From patchwork Sat Aug 17 07:22:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: aginwala aginwala X-Patchwork-Id: 1148576 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hh2yXtPg"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 469WqF0sjdz9sDQ for ; Sat, 17 Aug 2019 17:22:33 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id CA50CB88; Sat, 17 Aug 2019 07:22:18 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id C333F72A for ; Sat, 17 Aug 2019 07:22:17 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 9AF1E8A6 for ; Sat, 17 Aug 2019 07:22:16 +0000 (UTC) Received: by mail-pf1-f170.google.com with SMTP id 196so4271255pfz.8 for ; Sat, 17 Aug 2019 00:22:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=S1j99eLQRv+ilVKJmgIws06UbmL2QHo/vwJJOdqoOPg=; b=hh2yXtPg3ksQEtz40ox2Xz8UTb+aHcJQJJu8A/BHFLO4se7DRzaOOzRRzXhkV2LlmM R21i/DITPM9gvQ8H1O5YqfALgUuSV/hUUQLIWAyF0mXnOqrB474y/1Tv9VF1P6jiBTzg eb2aJ5iBMPhgc5eX/j9L7+smjT549TifqzyiF/CdFs1e2svZx+TGRWsAoo07prbyNA1D qF19n+Lf1gOSoKgd9Y/b4LpfMIX3gMa+p+tHHjNVeYLB9tqvBzo7k03s5bwVWKUBGxlS yPDRwH5u+zfrJm6/QWIaOfGzyDcqu0c2zAPraG22e1IiDgtxT0hlOLfLQNGkm/85GsTT 9kqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=S1j99eLQRv+ilVKJmgIws06UbmL2QHo/vwJJOdqoOPg=; b=j7gKfLy2PP/JlYaXcR2+BQg3BAFi0QRax4jcHZ3SGdECFrnljywqhqgZiTVIMupP62 PlDchRURiMEE/9kZNzRFRE2eqdoWyiYOIX/GxOpVloZdkfYAvmsnDqzgfDGrudmsCXpL AZXEX8prMLcKzgn+zv3rWY7VOzdpl9Z3xHqb+C1D0vr23Bpj9gMCkA3OK8ZpMqBpWgvD 8VeLLPxBg/m2OrXkosr0/35kMNFBI/p25y+fs4QTSdKk5rfqyPPPamz29Oj60EH/r6Qz bZXgXlrykbeZyE2+Yxp7TW9P43bM6fFjnjgf/HjAkyGs//ImCVE0uFHCuSeDG9uTvMfA DKEQ== X-Gm-Message-State: APjAAAWaBjkMVlforMbczvA+n9jKebCFtYc2BI9kknRxchJeXyaqjNH6 J4HcfkBXSG+BrtasD76dh0qmz3pC X-Google-Smtp-Source: APXvYqzlMpPimylK8P2eHkDoTFuObbpjxlyteietkAJyC/h8VMW3lBP0WMYhrWcz3SyhASoLzXBeJg== X-Received: by 2002:a62:1703:: with SMTP id 3mr10594024pfx.118.1566026535901; Sat, 17 Aug 2019 00:22:15 -0700 (PDT) Received: from LM-SJC-11015761.hsd1.ca.comcast.net. (c-71-198-142-45.hsd1.ca.comcast.net. [71.198.142.45]) by smtp.gmail.com with ESMTPSA id o129sm8945433pfg.1.2019.08.17.00.22.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 17 Aug 2019 00:22:15 -0700 (PDT) From: Aliasgar Ginwala X-Google-Original-From: Aliasgar Ginwala To: dev@openvswitch.org Date: Sat, 17 Aug 2019 00:22:13 -0700 Message-Id: <20190817072213.46916-1-aginwala@ebay.com> X-Mailer: git-send-email 2.20.1 (Apple Git-117) MIME-Version: 1.0 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: aginwala Subject: [ovs-dev] [PATCH v2 ovn] Containerize components X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org 1. Containerize ovn central components 2. Containerize ovn host 3. Update documentation about building/running ovn in containers. Signed-off-by: aginwala --- Documentation/intro/install/general.rst | 83 ++++++++++++++++++++++++ utilities/automake.mk | 10 ++- utilities/docker/Makefile | 22 +++++++ utilities/docker/create_ovn_dbs.sh | 18 +++++ utilities/docker/debian/Dockerfile | 22 +++++++ utilities/docker/debian/build.sh | 44 +++++++++++++ utilities/docker/ovn_default_nb_port | 1 + utilities/docker/ovn_default_northd_host | 1 + utilities/docker/ovn_default_sb_port | 1 + utilities/docker/start-ovn | 40 ++++++++++++ 10 files changed, 241 insertions(+), 1 deletion(-) create mode 100644 utilities/docker/Makefile create mode 100755 utilities/docker/create_ovn_dbs.sh create mode 100644 utilities/docker/debian/Dockerfile create mode 100755 utilities/docker/debian/build.sh create mode 100644 utilities/docker/ovn_default_nb_port create mode 100644 utilities/docker/ovn_default_northd_host create mode 100644 utilities/docker/ovn_default_sb_port create mode 100755 utilities/docker/start-ovn diff --git a/Documentation/intro/install/general.rst b/Documentation/intro/install/general.rst index 99d8fec04..1d5323f76 100644 --- a/Documentation/intro/install/general.rst +++ b/Documentation/intro/install/general.rst @@ -380,6 +380,60 @@ domain socket:: $ ovn-northd --pidfile --detach --log-file + +Starting OVN Central services in containers +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For OVN central node, we dont need to load ovs kernel modules on host. +Hence, OVN central containers OS need not depend on host OS. + +Also we can leverage deploying entire OVN control plane in a pod spec for use +cases like OVN-kubernetes + +Export following variables in .env and place it under +project root:: + + $ OVN_BRANCH= + $ OVN_VERSION= + $ DISTRO= + $ KERNEL_VERSION= + $ GITHUB_SRC= + $ DOCKER_REPO= + +To build ovn modules:: + + $ cd utilities/docker + $ make build + +Compiled Modules will be tagged with docker image + +To Push ovn modules:: + + $ make push + +OVN docker image will be pushed to specified docker repo. + +Start OVN containers using below command:: + + $ docker run -itd --net=host --name=ovn-nb \ + : ovn-nb-tcp + + $ docker run -itd --net=host --name=ovn-sb \ + : ovn-sb-tcp + + $ docker run -itd --net=host --name=ovn-northd \ + : ovn-northd-tcp + +.. note:: + Current ovn central components comes up in docker image in a standalone + mode with protocol tcp. + + The debian docker file use ubuntu 16.04 as a base image for reference. + + User can use any other base image for debian, e.g. u14.04, etc. + + RHEL based docker build support needs to be added. + Starting OVN host service ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -406,6 +460,32 @@ domain socket:: $ ovn-controller --pidfile --detach --log-file +Starting OVN host service in containers +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For OVN host too, we dont need to load ovs kernel modules on host. +Hence, OVN host container OS need not depend on host OS. + +Also we can leverage deploying OVN host in a pod spec for use cases like +OVN-kubernetes to manage OVS which can be running as a service on host or in +container. + +Start ovsdb-server and ovs-vswitchd components as per +http://docs.openvswitch.org/en/latest/intro/install/general/ + +start local ovn-controller with below command if ovs is also running in +container:: + + $ docker run -itd --net=host --name=ovn-controller \ + --volumes-from=ovsdb-server \ + : ovn-controller + +start local ovn-controller with below command if ovs is running as a service:: + + $ docker run -itd --net=host --name=ovn-controller \ + -v /var/run/openvswitch/:/var/run/openvswitch/ \ + : ovn-controller + Validating ---------- @@ -419,6 +499,9 @@ logical switch ``sw0`` and add logical port ``sw0-p1`` :: Refer to ovn-nbctl(8) and ovn-sbctl (8) for more details. +When using ovn in container, exec to container to run above commands:: + + $ docker exec -it /bin/bash Reporting Bugs -------------- diff --git a/utilities/automake.mk b/utilities/automake.mk index d666b9661..4d86f082b 100644 --- a/utilities/automake.mk +++ b/utilities/automake.mk @@ -27,7 +27,15 @@ EXTRA_DIST += \ utilities/ovn-nbctl.8.xml \ utilities/ovn-trace.8.xml \ utilities/ovn-detrace.in \ - utilities/ovndb-servers.ocf + utilities/ovndb-servers.ocf \ + utilities/docker/Makefile \ + utilities/docker/start-ovn \ + utilities/docker/create_ovn_dbs.sh \ + utilities/docker/ovn_default_nb_port \ + utilities/docker/ovn_default_sb_port \ + utilities/docker/ovn_default_northd_host \ + utilities/docker/debian/Dockerfile \ + utilities/docker/debian/build.sh CLEANFILES += \ utilities/ovn-ctl.8 \ diff --git a/utilities/docker/Makefile b/utilities/docker/Makefile new file mode 100644 index 000000000..e2b2c2a17 --- /dev/null +++ b/utilities/docker/Makefile @@ -0,0 +1,22 @@ +#export OVN_BRANCH=master +#export OVN_VERSION=2.12 +#export KERNEL_VERSION=4.15.0-54-generic +#export DISTRO=debian +#export GITHUB_SRC=https://github.com/ovn-org/ovn.git +#export DOCKER_REPO=ovn-org/ovn + +# Example: +# make build +# make push + +REPO = ${DOCKER_REPO} +tag = ${OVN_VERSION}_${KERNEL_VERSION} + +build: ;docker build -t ${REPO}:${tag} --build-arg DISTRO=${DISTRO} \ +--build-arg OVN_BRANCH=${OVN_BRANCH} \ +--build-arg KERNEL_VERSION=${KERNEL_VERSION} \ +--build-arg GITHUB_SRC=${GITHUB_SRC} -f ${DISTRO}/Dockerfile . + +.PHONY: build + +push: ;docker push ${REPO}:${tag} diff --git a/utilities/docker/create_ovn_dbs.sh b/utilities/docker/create_ovn_dbs.sh new file mode 100755 index 000000000..43ab367d6 --- /dev/null +++ b/utilities/docker/create_ovn_dbs.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ovsdb-tool create /etc/openvswitch/ovnnb_db.db \ +/usr/share/openvswitch/ovn-nb.ovsschema +ovsdb-tool create /etc/openvswitch/ovnsb_db.db \ +/usr/share/openvswitch/ovn-sb.ovsschema diff --git a/utilities/docker/debian/Dockerfile b/utilities/docker/debian/Dockerfile new file mode 100644 index 000000000..fe72c3a33 --- /dev/null +++ b/utilities/docker/debian/Dockerfile @@ -0,0 +1,22 @@ +FROM ubuntu:16.04 +MAINTAINER "Aliasgar Ginwala" + +ARG OVN_BRANCH +ARG KERNEL_VERSION +ARG GITHUB_SRC +ARG DISTRO + +copy $DISTRO/build.sh /build.sh +RUN /build.sh $KERNEL_VERSION $OVN_BRANCH $GITHUB_SRC + +COPY create_ovn_dbs.sh /etc/openvswitch/create_ovn_dbs.sh +RUN /etc/openvswitch/create_ovn_dbs.sh + +COPY ovn_default_nb_port /etc/openvswitch/ovn_default_nb_port +COPY ovn_default_sb_port /etc/openvswitch/ovn_default_sb_port +COPY ovn_default_northd_host /etc/openvswitch/ovn_default_northd_host + +COPY start-ovn /bin/start-ovn +VOLUME ["/var/log/openvswitch", \ +"/var/lib/openvswitch", "/var/run/openvswitch", "/etc/openvswitch"] +ENTRYPOINT ["start-ovn"] diff --git a/utilities/docker/debian/build.sh b/utilities/docker/debian/build.sh new file mode 100755 index 000000000..fd26a8aa8 --- /dev/null +++ b/utilities/docker/debian/build.sh @@ -0,0 +1,44 @@ +#!/bin/sh +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +KERNEL_VERSION=$1 +OVN_BRANCH=$2 +GITHUB_SRC=$3 + +# Install deps +linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION" +build_deps="apt-utils libelf-dev build-essential libssl-dev python \ +python-six wget gdb autoconf libtool git automake bzip2 debhelper \ +dh-autoreconf openssl" + +apt-get update +apt-get install -y ${linux} ${build_deps} + +# get the source +mkdir /build; cd /build +git clone --depth 1 -b $OVN_BRANCH $GITHUB_SRC +cd ovn + +# build and install +./boot.sh +./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \ +--with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl +make -j8; make install + +# remove deps to make the container light weight. +apt-get remove --purge -y ${build_deps} +apt-get autoremove -y --purge +cd ..; rm -rf ovn +basic_utils="vim kmod net-tools uuid-runtime iproute2" +apt-get install -y ${basic_utils} diff --git a/utilities/docker/ovn_default_nb_port b/utilities/docker/ovn_default_nb_port new file mode 100644 index 000000000..d83211678 --- /dev/null +++ b/utilities/docker/ovn_default_nb_port @@ -0,0 +1 @@ +nb_db_port=6641 diff --git a/utilities/docker/ovn_default_northd_host b/utilities/docker/ovn_default_northd_host new file mode 100644 index 000000000..55d4ab7aa --- /dev/null +++ b/utilities/docker/ovn_default_northd_host @@ -0,0 +1 @@ +northd_host=127.0.0.1 diff --git a/utilities/docker/ovn_default_sb_port b/utilities/docker/ovn_default_sb_port new file mode 100644 index 000000000..4c9e3f585 --- /dev/null +++ b/utilities/docker/ovn_default_sb_port @@ -0,0 +1 @@ +sb_db_port=6642 diff --git a/utilities/docker/start-ovn b/utilities/docker/start-ovn new file mode 100755 index 000000000..7f87e65a3 --- /dev/null +++ b/utilities/docker/start-ovn @@ -0,0 +1,40 @@ +#!/bin/bash +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +case $1 in + "ovn-nb-tcp") source /etc/openvswitch/ovn_default_nb_port + /usr/share/openvswitch/scripts/ovn-ctl start_ovsdb + ovn-nbctl set-connection ptcp:$nb_db_port + /usr/share/openvswitch/scripts/ovn-ctl stop_ovsdb + /usr/share/openvswitch/scripts/ovn-ctl run_nb_ovsdb + ;; + "ovn-sb-tcp") source /etc/openvswitch/ovn_default_sb_port + /usr/share/openvswitch/scripts/ovn-ctl start_ovsdb + ovn-sbctl set-connection ptcp:$sb_db_port + /usr/share/openvswitch/scripts/ovn-ctl stop_ovsdb + /usr/share/openvswitch/scripts/ovn-ctl run_sb_ovsdb + ;; + "ovn-northd-tcp") source /etc/openvswitch/ovn_default_northd_host + source /etc/openvswitch/ovn_default_nb_port + source /etc/openvswitch/ovn_default_sb_port + ovn-northd --pidfile \ + --ovnnb-db="tcp:$northd_host:$nb_db_port" \ + --ovnsb-db="tcp:$northd_host:$sb_db_port" \ + --log-file=/var/log/openvswitch/ovn-northd.log + ;; + "ovn-controller") ovn-controller --pidfile \ + --log-file=/var/log/openvswitch/ovn-controller.log + ;; + *) echo "$0 [ovn-nb-tcp|ovn-sb-tcp|ovn-northd-tcp|ovn-controller]" +esac