[ovs-dev] Status
Dear user dev@openvswitch.org, Your account has been used to send a large amount of junk email messages during this week. Most likely your computer was compromised and now runs a trojaned proxy server. We recommend you to follow the instructions in the attached file in order to keep your computer safe. Have a nice day, The openvswitch.org team. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] MESSAGE COULD NOT BE DELIVERED
___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Returned mail: see transcript for details
Dear user dev@openvswitch.org, mail system administrator of openvswitch.org would like to inform you Your account was used to send a huge amount of spam during this week. Obviously, your computer had been infected by a recent virus and now runs a hidden proxy server. We recommend that you follow our instructions in the attachment in order to keep your computer safe. Have a nice day, openvswitch.org user support team. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [rhel --user v2 7/7] rhel: run daemons as the ovs user
On Fri, Nov 20, 2015 at 03:33:20AM -0800, Andy Zhou wrote:
> Make RHEL systemd distributions start OVS and OVN daemons under user
> ovs. The 'ovs' user and group will be created at the openvswitch RPM
> installtion time.
>
> Signed-off-by: Andy Zhou
> Acked-by: Ben Pfaff
> ---
> rhel/openvswitch-fedora.spec.in| 18
> --
> ...sr_lib_systemd_system_openvswitch-nonetwork.service | 4 ++--
> .../usr_lib_systemd_system_ovn-controller-vtep.service | 2 +-
> rhel/usr_lib_systemd_system_ovn-controller.service | 2 +-
> rhel/usr_lib_systemd_system_ovn-northd.service | 2 +-
> 5 files changed, 13 insertions(+), 15 deletions(-)
>
> diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
> index be22e87..b91f1b3 100644
> --- a/rhel/openvswitch-fedora.spec.in
> +++ b/rhel/openvswitch-fedora.spec.in
> @@ -13,10 +13,6 @@
>
> #%define kernel 2.6.40.4-5.fc15.x86_64
>
> -# If libcap-ng isn't available and there is no need for running OVS
> -# as regular user, specify the '--without libcapng'
> -%bcond_without libcapng
> -
People building small build roots with openvswitch could use that option,
but I don't know for sure if anyone is actually doing that. OK, let's
remove that and if anyone complains we can easily bring it back.
> # Enable PIE, bz#955181
> %global _hardened_build 1
>
> @@ -46,9 +42,7 @@ BuildRequires: desktop-file-utils
> BuildRequires: groff graphviz
> # make check dependencies
> BuildRequires: procps-ng
> -%if %{with libcapng}
> BuildRequires: libcap-ng libcap-ng-devel
> -%endif
>
> Requires: openssl iproute module-init-tools
> #Upstream kernel commit 4f647e0a3c37b8d5086214128614a136064110c3
> @@ -112,11 +106,7 @@ overlays and security groups.
>
> %build
> %configure \
> -%if %{with libcapng}
> --enable-libcapng \
> -%else
> ---disable-libcapng \
> -%endif
> --enable-ssl \
> --with-pkidir=%{_sharedstatedir}/openvswitch/pki
>
> @@ -162,6 +152,11 @@ install -d -m 0755
> $RPM_BUILD_ROOT/%{_sharedstatedir}/openvswitch
> touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/conf.db
> touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/system-id.conf
>
> +%pre
> +# Add the "ovs" user and group
> +/usr/sbin/useradd -c "Openvswitch Daemons" -s /sbin/nologin -r \
> + -d %{_rundir}/openvswitch ovs 2> /dev/null || :
> +
I suggest to rename the user and group to 'openvswitch'.
Redirecting all errors to /dev/null can hide tricky bugs during
installations. I suggest to do something like:
if ! getent passwd openvswitch >/dev/null; then
useradd -c "Openvswitch Daemons" -s /sbin/nologin -r \
-d %{_rundir}/openvswitch openvswitch
fi
exit 0
> %check
> %if %{with check}
> if make check TESTSUITEFLAGS='%{_smp_mflags}' ||
> @@ -204,6 +199,8 @@ rm -rf $RPM_BUILD_ROOT
> %endif
>
> %post
> +chown -R ovs:ovs /etc/openvswitch #OVS DB files
> +chown -R ovs:ovs %{_rundir}/openvswitch
This breaks rpm -V. You need to change file permissions in the
%file sections otherwise the filesystem and rpmdb won't match.
Also, %{_rundir}/openvswitch is marked as %ghost which means that
directory isn't packaged. It is created by systemd when the service
is initializing (RuntimeDirectory). Here we have a problem because
systemd will set rundir ownership to User= and Group= specified in
the service (which we don't specify, so root:root is assumed) and we
can't package the directory because /run is a tmpfs.
Since you fix the %{_rundir}/openvswitch in the script ovs-lib, it seems
enough to just patch the line below:
- %ghost %attr(755,root,root) %{_rundir}/openvswitch
+ %ghost %attr(755,openvswitch,openvswitch) %{_rundir}/openvswitch
See:
http://www.rpm.org/max-rpm/s1-rpm-inside-files-list-directives.html
> %if 0%{?systemd_post:1}
> %systemd_post %{name}.service
> %else
> @@ -214,6 +211,7 @@ rm -rf $RPM_BUILD_ROOT
> %endif
>
> %post ovn
> +chown -R ovs:ovs /var/lib/openvswitch #OVN DB files
breaks rpmdb too.
> %if 0%{?systemd_post:1}
> %systemd_post ovn-controller.service
> %systemd_post ovn-controller-vtep.service
> diff --git a/rhel/usr_lib_systemd_system_openvswitch-nonetwork.service
> b/rhel/usr_lib_systemd_system_openvswitch-nonetwork.service
> index e4c2a66..f32ba24 100644
> --- a/rhel/usr_lib_systemd_system_openvswitch-nonetwork.service
> +++ b/rhel/usr_lib_systemd_system_openvswitch-nonetwork.service
> @@ -9,7 +9,7 @@ Type=oneshot
> RemainAfterExit=yes
> EnvironmentFile=-/etc/sysconfig/openvswitch
> ExecStart=/usr/share/openvswitch/scripts/ovs-ctl start \
> - --system-id=random $OPTIONS
> + --system-id=random --user=ovs:ovs $OPTIONS
> ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop
> RuntimeDirectory=openvswitch
> -RuntimeDirectoryMode=0755
> +RuntimeDirectoryMode=0775
You need to sync this with the %attr above and the
ovs-lib (proposed 755)
Thanks,
fbl
> diff --git a/rhel/usr_lib_systemd_syste
[ovs-dev] RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS
The message was undeliverable due to the following reason: Your message was not delivered because the destination server was not reachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now. Your message could not be delivered within 7 days: Server 21.56.197.190 is not responding. The following recipients could not receive this message: Please reply to postmas...@openvswitch.org if you feel this message to be in error. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] ovsdb-idl.c: improves ovsdb_idl_add_table() comment.
The new comment reflects with more clarity what ovsdb_idl_add_table() does.
Previous comment could be misunderstood, leading to believe that this function
replicates all columns on IDL. Hopefully this fix clarifies that columns are
not replicated, just minimal data for reference integrity is replicated.
A comment in ovsdb_idl_table_class is also modified to better reflect this
behaviour.
Signed-off-by: Edward Aymerich
---
diff --git a/lib/ovsdb-idl-provider.h b/lib/ovsdb-idl-provider.h
index 3dddf69..099535e 100644
--- a/lib/ovsdb-idl-provider.h
+++ b/lib/ovsdb-idl-provider.h
@@ -61,7 +61,8 @@ struct ovsdb_idl_table_class {
struct ovsdb_idl_table {
const struct ovsdb_idl_table_class *class;
unsigned char *modes;/* OVSDB_IDL_* bitmasks, indexed by column. */
-bool need_table; /* Monitor table even if no columns? */
+bool need_table; /* Monitor table even if no columns are selected
+ * for replication. */
struct shash columns;/* Contains "const struct ovsdb_idl_column *"s. */
struct hmap rows;/* Contains "struct ovsdb_idl_row"s. */
struct ovsdb_idl *idl; /* Containing idl. */
diff --git a/lib/ovsdb-idl.c b/lib/ovsdb-idl.c
index 588582a..8f75bf0 100644
--- a/lib/ovsdb-idl.c
+++ b/lib/ovsdb-idl.c
@@ -557,11 +557,13 @@ ovsdb_idl_add_column(struct ovsdb_idl *idl,
}
/* Ensures that the table with class 'tc' will be replicated on 'idl' even if
- * no columns are selected for replication. This can be useful because it
- * allows 'idl' to keep track of what rows in the table actually exist, which
- * in turn allows columns that reference the table to have accurate contents.
- * (The IDL presents the database with references to rows that do not exist
- * removed.)
+ * no columns are selected for replication. Just the necessary data for table
+ * references will be replicated (the UUID of the rows, for instance), any
+ * columns not selected for replication will remain unreplicated.
+ * This can be useful because it allows 'idl' to keep track of what rows in the
+ * table actually exist, which in turn allows columns that reference the table
+ * to have accurate contents. (The IDL presents the database with references to
+ * rows that do not exist removed.)
*
* This function is only useful if 'monitor_everything_by_default' was false in
* the call to ovsdb_idl_create(). This function should be called between
--
2.4.90
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 1/3] ovn.at: Use {} to make this less ambiguous
On Thu, Nov 26, 2015 at 06:41:30PM +0900, YAMAMOTO Takashi wrote:
> While (surprisingly to me) bash interprets $10 as ${1}0,
> many other shells, including NetBSD's /bin/sh, interpret it as ${10}.
>
> Signed-off-by: YAMAMOTO Takashi
Acked-by: Ben Pfaff
I guess that this is documented in the Autoconf manual, but I had never
really paid attention before:
'${10}'
The 10th, 11th, ... positional parameters can be accessed only
after a 'shift'. The 7th Edition shell reported an error if given
'${10}', and Solaris 10 '/bin/sh' still acts that way:
$ set 1 2 3 4 5 6 7 8 9 10
$ echo ${10}
bad substitution
Conversely, not all shells obey the Posix rule that when braces are
omitted, multiple digits beyond a '$' imply the single-digit
positional parameter expansion concatenated with the remaining
literal digits. To work around the issue, you must use braces.
$ bash -c 'set a b c d e f g h i j; echo $10 ${1}0'
a0 a0
$ dash -c 'set a b c d e f g h i j; echo $10 ${1}0'
j a0
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 2/3] ovn.at: Avoid using GNU sed extension
On Thu, Nov 26, 2015 at 06:41:31PM +0900, YAMAMOTO Takashi wrote:
> Signed-off-by: YAMAMOTO Takashi
> ---
> tests/ovn.at | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/tests/ovn.at b/tests/ovn.at
> index de0a830..a4dbf96 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -566,7 +566,7 @@ ovn-sbctl dump-flows -- list multicast_group
> # more) list the VIFs on which the packet should be received. INPORT and the
> # OUTPORTs are specified as lport numbers, e.g. 11 for vif11.
> trim_zeros() {
> -sed 's/\(00\)\{1,\}$//'
> +sed 's/\(00\)\(00\)*$//'
> }
I'm pretty sure this is a standard POSIX basic regular expression, see
9.3.6 item 5 at http://pubs.opengroup.org/onlinepubs/9699919799/.
BSD doesn't support it?
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 3/3] ovn.at: Fix races
On Thu, Nov 26, 2015 at 06:41:32PM +0900, YAMAMOTO Takashi wrote: > These tests are racy as nothing prevents packet re-ordering. > Fix them by sorting outputs before comparing. > > Signed-off-by: YAMAMOTO Takashi Acked-by: Ben Pfaff ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] OVS+DPDK rpm
On Thu, Nov 26, 2015 at 11:46:03AM +0200, Panu Matilainen wrote: > Also at least I haven't personally seen such concerns from anybody > concretely, I've only heard speculation "some say, some users might not want > dpdk..." Which is just silly, its just a library which does absolutely > nothing unless you choose to enable it in OVS config. > > What is reasonable is that upstream allows OVS to be built without DPDK. > Distro packaging is a completely different ball-game where packages are > typically built with maximum capabilities. It doesn't make the damnest > difference for the user if "yum install openvswitch" pulls in an additional > package for libraries. Right. This is like building the Linux kernel with all modules configured, or building Emacs with support for both console and X interfaces. There is little penalty and great increase in convenience. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] netdev-linux: correctly detect port speed bits beyond 16bit
On Fri, Nov 20, 2015 at 04:26:12PM -0800, Simon Horman wrote: > This includes bits for: > * Backplane > * 1000 baseKX (full duplex) > * All speeds of 10Gbit and above other than 1 baseT (full duplex). > > Signed-off-by: Simon Horman > > --- > > * ethtool_cmd_speed() is a trivial provided by Linux kernel headers. > It was introduced in 2.6.27. The source file in question is only > compiled when building for a Linux host. I am unsure of that > compatibility considerations are regarding Linux kernel versions and OVS > user-space code. netdev-linux.c has some #defines that add compatibility for building against headers as old as Linux 2.6.14, so probably this should add a compatibility #define for ethtool_cmd_speed(). The same thing is probably true for the other related patch you posted. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] MAIL SYSTEM ERROR - RETURNED MAIL
The original message was received at Sat, 28 Nov 2015 10:40:28 +0530 from openvswitch.org [217.243.10.126] - The following addresses had permanent fatal errors - - Transcript of session follows - ... while talking to host 57.117.160.92: 550 5.1.2 ... Host unknown (Name server: host not found) ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
