+
+ This database is the interface for cloud management system (CMS), such as
+ OpenStack, to configure OVN interconnection settings. The CMS produces
+ almost all of the contents of the database. The ovn-ic
+ program monitors the database contents, transforms it, and stores it into
+ the database.
+
+
+
+ We generally speak of ``the'' CMS, but one can imagine scenarios in
+ which multiple CMSes manage different parts of OVN interconnection.
+
+
+ External IDs
+
+
+ Each of the tables in this database contains a special column, named
+ external_ids
. This column has the same form and purpose each
+ place it appears.
+
+
+
+ external_ids
: map of string-string pairs
+ -
+ Key-value pairs for use by the CMS. The CMS might use certain pairs, for
+ example, to identify entities in its own configuration that correspond to
+ those in this database.
+
+
+
+
+
+ Northbound configuration for OVN interconnection. This table must have exactly
+ one row.
+
+
+
+
+ See External IDs at the beginning of this document.
+
+
+
+
+
+ This column provides general key/value settings. The supported
+ options are described individually below.
+
+
+
+
+
+ Database clients to which the Open vSwitch database server should
+ connect or on which it should listen, along with options for how these
+ connections should be configured. See the
+ table for more information.
+
+
+ Global SSL configuration.
+
+
+
+
+
+
+ Each row represents one transit logical switch for interconnection between
+ different OVN deployments (availability zones).
+
+
+
+
+ A name that uniquely identifies the transit logical switch.
+
+
+
+
+
+
+ See External IDs at the beginning of this document.
+
+
+
+
+
+ SSL configuration for ovn-nb database access.
+
+
+ Name of a PEM file containing the private key used as the switch's
+ identity for SSL connections to the controller.
+
+
+
+ Name of a PEM file containing a certificate, signed by the
+ certificate authority (CA) used by the controller and manager,
+ that certifies the switch's private key, identifying a trustworthy
+ switch.
+
+
+
+ Name of a PEM file containing the CA certificate used to verify
+ that the switch is connected to a trustworthy controller.
+
+
+
+ If set to true
, then Open vSwitch will attempt to
+ obtain the CA certificate from the controller on its first SSL
+ connection and save it to the named PEM file. If it is successful,
+ it will immediately drop the connection and reconnect, and from then
+ on all SSL connections must be authenticated by a certificate signed
+ by the CA certificate thus obtained. This option exposes the
+ SSL connection to a man-in-the-middle attack obtaining the initial
+ CA certificate. It may still be useful for bootstrapping.
+
+
+
+ List of SSL protocols to be enabled for SSL connections. The default
+ when this option is omitted is TLSv1,TLSv1.1,TLSv1.2
.
+
+
+
+ List of ciphers (in OpenSSL cipher string format) to be supported
+ for SSL connections. The default when this option is omitted is
+ HIGH:!aNULL:!MD5
.
+
+
+
+ The overall purpose of these columns is described under Common
+ Columns
at the beginning of this document.
+
+
+
+
+
+
+
+ Configuration for a database connection to an Open vSwitch database
+ (OVSDB) client.
+
+
+
+ This table primarily configures the Open vSwitch database server
+ (ovsdb-server
).
+
+
+
+ The Open vSwitch database server can initiate and maintain active
+ connections to remote clients. It can also listen for database
+ connections.
+
+
+
+
+ Connection methods for clients.
+
+ The following connection methods are currently supported:
+
+
+ ssl:host
[:port
]
+ -
+
+ The specified SSL port on the host at the given
+ host, which can either be a DNS name (if built with
+ unbound library) or an IP address. A valid SSL configuration must
+ be provided when this form is used, this configuration can be
+ specified via command-line options or the table.
+
+
+ If port is not specified, it defaults to 6640.
+
+
+ SSL support is an optional feature that is not always
+ built as part of Open vSwitch.
+
+
+
+ tcp:host
[:port
]
+ -
+
+ The specified TCP port on the host at the given
+ host, which can either be a DNS name (if built with
+ unbound library) or an IP address. If host is an IPv6
+ address, wrap it in square brackets, e.g. tcp:[::1]:6640
.
+
+
+ If port is not specified, it defaults to 6640.
+
+
+ pssl:
[port][:host
]
+ -
+
+ Listens for SSL connections on the specified TCP port.
+ Specify 0 for port to have the kernel automatically
+ choose an available port. If host, which can either
+ be a DNS name (if built with unbound library) or an IP address,
+ is specified, then connections are restricted to the resolved or
+ specified local IPaddress (either IPv4 or IPv6 address). If
+ host is an IPv6 address, wrap in square brackets,
+ e.g. pssl:6640:[::1]
. If host is not
+ specified then it listens only on IPv4 (but not IPv6) addresses.
+ A valid SSL configuration must be provided when this form is used,
+ this can be specified either via command-line options or the
+ table.
+
+
+ If port is not specified, it defaults to 6640.
+
+
+ SSL support is an optional feature that is not always built as
+ part of Open vSwitch.
+
+
+ ptcp:
[port][:host
]
+ -
+
+ Listens for connections on the specified TCP port.
+ Specify 0 for port to have the kernel automatically
+ choose an available port. If host, which can either
+ be a DNS name (if built with unbound library) or an IP address,
+ is specified, then connections are restricted to the resolved or
+ specified local IP address (either IPv4 or IPv6 address). If
+ host is an IPv6 address, wrap it in square brackets,
+ e.g. ptcp:6640:[::1]
. If host is not
+ specified then it listens only on IPv4 addresses.
+
+
+ If port is not specified, it defaults to 6640.
+
+
+
+ When multiple clients are configured, the
+ values must be unique. Duplicate values yield
+ unspecified results.
+
+
+
+
+
+ Maximum number of milliseconds to wait between connection attempts.
+ Default is implementation-specific.
+
+
+
+ Maximum number of milliseconds of idle time on connection to the client
+ before sending an inactivity probe message. If Open vSwitch does not
+ communicate with the client for the specified number of seconds, it
+ will send a probe. If a response is not received for the same
+ additional amount of time, Open vSwitch assumes the connection has been
+ broken and attempts to reconnect. Default is implementation-specific.
+ A value of 0 disables inactivity probes.
+
+
+
+
+
+ Key-value pair of is always updated.
+ Other key-value pairs in the status columns may be updated depends
+ on the type.
+
+
+
+ When specifies a connection method that
+ listens for inbound connections (e.g. ptcp:
or
+ punix:
), both and
+ may also be updated while the
+ remaining key-value pairs are omitted.
+
+
+
+ On the other hand, when specifies an
+ outbound connection, all key-value pairs may be updated, except
+ the above-mentioned two key-value pairs associated with inbound
+ connection targets. They are omitted.
+
+
+
+ true
if currently connected to this client,
+ false
otherwise.
+
+
+
+ A human-readable description of the last error on the connection
+ to the manager; i.e. strerror(errno)
. This key
+ will exist only if an error has occurred.
+
+
+
+
+ The state of the connection to the manager:
+
+
+ VOID
+ - Connection is disabled.
+
+ BACKOFF
+ - Attempting to reconnect at an increasing period.
+
+ CONNECTING
+ - Attempting to connect.
+
+ ACTIVE
+ - Connected, remote host responsive.
+
+ IDLE
+ - Connection is idle. Waiting for response to keep-alive.
+
+
+ These values may change in the future. They are provided only for
+ human consumption.
+
+
+
+
+ The amount of time since this client last successfully connected
+ to the database (in seconds). Value is empty if client has never
+ successfully been connected.
+
+
+
+ The amount of time since this client last disconnected from the
+ database (in seconds). Value is empty if client has never
+ disconnected.
+
+
+
+ Space-separated list of the names of OVSDB locks that the connection
+ holds. Omitted if the connection does not hold any locks.
+
+
+
+ Space-separated list of the names of OVSDB locks that the connection is
+ currently waiting to acquire. Omitted if the connection is not waiting
+ for any locks.
+
+
+
+ Space-separated list of the names of OVSDB locks that the connection
+ has had stolen by another OVSDB client. Omitted if no locks have been
+ stolen from this connection.
+
+
+
+ When specifies a connection method that
+ listens for inbound connections (e.g. ptcp:
or
+ pssl:
) and more than one connection is actually active,
+ the value is the number of active connections. Otherwise, this
+ key-value pair is omitted.
+
+
+
+ When is ptcp:
or
+ pssl:
, this is the TCP port on which the OVSDB server is
+ listening. (This is particularly useful when specifies a port of 0, allowing the kernel to
+ choose any available port.)
+
+
+
+
+ The overall purpose of these columns is described under Common
+ Columns
at the beginning of this document.
+
+
+
+
+
+
diff --git a/tests/automake.mk b/tests/automake.mk
index e86a527..b180b2e 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -24,6 +24,7 @@ TESTSUITE_AT = \
tests/ovn-northd.at \
tests/ovn-nbctl.at \
tests/ovn-sbctl.at \
+ tests/ovn-inbctl.at \
tests/ovn-controller.at \
tests/ovn-controller-vtep.at \
tests/ovn-macros.at \
@@ -97,6 +98,7 @@ valgrind_wrappers = \
tests/valgrind/ovn-nbctl \
tests/valgrind/ovn-northd \
tests/valgrind/ovn-sbctl \
+ tests/valgrind/ovn-inbctl \
tests/valgrind/ovs-appctl \
tests/valgrind/ovs-ofctl \
tests/valgrind/ovs-vsctl \
diff --git a/tests/ovn-inbctl.at b/tests/ovn-inbctl.at
new file mode 100644
index 0000000..b5e107d
--- /dev/null
+++ b/tests/ovn-inbctl.at
@@ -0,0 +1,65 @@
+AT_BANNER([ovn-inbctl])
+
+# OVN_INBCTL_TEST_START
+m4_define([OVN_INBCTL_TEST_START],
+ [dnl Create database (ovn-inb).
+ AT_KEYWORDS([inbctl])
+ AT_CHECK([ovsdb-tool create ovn-inb.db $abs_top_srcdir/ovn-inb.ovsschema])
+
+ dnl Start ovsdb-servers.
+ AT_CHECK([ovsdb-server --detach --no-chdir --pidfile=ovninb_db.pid --unixctl=$OVS_RUNDIR/ovninb_db.ctl --log-file=ovsdb_inb.log --remote=punix:$OVS_RUNDIR/ovninb_db.sock ovn-inb.db ], [0], [], [stderr])
+ on_exit "kill `cat ovninb_db.pid`"
+ AT_CHECK([[sed < stderr '
+/vlog|INFO|opened log file/d
+/ovsdb_server|INFO|ovsdb-server (Open vSwitch)/d']])
+ AT_CAPTURE_FILE([ovsdb-server.log])
+])
+
+# OVN_INBCTL_TEST_STOP
+m4_define([OVN_INBCTL_TEST_STOP],
+ [AT_CHECK([check_logs "$1"])
+ OVS_APP_EXIT_AND_WAIT_BY_TARGET([$OVS_RUNDIR/ovninb_db.ctl], [$OVS_RUNDIR/ovninb_db.pid])])
+
+dnl ---------------------------------------------------------------------
+
+AT_SETUP([ovn-inbctl])
+OVN_INBCTL_TEST_START
+
+AT_CHECK([ovn-inbctl ts-add ts0])
+AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl
+<0> (ts0)
+])
+
+AT_CHECK([ovn-inbctl ts-add ts1])
+AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl
+<0> (ts0)
+<1> (ts1)
+])
+
+AT_CHECK([ovn-inbctl show | sort], [0], [dnl
+Transit_Switch ts0
+Transit_Switch ts1
+])
+
+AT_CHECK([ovn-inbctl ts-del ts1])
+AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl
+<0> (ts0)
+])
+
+AT_CHECK([ovn-inbctl ts-add ts0], [1], [],
+ [ovn-inbctl: ts0: a transit switch with this name already exists
+])
+
+AT_CHECK([ovn-inbctl --may-exist ts-add ts0])
+AT_CHECK([ovn-inbctl ts-list | uuidfilt], [0], [dnl
+<0> (ts0)
+])
+
+AT_CHECK([ovn-inbctl ts-del ts2], [1], [],
+ [ovn-inbctl: ts2: switch name not found
+])
+
+AT_CHECK([ovn-inbctl --if-exists ts-del ts2])
+
+OVN_INBCTL_TEST_STOP
+AT_CLEANUP
diff --git a/tests/testsuite.at b/tests/testsuite.at
index c1ba734..20dbccb 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -25,6 +25,7 @@ m4_include([tests/ovn.at])
m4_include([tests/ovn-northd.at])
m4_include([tests/ovn-nbctl.at])
m4_include([tests/ovn-sbctl.at])
+m4_include([tests/ovn-inbctl.at])
m4_include([tests/ovn-controller.at])
m4_include([tests/ovn-controller-vtep.at])
m4_include([tests/checkpatch.at])
diff --git a/utilities/.gitignore b/utilities/.gitignore
index faaa85e..5321110 100644
--- a/utilities/.gitignore
+++ b/utilities/.gitignore
@@ -3,6 +3,8 @@
/ovn-nbctl.8
/ovn-sbctl
/ovn-sbctl.8
+/ovn-inbctl
+/ovn-inbctl.8
/ovn-appctl
/ovn-appctl.8
/ovn-trace
diff --git a/utilities/automake.mk b/utilities/automake.mk
index 197cc70..30c52fa 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -7,6 +7,7 @@ man_MANS += \
utilities/ovn-ctl.8 \
utilities/ovn-nbctl.8 \
utilities/ovn-sbctl.8 \
+ utilities/ovn-inbctl.8 \
utilities/ovn-trace.8 \
utilities/ovn-detrace.1 \
utilities/ovn-appctl.8
@@ -28,6 +29,7 @@ EXTRA_DIST += \
utilities/ovn-docker-overlay-driver.in \
utilities/ovn-docker-underlay-driver.in \
utilities/ovn-nbctl.8.xml \
+ utilities/ovn-inbctl.8.xml \
utilities/ovn-appctl.8.xml \
utilities/ovn-trace.8.xml \
utilities/ovn-detrace.in \
@@ -48,6 +50,7 @@ CLEANFILES += \
utilities/ovn-docker-underlay-driver \
utilities/ovn-nbctl.8 \
utilities/ovn-sbctl.8 \
+ utilities/ovn-inbctl.8 \
utilities/ovn-trace.8 \
utilities/ovn-detrace.1 \
utilities/ovn-detrace \
@@ -66,6 +69,11 @@ bin_PROGRAMS += utilities/ovn-sbctl
utilities_ovn_sbctl_SOURCES = utilities/ovn-sbctl.c
utilities_ovn_sbctl_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la $(OVS_LIBDIR)/libopenvswitch.la
+# ovn-inbctl
+bin_PROGRAMS += utilities/ovn-inbctl
+utilities_ovn_inbctl_SOURCES = utilities/ovn-inbctl.c
+utilities_ovn_inbctl_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la $(OVS_LIBDIR)/libopenvswitch.la
+
# ovn-trace
bin_PROGRAMS += utilities/ovn-trace
utilities_ovn_trace_SOURCES = utilities/ovn-trace.c
diff --git a/utilities/ovn-inbctl.8.xml b/utilities/ovn-inbctl.8.xml
new file mode 100644
index 0000000..fcd438b
--- /dev/null
+++ b/utilities/ovn-inbctl.8.xml
@@ -0,0 +1,174 @@
+
+
+ Name
+ ovn-inbctl -- Open Virtual Network interconnection northbound db management utility
+
+ Synopsis
+ ovn-inbctl
[options] command [arg...]
+
+ Description
+ This utility can be used to manage the OVN interconnection northbound database.
+
+ General Commands
+
+
+ init
+ -
+ Initializes the database, if it is empty. If the database has already
+ been initialized, this command has no effect.
+
+
+ show
+ -
+ Prints a brief overview of the database contents.
+
+
+
+ Transit Switch Commands
+
+
+ - [
--may-exist
] ts-add
switch
+ -
+
+ Creates a new transit switch named switch.
+
+
+
+ Transit switch names must be unique. Adding a duplicated name results
+ in error. With --may-exist
, adding a duplicate name
+ succeeds but does not create a new transit switch.
+
+
+
+ - [
--if-exists
] ts-del
switch
+ -
+ Deletes switch. It is an error if switch does
+ not exist, unless
--if-exists
is specified.
+
+
+ ts-list
+ -
+ Lists all existing switches on standard output, one per line.
+
+
+
+ Database Commands
+ These commands query and modify the contents of ovsdb
tables.
+ They are a slight abstraction of the ovsdb
interface and
+ as such they operate at a lower level than other ovn-inbctl
commands.
+ Identifying Tables, Records, and Columns
+ Each of these commands has a table parameter to identify a table
+ within the database. Many of them also take a record parameter
+ that identifies a particular record within a table. The record
+ parameter may be the UUID for a record, which may be abbreviated to its
+ first 4 (or more) hex digits, as long as that is unique. Many tables offer
+ additional ways to identify records. Some commands also take
+ column parameters that identify a particular field within the
+ records in a table.
+
+
+ For a list of tables and their columns, see ovn-inb
(5) or
+ see the table listing from the --help
option.
+
+
+
+ Record names must be specified in full and with correct capitalization,
+ except that UUIDs may be abbreviated to their first 4 (or more) hex
+ digits, as long as that is unique within the table. Names of tables and
+ columns are not case-sensitive, and -
and _
are
+ treated interchangeably. Unique abbreviations of table and column names
+ are acceptable, e.g. t
or transit
is sufficient
+ to identify the Transit_Switch
table.
+
+
+
+
+ Remote Connectivity Commands
+
+ get-connection
+ -
+ Prints the configured connection(s).
+
+
+ del-connection
+ -
+ Deletes the configured connection(s).
+
+
+ - [
--inactivity-probe=
msecs] set-connection
target...
+ -
+ Sets the configured manager target or targets. Use
+
--inactivity-probe=
msecs to override the default
+ idle connection inactivity probe time. Use 0 to disable inactivity probes.
+
+
+
+ SSL Configuration Commands
+
+ get-ssl
+ -
+ Prints the SSL configuration.
+
+
+ del-ssl
+ -
+ Deletes the current SSL configuration.
+
+
+ - [
--bootstrap
] set-ssl
+ private-key certificate ca-cert
+ [ssl-protocol-list [ssl-cipher-list]]
+ -
+ Sets the SSL configuration.
+
+
+
+ Options
+
+
+ --db
database
+ -
+ The OVSDB database remote to contact. If the OVN_INB_DB
+ environment variable is set, its value is used as the default.
+ Otherwise, the default is
unix:@RUNDIR@/ovninb_db.sock
, but this
+ default is unlikely to be useful outside of single-machine OVN test
+ environments.
+
+
+ --leader-only
+ --no-leader-only
+ -
+ By default, or with
--leader-only
, when the database server
+ is a clustered database, ovn-inbctl
will avoid servers other
+ than the cluster leader. This ensures that any data that
+ ovn-inbctl
reads and reports is up-to-date. With
+ --no-leader-only
, ovn-inbctl
will use any server
+ in the cluster, which means that for read-only transactions it can report
+ and act on stale data (transactions that modify the database are always
+ serialized even with --no-leader-only
). Refer to
+ Understanding Cluster Consistency
in ovsdb
(7)
+ for more information.
+
+
+
+ Logging options
+
+
+ Table Formatting Options
+ These options control the format of output from the list
and
+ find
commands.
+
+
+ PKI Options
+
+ PKI configuration is required to use SSL for the connection to the
+ database.
+
+
+
+
+ Other Options
+
+
+
+
diff --git a/utilities/ovn-inbctl.c b/utilities/ovn-inbctl.c
new file mode 100644
index 0000000..a2a6479
--- /dev/null
+++ b/utilities/ovn-inbctl.c
@@ -0,0 +1,948 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include