From patchwork Sat Jul 27 02:42:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: aginwala aginwala X-Patchwork-Id: 1137711 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="cvPE8oA/"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45wVbm5W6wz9s3l for ; Sat, 27 Jul 2019 12:42:26 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id C73E2B6C; Sat, 27 Jul 2019 02:42:22 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 3C0E7723 for ; Sat, 27 Jul 2019 02:42:21 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f193.google.com (mail-pf1-f193.google.com [209.85.210.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 223D1D3 for ; Sat, 27 Jul 2019 02:42:20 +0000 (UTC) Received: by mail-pf1-f193.google.com with SMTP id y15so25344052pfn.5 for ; Fri, 26 Jul 2019 19:42:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=/ySaxR2oSTIYoX/rNUQhjsd4T+ShU9GDTgkZmEeBwyY=; b=cvPE8oA/jl6Gwzwb9C67177l+Iv31Q3uJkd6UXjKcY4fAYriP4WLVAV8mu9gtpDmcy 47cLRU8etnQL5ADEXYFPdab3Txg2N3JjKtF0m9n2JpbEP0B25sM0tCY2H5bi3G8rK4zD IRd652l01M8K08oJMOGKHmwU0sZC4jZ39tvdw5k2c52RszjnNaYyMUVzb1r+SKbi9CxX uMrSdKUxsYTtzJb9d3xSqmJXkuUYLATQOFhsuoNJjaDUVLxRQU7qCXQTDyVLANDW2ofA MA8k/am362uIuNBDLRbZApMgIRuFR0PBac9WBhFBsQGnW2lx2UvOr8Ga1f2Q1IHSIqIY 0FUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=/ySaxR2oSTIYoX/rNUQhjsd4T+ShU9GDTgkZmEeBwyY=; b=b3KWeF++flc+IEuQFryzZIyQBv2cngmShX6R6d6ZPx2WFYtoEcAUzpU1+FsUvSR0zx 4E/CxQmBZTjQnRTb8cK52jYu9zXjIO8aJVkVVzmY4edUsYcHIU1NZCdk8DKdxf3BXxc2 /BwUUtUt5dlZQnvJXLkrJr8vFTe5t5E1eNCIpN1x1xKNfzNZotmYO1IaTD0kyIf1uWn3 r28mcNqmRQazQL1ar2klTeyyHajoR5680L0bKethKVc6tKqL0MZqczRF6J5A/DzF4jEc CKTIzoRMOzhwrXytK534/4YMewJRSGRVr6p+W73m2LcXly0MW0pGWugdL4t5nev5BiAZ 63Uw== X-Gm-Message-State: APjAAAUQu0N/ylBPCPVPi7TVNH/RMCTV0x81j/ulKJ4WZu1J/M3IXKHU J3jG3t3Usm6cZipy8MxDUSw9WTQL X-Google-Smtp-Source: APXvYqypdAut5QBPiR37p0xjTg/KTiPgC20OZ9Uch0pwFh8Db5iECvINpbX5KPQsQeY/PcLug9I8yg== X-Received: by 2002:a65:6281:: with SMTP id f1mr88884517pgv.400.1564195339138; Fri, 26 Jul 2019 19:42:19 -0700 (PDT) Received: from LM-SJC-11015761.home (047-232-234-064.res.spectrum.com. [47.232.234.64]) by smtp.gmail.com with ESMTPSA id n17sm57553425pfq.182.2019.07.26.19.42.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 26 Jul 2019 19:42:18 -0700 (PDT) From: Aliasgar Ginwala X-Google-Original-From: Aliasgar Ginwala To: dev@openvswitch.org Date: Fri, 26 Jul 2019 19:42:15 -0700 Message-Id: <20190727024215.48246-1-aginwala@ebay.com> X-Mailer: git-send-email 2.20.1 (Apple Git-117) MIME-Version: 1.0 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: aginwala Subject: [ovs-dev] [PATCH RFC v1] OVS/OVN: Containerize components X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org 1.Start OVS/OVN components in containers so that building and shipping of OVS/OVN components is easy. 2.Load OVS kernel modules on host from container to avoid installing ovs on host. Signed-off-by: aginwala --- utilities/automake.mk | 12 +- utilities/docker/Makefile | 22 ++++ utilities/docker/README.md | 107 ++++++++++++++++++ utilities/docker/create_ovs_ovn_dbs.sh | 17 +++ utilities/docker/ovn_default_nb_port | 1 + utilities/docker/ovn_default_northd_host | 1 + utilities/docker/ovn_default_sb_port | 1 + utilities/docker/ovs-override.conf | 4 + utilities/docker/start-ovs-ovn | 65 +++++++++++ utilities/docker/u1604/Dockerfile | 23 ++++ .../docker/u1604/build-kernel-modules.sh | 43 +++++++ 11 files changed, 295 insertions(+), 1 deletion(-) create mode 100644 utilities/docker/Makefile create mode 100644 utilities/docker/README.md create mode 100755 utilities/docker/create_ovs_ovn_dbs.sh create mode 100644 utilities/docker/ovn_default_nb_port create mode 100644 utilities/docker/ovn_default_northd_host create mode 100644 utilities/docker/ovn_default_sb_port create mode 100644 utilities/docker/ovs-override.conf create mode 100755 utilities/docker/start-ovs-ovn create mode 100644 utilities/docker/u1604/Dockerfile create mode 100755 utilities/docker/u1604/build-kernel-modules.sh diff --git a/utilities/automake.mk b/utilities/automake.mk index a5bb27e2b..876dc1bc1 100644 --- a/utilities/automake.mk +++ b/utilities/automake.mk @@ -58,7 +58,17 @@ EXTRA_DIST += \ utilities/ovs-test.in \ utilities/ovs-vlan-test.in \ utilities/ovs-vsctl-bashcomp.bash \ - utilities/checkpatch.py + utilities/checkpatch.py \ + utilities/docker/Makefile \ + utilities/docker/README.md \ + utilities/docker/ovs-override.conf \ + utilities/docker/start-ovs-ovn \ + utilities/docker/create_ovs_ovn_dbs.sh \ + utilities/docker/ovn_default_nb_port \ + utilities/docker/ovn_default_sb_port \ + utilities/docker/ovn_default_northd_host \ + utilities/docker/u1604/Dockerfile \ + utilities/docker/u1604/build-kernel-modules.sh MAN_ROOTS += \ utilities/ovs-appctl.8.in \ utilities/ovs-testcontroller.8.in \ diff --git a/utilities/docker/Makefile b/utilities/docker/Makefile new file mode 100644 index 000000000..9fb9ba3fe --- /dev/null +++ b/utilities/docker/Makefile @@ -0,0 +1,22 @@ +#export OVS_BRANCH=branch-2.11 +#export OVS_VERSION=2.11 +#export KERNEL_VERSION=4.15.0-54-generic +#export DISTRO=u1604 +#export GITHUB_SRC=https://github.com/openvswitch/ovs.git +#export DOCKER_REPO=openvswitch/ovs + +# Example: +# make build +# make push + +REPO = ${DOCKER_REPO} +tag = ${OVS_VERSION}_${KERNEL_VERSION} + +build: ;docker build -t ${REPO}:${tag} --build-arg DISTRO=${DISTRO} \ +--build-arg OVS_BRANCH=${OVS_BRANCH} \ +--build-arg KERNEL_VERSION=${KERNEL_VERSION} \ +--build-arg GITHUB_SRC=${GITHUB_SRC} -f ${DISTRO}/Dockerfile . + +.PHONY: build + +push: ;docker push ${REPO}:${tag} diff --git a/utilities/docker/README.md b/utilities/docker/README.md new file mode 100644 index 000000000..9ce4bf9d1 --- /dev/null +++ b/utilities/docker/README.md @@ -0,0 +1,107 @@ +# Containerize OVS/OVN components + + - Start OVS/OVN components in containers so that building and shipping + of OVS/OVN components is easy. + + - Load OVS kernel modules on host from container to avoid installing ovs + on host. + +## How to build? + +To build, ensure Docker engine installed and `docker ps` command works for +current user. + +Export following variables in .env and place it under +project root: + -`OVS_BRANCH=` + -`OVS_VERSION=` + -`KERNEL_VERSION=` + -`DISTRO=` + -`GITHUB_SRC=` + -`DOCKER_REPO=` + +To build ovs/ovn modules for each of the supported Distros: + + ```sh + make build + ``` + +Compiled Modules will be tagged with docker image + +To Push ovs/ovn modules for each of the supported Distros: + + ```sh + make push + ``` + +OVS/OVN docker image will be pushed to specified docker repo + +## How to start OVS containers? + +Start ovsdb-server that runs on HVs, GWs and OVN central nodes + + - docker run -itd --net=host --name=ovsdb-server \ + :c ovsdb-server + + - docker run -itd --net=host --name=ovs-vswitchd \ + --volumes-from=ovsdb-server --privileged \ + : ovs-vswitchd -v /lib:/lib + +## How to start OVN Central nodes Components? + + - docker run -itd --net=host --name=ovn-nb \ + : ovn-nb-tcp + + - docker run -itd --net=host --name=ovn-sb \ + : ovn-sb-tcp + + - docker run -itd --net=host --name=ovn-northd \ + : ovn-northd-tcp + +### How to start OVN HV/GW nodes components? + +Start ovsdb-server and ovs-vswitchd components as listed above and then + +start local ovn-controller. + + - docker run -itd --net=host --name=ovn-controller \ + --volumes-from=ovsdb-server \ + : ovn-controller + +## What is supported? + +Docker based build for following distros + + - Ubuntu 16 with LTS (tested with 4.4+). + +OpenvSwitch components + + - ovsdb server + + - ovs vswitchd + +Open Virtual Network components + + - Northbound db, Southbound db and Northd in standalone mode with + protocol tcp. + + - OVN controller for HV and GW. + +## Troubleshooting + + If modprobe openvswitch is complaining about unknown symbol, please + check the build steps. + +## TODO + + - Support more OS distros. + + - Support starting docker containers with SSL. + + - Support cluster and active/standby mode. + +## References + + - http://www.openvswitch.org/ + + - https://hub.docker.com/r/keldaio/ovs/ diff --git a/utilities/docker/create_ovs_ovn_dbs.sh b/utilities/docker/create_ovs_ovn_dbs.sh new file mode 100755 index 000000000..0a8c9c582 --- /dev/null +++ b/utilities/docker/create_ovs_ovn_dbs.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ovsdb-tool create /etc/openvswitch/conf.db /usr/share/openvswitch/vswitch.ovsschema +ovsdb-tool create /etc/openvswitch/ovnnb_db.db /usr/share/openvswitch/ovn-nb.ovsschema +ovsdb-tool create /etc/openvswitch/ovnsb_db.db /usr/share/openvswitch/ovn-sb.ovsschema diff --git a/utilities/docker/ovn_default_nb_port b/utilities/docker/ovn_default_nb_port new file mode 100644 index 000000000..d83211678 --- /dev/null +++ b/utilities/docker/ovn_default_nb_port @@ -0,0 +1 @@ +nb_db_port=6641 diff --git a/utilities/docker/ovn_default_northd_host b/utilities/docker/ovn_default_northd_host new file mode 100644 index 000000000..55d4ab7aa --- /dev/null +++ b/utilities/docker/ovn_default_northd_host @@ -0,0 +1 @@ +northd_host=127.0.0.1 diff --git a/utilities/docker/ovn_default_sb_port b/utilities/docker/ovn_default_sb_port new file mode 100644 index 000000000..4c9e3f585 --- /dev/null +++ b/utilities/docker/ovn_default_sb_port @@ -0,0 +1 @@ +sb_db_port=6642 diff --git a/utilities/docker/ovs-override.conf b/utilities/docker/ovs-override.conf new file mode 100644 index 000000000..8f792e4b4 --- /dev/null +++ b/utilities/docker/ovs-override.conf @@ -0,0 +1,4 @@ +override openvswitch * extra +override vport-geneve * extra +override vport-stt * extra +override vport-* * extra diff --git a/utilities/docker/start-ovs-ovn b/utilities/docker/start-ovs-ovn new file mode 100755 index 000000000..83a6f0d2b --- /dev/null +++ b/utilities/docker/start-ovs-ovn @@ -0,0 +1,65 @@ +#!/bin/bash +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +case $1 in + "ovsdb-server") /usr/share/openvswitch/scripts/ovs-ctl start \ + --system-id=random --no-ovs-vswitchd + /usr/share/openvswitch/scripts/ovs-ctl stop + ovsdb-server --pidfile /etc/openvswitch/conf.db \ + -vconsole:emer -vsyslog:err -vfile:info \ + --remote=punix:/var/run/openvswitch/db.sock \ + --private-key=db:Open_vSwitch,SSL,private_key \ + --certificate=db:Open_vSwitch,SSL,certificate \ + --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \ + --log-file=/var/log/openvswitch/ovsdb-server.log \ + --no-chdir + ;; + "ovs-vswitchd") depmod -a + modprobe openvswitch + modprobe vport_stt + /usr/share/openvswitch/scripts/ovs-ctl \ + --no-ovsdb-server start + /usr/share/openvswitch/scripts/ovs-ctl \ + --no-ovsdb-server force-reload-kmod + /usr/share/openvswitch/scripts/ovs-ctl stop + ovs-vswitchd --pidfile -vconsole:emer -vsyslog:err \ + -vfile:info --mlockall --no-chdir \ + --log-file=/var/log/openvswitch/ovs-vswitchd.log + ;; + "ovn-nb-tcp") source /etc/openvswitch/ovn_default_nb_port + /usr/share/openvswitch/scripts/ovn-ctl start_ovsdb + ovn-nbctl set-connection ptcp:$nb_db_port + /usr/share/openvswitch/scripts/ovn-ctl stop_ovsdb + /usr/share/openvswitch/scripts/ovn-ctl run_nb_ovsdb + ;; + "ovn-sb-tcp") source /etc/openvswitch/ovn_default_sb_port + /usr/share/openvswitch/scripts/ovn-ctl start_ovsdb + ovn-sbctl set-connection ptcp:$sb_db_port + /usr/share/openvswitch/scripts/ovn-ctl stop_ovsdb + /usr/share/openvswitch/scripts/ovn-ctl run_sb_ovsdb + sleep infinity + ;; + "ovn-northd-tcp") source /etc/openvswitch/ovn_default_northd_host + source /etc/openvswitch/ovn_default_nb_port + source /etc/openvswitch/ovn_default_sb_port + ovn-northd --pidfile \ + --ovnnb-db="tcp:$northd_host:$nb_db_port" \ + --ovnsb-db="tcp:$northd_host:$sb_db_port" \ + --log-file=/var/log/openvswitch/ovn-northd.log + ;; + "ovn-controller") ovn-controller --pidfile \ + --log-file=/var/log/openvswitch/ovn-controller.log + ;; + *) echo "$0 [ovs-vswitchd|ovsdb-server|ovn-controller|ovn-northd|ovn-nb|ovn-sb]" +esac diff --git a/utilities/docker/u1604/Dockerfile b/utilities/docker/u1604/Dockerfile new file mode 100644 index 000000000..f1ed4dede --- /dev/null +++ b/utilities/docker/u1604/Dockerfile @@ -0,0 +1,23 @@ +FROM ubuntu:16.04 +MAINTAINER "Aliasgar Ginwala" + +ARG OVS_BRANCH +ARG KERNEL_VERSION +ARG GITHUB_SRC +ARG DISTRO + +copy $DISTRO/build-kernel-modules.sh /build-kernel-modules.sh +RUN /build-kernel-modules.sh $KERNEL_VERSION $OVS_BRANCH $GITHUB_SRC + +COPY create_ovs_ovn_dbs.sh /etc/openvswitch/create_ovs_ovn_dbs.sh +RUN /etc/openvswitch/create_ovs_ovn_dbs.sh + +COPY ovs-override.conf /etc/depmod.d/openvswitch.conf + +COPY ovn_default_nb_port /etc/openvswitch/ovn_default_nb_port +COPY ovn_default_sb_port /etc/openvswitch/ovn_default_sb_port +COPY ovn_default_northd_host /etc/openvswitch/ovn_default_northd_host + +COPY start-ovs-ovn /bin/start-ovs-ovn +VOLUME ["/var/log/openvswitch", "/var/lib/openvswitch", "/var/run/openvswitch", "/etc/openvswitch"] +ENTRYPOINT ["start-ovs-ovn"] diff --git a/utilities/docker/u1604/build-kernel-modules.sh b/utilities/docker/u1604/build-kernel-modules.sh new file mode 100755 index 000000000..e25b85888 --- /dev/null +++ b/utilities/docker/u1604/build-kernel-modules.sh @@ -0,0 +1,43 @@ +#!/bin/sh +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +KERNEL_VERSION=$1 +OVS_BRANCH=$2 +GITHUB_SRC=$3 + +# Install deps +linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION" +build_deps="apt-utils libelf-dev build-essential libssl-dev python python-six wget vim \ +gdb autoconf libtool git automake bzip2 debhelper dh-autoreconf openssl" + +apt-get update +apt-get install -y ${linux} ${build_deps} + +# get the source +mkdir /build; cd /build +git clone --depth 1 -b $OVS_BRANCH $GITHUB_SRC +cd ovs + +# build and install +./boot.sh +./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \ +--with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl +make -j8; make install; make modules_install + +# remove deps to make the container light weight. +apt-get remove --purge -y ${build_deps} +apt-get autoremove -y --purge +cd ..; rm -rf ovs +basic_utils="vim kmod net-tools uuid-runtime iproute2" +apt-get install -y ${basic_utils}