Message ID | 1572469973-2733-3-git-send-email-hzhou@ovn.org |
---|---|
State | Superseded |
Headers | show |
Series | OVN Interconnection | expand |
Bleep bloop. Greetings Han Zhou, I am a robot and I have tried out your patch. Thanks for your contribution. I encountered some error that I wasn't expecting. See the details below. checkpatch: WARNING: Line is 85 characters long (recommended limit is 79) #349 FILE: ovn-inb.xml:35: Northbound configuration for OVN interconnection. This table must have exactly WARNING: Line is 80 characters long (recommended limit is 79) #381 FILE: ovn-inb.xml:67: Each row represents one transit logical switch for interconnection between WARNING: Line is 82 characters long (recommended limit is 79) #473 FILE: ovn-inb.xml:159: <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt> WARNING: Line is 81 characters long (recommended limit is 79) #480 FILE: ovn-inb.xml:166: specified via command-line options or the <ref table="SSL"/> table. WARNING: Line is 82 characters long (recommended limit is 79) #491 FILE: ovn-inb.xml:177: <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt> WARNING: Line is 84 characters long (recommended limit is 79) #497 FILE: ovn-inb.xml:183: address, wrap it in square brackets, e.g. <code>tcp:[::1]:6640</code>. WARNING: Line is 85 characters long (recommended limit is 79) #503 FILE: ovn-inb.xml:189: <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt> WARNING: Line is 80 characters long (recommended limit is 79) #515 FILE: ovn-inb.xml:201: A valid SSL configuration must be provided when this form is used, WARNING: Line is 85 characters long (recommended limit is 79) #527 FILE: ovn-inb.xml:213: <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt> WARNING: Line is 110 characters long (recommended limit is 79) #602 FILE: ovn-inb.xml:288: type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'> WARNING: Line is 94 characters long (recommended limit is 79) #851 FILE: utilities/ovn-inbctl.8.xml:4: <p>ovn-inbctl -- Open Virtual Network interconnection northbound db management utility</p> WARNING: Line is 94 characters long (recommended limit is 79) #854 FILE: utilities/ovn-inbctl.8.xml:7: <p><code>ovn-inbctl</code> [<var>options</var>] <var>command</var> [<var>arg</var>...]</p> WARNING: Line is 90 characters long (recommended limit is 79) #857 FILE: utilities/ovn-inbctl.8.xml:10: <p>This utility can be used to manage the OVN interconnection northbound database.</p> WARNING: Line is 81 characters long (recommended limit is 79) #903 FILE: utilities/ovn-inbctl.8.xml:56: <p>These commands query and modify the contents of <code>ovsdb</code> tables. WARNING: Line is 90 characters long (recommended limit is 79) #905 FILE: utilities/ovn-inbctl.8.xml:58: as such they operate at a lower level than other <code>ovn-inbctl</code> commands.</p> WARNING: Line is 82 characters long (recommended limit is 79) #907 FILE: utilities/ovn-inbctl.8.xml:60: <p>Each of these commands has a <var>table</var> parameter to identify a table WARNING: Line is 87 characters long (recommended limit is 79) #931 FILE: utilities/ovn-inbctl.8.xml:84: <xi:include href="lib/db-ctl-base.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> WARNING: Line is 114 characters long (recommended limit is 79) #945 FILE: utilities/ovn-inbctl.8.xml:98: <dt>[<code>--inactivity-probe=</code><var>msecs</var>] <code>set-connection</code> <var>target</var>...</dt> WARNING: Line is 80 characters long (recommended limit is 79) #948 FILE: utilities/ovn-inbctl.8.xml:101: <code>--inactivity-probe=</code><var>msecs</var> to override the default WARNING: Line is 83 characters long (recommended limit is 79) #949 FILE: utilities/ovn-inbctl.8.xml:102: idle connection inactivity probe time. Use 0 to disable inactivity probes. WARNING: Line is 83 characters long (recommended limit is 79) #980 FILE: utilities/ovn-inbctl.8.xml:133: Otherwise, the default is <code>unix:@RUNDIR@/ovninb_db.sock</code>, but this WARNING: Line is 80 characters long (recommended limit is 79) #992 FILE: utilities/ovn-inbctl.8.xml:145: <code>--no-leader-only</code>, <code>ovn-inbctl</code> will use any server WARNING: Line is 80 characters long (recommended limit is 79) #1002 FILE: utilities/ovn-inbctl.8.xml:155: <xi:include href="lib/vlog.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> WARNING: Line is 81 characters long (recommended limit is 79) #1007 FILE: utilities/ovn-inbctl.8.xml:160: <xi:include href="lib/table.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> WARNING: Line is 89 characters long (recommended limit is 79) #1015 FILE: utilities/ovn-inbctl.8.xml:168: <xi:include href="lib/ssl-bootstrap.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> WARNING: Line is 82 characters long (recommended limit is 79) #1019 FILE: utilities/ovn-inbctl.8.xml:172: <xi:include href="lib/common.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> WARNING: Line lacks whitespace around operator #1331 FILE: utilities/ovn-inbctl.c:304: ts-add SWITCH create a transit switch named SWITCH\n\ WARNING: Line lacks whitespace around operator #1332 FILE: utilities/ovn-inbctl.c:305: ts-del SWITCH delete SWITCH\n\ WARNING: Line lacks whitespace around operator #1333 FILE: utilities/ovn-inbctl.c:306: ts-list print all transit switches\n\ WARNING: Line lacks whitespace around operator #1336 FILE: utilities/ovn-inbctl.c:309: get-connection print the connections\n\ WARNING: Line lacks whitespace around operator #1337 FILE: utilities/ovn-inbctl.c:310: del-connection delete the connections\n\ WARNING: Line lacks whitespace around operator WARNING: Line lacks whitespace around operator WARNING: Line lacks whitespace around operator #1338 FILE: utilities/ovn-inbctl.c:311: [--inactivity-probe=MSECS]\n\ WARNING: Line lacks whitespace around operator #1339 FILE: utilities/ovn-inbctl.c:312: set-connection TARGET... set the list of connections to TARGET...\n\ WARNING: Line lacks whitespace around operator #1342 FILE: utilities/ovn-inbctl.c:315: get-ssl print the SSL configuration\n\ WARNING: Line lacks whitespace around operator #1343 FILE: utilities/ovn-inbctl.c:316: del-ssl delete the SSL configuration\n\ WARNING: Line lacks whitespace around operator #1344 FILE: utilities/ovn-inbctl.c:317: set-ssl PRIV-KEY CERT CA-CERT [SSL-PROTOS [SSL-CIPHERS]] \ WARNING: Line lacks whitespace around operator WARNING: Line lacks whitespace around operator #1351 FILE: utilities/ovn-inbctl.c:324: --db=DATABASE connect to DATABASE\n\ WARNING: Line lacks whitespace around operator #1353 FILE: utilities/ovn-inbctl.c:326: --no-leader-only accept any cluster member, not just the leader\n\ WARNING: Line lacks whitespace around operator WARNING: Line lacks whitespace around operator #1354 FILE: utilities/ovn-inbctl.c:327: -t, --timeout=SECS wait at most SECS seconds\n\ WARNING: Line lacks whitespace around operator #1355 FILE: utilities/ovn-inbctl.c:328: --dry-run do not commit changes to database\n\ WARNING: Line lacks whitespace around operator WARNING: Line lacks whitespace around operator WARNING: Line lacks whitespace around operator #1362 FILE: utilities/ovn-inbctl.c:335: --no-syslog equivalent to --verbose=inbctl:syslog:warn\n"); WARNING: Comment with 'xxx' marker #1782 FILE: utilities/ovn-inbctl.c:755: /* XXX add verification that table is empty */ Lines checked: 1981, Warnings: 48, Errors: 0 Please check this out. If you feel there has been an error, please email aconole@redhat.com Thanks, 0-day Robot
This patch has some whitespace warning when applying the patch. Applying: ovn-inb: Interconnection northbound DB schema and CLI. .git/rebase-apply/patch:167: new blank line at EOF. + warning: 1 line adds whitespace errors. On Thu, Oct 31, 2019 at 2:45 AM Han Zhou <hzhou@ovn.org> wrote: > > This patch introduces OVN_IC_Northbound DB schema and the CLI > ovn-inbctl that manages the DB. > > Signed-off-by: Han Zhou <hzhou@ovn.org> > --- > .gitignore | 3 + > automake.mk | 37 ++ > debian/ovn-common.install | 1 + > debian/ovn-common.manpages | 2 + > lib/.gitignore | 3 + > lib/automake.mk | 17 +- > lib/ovn-inb-idl.ann | 9 + > lib/ovn-util.c | 13 + > lib/ovn-util.h | 1 + > ovn-inb.ovsschema | 75 ++++ > ovn-inb.xml | 371 ++++++++++++++++++ > tests/automake.mk | 2 + > tests/ovn-inbctl.at | 65 ++++ > tests/testsuite.at | 1 + > utilities/.gitignore | 2 + > utilities/automake.mk | 8 + > utilities/ovn-inbctl.8.xml | 174 +++++++++ > utilities/ovn-inbctl.c | 948 +++++++++++++++++++++++++++++++++++++++++++++ > 18 files changed, 1731 insertions(+), 1 deletion(-) > create mode 100644 lib/ovn-inb-idl.ann > create mode 100644 ovn-inb.ovsschema > create mode 100644 ovn-inb.xml > create mode 100644 tests/ovn-inbctl.at > create mode 100644 utilities/ovn-inbctl.8.xml > create mode 100644 utilities/ovn-inbctl.c > > diff --git a/.gitignore b/.gitignore > index 6fee075..1994937 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -67,6 +67,9 @@ > /ovn-sb.5 > /ovn-sb.gv > /ovn-sb.pic > +/ovn-inb.5 > +/ovn-inb.gv > +/ovn-inb.pic > /package.m4 > /stamp-h1 > /_build-gcc > diff --git a/automake.mk b/automake.mk > index ad801f1..3bfbf57 100644 > --- a/automake.mk > +++ b/automake.mk > @@ -66,6 +66,36 @@ ovn-sb.5: \ > $(srcdir)/ovn-sb.xml > $@.tmp && \ > mv $@.tmp $@ > > +# OVN interconnection northbound E-R diagram > +# > +# If "python" or "dot" is not available, then we do not add graphical diagram > +# to the documentation. > +if HAVE_PYTHON > +if HAVE_DOT > +ovn-inb.gv: ${OVSDIR}/ovsdb/ovsdb-dot.in $(srcdir)/ovn-inb.ovsschema > + $(AM_V_GEN)$(OVSDB_DOT) --no-arrows $(srcdir)/ovn-inb.ovsschema > $@ > +ovn-inb.pic: ovn-inb.gv ${OVSDIR}/ovsdb/dot2pic > + $(AM_V_GEN)(dot -T plain < ovn-inb.gv | $(PYTHON) ${OVSDIR}/ovsdb/dot2pic -f 3) > $@.tmp && \ > + mv $@.tmp $@ > +OVN_INB_PIC = ovn-inb.pic > +OVN_INB_DOT_DIAGRAM_ARG = --er-diagram=$(OVN_INB_PIC) > +CLEANFILES += ovn-inb.gv ovn-inb.pic > +endif > +endif > + > +# OVN interconnection northbound schema documentation > +EXTRA_DIST += ovn-inb.xml > +CLEANFILES += ovn-inb.5 > +man_MANS += ovn-inb.5 > + > +ovn-inb.5: \ > + ${OVSDIR}/ovsdb/ovsdb-doc $(srcdir)/ovn-inb.xml $(srcdir)/ovn-inb.ovsschema $(OVN_INB_PIC) > + $(AM_V_GEN)$(OVSDB_DOC) \ > + $(OVN_INB_DOT_DIAGRAM_ARG) \ > + --version=$(VERSION) \ > + $(srcdir)/ovn-inb.ovsschema \ > + $(srcdir)/ovn-inb.xml > $@.tmp && \ > + mv $@.tmp $@ > > # Version checking for ovn-nb.ovsschema. > ALL_LOCAL += ovn-nb.ovsschema.stamp > @@ -78,7 +108,14 @@ ALL_LOCAL += ovn-sb.ovsschema.stamp > ovn-sb.ovsschema.stamp: ovn-sb.ovsschema > $(srcdir)/build-aux/cksum-schema-check $? $@ > > +# Version checking for ovn-inb.ovsschema. > +ALL_LOCAL += ovn-inb.ovsschema.stamp > +ovn-inb.ovsschema.stamp: ovn-inb.ovsschema > + $(srcdir)/build-aux/cksum-schema-check $? $@ > +CLEANFILES += ovn-inb.ovsschema.stamp > + > pkgdata_DATA += ovn-nb.ovsschema > pkgdata_DATA += ovn-sb.ovsschema > +pkgdata_DATA += ovn-inb.ovsschema > > CLEANFILES += ovn-sb.ovsschema.stamp > diff --git a/debian/ovn-common.install b/debian/ovn-common.install > index 90484d2..9e9bcfb 100644 > --- a/debian/ovn-common.install > +++ b/debian/ovn-common.install > @@ -1,5 +1,6 @@ > usr/bin/ovn-nbctl > usr/bin/ovn-sbctl > +usr/bin/ovn-inbctl > usr/bin/ovn-trace > usr/bin/ovn-detrace > usr/share/openvswitch/scripts/ovn-ctl > diff --git a/debian/ovn-common.manpages b/debian/ovn-common.manpages > index 249349e..94325dd 100644 > --- a/debian/ovn-common.manpages > +++ b/debian/ovn-common.manpages > @@ -1,8 +1,10 @@ > ovn/ovn-architecture.7 > ovn/ovn-nb.5 > ovn/ovn-sb.5 > +ovn/ovn-inb.5 > ovn/utilities/ovn-ctl.8 > ovn/utilities/ovn-nbctl.8 > ovn/utilities/ovn-sbctl.8 > +ovn/utilities/ovn-inbctl.8 > ovn/utilities/ovn-trace.8 > ovn/utilities/ovn-detrace.1 > diff --git a/lib/.gitignore b/lib/.gitignore > index 3eed458..e5d9bf3 100644 > --- a/lib/.gitignore > +++ b/lib/.gitignore > @@ -5,4 +5,7 @@ > /ovn-sb-idl.c > /ovn-sb-idl.h > /ovn-sb-idl.ovsidl > +/ovn-inb-idl.c > +/ovn-inb-idl.h > +/ovn-inb-idl.ovsidl > /ovn-dirs.c > diff --git a/lib/automake.mk b/lib/automake.mk > index 0c8245c..83fdbcd 100644 > --- a/lib/automake.mk > +++ b/lib/automake.mk > @@ -29,7 +29,9 @@ nodist_lib_libovn_la_SOURCES = \ > lib/ovn-nb-idl.c \ > lib/ovn-nb-idl.h \ > lib/ovn-sb-idl.c \ > - lib/ovn-sb-idl.h > + lib/ovn-sb-idl.h \ > + lib/ovn-inb-idl.c \ > + lib/ovn-inb-idl.h > > CLEANFILES += $(nodist_lib_libovn_la_SOURCES) > > @@ -74,3 +76,16 @@ lib/ovn-nb-idl.ovsidl: $(OVN_NB_IDL_FILES) > $(AM_V_GEN)$(OVSDB_IDLC) annotate $(OVN_NB_IDL_FILES) > $@.tmp && \ > mv $@.tmp $@ > > +# ovn-inb IDL > +OVSIDL_BUILT += \ > + lib/ovn-inb-idl.c \ > + lib/ovn-inb-idl.h \ > + lib/ovn-inb-idl.ovsidl > +EXTRA_DIST += lib/ovn-inb-idl.ann > +OVN_INB_IDL_FILES = \ > + $(srcdir)/ovn-inb.ovsschema \ > + $(srcdir)/lib/ovn-inb-idl.ann > +lib/ovn-inb-idl.ovsidl: $(OVN_INB_IDL_FILES) > + $(AM_V_GEN)$(OVSDB_IDLC) annotate $(OVN_INB_IDL_FILES) > $@.tmp && \ > + mv $@.tmp $@ > + > diff --git a/lib/ovn-inb-idl.ann b/lib/ovn-inb-idl.ann > new file mode 100644 > index 0000000..98be47d > --- /dev/null > +++ b/lib/ovn-inb-idl.ann > @@ -0,0 +1,9 @@ > +# -*- python -*- > + > +# This code, when invoked by "ovsdb-idlc annotate" (by the build > +# process), annotates ovn-inb.ovsschema with additional data that give > +# the ovsdb-idl engine information about the types involved, so that > +# it can generate more programmer-friendly data structures. > + > +s["idlPrefix"] = "inbrec_" > +s["idlHeader"] = "\"lib/ovn-inb-idl.h\"" > diff --git a/lib/ovn-util.c b/lib/ovn-util.c > index e67c3c0..23a362c 100644 > --- a/lib/ovn-util.c > +++ b/lib/ovn-util.c > @@ -350,6 +350,19 @@ default_sb_db(void) > return def; > } > > +const char * > +default_inb_db(void) > +{ > + static char *def; > + if (!def) { > + def = getenv("OVN_INB_DB"); > + if (!def) { > + def = xasprintf("unix:%s/ovninb_db.sock", ovn_rundir()); > + } > + } > + return def; > +} > + > char * > get_abs_unix_ctl_path(void) > { > diff --git a/lib/ovn-util.h b/lib/ovn-util.h > index b58208e..e31cf51 100644 > --- a/lib/ovn-util.h > +++ b/lib/ovn-util.h > @@ -72,6 +72,7 @@ char *alloc_nat_zone_key(const struct uuid *key, const char *type); > > const char *default_nb_db(void); > const char *default_sb_db(void); > +const char *default_inb_db(void); > char *get_abs_unix_ctl_path(void); > > struct ovsdb_idl_table_class; > diff --git a/ovn-inb.ovsschema b/ovn-inb.ovsschema > new file mode 100644 > index 0000000..3acbb4c > --- /dev/null > +++ b/ovn-inb.ovsschema > @@ -0,0 +1,75 @@ > +{ > + "name": "OVN_IC_Northbound", > + "version": "1.0.0", > + "cksum": "258158772 3381", > + "tables": { > + "INB_Global": { > + "columns": { > + "external_ids": { > + "type": {"key": "string", "value": "string", > + "min": 0, "max": "unlimited"}}, > + "connections": { > + "type": {"key": {"type": "uuid", > + "refTable": "Connection"}, > + "min": 0, > + "max": "unlimited"}}, > + "ssl": { > + "type": {"key": {"type": "uuid", > + "refTable": "SSL"}, > + "min": 0, "max": 1}}, > + "options": { > + "type": {"key": "string", "value": "string", > + "min": 0, "max": "unlimited"}}}, > + "maxRows": 1, > + "isRoot": true}, > + "Transit_Switch": { > + "columns": { > + "name": {"type": "string"}, > + "other_config": { > + "type": {"key": "string", "value": "string", > + "min": 0, "max": "unlimited"}}, > + "external_ids": { > + "type": {"key": "string", "value": "string", > + "min": 0, "max": "unlimited"}}}, > + "isRoot": true, > + "indexes": [["name"]]}, > + "Connection": { > + "columns": { > + "target": {"type": "string"}, > + "max_backoff": {"type": {"key": {"type": "integer", > + "minInteger": 1000}, > + "min": 0, > + "max": 1}}, > + "inactivity_probe": {"type": {"key": "integer", > + "min": 0, > + "max": 1}}, > + "other_config": {"type": {"key": "string", > + "value": "string", > + "min": 0, > + "max": "unlimited"}}, > + "external_ids": {"type": {"key": "string", > + "value": "string", > + "min": 0, > + "max": "unlimited"}}, > + "is_connected": {"type": "boolean", "ephemeral": true}, > + "status": {"type": {"key": "string", > + "value": "string", > + "min": 0, > + "max": "unlimited"}, > + "ephemeral": true}}, > + "indexes": [["target"]]}, > + "SSL": { > + "columns": { > + "private_key": {"type": "string"}, > + "certificate": {"type": "string"}, > + "ca_cert": {"type": "string"}, > + "bootstrap_ca_cert": {"type": "boolean"}, > + "ssl_protocols": {"type": "string"}, > + "ssl_ciphers": {"type": "string"}, > + "external_ids": {"type": {"key": "string", > + "value": "string", > + "min": 0, > + "max": "unlimited"}}}, > + "maxRows": 1} > + } > +} > diff --git a/ovn-inb.xml b/ovn-inb.xml > new file mode 100644 > index 0000000..e7ee335 > --- /dev/null > +++ b/ovn-inb.xml > @@ -0,0 +1,371 @@ > +<?xml version="1.0" encoding="utf-8"?> > +<database name="ovn-inb" title="OVN Interconnection Northbound Database"> > + <p> > + This database is the interface for cloud management system (CMS), such as > + OpenStack, to configure OVN interconnection settings. The CMS produces > + almost all of the contents of the database. The <code>ovn-ic</code> > + program monitors the database contents, transforms it, and stores it into > + the <ref db="OVN_IC_Southbound"/> database. > + </p> > + > + <p> > + We generally speak of ``the'' CMS, but one can imagine scenarios in > + which multiple CMSes manage different parts of OVN interconnection. > + </p> > + > + <h2>External IDs</h2> > + > + <p> > + Each of the tables in this database contains a special column, named > + <code>external_ids</code>. This column has the same form and purpose each > + place it appears. > + </p> > + > + <dl> > + <dt><code>external_ids</code>: map of string-string pairs</dt> > + <dd> > + Key-value pairs for use by the CMS. The CMS might use certain pairs, for > + example, to identify entities in its own configuration that correspond to > + those in this database. > + </dd> > + </dl> > + > + <table name="INB_Global" title="IC Northbound configuration"> > + <p> > + Northbound configuration for OVN interconnection. This table must have exactly > + one row. > + </p> > + > + <group title="Common Columns"> > + <column name="external_ids"> > + See <em>External IDs</em> at the beginning of this document. > + </column> > + </group> > + > + <group title="Common options"> > + <column name="options"> > + This column provides general key/value settings. The supported > + options are described individually below. > + </column> > + </group> > + > + <group title="Connection Options"> > + <column name="connections"> > + Database clients to which the Open vSwitch database server should > + connect or on which it should listen, along with options for how these > + connections should be configured. See the <ref table="Connection"/> > + table for more information. > + </column> > + <column name="ssl"> > + Global SSL configuration. > + </column> > + </group> > + </table> > + > + <table name="Transit_Switch" title="Transit logical switch"> > + <p> > + Each row represents one transit logical switch for interconnection between > + different OVN deployments (availability zones). > + </p> > + > + <group title="Naming"> > + <column name="name"> > + A name that uniquely identifies the transit logical switch. > + </column> > + </group> > + > + <group title="Common Columns"> > + <column name="other_config"/> > + <column name="external_ids"> > + See <em>External IDs</em> at the beginning of this document. > + </column> > + </group> > + </table> > + > + <table name="SSL"> > + SSL configuration for ovn-nb database access. > + > + <column name="private_key"> > + Name of a PEM file containing the private key used as the switch's > + identity for SSL connections to the controller. > + </column> > + > + <column name="certificate"> > + Name of a PEM file containing a certificate, signed by the > + certificate authority (CA) used by the controller and manager, > + that certifies the switch's private key, identifying a trustworthy > + switch. > + </column> > + > + <column name="ca_cert"> > + Name of a PEM file containing the CA certificate used to verify > + that the switch is connected to a trustworthy controller. > + </column> > + > + <column name="bootstrap_ca_cert"> > + If set to <code>true</code>, then Open vSwitch will attempt to > + obtain the CA certificate from the controller on its first SSL > + connection and save it to the named PEM file. If it is successful, > + it will immediately drop the connection and reconnect, and from then > + on all SSL connections must be authenticated by a certificate signed > + by the CA certificate thus obtained. <em>This option exposes the > + SSL connection to a man-in-the-middle attack obtaining the initial > + CA certificate.</em> It may still be useful for bootstrapping. > + </column> > + > + <column name="ssl_protocols"> > + List of SSL protocols to be enabled for SSL connections. The default > + when this option is omitted is <code>TLSv1,TLSv1.1,TLSv1.2</code>. > + </column> > + > + <column name="ssl_ciphers"> > + List of ciphers (in OpenSSL cipher string format) to be supported > + for SSL connections. The default when this option is omitted is > + <code>HIGH:!aNULL:!MD5</code>. > + </column> > + > + <group title="Common Columns"> > + The overall purpose of these columns is described under <code>Common > + Columns</code> at the beginning of this document. > + > + <column name="external_ids"/> > + </group> > + </table> > + > + <table name="Connection" title="OVSDB client connections."> > + <p> > + Configuration for a database connection to an Open vSwitch database > + (OVSDB) client. > + </p> > + > + <p> > + This table primarily configures the Open vSwitch database server > + (<code>ovsdb-server</code>). > + </p> > + > + <p> > + The Open vSwitch database server can initiate and maintain active > + connections to remote clients. It can also listen for database > + connections. > + </p> > + > + <group title="Core Features"> > + <column name="target"> > + <p>Connection methods for clients.</p> > + <p> > + The following connection methods are currently supported: > + </p> > + <dl> > + <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt> > + <dd> > + <p> > + The specified SSL <var>port</var> on the host at the given > + <var>host</var>, which can either be a DNS name (if built with > + unbound library) or an IP address. A valid SSL configuration must > + be provided when this form is used, this configuration can be > + specified via command-line options or the <ref table="SSL"/> table. > + </p> > + <p> > + If <var>port</var> is not specified, it defaults to 6640. > + </p> > + <p> > + SSL support is an optional feature that is not always > + built as part of Open vSwitch. > + </p> > + </dd> > + > + <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt> > + <dd> > + <p> > + The specified TCP <var>port</var> on the host at the given > + <var>host</var>, which can either be a DNS name (if built with > + unbound library) or an IP address. If <var>host</var> is an IPv6 > + address, wrap it in square brackets, e.g. <code>tcp:[::1]:6640</code>. > + </p> > + <p> > + If <var>port</var> is not specified, it defaults to 6640. > + </p> > + </dd> > + <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt> > + <dd> > + <p> > + Listens for SSL connections on the specified TCP <var>port</var>. > + Specify 0 for <var>port</var> to have the kernel automatically > + choose an available port. If <var>host</var>, which can either > + be a DNS name (if built with unbound library) or an IP address, > + is specified, then connections are restricted to the resolved or > + specified local IPaddress (either IPv4 or IPv6 address). If > + <var>host</var> is an IPv6 address, wrap in square brackets, > + e.g. <code>pssl:6640:[::1]</code>. If <var>host</var> is not > + specified then it listens only on IPv4 (but not IPv6) addresses. > + A valid SSL configuration must be provided when this form is used, > + this can be specified either via command-line options or the > + <ref table="SSL"/> table. > + </p> > + <p> > + If <var>port</var> is not specified, it defaults to 6640. > + </p> > + <p> > + SSL support is an optional feature that is not always built as > + part of Open vSwitch. > + </p> > + </dd> > + <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt> > + <dd> > + <p> > + Listens for connections on the specified TCP <var>port</var>. > + Specify 0 for <var>port</var> to have the kernel automatically > + choose an available port. If <var>host</var>, which can either > + be a DNS name (if built with unbound library) or an IP address, > + is specified, then connections are restricted to the resolved or > + specified local IP address (either IPv4 or IPv6 address). If > + <var>host</var> is an IPv6 address, wrap it in square brackets, > + e.g. <code>ptcp:6640:[::1]</code>. If <var>host</var> is not > + specified then it listens only on IPv4 addresses. > + </p> > + <p> > + If <var>port</var> is not specified, it defaults to 6640. > + </p> > + </dd> > + </dl> > + <p>When multiple clients are configured, the <ref column="target"/> > + values must be unique. Duplicate <ref column="target"/> values yield > + unspecified results.</p> > + </column> > + </group> > + > + <group title="Client Failure Detection and Handling"> > + <column name="max_backoff"> > + Maximum number of milliseconds to wait between connection attempts. > + Default is implementation-specific. > + </column> > + > + <column name="inactivity_probe"> > + Maximum number of milliseconds of idle time on connection to the client > + before sending an inactivity probe message. If Open vSwitch does not > + communicate with the client for the specified number of seconds, it > + will send a probe. If a response is not received for the same > + additional amount of time, Open vSwitch assumes the connection has been > + broken and attempts to reconnect. Default is implementation-specific. > + A value of 0 disables inactivity probes. > + </column> > + </group> > + > + <group title="Status"> > + <p> > + Key-value pair of <ref column="is_connected"/> is always updated. > + Other key-value pairs in the status columns may be updated depends > + on the <ref column="target"/> type. > + </p> > + > + <p> > + When <ref column="target"/> specifies a connection method that > + listens for inbound connections (e.g. <code>ptcp:</code> or > + <code>punix:</code>), both <ref column="n_connections"/> and > + <ref column="is_connected"/> may also be updated while the > + remaining key-value pairs are omitted. > + </p> > + > + <p> > + On the other hand, when <ref column="target"/> specifies an > + outbound connection, all key-value pairs may be updated, except > + the above-mentioned two key-value pairs associated with inbound > + connection targets. They are omitted. > + </p> > + > + <column name="is_connected"> > + <code>true</code> if currently connected to this client, > + <code>false</code> otherwise. > + </column> > + > + <column name="status" key="last_error"> > + A human-readable description of the last error on the connection > + to the manager; i.e. <code>strerror(errno)</code>. This key > + will exist only if an error has occurred. > + </column> > + > + <column name="status" key="state" > + type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'> > + <p> > + The state of the connection to the manager: > + </p> > + <dl> > + <dt><code>VOID</code></dt> > + <dd>Connection is disabled.</dd> > + > + <dt><code>BACKOFF</code></dt> > + <dd>Attempting to reconnect at an increasing period.</dd> > + > + <dt><code>CONNECTING</code></dt> > + <dd>Attempting to connect.</dd> > + > + <dt><code>ACTIVE</code></dt> > + <dd>Connected, remote host responsive.</dd> > + > + <dt><code>IDLE</code></dt> > + <dd>Connection is idle. Waiting for response to keep-alive.</dd> > + </dl> > + <p> > + These values may change in the future. They are provided only for > + human consumption. > + </p> > + </column> > + > + <column name="status" key="sec_since_connect" > + type='{"type": "integer", "minInteger": 0}'> > + The amount of time since this client last successfully connected > + to the database (in seconds). Value is empty if client has never > + successfully been connected. > + </column> > + > + <column name="status" key="sec_since_disconnect" > + type='{"type": "integer", "minInteger": 0}'> > + The amount of time since this client last disconnected from the > + database (in seconds). Value is empty if client has never > + disconnected. > + </column> > + > + <column name="status" key="locks_held"> > + Space-separated list of the names of OVSDB locks that the connection > + holds. Omitted if the connection does not hold any locks. > + </column> > + > + <column name="status" key="locks_waiting"> > + Space-separated list of the names of OVSDB locks that the connection is > + currently waiting to acquire. Omitted if the connection is not waiting > + for any locks. > + </column> > + > + <column name="status" key="locks_lost"> > + Space-separated list of the names of OVSDB locks that the connection > + has had stolen by another OVSDB client. Omitted if no locks have been > + stolen from this connection. > + </column> > + > + <column name="status" key="n_connections" > + type='{"type": "integer", "minInteger": 2}'> > + When <ref column="target"/> specifies a connection method that > + listens for inbound connections (e.g. <code>ptcp:</code> or > + <code>pssl:</code>) and more than one connection is actually active, > + the value is the number of active connections. Otherwise, this > + key-value pair is omitted. > + </column> > + > + <column name="status" key="bound_port" type='{"type": "integer"}'> > + When <ref column="target"/> is <code>ptcp:</code> or > + <code>pssl:</code>, this is the TCP port on which the OVSDB server is > + listening. (This is particularly useful when <ref > + column="target"/> specifies a port of 0, allowing the kernel to > + choose any available port.) > + </column> > + </group> > + > + <group title="Common Columns"> > + The overall purpose of these columns is described under <code>Common > + Columns</code> at the beginning of this document. > + > + <column name="external_ids"/> > + <column name="other_config"/> > + </group> > + </table> > +</database> > diff --git a/tests/automake.mk b/tests/automake.mk > index ed6240c..d978c05 100644 > --- a/tests/automake.mk > +++ b/tests/automake.mk > @@ -24,6 +24,7 @@ TESTSUITE_AT = \ > tests/ovn-northd.at \ > tests/ovn-nbctl.at \ > tests/ovn-sbctl.at \ > + tests/ovn-inbctl.at \ > tests/ovn-controller.at \ > tests/ovn-controller-vtep.at \ > tests/ovn-macros.at \ > @@ -99,6 +100,7 @@ valgrind_wrappers = \ > tests/valgrind/ovn-nbctl \ > tests/valgrind/ovn-northd \ > tests/valgrind/ovn-sbctl \ > + tests/valgrind/ovn-inbctl \ > tests/valgrind/ovs-appctl \ > tests/valgrind/ovs-ofctl \ > tests/valgrind/ovs-vsctl \ > diff --git a/tests/ovn-inbctl.at b/tests/ovn-inbctl.at > new file mode 100644 > index 0000000..b5e107d > --- /dev/null > +++ b/tests/ovn-inbctl.at > @@ -0,0 +1,65 @@ > +AT_BANNER([ovn-inbctl]) > + > +# OVN_INBCTL_TEST_START > +m4_define([OVN_INBCTL_TEST_START], > + [dnl Create database (ovn-inb). > + AT_KEYWORDS([inbctl]) > + AT_CHECK([ovsdb-tool create ovn-inb.db $abs_top_srcdir/ovn-inb.ovsschema]) > + > + dnl Start ovsdb-servers. > + AT_CHECK([ovsdb-server --detach --no-chdir --pidfile=ovninb_db.pid --unixctl=$OVS_RUNDIR/ovninb_db.ctl --log-file=ovsdb_inb.log --remote=punix:$OVS_RUNDIR/ovninb_db.sock ovn-inb.db ], [0], [], [stderr]) > + on_exit "kill `cat ovninb_db.pid`" > + AT_CHECK([[sed < stderr ' > +/vlog|INFO|opened log file/d > +/ovsdb_server|INFO|ovsdb-server (Open vSwitch)/d']]) > + AT_CAPTURE_FILE([ovsdb-server.log]) > +]) > + > +# OVN_INBCTL_TEST_STOP > +m4_define([OVN_INBCTL_TEST_STOP], > + [AT_CHECK([check_logs "$1"]) > + OVS_APP_EXIT_AND_WAIT_BY_TARGET([$OVS_RUNDIR/ovninb_db.ctl], [$OVS_RUNDIR/ovninb_db.pid])]) > + > +dnl --------------------------------------------------------------------- > + > +AT_SETUP([ovn-inbctl]) > +OVN_INBCTL_TEST_START > + > +AT_CHECK([ovn-inbctl ts-add ts0]) > +AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl > +<0> (ts0) > +]) > + > +AT_CHECK([ovn-inbctl ts-add ts1]) > +AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl > +<0> (ts0) > +<1> (ts1) > +]) > + > +AT_CHECK([ovn-inbctl show | sort], [0], [dnl > +Transit_Switch ts0 > +Transit_Switch ts1 > +]) > + > +AT_CHECK([ovn-inbctl ts-del ts1]) > +AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl > +<0> (ts0) > +]) > + > +AT_CHECK([ovn-inbctl ts-add ts0], [1], [], > + [ovn-inbctl: ts0: a transit switch with this name already exists > +]) > + > +AT_CHECK([ovn-inbctl --may-exist ts-add ts0]) > +AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl > +<0> (ts0) > +]) > + > +AT_CHECK([ovn-inbctl ts-del ts2], [1], [], > + [ovn-inbctl: ts2: switch name not found > +]) > + > +AT_CHECK([ovn-inbctl --if-exists ts-del ts2]) > + > +OVN_INBCTL_TEST_STOP > +AT_CLEANUP > diff --git a/tests/testsuite.at b/tests/testsuite.at > index c1ba734..20dbccb 100644 > --- a/tests/testsuite.at > +++ b/tests/testsuite.at > @@ -25,6 +25,7 @@ m4_include([tests/ovn.at]) > m4_include([tests/ovn-northd.at]) > m4_include([tests/ovn-nbctl.at]) > m4_include([tests/ovn-sbctl.at]) > +m4_include([tests/ovn-inbctl.at]) > m4_include([tests/ovn-controller.at]) > m4_include([tests/ovn-controller-vtep.at]) > m4_include([tests/checkpatch.at]) > diff --git a/utilities/.gitignore b/utilities/.gitignore > index faaa85e..5321110 100644 > --- a/utilities/.gitignore > +++ b/utilities/.gitignore > @@ -3,6 +3,8 @@ > /ovn-nbctl.8 > /ovn-sbctl > /ovn-sbctl.8 > +/ovn-inbctl > +/ovn-inbctl.8 > /ovn-appctl > /ovn-appctl.8 > /ovn-trace > diff --git a/utilities/automake.mk b/utilities/automake.mk > index 197cc70..30c52fa 100644 > --- a/utilities/automake.mk > +++ b/utilities/automake.mk > @@ -7,6 +7,7 @@ man_MANS += \ > utilities/ovn-ctl.8 \ > utilities/ovn-nbctl.8 \ > utilities/ovn-sbctl.8 \ > + utilities/ovn-inbctl.8 \ > utilities/ovn-trace.8 \ > utilities/ovn-detrace.1 \ > utilities/ovn-appctl.8 > @@ -28,6 +29,7 @@ EXTRA_DIST += \ > utilities/ovn-docker-overlay-driver.in \ > utilities/ovn-docker-underlay-driver.in \ > utilities/ovn-nbctl.8.xml \ > + utilities/ovn-inbctl.8.xml \ > utilities/ovn-appctl.8.xml \ > utilities/ovn-trace.8.xml \ > utilities/ovn-detrace.in \ > @@ -48,6 +50,7 @@ CLEANFILES += \ > utilities/ovn-docker-underlay-driver \ > utilities/ovn-nbctl.8 \ > utilities/ovn-sbctl.8 \ > + utilities/ovn-inbctl.8 \ > utilities/ovn-trace.8 \ > utilities/ovn-detrace.1 \ > utilities/ovn-detrace \ > @@ -66,6 +69,11 @@ bin_PROGRAMS += utilities/ovn-sbctl > utilities_ovn_sbctl_SOURCES = utilities/ovn-sbctl.c > utilities_ovn_sbctl_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la $(OVS_LIBDIR)/libopenvswitch.la > > +# ovn-inbctl > +bin_PROGRAMS += utilities/ovn-inbctl > +utilities_ovn_inbctl_SOURCES = utilities/ovn-inbctl.c > +utilities_ovn_inbctl_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la $(OVS_LIBDIR)/libopenvswitch.la > + > # ovn-trace > bin_PROGRAMS += utilities/ovn-trace > utilities_ovn_trace_SOURCES = utilities/ovn-trace.c > diff --git a/utilities/ovn-inbctl.8.xml b/utilities/ovn-inbctl.8.xml > new file mode 100644 > index 0000000..fcd438b > --- /dev/null > +++ b/utilities/ovn-inbctl.8.xml > @@ -0,0 +1,174 @@ > +<?xml version="1.0" encoding="utf-8"?> > +<manpage program="ovn-inbctl" section="8" title="ovn-inbctl"> > + <h1>Name</h1> > + <p>ovn-inbctl -- Open Virtual Network interconnection northbound db management utility</p> > + > + <h1>Synopsis</h1> > + <p><code>ovn-inbctl</code> [<var>options</var>] <var>command</var> [<var>arg</var>...]</p> > + > + <h1>Description</h1> > + <p>This utility can be used to manage the OVN interconnection northbound database.</p> > + > + <h1>General Commands</h1> > + > + <dl> > + <dt><code>init</code></dt> > + <dd> > + Initializes the database, if it is empty. If the database has already > + been initialized, this command has no effect. > + </dd> > + > + <dt><code>show</code></dt> > + <dd> > + Prints a brief overview of the database contents. > + </dd> > + </dl> > + > + <h1>Transit Switch Commands</h1> > + > + <dl> > + <dt>[<code>--may-exist</code>] <code>ts-add</code> <var>switch</var></dt> > + <dd> > + <p> > + Creates a new transit switch named <var>switch</var>. > + </p> > + > + <p> > + Transit switch names must be unique. Adding a duplicated name results > + in error. With <code>--may-exist</code>, adding a duplicate name > + succeeds but does not create a new transit switch. > + </p> > + </dd> > + > + <dt>[<code>--if-exists</code>] <code>ts-del</code> <var>switch</var></dt> > + <dd> > + Deletes <var>switch</var>. It is an error if <var>switch</var> does > + not exist, unless <code>--if-exists</code> is specified. > + </dd> > + > + <dt><code>ts-list</code></dt> > + <dd> > + Lists all existing switches on standard output, one per line. > + </dd> > + </dl> > + > + <h1>Database Commands</h1> > + <p>These commands query and modify the contents of <code>ovsdb</code> tables. > + They are a slight abstraction of the <code>ovsdb</code> interface and > + as such they operate at a lower level than other <code>ovn-inbctl</code> commands.</p> > + <p><var>Identifying Tables, Records, and Columns</var></p> > + <p>Each of these commands has a <var>table</var> parameter to identify a table > + within the database. Many of them also take a <var>record</var> parameter > + that identifies a particular record within a table. The <var>record</var> > + parameter may be the UUID for a record, which may be abbreviated to its > + first 4 (or more) hex digits, as long as that is unique. Many tables offer > + additional ways to identify records. Some commands also take > + <var>column</var> parameters that identify a particular field within the > + records in a table.</p> > + > + <p> > + For a list of tables and their columns, see <code>ovn-inb</code>(5) or > + see the table listing from the <code>--help</code> option. > + </p> > + > + <p> > + Record names must be specified in full and with correct capitalization, > + except that UUIDs may be abbreviated to their first 4 (or more) hex > + digits, as long as that is unique within the table. Names of tables and > + columns are not case-sensitive, and <code>-</code> and <code>_</code> are > + treated interchangeably. Unique abbreviations of table and column names > + are acceptable, e.g. <code>t</code> or <code>transit</code> is sufficient > + to identify the <code>Transit_Switch</code> table. > + </p> > + > + <xi:include href="lib/db-ctl-base.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> > + > + <h1>Remote Connectivity Commands</h1> > + <dl> > + <dt><code>get-connection</code></dt> > + <dd> > + Prints the configured connection(s). > + </dd> > + > + <dt><code>del-connection</code></dt> > + <dd> > + Deletes the configured connection(s). > + </dd> > + > + <dt>[<code>--inactivity-probe=</code><var>msecs</var>] <code>set-connection</code> <var>target</var>...</dt> > + <dd> > + Sets the configured manager target or targets. Use > + <code>--inactivity-probe=</code><var>msecs</var> to override the default > + idle connection inactivity probe time. Use 0 to disable inactivity probes. > + </dd> > + </dl> > + > + <h1>SSL Configuration Commands</h1> > + <dl> > + <dt><code>get-ssl</code></dt> > + <dd> > + Prints the SSL configuration. > + </dd> > + > + <dt><code>del-ssl</code></dt> > + <dd> > + Deletes the current SSL configuration. > + </dd> > + > + <dt>[<code>--bootstrap</code>] <code>set-ssl</code> > + <var>private-key</var> <var>certificate</var> <var>ca-cert</var> > + [<var>ssl-protocol-list</var> [<var>ssl-cipher-list</var>]]</dt> > + <dd> > + Sets the SSL configuration. > + </dd> > + </dl> > + > + <h1>Options</h1> > + > + <dl> > + <dt><code>--db</code> <var>database</var></dt> > + <dd> > + The OVSDB database remote to contact. If the <env>OVN_INB_DB</env> > + environment variable is set, its value is used as the default. > + Otherwise, the default is <code>unix:@RUNDIR@/ovninb_db.sock</code>, but this > + default is unlikely to be useful outside of single-machine OVN test > + environments. > + </dd> > + > + <dt><code>--leader-only</code></dt> > + <dt><code>--no-leader-only</code></dt> > + <dd> > + By default, or with <code>--leader-only</code>, when the database server > + is a clustered database, <code>ovn-inbctl</code> will avoid servers other > + than the cluster leader. This ensures that any data that > + <code>ovn-inbctl</code> reads and reports is up-to-date. With > + <code>--no-leader-only</code>, <code>ovn-inbctl</code> will use any server > + in the cluster, which means that for read-only transactions it can report > + and act on stale data (transactions that modify the database are always > + serialized even with <code>--no-leader-only</code>). Refer to > + <code>Understanding Cluster Consistency</code> in <code>ovsdb</code>(7) > + for more information. > + </dd> > + </dl> > + > + <h1>Logging options</h1> > + <xi:include href="lib/vlog.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> > + > + <h1>Table Formatting Options</h1> > + These options control the format of output from the <code>list</code> and > + <code>find</code> commands. > + <xi:include href="lib/table.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> > + > + <h2>PKI Options</h2> > + <p> > + PKI configuration is required to use SSL for the connection to the > + database. > + </p> > + <xi:include href="lib/ssl.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> > + <xi:include href="lib/ssl-bootstrap.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> > + > + <h2>Other Options</h2> > + > + <xi:include href="lib/common.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> > + > +</manpage> > diff --git a/utilities/ovn-inbctl.c b/utilities/ovn-inbctl.c > new file mode 100644 > index 0000000..a2a6479 > --- /dev/null > +++ b/utilities/ovn-inbctl.c > @@ -0,0 +1,948 @@ > +/* > + * Licensed under the Apache License, Version 2.0 (the "License"); > + * you may not use this file except in compliance with the License. > + * You may obtain a copy of the License at: > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, software > + * distributed under the License is distributed on an "AS IS" BASIS, > + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > + * See the License for the specific language governing permissions and > + * limitations under the License. > + */ > + > +#include <config.h> > + > +#include <ctype.h> > +#include <getopt.h> > +#include <inttypes.h> > +#include <stdarg.h> > +#include <stdlib.h> > + > +#include "command-line.h" > +#include "compiler.h" > +#include "db-ctl-base.h" > +#include "dirs.h" > +#include "fatal-signal.h" > +#include "openvswitch/dynamic-string.h" > +#include "openvswitch/json.h" > +#include "openvswitch/shash.h" > +#include "openvswitch/vconn.h" > +#include "openvswitch/vlog.h" > +#include "lib/ovn-inb-idl.h" > +#include "lib/ovn-util.h" > +#include "openvswitch/poll-loop.h" > +#include "process.h" > +#include "sset.h" > +#include "stream-ssl.h" > +#include "stream.h" > +#include "table.h" > +#include "timeval.h" > +#include "util.h" > +#include "svec.h" > + > +VLOG_DEFINE_THIS_MODULE(inbctl); > + > +struct inbctl_context; > + > +/* --db: The database server to contact. */ > +static const char *db; > + > +/* --oneline: Write each command's output as a single line? */ > +static bool oneline; > + > +/* --dry-run: Do not commit any changes. */ > +static bool dry_run; > + > +/* --timeout: Time to wait for a connection to 'db'. */ > +static unsigned int timeout; > + > +/* Format for table output. */ > +static struct table_style table_style = TABLE_STYLE_DEFAULT; > + > +/* The IDL we're using and the current transaction, if any. > + * This is for use by inbctl_exit() only, to allow it to clean up. > + * Other code should use its context arguments. */ > +static struct ovsdb_idl *the_idl; > +static struct ovsdb_idl_txn *the_idl_txn; > +OVS_NO_RETURN static void inbctl_exit(int status); > + > +/* --leader-only, --no-leader-only: Only accept the leader in a cluster. */ > +static int leader_only = true; > + > +static void inbctl_cmd_init(void); > +OVS_NO_RETURN static void usage(void); > +static void parse_options(int argc, char *argv[], struct shash *local_options); > +static void run_prerequisites(struct ctl_command[], size_t n_commands, > + struct ovsdb_idl *); > +static bool do_inbctl(const char *args, struct ctl_command *, size_t n, > + struct ovsdb_idl *); > + > +int > +main(int argc, char *argv[]) > +{ > + struct ovsdb_idl *idl; > + struct ctl_command *commands; > + struct shash local_options; > + unsigned int seqno; > + size_t n_commands; > + > + set_program_name(argv[0]); > + fatal_ignore_sigpipe(); > + vlog_set_levels(NULL, VLF_CONSOLE, VLL_WARN); > + vlog_set_levels_from_string_assert("reconnect:warn"); > + > + inbctl_cmd_init(); > + > + /* Parse command line. */ > + char *args = process_escape_args(argv); > + shash_init(&local_options); > + parse_options(argc, argv, &local_options); > + char *error = ctl_parse_commands(argc - optind, argv + optind, > + &local_options, &commands, &n_commands); > + if (error) { > + ctl_fatal("%s", error); > + } > + VLOG(ctl_might_write_to_db(commands, n_commands) ? VLL_INFO : VLL_DBG, > + "Called as %s", args); > + > + ctl_timeout_setup(timeout); > + > + /* Initialize IDL. */ > + idl = the_idl = ovsdb_idl_create(db, &inbrec_idl_class, true, false); > + ovsdb_idl_set_leader_only(idl, leader_only); > + run_prerequisites(commands, n_commands, idl); > + > + /* Execute the commands. > + * > + * 'seqno' is the database sequence number for which we last tried to > + * execute our transaction. There's no point in trying to commit more than > + * once for any given sequence number, because if the transaction fails > + * it's because the database changed and we need to obtain an up-to-date > + * view of the database before we try the transaction again. */ > + seqno = ovsdb_idl_get_seqno(idl); > + for (;;) { > + ovsdb_idl_run(idl); > + if (!ovsdb_idl_is_alive(idl)) { > + int retval = ovsdb_idl_get_last_error(idl); > + ctl_fatal("%s: database connection failed (%s)", > + db, ovs_retval_to_string(retval)); > + } > + > + if (seqno != ovsdb_idl_get_seqno(idl)) { > + seqno = ovsdb_idl_get_seqno(idl); > + if (do_inbctl(args, commands, n_commands, idl)) { > + free(args); > + exit(EXIT_SUCCESS); > + } > + } > + > + if (seqno == ovsdb_idl_get_seqno(idl)) { > + ovsdb_idl_wait(idl); > + poll_block(); > + } > + } > +} > + > +static void > +parse_options(int argc, char *argv[], struct shash *local_options) > +{ > + enum { > + OPT_DB = UCHAR_MAX + 1, > + OPT_ONELINE, > + OPT_NO_SYSLOG, > + OPT_DRY_RUN, > + OPT_LOCAL, > + OPT_COMMANDS, > + OPT_OPTIONS, > + OPT_BOOTSTRAP_CA_CERT, > + VLOG_OPTION_ENUMS, > + TABLE_OPTION_ENUMS, > + SSL_OPTION_ENUMS, > + }; > + static const struct option global_long_options[] = { > + {"db", required_argument, NULL, OPT_DB}, > + {"no-syslog", no_argument, NULL, OPT_NO_SYSLOG}, > + {"dry-run", no_argument, NULL, OPT_DRY_RUN}, > + {"oneline", no_argument, NULL, OPT_ONELINE}, > + {"timeout", required_argument, NULL, 't'}, > + {"help", no_argument, NULL, 'h'}, > + {"commands", no_argument, NULL, OPT_COMMANDS}, > + {"options", no_argument, NULL, OPT_OPTIONS}, > + {"leader-only", no_argument, &leader_only, true}, > + {"no-leader-only", no_argument, &leader_only, false}, > + {"version", no_argument, NULL, 'V'}, > + VLOG_LONG_OPTIONS, > + STREAM_SSL_LONG_OPTIONS, > + {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT}, > + TABLE_LONG_OPTIONS, > + {NULL, 0, NULL, 0}, > + }; > + const int n_global_long_options = ARRAY_SIZE(global_long_options) - 1; > + char *tmp, *short_options; > + > + struct option *options; > + size_t allocated_options; > + size_t n_options; > + size_t i; > + > + tmp = ovs_cmdl_long_options_to_short_options(global_long_options); > + short_options = xasprintf("+%s", tmp); > + free(tmp); > + > + /* We want to parse both global and command-specific options here, but > + * getopt_long() isn't too convenient for the job. We copy our global > + * options into a dynamic array, then append all of the command-specific > + * options. */ > + options = xmemdup(global_long_options, sizeof global_long_options); > + allocated_options = ARRAY_SIZE(global_long_options); > + n_options = n_global_long_options; > + ctl_add_cmd_options(&options, &n_options, &allocated_options, OPT_LOCAL); > + > + for (;;) { > + int idx; > + int c; > + > + c = getopt_long(argc, argv, short_options, options, &idx); > + if (c == -1) { > + break; > + } > + > + switch (c) { > + case OPT_DB: > + db = optarg; > + break; > + > + case OPT_ONELINE: > + oneline = true; > + break; > + > + case OPT_NO_SYSLOG: > + vlog_set_levels(&this_module, VLF_SYSLOG, VLL_WARN); > + break; > + > + case OPT_DRY_RUN: > + dry_run = true; > + break; > + > + case OPT_LOCAL: > + if (shash_find(local_options, options[idx].name)) { > + ctl_fatal("'%s' option specified multiple times", > + options[idx].name); > + } > + shash_add_nocopy(local_options, > + xasprintf("--%s", options[idx].name), > + nullable_xstrdup(optarg)); > + break; > + > + case 'h': > + usage(); > + > + case OPT_COMMANDS: > + ctl_print_commands(); > + /* fall through */ > + > + case OPT_OPTIONS: > + ctl_print_options(global_long_options); > + /* fall through */ > + > + case 'V': > + ovs_print_version(0, 0); > + printf("DB Schema %s\n", inbrec_get_db_version()); > + exit(EXIT_SUCCESS); > + > + case 't': > + if (!str_to_uint(optarg, 10, &timeout) || !timeout) { > + ctl_fatal("value %s on -t or --timeout is invalid", optarg); > + } > + break; > + > + VLOG_OPTION_HANDLERS > + TABLE_OPTION_HANDLERS(&table_style) > + STREAM_SSL_OPTION_HANDLERS > + > + case OPT_BOOTSTRAP_CA_CERT: > + stream_ssl_set_ca_cert_file(optarg, true); > + break; > + > + case '?': > + exit(EXIT_FAILURE); > + > + default: > + ovs_abort(0, "Internal error when parsing option %d.", c); > + > + case 0: > + break; > + } > + } > + free(short_options); > + > + if (!db) { > + db = default_inb_db(); > + } > + > + for (i = n_global_long_options; options[i].name; i++) { > + free(CONST_CAST(char *, options[i].name)); > + } > + free(options); > +} > + > +static void > +usage(void) > +{ > + printf("\ > +%s: OVN interconnection northbound DB management utility\n\ > +\n\ > +usage: %s [OPTIONS] COMMAND [ARG...]\n\ > +\n\ > +General commands:\n\ > + init initialize the database\n\ > + show print overview of database contents\n\ > +\n\ > +Transit switch commands:\n\ > + ts-add SWITCH create a transit switch named SWITCH\n\ > + ts-del SWITCH delete SWITCH\n\ > + ts-list print all transit switches\n\ > +\n\ > +Connection commands:\n\ > + get-connection print the connections\n\ > + del-connection delete the connections\n\ > + [--inactivity-probe=MSECS]\n\ > + set-connection TARGET... set the list of connections to TARGET...\n\ > +\n\ > +SSL commands:\n\ > + get-ssl print the SSL configuration\n\ > + del-ssl delete the SSL configuration\n\ > + set-ssl PRIV-KEY CERT CA-CERT [SSL-PROTOS [SSL-CIPHERS]] \ > +set the SSL configuration\n\ > +\n\ > +%s\ > +%s\ > +\n\ > +Options:\n\ > + --db=DATABASE connect to DATABASE\n\ > + (default: %s)\n\ > + --no-leader-only accept any cluster member, not just the leader\n\ > + -t, --timeout=SECS wait at most SECS seconds\n\ > + --dry-run do not commit changes to database\n\ > + --oneline print exactly one line of output per command\n", > + program_name, program_name, ctl_get_db_cmd_usage(), > + ctl_list_db_tables_usage(), default_inb_db()); > + table_usage(); > + vlog_usage(); > + printf("\ > + --no-syslog equivalent to --verbose=inbctl:syslog:warn\n"); > + printf("\n\ > +Other options:\n\ > + -h, --help display this help message\n\ > + -V, --version display version information\n"); > + stream_usage("database", true, true, true); > + exit(EXIT_SUCCESS); > +} > + > + > +/* ovs-inbctl specific context. Inherits the 'struct ctl_context' as base. > + * Now empty, just keep the framework for future additions. */ > +struct inbctl_context { > + struct ctl_context base; > + > + /* A cache of the contents of the database. > + * > + * A command that needs to use any of this information must first call > + * inbctl_context_populate_cache(). A command that changes anything that > + * could invalidate the cache must either call > + * inbctl_context_invalidate_cache() or manually update the cache to > + * maintain its correctness. */ > + bool cache_valid; > +}; > + > +static struct cmd_show_table cmd_show_tables[] = { > + {&inbrec_table_transit_switch, > + &inbrec_transit_switch_col_name, > + {NULL}, > + {NULL, NULL, NULL}}, > + > + {NULL, NULL, {NULL, NULL, NULL}, {NULL, NULL, NULL}}, > +}; > + > +static void > +inbctl_init(struct ctl_context *ctx OVS_UNUSED) > +{ > +} > + > +static void > +inbctl_ts_add(struct ctl_context *ctx) > +{ > + const char *ts_name = ctx->argv[1]; > + bool may_exist = shash_find(&ctx->options, "--may-exist") != NULL; > + > + const struct inbrec_transit_switch *ts; > + INBREC_TRANSIT_SWITCH_FOR_EACH (ts, ctx->idl) { > + if (!strcmp(ts->name, ts_name)) { > + if (may_exist) { > + return; > + } > + ctl_error(ctx, "%s: a transit switch with this name already " > + "exists", ts_name); > + return; > + } > + } > + > + ts = inbrec_transit_switch_insert(ctx->txn); > + inbrec_transit_switch_set_name(ts, ts_name); > +} > + > +static char * > +ts_by_name_or_uuid(struct ctl_context *ctx, const char *id, bool must_exist, > + const struct inbrec_transit_switch **ts_p) > +{ > + const struct inbrec_transit_switch *ts = NULL; > + *ts_p = NULL; > + > + struct uuid ts_uuid; > + bool is_uuid = uuid_from_string(&ts_uuid, id); > + if (is_uuid) { > + ts = inbrec_transit_switch_get_for_uuid(ctx->idl, &ts_uuid); > + } > + > + if (!ts) { > + const struct inbrec_transit_switch *iter; > + > + INBREC_TRANSIT_SWITCH_FOR_EACH (iter, ctx->idl) { > + if (!strcmp(iter->name, id)) { > + ts = iter; > + break; > + } > + } > + } > + > + if (!ts && must_exist) { > + return xasprintf("%s: switch %s not found", > + id, is_uuid ? "UUID" : "name"); > + } > + > + *ts_p = ts; > + return NULL; > +} > + > +static void > +inbctl_ts_del(struct ctl_context *ctx) > +{ > + bool must_exist = !shash_find(&ctx->options, "--if-exists"); > + const char *id = ctx->argv[1]; > + const struct inbrec_transit_switch *ts = NULL; > + > + char *error = ts_by_name_or_uuid(ctx, id, must_exist, &ts); > + if (error) { > + ctx->error = error; > + return; > + } > + if (!ts) { > + return; > + } > + > + inbrec_transit_switch_delete(ts); > +} > + > +static void > +inbctl_ts_list(struct ctl_context *ctx) > +{ > + const struct inbrec_transit_switch *ts; > + struct smap switches; > + > + smap_init(&switches); > + INBREC_TRANSIT_SWITCH_FOR_EACH (ts, ctx->idl) { > + smap_add_format(&switches, ts->name, UUID_FMT " (%s)", > + UUID_ARGS(&ts->header_.uuid), ts->name); > + } > + const struct smap_node **nodes = smap_sort(&switches); > + for (size_t i = 0; i < smap_count(&switches); i++) { > + const struct smap_node *node = nodes[i]; > + ds_put_format(&ctx->output, "%s\n", node->value); > + } > + smap_destroy(&switches); > + free(nodes); > +} > +static void > +verify_connections(struct ctl_context *ctx) > +{ > + const struct inbrec_inb_global *inb_global = > + inbrec_inb_global_first(ctx->idl); > + const struct inbrec_connection *conn; > + > + inbrec_inb_global_verify_connections(inb_global); > + > + INBREC_CONNECTION_FOR_EACH (conn, ctx->idl) { > + inbrec_connection_verify_target(conn); > + } > +} > + > +static void > +pre_connection(struct ctl_context *ctx) > +{ > + ovsdb_idl_add_column(ctx->idl, &inbrec_inb_global_col_connections); > + ovsdb_idl_add_column(ctx->idl, &inbrec_connection_col_target); > + ovsdb_idl_add_column(ctx->idl, &inbrec_connection_col_inactivity_probe); > +} > + > +static void > +cmd_get_connection(struct ctl_context *ctx) > +{ > + const struct inbrec_connection *conn; > + struct svec targets; > + size_t i; > + > + verify_connections(ctx); > + > + /* Print the targets in sorted order for reproducibility. */ > + svec_init(&targets); > + > + INBREC_CONNECTION_FOR_EACH (conn, ctx->idl) { > + svec_add(&targets, conn->target); > + } > + > + svec_sort_unique(&targets); > + for (i = 0; i < targets.n; i++) { > + ds_put_format(&ctx->output, "%s\n", targets.names[i]); > + } > + svec_destroy(&targets); > +} > + > +static void > +delete_connections(struct ctl_context *ctx) > +{ > + const struct inbrec_inb_global *inb_global = > + inbrec_inb_global_first(ctx->idl); > + const struct inbrec_connection *conn, *next; > + > + /* Delete Manager rows pointed to by 'connection_options' column. */ > + INBREC_CONNECTION_FOR_EACH_SAFE (conn, next, ctx->idl) { > + inbrec_connection_delete(conn); > + } > + > + /* Delete 'Manager' row refs in 'manager_options' column. */ > + inbrec_inb_global_set_connections(inb_global, NULL, 0); > +} > + > +static void > +cmd_del_connection(struct ctl_context *ctx) > +{ > + verify_connections(ctx); > + delete_connections(ctx); > +} > + > +static void > +insert_connections(struct ctl_context *ctx, char *targets[], size_t n) > +{ > + const struct inbrec_inb_global *inb_global = > + inbrec_inb_global_first(ctx->idl); > + struct inbrec_connection **connections; > + size_t i, conns = 0; > + const char *inactivity_probe = shash_find_data(&ctx->options, > + "--inactivity-probe"); > + > + /* Insert each connection in a new row in Connection table. */ > + connections = xmalloc(n * sizeof *connections); > + for (i = 0; i < n; i++) { > + if (stream_verify_name(targets[i]) && > + pstream_verify_name(targets[i])) { > + VLOG_WARN("target type \"%s\" is possibly erroneous", targets[i]); > + } > + > + connections[conns] = inbrec_connection_insert(ctx->txn); > + inbrec_connection_set_target(connections[conns], targets[i]); > + if (inactivity_probe) { > + int64_t msecs = atoll(inactivity_probe); > + inbrec_connection_set_inactivity_probe(connections[conns], > + &msecs, 1); > + } > + conns++; > + } > + > + /* Store uuids of new connection rows in 'connection' column. */ > + inbrec_inb_global_set_connections(inb_global, connections, conns); > + free(connections); > +} > + > +static void > +cmd_set_connection(struct ctl_context *ctx) > +{ > + const size_t n = ctx->argc - 1; > + > + verify_connections(ctx); > + delete_connections(ctx); > + insert_connections(ctx, &ctx->argv[1], n); > +} > + > +static void > +pre_cmd_get_ssl(struct ctl_context *ctx) > +{ > + ovsdb_idl_add_column(ctx->idl, &inbrec_inb_global_col_ssl); > + > + ovsdb_idl_add_column(ctx->idl, &inbrec_ssl_col_private_key); > + ovsdb_idl_add_column(ctx->idl, &inbrec_ssl_col_certificate); > + ovsdb_idl_add_column(ctx->idl, &inbrec_ssl_col_ca_cert); > + ovsdb_idl_add_column(ctx->idl, &inbrec_ssl_col_bootstrap_ca_cert); > +} > + > +static void > +cmd_get_ssl(struct ctl_context *ctx) > +{ > + const struct inbrec_inb_global *inb_global = > + inbrec_inb_global_first(ctx->idl); > + const struct inbrec_ssl *ssl = inbrec_ssl_first(ctx->idl); > + > + inbrec_inb_global_verify_ssl(inb_global); > + if (ssl) { > + inbrec_ssl_verify_private_key(ssl); > + inbrec_ssl_verify_certificate(ssl); > + inbrec_ssl_verify_ca_cert(ssl); > + inbrec_ssl_verify_bootstrap_ca_cert(ssl); > + > + ds_put_format(&ctx->output, "Private key: %s\n", ssl->private_key); > + ds_put_format(&ctx->output, "Certificate: %s\n", ssl->certificate); > + ds_put_format(&ctx->output, "CA Certificate: %s\n", ssl->ca_cert); > + ds_put_format(&ctx->output, "Bootstrap: %s\n", > + ssl->bootstrap_ca_cert ? "true" : "false"); > + } > +} > + > +static void > +pre_cmd_del_ssl(struct ctl_context *ctx) > +{ > + ovsdb_idl_add_column(ctx->idl, &inbrec_inb_global_col_ssl); > +} > + > +static void > +cmd_del_ssl(struct ctl_context *ctx) > +{ > + const struct inbrec_inb_global *inb_global = > + inbrec_inb_global_first(ctx->idl); > + const struct inbrec_ssl *ssl = inbrec_ssl_first(ctx->idl); > + > + if (ssl) { > + inbrec_inb_global_verify_ssl(inb_global); > + inbrec_ssl_delete(ssl); > + inbrec_inb_global_set_ssl(inb_global, NULL); > + } > +} > + > +static void > +pre_cmd_set_ssl(struct ctl_context *ctx) > +{ > + ovsdb_idl_add_column(ctx->idl, &inbrec_inb_global_col_ssl); > +} > + > +static void > +cmd_set_ssl(struct ctl_context *ctx) > +{ > + bool bootstrap = shash_find(&ctx->options, "--bootstrap"); > + const struct inbrec_inb_global *inb_global = > + inbrec_inb_global_first(ctx->idl); > + const struct inbrec_ssl *ssl = inbrec_ssl_first(ctx->idl); > + > + inbrec_inb_global_verify_ssl(inb_global); > + if (ssl) { > + inbrec_ssl_delete(ssl); > + } > + ssl = inbrec_ssl_insert(ctx->txn); > + > + inbrec_ssl_set_private_key(ssl, ctx->argv[1]); > + inbrec_ssl_set_certificate(ssl, ctx->argv[2]); > + inbrec_ssl_set_ca_cert(ssl, ctx->argv[3]); > + > + inbrec_ssl_set_bootstrap_ca_cert(ssl, bootstrap); > + > + if (ctx->argc == 5) { > + inbrec_ssl_set_ssl_protocols(ssl, ctx->argv[4]); > + } else if (ctx->argc == 6) { > + inbrec_ssl_set_ssl_protocols(ssl, ctx->argv[4]); > + inbrec_ssl_set_ssl_ciphers(ssl, ctx->argv[5]); > + } > + > + inbrec_inb_global_set_ssl(inb_global, ssl); > +} > + > + > +static const struct ctl_table_class tables[INBREC_N_TABLES] = { > + [INBREC_TABLE_TRANSIT_SWITCH].row_ids[0] = > + {&inbrec_transit_switch_col_name, NULL, NULL}, > +}; > + > + > +static void > +inbctl_context_init_command(struct inbctl_context *inbctl_ctx, > + struct ctl_command *command) > +{ > + ctl_context_init_command(&inbctl_ctx->base, command); > +} > + > +static void > +inbctl_context_init(struct inbctl_context *inbctl_ctx, > + struct ctl_command *command, struct ovsdb_idl *idl, > + struct ovsdb_idl_txn *txn, > + struct ovsdb_symbol_table *symtab) > +{ > + ctl_context_init(&inbctl_ctx->base, command, idl, txn, symtab, > + NULL); > + inbctl_ctx->cache_valid = false; > +} > + > +static void > +inbctl_context_done_command(struct inbctl_context *inbctl_ctx, > + struct ctl_command *command) > +{ > + ctl_context_done_command(&inbctl_ctx->base, command); > +} > + > +static void > +inbctl_context_done(struct inbctl_context *inbctl_ctx, > + struct ctl_command *command) > +{ > + ctl_context_done(&inbctl_ctx->base, command); > +} > + > +static void > +run_prerequisites(struct ctl_command *commands, size_t n_commands, > + struct ovsdb_idl *idl) > +{ > + ovsdb_idl_add_table(idl, &inbrec_table_inb_global); > + > + for (struct ctl_command *c = commands; c < &commands[n_commands]; c++) { > + if (c->syntax->prerequisites) { > + struct inbctl_context inbctl_ctx; > + > + ds_init(&c->output); > + c->table = NULL; > + > + inbctl_context_init(&inbctl_ctx, c, idl, NULL, NULL); > + (c->syntax->prerequisites)(&inbctl_ctx.base); > + if (inbctl_ctx.base.error) { > + ctl_fatal("%s", inbctl_ctx.base.error); > + } > + inbctl_context_done(&inbctl_ctx, c); > + > + ovs_assert(!c->output.string); > + ovs_assert(!c->table); > + } > + } > +} > + > +static bool > +do_inbctl(const char *args, struct ctl_command *commands, size_t n_commands, > + struct ovsdb_idl *idl) > +{ > + struct ovsdb_idl_txn *txn; > + enum ovsdb_idl_txn_status status; > + struct ovsdb_symbol_table *symtab; > + struct inbctl_context inbctl_ctx; > + struct ctl_command *c; > + struct shash_node *node; > + > + txn = the_idl_txn = ovsdb_idl_txn_create(idl); > + if (dry_run) { > + ovsdb_idl_txn_set_dry_run(txn); > + } > + > + ovsdb_idl_txn_add_comment(txn, "ovs-inbctl: %s", args); > + > + const struct inbrec_inb_global *inb = inbrec_inb_global_first(idl); > + if (!inb) { > + /* XXX add verification that table is empty */ > + inbrec_inb_global_insert(txn); > + } > + > + symtab = ovsdb_symbol_table_create(); > + for (c = commands; c < &commands[n_commands]; c++) { > + ds_init(&c->output); > + c->table = NULL; > + } > + inbctl_context_init(&inbctl_ctx, NULL, idl, txn, symtab); > + for (c = commands; c < &commands[n_commands]; c++) { > + inbctl_context_init_command(&inbctl_ctx, c); > + if (c->syntax->run) { > + (c->syntax->run)(&inbctl_ctx.base); > + } > + if (inbctl_ctx.base.error) { > + ctl_fatal("%s", inbctl_ctx.base.error); > + } > + inbctl_context_done_command(&inbctl_ctx, c); > + > + if (inbctl_ctx.base.try_again) { > + inbctl_context_done(&inbctl_ctx, NULL); > + goto try_again; > + } > + } > + inbctl_context_done(&inbctl_ctx, NULL); > + > + SHASH_FOR_EACH (node, &symtab->sh) { > + struct ovsdb_symbol *symbol = node->data; > + if (!symbol->created) { > + ctl_fatal("row id \"%s\" is referenced but never created (e.g. " > + "with \"-- --id=%s create ...\")", > + node->name, node->name); > + } > + if (!symbol->strong_ref) { > + if (!symbol->weak_ref) { > + VLOG_WARN("row id \"%s\" was created but no reference to it " > + "was inserted, so it will not actually appear in " > + "the database", node->name); > + } else { > + VLOG_WARN("row id \"%s\" was created but only a weak " > + "reference to it was inserted, so it will not " > + "actually appear in the database", node->name); > + } > + } > + } > + > + status = ovsdb_idl_txn_commit_block(txn); > + if (status == TXN_UNCHANGED || status == TXN_SUCCESS) { > + for (c = commands; c < &commands[n_commands]; c++) { > + if (c->syntax->postprocess) { > + inbctl_context_init(&inbctl_ctx, c, idl, txn, symtab); > + (c->syntax->postprocess)(&inbctl_ctx.base); > + if (inbctl_ctx.base.error) { > + ctl_fatal("%s", inbctl_ctx.base.error); > + } > + inbctl_context_done(&inbctl_ctx, c); > + } > + } > + } > + > + switch (status) { > + case TXN_UNCOMMITTED: > + case TXN_INCOMPLETE: > + OVS_NOT_REACHED(); > + > + case TXN_ABORTED: > + /* Should not happen--we never call ovsdb_idl_txn_abort(). */ > + ctl_fatal("transaction aborted"); > + > + case TXN_UNCHANGED: > + case TXN_SUCCESS: > + break; > + > + case TXN_TRY_AGAIN: > + goto try_again; > + > + case TXN_ERROR: > + ctl_fatal("transaction error: %s", ovsdb_idl_txn_get_error(txn)); > + > + case TXN_NOT_LOCKED: > + /* Should not happen--we never call ovsdb_idl_set_lock(). */ > + ctl_fatal("database not locked"); > + > + default: > + OVS_NOT_REACHED(); > + } > + > + ovsdb_symbol_table_destroy(symtab); > + > + for (c = commands; c < &commands[n_commands]; c++) { > + struct ds *ds = &c->output; > + > + if (c->table) { > + table_print(c->table, &table_style); > + } else if (oneline) { > + size_t j; > + > + ds_chomp(ds, '\n'); > + for (j = 0; j < ds->length; j++) { > + int ch = ds->string[j]; > + switch (ch) { > + case '\n': > + fputs("\\n", stdout); > + break; > + > + case '\\': > + fputs("\\\\", stdout); > + break; > + > + default: > + putchar(ch); > + } > + } > + putchar('\n'); > + } else { > + fputs(ds_cstr(ds), stdout); > + } > + ds_destroy(&c->output); > + table_destroy(c->table); > + free(c->table); > + > + shash_destroy_free_data(&c->options); > + } > + free(commands); > + ovsdb_idl_txn_destroy(txn); > + ovsdb_idl_destroy(idl); > + > + return true; > + > +try_again: > + /* Our transaction needs to be rerun, or a prerequisite was not met. Free > + * resources and return so that the caller can try again. */ > + ovsdb_idl_txn_abort(txn); > + ovsdb_idl_txn_destroy(txn); > + the_idl_txn = NULL; > + > + ovsdb_symbol_table_destroy(symtab); > + for (c = commands; c < &commands[n_commands]; c++) { > + ds_destroy(&c->output); > + table_destroy(c->table); > + free(c->table); > + } > + return false; > +} > + > +/* Frees the current transaction and the underlying IDL and then calls > + * exit(status). > + * > + * Freeing the transaction and the IDL is not strictly necessary, but it makes > + * for a clean memory leak report from valgrind in the normal case. That makes > + * it easier to notice real memory leaks. */ > +static void > +inbctl_exit(int status) > +{ > + if (the_idl_txn) { > + ovsdb_idl_txn_abort(the_idl_txn); > + ovsdb_idl_txn_destroy(the_idl_txn); > + } > + ovsdb_idl_destroy(the_idl); > + exit(status); > +} > + > +static const struct ctl_command_syntax inbctl_commands[] = { > + { "init", 0, 0, "", NULL, inbctl_init, NULL, "", RW }, > + > + /* transit switch commands. */ > + { "ts-add", 1, 1, "SWITCH", NULL, inbctl_ts_add, NULL, "--may-exist", RW }, > + { "ts-del", 1, 1, "SWITCH", NULL, inbctl_ts_del, NULL, "--if-exists", RW }, > + { "ts-list", 0, 0, "", NULL, inbctl_ts_list, NULL, "", RO }, > + > + /* Connection commands. */ > + {"get-connection", 0, 0, "", pre_connection, cmd_get_connection, NULL, "", > + RO}, > + {"del-connection", 0, 0, "", pre_connection, cmd_del_connection, NULL, "", > + RW}, > + {"set-connection", 1, INT_MAX, "TARGET...", pre_connection, > + cmd_set_connection, NULL, "--inactivity-probe=", RW}, > + > + /* SSL commands. */ > + {"get-ssl", 0, 0, "", pre_cmd_get_ssl, cmd_get_ssl, NULL, "", RO}, > + {"del-ssl", 0, 0, "", pre_cmd_del_ssl, cmd_del_ssl, NULL, "", RW}, > + {"set-ssl", 3, 5, > + "PRIVATE-KEY CERTIFICATE CA-CERT [SSL-PROTOS [SSL-CIPHERS]]", > + pre_cmd_set_ssl, cmd_set_ssl, NULL, "--bootstrap", RW}, > + > + {NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, RO}, > +}; > + > +/* Registers inbctl and common db commands. */ > +static void > +inbctl_cmd_init(void) > +{ > + ctl_init(&inbrec_idl_class, inbrec_table_classes, tables, > + cmd_show_tables, inbctl_exit); > + ctl_register_commands(inbctl_commands); > +} > -- > 2.1.0 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
On Tue, Nov 12, 2019 at 4:24 AM Numan Siddique <numans@ovn.org> wrote: > > This patch has some whitespace warning when applying the patch. > > Applying: ovn-inb: Interconnection northbound DB schema and CLI. > .git/rebase-apply/patch:167: new blank line at EOF. > + > warning: 1 line adds whitespace errors. > It is caused by the extra line at the end of lib/automake.mk. It seem checkpatch can't catch such warning. I will fix in next version.
diff --git a/.gitignore b/.gitignore index 6fee075..1994937 100644 --- a/.gitignore +++ b/.gitignore @@ -67,6 +67,9 @@ /ovn-sb.5 /ovn-sb.gv /ovn-sb.pic +/ovn-inb.5 +/ovn-inb.gv +/ovn-inb.pic /package.m4 /stamp-h1 /_build-gcc diff --git a/automake.mk b/automake.mk index ad801f1..3bfbf57 100644 --- a/automake.mk +++ b/automake.mk @@ -66,6 +66,36 @@ ovn-sb.5: \ $(srcdir)/ovn-sb.xml > $@.tmp && \ mv $@.tmp $@ +# OVN interconnection northbound E-R diagram +# +# If "python" or "dot" is not available, then we do not add graphical diagram +# to the documentation. +if HAVE_PYTHON +if HAVE_DOT +ovn-inb.gv: ${OVSDIR}/ovsdb/ovsdb-dot.in $(srcdir)/ovn-inb.ovsschema + $(AM_V_GEN)$(OVSDB_DOT) --no-arrows $(srcdir)/ovn-inb.ovsschema > $@ +ovn-inb.pic: ovn-inb.gv ${OVSDIR}/ovsdb/dot2pic + $(AM_V_GEN)(dot -T plain < ovn-inb.gv | $(PYTHON) ${OVSDIR}/ovsdb/dot2pic -f 3) > $@.tmp && \ + mv $@.tmp $@ +OVN_INB_PIC = ovn-inb.pic +OVN_INB_DOT_DIAGRAM_ARG = --er-diagram=$(OVN_INB_PIC) +CLEANFILES += ovn-inb.gv ovn-inb.pic +endif +endif + +# OVN interconnection northbound schema documentation +EXTRA_DIST += ovn-inb.xml +CLEANFILES += ovn-inb.5 +man_MANS += ovn-inb.5 + +ovn-inb.5: \ + ${OVSDIR}/ovsdb/ovsdb-doc $(srcdir)/ovn-inb.xml $(srcdir)/ovn-inb.ovsschema $(OVN_INB_PIC) + $(AM_V_GEN)$(OVSDB_DOC) \ + $(OVN_INB_DOT_DIAGRAM_ARG) \ + --version=$(VERSION) \ + $(srcdir)/ovn-inb.ovsschema \ + $(srcdir)/ovn-inb.xml > $@.tmp && \ + mv $@.tmp $@ # Version checking for ovn-nb.ovsschema. ALL_LOCAL += ovn-nb.ovsschema.stamp @@ -78,7 +108,14 @@ ALL_LOCAL += ovn-sb.ovsschema.stamp ovn-sb.ovsschema.stamp: ovn-sb.ovsschema $(srcdir)/build-aux/cksum-schema-check $? $@ +# Version checking for ovn-inb.ovsschema. +ALL_LOCAL += ovn-inb.ovsschema.stamp +ovn-inb.ovsschema.stamp: ovn-inb.ovsschema + $(srcdir)/build-aux/cksum-schema-check $? $@ +CLEANFILES += ovn-inb.ovsschema.stamp + pkgdata_DATA += ovn-nb.ovsschema pkgdata_DATA += ovn-sb.ovsschema +pkgdata_DATA += ovn-inb.ovsschema CLEANFILES += ovn-sb.ovsschema.stamp diff --git a/debian/ovn-common.install b/debian/ovn-common.install index 90484d2..9e9bcfb 100644 --- a/debian/ovn-common.install +++ b/debian/ovn-common.install @@ -1,5 +1,6 @@ usr/bin/ovn-nbctl usr/bin/ovn-sbctl +usr/bin/ovn-inbctl usr/bin/ovn-trace usr/bin/ovn-detrace usr/share/openvswitch/scripts/ovn-ctl diff --git a/debian/ovn-common.manpages b/debian/ovn-common.manpages index 249349e..94325dd 100644 --- a/debian/ovn-common.manpages +++ b/debian/ovn-common.manpages @@ -1,8 +1,10 @@ ovn/ovn-architecture.7 ovn/ovn-nb.5 ovn/ovn-sb.5 +ovn/ovn-inb.5 ovn/utilities/ovn-ctl.8 ovn/utilities/ovn-nbctl.8 ovn/utilities/ovn-sbctl.8 +ovn/utilities/ovn-inbctl.8 ovn/utilities/ovn-trace.8 ovn/utilities/ovn-detrace.1 diff --git a/lib/.gitignore b/lib/.gitignore index 3eed458..e5d9bf3 100644 --- a/lib/.gitignore +++ b/lib/.gitignore @@ -5,4 +5,7 @@ /ovn-sb-idl.c /ovn-sb-idl.h /ovn-sb-idl.ovsidl +/ovn-inb-idl.c +/ovn-inb-idl.h +/ovn-inb-idl.ovsidl /ovn-dirs.c diff --git a/lib/automake.mk b/lib/automake.mk index 0c8245c..83fdbcd 100644 --- a/lib/automake.mk +++ b/lib/automake.mk @@ -29,7 +29,9 @@ nodist_lib_libovn_la_SOURCES = \ lib/ovn-nb-idl.c \ lib/ovn-nb-idl.h \ lib/ovn-sb-idl.c \ - lib/ovn-sb-idl.h + lib/ovn-sb-idl.h \ + lib/ovn-inb-idl.c \ + lib/ovn-inb-idl.h CLEANFILES += $(nodist_lib_libovn_la_SOURCES) @@ -74,3 +76,16 @@ lib/ovn-nb-idl.ovsidl: $(OVN_NB_IDL_FILES) $(AM_V_GEN)$(OVSDB_IDLC) annotate $(OVN_NB_IDL_FILES) > $@.tmp && \ mv $@.tmp $@ +# ovn-inb IDL +OVSIDL_BUILT += \ + lib/ovn-inb-idl.c \ + lib/ovn-inb-idl.h \ + lib/ovn-inb-idl.ovsidl +EXTRA_DIST += lib/ovn-inb-idl.ann +OVN_INB_IDL_FILES = \ + $(srcdir)/ovn-inb.ovsschema \ + $(srcdir)/lib/ovn-inb-idl.ann +lib/ovn-inb-idl.ovsidl: $(OVN_INB_IDL_FILES) + $(AM_V_GEN)$(OVSDB_IDLC) annotate $(OVN_INB_IDL_FILES) > $@.tmp && \ + mv $@.tmp $@ + diff --git a/lib/ovn-inb-idl.ann b/lib/ovn-inb-idl.ann new file mode 100644 index 0000000..98be47d --- /dev/null +++ b/lib/ovn-inb-idl.ann @@ -0,0 +1,9 @@ +# -*- python -*- + +# This code, when invoked by "ovsdb-idlc annotate" (by the build +# process), annotates ovn-inb.ovsschema with additional data that give +# the ovsdb-idl engine information about the types involved, so that +# it can generate more programmer-friendly data structures. + +s["idlPrefix"] = "inbrec_" +s["idlHeader"] = "\"lib/ovn-inb-idl.h\"" diff --git a/lib/ovn-util.c b/lib/ovn-util.c index e67c3c0..23a362c 100644 --- a/lib/ovn-util.c +++ b/lib/ovn-util.c @@ -350,6 +350,19 @@ default_sb_db(void) return def; } +const char * +default_inb_db(void) +{ + static char *def; + if (!def) { + def = getenv("OVN_INB_DB"); + if (!def) { + def = xasprintf("unix:%s/ovninb_db.sock", ovn_rundir()); + } + } + return def; +} + char * get_abs_unix_ctl_path(void) { diff --git a/lib/ovn-util.h b/lib/ovn-util.h index b58208e..e31cf51 100644 --- a/lib/ovn-util.h +++ b/lib/ovn-util.h @@ -72,6 +72,7 @@ char *alloc_nat_zone_key(const struct uuid *key, const char *type); const char *default_nb_db(void); const char *default_sb_db(void); +const char *default_inb_db(void); char *get_abs_unix_ctl_path(void); struct ovsdb_idl_table_class; diff --git a/ovn-inb.ovsschema b/ovn-inb.ovsschema new file mode 100644 index 0000000..3acbb4c --- /dev/null +++ b/ovn-inb.ovsschema @@ -0,0 +1,75 @@ +{ + "name": "OVN_IC_Northbound", + "version": "1.0.0", + "cksum": "258158772 3381", + "tables": { + "INB_Global": { + "columns": { + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}, + "connections": { + "type": {"key": {"type": "uuid", + "refTable": "Connection"}, + "min": 0, + "max": "unlimited"}}, + "ssl": { + "type": {"key": {"type": "uuid", + "refTable": "SSL"}, + "min": 0, "max": 1}}, + "options": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}, + "maxRows": 1, + "isRoot": true}, + "Transit_Switch": { + "columns": { + "name": {"type": "string"}, + "other_config": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}, + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}, + "isRoot": true, + "indexes": [["name"]]}, + "Connection": { + "columns": { + "target": {"type": "string"}, + "max_backoff": {"type": {"key": {"type": "integer", + "minInteger": 1000}, + "min": 0, + "max": 1}}, + "inactivity_probe": {"type": {"key": "integer", + "min": 0, + "max": 1}}, + "other_config": {"type": {"key": "string", + "value": "string", + "min": 0, + "max": "unlimited"}}, + "external_ids": {"type": {"key": "string", + "value": "string", + "min": 0, + "max": "unlimited"}}, + "is_connected": {"type": "boolean", "ephemeral": true}, + "status": {"type": {"key": "string", + "value": "string", + "min": 0, + "max": "unlimited"}, + "ephemeral": true}}, + "indexes": [["target"]]}, + "SSL": { + "columns": { + "private_key": {"type": "string"}, + "certificate": {"type": "string"}, + "ca_cert": {"type": "string"}, + "bootstrap_ca_cert": {"type": "boolean"}, + "ssl_protocols": {"type": "string"}, + "ssl_ciphers": {"type": "string"}, + "external_ids": {"type": {"key": "string", + "value": "string", + "min": 0, + "max": "unlimited"}}}, + "maxRows": 1} + } +} diff --git a/ovn-inb.xml b/ovn-inb.xml new file mode 100644 index 0000000..e7ee335 --- /dev/null +++ b/ovn-inb.xml @@ -0,0 +1,371 @@ +<?xml version="1.0" encoding="utf-8"?> +<database name="ovn-inb" title="OVN Interconnection Northbound Database"> + <p> + This database is the interface for cloud management system (CMS), such as + OpenStack, to configure OVN interconnection settings. The CMS produces + almost all of the contents of the database. The <code>ovn-ic</code> + program monitors the database contents, transforms it, and stores it into + the <ref db="OVN_IC_Southbound"/> database. + </p> + + <p> + We generally speak of ``the'' CMS, but one can imagine scenarios in + which multiple CMSes manage different parts of OVN interconnection. + </p> + + <h2>External IDs</h2> + + <p> + Each of the tables in this database contains a special column, named + <code>external_ids</code>. This column has the same form and purpose each + place it appears. + </p> + + <dl> + <dt><code>external_ids</code>: map of string-string pairs</dt> + <dd> + Key-value pairs for use by the CMS. The CMS might use certain pairs, for + example, to identify entities in its own configuration that correspond to + those in this database. + </dd> + </dl> + + <table name="INB_Global" title="IC Northbound configuration"> + <p> + Northbound configuration for OVN interconnection. This table must have exactly + one row. + </p> + + <group title="Common Columns"> + <column name="external_ids"> + See <em>External IDs</em> at the beginning of this document. + </column> + </group> + + <group title="Common options"> + <column name="options"> + This column provides general key/value settings. The supported + options are described individually below. + </column> + </group> + + <group title="Connection Options"> + <column name="connections"> + Database clients to which the Open vSwitch database server should + connect or on which it should listen, along with options for how these + connections should be configured. See the <ref table="Connection"/> + table for more information. + </column> + <column name="ssl"> + Global SSL configuration. + </column> + </group> + </table> + + <table name="Transit_Switch" title="Transit logical switch"> + <p> + Each row represents one transit logical switch for interconnection between + different OVN deployments (availability zones). + </p> + + <group title="Naming"> + <column name="name"> + A name that uniquely identifies the transit logical switch. + </column> + </group> + + <group title="Common Columns"> + <column name="other_config"/> + <column name="external_ids"> + See <em>External IDs</em> at the beginning of this document. + </column> + </group> + </table> + + <table name="SSL"> + SSL configuration for ovn-nb database access. + + <column name="private_key"> + Name of a PEM file containing the private key used as the switch's + identity for SSL connections to the controller. + </column> + + <column name="certificate"> + Name of a PEM file containing a certificate, signed by the + certificate authority (CA) used by the controller and manager, + that certifies the switch's private key, identifying a trustworthy + switch. + </column> + + <column name="ca_cert"> + Name of a PEM file containing the CA certificate used to verify + that the switch is connected to a trustworthy controller. + </column> + + <column name="bootstrap_ca_cert"> + If set to <code>true</code>, then Open vSwitch will attempt to + obtain the CA certificate from the controller on its first SSL + connection and save it to the named PEM file. If it is successful, + it will immediately drop the connection and reconnect, and from then + on all SSL connections must be authenticated by a certificate signed + by the CA certificate thus obtained. <em>This option exposes the + SSL connection to a man-in-the-middle attack obtaining the initial + CA certificate.</em> It may still be useful for bootstrapping. + </column> + + <column name="ssl_protocols"> + List of SSL protocols to be enabled for SSL connections. The default + when this option is omitted is <code>TLSv1,TLSv1.1,TLSv1.2</code>. + </column> + + <column name="ssl_ciphers"> + List of ciphers (in OpenSSL cipher string format) to be supported + for SSL connections. The default when this option is omitted is + <code>HIGH:!aNULL:!MD5</code>. + </column> + + <group title="Common Columns"> + The overall purpose of these columns is described under <code>Common + Columns</code> at the beginning of this document. + + <column name="external_ids"/> + </group> + </table> + + <table name="Connection" title="OVSDB client connections."> + <p> + Configuration for a database connection to an Open vSwitch database + (OVSDB) client. + </p> + + <p> + This table primarily configures the Open vSwitch database server + (<code>ovsdb-server</code>). + </p> + + <p> + The Open vSwitch database server can initiate and maintain active + connections to remote clients. It can also listen for database + connections. + </p> + + <group title="Core Features"> + <column name="target"> + <p>Connection methods for clients.</p> + <p> + The following connection methods are currently supported: + </p> + <dl> + <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt> + <dd> + <p> + The specified SSL <var>port</var> on the host at the given + <var>host</var>, which can either be a DNS name (if built with + unbound library) or an IP address. A valid SSL configuration must + be provided when this form is used, this configuration can be + specified via command-line options or the <ref table="SSL"/> table. + </p> + <p> + If <var>port</var> is not specified, it defaults to 6640. + </p> + <p> + SSL support is an optional feature that is not always + built as part of Open vSwitch. + </p> + </dd> + + <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt> + <dd> + <p> + The specified TCP <var>port</var> on the host at the given + <var>host</var>, which can either be a DNS name (if built with + unbound library) or an IP address. If <var>host</var> is an IPv6 + address, wrap it in square brackets, e.g. <code>tcp:[::1]:6640</code>. + </p> + <p> + If <var>port</var> is not specified, it defaults to 6640. + </p> + </dd> + <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt> + <dd> + <p> + Listens for SSL connections on the specified TCP <var>port</var>. + Specify 0 for <var>port</var> to have the kernel automatically + choose an available port. If <var>host</var>, which can either + be a DNS name (if built with unbound library) or an IP address, + is specified, then connections are restricted to the resolved or + specified local IPaddress (either IPv4 or IPv6 address). If + <var>host</var> is an IPv6 address, wrap in square brackets, + e.g. <code>pssl:6640:[::1]</code>. If <var>host</var> is not + specified then it listens only on IPv4 (but not IPv6) addresses. + A valid SSL configuration must be provided when this form is used, + this can be specified either via command-line options or the + <ref table="SSL"/> table. + </p> + <p> + If <var>port</var> is not specified, it defaults to 6640. + </p> + <p> + SSL support is an optional feature that is not always built as + part of Open vSwitch. + </p> + </dd> + <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt> + <dd> + <p> + Listens for connections on the specified TCP <var>port</var>. + Specify 0 for <var>port</var> to have the kernel automatically + choose an available port. If <var>host</var>, which can either + be a DNS name (if built with unbound library) or an IP address, + is specified, then connections are restricted to the resolved or + specified local IP address (either IPv4 or IPv6 address). If + <var>host</var> is an IPv6 address, wrap it in square brackets, + e.g. <code>ptcp:6640:[::1]</code>. If <var>host</var> is not + specified then it listens only on IPv4 addresses. + </p> + <p> + If <var>port</var> is not specified, it defaults to 6640. + </p> + </dd> + </dl> + <p>When multiple clients are configured, the <ref column="target"/> + values must be unique. Duplicate <ref column="target"/> values yield + unspecified results.</p> + </column> + </group> + + <group title="Client Failure Detection and Handling"> + <column name="max_backoff"> + Maximum number of milliseconds to wait between connection attempts. + Default is implementation-specific. + </column> + + <column name="inactivity_probe"> + Maximum number of milliseconds of idle time on connection to the client + before sending an inactivity probe message. If Open vSwitch does not + communicate with the client for the specified number of seconds, it + will send a probe. If a response is not received for the same + additional amount of time, Open vSwitch assumes the connection has been + broken and attempts to reconnect. Default is implementation-specific. + A value of 0 disables inactivity probes. + </column> + </group> + + <group title="Status"> + <p> + Key-value pair of <ref column="is_connected"/> is always updated. + Other key-value pairs in the status columns may be updated depends + on the <ref column="target"/> type. + </p> + + <p> + When <ref column="target"/> specifies a connection method that + listens for inbound connections (e.g. <code>ptcp:</code> or + <code>punix:</code>), both <ref column="n_connections"/> and + <ref column="is_connected"/> may also be updated while the + remaining key-value pairs are omitted. + </p> + + <p> + On the other hand, when <ref column="target"/> specifies an + outbound connection, all key-value pairs may be updated, except + the above-mentioned two key-value pairs associated with inbound + connection targets. They are omitted. + </p> + + <column name="is_connected"> + <code>true</code> if currently connected to this client, + <code>false</code> otherwise. + </column> + + <column name="status" key="last_error"> + A human-readable description of the last error on the connection + to the manager; i.e. <code>strerror(errno)</code>. This key + will exist only if an error has occurred. + </column> + + <column name="status" key="state" + type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'> + <p> + The state of the connection to the manager: + </p> + <dl> + <dt><code>VOID</code></dt> + <dd>Connection is disabled.</dd> + + <dt><code>BACKOFF</code></dt> + <dd>Attempting to reconnect at an increasing period.</dd> + + <dt><code>CONNECTING</code></dt> + <dd>Attempting to connect.</dd> + + <dt><code>ACTIVE</code></dt> + <dd>Connected, remote host responsive.</dd> + + <dt><code>IDLE</code></dt> + <dd>Connection is idle. Waiting for response to keep-alive.</dd> + </dl> + <p> + These values may change in the future. They are provided only for + human consumption. + </p> + </column> + + <column name="status" key="sec_since_connect" + type='{"type": "integer", "minInteger": 0}'> + The amount of time since this client last successfully connected + to the database (in seconds). Value is empty if client has never + successfully been connected. + </column> + + <column name="status" key="sec_since_disconnect" + type='{"type": "integer", "minInteger": 0}'> + The amount of time since this client last disconnected from the + database (in seconds). Value is empty if client has never + disconnected. + </column> + + <column name="status" key="locks_held"> + Space-separated list of the names of OVSDB locks that the connection + holds. Omitted if the connection does not hold any locks. + </column> + + <column name="status" key="locks_waiting"> + Space-separated list of the names of OVSDB locks that the connection is + currently waiting to acquire. Omitted if the connection is not waiting + for any locks. + </column> + + <column name="status" key="locks_lost"> + Space-separated list of the names of OVSDB locks that the connection + has had stolen by another OVSDB client. Omitted if no locks have been + stolen from this connection. + </column> + + <column name="status" key="n_connections" + type='{"type": "integer", "minInteger": 2}'> + When <ref column="target"/> specifies a connection method that + listens for inbound connections (e.g. <code>ptcp:</code> or + <code>pssl:</code>) and more than one connection is actually active, + the value is the number of active connections. Otherwise, this + key-value pair is omitted. + </column> + + <column name="status" key="bound_port" type='{"type": "integer"}'> + When <ref column="target"/> is <code>ptcp:</code> or + <code>pssl:</code>, this is the TCP port on which the OVSDB server is + listening. (This is particularly useful when <ref + column="target"/> specifies a port of 0, allowing the kernel to + choose any available port.) + </column> + </group> + + <group title="Common Columns"> + The overall purpose of these columns is described under <code>Common + Columns</code> at the beginning of this document. + + <column name="external_ids"/> + <column name="other_config"/> + </group> + </table> +</database> diff --git a/tests/automake.mk b/tests/automake.mk index ed6240c..d978c05 100644 --- a/tests/automake.mk +++ b/tests/automake.mk @@ -24,6 +24,7 @@ TESTSUITE_AT = \ tests/ovn-northd.at \ tests/ovn-nbctl.at \ tests/ovn-sbctl.at \ + tests/ovn-inbctl.at \ tests/ovn-controller.at \ tests/ovn-controller-vtep.at \ tests/ovn-macros.at \ @@ -99,6 +100,7 @@ valgrind_wrappers = \ tests/valgrind/ovn-nbctl \ tests/valgrind/ovn-northd \ tests/valgrind/ovn-sbctl \ + tests/valgrind/ovn-inbctl \ tests/valgrind/ovs-appctl \ tests/valgrind/ovs-ofctl \ tests/valgrind/ovs-vsctl \ diff --git a/tests/ovn-inbctl.at b/tests/ovn-inbctl.at new file mode 100644 index 0000000..b5e107d --- /dev/null +++ b/tests/ovn-inbctl.at @@ -0,0 +1,65 @@ +AT_BANNER([ovn-inbctl]) + +# OVN_INBCTL_TEST_START +m4_define([OVN_INBCTL_TEST_START], + [dnl Create database (ovn-inb). + AT_KEYWORDS([inbctl]) + AT_CHECK([ovsdb-tool create ovn-inb.db $abs_top_srcdir/ovn-inb.ovsschema]) + + dnl Start ovsdb-servers. + AT_CHECK([ovsdb-server --detach --no-chdir --pidfile=ovninb_db.pid --unixctl=$OVS_RUNDIR/ovninb_db.ctl --log-file=ovsdb_inb.log --remote=punix:$OVS_RUNDIR/ovninb_db.sock ovn-inb.db ], [0], [], [stderr]) + on_exit "kill `cat ovninb_db.pid`" + AT_CHECK([[sed < stderr ' +/vlog|INFO|opened log file/d +/ovsdb_server|INFO|ovsdb-server (Open vSwitch)/d']]) + AT_CAPTURE_FILE([ovsdb-server.log]) +]) + +# OVN_INBCTL_TEST_STOP +m4_define([OVN_INBCTL_TEST_STOP], + [AT_CHECK([check_logs "$1"]) + OVS_APP_EXIT_AND_WAIT_BY_TARGET([$OVS_RUNDIR/ovninb_db.ctl], [$OVS_RUNDIR/ovninb_db.pid])]) + +dnl --------------------------------------------------------------------- + +AT_SETUP([ovn-inbctl]) +OVN_INBCTL_TEST_START + +AT_CHECK([ovn-inbctl ts-add ts0]) +AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl +<0> (ts0) +]) + +AT_CHECK([ovn-inbctl ts-add ts1]) +AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl +<0> (ts0) +<1> (ts1) +]) + +AT_CHECK([ovn-inbctl show | sort], [0], [dnl +Transit_Switch ts0 +Transit_Switch ts1 +]) + +AT_CHECK([ovn-inbctl ts-del ts1]) +AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl +<0> (ts0) +]) + +AT_CHECK([ovn-inbctl ts-add ts0], [1], [], + [ovn-inbctl: ts0: a transit switch with this name already exists +]) + +AT_CHECK([ovn-inbctl --may-exist ts-add ts0]) +AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl +<0> (ts0) +]) + +AT_CHECK([ovn-inbctl ts-del ts2], [1], [], + [ovn-inbctl: ts2: switch name not found +]) + +AT_CHECK([ovn-inbctl --if-exists ts-del ts2]) + +OVN_INBCTL_TEST_STOP +AT_CLEANUP diff --git a/tests/testsuite.at b/tests/testsuite.at index c1ba734..20dbccb 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -25,6 +25,7 @@ m4_include([tests/ovn.at]) m4_include([tests/ovn-northd.at]) m4_include([tests/ovn-nbctl.at]) m4_include([tests/ovn-sbctl.at]) +m4_include([tests/ovn-inbctl.at]) m4_include([tests/ovn-controller.at]) m4_include([tests/ovn-controller-vtep.at]) m4_include([tests/checkpatch.at]) diff --git a/utilities/.gitignore b/utilities/.gitignore index faaa85e..5321110 100644 --- a/utilities/.gitignore +++ b/utilities/.gitignore @@ -3,6 +3,8 @@ /ovn-nbctl.8 /ovn-sbctl /ovn-sbctl.8 +/ovn-inbctl +/ovn-inbctl.8 /ovn-appctl /ovn-appctl.8 /ovn-trace diff --git a/utilities/automake.mk b/utilities/automake.mk index 197cc70..30c52fa 100644 --- a/utilities/automake.mk +++ b/utilities/automake.mk @@ -7,6 +7,7 @@ man_MANS += \ utilities/ovn-ctl.8 \ utilities/ovn-nbctl.8 \ utilities/ovn-sbctl.8 \ + utilities/ovn-inbctl.8 \ utilities/ovn-trace.8 \ utilities/ovn-detrace.1 \ utilities/ovn-appctl.8 @@ -28,6 +29,7 @@ EXTRA_DIST += \ utilities/ovn-docker-overlay-driver.in \ utilities/ovn-docker-underlay-driver.in \ utilities/ovn-nbctl.8.xml \ + utilities/ovn-inbctl.8.xml \ utilities/ovn-appctl.8.xml \ utilities/ovn-trace.8.xml \ utilities/ovn-detrace.in \ @@ -48,6 +50,7 @@ CLEANFILES += \ utilities/ovn-docker-underlay-driver \ utilities/ovn-nbctl.8 \ utilities/ovn-sbctl.8 \ + utilities/ovn-inbctl.8 \ utilities/ovn-trace.8 \ utilities/ovn-detrace.1 \ utilities/ovn-detrace \ @@ -66,6 +69,11 @@ bin_PROGRAMS += utilities/ovn-sbctl utilities_ovn_sbctl_SOURCES = utilities/ovn-sbctl.c utilities_ovn_sbctl_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la $(OVS_LIBDIR)/libopenvswitch.la +# ovn-inbctl +bin_PROGRAMS += utilities/ovn-inbctl +utilities_ovn_inbctl_SOURCES = utilities/ovn-inbctl.c +utilities_ovn_inbctl_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la $(OVS_LIBDIR)/libopenvswitch.la + # ovn-trace bin_PROGRAMS += utilities/ovn-trace utilities_ovn_trace_SOURCES = utilities/ovn-trace.c diff --git a/utilities/ovn-inbctl.8.xml b/utilities/ovn-inbctl.8.xml new file mode 100644 index 0000000..fcd438b --- /dev/null +++ b/utilities/ovn-inbctl.8.xml @@ -0,0 +1,174 @@ +<?xml version="1.0" encoding="utf-8"?> +<manpage program="ovn-inbctl" section="8" title="ovn-inbctl"> + <h1>Name</h1> + <p>ovn-inbctl -- Open Virtual Network interconnection northbound db management utility</p> + + <h1>Synopsis</h1> + <p><code>ovn-inbctl</code> [<var>options</var>] <var>command</var> [<var>arg</var>...]</p> + + <h1>Description</h1> + <p>This utility can be used to manage the OVN interconnection northbound database.</p> + + <h1>General Commands</h1> + + <dl> + <dt><code>init</code></dt> + <dd> + Initializes the database, if it is empty. If the database has already + been initialized, this command has no effect. + </dd> + + <dt><code>show</code></dt> + <dd> + Prints a brief overview of the database contents. + </dd> + </dl> + + <h1>Transit Switch Commands</h1> + + <dl> + <dt>[<code>--may-exist</code>] <code>ts-add</code> <var>switch</var></dt> + <dd> + <p> + Creates a new transit switch named <var>switch</var>. + </p> + + <p> + Transit switch names must be unique. Adding a duplicated name results + in error. With <code>--may-exist</code>, adding a duplicate name + succeeds but does not create a new transit switch. + </p> + </dd> + + <dt>[<code>--if-exists</code>] <code>ts-del</code> <var>switch</var></dt> + <dd> + Deletes <var>switch</var>. It is an error if <var>switch</var> does + not exist, unless <code>--if-exists</code> is specified. + </dd> + + <dt><code>ts-list</code></dt> + <dd> + Lists all existing switches on standard output, one per line. + </dd> + </dl> + + <h1>Database Commands</h1> + <p>These commands query and modify the contents of <code>ovsdb</code> tables. + They are a slight abstraction of the <code>ovsdb</code> interface and + as such they operate at a lower level than other <code>ovn-inbctl</code> commands.</p> + <p><var>Identifying Tables, Records, and Columns</var></p> + <p>Each of these commands has a <var>table</var> parameter to identify a table + within the database. Many of them also take a <var>record</var> parameter + that identifies a particular record within a table. The <var>record</var> + parameter may be the UUID for a record, which may be abbreviated to its + first 4 (or more) hex digits, as long as that is unique. Many tables offer + additional ways to identify records. Some commands also take + <var>column</var> parameters that identify a particular field within the + records in a table.</p> + + <p> + For a list of tables and their columns, see <code>ovn-inb</code>(5) or + see the table listing from the <code>--help</code> option. + </p> + + <p> + Record names must be specified in full and with correct capitalization, + except that UUIDs may be abbreviated to their first 4 (or more) hex + digits, as long as that is unique within the table. Names of tables and + columns are not case-sensitive, and <code>-</code> and <code>_</code> are + treated interchangeably. Unique abbreviations of table and column names + are acceptable, e.g. <code>t</code> or <code>transit</code> is sufficient + to identify the <code>Transit_Switch</code> table. + </p> + + <xi:include href="lib/db-ctl-base.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> + + <h1>Remote Connectivity Commands</h1> + <dl> + <dt><code>get-connection</code></dt> + <dd> + Prints the configured connection(s). + </dd> + + <dt><code>del-connection</code></dt> + <dd> + Deletes the configured connection(s). + </dd> + + <dt>[<code>--inactivity-probe=</code><var>msecs</var>] <code>set-connection</code> <var>target</var>...</dt> + <dd> + Sets the configured manager target or targets. Use + <code>--inactivity-probe=</code><var>msecs</var> to override the default + idle connection inactivity probe time. Use 0 to disable inactivity probes. + </dd> + </dl> + + <h1>SSL Configuration Commands</h1> + <dl> + <dt><code>get-ssl</code></dt> + <dd> + Prints the SSL configuration. + </dd> + + <dt><code>del-ssl</code></dt> + <dd> + Deletes the current SSL configuration. + </dd> + + <dt>[<code>--bootstrap</code>] <code>set-ssl</code> + <var>private-key</var> <var>certificate</var> <var>ca-cert</var> + [<var>ssl-protocol-list</var> [<var>ssl-cipher-list</var>]]</dt> + <dd> + Sets the SSL configuration. + </dd> + </dl> + + <h1>Options</h1> + + <dl> + <dt><code>--db</code> <var>database</var></dt> + <dd> + The OVSDB database remote to contact. If the <env>OVN_INB_DB</env> + environment variable is set, its value is used as the default. + Otherwise, the default is <code>unix:@RUNDIR@/ovninb_db.sock</code>, but this + default is unlikely to be useful outside of single-machine OVN test + environments. + </dd> + + <dt><code>--leader-only</code></dt> + <dt><code>--no-leader-only</code></dt> + <dd> + By default, or with <code>--leader-only</code>, when the database server + is a clustered database, <code>ovn-inbctl</code> will avoid servers other + than the cluster leader. This ensures that any data that + <code>ovn-inbctl</code> reads and reports is up-to-date. With + <code>--no-leader-only</code>, <code>ovn-inbctl</code> will use any server + in the cluster, which means that for read-only transactions it can report + and act on stale data (transactions that modify the database are always + serialized even with <code>--no-leader-only</code>). Refer to + <code>Understanding Cluster Consistency</code> in <code>ovsdb</code>(7) + for more information. + </dd> + </dl> + + <h1>Logging options</h1> + <xi:include href="lib/vlog.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> + + <h1>Table Formatting Options</h1> + These options control the format of output from the <code>list</code> and + <code>find</code> commands. + <xi:include href="lib/table.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> + + <h2>PKI Options</h2> + <p> + PKI configuration is required to use SSL for the connection to the + database. + </p> + <xi:include href="lib/ssl.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> + <xi:include href="lib/ssl-bootstrap.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> + + <h2>Other Options</h2> + + <xi:include href="lib/common.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> + +</manpage> diff --git a/utilities/ovn-inbctl.c b/utilities/ovn-inbctl.c new file mode 100644 index 0000000..a2a6479 --- /dev/null +++ b/utilities/ovn-inbctl.c @@ -0,0 +1,948 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <config.h> + +#include <ctype.h> +#include <getopt.h> +#include <inttypes.h> +#include <stdarg.h> +#include <stdlib.h> + +#include "command-line.h" +#include "compiler.h" +#include "db-ctl-base.h" +#include "dirs.h" +#include "fatal-signal.h" +#include "openvswitch/dynamic-string.h" +#include "openvswitch/json.h" +#include "openvswitch/shash.h" +#include "openvswitch/vconn.h" +#include "openvswitch/vlog.h" +#include "lib/ovn-inb-idl.h" +#include "lib/ovn-util.h" +#include "openvswitch/poll-loop.h" +#include "process.h" +#include "sset.h" +#include "stream-ssl.h" +#include "stream.h" +#include "table.h" +#include "timeval.h" +#include "util.h" +#include "svec.h" + +VLOG_DEFINE_THIS_MODULE(inbctl); + +struct inbctl_context; + +/* --db: The database server to contact. */ +static const char *db; + +/* --oneline: Write each command's output as a single line? */ +static bool oneline; + +/* --dry-run: Do not commit any changes. */ +static bool dry_run; + +/* --timeout: Time to wait for a connection to 'db'. */ +static unsigned int timeout; + +/* Format for table output. */ +static struct table_style table_style = TABLE_STYLE_DEFAULT; + +/* The IDL we're using and the current transaction, if any. + * This is for use by inbctl_exit() only, to allow it to clean up. + * Other code should use its context arguments. */ +static struct ovsdb_idl *the_idl; +static struct ovsdb_idl_txn *the_idl_txn; +OVS_NO_RETURN static void inbctl_exit(int status); + +/* --leader-only, --no-leader-only: Only accept the leader in a cluster. */ +static int leader_only = true; + +static void inbctl_cmd_init(void); +OVS_NO_RETURN static void usage(void); +static void parse_options(int argc, char *argv[], struct shash *local_options); +static void run_prerequisites(struct ctl_command[], size_t n_commands, + struct ovsdb_idl *); +static bool do_inbctl(const char *args, struct ctl_command *, size_t n, + struct ovsdb_idl *); + +int +main(int argc, char *argv[]) +{ + struct ovsdb_idl *idl; + struct ctl_command *commands; + struct shash local_options; + unsigned int seqno; + size_t n_commands; + + set_program_name(argv[0]); + fatal_ignore_sigpipe(); + vlog_set_levels(NULL, VLF_CONSOLE, VLL_WARN); + vlog_set_levels_from_string_assert("reconnect:warn"); + + inbctl_cmd_init(); + + /* Parse command line. */ + char *args = process_escape_args(argv); + shash_init(&local_options); + parse_options(argc, argv, &local_options); + char *error = ctl_parse_commands(argc - optind, argv + optind, + &local_options, &commands, &n_commands); + if (error) { + ctl_fatal("%s", error); + } + VLOG(ctl_might_write_to_db(commands, n_commands) ? VLL_INFO : VLL_DBG, + "Called as %s", args); + + ctl_timeout_setup(timeout); + + /* Initialize IDL. */ + idl = the_idl = ovsdb_idl_create(db, &inbrec_idl_class, true, false); + ovsdb_idl_set_leader_only(idl, leader_only); + run_prerequisites(commands, n_commands, idl); + + /* Execute the commands. + * + * 'seqno' is the database sequence number for which we last tried to + * execute our transaction. There's no point in trying to commit more than + * once for any given sequence number, because if the transaction fails + * it's because the database changed and we need to obtain an up-to-date + * view of the database before we try the transaction again. */ + seqno = ovsdb_idl_get_seqno(idl); + for (;;) { + ovsdb_idl_run(idl); + if (!ovsdb_idl_is_alive(idl)) { + int retval = ovsdb_idl_get_last_error(idl); + ctl_fatal("%s: database connection failed (%s)", + db, ovs_retval_to_string(retval)); + } + + if (seqno != ovsdb_idl_get_seqno(idl)) { + seqno = ovsdb_idl_get_seqno(idl); + if (do_inbctl(args, commands, n_commands, idl)) { + free(args); + exit(EXIT_SUCCESS); + } + } + + if (seqno == ovsdb_idl_get_seqno(idl)) { + ovsdb_idl_wait(idl); + poll_block(); + } + } +} + +static void +parse_options(int argc, char *argv[], struct shash *local_options) +{ + enum { + OPT_DB = UCHAR_MAX + 1, + OPT_ONELINE, + OPT_NO_SYSLOG, + OPT_DRY_RUN, + OPT_LOCAL, + OPT_COMMANDS, + OPT_OPTIONS, + OPT_BOOTSTRAP_CA_CERT, + VLOG_OPTION_ENUMS, + TABLE_OPTION_ENUMS, + SSL_OPTION_ENUMS, + }; + static const struct option global_long_options[] = { + {"db", required_argument, NULL, OPT_DB}, + {"no-syslog", no_argument, NULL, OPT_NO_SYSLOG}, + {"dry-run", no_argument, NULL, OPT_DRY_RUN}, + {"oneline", no_argument, NULL, OPT_ONELINE}, + {"timeout", required_argument, NULL, 't'}, + {"help", no_argument, NULL, 'h'}, + {"commands", no_argument, NULL, OPT_COMMANDS}, + {"options", no_argument, NULL, OPT_OPTIONS}, + {"leader-only", no_argument, &leader_only, true}, + {"no-leader-only", no_argument, &leader_only, false}, + {"version", no_argument, NULL, 'V'}, + VLOG_LONG_OPTIONS, + STREAM_SSL_LONG_OPTIONS, + {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT}, + TABLE_LONG_OPTIONS, + {NULL, 0, NULL, 0}, + }; + const int n_global_long_options = ARRAY_SIZE(global_long_options) - 1; + char *tmp, *short_options; + + struct option *options; + size_t allocated_options; + size_t n_options; + size_t i; + + tmp = ovs_cmdl_long_options_to_short_options(global_long_options); + short_options = xasprintf("+%s", tmp); + free(tmp); + + /* We want to parse both global and command-specific options here, but + * getopt_long() isn't too convenient for the job. We copy our global + * options into a dynamic array, then append all of the command-specific + * options. */ + options = xmemdup(global_long_options, sizeof global_long_options); + allocated_options = ARRAY_SIZE(global_long_options); + n_options = n_global_long_options; + ctl_add_cmd_options(&options, &n_options, &allocated_options, OPT_LOCAL); + + for (;;) { + int idx; + int c; + + c = getopt_long(argc, argv, short_options, options, &idx); + if (c == -1) { + break; + } + + switch (c) { + case OPT_DB: + db = optarg; + break; + + case OPT_ONELINE: + oneline = true; + break; + + case OPT_NO_SYSLOG: + vlog_set_levels(&this_module, VLF_SYSLOG, VLL_WARN); + break; + + case OPT_DRY_RUN: + dry_run = true; + break; + + case OPT_LOCAL: + if (shash_find(local_options, options[idx].name)) { + ctl_fatal("'%s' option specified multiple times", + options[idx].name); + } + shash_add_nocopy(local_options, + xasprintf("--%s", options[idx].name), + nullable_xstrdup(optarg)); + break; + + case 'h': + usage(); + + case OPT_COMMANDS: + ctl_print_commands(); + /* fall through */ + + case OPT_OPTIONS: + ctl_print_options(global_long_options); + /* fall through */ + + case 'V': + ovs_print_version(0, 0); + printf("DB Schema %s\n", inbrec_get_db_version()); + exit(EXIT_SUCCESS); + + case 't': + if (!str_to_uint(optarg, 10, &timeout) || !timeout) { + ctl_fatal("value %s on -t or --timeout is invalid", optarg); + } + break; + + VLOG_OPTION_HANDLERS + TABLE_OPTION_HANDLERS(&table_style) + STREAM_SSL_OPTION_HANDLERS + + case OPT_BOOTSTRAP_CA_CERT: + stream_ssl_set_ca_cert_file(optarg, true); + break; + + case '?': + exit(EXIT_FAILURE); + + default: + ovs_abort(0, "Internal error when parsing option %d.", c); + + case 0: + break; + } + } + free(short_options); + + if (!db) { + db = default_inb_db(); + } + + for (i = n_global_long_options; options[i].name; i++) { + free(CONST_CAST(char *, options[i].name)); + } + free(options); +} + +static void +usage(void) +{ + printf("\ +%s: OVN interconnection northbound DB management utility\n\ +\n\ +usage: %s [OPTIONS] COMMAND [ARG...]\n\ +\n\ +General commands:\n\ + init initialize the database\n\ + show print overview of database contents\n\ +\n\ +Transit switch commands:\n\ + ts-add SWITCH create a transit switch named SWITCH\n\ + ts-del SWITCH delete SWITCH\n\ + ts-list print all transit switches\n\ +\n\ +Connection commands:\n\ + get-connection print the connections\n\ + del-connection delete the connections\n\ + [--inactivity-probe=MSECS]\n\ + set-connection TARGET... set the list of connections to TARGET...\n\ +\n\ +SSL commands:\n\ + get-ssl print the SSL configuration\n\ + del-ssl delete the SSL configuration\n\ + set-ssl PRIV-KEY CERT CA-CERT [SSL-PROTOS [SSL-CIPHERS]] \ +set the SSL configuration\n\ +\n\ +%s\ +%s\ +\n\ +Options:\n\ + --db=DATABASE connect to DATABASE\n\ + (default: %s)\n\ + --no-leader-only accept any cluster member, not just the leader\n\ + -t, --timeout=SECS wait at most SECS seconds\n\ + --dry-run do not commit changes to database\n\ + --oneline print exactly one line of output per command\n", + program_name, program_name, ctl_get_db_cmd_usage(), + ctl_list_db_tables_usage(), default_inb_db()); + table_usage(); + vlog_usage(); + printf("\ + --no-syslog equivalent to --verbose=inbctl:syslog:warn\n"); + printf("\n\ +Other options:\n\ + -h, --help display this help message\n\ + -V, --version display version information\n"); + stream_usage("database", true, true, true); + exit(EXIT_SUCCESS); +} + + +/* ovs-inbctl specific context. Inherits the 'struct ctl_context' as base. + * Now empty, just keep the framework for future additions. */ +struct inbctl_context { + struct ctl_context base; + + /* A cache of the contents of the database. + * + * A command that needs to use any of this information must first call + * inbctl_context_populate_cache(). A command that changes anything that + * could invalidate the cache must either call + * inbctl_context_invalidate_cache() or manually update the cache to + * maintain its correctness. */ + bool cache_valid; +}; + +static struct cmd_show_table cmd_show_tables[] = { + {&inbrec_table_transit_switch, + &inbrec_transit_switch_col_name, + {NULL}, + {NULL, NULL, NULL}}, + + {NULL, NULL, {NULL, NULL, NULL}, {NULL, NULL, NULL}}, +}; + +static void +inbctl_init(struct ctl_context *ctx OVS_UNUSED) +{ +} + +static void +inbctl_ts_add(struct ctl_context *ctx) +{ + const char *ts_name = ctx->argv[1]; + bool may_exist = shash_find(&ctx->options, "--may-exist") != NULL; + + const struct inbrec_transit_switch *ts; + INBREC_TRANSIT_SWITCH_FOR_EACH (ts, ctx->idl) { + if (!strcmp(ts->name, ts_name)) { + if (may_exist) { + return; + } + ctl_error(ctx, "%s: a transit switch with this name already " + "exists", ts_name); + return; + } + } + + ts = inbrec_transit_switch_insert(ctx->txn); + inbrec_transit_switch_set_name(ts, ts_name); +} + +static char * +ts_by_name_or_uuid(struct ctl_context *ctx, const char *id, bool must_exist, + const struct inbrec_transit_switch **ts_p) +{ + const struct inbrec_transit_switch *ts = NULL; + *ts_p = NULL; + + struct uuid ts_uuid; + bool is_uuid = uuid_from_string(&ts_uuid, id); + if (is_uuid) { + ts = inbrec_transit_switch_get_for_uuid(ctx->idl, &ts_uuid); + } + + if (!ts) { + const struct inbrec_transit_switch *iter; + + INBREC_TRANSIT_SWITCH_FOR_EACH (iter, ctx->idl) { + if (!strcmp(iter->name, id)) { + ts = iter; + break; + } + } + } + + if (!ts && must_exist) { + return xasprintf("%s: switch %s not found", + id, is_uuid ? "UUID" : "name"); + } + + *ts_p = ts; + return NULL; +} + +static void +inbctl_ts_del(struct ctl_context *ctx) +{ + bool must_exist = !shash_find(&ctx->options, "--if-exists"); + const char *id = ctx->argv[1]; + const struct inbrec_transit_switch *ts = NULL; + + char *error = ts_by_name_or_uuid(ctx, id, must_exist, &ts); + if (error) { + ctx->error = error; + return; + } + if (!ts) { + return; + } + + inbrec_transit_switch_delete(ts); +} + +static void +inbctl_ts_list(struct ctl_context *ctx) +{ + const struct inbrec_transit_switch *ts; + struct smap switches; + + smap_init(&switches); + INBREC_TRANSIT_SWITCH_FOR_EACH (ts, ctx->idl) { + smap_add_format(&switches, ts->name, UUID_FMT " (%s)", + UUID_ARGS(&ts->header_.uuid), ts->name); + } + const struct smap_node **nodes = smap_sort(&switches); + for (size_t i = 0; i < smap_count(&switches); i++) { + const struct smap_node *node = nodes[i]; + ds_put_format(&ctx->output, "%s\n", node->value); + } + smap_destroy(&switches); + free(nodes); +} +static void +verify_connections(struct ctl_context *ctx) +{ + const struct inbrec_inb_global *inb_global = + inbrec_inb_global_first(ctx->idl); + const struct inbrec_connection *conn; + + inbrec_inb_global_verify_connections(inb_global); + + INBREC_CONNECTION_FOR_EACH (conn, ctx->idl) { + inbrec_connection_verify_target(conn); + } +} + +static void +pre_connection(struct ctl_context *ctx) +{ + ovsdb_idl_add_column(ctx->idl, &inbrec_inb_global_col_connections); + ovsdb_idl_add_column(ctx->idl, &inbrec_connection_col_target); + ovsdb_idl_add_column(ctx->idl, &inbrec_connection_col_inactivity_probe); +} + +static void +cmd_get_connection(struct ctl_context *ctx) +{ + const struct inbrec_connection *conn; + struct svec targets; + size_t i; + + verify_connections(ctx); + + /* Print the targets in sorted order for reproducibility. */ + svec_init(&targets); + + INBREC_CONNECTION_FOR_EACH (conn, ctx->idl) { + svec_add(&targets, conn->target); + } + + svec_sort_unique(&targets); + for (i = 0; i < targets.n; i++) { + ds_put_format(&ctx->output, "%s\n", targets.names[i]); + } + svec_destroy(&targets); +} + +static void +delete_connections(struct ctl_context *ctx) +{ + const struct inbrec_inb_global *inb_global = + inbrec_inb_global_first(ctx->idl); + const struct inbrec_connection *conn, *next; + + /* Delete Manager rows pointed to by 'connection_options' column. */ + INBREC_CONNECTION_FOR_EACH_SAFE (conn, next, ctx->idl) { + inbrec_connection_delete(conn); + } + + /* Delete 'Manager' row refs in 'manager_options' column. */ + inbrec_inb_global_set_connections(inb_global, NULL, 0); +} + +static void +cmd_del_connection(struct ctl_context *ctx) +{ + verify_connections(ctx); + delete_connections(ctx); +} + +static void +insert_connections(struct ctl_context *ctx, char *targets[], size_t n) +{ + const struct inbrec_inb_global *inb_global = + inbrec_inb_global_first(ctx->idl); + struct inbrec_connection **connections; + size_t i, conns = 0; + const char *inactivity_probe = shash_find_data(&ctx->options, + "--inactivity-probe"); + + /* Insert each connection in a new row in Connection table. */ + connections = xmalloc(n * sizeof *connections); + for (i = 0; i < n; i++) { + if (stream_verify_name(targets[i]) && + pstream_verify_name(targets[i])) { + VLOG_WARN("target type \"%s\" is possibly erroneous", targets[i]); + } + + connections[conns] = inbrec_connection_insert(ctx->txn); + inbrec_connection_set_target(connections[conns], targets[i]); + if (inactivity_probe) { + int64_t msecs = atoll(inactivity_probe); + inbrec_connection_set_inactivity_probe(connections[conns], + &msecs, 1); + } + conns++; + } + + /* Store uuids of new connection rows in 'connection' column. */ + inbrec_inb_global_set_connections(inb_global, connections, conns); + free(connections); +} + +static void +cmd_set_connection(struct ctl_context *ctx) +{ + const size_t n = ctx->argc - 1; + + verify_connections(ctx); + delete_connections(ctx); + insert_connections(ctx, &ctx->argv[1], n); +} + +static void +pre_cmd_get_ssl(struct ctl_context *ctx) +{ + ovsdb_idl_add_column(ctx->idl, &inbrec_inb_global_col_ssl); + + ovsdb_idl_add_column(ctx->idl, &inbrec_ssl_col_private_key); + ovsdb_idl_add_column(ctx->idl, &inbrec_ssl_col_certificate); + ovsdb_idl_add_column(ctx->idl, &inbrec_ssl_col_ca_cert); + ovsdb_idl_add_column(ctx->idl, &inbrec_ssl_col_bootstrap_ca_cert); +} + +static void +cmd_get_ssl(struct ctl_context *ctx) +{ + const struct inbrec_inb_global *inb_global = + inbrec_inb_global_first(ctx->idl); + const struct inbrec_ssl *ssl = inbrec_ssl_first(ctx->idl); + + inbrec_inb_global_verify_ssl(inb_global); + if (ssl) { + inbrec_ssl_verify_private_key(ssl); + inbrec_ssl_verify_certificate(ssl); + inbrec_ssl_verify_ca_cert(ssl); + inbrec_ssl_verify_bootstrap_ca_cert(ssl); + + ds_put_format(&ctx->output, "Private key: %s\n", ssl->private_key); + ds_put_format(&ctx->output, "Certificate: %s\n", ssl->certificate); + ds_put_format(&ctx->output, "CA Certificate: %s\n", ssl->ca_cert); + ds_put_format(&ctx->output, "Bootstrap: %s\n", + ssl->bootstrap_ca_cert ? "true" : "false"); + } +} + +static void +pre_cmd_del_ssl(struct ctl_context *ctx) +{ + ovsdb_idl_add_column(ctx->idl, &inbrec_inb_global_col_ssl); +} + +static void +cmd_del_ssl(struct ctl_context *ctx) +{ + const struct inbrec_inb_global *inb_global = + inbrec_inb_global_first(ctx->idl); + const struct inbrec_ssl *ssl = inbrec_ssl_first(ctx->idl); + + if (ssl) { + inbrec_inb_global_verify_ssl(inb_global); + inbrec_ssl_delete(ssl); + inbrec_inb_global_set_ssl(inb_global, NULL); + } +} + +static void +pre_cmd_set_ssl(struct ctl_context *ctx) +{ + ovsdb_idl_add_column(ctx->idl, &inbrec_inb_global_col_ssl); +} + +static void +cmd_set_ssl(struct ctl_context *ctx) +{ + bool bootstrap = shash_find(&ctx->options, "--bootstrap"); + const struct inbrec_inb_global *inb_global = + inbrec_inb_global_first(ctx->idl); + const struct inbrec_ssl *ssl = inbrec_ssl_first(ctx->idl); + + inbrec_inb_global_verify_ssl(inb_global); + if (ssl) { + inbrec_ssl_delete(ssl); + } + ssl = inbrec_ssl_insert(ctx->txn); + + inbrec_ssl_set_private_key(ssl, ctx->argv[1]); + inbrec_ssl_set_certificate(ssl, ctx->argv[2]); + inbrec_ssl_set_ca_cert(ssl, ctx->argv[3]); + + inbrec_ssl_set_bootstrap_ca_cert(ssl, bootstrap); + + if (ctx->argc == 5) { + inbrec_ssl_set_ssl_protocols(ssl, ctx->argv[4]); + } else if (ctx->argc == 6) { + inbrec_ssl_set_ssl_protocols(ssl, ctx->argv[4]); + inbrec_ssl_set_ssl_ciphers(ssl, ctx->argv[5]); + } + + inbrec_inb_global_set_ssl(inb_global, ssl); +} + + +static const struct ctl_table_class tables[INBREC_N_TABLES] = { + [INBREC_TABLE_TRANSIT_SWITCH].row_ids[0] = + {&inbrec_transit_switch_col_name, NULL, NULL}, +}; + + +static void +inbctl_context_init_command(struct inbctl_context *inbctl_ctx, + struct ctl_command *command) +{ + ctl_context_init_command(&inbctl_ctx->base, command); +} + +static void +inbctl_context_init(struct inbctl_context *inbctl_ctx, + struct ctl_command *command, struct ovsdb_idl *idl, + struct ovsdb_idl_txn *txn, + struct ovsdb_symbol_table *symtab) +{ + ctl_context_init(&inbctl_ctx->base, command, idl, txn, symtab, + NULL); + inbctl_ctx->cache_valid = false; +} + +static void +inbctl_context_done_command(struct inbctl_context *inbctl_ctx, + struct ctl_command *command) +{ + ctl_context_done_command(&inbctl_ctx->base, command); +} + +static void +inbctl_context_done(struct inbctl_context *inbctl_ctx, + struct ctl_command *command) +{ + ctl_context_done(&inbctl_ctx->base, command); +} + +static void +run_prerequisites(struct ctl_command *commands, size_t n_commands, + struct ovsdb_idl *idl) +{ + ovsdb_idl_add_table(idl, &inbrec_table_inb_global); + + for (struct ctl_command *c = commands; c < &commands[n_commands]; c++) { + if (c->syntax->prerequisites) { + struct inbctl_context inbctl_ctx; + + ds_init(&c->output); + c->table = NULL; + + inbctl_context_init(&inbctl_ctx, c, idl, NULL, NULL); + (c->syntax->prerequisites)(&inbctl_ctx.base); + if (inbctl_ctx.base.error) { + ctl_fatal("%s", inbctl_ctx.base.error); + } + inbctl_context_done(&inbctl_ctx, c); + + ovs_assert(!c->output.string); + ovs_assert(!c->table); + } + } +} + +static bool +do_inbctl(const char *args, struct ctl_command *commands, size_t n_commands, + struct ovsdb_idl *idl) +{ + struct ovsdb_idl_txn *txn; + enum ovsdb_idl_txn_status status; + struct ovsdb_symbol_table *symtab; + struct inbctl_context inbctl_ctx; + struct ctl_command *c; + struct shash_node *node; + + txn = the_idl_txn = ovsdb_idl_txn_create(idl); + if (dry_run) { + ovsdb_idl_txn_set_dry_run(txn); + } + + ovsdb_idl_txn_add_comment(txn, "ovs-inbctl: %s", args); + + const struct inbrec_inb_global *inb = inbrec_inb_global_first(idl); + if (!inb) { + /* XXX add verification that table is empty */ + inbrec_inb_global_insert(txn); + } + + symtab = ovsdb_symbol_table_create(); + for (c = commands; c < &commands[n_commands]; c++) { + ds_init(&c->output); + c->table = NULL; + } + inbctl_context_init(&inbctl_ctx, NULL, idl, txn, symtab); + for (c = commands; c < &commands[n_commands]; c++) { + inbctl_context_init_command(&inbctl_ctx, c); + if (c->syntax->run) { + (c->syntax->run)(&inbctl_ctx.base); + } + if (inbctl_ctx.base.error) { + ctl_fatal("%s", inbctl_ctx.base.error); + } + inbctl_context_done_command(&inbctl_ctx, c); + + if (inbctl_ctx.base.try_again) { + inbctl_context_done(&inbctl_ctx, NULL); + goto try_again; + } + } + inbctl_context_done(&inbctl_ctx, NULL); + + SHASH_FOR_EACH (node, &symtab->sh) { + struct ovsdb_symbol *symbol = node->data; + if (!symbol->created) { + ctl_fatal("row id \"%s\" is referenced but never created (e.g. " + "with \"-- --id=%s create ...\")", + node->name, node->name); + } + if (!symbol->strong_ref) { + if (!symbol->weak_ref) { + VLOG_WARN("row id \"%s\" was created but no reference to it " + "was inserted, so it will not actually appear in " + "the database", node->name); + } else { + VLOG_WARN("row id \"%s\" was created but only a weak " + "reference to it was inserted, so it will not " + "actually appear in the database", node->name); + } + } + } + + status = ovsdb_idl_txn_commit_block(txn); + if (status == TXN_UNCHANGED || status == TXN_SUCCESS) { + for (c = commands; c < &commands[n_commands]; c++) { + if (c->syntax->postprocess) { + inbctl_context_init(&inbctl_ctx, c, idl, txn, symtab); + (c->syntax->postprocess)(&inbctl_ctx.base); + if (inbctl_ctx.base.error) { + ctl_fatal("%s", inbctl_ctx.base.error); + } + inbctl_context_done(&inbctl_ctx, c); + } + } + } + + switch (status) { + case TXN_UNCOMMITTED: + case TXN_INCOMPLETE: + OVS_NOT_REACHED(); + + case TXN_ABORTED: + /* Should not happen--we never call ovsdb_idl_txn_abort(). */ + ctl_fatal("transaction aborted"); + + case TXN_UNCHANGED: + case TXN_SUCCESS: + break; + + case TXN_TRY_AGAIN: + goto try_again; + + case TXN_ERROR: + ctl_fatal("transaction error: %s", ovsdb_idl_txn_get_error(txn)); + + case TXN_NOT_LOCKED: + /* Should not happen--we never call ovsdb_idl_set_lock(). */ + ctl_fatal("database not locked"); + + default: + OVS_NOT_REACHED(); + } + + ovsdb_symbol_table_destroy(symtab); + + for (c = commands; c < &commands[n_commands]; c++) { + struct ds *ds = &c->output; + + if (c->table) { + table_print(c->table, &table_style); + } else if (oneline) { + size_t j; + + ds_chomp(ds, '\n'); + for (j = 0; j < ds->length; j++) { + int ch = ds->string[j]; + switch (ch) { + case '\n': + fputs("\\n", stdout); + break; + + case '\\': + fputs("\\\\", stdout); + break; + + default: + putchar(ch); + } + } + putchar('\n'); + } else { + fputs(ds_cstr(ds), stdout); + } + ds_destroy(&c->output); + table_destroy(c->table); + free(c->table); + + shash_destroy_free_data(&c->options); + } + free(commands); + ovsdb_idl_txn_destroy(txn); + ovsdb_idl_destroy(idl); + + return true; + +try_again: + /* Our transaction needs to be rerun, or a prerequisite was not met. Free + * resources and return so that the caller can try again. */ + ovsdb_idl_txn_abort(txn); + ovsdb_idl_txn_destroy(txn); + the_idl_txn = NULL; + + ovsdb_symbol_table_destroy(symtab); + for (c = commands; c < &commands[n_commands]; c++) { + ds_destroy(&c->output); + table_destroy(c->table); + free(c->table); + } + return false; +} + +/* Frees the current transaction and the underlying IDL and then calls + * exit(status). + * + * Freeing the transaction and the IDL is not strictly necessary, but it makes + * for a clean memory leak report from valgrind in the normal case. That makes + * it easier to notice real memory leaks. */ +static void +inbctl_exit(int status) +{ + if (the_idl_txn) { + ovsdb_idl_txn_abort(the_idl_txn); + ovsdb_idl_txn_destroy(the_idl_txn); + } + ovsdb_idl_destroy(the_idl); + exit(status); +} + +static const struct ctl_command_syntax inbctl_commands[] = { + { "init", 0, 0, "", NULL, inbctl_init, NULL, "", RW }, + + /* transit switch commands. */ + { "ts-add", 1, 1, "SWITCH", NULL, inbctl_ts_add, NULL, "--may-exist", RW }, + { "ts-del", 1, 1, "SWITCH", NULL, inbctl_ts_del, NULL, "--if-exists", RW }, + { "ts-list", 0, 0, "", NULL, inbctl_ts_list, NULL, "", RO }, + + /* Connection commands. */ + {"get-connection", 0, 0, "", pre_connection, cmd_get_connection, NULL, "", + RO}, + {"del-connection", 0, 0, "", pre_connection, cmd_del_connection, NULL, "", + RW}, + {"set-connection", 1, INT_MAX, "TARGET...", pre_connection, + cmd_set_connection, NULL, "--inactivity-probe=", RW}, + + /* SSL commands. */ + {"get-ssl", 0, 0, "", pre_cmd_get_ssl, cmd_get_ssl, NULL, "", RO}, + {"del-ssl", 0, 0, "", pre_cmd_del_ssl, cmd_del_ssl, NULL, "", RW}, + {"set-ssl", 3, 5, + "PRIVATE-KEY CERTIFICATE CA-CERT [SSL-PROTOS [SSL-CIPHERS]]", + pre_cmd_set_ssl, cmd_set_ssl, NULL, "--bootstrap", RW}, + + {NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, RO}, +}; + +/* Registers inbctl and common db commands. */ +static void +inbctl_cmd_init(void) +{ + ctl_init(&inbrec_idl_class, inbrec_table_classes, tables, + cmd_show_tables, inbctl_exit); + ctl_register_commands(inbctl_commands); +}
This patch introduces OVN_IC_Northbound DB schema and the CLI ovn-inbctl that manages the DB. Signed-off-by: Han Zhou <hzhou@ovn.org> --- .gitignore | 3 + automake.mk | 37 ++ debian/ovn-common.install | 1 + debian/ovn-common.manpages | 2 + lib/.gitignore | 3 + lib/automake.mk | 17 +- lib/ovn-inb-idl.ann | 9 + lib/ovn-util.c | 13 + lib/ovn-util.h | 1 + ovn-inb.ovsschema | 75 ++++ ovn-inb.xml | 371 ++++++++++++++++++ tests/automake.mk | 2 + tests/ovn-inbctl.at | 65 ++++ tests/testsuite.at | 1 + utilities/.gitignore | 2 + utilities/automake.mk | 8 + utilities/ovn-inbctl.8.xml | 174 +++++++++ utilities/ovn-inbctl.c | 948 +++++++++++++++++++++++++++++++++++++++++++++ 18 files changed, 1731 insertions(+), 1 deletion(-) create mode 100644 lib/ovn-inb-idl.ann create mode 100644 ovn-inb.ovsschema create mode 100644 ovn-inb.xml create mode 100644 tests/ovn-inbctl.at create mode 100644 utilities/ovn-inbctl.8.xml create mode 100644 utilities/ovn-inbctl.c