[ovs-dev] [PATCH v2] OVS: Containerize components

Numan Siddique nusiddiq at redhat.com
Thu Aug 22 18:43:00 UTC 2019


On Sat, Aug 17, 2019 at 12:52 PM Aliasgar Ginwala <amginwal at gmail.com>
wrote:

>  1. Start OVS components in containers so that building and shipping
>     of OVS components is easy.
>  2. Load OVS kernel modules on host from container to avoid installing ovs
>     on host.
>  3. Update documentation about how to build/run ovs in docker.
>
> Signed-off-by: aginwala <aginwala at ebay.com>
>

Acked-by: Numan Siddique <nusiddiq at redhat.com>

As discussed in the meeting today,  can you please provide the option to
enable or disable kernel module compilation
when building the docker images in a follow up patch.

Also, is it Ok if your signed-off-by email id is different from the Author
email id ?

Thanks
Numan


> ---
>  Documentation/intro/install/general.rst       | 65 +++++++++++++++++++
>  utilities/automake.mk                         |  8 ++-
>  utilities/docker/Makefile                     | 22 +++++++
>  utilities/docker/create_ovs_db.sh             | 16 +++++
>  utilities/docker/debian/Dockerfile            | 20 ++++++
>  .../docker/debian/build-kernel-modules.sh     | 44 +++++++++++++
>  utilities/docker/ovs-override.conf            |  4 ++
>  utilities/docker/start-ovs                    | 42 ++++++++++++
>  8 files changed, 220 insertions(+), 1 deletion(-)
>  create mode 100644 utilities/docker/Makefile
>  create mode 100755 utilities/docker/create_ovs_db.sh
>  create mode 100644 utilities/docker/debian/Dockerfile
>  create mode 100755 utilities/docker/debian/build-kernel-modules.sh
>  create mode 100644 utilities/docker/ovs-override.conf
>  create mode 100755 utilities/docker/start-ovs
>
> diff --git a/Documentation/intro/install/general.rst
> b/Documentation/intro/install/general.rst
> index fa99491f6..b03d70f6f 100644
> --- a/Documentation/intro/install/general.rst
> +++ b/Documentation/intro/install/general.rst
> @@ -503,6 +503,55 @@ domain socket::
>
>      $ ovs-vswitchd --pidfile --detach --log-file
>
> +Starting OVS in container
> +-------------------------
> +
> +For ovs vswitchd, we need to load ovs kernel modules on host.
> +
> +Hence, OVS containers kernel version needs to be same as that of host
> kernel.
> +
> +Export following variables in .env  and place it under
> +project root::
> +
> +    $ OVS_BRANCH=<BRANCH>
> +    $ OVS_VERSION=<VERSION>
> +    $ DISTRO=<LINUX_DISTRO>
> +    $ KERNEL_VERSION=<LINUX_KERNEL_VERSION>
> +    $ GITHUB_SRC=<GITHUB_URL>
> +    $ DOCKER_REPO=<REPO_TO_PUSH_IMAGE>
> +
> +To build ovs modules::
> +
> +    $ cd utilities/docker
> +    $ make build
> +
> +Compiled Modules will be tagged with docker image
> +
> +To Push ovs modules::
> +
> +    $ make push
> +
> +OVS docker image will be pushed to specified docker repo.
> +
> +Start ovsdb-server using below command::
> +
> +    $ docker run -itd --net=host --name=ovsdb-server \
> +      <docker_repo>:<tag> ovsdb-server
> +
> +Start ovs-vswitchd with priviledged mode as it needs to load kernel
> module in
> +host using below command::
> +
> +    $ docker run -itd --net=host --name=ovs-vswitchd \
> +      --volumes-from=ovsdb-server -v /lib:/lib --privileged \
> +      <docker_repo>:<tag> ovs-vswitchd
> +
> +.. note::
> +    The debian docker file uses ubuntu 16.04 as a base image for
> reference.
> +
> +    User can use any other base image for debian, e.g. u14.04, etc.
> +
> +    RHEL based docker build support needs to be added.
> +
>  Validating
>  ----------
>
> @@ -517,6 +566,10 @@ and ``vif1.0`` to it::
>  Refer to ovs-vsctl(8) for more details. You may also wish to refer to
>  :doc:`/topics/testing` for information on more generic testing of OVS.
>
> +When using ovs in container, exec to container to run above commands::
> +
> +    $ docker exec -it <ovsdb-server/ovs-vswitchd> /bin/bash
> +
>  Upgrading
>  ---------
>
> @@ -586,6 +639,18 @@ needs some considerations:
>     the userspace daemons are restarted immediately and the userspace
> flows are
>     restored as soon as possible.
>
> +5. When upgrading ovs running in container on host that is managed by ovn,
> +   simply stop the docker container, remove and re-run with new docker
> image
> +   that has newer ovs version.
> +
> +6. When running ovs in container, if ovs is used in bridged mode where
> +   management interface is managed by ovs, docker restart will result in
> loss
> +   of network connectivity. Hence, make sure to delete the bridge mapping
> of
> +   physical interface from ovs, upgrade ovs via docker and then add back
> the
> +   interface to ovs bridge. This mapping need not be deleted in case of
> multi
> +   nics if management interface is not managed by ovs.
> +
> +
>  The ovs-ctl utility's ``restart`` function only restarts the userspace
> daemons,
>  makes sure that the 'ofport' values remain consistent across restarts,
> restores
>  userspace flows using the ovs-ofctl utility and also uses the
> diff --git a/utilities/automake.mk b/utilities/automake.mk
> index a5bb27e2b..c379596fd 100644
> --- a/utilities/automake.mk
> +++ b/utilities/automake.mk
> @@ -58,7 +58,13 @@ EXTRA_DIST += \
>         utilities/ovs-test.in \
>         utilities/ovs-vlan-test.in \
>         utilities/ovs-vsctl-bashcomp.bash \
> -       utilities/checkpatch.py
> +       utilities/checkpatch.py \
> +        utilities/docker/Makefile \
> +        utilities/docker/ovs-override.conf \
> +        utilities/docker/start-ovs \
> +        utilities/docker/create_ovs_db.sh \
> +        utilities/docker/debian/Dockerfile \
> +        utilities/docker/debian/build-kernel-modules.sh
>  MAN_ROOTS += \
>         utilities/ovs-appctl.8.in \
>         utilities/ovs-testcontroller.8.in \
> diff --git a/utilities/docker/Makefile b/utilities/docker/Makefile
> new file mode 100644
> index 000000000..8c2f7810e
> --- /dev/null
> +++ b/utilities/docker/Makefile
> @@ -0,0 +1,22 @@
> +#export OVS_BRANCH=branch-2.11
> +#export OVS_VERSION=2.11
> +#export KERNEL_VERSION=4.15.0-54-generic
> +#export DISTRO=debian
> +#export GITHUB_SRC=https://github.com/openvswitch/ovs.git
> +#export DOCKER_REPO=openvswitch/ovs
> +
> +# Example:
> +#   make build
> +#   make push
> +
> +REPO = ${DOCKER_REPO}
> +tag = ${OVS_VERSION}_${KERNEL_VERSION}
> +
> +build: ;docker build -t ${REPO}:${tag} --build-arg DISTRO=${DISTRO} \
> +--build-arg OVS_BRANCH=${OVS_BRANCH} \
> +--build-arg KERNEL_VERSION=${KERNEL_VERSION} \
> +--build-arg GITHUB_SRC=${GITHUB_SRC} -f ${DISTRO}/Dockerfile .
> +
> +.PHONY: build
> +
> +push: ;docker push ${REPO}:${tag}
> diff --git a/utilities/docker/create_ovs_db.sh
> b/utilities/docker/create_ovs_db.sh
> new file mode 100755
> index 000000000..42572967e
> --- /dev/null
> +++ b/utilities/docker/create_ovs_db.sh
> @@ -0,0 +1,16 @@
> +#!/bin/sh
> +#
> +# Licensed under the Apache License, Version 2.0 (the "License");
> +# you may not use this file except in compliance with the License.
> +# You may obtain a copy of the License at:
> +#
> +#     http://www.apache.org/licenses/LICENSE-2.0
> +#
> +# Unless required by applicable law or agreed to in writing, software
> +# distributed under the License is distributed on an "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +# See the License for the specific language governing permissions and
> +# limitations under the License.
> +
> +ovsdb-tool create /etc/openvswitch/conf.db \
> +/usr/share/openvswitch/vswitch.ovsschema
> \ No newline at end of file
> diff --git a/utilities/docker/debian/Dockerfile
> b/utilities/docker/debian/Dockerfile
> new file mode 100644
> index 000000000..ed4baa8f9
> --- /dev/null
> +++ b/utilities/docker/debian/Dockerfile
> @@ -0,0 +1,20 @@
> +FROM ubuntu:16.04
> +MAINTAINER "Aliasgar Ginwala" <aginwala at ebay.com>
> +
> +ARG OVS_BRANCH
> +ARG KERNEL_VERSION
> +ARG GITHUB_SRC
> +ARG DISTRO
> +
> +copy $DISTRO/build-kernel-modules.sh /build-kernel-modules.sh
> +RUN /build-kernel-modules.sh $KERNEL_VERSION $OVS_BRANCH $GITHUB_SRC
> +
> +COPY create_ovs_db.sh /etc/openvswitch/create_ovs_db.sh
> +RUN /etc/openvswitch/create_ovs_db.sh
> +
> +COPY ovs-override.conf /etc/depmod.d/openvswitch.conf
> +
> +COPY start-ovs /bin/start-ovs
> +VOLUME ["/var/log/openvswitch", "/var/lib/openvswitch",\
> + "/var/run/openvswitch", "/etc/openvswitch"]
> +ENTRYPOINT ["start-ovs"]
> diff --git a/utilities/docker/debian/build-kernel-modules.sh
> b/utilities/docker/debian/build-kernel-modules.sh
> new file mode 100755
> index 000000000..1b12720b9
> --- /dev/null
> +++ b/utilities/docker/debian/build-kernel-modules.sh
> @@ -0,0 +1,44 @@
> +#!/bin/sh
> +#
> +# Licensed under the Apache License, Version 2.0 (the "License");
> +# you may not use this file except in compliance with the License.
> +# You may obtain a copy of the License at:
> +#
> +#     http://www.apache.org/licenses/LICENSE-2.0
> +#
> +# Unless required by applicable law or agreed to in writing, software
> +# distributed under the License is distributed on an "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +# See the License for the specific language governing permissions and
> +# limitations under the License.
> +
> +KERNEL_VERSION=$1
> +OVS_BRANCH=$2
> +GITHUB_SRC=$3
> +
> +# Install deps
> +linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION"
> +build_deps="apt-utils libelf-dev build-essential libssl-dev python \
> +python-six wget gdb autoconf libtool git automake bzip2 debhelper \
> +dh-autoreconf openssl"
> +
> +apt-get update
> +apt-get install -y ${linux} ${build_deps}
> +
> +# get the source
> +mkdir /build; cd /build
> +git clone --depth 1 -b $OVS_BRANCH $GITHUB_SRC
> +cd ovs
> +
> +# build and install
> +./boot.sh
> +./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
> +--with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl
> +make -j8; make install; make modules_install
> +
> +# remove deps to make the container light weight.
> +apt-get remove --purge -y ${build_deps}
> +apt-get autoremove -y --purge
> +cd ..; rm -rf ovs
> +basic_utils="vim kmod net-tools uuid-runtime iproute2"
> +apt-get install -y ${basic_utils}
> \ No newline at end of file
> diff --git a/utilities/docker/ovs-override.conf
> b/utilities/docker/ovs-override.conf
> new file mode 100644
> index 000000000..8f792e4b4
> --- /dev/null
> +++ b/utilities/docker/ovs-override.conf
> @@ -0,0 +1,4 @@
> +override openvswitch * extra
> +override vport-geneve * extra
> +override vport-stt * extra
> +override vport-* * extra
> diff --git a/utilities/docker/start-ovs b/utilities/docker/start-ovs
> new file mode 100755
> index 000000000..4a1a16cd1
> --- /dev/null
> +++ b/utilities/docker/start-ovs
> @@ -0,0 +1,42 @@
> +#!/bin/bash
> +#
> +# Licensed under the Apache License, Version 2.0 (the "License");
> +# you may not use this file except in compliance with the License.
> +# You may obtain a copy of the License at:
> +#
> +#     http://www.apache.org/licenses/LICENSE-2.0
> +#
> +# Unless required by applicable law or agreed to in writing, software
> +# distributed under the License is distributed on an "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +# See the License for the specific language governing permissions and
> +# limitations under the License.
> +
> +case $1 in
> +        "ovsdb-server") /usr/share/openvswitch/scripts/ovs-ctl start \
> +                        --system-id=random --no-ovs-vswitchd
> +                        /usr/share/openvswitch/scripts/ovs-ctl stop
> +                        ovsdb-server --pidfile /etc/openvswitch/conf.db \
> +                        -vconsole:emer -vsyslog:err -vfile:info \
> +                        --remote=punix:/var/run/openvswitch/db.sock \
> +                        --private-key=db:Open_vSwitch,SSL,private_key \
> +                        --certificate=db:Open_vSwitch,SSL,certificate \
> +                        --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \
> +                        --log-file=/var/log/openvswitch/ovsdb-server.log \
> +                        --no-chdir
> +        ;;
> +        "ovs-vswitchd") depmod -a
> +                        modprobe openvswitch
> +                        modprobe vport_stt
> +                        modprobe vport_geneve
> +                        /usr/share/openvswitch/scripts/ovs-ctl \
> +                        --no-ovsdb-server start
> +                        /usr/share/openvswitch/scripts/ovs-ctl \
> +                        --no-ovsdb-server force-reload-kmod
> +                        /usr/share/openvswitch/scripts/ovs-ctl stop
> +                        ovs-vswitchd --pidfile -vconsole:emer
> -vsyslog:err \
> +                        -vfile:info --mlockall --no-chdir \
> +                        --log-file=/var/log/openvswitch/ovs-vswitchd.log
> +        ;;
> +        *) echo "$0 [ovsdb-server|ovs-vswitchd]"
> +esac
> --
> 2.20.1 (Apple Git-117)
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>


More information about the dev mailing list