[ovs-dev] [PATCH 1/2] Documentation: update IPsec tutorial for F32

Stokes, Ian ian.stokes at intel.com
Wed Oct 21 15:07:38 UTC 2020


> F32 requires the "python3-openvswitch" package now. Also, the
> iptables chain "IN_FedoraServer_allow" does not exist on Fedora 32.
> 

Hi Mark, thanks for the patch, some minor comments below.

> Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
> ---
>  Documentation/tutorials/ipsec.rst | 27 ++++++++++++---------------
>  1 file changed, 12 insertions(+), 15 deletions(-)
> 
> diff --git a/Documentation/tutorials/ipsec.rst
> b/Documentation/tutorials/ipsec.rst
> index b4c323513..ea0b6a63f 100644
> --- a/Documentation/tutorials/ipsec.rst
> +++ b/Documentation/tutorials/ipsec.rst
> @@ -42,7 +42,7 @@ Installing OVS and IPsec Packages
>  ---------------------------------
> 
>  OVS IPsec has .deb and .rpm packages. You should use the right package
> -based on your Linux distribution. This tutorial uses Ubuntu 16.04 and Fedora 27
> +based on your Linux distribution. This tutorial uses Ubuntu 16.04 and Fedora 32
>  as examples.

Given that the instructions change between Fedora versions, is it worth adding a note that for Fedora versions older than Fedora 32, users should consult the previous OVS release tutorial?

The alternative would be to maintain another section here for fedora 27 but that seems like a pain and TBH I'm not sure if Fedora 27 is still active? As such a note might suffice.

> 
>  Ubuntu
> @@ -71,21 +71,18 @@ Ubuntu
>  Fedora
>  ~~~~~~
> 
> -1. Follow :doc:`/intro/install/fedora` to build RPM packages.
> +1. Install the related packages. Fedora 32 does not require installation of
> +   the out-of-tree kernel module::
> 
> -2. Install the related packages::
> -
> -       $ dnf install python2-openvswitch libreswan \
> -                     "kernel-devel-uname-r == $(uname -r)"
> -       $ rpm -i openvswitch-*.rpm openvswitch-kmod-*.rpm \
> -                openvswitch-openvswitch-ipsec-*.rpm
> +       $ dnf install python3-openvswitch libreswan \
> +                     openvswitch openvswitch-ipsec
> 
> -3. Install firewall rules to allow ESP and IKE traffic::
> +2. Install firewall rules to allow ESP and IKE traffic::
> 
> -       $ iptables -A IN_FedoraServer_allow -p esp -j ACCEPT
> -       $ iptables -A IN_FedoraServer_allow -p udp --dport 500 -j ACCEPT
> +       $ iptables -A INPUT -p esp -j ACCEPT
> +       $ iptables -A INPUT -p udp --dport 500 -j ACCEPT

Same as above, again maybe a line at the beginning the tutorial would help point people in the right direction depending on the version they are using?
 
> 
> -4. Run the openvswitch-ipsec service::
> +3. Run the openvswitch-ipsec service::
> 
>         $ systemctl start openvswitch-ipsec.service
> 
> @@ -97,7 +94,7 @@ Fedora
>  Configuring IPsec tunnel
>  ------------------------
> 
> -Suppose you want to build IPsec tunnel between two hosts. Assume `host_1`'s
> +Suppose you want to build an IPsec tunnel between two hosts. Assume
> `host_1`'s
>  external IP is 1.1.1.1, and `host_2`'s external IP is 2.2.2.2. Make sure
>  `host_1` and `host_2` can ping each other via these external IPs.
> 
> @@ -123,8 +120,8 @@ external IP is 1.1.1.1, and `host_2`'s external IP is
> 2.2.2.2. Make sure
> 
>  2. Set up IPsec tunnel.
> 
> -   There are three authentication methods. You can choose one to set up your
> -   IPsec tunnel.
> +   There are three authentication methods.  Choose one method to set up your
> +   IPsec tunnel and follow the steps below.
> 
>     a) Using pre-shared key:
> 

Other than that LGTM. Did you have any thoughts on requirements for backporting it? 

Regards
Ian
> --
> 2.26.2
> 
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev


More information about the dev mailing list