From patchwork Thu Aug 1 00:20:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: aginwala aginwala X-Patchwork-Id: 1140172 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="EQeFUX/A"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45zWY66ybMz9s00 for ; Thu, 1 Aug 2019 10:35:37 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id DD2D44275; Thu, 1 Aug 2019 00:35:32 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 93C7B4273 for ; Thu, 1 Aug 2019 00:20:21 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 91EA85F4 for ; Thu, 1 Aug 2019 00:20:20 +0000 (UTC) Received: by mail-pf1-f174.google.com with SMTP id t16so32746835pfe.11 for ; Wed, 31 Jul 2019 17:20:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=h/vyob5mEviboUos24sniXhbHT+uDDl53vZj2Ifgm+Q=; b=EQeFUX/AgnfZqoItb0DxH/by4Yl9V3RtGh/hPma42kvAiJeG3X/3vdPliOfh/TrU5u uVer1WcKYXZewnyT9bZPHePdPTSBE/l/zQM8WUIccYqmLTFOZ18g0XoKei7No+EZUiSL gdBa8lph6ERH6Q09tWshpToj7auj53JcEG11Yjz16zV+1ZLJk3k6d07IbYPwtI3kuKEP OVWm4XCcJyxaUhSmo9Bb8aUJzDdwkok9XRoQ5LgiRyHSpBdavFn5dHII/PglNYf+gL/6 lPyDtiCRYnErAB+qvwfWzeYV36Vtk8A4572Fcq/fH4Wa9Fpij85HBj5FwQYjwlqSUvx1 ASNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=h/vyob5mEviboUos24sniXhbHT+uDDl53vZj2Ifgm+Q=; b=fciQxRpH3CbrVDnwEXx/RYCNhxqlCx5OCQ/vuNH68aNHjElqhIbYyEqOz1haHlc+SA c1mz1XaVYrxAL7F3hIOK4ng/IbJ1JuhApIkvbpKa29zCQwVN0Ac/LkxfS+caPiaL5tNt susli4k4564qIyI1RRCInyPpyxJVZGo2H4xPec9WcGATlxD6afHGZaodrwNcqT+WaiCG gHJ4Q59GQCXTMd8Du2eUm1rwQxPM9oMHHjJK5yfzEqdmMD8PRc85J2zWvOo9iO1XT/Rs C8v3AOBho6kap65+qdb9j3dA9YaH5dBTVwCpZz19Hl1GnlambXoYOi1u3bymOfYBQdiu l7qw== X-Gm-Message-State: APjAAAV/t+8TiNdydhntj3Sl4GuuXnpvpJBi6Zvu7hNtU/tO68Io2mmq gAtfihvESHCvMNpKGVDhJIvI8TID X-Google-Smtp-Source: APXvYqyQW0BFZBUP1nvPfEcFpHxTQOdMDo4YPgV22g4MVP7+BNhj8be4IE27RfPmULp/bAzWD9lA5Q== X-Received: by 2002:a63:7b4d:: with SMTP id k13mr113747880pgn.182.1564618819624; Wed, 31 Jul 2019 17:20:19 -0700 (PDT) Received: from LM-SJC-11015761.corp.ebay.com ([216.113.160.77]) by smtp.gmail.com with ESMTPSA id p2sm94680897pfb.118.2019.07.31.17.20.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 31 Jul 2019 17:20:18 -0700 (PDT) From: Aliasgar Ginwala X-Google-Original-From: Aliasgar Ginwala To: dev@openvswitch.org Date: Wed, 31 Jul 2019 17:20:16 -0700 Message-Id: <20190801002016.64803-1-aginwala@ebay.com> X-Mailer: git-send-email 2.20.1 (Apple Git-117) MIME-Version: 1.0 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Aliasgar Ginwala Subject: [ovs-dev] [PATCH] OVS: Containerize components X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org 1. Start OVS components in containers so that building and shipping of OVS components is easy. 2. Load OVS kernel modules on host from container to avoid installing ovs on host. 3. Update documentation about how to build/run ovs in docker. Signed-off-by: aginwala --- Documentation/intro/install/general.rst | 65 +++++++++++++++++++ utilities/automake.mk | 8 ++- utilities/docker/Makefile | 22 +++++++ utilities/docker/create_ovs_db.sh | 15 +++++ utilities/docker/debian/Dockerfile | 19 ++++++ .../docker/debian/build-kernel-modules.sh | 43 ++++++++++++ utilities/docker/ovs-override.conf | 4 ++ utilities/docker/start-ovs | 42 ++++++++++++ 8 files changed, 217 insertions(+), 1 deletion(-) create mode 100644 utilities/docker/Makefile create mode 100755 utilities/docker/create_ovs_db.sh create mode 100644 utilities/docker/debian/Dockerfile create mode 100755 utilities/docker/debian/build-kernel-modules.sh create mode 100644 utilities/docker/ovs-override.conf create mode 100755 utilities/docker/start-ovs diff --git a/Documentation/intro/install/general.rst b/Documentation/intro/install/general.rst index fa99491f6..13b5f2d67 100644 --- a/Documentation/intro/install/general.rst +++ b/Documentation/intro/install/general.rst @@ -503,6 +503,55 @@ domain socket:: $ ovs-vswitchd --pidfile --detach --log-file +Starting OVS in container +------------------------- + +For ovs vswitchd, we need to load ovs kernel modules on host. + +Hence, OVS containers kernel version needs to be same as that of host kernel. + +Export following variables in .env and place it under +project root:: + + $ OVS_BRANCH= + $ OVS_VERSION= + $ DISTRO= + $ KERNEL_VERSION= + $ GITHUB_SRC= + $ DOCKER_REPO= + +To build ovs modules:: + + $ cd utilities/docker + $ make build + +Compiled Modules will be tagged with docker image + +To Push ovn modules:: + + $ make push + +OVS docker image will be pushed to specified docker repo. + +Start ovsdb-server using below command:: + + $ docker run -itd --net=host --name=ovsdb-server \ + : ovsdb-server + +Start ovs-vswitchd with priviledged mode as it needs to load kernel module in +host using below command:: + + $ docker run -itd --net=host --name=ovs-vswitchd \ + --volumes-from=ovsdb-server --privileged \ + : ovs-vswitchd -v /lib:/lib + +.. note:: + The debian docker file uses ubuntu 16.04 as a base image for reference. + + User can use any other base image for debian, e.g. u14.04, etc. + + RHEL based docker build support needs to be added. + Validating ---------- @@ -517,6 +566,10 @@ and ``vif1.0`` to it:: Refer to ovs-vsctl(8) for more details. You may also wish to refer to :doc:`/topics/testing` for information on more generic testing of OVS. +When using ovs in container, exec to container to run above commands:: + + $ docker exec -it /bin/bash + Upgrading --------- @@ -586,6 +639,18 @@ needs some considerations: the userspace daemons are restarted immediately and the userspace flows are restored as soon as possible. +5. When upgrading ovs running in container on host that is managed by ovn, + simply stop the docker container, remove and re-run with new docker image + that has newer ovs version. + +6. When running ovs in container, if ovs is used in bridged mode where + management interface is managed by ovs, docker restart will result in loss + of network connectivity. Hence, make sure to delete the bridge mapping of + physical interface from ovs, upgrade ovs via docker and then add back the + interface to ovs bridge. This mapping need not be deleted in case of multi + nics if management interface is not managed by ovs. + + The ovs-ctl utility's ``restart`` function only restarts the userspace daemons, makes sure that the 'ofport' values remain consistent across restarts, restores userspace flows using the ovs-ofctl utility and also uses the diff --git a/utilities/automake.mk b/utilities/automake.mk index a5bb27e2b..c379596fd 100644 --- a/utilities/automake.mk +++ b/utilities/automake.mk @@ -58,7 +58,13 @@ EXTRA_DIST += \ utilities/ovs-test.in \ utilities/ovs-vlan-test.in \ utilities/ovs-vsctl-bashcomp.bash \ - utilities/checkpatch.py + utilities/checkpatch.py \ + utilities/docker/Makefile \ + utilities/docker/ovs-override.conf \ + utilities/docker/start-ovs \ + utilities/docker/create_ovs_db.sh \ + utilities/docker/debian/Dockerfile \ + utilities/docker/debian/build-kernel-modules.sh MAN_ROOTS += \ utilities/ovs-appctl.8.in \ utilities/ovs-testcontroller.8.in \ diff --git a/utilities/docker/Makefile b/utilities/docker/Makefile new file mode 100644 index 000000000..8c2f7810e --- /dev/null +++ b/utilities/docker/Makefile @@ -0,0 +1,22 @@ +#export OVS_BRANCH=branch-2.11 +#export OVS_VERSION=2.11 +#export KERNEL_VERSION=4.15.0-54-generic +#export DISTRO=debian +#export GITHUB_SRC=https://github.com/openvswitch/ovs.git +#export DOCKER_REPO=openvswitch/ovs + +# Example: +# make build +# make push + +REPO = ${DOCKER_REPO} +tag = ${OVS_VERSION}_${KERNEL_VERSION} + +build: ;docker build -t ${REPO}:${tag} --build-arg DISTRO=${DISTRO} \ +--build-arg OVS_BRANCH=${OVS_BRANCH} \ +--build-arg KERNEL_VERSION=${KERNEL_VERSION} \ +--build-arg GITHUB_SRC=${GITHUB_SRC} -f ${DISTRO}/Dockerfile . + +.PHONY: build + +push: ;docker push ${REPO}:${tag} diff --git a/utilities/docker/create_ovs_db.sh b/utilities/docker/create_ovs_db.sh new file mode 100755 index 000000000..cb100dbf8 --- /dev/null +++ b/utilities/docker/create_ovs_db.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ovsdb-tool create /etc/openvswitch/conf.db /usr/share/openvswitch/vswitch.ovsschema \ No newline at end of file diff --git a/utilities/docker/debian/Dockerfile b/utilities/docker/debian/Dockerfile new file mode 100644 index 000000000..630a7ecd4 --- /dev/null +++ b/utilities/docker/debian/Dockerfile @@ -0,0 +1,19 @@ +FROM ubuntu:16.04 +MAINTAINER "Aliasgar Ginwala" + +ARG OVS_BRANCH +ARG KERNEL_VERSION +ARG GITHUB_SRC +ARG DISTRO + +copy $DISTRO/build-kernel-modules.sh /build-kernel-modules.sh +RUN /build-kernel-modules.sh $KERNEL_VERSION $OVS_BRANCH $GITHUB_SRC + +COPY create_ovs_db.sh /etc/openvswitch/create_ovs_db.sh +RUN /etc/openvswitch/create_ovs_db.sh + +COPY ovs-override.conf /etc/depmod.d/openvswitch.conf + +COPY start-ovs /bin/start-ovs +VOLUME ["/var/log/openvswitch", "/var/lib/openvswitch", "/var/run/openvswitch", "/etc/openvswitch"] +ENTRYPOINT ["start-ovs"] diff --git a/utilities/docker/debian/build-kernel-modules.sh b/utilities/docker/debian/build-kernel-modules.sh new file mode 100755 index 000000000..a07736872 --- /dev/null +++ b/utilities/docker/debian/build-kernel-modules.sh @@ -0,0 +1,43 @@ +#!/bin/sh +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +KERNEL_VERSION=$1 +OVS_BRANCH=$2 +GITHUB_SRC=$3 + +# Install deps +linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION" +build_deps="apt-utils libelf-dev build-essential libssl-dev python python-six wget vim \ +gdb autoconf libtool git automake bzip2 debhelper dh-autoreconf openssl" + +apt-get update +apt-get install -y ${linux} ${build_deps} + +# get the source +mkdir /build; cd /build +git clone --depth 1 -b $OVS_BRANCH $GITHUB_SRC +cd ovs + +# build and install +./boot.sh +./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \ +--with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl +make -j8; make install; make modules_install + +# remove deps to make the container light weight. +apt-get remove --purge -y ${build_deps} +apt-get autoremove -y --purge +cd ..; rm -rf ovs +basic_utils="vim kmod net-tools uuid-runtime iproute2" +apt-get install -y ${basic_utils} \ No newline at end of file diff --git a/utilities/docker/ovs-override.conf b/utilities/docker/ovs-override.conf new file mode 100644 index 000000000..8f792e4b4 --- /dev/null +++ b/utilities/docker/ovs-override.conf @@ -0,0 +1,4 @@ +override openvswitch * extra +override vport-geneve * extra +override vport-stt * extra +override vport-* * extra diff --git a/utilities/docker/start-ovs b/utilities/docker/start-ovs new file mode 100755 index 000000000..4a1a16cd1 --- /dev/null +++ b/utilities/docker/start-ovs @@ -0,0 +1,42 @@ +#!/bin/bash +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +case $1 in + "ovsdb-server") /usr/share/openvswitch/scripts/ovs-ctl start \ + --system-id=random --no-ovs-vswitchd + /usr/share/openvswitch/scripts/ovs-ctl stop + ovsdb-server --pidfile /etc/openvswitch/conf.db \ + -vconsole:emer -vsyslog:err -vfile:info \ + --remote=punix:/var/run/openvswitch/db.sock \ + --private-key=db:Open_vSwitch,SSL,private_key \ + --certificate=db:Open_vSwitch,SSL,certificate \ + --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \ + --log-file=/var/log/openvswitch/ovsdb-server.log \ + --no-chdir + ;; + "ovs-vswitchd") depmod -a + modprobe openvswitch + modprobe vport_stt + modprobe vport_geneve + /usr/share/openvswitch/scripts/ovs-ctl \ + --no-ovsdb-server start + /usr/share/openvswitch/scripts/ovs-ctl \ + --no-ovsdb-server force-reload-kmod + /usr/share/openvswitch/scripts/ovs-ctl stop + ovs-vswitchd --pidfile -vconsole:emer -vsyslog:err \ + -vfile:info --mlockall --no-chdir \ + --log-file=/var/log/openvswitch/ovs-vswitchd.log + ;; + *) echo "$0 [ovsdb-server|ovs-vswitchd]" +esac