# # spec file for package openvswitch # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # needssslcertforbuild # Disable building the external kernel datapath by default %bcond_with kmp %ifarch aarch64 x86_64 %{ix86} # DPDK enabled by default %bcond_without dpdk %else # No DPDK support on these architectures %bcond_with dpdk %endif # The testsuite is somewhat fragile for continuous testing in OBS # but keep it here as an option %bcond_with check Name: openvswitch Version: 2.7.0 Release: 0 Summary: An open source, production quality, multilayer virtual switch # All code is Apache-2.0 except # - lib/sflow* which is SISSL # - utilities/bugtool which is LGPL-2.1 License: Apache-2.0 and LGPL-2.1 and SISSL Group: Productivity/Networking/System Url: http://openvswitch.org/ Source0: http://openvswitch.org/releases/openvswitch-%{version}.tar.gz Source1: preamble Source89: Module.supported.updates # PATCh-FIX-UPSTREAM 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch # Upstream fix (present in 2.7 branch) to fix CVE-2017-9214 # See https://nvd.nist.gov/vuln/detail/CVE-2017-9214 Patch1: 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch Patch99: 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes BuildRequires: graphviz BuildRequires: libcap-ng-devel BuildRequires: libopenssl-devel BuildRequires: libtool BuildRequires: make BuildRequires: pkgconfig BuildRequires: python-devel BuildRequires: python-six BuildRequires: python-xml BuildRequires: pkgconfig(openssl) Requires: logrotate Requires: modutils Requires: python # ovs-ctl / ovs-pki use /usr/bin/uuidgen: Requires: util-linux Requires(post): %fillup_prereq Suggests: logrotate Provides: openvswitch-common = %{version} Obsoletes: openvswitch-common < %{version} Provides: openvswitch-controller = %{version} Obsoletes: openvswitch-controller < %{version} # openvswitch-switch has been merged to the main package # so we need to provide a migration path Provides: %{name}-dpdk < %{version} Provides: %{name}-dpdk-switch < %{version} Provides: %{name}-switch = %{version} Obsoletes: %{name}-dpdk < %{version} Obsoletes: %{name}-dpdk-switch < %{version} Obsoletes: %{name}-switch < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %{?systemd_requires} %py_requires # Needed by the testsuite %if %{with check} BuildRequires: procps %endif %if %{with kmp} Suggests: openvswitch-kmp %endif %if %{with dpdk} # We need to be a bit strict with the dpdk version since # it's very possible for DPDK to change it's API between # releases. This version currently requires >=16.07 but not # 17.XX BuildRequires: dpdk-devel >= 16.11 BuildRequires: libnuma-devel BuildRequires: libpcap-devel %endif %description Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, RSPAN, ERSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware’s vNetwork distributed vswitch or Cisco’s Nexus 1000V. %if %{with kmp} %package kmp Summary: Open vSwitch kernel modules License: GPL-2.0+ Group: System/Kernel BuildRequires: %{kernel_module_package_buildreqs} %suse_kernel_module_package -p %{_sourcedir}/preamble ec2 xenpae vmi um %description kmp Kernel modules supporting the openvswitch datapath. %endif %package devel Summary: Open vSwitch Devel Libraries License: Apache-2.0 Group: Development/Libraries/C and C++ Requires: %{name} = %{version} Provides: %{name}-dpdk-devel = %{version} Obsoletes: %{name}-dpdk-devel < %{version} %description devel Devel libraries and headers for Open vSwitch. %package ovn-central Summary: Open vSwitch - Open Virtual Network support License: Apache-2.0 Group: Productivity/Networking/System Requires: %{name} = %{version} Requires: %{name}-ovn-common # openvswitch-ovn has been split into openvswitch-ovn-{central,common,docker,host,vtep} Provides: %{name}-dpdk-ovn:%{_bindir}/ovn-northd Provides: %{name}-ovn:%{_bindir}/ovn-northd %description ovn-central OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. %package ovn-host Summary: Open vSwitch - Open Virtual Network support License: Apache-2.0 Group: Productivity/Networking/System Requires: %{name} = %{version} Requires: %{name}-ovn-common # openvswitch-ovn has been split into openvswitch-ovn-{central,common,docker,host,vtep} Provides: %{name}-dpdk-ovn:%{_bindir}/ovn-controller Provides: %{name}-ovn:%{_bindir}/ovn-controller %description ovn-host OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. %package ovn-vtep Summary: Open vSwitch - Open Virtual Network support License: Apache-2.0 Group: Productivity/Networking/System Requires: %{name} = %{version} Requires: %{name}-ovn-common # openvswitch-ovn has been split into openvswitch-ovn-{central,common,docker,host,vtep} Provides: %{name}-dpdk-ovn:%{_bindir}/ovn-controller-vtep Provides: %{name}-ovn:%{_bindir}/ovn-controller-vtep %description ovn-vtep OVN vtep controller %package ovn-common Summary: Open vSwitch - Open Virtual Network support License: Apache-2.0 Group: Productivity/Networking/System Requires: %{name} = %{version} # openvswitch-ovn has been split into openvswitch-ovn-{central,common,docker,host,vtep} Provides: %{name}-dpdk-ovn = %{version} Provides: %{name}-ovn = %{version} Obsoletes: %{name}-dpdk-ovn < %{version} Obsoletes: %{name}-ovn < %{version} %description ovn-common Utilities that are used to diagnose and manage the OVN components. %package ovn-docker Summary: Open vSwitch - Open Virtual Network support License: Apache-2.0 Group: Productivity/Networking/System Requires: %{name} = %{version} Requires: %{name}-ovn-common = %{version} Requires: python-openvswitch = %{version} # openvswitch-ovn has been split into openvswitch-ovn-{central,common,docker,host,vtep} Provides: %{name}-dpdk-ovn:%{_bindir}/ovn-docker-overlay-driver Provides: %{name}-ovn:%{_bindir}/ovn-docker-overlay-driver %description ovn-docker Docker network plugins for OVN. %package pki Summary: Open vSwitch public key infrastructure dependency package License: Apache-2.0 Group: Productivity/Networking/System Requires: %{name} = %{version} Provides: %{name}-dpdk-pki = %{version} Obsoletes: %{name}-dpdk-pki < %{version} %description pki openvswitch-pki provides PKI (public key infrastructure) support for Open vSwitch switches and controllers, reducing the risk of man-in-the-middle attacks on the Open vSwitch network infrastructure. Open vSwitch is a full-featured software-based Ethernet switch. %package vtep Summary: Open vSwitch VTEP emulator License: Apache-2.0 Group: Productivity/Networking/System Requires: %{name} = %{version} Requires: %{name}-switch = %{version} # Since openvswitch/scripts/ovs-vtep requires various ovs python modules. Requires: python-openvswitch = %{version} Provides: %{name}-dpdk-vtep = %{version} Obsoletes: %{name}-dpdk-vtep < %{version} %description vtep A VTEP (VXLAN Tunnel EndPoint) emulator that uses Open vSwitch for forwarding. Open vSwitch is a full-featured software-based Ethernet switch. %package -n python-openvswitch Summary: Python bindings for Open vSwitch License: Python-2.0 Group: Productivity/Networking/System Requires: openvswitch-common = %{version} Requires: python Requires: python-six %description -n python-openvswitch This package contains the full Python bindings for Open vSwitch database. %package -n python-openvswitch-test Summary: Python bindings for Open vSwitch License: Python-2.0 Group: Productivity/Networking/System Requires: openvswitch-common = %{version} Requires: python Requires: python-openvswitch = %{version} Requires: python-twisted %description -n python-openvswitch-test This package contains the full Python bindings for Open vSwitch database. %package test Summary: Open vSwitch test package License: Apache-2.0 Group: Productivity/Networking/System Requires: %{name} = %{version} Requires: python Requires: python-argparse Requires: python-openvswitch-test = %{version} Requires: python-twisted Provides: %{name}-dpdk-test = %{version} Obsoletes: %{name}-dpdk-test < %{version} %description test This package contains utilities that are useful to diagnose performance and connectivity issues in Open vSwitch setup. Open vSwitch is a full-featured software-based Ethernet switch. %prep %setup -q -n openvswitch-%{version} %patch1 -p1 %patch99 -p1 %build set -- * .travis* .mailmap mkdir source mv "$@" source/ mkdir obj pushd source # only call boot.sh for distros with autoconf >= 2.64 bash -x boot.sh popd %if %{with kmp} export EXTRA_CFLAGS='-DVERSION=\"%{version}\"' for flavor in %{flavors_to_build}; do rm -rf obj/$flavor cp -r source obj/$flavor cp -a %{SOURCE89} obj/$flavor/datapath/linux/Module.supported pushd obj/$flavor %configure \ --with-logdir=%{_localstatedir}/log/openvswitch \ --with-linux=%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor \ --with-linux-source=%{_prefix}/src/linux cd datapath/linux make %{?_smp_mflags} popd done %endif pushd source %if %{with dpdk} dpdk_opt="--with-dpdk" %endif %configure \ --disable-static \ --enable-libcapng \ --enable-shared \ --enable-ssl \ ${dpdk_opt} \ --with-logdir=%{_localstatedir}/log/openvswitch make %{?_smp_mflags} popd %check %if %{with check} pushd source # Recheck tests before we declare them broken. If that fails, dump # the log and exit. >2.5.0 uses the RECHECK env variable so this # needs to be taken into consideration for future releases. if make check TESTSUITEFLAGS="%{?_smp_mflags}" || make check TESTSUITEFLAGS='--recheck'; then :; else cat tests/testsuite.log exit 1 fi popd %endif %install %if %{with kmp} export NO_BRP_STALE_LINK_ERROR=yes export INSTALL_MOD_PATH=%{buildroot} export INSTALL_MOD_DIR=updates export BRP_PESIGN_FILES="*.ko /lib/firmware" for flavor in %{flavors_to_build}; do pushd obj/$flavor/datapath/linux make -C %{_prefix}/src/linux-obj/%{_target_cpu}/$flavor modules_install M=$PWD popd done %endif pushd source %make_install for service in openvswitch ovn-controller ovn-controller-vtep \ ovn-northd ovsdb-server ovs-vswitchd; do install -D -m 644 rhel/usr_lib_systemd_system_${service}.service \ %{buildroot}%{_unitdir}/${service}.service ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc${service} done install -D -m 644 rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template \ %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.openvswitch install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d install -d -m 755 %{buildroot}%{_localstatedir}/log/openvswitch install -m 644 rhel/etc_logrotate.d_openvswitch \ %{buildroot}%{_sysconfdir}/logrotate.d/openvswitch-switch install -d -m 755 %{buildroot}%{_sysconfdir}/profile.d install -m 644 vswitchd/vswitch.ovsschema \ %{buildroot}%{_datadir}/openvswitch/vswitch.ovsschema # firewalld install -d %{buildroot}%{_prefix}/lib/firewalld/services/ install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \ %{buildroot}%{_prefix}/lib/firewalld/services/ovn-central-firewall-service.xml install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \ %{buildroot}%{_prefix}/lib/firewalld/services/ovn-host-firewall-service.xml # Copy documentation. The git archive builds also contain non rst files # to make sure we clean everything we don't need. find Documentation/ -type f ! -name '*.rst' -delete find Documentation/ -type d -empty -delete pushd Documentation/ mkdir -p %{buildroot}%{_docdir}/%{name} cp -r * %{buildroot}%{_docdir}/%{name} popd # DPDK migration script install -m 755 utilities/ovs-dpdk-migrate-2.6.sh %{buildroot}/%{_datadir}/openvswitch/scripts/ popd mkdir -p %{buildroot}%{py_sitedir} mv %{buildroot}%{_datadir}/openvswitch/python/* %{buildroot}%{py_sitedir} rmdir %{buildroot}%{_datadir}/openvswitch/python find %{buildroot} -type f -name "*.la" -delete -print %fdupes %{buildroot}%{py_sitedir} %post /sbin/ldconfig if grep -q ^DPDK_OPTIONS= %{_sysconfdir}/sysconfig/openvswitch &> /dev/null; then cat >> %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release} << EOF WARNING! DPDK options are now part of the Open vSwitch database. Please see https://github.com/openvswitch/ovs/blob/branch-2.7/Documentation/intro/install/dpdk.rst The Open vSwitch systemd service will try to migrate your %{_sysconfdir}/sysconfig/openvswitch DPDK settings to the OvS database the next time it's restarted but you should check the result using 'ovs-vsctl list Open_vSwitch' or something similar. Please remember to remove the DPDK_OPTIONS variable from %{_sysconfdir}/sysconfig/openvswitch to avoid seeing this warning again. EOF fi %service_add_post ovsdb-server.service %service_add_post ovs-vswitchd.service %service_add_post openvswitch.service %{fillup_only -n openvswitch} %postun /sbin/ldconfig %service_del_postun ovsdb-server.service %service_del_postun ovs-vswitchd.service # Do not restart the openvswitch service on package updates. # Restarting the service may break the existing network state. # For example, openflow rules are not automatically re-installed # after an OvS update if no SDN controller is used. Moreover, restaring # the OvS can break remote administration during the update so let the # admin decide when it's the best time for an OvS restart. # 5771f476573445710834234a6a9f7bd999a027e7 ("fedora: do not restart the service on a pkg upgrade") export DISABLE_RESTART_ON_UPDATE=yes %service_del_postun openvswitch.service %pre %service_add_pre ovsdb-server.service %service_add_pre ovs-vswitchd.service %service_add_pre openvswitch.service %preun %service_del_preun ovsdb-server.service %service_del_preun ovs-vswitchd.service %service_del_preun openvswitch.service %pre ovn-central %service_add_pre ovn-northd.service %pre ovn-host %service_add_pre ovn-controller.service %pre ovn-vtep %service_add_pre ovn-controller-vtep.service %post ovn-central %service_add_post ovn-northd.service %post ovn-host %service_add_post ovn-controller.service %post ovn-vtep %service_add_post ovn-controller-vtep.service %preun ovn-central %service_del_preun ovn-northd.service %preun ovn-host %service_del_preun ovn-controller.service %preun ovn-vtep %service_del_preun ovn-controller-vtep.service %postun ovn-central %service_del_postun ovn-northd.service %postun ovn-host %service_del_postun ovn-controller.service %postun ovn-vtep %service_del_postun ovn-controller-vtep.service %preun test %stop_on_removal openvswitch-testcontroller %postun test %restart_on_update openvswitch-testcontroller %post vtep -p /sbin/ldconfig %postun vtep -p /sbin/ldconfig %files %defattr(-,root,root) %doc source/AUTHORS.rst %doc source/CONTRIBUTING.rst %doc source/COPYING %doc source/NEWS %doc source/NOTICE %doc source/README.rst %{_docdir}/%{name}/ %{_bindir}/ovs-appctl %{_bindir}/ovs-docker %{_bindir}/ovs-dpctl %{_bindir}/ovs-dpctl-top %{_bindir}/ovs-ofctl %{_bindir}/ovs-parse-backtrace %{_bindir}/ovs-vsctl %{_bindir}/ovsdb-client %{_bindir}/ovsdb-tool %{_sbindir}/ovs-bugtool %{_sbindir}/ovs-vlan-bug-workaround %{_sbindir}/ovs-vswitchd %{_sbindir}/ovsdb-server %dir %{_datadir}/openvswitch %dir %{_datadir}/openvswitch/scripts %{_datadir}/openvswitch/bugtool-plugins %{_datadir}/openvswitch/scripts/ovs-bugtool-* %{_datadir}/openvswitch/scripts/ovs-check-dead-ifs %{_datadir}/openvswitch/scripts/ovs-ctl %{_datadir}/openvswitch/scripts/ovs-lib %{_datadir}/openvswitch/scripts/ovs-save %{_datadir}/openvswitch/scripts/ovs-dpdk-migrate-2.6.sh %{_datadir}/openvswitch/vswitch.ovsschema %{_libdir}/libofproto-2.so.* %{_libdir}/libopenvswitch-2.so.* %{_libdir}/libovsdb-2.so.* %{_libdir}/libsflow-2.so.* %{_mandir}/man1/ovsdb-client.1%{ext_man} %{_mandir}/man1/ovsdb-server.1%{ext_man} %{_mandir}/man1/ovsdb-tool.1%{ext_man} %{_mandir}/man5/ovs-vswitchd.conf.db.5%{ext_man} %{_mandir}/man7/ovs-fields.7%{ext_man} %{_mandir}/man8/ovs-appctl.8%{ext_man} %{_mandir}/man8/ovs-bugtool.8%{ext_man} %{_mandir}/man8/ovs-ctl.8%{ext_man} %{_mandir}/man8/ovs-dpctl-top.8%{ext_man} %{_mandir}/man8/ovs-dpctl.8%{ext_man} %{_mandir}/man8/ovs-ofctl.8%{ext_man} %{_mandir}/man8/ovs-vlan-bug-workaround.8%{ext_man} %{_mandir}/man8/ovs-parse-backtrace.8%{ext_man} %{_mandir}/man8/ovs-vsctl.8%{ext_man} %{_mandir}/man8/ovs-vswitchd.8%{ext_man} %{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash %{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash %dir %{_sysconfdir}/openvswitch %config %ghost %{_sysconfdir}/openvswitch/conf.db %config %ghost %{_sysconfdir}/openvswitch/system-id.conf %config(noreplace) %{_sysconfdir}/logrotate.d/openvswitch-switch %{_sbindir}/rcovsdb-server %{_sbindir}/rcovs-vswitchd %{_sbindir}/rcopenvswitch %{_unitdir}/openvswitch.service %{_unitdir}/ovs-vswitchd.service %{_unitdir}/ovsdb-server.service %{_localstatedir}/adm/fillup-templates/sysconfig.openvswitch %dir %{_localstatedir}/log/openvswitch %files pki %defattr(-,root,root) %{_mandir}/man8/ovs-pki.8%{ext_man} %{_bindir}/ovs-pki %files vtep %defattr(-,root,root) %{_bindir}/vtep-ctl %{_mandir}/man5/vtep.5%{ext_man} %{_mandir}/man8/vtep-ctl.8%{ext_man} %{_datadir}/openvswitch/scripts/ovs-vtep %{_datadir}/openvswitch/vtep.ovsschema %{_libdir}/libvtep-2.so.* %files -n python-openvswitch %defattr(-,root,root) %{py_sitedir}/ovs/ %files -n python-openvswitch-test %defattr(-,root,root) %{py_sitedir}/ovstest/ %files ovn-docker %defattr(-,root,root) %{_bindir}/ovn-docker-overlay-driver %{_bindir}/ovn-docker-underlay-driver %files ovn-common %defattr(-,root,root) %{_bindir}/ovn-nbctl %{_bindir}/ovn-sbctl %{_bindir}/ovn-trace %{_datadir}/openvswitch/scripts/ovn-ctl %{_datadir}/openvswitch/scripts/ovndb-servers.ocf %{_datadir}/openvswitch/scripts/ovn-bugtool-nbctl-show %{_datadir}/openvswitch/scripts/ovn-bugtool-sbctl-lflow-list %{_datadir}/openvswitch/scripts/ovn-bugtool-sbctl-show %{_libdir}/libovn-2.so.* %{_mandir}/man5/ovn-nb.5%{ext_man} %{_mandir}/man5/ovn-sb.5%{ext_man} %{_mandir}/man7/ovn-architecture.7%{ext_man} %{_mandir}/man8/ovn-ctl.8%{ext_man} %{_mandir}/man8/ovn-nbctl.8%{ext_man} %{_mandir}/man8/ovn-trace.8%{ext_man} %{_mandir}/man8/ovn-sbctl.8%{ext_man} %files ovn-central %defattr(-,root,root) %dir %{_libexecdir}/firewalld %dir %{_libexecdir}/firewalld/services %{_bindir}/ovn-northd %{_mandir}/man8/ovn-northd.8%{ext_man} %config %{_datadir}/openvswitch/ovn-nb.ovsschema %config %{_datadir}/openvswitch/ovn-sb.ovsschema %{_unitdir}/ovn-northd.service %{_sbindir}/rcovn-northd %{_prefix}/lib/firewalld/services/ovn-central-firewall-service.xml %files ovn-host %defattr(-,root,root) %dir %{_libexecdir}/firewalld %dir %{_libexecdir}/firewalld/services %{_bindir}/ovn-controller %{_mandir}/man8/ovn-controller.8%{ext_man} %{_unitdir}/ovn-controller.service %{_sbindir}/rcovn-controller %{_prefix}/lib/firewalld/services/ovn-host-firewall-service.xml %files ovn-vtep %defattr(-,root,root) %{_bindir}/ovn-controller-vtep %{_mandir}/man8/ovn-controller-vtep.8%{ext_man} %{_unitdir}/ovn-controller-vtep.service %{_sbindir}/rcovn-controller-vtep %files test %defattr(-,root,root) %{_bindir}/ovs-l3ping %{_bindir}/ovs-pcap %{_bindir}/ovs-test %{_bindir}/ovs-testcontroller %{_bindir}/ovs-tcpdump %{_bindir}/ovs-tcpundump %{_bindir}/ovs-vlan-test %{_mandir}/man1/ovs-pcap.1%{ext_man} %{_mandir}/man1/ovs-tcpundump.1%{ext_man} %{_mandir}/man8/ovs-l3ping.8%{ext_man} %{_mandir}/man8/ovs-tcpdump.8%{ext_man} %{_mandir}/man8/ovs-test.8%{ext_man} %{_mandir}/man8/ovs-testcontroller.8%{ext_man} %{_mandir}/man8/ovs-vlan-test.8%{ext_man} %files devel %defattr(-,root,root) %{_libdir}/libofproto.so %{_libdir}/libopenvswitch.so %{_libdir}/libovn.so %{_libdir}/libovsdb.so %{_libdir}/libsflow.so %{_libdir}/libvtep.so %{_includedir}/openflow/ %{_includedir}/ovn/ %{_includedir}/openvswitch/ %{_libdir}/pkgconfig/*.pc %changelog