctl show.
Hence, this commit handles the same.

Signed-off-by: Aliasgar Ginwala 
---
 utilities/ovn-nbctl.8.xml | 17 +
 utilities/ovn-nbctl.c |  3 ++-
 utilities/ovn-sbctl.8.in  | 18 +-
 utilities/ovn-sbctl.c |  2 +-
 4 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml
index fd75c0e44..3dd05fa65 100644
--- a/utilities/ovn-nbctl.8.xml
+++ b/utilities/ovn-nbctl.8.xml
@@ -1192,14 +1192,15 @@
 --leader-only
 --no-leader-only
 
-  By default, or with --leader-only, when the database server
-  is a clustered database, ovn-nbctl will avoid servers other
-  than the cluster leader.  This ensures that any data that
-  ovn-nbctl reads and reports is up-to-date.  With
-  --no-leader-only, ovn-nbctl will use any server
-  in the cluster, which means that for read-only transactions it can report
-  and act on stale data (transactions that modify the database are always
-  serialized even with --no-leader-only).  Refer to
+  By default, or with --no-leader-only, when the database
+  server is a clustered database, ovn-nbctl may connect to
+  any server in the cluster, which means that for read-only transactions
+  it can report and act on stale data (transactions that modify the
+  database are always serialized even with --no-leader-only).
+  To avoid reading stale data, one can specify --leader-only,
+  so that ovn-nbctl will avoid servers other than the cluster
+  leader. For daemon mode, since it is for long running connections,
+  default is set to --leader-only. Refer to
   Understanding Cluster Consistency in ovsdb(7)
   for more information.
 
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index a89a9cb4d..3804dd25a 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -81,7 +81,7 @@ static struct ovsdb_idl_txn *the_idl_txn;
 OVS_NO_RETURN static void nbctl_exit(int status);
 
 /* --leader-only, --no-leader-only: Only accept the leader in a cluster. */
-static int leader_only = true;
+static int leader_only = false;
 
 /* --shuffle-remotes, --no-shuffle-remotes: Shuffle the order of remotes that
  * are specified in the connetion method string. */
@@ -188,6 +188,7 @@ main(int argc, char *argv[])
   "(use --help for help)");
 }
 daemon_mode = true;
+leader_only = true;
 }
 /* Initialize IDL. */
 idl = the_idl = ovsdb_idl_create_unconnected(&nbrec_idl_class, true);
diff --git a/utilities/ovn-sbctl.8.in b/utilities/ovn-sbctl.8.in
index 2aaa457e8..f52412812 100644
--- a/utilities/ovn-sbctl.8.in
+++ b/utilities/ovn-sbctl.8.in
@@ -53,16 +53,16 @@ e.g. \fBssl:192.168.10.5:6640\fR, as described in 
\fBovsdb\fR(7).
 .
 .IP "\fB\-\-leader\-only\fR"
 .IQ "\fB\-\-no\-leader\-only\fR"
-By default, or with \fB\-\-leader\-only\fR, when the database server
-is a clustered database, \fBovn\-sbctl\fR will avoid servers other
-than the cluster leader.  This ensures that any data that
-\fBovn\-sbctl\fR reads and reports is up-to-date.  With
-\fB\-\-no\-leader\-only\fR, \fBovn\-sbctl\fR will use any server in
-the cluster, which means that for read-only transactions it can report
+By default, or with \fB\-\-no\-leader\-only\fR, when the database server
+is a clustered database, \fBovn\-sbctl\fR may connect to any server
+in the cluster, which means that for read-only transactions it can report
 and act on stale data (transactions that modify the database are
-always serialized even with \fB\-\-no\-leader\-only\fR).  Refer to
-\fBUnderstanding Cluster Consistency\fR in \fBovsdb\fR(7) for more
-information.
+always serialized even with \fB\-\-no\-leader\-only\fR). To avoid reading
+stale data, one can specify \fB\-\-leader\-only\fR, so that
+\fBovn\-sbctl\fR will avoid servers other than the cluster leader. For daemon
+mode, since it is for long running connections, default is set to
+\fB\-\-leader\-only\fR. Refer to \fBUnderstanding Cluster Consistency\fR in
+\fBovsdb\fR(7) for more information.
 .
 .IP "\fB\-\-no\-syslog\fR"
 By default, \fBovn\-sbctl\fR logs its arguments and the details of any
diff --git a/utilities/ovn-sbctl.c b/utilities/ovn-sbctl.c
index 9a9b6f0ec..f1cb8790f 100644
--- a/utilities/ovn-sbctl.c
+++ b/utilities/ovn-sbctl.c
@@ -82,7 +82,7 @@ static struct ovsdb_idl_txn *the_idl_txn;
 OVS_NO_RETURN static void sbctl_exit(int status);
 
 /* --leader-only, --no-leader-only: Only accept the leader in a cluster. */
-static int leader_only = true;
+static int leader_only = false;
 
 static void sbctl_cmd_init(void);
 OVS_NO_RETURN static

[ovs-dev] [PATCH v2.11] ovn-ctl: Support passing ssl certs for northd

[amginwal]

From: Aliasgar Ginwala 

When using ssl mode for ovn nb/sb active-standby/cluster db service models,
northd can use ssl mode too.
e.g. one can pass  --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and
--ovn-northd-ssl-cert to start northd with ssl

Signed-off-by: Aliasgar Ginwala 
Acked-by: Han Zhou 
---
 ovn/utilities/ovn-ctl | 16 
 1 file changed, 16 insertions(+)

diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
index f1297a262..769c09752 100755
--- a/ovn/utilities/ovn-ctl
+++ b/ovn/utilities/ovn-ctl
@@ -314,6 +314,15 @@ start_northd () {
 if test X"$OVN_NORTHD_LOGFILE" != X; then
 set "$@" --log-file=$OVN_NORTHD_LOGFILE
 fi
+if test X"$OVN_NORTHD_SSL_KEY" != X; then
+set "$@" --private-key=$OVN_NORTHD_SSL_KEY
+fi
+if test X"$OVN_NORTHD_SSL_CERT" != X; then
+set "$@" --certificate=$OVN_NORTHD_SSL_CERT
+fi
+if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then
+set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT
+fi
 
 [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
 
@@ -475,6 +484,10 @@ set_defaults () {
 OVN_CONTROLLER_SSL_CA_CERT=""
 OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
 
+OVN_NORTHD_SSL_KEY=""
+OVN_NORTHD_SSL_CERT=""
+OVN_NORTHD_SSL_CA_CERT=""
+
 DB_SB_CREATE_INSECURE_REMOTE="no"
 DB_NB_CREATE_INSECURE_REMOTE="no"
 
@@ -571,6 +584,9 @@ Options:
   --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
   --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
   --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
+  --ovn-northd-ssl-key=KEY OVN Northd SSL private key file
+  --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file
+  --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file
   --ovn-manage-ovsdb=yes|noWhether or not the OVN databases should be
automatically started and stopped along
with ovn-northd. The default is "yes". If
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2 2/2 ovn] Support starting containers with unix socket

[amginwal]

From: Aliasgar Ginwala 

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/intro/install/general.rst | 14 ++
 utilities/docker/start-ovn  |  9 +
 2 files changed, 23 insertions(+)

diff --git a/Documentation/intro/install/general.rst 
b/Documentation/intro/install/general.rst
index 4936540fb..bbf05723b 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -449,6 +449,20 @@ Start OVN containers using below command::
 $ docker run -itd --net=host --name=ovn-northd \
   : ovn-northd-tcp
 
+Start OVN containers using unix socket::
+
+$ docker run -itd --net=host --name=ovn-nb \
+  -v /var/run/ovn/:/var/run/ovn/ \
+  : ovn-nb
+
+$ docker run -itd --net=host --name=ovn-sb \
+  -v /var/run/ovn/:/var/run/ovn/
+  : ovn-sb
+
+$ docker run -itd --net=host --name=ovn-northd \
+  -v /var/run/ovn/:/var/run/ovn/
+  : ovn-northd
+
 .. note::
 Current ovn central components comes up in docker image in a standalone
 mode with protocol tcp.
diff --git a/utilities/docker/start-ovn b/utilities/docker/start-ovn
index 7457836fe..fbdd2af91 100755
--- a/utilities/docker/start-ovn
+++ b/utilities/docker/start-ovn
@@ -13,6 +13,15 @@
 # limitations under the License.
 
 case $1 in
+"ovn-nb") /usr/share/ovn/scripts/ovn-ctl run_nb_ovsdb
+;;
+"ovn-sb") /usr/share/ovn/scripts/ovn-ctl run_sb_ovsdb
+;;
+"ovn-northd") ovn-northd --pidfile \
+  --ovnnb-db="unix:/var/run/ovn/ovnnb_db.sock" \
+  --ovnsb-db="unix:/var/run/ovn/ovnsb_db.sock" \
+  --log-file=/var/log/ovn/ovn-northd.log
+;;
 "ovn-nb-tcp") source /etc/ovn/ovn_default_nb_port
   /usr/share/ovn/scripts/ovn-ctl start_ovsdb
   ovn-nbctl set-connection ptcp:$nb_db_port
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2 1/2 ovn] OVN: Fix container build.

[amginwal]

From: Aliasgar Ginwala 

Current code changes in ovs/ovn split replaced openvswitch with ovn and
caused container patches to break.
Also, as per ff4439d, one should build ovn specifying ovs source.
This patch fixes the same.

Signed-off-by: Aliasgar Ginwala 
---
 utilities/automake.mk  |  1 -
 utilities/docker/create_ovn_dbs.sh | 18 --
 utilities/docker/debian/Dockerfile | 12 +---
 utilities/docker/debian/build.sh   | 20 +---
 utilities/docker/start-ovn | 26 +-
 5 files changed, 35 insertions(+), 42 deletions(-)
 delete mode 100755 utilities/docker/create_ovn_dbs.sh

diff --git a/utilities/automake.mk b/utilities/automake.mk
index ab0f6003a..197cc7011 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -35,7 +35,6 @@ EXTRA_DIST += \
 utilities/checkpatch.py \
 utilities/docker/Makefile \
 utilities/docker/start-ovn \
-utilities/docker/create_ovn_dbs.sh \
 utilities/docker/ovn_default_nb_port \
 utilities/docker/ovn_default_sb_port \
 utilities/docker/ovn_default_northd_host \
diff --git a/utilities/docker/create_ovn_dbs.sh 
b/utilities/docker/create_ovn_dbs.sh
deleted file mode 100755
index 43ab367d6..0
--- a/utilities/docker/create_ovn_dbs.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ovsdb-tool create /etc/openvswitch/ovnnb_db.db \
-/usr/share/openvswitch/ovn-nb.ovsschema
-ovsdb-tool create /etc/openvswitch/ovnsb_db.db \
-/usr/share/openvswitch/ovn-sb.ovsschema
diff --git a/utilities/docker/debian/Dockerfile 
b/utilities/docker/debian/Dockerfile
index fe72c3a33..30504480d 100644
--- a/utilities/docker/debian/Dockerfile
+++ b/utilities/docker/debian/Dockerfile
@@ -9,14 +9,12 @@ ARG DISTRO
 copy $DISTRO/build.sh /build.sh
 RUN /build.sh $KERNEL_VERSION $OVN_BRANCH $GITHUB_SRC
 
-COPY create_ovn_dbs.sh /etc/openvswitch/create_ovn_dbs.sh
-RUN /etc/openvswitch/create_ovn_dbs.sh
-
-COPY ovn_default_nb_port /etc/openvswitch/ovn_default_nb_port
-COPY ovn_default_sb_port /etc/openvswitch/ovn_default_sb_port
-COPY ovn_default_northd_host /etc/openvswitch/ovn_default_northd_host
+COPY ovn_default_nb_port /etc/ovn/ovn_default_nb_port
+COPY ovn_default_sb_port /etc/ovn/ovn_default_sb_port
+COPY ovn_default_northd_host /etc/ovn/ovn_default_northd_host
 
 COPY start-ovn /bin/start-ovn
 VOLUME ["/var/log/openvswitch", \
-"/var/lib/openvswitch", "/var/run/openvswitch", "/etc/openvswitch"]
+"/var/lib/openvswitch", "/var/run/openvswitch", "/etc/openvswitch", \
+"/var/log/ovn", "/var/lib/ovn", "/var/run/ovn", "/etc/ovn"]
 ENTRYPOINT ["start-ovn"]
diff --git a/utilities/docker/debian/build.sh b/utilities/docker/debian/build.sh
index fd26a8aa8..3c404bc39 100755
--- a/utilities/docker/debian/build.sh
+++ b/utilities/docker/debian/build.sh
@@ -25,20 +25,34 @@ dh-autoreconf openssl"
 apt-get update
 apt-get install -y ${linux} ${build_deps}
 
-# get the source
+# get ovs source always from master as its needed as dependency
 mkdir /build; cd /build
+git clone --depth 1 -b master https://github.com/openvswitch/ovs.git
+cd ovs;
+mkdir _gcc;
+
+# build and install
+./boot.sh
+cd _gcc
+../configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
+--with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl
+cd ..; make -C _gcc install; cd ..
+
+
+# get ovn source
 git clone --depth 1 -b $OVN_BRANCH $GITHUB_SRC
 cd ovn
 
 # build and install
 ./boot.sh
 ./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
---with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl
+--with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl \
+--with-ovs-source=/build/ovs/ --with-ovs-build=/build/ovs/_gcc
 make -j8; make install
 
 # remove deps to make the container light weight.
 apt-get remove --purge -y ${build_deps}
 apt-get autoremove -y --purge
-cd ..; rm -rf ovn
+cd ..; rm -rf ovn; rm -rf ovs
 basic_utils="vim kmod net-tools uuid-runtime iproute2"
 apt-get install -y ${basic_utils}
diff --git a/utilities/docker/start-ovn b/utilities/docker/start-ovn
index 7f87e65a3..7457836fe 100755
--- a/utilities/docker/start-ovn
+++ b/utilities/docker/start-ovn
@@ -13,28 +13,28 @@
 # limitations under the License.
 
 case $1 in
-"ovn-nb-tcp") source /etc/openvswitch/ovn_default_nb_port
-  /usr/share/openvswitch/scripts/ovn-ctl start_ovsdb
+"ovn-nb-tcp") source /etc/ovn/ovn_default_nb_port
+  

[ovs-dev] [PATCH v1 ovn] ovn-ctl: Support passing ssl certs for northd

[amginwal]

From: Aliasgar Ginwala 

When using ssl mode for ovn nb/sb active-standby/cluster db service models,
northd can use ssl mode too.
e.g. one can pass  --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and
--ovn-northd-ssl-cert to start northd with ssl

Signed-off-by: Aliasgar Ginwala 
---
 utilities/ovn-ctl | 16 
 1 file changed, 16 insertions(+)

diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index 4242cd2c8..433ee4f50 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -344,6 +344,15 @@ start_northd () {
 if test X"$OVN_NORTHD_LOGFILE" != X; then
 set "$@" --log-file=$OVN_NORTHD_LOGFILE
 fi
+if test X"$OVN_NORTHD_SSL_KEY" != X; then
+set "$@" --private-key=$OVN_NORTHD_SSL_KEY
+fi
+if test X"$OVN_NORTHD_SSL_CERT" != X; then
+set "$@" --certificate=$OVN_NORTHD_SSL_CERT
+fi
+if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then
+set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT
+fi
 
 [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
 
@@ -513,6 +522,10 @@ set_defaults () {
 OVN_CONTROLLER_SSL_CA_CERT=""
 OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
 
+OVN_NORTHD_SSL_KEY=""
+OVN_NORTHD_SSL_CERT=""
+OVN_NORTHD_SSL_CA_CERT=""
+
 DB_SB_CREATE_INSECURE_REMOTE="no"
 DB_NB_CREATE_INSECURE_REMOTE="no"
 
@@ -617,6 +630,9 @@ Options:
   --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
   --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
   --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
+  --ovn-northd-ssl-key=KEY OVN Northd SSL private key file
+  --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file
+  --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file
   --ovn-manage-ovsdb=yes|noWhether or not the OVN databases should be
automatically started and stopped along
with ovn-northd. The default is "yes". If
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 1/2 ovn] OVN: Fix container build.

[amginwal]

From: Aliasgar Ginwala 

Current code changes in ovs/ovn split replaced openvswitch with ovn and
caused container patches to break.
Also, as per ff4439d, one should build ovn specifying ovs source.
This patch fixes the same.
---
 utilities/docker/create_ovn_dbs.sh | 18 --
 utilities/docker/debian/Dockerfile | 12 +---
 utilities/docker/debian/build.sh   | 20 +---
 utilities/docker/start-ovn | 26 +-
 4 files changed, 35 insertions(+), 41 deletions(-)
 delete mode 100755 utilities/docker/create_ovn_dbs.sh

diff --git a/utilities/docker/create_ovn_dbs.sh 
b/utilities/docker/create_ovn_dbs.sh
deleted file mode 100755
index 43ab367d6..0
--- a/utilities/docker/create_ovn_dbs.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ovsdb-tool create /etc/openvswitch/ovnnb_db.db \
-/usr/share/openvswitch/ovn-nb.ovsschema
-ovsdb-tool create /etc/openvswitch/ovnsb_db.db \
-/usr/share/openvswitch/ovn-sb.ovsschema
diff --git a/utilities/docker/debian/Dockerfile 
b/utilities/docker/debian/Dockerfile
index fe72c3a33..30504480d 100644
--- a/utilities/docker/debian/Dockerfile
+++ b/utilities/docker/debian/Dockerfile
@@ -9,14 +9,12 @@ ARG DISTRO
 copy $DISTRO/build.sh /build.sh
 RUN /build.sh $KERNEL_VERSION $OVN_BRANCH $GITHUB_SRC
 
-COPY create_ovn_dbs.sh /etc/openvswitch/create_ovn_dbs.sh
-RUN /etc/openvswitch/create_ovn_dbs.sh
-
-COPY ovn_default_nb_port /etc/openvswitch/ovn_default_nb_port
-COPY ovn_default_sb_port /etc/openvswitch/ovn_default_sb_port
-COPY ovn_default_northd_host /etc/openvswitch/ovn_default_northd_host
+COPY ovn_default_nb_port /etc/ovn/ovn_default_nb_port
+COPY ovn_default_sb_port /etc/ovn/ovn_default_sb_port
+COPY ovn_default_northd_host /etc/ovn/ovn_default_northd_host
 
 COPY start-ovn /bin/start-ovn
 VOLUME ["/var/log/openvswitch", \
-"/var/lib/openvswitch", "/var/run/openvswitch", "/etc/openvswitch"]
+"/var/lib/openvswitch", "/var/run/openvswitch", "/etc/openvswitch", \
+"/var/log/ovn", "/var/lib/ovn", "/var/run/ovn", "/etc/ovn"]
 ENTRYPOINT ["start-ovn"]
diff --git a/utilities/docker/debian/build.sh b/utilities/docker/debian/build.sh
index fd26a8aa8..3c404bc39 100755
--- a/utilities/docker/debian/build.sh
+++ b/utilities/docker/debian/build.sh
@@ -25,20 +25,34 @@ dh-autoreconf openssl"
 apt-get update
 apt-get install -y ${linux} ${build_deps}
 
-# get the source
+# get ovs source always from master as its needed as dependency
 mkdir /build; cd /build
+git clone --depth 1 -b master https://github.com/openvswitch/ovs.git
+cd ovs;
+mkdir _gcc;
+
+# build and install
+./boot.sh
+cd _gcc
+../configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
+--with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl
+cd ..; make -C _gcc install; cd ..
+
+
+# get ovn source
 git clone --depth 1 -b $OVN_BRANCH $GITHUB_SRC
 cd ovn
 
 # build and install
 ./boot.sh
 ./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
---with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl
+--with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl \
+--with-ovs-source=/build/ovs/ --with-ovs-build=/build/ovs/_gcc
 make -j8; make install
 
 # remove deps to make the container light weight.
 apt-get remove --purge -y ${build_deps}
 apt-get autoremove -y --purge
-cd ..; rm -rf ovn
+cd ..; rm -rf ovn; rm -rf ovs
 basic_utils="vim kmod net-tools uuid-runtime iproute2"
 apt-get install -y ${basic_utils}
diff --git a/utilities/docker/start-ovn b/utilities/docker/start-ovn
index 7f87e65a3..7457836fe 100755
--- a/utilities/docker/start-ovn
+++ b/utilities/docker/start-ovn
@@ -13,28 +13,28 @@
 # limitations under the License.
 
 case $1 in
-"ovn-nb-tcp") source /etc/openvswitch/ovn_default_nb_port
-  /usr/share/openvswitch/scripts/ovn-ctl start_ovsdb
+"ovn-nb-tcp") source /etc/ovn/ovn_default_nb_port
+  /usr/share/ovn/scripts/ovn-ctl start_ovsdb
   ovn-nbctl set-connection ptcp:$nb_db_port
-  /usr/share/openvswitch/scripts/ovn-ctl stop_ovsdb
-  /usr/share/openvswitch/scripts/ovn-ctl run_nb_ovsdb
+  /usr/share/ovn/scripts/ovn-ctl stop_ovsdb
+  /usr/share/ovn/scripts/ovn-ctl run_nb_ovsdb
 ;;
-"ovn-sb-tcp") source /etc/openvswitch/ovn_default_sb_port
-  /usr/share/openvswitch/scripts/ovn-ctl

[ovs-dev] [PATCH 2/2 ovn] Support starting containers with unix socket

[amginwal]

From: Aliasgar Ginwala 

---
 Documentation/intro/install/general.rst | 14 ++
 utilities/docker/start-ovn  |  9 +
 2 files changed, 23 insertions(+)

diff --git a/Documentation/intro/install/general.rst 
b/Documentation/intro/install/general.rst
index 4936540fb..bbf05723b 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -449,6 +449,20 @@ Start OVN containers using below command::
 $ docker run -itd --net=host --name=ovn-northd \
   : ovn-northd-tcp
 
+Start OVN containers using unix socket::
+
+$ docker run -itd --net=host --name=ovn-nb \
+  -v /var/run/ovn/:/var/run/ovn/ \
+  : ovn-nb
+
+$ docker run -itd --net=host --name=ovn-sb \
+  -v /var/run/ovn/:/var/run/ovn/
+  : ovn-sb
+
+$ docker run -itd --net=host --name=ovn-northd \
+  -v /var/run/ovn/:/var/run/ovn/
+  : ovn-northd
+
 .. note::
 Current ovn central components comes up in docker image in a standalone
 mode with protocol tcp.
diff --git a/utilities/docker/start-ovn b/utilities/docker/start-ovn
index 7457836fe..fbdd2af91 100755
--- a/utilities/docker/start-ovn
+++ b/utilities/docker/start-ovn
@@ -13,6 +13,15 @@
 # limitations under the License.
 
 case $1 in
+"ovn-nb") /usr/share/ovn/scripts/ovn-ctl run_nb_ovsdb
+;;
+"ovn-sb") /usr/share/ovn/scripts/ovn-ctl run_sb_ovsdb
+;;
+"ovn-northd") ovn-northd --pidfile \
+  --ovnnb-db="unix:/var/run/ovn/ovnnb_db.sock" \
+  --ovnsb-db="unix:/var/run/ovn/ovnsb_db.sock" \
+  --log-file=/var/log/ovn/ovn-northd.log
+;;
 "ovn-nb-tcp") source /etc/ovn/ovn_default_nb_port
   /usr/share/ovn/scripts/ovn-ctl start_ovsdb
   ovn-nbctl set-connection ptcp:$nb_db_port
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v10] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
Acked-by: Han Zhou 
---
 Documentation/ref/ovsdb.7.rst |   3 +
 NEWS  |   3 +
 ovsdb/ovsdb-tool.1.in |   8 +++
 ovsdb/ovsdb-tool.c| 101 +-
 tests/ovsdb-tool.at   |  38 +
 5 files changed, 152 insertions(+), 1 deletion(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index cd1c63d64..b12d8066c 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -514,6 +514,9 @@ standalone database from the contents of a running 
clustered database.
 When the cluster is down and cannot be revived, ``ovsdb-client backup`` will
 not work.
 
+Use ``ovsdb-tool cluster-to-standalone`` to convert clustered database to
+standalone database when the cluster is down and cannot be revived.
+
 Upgrading or Downgrading a Database
 ---
 
diff --git a/NEWS b/NEWS
index c5caa13d6..a02f9f1a6 100644
--- a/NEWS
+++ b/NEWS
@@ -49,6 +49,9 @@ v2.12.0 - xx xxx 
quickly after a brief disconnection, saving bandwidth and CPU time.
See section 4.1.15 of ovsdb-server(7) for details of related OVSDB
protocol extension.
+ * Support to convert from cluster database to standalone database is now
+   available when clustered is down and cannot be revived using ovsdb-tool
+   . Check "Database Migration Commands" in ovsdb-tool man section.
- OVN:
  * IPAM/MACAM:
- select IPAM mac_prefix in a random manner if not provided by the user
diff --git a/ovsdb/ovsdb-tool.1.in b/ovsdb/ovsdb-tool.1.in
index ec85e14c4..31a918d90 100644
--- a/ovsdb/ovsdb-tool.1.in
+++ b/ovsdb/ovsdb-tool.1.in
@@ -147,6 +147,14 @@ avoid this possibility, specify \fB\-\-cid=\fIuuid\fR, 
where
 \fIuuid\fR is the cluster ID of the cluster to join, as printed by
 \fBovsdb\-tool get\-cid\fR.
 .
+.SS "Database Migration Commands"
+This commands will convert cluster database to standalone database.
+.
+.IP "\fBcluster\-to\-standalone\fI db clusterdb"
+Use this command to convert to standalone database from clustered database
+when the cluster is down and cannot be revived. It creates new standalone
+\fIdb\fR file from the given cluster \fIdb\fR file.
+.
 .SS "Version Management Commands"
 .so ovsdb/ovsdb-schemas.man
 .PP
diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..3bbf4c8bc 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,9 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  cluster-to-standalone DB DBConvert clustered DB to\n"
+   "  standalone DB when cluster is down and cannot be\n"
+   "revived\n"
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -942,6 +945,55 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static void
+raft_header_to_standalone_log(const struct raft_header *h,
+  struct ovsdb_log *db_log_data)
+{
+if (h->snap_index) {
+if (!h->snap.data || json_array(h->snap.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft header data array length");
+}
+
+struct json *schema_json = json_array(h->snap.data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+ovsdb_schema_destroy(schema);
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   schema_json));
+}
+
+struct json *data_json = json_array(h->snap.data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "Invalid raft header data");
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   data_json));
+}
+}
+}
+
+static void
+raft_record_to_standalone_log(const struct raft_record *r,
+  struct ovsdb_log *db_log_data)
+{
+if (r->type == RAFT_REC_ENTRY) {
+if (!r->entry.data) {
+return;
+}
+if (json_array(r->entry.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft record array length");
+}
+
+struct json *data_json = json_array(r->entry.data)->elems[1];
+if (data_json->type != JSON_N

[ovs-dev] [PATCH v9] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/ref/ovsdb.7.rst |   3 +
 NEWS  |   3 +
 ovsdb/ovsdb-tool.1.in |   8 +++
 ovsdb/ovsdb-tool.c| 101 +-
 tests/ovsdb-tool.at   |  43 +++
 5 files changed, 157 insertions(+), 1 deletion(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index cd1c63d64..b12d8066c 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -514,6 +514,9 @@ standalone database from the contents of a running 
clustered database.
 When the cluster is down and cannot be revived, ``ovsdb-client backup`` will
 not work.
 
+Use ``ovsdb-tool cluster-to-standalone`` to convert clustered database to
+standalone database when the cluster is down and cannot be revived.
+
 Upgrading or Downgrading a Database
 ---
 
diff --git a/NEWS b/NEWS
index c5caa13d6..a02f9f1a6 100644
--- a/NEWS
+++ b/NEWS
@@ -49,6 +49,9 @@ v2.12.0 - xx xxx 
quickly after a brief disconnection, saving bandwidth and CPU time.
See section 4.1.15 of ovsdb-server(7) for details of related OVSDB
protocol extension.
+ * Support to convert from cluster database to standalone database is now
+   available when clustered is down and cannot be revived using ovsdb-tool
+   . Check "Database Migration Commands" in ovsdb-tool man section.
- OVN:
  * IPAM/MACAM:
- select IPAM mac_prefix in a random manner if not provided by the user
diff --git a/ovsdb/ovsdb-tool.1.in b/ovsdb/ovsdb-tool.1.in
index ec85e14c4..31a918d90 100644
--- a/ovsdb/ovsdb-tool.1.in
+++ b/ovsdb/ovsdb-tool.1.in
@@ -147,6 +147,14 @@ avoid this possibility, specify \fB\-\-cid=\fIuuid\fR, 
where
 \fIuuid\fR is the cluster ID of the cluster to join, as printed by
 \fBovsdb\-tool get\-cid\fR.
 .
+.SS "Database Migration Commands"
+This commands will convert cluster database to standalone database.
+.
+.IP "\fBcluster\-to\-standalone\fI db clusterdb"
+Use this command to convert to standalone database from clustered database
+when the cluster is down and cannot be revived. It creates new standalone
+\fIdb\fR file from the given cluster \fIdb\fR file.
+.
 .SS "Version Management Commands"
 .so ovsdb/ovsdb-schemas.man
 .PP
diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..3bbf4c8bc 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,9 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  cluster-to-standalone DB DBConvert clustered DB to\n"
+   "  standalone DB when cluster is down and cannot be\n"
+   "revived\n"
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -942,6 +945,55 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static void
+raft_header_to_standalone_log(const struct raft_header *h,
+  struct ovsdb_log *db_log_data)
+{
+if (h->snap_index) {
+if (!h->snap.data || json_array(h->snap.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft header data array length");
+}
+
+struct json *schema_json = json_array(h->snap.data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+ovsdb_schema_destroy(schema);
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   schema_json));
+}
+
+struct json *data_json = json_array(h->snap.data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "Invalid raft header data");
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   data_json));
+}
+}
+}
+
+static void
+raft_record_to_standalone_log(const struct raft_record *r,
+  struct ovsdb_log *db_log_data)
+{
+if (r->type == RAFT_REC_ENTRY) {
+if (!r->entry.data) {
+return;
+}
+if (json_array(r->entry.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft record array length");
+}
+
+struct json *data_json = json_array(r->entry.data)->elems[1];
+if (data_json->type != JSON_NULL) {
+  

[ovs-dev] [PATCH v8] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/ref/ovsdb.7.rst |   3 +
 NEWS  |   3 +
 ovsdb/ovsdb-tool.1.in |   8 +++
 ovsdb/ovsdb-tool.c| 101 -
 tests/ovsdb-tool.at   | 116 ++
 5 files changed, 230 insertions(+), 1 deletion(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index cd1c63d64..b12d8066c 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -514,6 +514,9 @@ standalone database from the contents of a running 
clustered database.
 When the cluster is down and cannot be revived, ``ovsdb-client backup`` will
 not work.
 
+Use ``ovsdb-tool cluster-to-standalone`` to convert clustered database to
+standalone database when the cluster is down and cannot be revived.
+
 Upgrading or Downgrading a Database
 ---
 
diff --git a/NEWS b/NEWS
index c5caa13d6..a02f9f1a6 100644
--- a/NEWS
+++ b/NEWS
@@ -49,6 +49,9 @@ v2.12.0 - xx xxx 
quickly after a brief disconnection, saving bandwidth and CPU time.
See section 4.1.15 of ovsdb-server(7) for details of related OVSDB
protocol extension.
+ * Support to convert from cluster database to standalone database is now
+   available when clustered is down and cannot be revived using ovsdb-tool
+   . Check "Database Migration Commands" in ovsdb-tool man section.
- OVN:
  * IPAM/MACAM:
- select IPAM mac_prefix in a random manner if not provided by the user
diff --git a/ovsdb/ovsdb-tool.1.in b/ovsdb/ovsdb-tool.1.in
index ec85e14c4..31a918d90 100644
--- a/ovsdb/ovsdb-tool.1.in
+++ b/ovsdb/ovsdb-tool.1.in
@@ -147,6 +147,14 @@ avoid this possibility, specify \fB\-\-cid=\fIuuid\fR, 
where
 \fIuuid\fR is the cluster ID of the cluster to join, as printed by
 \fBovsdb\-tool get\-cid\fR.
 .
+.SS "Database Migration Commands"
+This commands will convert cluster database to standalone database.
+.
+.IP "\fBcluster\-to\-standalone\fI db clusterdb"
+Use this command to convert to standalone database from clustered database
+when the cluster is down and cannot be revived. It creates new standalone
+\fIdb\fR file from the given cluster \fIdb\fR file.
+.
 .SS "Version Management Commands"
 .so ovsdb/ovsdb-schemas.man
 .PP
diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..3bbf4c8bc 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,9 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  cluster-to-standalone DB DBConvert clustered DB to\n"
+   "  standalone DB when cluster is down and cannot be\n"
+   "revived\n"
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -942,6 +945,55 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static void
+raft_header_to_standalone_log(const struct raft_header *h,
+  struct ovsdb_log *db_log_data)
+{
+if (h->snap_index) {
+if (!h->snap.data || json_array(h->snap.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft header data array length");
+}
+
+struct json *schema_json = json_array(h->snap.data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+ovsdb_schema_destroy(schema);
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   schema_json));
+}
+
+struct json *data_json = json_array(h->snap.data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "Invalid raft header data");
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   data_json));
+}
+}
+}
+
+static void
+raft_record_to_standalone_log(const struct raft_record *r,
+  struct ovsdb_log *db_log_data)
+{
+if (r->type == RAFT_REC_ENTRY) {
+if (!r->entry.data) {
+return;
+}
+if (json_array(r->entry.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft record array length");
+}
+
+struct json *data_json = json_array(r->entry.data)->elems[1];
+if (data_json->type != JSON_NULL)

[ovs-dev] [PATCH v7] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/ref/ovsdb.7.rst |   3 +
 NEWS  |   3 +
 ovsdb/ovsdb-tool.1.in |   8 +++
 ovsdb/ovsdb-tool.c| 101 +-
 tests/ovsdb-tool.at   |  98 +
 5 files changed, 212 insertions(+), 1 deletion(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index cd1c63d64..b12d8066c 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -514,6 +514,9 @@ standalone database from the contents of a running 
clustered database.
 When the cluster is down and cannot be revived, ``ovsdb-client backup`` will
 not work.
 
+Use ``ovsdb-tool cluster-to-standalone`` to convert clustered database to
+standalone database when the cluster is down and cannot be revived.
+
 Upgrading or Downgrading a Database
 ---
 
diff --git a/NEWS b/NEWS
index c5caa13d6..a02f9f1a6 100644
--- a/NEWS
+++ b/NEWS
@@ -49,6 +49,9 @@ v2.12.0 - xx xxx 
quickly after a brief disconnection, saving bandwidth and CPU time.
See section 4.1.15 of ovsdb-server(7) for details of related OVSDB
protocol extension.
+ * Support to convert from cluster database to standalone database is now
+   available when clustered is down and cannot be revived using ovsdb-tool
+   . Check "Database Migration Commands" in ovsdb-tool man section.
- OVN:
  * IPAM/MACAM:
- select IPAM mac_prefix in a random manner if not provided by the user
diff --git a/ovsdb/ovsdb-tool.1.in b/ovsdb/ovsdb-tool.1.in
index ec85e14c4..31a918d90 100644
--- a/ovsdb/ovsdb-tool.1.in
+++ b/ovsdb/ovsdb-tool.1.in
@@ -147,6 +147,14 @@ avoid this possibility, specify \fB\-\-cid=\fIuuid\fR, 
where
 \fIuuid\fR is the cluster ID of the cluster to join, as printed by
 \fBovsdb\-tool get\-cid\fR.
 .
+.SS "Database Migration Commands"
+This commands will convert cluster database to standalone database.
+.
+.IP "\fBcluster\-to\-standalone\fI db clusterdb"
+Use this command to convert to standalone database from clustered database
+when the cluster is down and cannot be revived. It creates new standalone
+\fIdb\fR file from the given cluster \fIdb\fR file.
+.
 .SS "Version Management Commands"
 .so ovsdb/ovsdb-schemas.man
 .PP
diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..3bbf4c8bc 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,9 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  cluster-to-standalone DB DBConvert clustered DB to\n"
+   "  standalone DB when cluster is down and cannot be\n"
+   "revived\n"
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -942,6 +945,55 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static void
+raft_header_to_standalone_log(const struct raft_header *h,
+  struct ovsdb_log *db_log_data)
+{
+if (h->snap_index) {
+if (!h->snap.data || json_array(h->snap.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft header data array length");
+}
+
+struct json *schema_json = json_array(h->snap.data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+ovsdb_schema_destroy(schema);
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   schema_json));
+}
+
+struct json *data_json = json_array(h->snap.data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "Invalid raft header data");
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   data_json));
+}
+}
+}
+
+static void
+raft_record_to_standalone_log(const struct raft_record *r,
+  struct ovsdb_log *db_log_data)
+{
+if (r->type == RAFT_REC_ENTRY) {
+if (!r->entry.data) {
+return;
+}
+if (json_array(r->entry.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft record array length");
+}
+
+struct json *data_json = json_array(r->entry.data)->elems[1];
+if (data_json->type != JSON_N

[ovs-dev] [PATCH v6] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/ref/ovsdb.7.rst |   3 +
 NEWS  |   3 +
 ovsdb/ovsdb-tool.1.in |   8 +++
 ovsdb/ovsdb-tool.c| 101 +-
 tests/ovsdb-tool.at   |  46 
 5 files changed, 160 insertions(+), 1 deletion(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index cd1c63d64..b12d8066c 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -514,6 +514,9 @@ standalone database from the contents of a running 
clustered database.
 When the cluster is down and cannot be revived, ``ovsdb-client backup`` will
 not work.
 
+Use ``ovsdb-tool cluster-to-standalone`` to convert clustered database to
+standalone database when the cluster is down and cannot be revived.
+
 Upgrading or Downgrading a Database
 ---
 
diff --git a/NEWS b/NEWS
index c5caa13d6..a02f9f1a6 100644
--- a/NEWS
+++ b/NEWS
@@ -49,6 +49,9 @@ v2.12.0 - xx xxx 
quickly after a brief disconnection, saving bandwidth and CPU time.
See section 4.1.15 of ovsdb-server(7) for details of related OVSDB
protocol extension.
+ * Support to convert from cluster database to standalone database is now
+   available when clustered is down and cannot be revived using ovsdb-tool
+   . Check "Database Migration Commands" in ovsdb-tool man section.
- OVN:
  * IPAM/MACAM:
- select IPAM mac_prefix in a random manner if not provided by the user
diff --git a/ovsdb/ovsdb-tool.1.in b/ovsdb/ovsdb-tool.1.in
index ec85e14c4..31a918d90 100644
--- a/ovsdb/ovsdb-tool.1.in
+++ b/ovsdb/ovsdb-tool.1.in
@@ -147,6 +147,14 @@ avoid this possibility, specify \fB\-\-cid=\fIuuid\fR, 
where
 \fIuuid\fR is the cluster ID of the cluster to join, as printed by
 \fBovsdb\-tool get\-cid\fR.
 .
+.SS "Database Migration Commands"
+This commands will convert cluster database to standalone database.
+.
+.IP "\fBcluster\-to\-standalone\fI db clusterdb"
+Use this command to convert to standalone database from clustered database
+when the cluster is down and cannot be revived. It creates new standalone
+\fIdb\fR file from the given cluster \fIdb\fR file.
+.
 .SS "Version Management Commands"
 .so ovsdb/ovsdb-schemas.man
 .PP
diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..3bbf4c8bc 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,9 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  cluster-to-standalone DB DBConvert clustered DB to\n"
+   "  standalone DB when cluster is down and cannot be\n"
+   "revived\n"
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -942,6 +945,55 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static void
+raft_header_to_standalone_log(const struct raft_header *h,
+  struct ovsdb_log *db_log_data)
+{
+if (h->snap_index) {
+if (!h->snap.data || json_array(h->snap.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft header data array length");
+}
+
+struct json *schema_json = json_array(h->snap.data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+ovsdb_schema_destroy(schema);
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   schema_json));
+}
+
+struct json *data_json = json_array(h->snap.data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "Invalid raft header data");
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data,
+   data_json));
+}
+}
+}
+
+static void
+raft_record_to_standalone_log(const struct raft_record *r,
+  struct ovsdb_log *db_log_data)
+{
+if (r->type == RAFT_REC_ENTRY) {
+if (!r->entry.data) {
+return;
+}
+if (json_array(r->entry.data)->n != 2) {
+ovs_fatal(0, "Incorrect raft record array length");
+}
+
+struct json *data_json = json_array(r->entry.data)->elems[1];
+if (data_json->type != JSON_NULL) {
+ 

[ovs-dev] [PATCH v5] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/ref/ovsdb.7.rst |   3 +
 ovsdb/ovsdb-tool.1.in |   8 +++
 ovsdb/ovsdb-tool.c| 110 +-
 3 files changed, 120 insertions(+), 1 deletion(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index cd1c63d64..b12d8066c 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -514,6 +514,9 @@ standalone database from the contents of a running 
clustered database.
 When the cluster is down and cannot be revived, ``ovsdb-client backup`` will
 not work.
 
+Use ``ovsdb-tool cluster-to-standalone`` to convert clustered database to
+standalone database when the cluster is down and cannot be revived.
+
 Upgrading or Downgrading a Database
 ---
 
diff --git a/ovsdb/ovsdb-tool.1.in b/ovsdb/ovsdb-tool.1.in
index ec85e14c4..8c7962ab3 100644
--- a/ovsdb/ovsdb-tool.1.in
+++ b/ovsdb/ovsdb-tool.1.in
@@ -147,6 +147,14 @@ avoid this possibility, specify \fB\-\-cid=\fIuuid\fR, 
where
 \fIuuid\fR is the cluster ID of the cluster to join, as printed by
 \fBovsdb\-tool get\-cid\fR.
 .
+.SS "Database Migration Commands"
+This commands will convert cluster database to standalone database.
+.
+.IP "\fBcluster-to-standalone \fR[\fIdb\fR [\fIdb\fR]]"
+Use this command to convert to standalone database from clustered database
+when the cluster is down and cannot be revived. It creates new standalone
+\fIdb\fR file from the given cluster \fIdb\fR file.
+.
 .SS "Version Management Commands"
 .so ovsdb/ovsdb-schemas.man
 .PP
diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..8039078a3 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,9 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  cluster-to-standalone [DB [DB]]Convert clustered DB to\n"
+   "standalone DB when cluster is down and cannot be\n"
+"revived\n"
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -942,6 +945,64 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static void
+write_raft_header_to_file(const struct json *data,
+  struct ovsdb_log *db_log_data)
+{
+if (!data || json_array(data)->n != 2) {
+   ovs_fatal(0, "***Invalid data***\n");
+}
+
+struct json *schema_json = json_array(data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+ovsdb_schema_destroy(schema);
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, schema_json));
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "***invalid data***\n");
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, data_json));
+}
+}
+
+static void
+write_raft_header(const struct raft_header *h, struct ovsdb_log *db_log_data)
+{
+if (h->snap_index) {
+write_raft_header_to_file(h->snap.data, db_log_data);
+}
+}
+
+static void
+write_raft_record_to_file(const struct json *data,
+  struct ovsdb_log *db_log_data)
+{
+if (json_array(data)->n != 2) {
+ovs_fatal(0, "***invalid data***\n");
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, data_json));
+}
+}
+
+static void
+write_raft_record(const struct raft_record *r, struct ovsdb_log *db_log_data)
+{
+if (r->type == RAFT_REC_ENTRY) {
+if (!r->entry.data) {
+return;
+}
+write_raft_record_to_file(r->entry.data, db_log_data);
+}
+}
+
 static void
 do_show_log_cluster(struct ovsdb_log *log)
 {
@@ -1511,6 +1572,51 @@ do_compare_versions(struct ovs_cmdl_context *ctx)
 exit(result ? 0 : 2);
 }
 
+static void
+do_convert_to_standalone(struct ovsdb_log *log, struct ovsdb_log *db_log_data)
+{
+for (unsigned int i = 0; ; i++) {
+struct json *json;
+check_ovsdb_error(ovsdb_log_read(log, &json));
+if (!json) {
+break;
+}
+
+if (i == 0) {
+struct raft_header h;
+check_ovsdb_error(raft_header_from_json(&h, json));
+write_raft_header(&h, db_log_data);
+

[ovs-dev] [PATCHi v5] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/ref/ovsdb.7.rst |   3 +
 ovsdb/ovsdb-tool.1.in |   8 +++
 ovsdb/ovsdb-tool.c| 110 +-
 3 files changed, 120 insertions(+), 1 deletion(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index cd1c63d64..b12d8066c 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -514,6 +514,9 @@ standalone database from the contents of a running 
clustered database.
 When the cluster is down and cannot be revived, ``ovsdb-client backup`` will
 not work.
 
+Use ``ovsdb-tool cluster-to-standalone`` to convert clustered database to
+standalone database when the cluster is down and cannot be revived.
+
 Upgrading or Downgrading a Database
 ---
 
diff --git a/ovsdb/ovsdb-tool.1.in b/ovsdb/ovsdb-tool.1.in
index ec85e14c4..8c7962ab3 100644
--- a/ovsdb/ovsdb-tool.1.in
+++ b/ovsdb/ovsdb-tool.1.in
@@ -147,6 +147,14 @@ avoid this possibility, specify \fB\-\-cid=\fIuuid\fR, 
where
 \fIuuid\fR is the cluster ID of the cluster to join, as printed by
 \fBovsdb\-tool get\-cid\fR.
 .
+.SS "Database Migration Commands"
+This commands will convert cluster database to standalone database.
+.
+.IP "\fBcluster-to-standalone \fR[\fIdb\fR [\fIdb\fR]]"
+Use this command to convert to standalone database from clustered database
+when the cluster is down and cannot be revived. It creates new standalone
+\fIdb\fR file from the given cluster \fIdb\fR file.
+.
 .SS "Version Management Commands"
 .so ovsdb/ovsdb-schemas.man
 .PP
diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..8039078a3 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,9 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  cluster-to-standalone [DB [DB]]Convert clustered DB to\n"
+   "standalone DB when cluster is down and cannot be\n"
+"revived\n"
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -942,6 +945,64 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static void
+write_raft_header_to_file(const struct json *data,
+  struct ovsdb_log *db_log_data)
+{
+if (!data || json_array(data)->n != 2) {
+   ovs_fatal(0, "***Invalid data***\n");
+}
+
+struct json *schema_json = json_array(data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+ovsdb_schema_destroy(schema);
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, schema_json));
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "***invalid data***\n");
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, data_json));
+}
+}
+
+static void
+write_raft_header(const struct raft_header *h, struct ovsdb_log *db_log_data)
+{
+if (h->snap_index) {
+write_raft_header_to_file(h->snap.data, db_log_data);
+}
+}
+
+static void
+write_raft_record_to_file(const struct json *data,
+  struct ovsdb_log *db_log_data)
+{
+if (json_array(data)->n != 2) {
+ovs_fatal(0, "***invalid data***\n");
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, data_json));
+}
+}
+
+static void
+write_raft_record(const struct raft_record *r, struct ovsdb_log *db_log_data)
+{
+if (r->type == RAFT_REC_ENTRY) {
+if (!r->entry.data) {
+return;
+}
+write_raft_record_to_file(r->entry.data, db_log_data);
+}
+}
+
 static void
 do_show_log_cluster(struct ovsdb_log *log)
 {
@@ -1511,6 +1572,51 @@ do_compare_versions(struct ovs_cmdl_context *ctx)
 exit(result ? 0 : 2);
 }
 
+static void
+do_convert_to_standalone(struct ovsdb_log *log, struct ovsdb_log *db_log_data)
+{
+for (unsigned int i = 0; ; i++) {
+struct json *json;
+check_ovsdb_error(ovsdb_log_read(log, &json));
+if (!json) {
+break;
+}
+
+if (i == 0) {
+struct raft_header h;
+check_ovsdb_error(raft_header_from_json(&h, json));
+write_raft_header(&h, db_log_data);
+

[ovs-dev] [PATCH v4] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/ref/ovsdb.7.rst |   3 +
 ovsdb/ovsdb-tool.c| 110 +-
 2 files changed, 112 insertions(+), 1 deletion(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index cd1c63d64..b12d8066c 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -514,6 +514,9 @@ standalone database from the contents of a running 
clustered database.
 When the cluster is down and cannot be revived, ``ovsdb-client backup`` will
 not work.
 
+Use ``ovsdb-tool cluster-to-standalone`` to convert clustered database to
+standalone database when the cluster is down and cannot be revived.
+
 Upgrading or Downgrading a Database
 ---
 
diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..8039078a3 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,9 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  cluster-to-standalone [DB [DB]]Convert clustered DB to\n"
+   "standalone DB when cluster is down and cannot be\n"
+"revived\n"
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -942,6 +945,64 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static void
+write_raft_header_to_file(const struct json *data,
+  struct ovsdb_log *db_log_data)
+{
+if (!data || json_array(data)->n != 2) {
+   ovs_fatal(0, "***Invalid data***\n");
+}
+
+struct json *schema_json = json_array(data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+ovsdb_schema_destroy(schema);
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, schema_json));
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "***invalid data***\n");
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, data_json));
+}
+}
+
+static void
+write_raft_header(const struct raft_header *h, struct ovsdb_log *db_log_data)
+{
+if (h->snap_index) {
+write_raft_header_to_file(h->snap.data, db_log_data);
+}
+}
+
+static void
+write_raft_record_to_file(const struct json *data,
+  struct ovsdb_log *db_log_data)
+{
+if (json_array(data)->n != 2) {
+ovs_fatal(0, "***invalid data***\n");
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, data_json));
+}
+}
+
+static void
+write_raft_record(const struct raft_record *r, struct ovsdb_log *db_log_data)
+{
+if (r->type == RAFT_REC_ENTRY) {
+if (!r->entry.data) {
+return;
+}
+write_raft_record_to_file(r->entry.data, db_log_data);
+}
+}
+
 static void
 do_show_log_cluster(struct ovsdb_log *log)
 {
@@ -1511,6 +1572,51 @@ do_compare_versions(struct ovs_cmdl_context *ctx)
 exit(result ? 0 : 2);
 }
 
+static void
+do_convert_to_standalone(struct ovsdb_log *log, struct ovsdb_log *db_log_data)
+{
+for (unsigned int i = 0; ; i++) {
+struct json *json;
+check_ovsdb_error(ovsdb_log_read(log, &json));
+if (!json) {
+break;
+}
+
+if (i == 0) {
+struct raft_header h;
+check_ovsdb_error(raft_header_from_json(&h, json));
+write_raft_header(&h, db_log_data);
+raft_header_uninit(&h);
+} else {
+struct raft_record r;
+check_ovsdb_error(raft_record_from_json(&r, json));
+write_raft_record(&r, db_log_data);
+raft_record_uninit(&r);
+}
+}
+}
+
+static void
+do_cluster_standalone(struct ovs_cmdl_context *ctx)
+{
+const char *db_file_name = ctx->argv[1];
+const char *cluster_db_file_name = ctx->argv[2];
+struct ovsdb_log *log;
+struct ovsdb_log *db_log_data;
+
+check_ovsdb_error(ovsdb_log_open(cluster_db_file_name,
+ OVSDB_MAGIC"|"RAFT_MAGIC,
+ OVSDB_LOG_READ_ONLY, -1, &log));
+check_ovsdb_error(ovsdb_log_open(db_file_name, OVSDB_MAGIC,
+ OVSDB_LOG_CREATE_EXCL

[ovs-dev] [PATCH v3] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/ref/ovsdb.7.rst |   3 +
 ovsdb/ovsdb-tool.c| 112 +-
 2 files changed, 114 insertions(+), 1 deletion(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index cd1c63d64..b12d8066c 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -514,6 +514,9 @@ standalone database from the contents of a running 
clustered database.
 When the cluster is down and cannot be revived, ``ovsdb-client backup`` will
 not work.
 
+Use ``ovsdb-tool cluster-to-standalone`` to convert clustered database to
+standalone database when the cluster is down and cannot be revived.
+
 Upgrading or Downgrading a Database
 ---
 
diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..1956e5492 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,9 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  cluster-to-standalone [DB [DB]]Convert clustered DB to\n"
+   "standalone DB when cluster is down and cannot be\n"
+"revived\n"
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -942,6 +945,63 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static void
+write_raft_header_to_file(const struct json *data,
+  struct ovsdb_log *db_log_data)
+{
+if (!data || json_array(data)->n != 2) {
+   ovs_fatal(0, "***Invalid data***\n");
+}
+
+struct json *schema_json = json_array(data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, schema_json));
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+ovs_fatal(0, "***invalid data***\n");
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, data_json));
+}
+}
+
+static void
+write_raft_header(const struct raft_header *h, struct ovsdb_log *db_log_data)
+{
+if (h->snap_index) {
+write_raft_header_to_file(h->snap.data, db_log_data);
+}
+}
+
+static void
+write_raft_record_to_file(const struct json *data,
+  struct ovsdb_log *db_log_data)
+{
+if (json_array(data)->n != 2) {
+ovs_fatal(0, "***invalid data***\n");
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(db_log_data, data_json));
+}
+}
+
+static void
+write_raft_record(const struct raft_record *r, struct ovsdb_log *db_log_data)
+{
+if (r->type == RAFT_REC_ENTRY) {
+if (!r->entry.data) {
+return;
+}
+write_raft_record_to_file(r->entry.data, db_log_data);
+}
+}
+
 static void
 do_show_log_cluster(struct ovsdb_log *log)
 {
@@ -1511,6 +1571,54 @@ do_compare_versions(struct ovs_cmdl_context *ctx)
 exit(result ? 0 : 2);
 }
 
+static void
+do_convert_to_standalone(struct ovsdb_log *log, struct ovsdb_log *db_log_data)
+{
+for (unsigned int i = 0; ; i++) {
+struct json *json;
+check_ovsdb_error(ovsdb_log_read(log, &json));
+if (!json) {
+break;
+}
+
+struct ovsdb_error *error;
+if (i == 0) {
+struct raft_header h;
+check_ovsdb_error(raft_header_from_json(&h, json));
+write_raft_header(&h, db_log_data);
+check_ovsdb_error(ovsdb_log_commit_block(db_log_data));
+raft_header_uninit(&h);
+
+} else {
+struct raft_record r;
+check_ovsdb_error(raft_record_from_json(&r, json));
+write_raft_record(&r, db_log_data);
+check_ovsdb_error(ovsdb_log_commit_block(db_log_data));
+raft_record_uninit(&r);
+}
+}
+}
+
+static void
+do_cluster_standalone(struct ovs_cmdl_context *ctx)
+{
+const char *db_file_name = ctx->argv[1];
+const char *cluster_db_file_name = ctx->argv[2];
+struct ovsdb_log *log;
+struct ovsdb_log *db_log_data;
+
+check_ovsdb_error(ovsdb_log_open(cluster_db_file_name,
+ OVSDB_MAGIC"|"RAFT_MAGIC,
+ OVSDB_LOG_READ_ONLY,

[ovs-dev] [PATCH v1] ovsdb.7.rst: some corrections in ovsdb-client usage.

[amginwal]

From: Aliasgar Ginwala 

1. Correct typo where it should be ovsdb-client backup vs ovsdb-tool backup.
2. Update for which case will ovsdb-client not work.

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/ref/ovsdb.7.rst | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Documentation/ref/ovsdb.7.rst b/Documentation/ref/ovsdb.7.rst
index c43fe1709..cd1c63d64 100644
--- a/Documentation/ref/ovsdb.7.rst
+++ b/Documentation/ref/ovsdb.7.rst
@@ -509,8 +509,10 @@ Changing Database Service Model
 ---
 
 Use ``ovsdb-tool create-cluster`` to create a clustered database from the
-contents of a standalone database.  Use ``ovsdb-tool backup`` to create a
-standalone database from the contents of a clustered database.
+contents of a standalone database.  Use ``ovsdb-client backup`` to create a
+standalone database from the contents of a running clustered database.
+When the cluster is down and cannot be revived, ``ovsdb-client backup`` will
+not work.
 
 Upgrading or Downgrading a Database
 ---
-- 
2.20.1 (Apple Git-117)

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool migrate-cluster-db ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
---
 ovsdb/ovsdb-tool.c | 154 -
 1 file changed, 152 insertions(+), 2 deletions(-)

diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..4aa1d4b3f 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,8 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  migrate-cluster-db [DB [DB]]Migrate clustered DB to\n"
+   "standalone DB\n "
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -206,7 +208,7 @@ default_schema(void)
 }
 return schema;
 }
-
+
 static struct json *
 parse_json(const char *s)
 {
@@ -244,7 +246,7 @@ read_standalone_schema(const char *filename)
 ovsdb_storage_close(storage);
 return schema;
 }
-
+
 static void
 do_create(struct ovs_cmdl_context *ctx)
 {
@@ -942,6 +944,94 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static struct ovsdb_log *
+write_raft_header_to_file(const struct json *data, const char *db_file_name)
+{
+if (!data) {
+return NULL;
+}
+
+if (json_array(data)->n != 2) {
+printf(" ***invalid data***\n");
+return NULL;
+}
+
+struct ovsdb_log *log;
+struct json *schema_json = json_array(data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+check_ovsdb_error(ovsdb_log_open(db_file_name, OVSDB_MAGIC,
+ OVSDB_LOG_CREATE_EXCL, -1, &log));
+check_ovsdb_error(ovsdb_log_write_and_free(log, schema_json));
+check_ovsdb_error(ovsdb_log_commit_block(log));
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+return NULL;
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(log, data_json));
+check_ovsdb_error(ovsdb_log_commit_block(log));
+}
+return log;
+}
+
+static struct ovsdb_log *
+write_raft_header(const struct raft_header *h, const char *db_file_name)
+{
+if (h->snap_index) {
+return write_raft_header_to_file(h->snap.data, db_file_name);
+}
+return NULL;
+}
+
+static void
+write_raft_records_to_file(const struct json *data, struct ovsdb_log *log_data)
+{
+if (json_array(data)->n != 2) {
+printf(" ***invalid data***\n");
+return;
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(log_data, data_json));
+check_ovsdb_error(ovsdb_log_commit_block(log_data));
+}
+}
+
+static void
+write_raft_records(const struct raft_record *r, struct ovsdb_log *log_data)
+{
+switch (r->type) {
+case RAFT_REC_ENTRY:
+if (!r->entry.data) {
+return;
+}
+write_raft_records_to_file(r->entry.data, log_data);
+break;
+
+case RAFT_REC_TERM:
+break;
+
+case RAFT_REC_VOTE:
+break;
+
+case RAFT_REC_NOTE:
+break;
+
+case RAFT_REC_COMMIT_INDEX:
+break;
+
+case RAFT_REC_LEADER:
+break;
+default:
+OVS_NOT_REACHED();
+}
+}
+
 static void
 do_show_log_cluster(struct ovsdb_log *log)
 {
@@ -1511,6 +1601,65 @@ do_compare_versions(struct ovs_cmdl_context *ctx)
 exit(result ? 0 : 2);
 }
 
+static void
+do_migrate_cluster(struct ovsdb_log *log, const char *db_file_name)
+{
+struct ovsdb_log *log_data = NULL;
+for (unsigned int i = 0; ; i++) {
+struct json *json;
+check_ovsdb_error(ovsdb_log_read(log, &json));
+if (!json) {
+break;
+}
+
+printf("record %u:\n", i);
+struct ovsdb_error *error;
+if (i == 0) {
+struct raft_header h;
+error = raft_header_from_json(&h, json);
+if (!error) {
+log_data = write_raft_header(&h, db_file_name);
+raft_header_uninit(&h);
+if (!log_data) {
+return;
+}
+}
+} else {
+struct raft_record r;
+error = raft_record_from_json(&r, json);
+if (!error) {
+write_raft_records(&r, log_data);
+raft_record_uninit(&r);
+}
+}
+if (error) {
+char *s = ovsdb_

[ovs-dev] [PATCH v1] ovsdb-tool: Convert clustered db to standalone db.

[amginwal]

From: Aliasgar Ginwala 

Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool migrate-cluster-db ovnnb_db.db ovnnb_db_cluster.db

Signed-off-by: Aliasgar Ginwala 
---
 ovsdb/ovsdb-tool.c | 154 -
 1 file changed, 152 insertions(+), 2 deletions(-)

diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
index 438f97590..ac84193c1 100644
--- a/ovsdb/ovsdb-tool.c
+++ b/ovsdb/ovsdb-tool.c
@@ -173,6 +173,8 @@ usage(void)
"  compare-versions A OP B  compare OVSDB schema version numbers\n"
"  query [DB] TRNS execute read-only transaction on DB\n"
"  transact [DB] TRNS  execute read/write transaction on DB\n"
+   "  migrate-cluster-db [DB [DB]]Migrate clustered DB to\n"
+   "standalone DB\n "
"  [-m]... show-log [DB]   print DB's log entries\n"
"The default DB is %s.\n"
"The default SCHEMA is %s.\n",
@@ -206,7 +208,7 @@ default_schema(void)
 }
 return schema;
 }
-
+
 static struct json *
 parse_json(const char *s)
 {
@@ -244,7 +246,7 @@ read_standalone_schema(const char *filename)
 ovsdb_storage_close(storage);
 return schema;
 }
-
+
 static void
 do_create(struct ovs_cmdl_context *ctx)
 {
@@ -942,6 +944,94 @@ print_raft_record(const struct raft_record *r,
 }
 }
 
+static struct ovsdb_log *
+write_raft_header_to_file(const struct json *data, const char *db_file_name)
+{
+if (!data) {
+return NULL;
+}
+
+if (json_array(data)->n != 2) {
+printf(" ***invalid data***\n");
+return NULL;
+}
+
+struct ovsdb_log *log;
+struct json *schema_json = json_array(data)->elems[0];
+if (schema_json->type != JSON_NULL) {
+struct ovsdb_schema *schema;
+check_ovsdb_error(ovsdb_schema_from_json(schema_json, &schema));
+check_ovsdb_error(ovsdb_log_open(db_file_name, OVSDB_MAGIC,
+ OVSDB_LOG_CREATE_EXCL, -1, &log));
+check_ovsdb_error(ovsdb_log_write_and_free(log, schema_json));
+check_ovsdb_error(ovsdb_log_commit_block(log));
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (!data_json || data_json->type != JSON_OBJECT) {
+return NULL;
+}
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(log, data_json));
+check_ovsdb_error(ovsdb_log_commit_block(log));
+}
+return log;
+}
+
+static struct ovsdb_log *
+write_raft_header(const struct raft_header *h, const char *db_file_name)
+{
+if (h->snap_index) {
+return write_raft_header_to_file(h->snap.data, db_file_name);
+}
+return NULL;
+}
+
+static void
+write_raft_records_to_file(const struct json *data, struct ovsdb_log *log_data)
+{
+if (json_array(data)->n != 2) {
+printf(" ***invalid data***\n");
+return;
+}
+
+struct json *data_json = json_array(data)->elems[1];
+if (data_json->type != JSON_NULL) {
+check_ovsdb_error(ovsdb_log_write_and_free(log_data, data_json));
+check_ovsdb_error(ovsdb_log_commit_block(log_data));
+}
+}
+
+static void
+write_raft_records(const struct raft_record *r, struct ovsdb_log *log_data)
+{
+switch (r->type) {
+case RAFT_REC_ENTRY:
+if (!r->entry.data) {
+return;
+}
+write_raft_records_to_file(r->entry.data, log_data);
+break;
+
+case RAFT_REC_TERM:
+break;
+
+case RAFT_REC_VOTE:
+break;
+
+case RAFT_REC_NOTE:
+break;
+
+case RAFT_REC_COMMIT_INDEX:
+break;
+
+case RAFT_REC_LEADER:
+break;
+default:
+OVS_NOT_REACHED();
+}
+}
+
 static void
 do_show_log_cluster(struct ovsdb_log *log)
 {
@@ -1511,6 +1601,65 @@ do_compare_versions(struct ovs_cmdl_context *ctx)
 exit(result ? 0 : 2);
 }
 
+static void
+do_migrate_cluster(struct ovsdb_log *log, const char *db_file_name)
+{
+struct ovsdb_log *log_data;
+for (unsigned int i = 0; ; i++) {
+struct json *json;
+check_ovsdb_error(ovsdb_log_read(log, &json));
+if (!json) {
+break;
+}
+
+printf("record %u:\n", i);
+struct ovsdb_error *error;
+if (i == 0) {
+struct raft_header h;
+error = raft_header_from_json(&h, json);
+if (!error) {
+log_data = write_raft_header(&h, db_file_name);
+raft_header_uninit(&h);
+if (!log_data) {
+return;
+}
+}
+} else {
+struct raft_record r;
+error = raft_record_from_json(&r, json);
+if (!error) {
+write_raft_records(&r, log_data);
+raft_record_uninit(&r);
+}
+}
+if (error) {
+char *s = ovsdb_error_t

[ovs-dev] [PATCH v4 ovn] Containerize components

[amginwal]

From: Aliasgar Ginwala 

1. Containerize ovn central components
2. Containerize ovn host
3. Update documentation about building/running ovn in containers.

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/intro/install/general.rst  | 83 
 utilities/automake.mk| 10 ++-
 utilities/docker/Makefile| 22 +++
 utilities/docker/create_ovn_dbs.sh   | 18 +
 utilities/docker/debian/Dockerfile   | 22 +++
 utilities/docker/debian/build.sh | 44 +
 utilities/docker/ovn_default_nb_port |  1 +
 utilities/docker/ovn_default_northd_host |  1 +
 utilities/docker/ovn_default_sb_port |  1 +
 utilities/docker/start-ovn   | 40 
 10 files changed, 241 insertions(+), 1 deletion(-)
 create mode 100644 utilities/docker/Makefile
 create mode 100755 utilities/docker/create_ovn_dbs.sh
 create mode 100644 utilities/docker/debian/Dockerfile
 create mode 100755 utilities/docker/debian/build.sh
 create mode 100644 utilities/docker/ovn_default_nb_port
 create mode 100644 utilities/docker/ovn_default_northd_host
 create mode 100644 utilities/docker/ovn_default_sb_port
 create mode 100755 utilities/docker/start-ovn

diff --git a/Documentation/intro/install/general.rst 
b/Documentation/intro/install/general.rst
index 99d8fec04..1d5323f76 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -380,6 +380,60 @@ domain socket::
 
 $ ovn-northd --pidfile --detach --log-file
 
+
+Starting OVN Central services in containers
+~~~
+
+For OVN central node, we dont need to load ovs kernel modules on host.
+Hence, OVN central containers OS need not depend on host OS.
+
+Also we can leverage deploying entire OVN control plane in a pod spec for use
+cases like OVN-kubernetes
+
+Export following variables in .env  and place it under
+project root::
+
+$ OVN_BRANCH=
+$ OVN_VERSION=
+$ DISTRO=
+$ KERNEL_VERSION=
+$ GITHUB_SRC=
+$ DOCKER_REPO=
+
+To build ovn modules::
+
+$ cd utilities/docker
+$ make build
+
+Compiled Modules will be tagged with docker image
+
+To Push ovn modules::
+
+$ make push
+
+OVN docker image will be pushed to specified docker repo.
+
+Start OVN containers using below command::
+
+$ docker run -itd --net=host --name=ovn-nb \
+  : ovn-nb-tcp
+
+$ docker run -itd --net=host --name=ovn-sb \
+  : ovn-sb-tcp
+
+$ docker run -itd --net=host --name=ovn-northd \
+  : ovn-northd-tcp
+
+.. note::
+Current ovn central components comes up in docker image in a standalone
+mode with protocol tcp.
+
+The debian docker file use ubuntu 16.04 as a base image for reference.
+
+User can use any other base image for debian, e.g. u14.04, etc.
+
+RHEL based docker build support needs to be added.
+
 Starting OVN host service
 
 
@@ -406,6 +460,32 @@ domain socket::
 
 $ ovn-controller --pidfile --detach --log-file
 
+Starting OVN host service in containers
+~~~
+
+For OVN host too, we dont need to load ovs kernel modules on host.
+Hence, OVN host container OS need not depend on host OS.
+
+Also we can leverage deploying OVN host in a pod spec for use cases like
+OVN-kubernetes to manage OVS which can be running as a service on host or in
+container.
+
+Start ovsdb-server and ovs-vswitchd components as per
+http://docs.openvswitch.org/en/latest/intro/install/general/
+
+start local ovn-controller with below command if ovs is also running in
+container::
+
+$ docker run -itd --net=host --name=ovn-controller \
+  --volumes-from=ovsdb-server \
+  : ovn-controller
+
+start local ovn-controller with below command if ovs is running as a service::
+
+$ docker run -itd --net=host --name=ovn-controller \
+  -v /var/run/openvswitch/:/var/run/openvswitch/ \
+  : ovn-controller
+
 Validating
 --
 
@@ -419,6 +499,9 @@ logical switch ``sw0`` and add logical port ``sw0-p1`` ::
 
 Refer to ovn-nbctl(8) and ovn-sbctl (8) for more details.
 
+When using ovn in container, exec to container to run above commands::
+
+$ docker exec -it  /bin/bash
 
 Reporting Bugs
 --
diff --git a/utilities/automake.mk b/utilities/automake.mk
index b2b026f57..9b46940ae 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -28,7 +28,15 @@ EXTRA_DIST += \
 utilities/ovn-trace.8.xml \
 utilities/ovn-detrace.in \
 utilities/ovndb-servers.ocf \
-utilities/checkpatch.py
+utilities/checkpatch.py \
+utilities/docker/Makefile \
+utilities/docker/start-ovn \
+utilities/docker/create_ovn_dbs.sh \
+utilities/docker/ovn_default_nb_port \
+utilities/docker/ovn_default_sb_port \
+utilities/docker/ovn_default_northd_host \
+utilities/docker/debian/Dockerfile \
+utilities/docker/debian/build.sh
 
 CLEANFILES += \
 utilities/ovn-ctl.

[ovs-dev] [PATCH v3 ovn] Containerize components

[amginwal]

From: Aliasgar Ginwala 

1. Containerize ovn central components
2. Containerize ovn host
3. Update documentation about building/running ovn in containers.

Signed-off-by: Aliasgar Ginwala 
---
 Documentation/intro/install/general.rst  | 83 
 utilities/automake.mk|  8 +++
 utilities/docker/Makefile| 22 +++
 utilities/docker/create_ovn_dbs.sh   | 18 +
 utilities/docker/debian/Dockerfile   | 22 +++
 utilities/docker/debian/build.sh | 44 +
 utilities/docker/ovn_default_nb_port |  1 +
 utilities/docker/ovn_default_northd_host |  1 +
 utilities/docker/ovn_default_sb_port |  1 +
 utilities/docker/start-ovn   | 40 
 10 files changed, 240 insertions(+)
 create mode 100644 utilities/docker/Makefile
 create mode 100755 utilities/docker/create_ovn_dbs.sh
 create mode 100644 utilities/docker/debian/Dockerfile
 create mode 100755 utilities/docker/debian/build.sh
 create mode 100644 utilities/docker/ovn_default_nb_port
 create mode 100644 utilities/docker/ovn_default_northd_host
 create mode 100644 utilities/docker/ovn_default_sb_port
 create mode 100755 utilities/docker/start-ovn

diff --git a/Documentation/intro/install/general.rst 
b/Documentation/intro/install/general.rst
index 99d8fec04..1d5323f76 100644
--- a/Documentation/intro/install/general.rst
+++ b/Documentation/intro/install/general.rst
@@ -380,6 +380,60 @@ domain socket::
 
 $ ovn-northd --pidfile --detach --log-file
 
+
+Starting OVN Central services in containers
+~~~
+
+For OVN central node, we dont need to load ovs kernel modules on host.
+Hence, OVN central containers OS need not depend on host OS.
+
+Also we can leverage deploying entire OVN control plane in a pod spec for use
+cases like OVN-kubernetes
+
+Export following variables in .env  and place it under
+project root::
+
+$ OVN_BRANCH=
+$ OVN_VERSION=
+$ DISTRO=
+$ KERNEL_VERSION=
+$ GITHUB_SRC=
+$ DOCKER_REPO=
+
+To build ovn modules::
+
+$ cd utilities/docker
+$ make build
+
+Compiled Modules will be tagged with docker image
+
+To Push ovn modules::
+
+$ make push
+
+OVN docker image will be pushed to specified docker repo.
+
+Start OVN containers using below command::
+
+$ docker run -itd --net=host --name=ovn-nb \
+  : ovn-nb-tcp
+
+$ docker run -itd --net=host --name=ovn-sb \
+  : ovn-sb-tcp
+
+$ docker run -itd --net=host --name=ovn-northd \
+  : ovn-northd-tcp
+
+.. note::
+Current ovn central components comes up in docker image in a standalone
+mode with protocol tcp.
+
+The debian docker file use ubuntu 16.04 as a base image for reference.
+
+User can use any other base image for debian, e.g. u14.04, etc.
+
+RHEL based docker build support needs to be added.
+
 Starting OVN host service
 
 
@@ -406,6 +460,32 @@ domain socket::
 
 $ ovn-controller --pidfile --detach --log-file
 
+Starting OVN host service in containers
+~~~
+
+For OVN host too, we dont need to load ovs kernel modules on host.
+Hence, OVN host container OS need not depend on host OS.
+
+Also we can leverage deploying OVN host in a pod spec for use cases like
+OVN-kubernetes to manage OVS which can be running as a service on host or in
+container.
+
+Start ovsdb-server and ovs-vswitchd components as per
+http://docs.openvswitch.org/en/latest/intro/install/general/
+
+start local ovn-controller with below command if ovs is also running in
+container::
+
+$ docker run -itd --net=host --name=ovn-controller \
+  --volumes-from=ovsdb-server \
+  : ovn-controller
+
+start local ovn-controller with below command if ovs is running as a service::
+
+$ docker run -itd --net=host --name=ovn-controller \
+  -v /var/run/openvswitch/:/var/run/openvswitch/ \
+  : ovn-controller
+
 Validating
 --
 
@@ -419,6 +499,9 @@ logical switch ``sw0`` and add logical port ``sw0-p1`` ::
 
 Refer to ovn-nbctl(8) and ovn-sbctl (8) for more details.
 
+When using ovn in container, exec to container to run above commands::
+
+$ docker exec -it  /bin/bash
 
 Reporting Bugs
 --
diff --git a/utilities/automake.mk b/utilities/automake.mk
index b2b026f57..3142d177f 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -29,6 +29,14 @@ EXTRA_DIST += \
 utilities/ovn-detrace.in \
 utilities/ovndb-servers.ocf \
 utilities/checkpatch.py
+utilities/docker/Makefile \
+utilities/docker/start-ovn \
+utilities/docker/create_ovn_dbs.sh \
+utilities/docker/ovn_default_nb_port \
+utilities/docker/ovn_default_sb_port \
+utilities/docker/ovn_default_northd_host \
+utilities/docker/debian/Dockerfile \
+utilities/docker/debian/build.sh
 
 CLEANFILES += \
 utilities/ovn-ctl.8 \
diff --git a/utilities/docker/Makefile b/utilities/docker/Makefile
new file

[ovs-dev] [PATCH v2 2/2] ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP.

[amginwal]

When starting OVN DBs in HA using pacemaker with ssl, we need to pass ssl
certs for starting standby DBs. Hence, we need this change.

Signed-off-by: aginwala 
Acked-by: Han Zhou 
---
 ovn/utilities/ovndb-servers.ocf | 72 -
 1 file changed, 71 insertions(+), 1 deletion(-)

diff --git a/ovn/utilities/ovndb-servers.ocf b/ovn/utilities/ovndb-servers.ocf
index 52141c7..1031330 100755
--- a/ovn/utilities/ovndb-servers.ocf
+++ b/ovn/utilities/ovndb-servers.ocf
@@ -10,6 +10,12 @@
 : ${MANAGE_NORTHD_DEFAULT="no"}
 : ${INACTIVE_PROBE_DEFAULT="5000"}
 : ${LISTEN_ON_MASTER_IP_ONLY_DEFAULT="yes"}
+: ${NB_SSL_KEY_DEFAULT="/etc/openvswitch/ovnnb-privkey.pem"}
+: ${NB_SSL_CERT_DEFAULT="/etc/openvswitch/ovnnb-cert.pem"}
+: ${NB_SSL_CACERT_DEFAULT="/etc/openvswitch/cacert.pem"}
+: ${SB_SSL_KEY_DEFAULT="/etc/openvswitch/ovnsb-privkey.pem"}
+: ${SB_SSL_CERT_DEFAULT="/etc/openvswitch/ovnsb-cert.pem"}
+: ${SB_SSL_CACERT_DEFAULT="/etc/openvswitch/cacert.pem"}
 
 CRM_MASTER="${HA_SBIN_DIR}/crm_master -l reboot"
 CRM_ATTR_REPL_INFO="${HA_SBIN_DIR}/crm_attribute --type crm_config --name 
OVN_REPL_INFO -s ovn_ovsdb_master_server"
@@ -21,6 +27,13 @@ 
SB_MASTER_PORT=${OCF_RESKEY_sb_master_port:-${SB_MASTER_PORT_DEFAULT}}
 SB_MASTER_PROTO=${OCF_RESKEY_sb_master_protocol:-${SB_MASTER_PROTO_DEFAULT}}
 MANAGE_NORTHD=${OCF_RESKEY_manage_northd:-${MANAGE_NORTHD_DEFAULT}}
 INACTIVE_PROBE=${OCF_RESKEY_inactive_probe_interval:-${INACTIVE_PROBE_DEFAULT}}
+NB_PRIVKEY=${OCF_RESKEY_ovn_nb_db_privkey:-${NB_SSL_KEY_DEFAULT}}
+NB_CERT=${OCF_RESKEY_ovn_nb_db_cert:-${NB_SSL_CERT_DEFAULT}}
+NB_CACERT=${OCF_RESKEY_ovn_nb_db_cacert:-${NB_SSL_CACERT_DEFAULT}}
+SB_PRIVKEY=${OCF_RESKEY_ovn_sb_db_privkey:-${SB_SSL_KEY_DEFAULT}}
+SB_CERT=${OCF_RESKEY_ovn_sb_db_cert:-${SB_SSL_CERT_DEFAULT}}
+SB_CACERT=${OCF_RESKEY_ovn_sb_db_cacert:-${SB_SSL_CACERT_DEFAULT}}
+
 
 # In order for pacemaker to work with LB, we can set LISTEN_ON_MASTER_IP_ONLY
 # to false and pass LB vip IP while creating pcs resource.
@@ -132,6 +145,54 @@ ovsdb_server_metadata() {
   
   
 
+  
+  
+  OVN NB DB private key absolute path for ssl setup.
+  
+  OVN NB DB private key file
+  
+  
+
+  
+  
+  OVN NB DB certificate absolute path for ssl setup.
+  
+  OVN NB DB cert file
+  
+  
+
+  
+  
+  OVN NB DB CA certificate absolute path for ssl setup.
+  
+  OVN NB DB cacert file
+  
+  
+
+  
+  
+  OVN SB DB private key absolute path for ssl setup.
+  
+  OVN SB DB private key file
+  
+  
+
+  
+  
+  OVN SB DB certificate absolute path for ssl setup.
+  
+  OVN SB DB cert file
+  
+  
+
+  
+  
+  OVN SB DB CA certificate absolute path for ssl setup.
+  
+  OVN SB DB cacert file
+  
+  
+
   
 
   
@@ -326,6 +387,16 @@ ovsdb_server_start() {
set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
 fi
 
+if [ "x${NB_MASTER_PROTO}" = xssl ]; then
+set $@ --ovn-nb-db-ssl-key=${NB_PRIVKEY}
+set $@ --ovn-nb-db-ssl-cert=${NB_CERT}
+set $@ --ovn-nb-db-ssl-ca-cert=${NB_CACERT}
+fi
+if [ "x${SB_MASTER_PROTO}" = xssl ]; then
+set $@ --ovn-sb-db-ssl-key=${SB_PRIVKEY}
+set $@ --ovn-sb-db-ssl-cert=${SB_CERT}
+set $@ --ovn-sb-db-ssl-ca-cert=${SB_CACERT}
+fi
 if [ "x${present_master}" = x ]; then
 # No master detected, or the previous master is not among the
 # set starting.
@@ -343,7 +414,6 @@ ovsdb_server_start() {
 set $@ --db-nb-sync-from-addr=${INVALID_IP_ADDRESS} 
--db-sb-sync-from-addr=${INVALID_IP_ADDRESS}
 
 elif [ ${present_master} != ${host_name} ]; then
-# TODO: for using LB vip, need to test for ssl.
 if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xyes ]; then
 if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
 set $@ --db-nb-create-insecure-remote=yes
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH v2 1/2] ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.

[amginwal]

For OVN DBs to work with SSL in HA, we need to have capability to pass ssl
certs when starting OVN DBs. Say when starting OVN DBs in active passive mode,
in order for the standby DBs to sync from master node, it cannot sync
because the required ssl certs are not passed when standby DBs are initialized.
Hence, we need to have this option.

e.g. start nb db with ssl certs as below:
/usr/share/openvswitch/scripts/ovn-ctl 
--ovn-nb-db-ssl-key=/etc/openvswitch/ovnnb-privkey.pem \
--ovn-nb-db-ssl-cert=/etc/openvswitch/ovnnb-cert.pem \
--ovn-nb-db-ssl-ca-cert=/etc/openvswitch/cacert.pem \
--db-nb-create-insecure-remote=no start_nb_ovsdb

When certs are passed in the command line, it will read certs from the path
mentioned instead of default db configs.

Certs can be generated based on ovs ssl docs:
http://docs.openvswitch.org/en/latest/howto/ssl/

Signed-off-by: aginwala 
---
 ovn/utilities/ovn-ctl | 41 ++---
 1 file changed, 38 insertions(+), 3 deletions(-)

diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
index 3ff0df6..d71071a 100755
--- a/ovn/utilities/ovn-ctl
+++ b/ovn/utilities/ovn-ctl
@@ -116,6 +116,9 @@ start_ovsdb__() {
 local addr
 local active_conf_file
 local use_remote_in_db
+local ovn_db_ssl_key
+local ovn_db_ssl_cert
+local ovn_db_ssl_cacert
 eval pid=\$DB_${DB}_PID
 eval cluster_local_addr=\$DB_${DB}_CLUSTER_LOCAL_ADDR
 eval cluster_local_port=\$DB_${DB}_CLUSTER_LOCAL_PORT
@@ -137,6 +140,9 @@ start_ovsdb__() {
 eval addr=\$DB_${DB}_ADDR
 eval active_conf_file=\$ovn${db}_active_conf_file
 eval use_remote_in_db=\$DB_${DB}_USE_REMOTE_IN_DB
+eval ovn_db_ssl_key=\$OVN_${DB}_DB_SSL_KEY
+eval ovn_db_ssl_cert=\$OVN_${DB}_DB_SSL_CERT
+eval ovn_db_ssl_cacert=\$OVN_${DB}_DB_SSL_CA_CERT
 
 # Check and eventually start ovsdb-server for DB
 if pidfile_is_running $pid; then
@@ -183,9 +189,23 @@ $cluster_remote_port
 if test X"$use_remote_in_db" != Xno; then
 set "$@" --remote=db:$schema_name,$table_name,connections
 fi
-set "$@" --private-key=db:$schema_name,SSL,private_key
-set "$@" --certificate=db:$schema_name,SSL,certificate
-set "$@" --ca-cert=db:$schema_name,SSL,ca_cert
+
+if test X"$ovn_db_ssl_key" != X; then
+set "$@" --private-key=$ovn_db_ssl_key
+else
+set "$@" --private-key=db:$schema_name,SSL,private_key
+fi
+if test X"$ovn_db_ssl_cert" != X; then
+set "$@" --certificate=$ovn_db_ssl_cert
+else
+set "$@" --certificate=db:$schema_name,SSL,certificate
+fi
+if test X"$ovn_db_ssl_cacert" != X; then
+set "$@" --ca-cert=$ovn_db_ssl_cacert
+else
+set "$@" --ca-cert=db:$schema_name,SSL,ca_cert
+fi
+
 set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
 set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
 
@@ -481,6 +501,15 @@ set_defaults () {
 OVN_NORTHD_SB_DB="unix:$DB_SB_SOCK"
 DB_NB_USE_REMOTE_IN_DB="yes"
 DB_SB_USE_REMOTE_IN_DB="yes"
+
+OVN_NB_DB_SSL_KEY=""
+OVN_NB_DB_SSL_CERT=""
+OVN_NB_DB_SSL_CA_CERT=""
+
+OVN_SB_DB_SSL_KEY=""
+OVN_SB_DB_SSL_CERT=""
+OVN_SB_DB_SSL_CA_CERT=""
+
 }
 
 set_option () {
@@ -536,6 +565,12 @@ Options:
   --ovn-controller-ssl-cert=CERT OVN Southbound SSL certificate file
   --ovn-controller-ssl-ca-cert=CERT OVN Southbound SSL CA certificate file
   --ovn-controller-ssl-bootstrap-ca-cert=CERT Bootstrapped OVN Southbound SSL 
CA certificate file
+  --ovn-nb-db-ssl-key=KEY OVN Northbound DB SSL private key file
+  --ovn-nb-db-ssl-cert=CERT OVN Northbound DB SSL certificate file
+  --ovn-nb-db-ssl-ca-cert=CERT OVN Northbound DB SSL CA certificate file
+  --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
+  --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
+  --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
   --ovn-manage-ovsdb=yes|noWhether or not the OVN databases should be
automatically started and stopped along
with ovn-northd. The default is "yes". If
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 2/2] ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP.

[amginwal]

 When starting OVN DBs in HA using pacemaker with ssl, we need to pass ssl
 certs for starting standby DBs. Hence, we need this change.

Signed-off-by: aginwala 
---
 ovn/utilities/ovndb-servers.ocf | 74 -
 1 file changed, 73 insertions(+), 1 deletion(-)

diff --git a/ovn/utilities/ovndb-servers.ocf b/ovn/utilities/ovndb-servers.ocf
index 52141c7..80f81ae 100755
--- a/ovn/utilities/ovndb-servers.ocf
+++ b/ovn/utilities/ovndb-servers.ocf
@@ -10,6 +10,12 @@
 : ${MANAGE_NORTHD_DEFAULT="no"}
 : ${INACTIVE_PROBE_DEFAULT="5000"}
 : ${LISTEN_ON_MASTER_IP_ONLY_DEFAULT="yes"}
+: ${NB_SSL_KEY_DEFAULT="/etc/openvswitch/ovnnb-privkey.pem"}
+: ${NB_SSL_CERT_DEFAULT="/etc/openvswitch/ovnnb-cert.pem"}
+: ${NB_SSL_CACERT_DEFAULT="/etc/openvswitch/cacert.pem"}
+: ${SB_SSL_KEY_DEFAULT="/etc/openvswitch/ovnsb-privkey.pem"}
+: ${SB_SSL_CERT_DEFAULT="/etc/openvswitch/ovnsb-cert.pem"}
+: ${SB_SSL_CACERT_DEFAULT="/etc/openvswitch/cacert.pem"}
 
 CRM_MASTER="${HA_SBIN_DIR}/crm_master -l reboot"
 CRM_ATTR_REPL_INFO="${HA_SBIN_DIR}/crm_attribute --type crm_config --name 
OVN_REPL_INFO -s ovn_ovsdb_master_server"
@@ -21,6 +27,13 @@ 
SB_MASTER_PORT=${OCF_RESKEY_sb_master_port:-${SB_MASTER_PORT_DEFAULT}}
 SB_MASTER_PROTO=${OCF_RESKEY_sb_master_protocol:-${SB_MASTER_PROTO_DEFAULT}}
 MANAGE_NORTHD=${OCF_RESKEY_manage_northd:-${MANAGE_NORTHD_DEFAULT}}
 INACTIVE_PROBE=${OCF_RESKEY_inactive_probe_interval:-${INACTIVE_PROBE_DEFAULT}}
+NB_PRIVKEY=${OCF_RESKEY_ovn_nb_db_privkey:-${NB_SSL_KEY_DEFAULT}}
+NB_CERT=${OCF_RESKEY_ovn_nb_db_cert:-${NB_SSL_CERT_DEFAULT}}
+NB_CACERT=${OCF_RESKEY_ovn_nb_db_cacert:-${NB_SSL_CACERT_DEFAULT}}
+SB_PRIVKEY=${OCF_RESKEY_ovn_sb_db_privkey:-${SB_SSL_KEY_DEFAULT}}
+SB_CERT=${OCF_RESKEY_ovn_sb_db_cert:-${SB_SSL_CERT_DEFAULT}}
+SB_CACERT=${OCF_RESKEY_ovn_sb_db_cacert:-${SB_SSL_CACERT_DEFAULT}}
+
 
 # In order for pacemaker to work with LB, we can set LISTEN_ON_MASTER_IP_ONLY
 # to false and pass LB vip IP while creating pcs resource.
@@ -132,6 +145,54 @@ ovsdb_server_metadata() {
   
   
 
+  
+  
+  OVN NB DB private key absolute path for ssl setup.
+  
+  OVN NB DB private key file
+  
+  
+
+  
+  
+  OVN NB DB certificate absolute path for ssl setup.
+  
+  OVN NB DB cert file
+  
+  
+
+  
+  
+  OVN NB DB CA certificate absolute path for ssl setup.
+  
+  OVN NB DB cacert file
+  
+  
+
+  
+  
+  OVN SB DB private key absolute path for ssl setup.
+  
+  OVN SB DB private key file
+  
+  
+
+  
+  
+  OVN SB DB certificate absolute path for ssl setup.
+  
+  OVN SB DB cert file
+  
+  
+
+  
+  
+  OVN SB DB CA certificate absolute path for ssl setup.
+  
+  OVN SB DB cacert file
+  
+  
+
   
 
   
@@ -326,6 +387,18 @@ ovsdb_server_start() {
set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
 fi
 
+if [ "x${NB_MASTER_PROTO}" = xssl ]; then
+set $@ --db-nb-create-insecure-remote=no
+set $@ --ovn-nb-db-ssl-key=${NB_PRIVKEY}
+set $@ --ovn-nb-db-ssl-cert=${NB_CERT}
+set $@ --ovn-nb-db-ssl-ca-cert=${NB_CACERT}
+fi
+if [ "x${SB_MASTER_PROTO}" = xssl ]; then
+set $@ --db-sb-create-insecure-remote=no
+set $@ --ovn-sb-db-ssl-key=${SB_PRIVKEY}
+set $@ --ovn-sb-db-ssl-cert=${SB_CERT}
+set $@ --ovn-sb-db-ssl-ca-cert=${SB_CACERT}
+fi
 if [ "x${present_master}" = x ]; then
 # No master detected, or the previous master is not among the
 # set starting.
@@ -343,7 +416,6 @@ ovsdb_server_start() {
 set $@ --db-nb-sync-from-addr=${INVALID_IP_ADDRESS} 
--db-sb-sync-from-addr=${INVALID_IP_ADDRESS}
 
 elif [ ${present_master} != ${host_name} ]; then
-# TODO: for using LB vip, need to test for ssl.
 if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xyes ]; then
 if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
 set $@ --db-nb-create-insecure-remote=yes
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 1/2] ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.

[amginwal]

 For OVN DBs to work with SSL in HA, we need to have capability to
 pass ssl certs when starting OVN DBs. Say when starting OVN DBs in active
 passive mode, in order for the standby DBs to sync from master node, it
 cannot sync because the required ssl certs are not passed when standby DBs
 are initialized. Hence, we need to have this option.

e.g. start nb db with ssl certs as below:
/usr/share/openvswitch/scripts/ovn-ctl 
--ovn-nb-db-ssl-key=/etc/openvswitch/ovnnb-privkey.pem \
--ovn-nb-db-ssl-cert=/etc/openvswitch/ovnnb-cert.pem \
--ovn-nb-db-ssl-ca-cert=/etc/openvswitch/cacert.pem \
--db-nb-create-insecure-remote=no start_nb_ovsdb

Certs can be generated based on ovs ssl docs:
http://docs.openvswitch.org/en/latest/howto/ssl/

Signed-off-by: aginwala 
---
 ovn/utilities/ovn-ctl | 50 +++---
 1 file changed, 43 insertions(+), 7 deletions(-)

diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
index 3ff0df6..4f45f3d 100755
--- a/ovn/utilities/ovn-ctl
+++ b/ovn/utilities/ovn-ctl
@@ -116,6 +116,9 @@ start_ovsdb__() {
 local addr
 local active_conf_file
 local use_remote_in_db
+local ovn_db_ssl_key
+local ovn_db_ssl_cert
+local ovn_db_ssl_cacert
 eval pid=\$DB_${DB}_PID
 eval cluster_local_addr=\$DB_${DB}_CLUSTER_LOCAL_ADDR
 eval cluster_local_port=\$DB_${DB}_CLUSTER_LOCAL_PORT
@@ -137,6 +140,9 @@ start_ovsdb__() {
 eval addr=\$DB_${DB}_ADDR
 eval active_conf_file=\$ovn${db}_active_conf_file
 eval use_remote_in_db=\$DB_${DB}_USE_REMOTE_IN_DB
+eval ovn_db_ssl_key=\$OVN_${DB}_DB_SSL_KEY
+eval ovn_db_ssl_cert=\$OVN_${DB}_DB_SSL_CERT
+eval ovn_db_ssl_cacert=\$OVN_${DB}_DB_SSL_CA_CERT
 
 # Check and eventually start ovsdb-server for DB
 if pidfile_is_running $pid; then
@@ -182,17 +188,32 @@ $cluster_remote_port
 
 if test X"$use_remote_in_db" != Xno; then
 set "$@" --remote=db:$schema_name,$table_name,connections
+if test X"$create_insecure_remote" = Xno; then
+set "$@" --remote=pssl:$port:$addr
+elif test X"$create_insecure_remote" = Xyes; then
+set "$@" --remote=ptcp:$port:$addr
+fi
 fi
-set "$@" --private-key=db:$schema_name,SSL,private_key
-set "$@" --certificate=db:$schema_name,SSL,certificate
-set "$@" --ca-cert=db:$schema_name,SSL,ca_cert
-set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
-set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
 
-if test X"$create_insecure_remote" = Xyes; then
-set "$@" --remote=ptcp:$port:$addr
+if test X"$ovn_db_ssl_key" != X; then
+set "$@" --private-key=$ovn_db_ssl_key
+else
+set "$@" --private-key=db:$schema_name,SSL,private_key
+fi
+if test X"$ovn_db_ssl_cert" != X; then
+set "$@" --certificate=$ovn_db_ssl_cert
+else
+set "$@" --certificate=db:$schema_name,SSL,certificate
+fi
+if test X"$ovn_db_ssl_cacert" != X; then
+set "$@" --ca-cert=$ovn_db_ssl_cacert
+else
+set "$@" --ca-cert=db:$schema_name,SSL,ca_cert
 fi
 
+set "$@" --ssl-protocols=db:$schema_name,SSL,ssl_protocols
+set "$@" --ssl-ciphers=db:$schema_name,SSL,ssl_ciphers
+
 if test $mode = active_passive; then
 set "$@" --sync-from=`cat $active_conf_file`
 fi
@@ -481,6 +502,15 @@ set_defaults () {
 OVN_NORTHD_SB_DB="unix:$DB_SB_SOCK"
 DB_NB_USE_REMOTE_IN_DB="yes"
 DB_SB_USE_REMOTE_IN_DB="yes"
+
+OVN_NB_DB_SSL_KEY=""
+OVN_NB_DB_SSL_CERT=""
+OVN_NB_DB_SSL_CA_CERT=""
+
+OVN_SB_DB_SSL_KEY=""
+OVN_SB_DB_SSL_CERT=""
+OVN_SB_DB_SSL_CA_CERT=""
+
 }
 
 set_option () {
@@ -536,6 +566,12 @@ Options:
   --ovn-controller-ssl-cert=CERT OVN Southbound SSL certificate file
   --ovn-controller-ssl-ca-cert=CERT OVN Southbound SSL CA certificate file
   --ovn-controller-ssl-bootstrap-ca-cert=CERT Bootstrapped OVN Southbound SSL 
CA certificate file
+  --ovn-nb-db-ssl-key=KEY OVN Northbound DB SSL private key file
+  --ovn-nb-db-ssl-cert=CERT OVN Northbound DB SSL certificate file
+  --ovn-nb-db-ssl-ca-cert=CERT OVN Northbound DB SSL CA certificate file
+  --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
+  --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
+  --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
   --ovn-manage-ovsdb=yes|noWhether or not the OVN databases should be
automatically started and stopped along
with ovn-northd. The default is "yes". If
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] Use new default nb and sb dbs for sandbox northd:

[amginwal]

From: aginwala 

As per new clustering change, ovn-northd sandbox should use nb1.ovsdb and
sb1.ovsdb. It was updated in ovn-northd --help section but missed for sandbox.
This commit fixes the same

Reported-by: Mark Michelson 
Reported-at: 
https://mail.openvswitch.org/pipermail/ovs-dev/2018-March/345535.html
Acked-By: aginwala 
Signed-off-by: aginwala 
---
 ...-default-nb-and-sb-dbs-for-sandbox-northd.patch | 50 ++
 tutorial/ovn-setup.sh  |  4 ++
 tutorial/ovs-sandbox   |  4 +-
 3 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100644 0001-Use-new-default-nb-and-sb-dbs-for-sandbox-northd.patch

diff --git a/0001-Use-new-default-nb-and-sb-dbs-for-sandbox-northd.patch 
b/0001-Use-new-default-nb-and-sb-dbs-for-sandbox-northd.patch
new file mode 100644
index 000..c8a0286
--- /dev/null
+++ b/0001-Use-new-default-nb-and-sb-dbs-for-sandbox-northd.patch
@@ -0,0 +1,50 @@
+From eb9051426693843797ea0f2a0bf21b1b5272fd2f Mon Sep 17 00:00:00 2001
+From: aginwala 
+Date: Fri, 23 Mar 2018 12:41:24 -0700
+Subject: [PATCH] Use new default nb and sb dbs for sandbox northd:
+
+As per new clustering change, ovn-northd sandbox should use nb1.ovsdb and
+sb1.ovsdb. It was updated in ovn-northd --help section but missed for sandbox.
+This commit fixes the same
+
+Reported-by: Mark Michelson 
+Reported-at: 
https://mail.openvswitch.org/pipermail/ovs-dev/2018-March/345535.html
+Acked-By: aginwala 
+Signed-off-by: aginwala 
+---
+ tutorial/ovn-setup.sh | 4 
+ tutorial/ovs-sandbox  | 4 ++--
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/tutorial/ovn-setup.sh b/tutorial/ovn-setup.sh
+index 943ca58..9a725cf 100755
+--- a/tutorial/ovn-setup.sh
 b/tutorial/ovn-setup.sh
+@@ -31,5 +31,9 @@ ovs-vsctl add-port br-int p2 -- \
+ # View a summary of the configuration
+ printf "\n=== ovn-nbctl show ===\n\n"
+ ovn-nbctl show
++printf "\n=== ovn-nbctl show with wait hv ===\n\n"
++ovn-nbctl --wait=hv show
+ printf "\n=== ovn-sbctl show ===\n\n"
+ ovn-sbctl show
++printf "\n=== ovn-sbctl show with wait hv ===\n\n"
++ovn-sbctl --wait=hv show
+diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox
+index babc032..c3e9f12 100755
+--- a/tutorial/ovs-sandbox
 b/tutorial/ovs-sandbox
+@@ -510,8 +510,8 @@ if $ovn; then
+ fi
+ rungdb $gdb_ovn_northd $gdb_ovn_northd_ex ovn-northd --detach \
+ --no-chdir --pidfile -vconsole:off --log-file \
+---ovnsb-db=unix:"$sandbox"/ovnsb_db.sock \
+---ovnnb-db=unix:"$sandbox"/ovnnb_db.sock
++--ovnsb-db=unix:"$sandbox"/sb1.ovsdb \
++--ovnnb-db=unix:"$sandbox"/nb1.ovsdb
+ rungdb $gdb_ovn_controller $gdb_ovn_controller_ex ovn-controller \
+ $OVN_CTRLR_PKI --detach --no-chdir --pidfile -vconsole:off --log-file
+ rungdb $gdb_ovn_controller_vtep $gdb_ovn_controller_vtep_ex \
+-- 
+1.9.1
+
diff --git a/tutorial/ovn-setup.sh b/tutorial/ovn-setup.sh
index 943ca58..9a725cf 100755
--- a/tutorial/ovn-setup.sh
+++ b/tutorial/ovn-setup.sh
@@ -31,5 +31,9 @@ ovs-vsctl add-port br-int p2 -- \
 # View a summary of the configuration
 printf "\n=== ovn-nbctl show ===\n\n"
 ovn-nbctl show
+printf "\n=== ovn-nbctl show with wait hv ===\n\n"
+ovn-nbctl --wait=hv show
 printf "\n=== ovn-sbctl show ===\n\n"
 ovn-sbctl show
+printf "\n=== ovn-sbctl show with wait hv ===\n\n"
+ovn-sbctl --wait=hv show
diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox
index babc032..c3e9f12 100755
--- a/tutorial/ovs-sandbox
+++ b/tutorial/ovs-sandbox
@@ -510,8 +510,8 @@ if $ovn; then
 fi
 rungdb $gdb_ovn_northd $gdb_ovn_northd_ex ovn-northd --detach \
 --no-chdir --pidfile -vconsole:off --log-file \
---ovnsb-db=unix:"$sandbox"/ovnsb_db.sock \
---ovnnb-db=unix:"$sandbox"/ovnnb_db.sock
+--ovnsb-db=unix:"$sandbox"/sb1.ovsdb \
+--ovnnb-db=unix:"$sandbox"/nb1.ovsdb
 rungdb $gdb_ovn_controller $gdb_ovn_controller_ex ovn-controller \
 $OVN_CTRLR_PKI --detach --no-chdir --pidfile -vconsole:off --log-file
 rungdb $gdb_ovn_controller_vtep $gdb_ovn_controller_vtep_ex \
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] Show total_ports_on_switch when displaying logical_switch:

[amginwal]

From: aginwala 

e.g. when running ovn-nbctl show ls, it's good to have total ports that are
attached to the switch.

Signed-off-by: Aliasgar Ginwala 
---
 ovn/utilities/ovn-nbctl.c |  1 +
 tests/ovn-nbctl.at| 10 ++
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/ovn/utilities/ovn-nbctl.c b/ovn/utilities/ovn-nbctl.c
index c9aa2fe..0f1e952 100644
--- a/ovn/utilities/ovn-nbctl.c
+++ b/ovn/utilities/ovn-nbctl.c
@@ -682,6 +682,7 @@ print_ls(const struct nbrec_logical_switch *ls, struct ds 
*s)
 ds_put_format(s, "router-port: %s\n", router_port);
 }
 }
+ds_put_format(s, "total_ports_on_switch: %u\n", ls->n_ports);
 }
 
 static void
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index 5ac4a6d..5fbaffd 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -43,15 +43,17 @@ AT_CHECK([ovn-nbctl ls-list | uuidfilt], [0], [dnl
 q
 AT_CHECK([ovn-nbctl show ls0])
 AT_CHECK([ovn-nbctl ls-add ls0])
-AT_CHECK([ovn-nbctl show ls0 | uuidfilt], [0],
-  [switch <0> (ls0)
+AT_CHECK([ovn-nbctl show ls0 | uuidfilt], [0], [dnl
+switch <0> (ls0)
+total_ports_on_switch: 0
 ])
 AT_CHECK([ovn-nbctl ls-add ls0], [1], [],
   [ovn-nbctl: ls0: a switch with this name already exists
 ])
 AT_CHECK([ovn-nbctl --may-exist ls-add ls0])
-AT_CHECK([ovn-nbctl show ls0 | uuidfilt], [0],
-  [switch <0> (ls0)
+AT_CHECK([ovn-nbctl show ls0 | uuidfilt], [0], [dnl
+switch <0> (ls0)
+total_ports_on_switch: 0
 ])
 AT_CHECK([ovn-nbctl --add-duplicate ls-add ls0])
 AT_CHECK([ovn-nbctl --may-exist --add-duplicate ls-add ls0], [1], [],
-- 
1.9.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev